Monthly Archives: October 2005

talk.bmc

Sarbanes-Oxley compliance – containing the costs

Offers some links to white papers about Sarbanes-Oxley compliance efforts

I have been immersed in compliance research lately for a couple of white papers I’m writing. I’m learning a lot about what IT departments have to go through to meet certain standards.

I don’t want to seem self-promoting, but I do want to share this white paper I wrote, Meeting Sarbanes-Oxley Challenges with Distributed Systems Recovery Solutions from BMC Software®. As usual, registration required, but it’s quick and easy. Here’s an excerpt from the paper.

“Containing the costs associated with Sarbanes-Oxley

The estimates for the costs of compliance continue to go up. A two-year-old CFO Magazine survey indicated that companies estimated they would spend up to $500,000 on Sarbanes-Oxley compliance. The Financial Executives International (FEI) organization surveyed 217 public companies with average revenues of $5 billion in March of 2005 and asked them to gauge their Section 404 compliance costs. FEI said that 404 compliance averaged $1.34 million for internal costs, $1.72 million for external costs and $1.30 million for auditor fees, for a total of $4.36 million. Other studies estimate that companies are spending even more money on compliance. The Johnsson Group, a Chicago consulting firm, estimates Sarbanes-Oxley will add $3 million to $8 million in annual compliance costs for Fortune 500 companies. (Source: Kahn, Jeremy. ‘A Taste Of Success ; But the real test for Sarbanes-Oxley is still ahead’ Fortune September 1, 2003)

With these costs in mind, though, choosing the proper controls and procedures can help build an infrastructure that adds value to the entire IT organization. You can leverage the knowledge acquired during your analysis to build a solid, enterprise-wide platform of best practices that are also based in the laws of regulation.”

In progress is a second, follow-on white paper about how our DBAs use BMC tools to keep our Sarbanes-Oxley backup and recovery procedures running smoothly. It’s in review but I hope to complete it soon. I’ll post another URL once that’s completed.

Another white paper related to Sarbanes-Oxley compliance is Ronnie Daucherty’s Sarbanes-Oxley Compliance: Using BMC CONTROL-M Solutions for Operations Management. If you attended his seminar you probably got a copy of this but I’ll link to it here as well. Good information.

If you’re responsible for maintaining compliance, keep up the good work! After reading, research, and interviews, I do believe that those compliance controls help organizations run smoothly and that DBAs and admins can sleep at night knowing their backups and batch jobs are progressing as scheduled. From where you sit, how does the compliance effort look to you? Here’s hoping all the long work weeks and late nights are behind you when it comes to Sarbox audits and compliance.

talk.bmc

Getting BMC parameter information that you can manipulate

There’s a tool called the Parameter Reference Database on our support site that lets you export the PATROL Knowledge Module parameters to a CSV file so you can re-mix them as you want.

This Parameter Reference Database tool for exporting the KM parameters looks really cool to me so I wanted to be sure you all know about it too. One neat thing about this type of documentation is that updates are not tied to product release cycles. It’s much closer to the single sourcing holy grail where you change your source file and that change can be propagated through the whole system with a few button clicks. If you’re more of a driller-down type, go to the Support Central page, and then click Product Lists & Manuals, and then click Parameter Reference Database.

Once you’re on the Parameter Reference Database page, select the products whose parameter information you want to download. Here’s a list of the products.

