Insight

Bono Pastore

Bono Pastore = Good Shepherd

This is what we aim to be at Onega. We work with organisations to help deliver smooth IT and related services. We like working with people and machines, and fixing issues. Even better than this we like to prevent problems from happening in the first place.

Before anyone asks we're certainly not likening our clients to quadrupedal, ruminant mammals of genus Ovis, nor do we walk on water. What we are saying is that much of IT, like many other things is about procedures, routine and best practice. Watching over a flock is about patience and care. Not glamorous but important. 

In the same vein, here at Onega, we are thus planning to address a number of IT focus areas with clients during the course of 2016. The pattern we plan to set and repeat here will be as follows:

  1. Identify key areas of IT that may cause risks for clients.
  2. Ensure we have best practice solutions and procedures available to address these.
  3. Communicate the focus area and engage with clients to address this.
  4. Create and fill out appropriate checklists so that we capture any relevant information and actions.
  5. Agree on a plan to resolve any issues; so that things are brought as close to optimal as practicable and document exceptions where there are good reasons why not.

During the course of these processes we well be looking at the same aspects of IT operations across multiple clients so we have the benefit of scale in the effort and the team will be well briefed on the task at hand to ensure you are getting good advice.  The outcome should be more robust systems implementations, documented procedures and policies, and documented systems and responsibilities. 

The engagement that Onega has with clients varies widely. For some clients we manage entire IT estates and systems, and for others we provide ad hoc assistance as you need us. Thus, one of the first parts of an effort is establishing the relevance of an area of IT to a client, who is responsible for this aspect and who will carry out the work and under which contract.

We fully expect that not every proposed Bono Pastore engagement will be relevant to every client so where you are happy to take care of something yourself this is documented, and where you'd like our assistance in a matter big or small we are happy to help with that. One big benefit for everyone is that the process should help make everyone aware of aspects and ensure that any ambiguity in responsibilities (or duplication of effort) is addressed and removed. 

The first pass of this series of best practice benchmarking exercises is due to start soon with DNS - Domain Name Services. This is one of the underpinnings of the Internet and something we use every day for conduct of business. Thus it is one that affects just about all clients so expect a post and for us to be in touch about this. We may even make it a podcast topic soon to go into more detail. We're mindful that we should communicate more