BMC Performance Manager for Microsoft Exchange Servers
PATROL DataStore
PATROL End-to-End Response Timer
PATROL for BEA Tuxedo
PATROL for BEA WebLogic
PATROL for DB2 Universal Database
PATROL for Dell OpenManage
PATROL for Informix
PATROL for Microsoft SQL Server
PATROL for Microsoft Windows Terminal Services
PATROL for Oracle
PATROL for SAP Enterprise Portal
PATROL for SAP Internet Transaction Server
PATROL for SAP Solutions – Trak
PATROL for SAP Web Application Server
PATROL for Siebel eBusiness Applications
PATROL for Sybase
PATROL for Virtual Servers
PATROL for WebSphere Application Server
PATROL for WebSphere MQ Integrator
PATROL Infrastructure Monitor
PATROL Integration for SAP CCMS and SAP Solution Manager
PATROL Internet Server Manager
PATROL Knowledge Module for AS/400
PATROL Knowledge Module for Component Object Model Plus
PATROL Knowledge Module for Event Management
PATROL Knowledge Module for History Loader
PATROL Knowledge Module for Log Management
PATROL Knowledge Module for Microsoft Cluster Server
PATROL Knowledge Module for Microsoft Windows Active Directory
PATROL Knowledge Module for Microsoft Windows Domain Services
PATROL Knowledge Module for OpenVMS
PATROL Knowledge Module for Unix
PATROL Knowledge Module for Windows NT
PATROL Web Data Optimizer
PATROL Wizard for Microsoft Performance Monitor and WMI
SLM Express Connector

Next pick the version number, click another button or two, and you have a CSV file! Here are the categories for each parameter that the tool gives you in the CSV file.

NAME DESCRIPTION APPLICATION_CLASS COMMAND_TYPE PLATFORM
NAME DESCRIPTION APPLICATION_CLASS COMMAND_TYPE PLATFORM
ICON_STYPE UNIT BORDER_RANGE ALARM1_RANGE ALARM2_RANGE
POLL_TYPE ACTIVE_AT_INSTALL PARAMETER_TYPE VALUE_SET_BY

Let me know how you and your teams are re-mixing the content. I’m envisioning database queries, XML output, other types of outputs that can be created with a CSV file. What’cha got? What other reference material might be good to output in this way? I’ve done some work with XML output for error messages so that’s another type of content I’m interested in single-sourcing. Bring it on.

talk.bmc

Best practices in technical documentation

If you’re in Austin, you’re welcome to attend the Society for Technical Communication meeting where I’ll be moderating a discussion about best practices for documentation.

I’ll be moderating a discussion Tuesday night at one of our Society for Technical Communication chapter meetings. I found this article, “Tech writers as sales reps? Interface Software’s award-winning docs boost brand, revenues, and customer satisfaction” and thought it has some great points but I really wanted to get the opinions of others in tech comm to see how well it holds up in reality. The title sure promises a lot, doesn’t it? It’s an excellent read.

Our meeting announcement made it into the Austin American Statesman in their “Tech Week” section, so that’s exciting. Here’s their announcement: The Society for Technical Communication will host a panel discussion on the practice of technical communication. Speakers will be Wendy Shepperd, information development manager at BMC Software Inc.; John Gough, principal technical writer for Troux Technologies Inc.; Cathy Mallet, information developer at Motive Inc.; and moderator Anne Gentle, information developer at BMC. 6 to 8 p.m. MCC, 3925 W. Braker Lane. Free. www.stcaustin.org.

If you’re local to Austin, come on over and listen in on our discussion. I don’t expect we’ll figure it all out in an hour or so, but these articles and topics sure do get folks like me thinking. Feel free to chime in here on the blog as well about your opinion on these best practices.

Summary of best practices

#1: Create a healthy workplace.

#2: Understand the value of good documentation.

#3: Use documentation to gain an edge.

#4: Have a reasonable ratio of writers to developers.

#5: Place technical writers somewhere sensible in your org chart.

#6: Keep technical writers in the loop on development plans.

#7: Encourage technical writers to meet customers.

#8: Use customer advisory boards to get feedback on documentation.

#9: Make the right tradeoffs.

#10: Pick the right medium for each deliverable.

#11: Provide print for those who need it.

#12: Give your writers the right tools for the job.

#13: Try out conditional text.

#14: Explore single sourcing.

Bonus tips

Bonus tip #1: Hire writers with the right stuff.

Bonus tip #2: Hire writers who ask smart questions.

Bonus tip #3: Don’t get hung up on tools.

Bonus tip #4: Provide lots of feedback.

Bonus tip #5: Insist on timely reviews of drafts.

Bonus tip #6: Enter publication competitions for feedback.

talk.bmc

Import all subscriptions for talk.bmc.com with one OPML file

Here’s a file you can import into your RSS aggregator to get talk.bmc.com content

How about a file you can import and get all the talk.bmc.com content at your fingertips? I know I wanted one to “click in” with my 179 other feeds that I read in bloglines. So I made one using the OPML format, got some help from the web team for testing and editing, and now we can all import it into bloglines.com or other RSS readers. Here it is:

talkbmc.opml

Right-click on the file name and save the .opml file locally, and then use the import feature on your RSS reader to bring in all the subscriptions alphabetically ordered. The web team has agreed to keep it up-to-date when new feeds are added. Thanks, you guys!
There’s a comment thread about this on Peter Armstrong’s blog and I think this OPML file will do nicely to let you not only follow all content on talk.bmc but also organize the individual blogs neatly.

We tested it on Bloglines (IE and Firefox), SharpReader (Windows), and NewsGator (Outlook 2003 on WinXP). The one thing I discovered is that if you already have an RSS feed in your reader, importing this file won’t add duplicates of feeds that you already have. So if Bloglines tells you “0 feeds imported” it might be that you already have all these feeds! Enjoy.

talk.bmc

Photos from the forum

I took some photos at the BMC Forum in Dallas October 2005

I had some fun with my digital SLR pretending to be a photojournalist. Here are some photos of activity at the forum.

Chip and Stephen work for Dell and Temple-Inland, respectively, in Austin, Texas, and they’re brothers. I had to ask them if I could play paparrazi and snap some shots.

Checking email between sessions like a lot of us were doing.

A lively discussion in the hallway requiring hand guestures and everything.

Another discussion after the Marimba 101 lesson.

Here’s a partial shot of the expo area where you can go see products in action.

talk.bmc

Tuesday BMC Performance Manager session at the BMC Forum 05 in Dallas

Reporting from a conference room set at 60 degrees Fahrenheit, here’s your roving blogger reporting from Dallas

Blogging live is harder than it sounds. Fortunately the wireless connection is behaving in two of the session rooms I’ve been in so far. But, beyond the technology (which is the easy part), it’s difficult to take notes and figure out what to report on. So here goes. Let me know if you’d like to hear more.

There are plenty of sessions to choose from and at least five tracks. This morning I went to the BMC Performance Manager Roadmap and Strategy session with about 35 attendees. Sean Duclaux started with a trick question by asking for a show of hands. How many PATROL Express customers? (a few) How many PATROL Classic customers? (a bunch) How many BMC Performance Manager customers? All! We’ve changed the PATROL product name to BMC Performance Manager. Of course with a product evolving like this, lots of questions ensue. I’ll try to capture the questions and answers here.

Q: How do you decide which to use, agent-based or agentless monitoring?
A: Based on collection policies that you set, the agent might deploy automatically, perhaps by pushing a lightweight local presence onto the computer to be monitored. More on this below the question/answer set.

Q: What kind of pricing is available for people who are already invested in the PATROL Classic product line?
A: The licensing scheme has been completely redesigned in a few ways. One is that there’s a CPU metric, so if you want to monitor a server, it doesn’t matter if it’s Windows or UNIX or Linux — you can switch between them. Also there are tiers of deployment that are simplified, such as a departmental license. I’m sure I’m missing some layers here but the overall answer is that PATROL Classic is not going away, but you will see infrastructure cost savings as you upgrade and decommission old infrastructure.

Q: What technological help is available for upgrading our KMs?
A: The BMC Performance Manager SDK was just released in August and you can request it (it comes free with BMC Performance Manager). With this SDK you can create application classes and XML config files that will pick up all the info that your KMs do (as long as it makes sense to do so), and there are third party implementers being trained on the SDK right now. (OTL is in Austin this week for training, apparently).

Q: What about about the install footprint — how much disk space for this lightweight local presense?
A: It shouldn’t be a big space hog. Just looking at my own Marimba client install I’m seeing a less than 50 MB install, and Marimba is the one that gathers the most information, not a lightweight local presense. I’m guessing lightweight should be MUCH less than this.

Q: What about bandwidth, will it fill up my network sending data back and forth?
A: This is all configurable, but typically only when an event is raised will it be sent back. Of course if you’re going from PATROL 3, which apparently didn’t send data anywhere (I’m no expert on this but that’s what was said), you’re going to see a difference in network capacity.

Q: The Million Dollar Question (according to a guy in a UNIX-only shop) — will the RSM (Remote Service Monitor) run on a UNIX box or is it Windows only?
A: The product manager and architect are arm wrestling over that right now. The basic answer is that we (well, the architect) wants to do everything, but … a Windows RSM can monitor both Windows and UNIX, but a Solaris/UNIX RSM can only monitor UNIX, so we need to know whether that’s worth building — does it fit into the environment that you envision? UNIX doesn’t exactly listen well (ok, at all) to perfmon information, for example, so there’s no monitoring of Windows with a UNIX RSM.

Q: Will a lightweight local presence (LLP) incorporate auto recovery actions?
A: Even if you are managing a solution remotely, as long as dynamic connection can happen, we’ll let you do recovery actions for remote connections (not til after December though.) PATROL Express can do remote restarts right now.

The gee-whiz factor for me with the new direction is the combination of agent-based and agentless options. Both are available now with a single view point, meaning your PATROL Express data can be viewed alongside your PATROL data. You can apply a policy to determine whether you monitor something with an agent or not. Here’s an example of a policy application out of the BMC white paper, “Effortless System Management.”

Policy example: If a small file/print server is reassigned to serve the office of the company’s chief executive,
the IT staff may decide that it wants an autorecovery capability on that server. The IT staff simply sets the
new performance management policy for that server, and BMC Performance Manager makes the
appropriate changes, which may include pushing an LLP out to the server.

Another recurring topic so far is compliance efforts such as Sarbanes-Oxley, HIPPA, Basel II. As Sean put it, “You don’t want to see your CEO on the cover of a magazine in an orange jumpsuit.” So, if Sarbanes-Oxley or other compliance efforts are your concern, figure out how to get your policies in place. I’m hearing this over and over.

All the presentations are available with a username and password, so if you’re attending, here’s the site to download the presentations. Your packet has the username and password.

talk.bmc

Sarbanes-Oxley at the BMC Forum

Asking and learning, what does it take to become Sarbanes-Oxley compliant, and can tools help?

I’ve been doing a lot of research lately for a couple of white papers about Sarbanes-Oxley compliance, mostly centered around backup and recovery of databases. In my research I’ve been talking to BMC DBAs about what tools they’re using, and I am really interested in all I’m hearing at the BMC Forum about real-life implementations of compliance efforts. It sounds like tools really can be a help, although you also have to ensure everyone’s following the policies and not using the tools outside of the policies. Check.

This afternoon I attended Ronnie Docherty’s session about BMC CONTROL-M and Sarbanes-Oxley compliance. BMC CONTROL-M is an enterprise-wide batch scheduling solution that lets you monitor, manage, and automate all job scheduling. No small feat, I say.

I learned that the BMC CONTROL-M product has a neat replay feature that lets you go back and view a previous (stored) configuration and view what the batch processing did at that particular point in time. Basically, you can store historical job flows, which graphically show all jobs that have been run, and then, you can replay the events by simulating the application environment at a point in time. Operations management folks and your external auditors can validate past production runs using this feature.

I’m learning good stuff, meeting cool people, and now it’s time to enjoy the Heavenly Bed at the Westin and watch The Daily Show. Good night.

Edited to add:
You can sign up for Ronnie’s next presentation at http://www.bulldogsolutions.net/BMCSoftware/BMC10262005/. Here’s the information.
Sarbanes-Oxley and Operations Management—A Guide to Compliance Survival
Date: Wednesday, October 26, 2005
Time: 11:00 AM Pacific | 2:00 PM Eastern
Duration: 1 Hour

talk.bmc

Examples of news stories where IT directly affects business

Jim Grant’s keynote address at today’s BMC Forum offered some interesting news clips

I am always on the lookout for news stories that highlight the connections between IT and business, and Jim Grant had some great news clippings in his presentation today. Here are some of the ones that caught my eye (and I was fast enough to type).

Upgrade downs 80,000 U.K government computers Nov 29, 2004

Avis blames IT for multimillion-dollar loss Oct 22, 2004

talk.bmc

Dirty IT Jobs

Disorganization, mixed connections, incompatibilities… what are IT’s dirtiest jobs?

I’ve been watching Dirty Jobs on the Discovery Channel and it is really quite enjoyable. Mike Rowe, the great voice behind Deadliest Catch, works alongside people with, well, dirty jobs. For example, in last week’s episode he worked on a pig farm. Another episode has him diving in the muck for golf balls in an alligator-infested water hazard. Yet another was “roadkill collector” and boy did that turn my stomach. Let’s just say it’s a good thing they haven’t perfected ” smell-o-vision” for the TV yet.

It’s rare that I’ll run into something smelly as a tech writer, though. Then again, the biggest mess I had to clean up in tech pubs land was a six-month stint double-checking translated Word documents. I had to look for English Word macro code that linked to glossary comments that were embedded inside of translated Word documents. So the document itself was in German but the RTF code was in English. The overall effect was quite confusing to try to read during an 8-hour-day since I don’t really read German. I also had to re-import all the screen shots so that the German-version screen shots were in place instead of the English-version screen shots. Then, after making sure the Word source file was “clean,” I had to export it to online help and check through all the online help. Messy, sticky, detail-oriented, confusing to “read,” and tedious.

While not quite up there with the dirtiness of say, french fry factory mechanic, there are dirty jobs in IT also, I believe. Mostly centered around disorganization, rather than actual filth. How about sorting through a mess of a database that you’ve inherited somehow? Or trying to get an acquired companies’ network working securely with yours? Or even crawling around your data center running network cable under the floor or above the ceiling tiles? Send ‘em in. I’d love to hear about dirty IT jobs.

talk.bmc

Volunteer work day for me

I helped process 8,400 pounds of food

BMC is generously allowing employees to take paid time to volunteer for Hurricane relief. So a group of us tech writers volunteered at the Capital Area Food Bank in Austin. They distribute food and grocery items to agencies and hurricane evacuees every day. Nearly all of the warehouse work is volunteer-based.
In the morning, we accepted new food donations from food drives, which meant getting items out of giant 5x5x5 foot boxes, inspecting and accepting or discarding based on their documented standards, wiping them down with a mild disinfectant, and putting them on a snail’s pace conveyor belt. Other volunteers put the food items into boxes categorized by things like “mixed vegetables” or “beans” or “meat.” The tough sorting is something like a can of black olives with jalapeños. Are those condiments or vegetables? The debate continues.
The boxes are filled to a certain weight limit (usually 35 pounds or so!) and then sorted for storage in the warehouse. They have an web-based inventory system, so the agencies they serve “shop” online and request the items they need. IT is everywhere, right?
In the afternoon, we formed an assembly line of sorts to put together bags of assorted food items for Healthy Options Project for the Elderly (HOPE). They offer groceries to fixed-income elderly folks. I believe we assembled 900 450 bags. It went pretty fast since we were joined by a team from Dell.
Before we left, we got a tour of the huge freezer. It was 0 degrees Farenheit and you don’t stay in there longer than 3 minutes without donning a parka. Brr.
I learned a lot about food. I’ll probably shop differently from now on, inspecting expiration dates more closely for one thing. Then again, one of the regular volunteers told us that they’ve found cans of food from the 40s that is still perfectly fine. He said “Once they figured out vaccuum packing, there’s no way for the food to spoil.” Hm. Not sure how good it would taste though! After sorting through entire boxes of unusable donations, I’ll also put more thought into what I donate. I’ll make sure my donated items are still sealed, buy cans in bulk to donate, and throw it out myself if it needs to be thrown out.
By the end of the day I was dead tired from being on my feet all day. But we processed 8,400 pounds of food which can make 6,720 meals. Thanks BMC for the chance to help out!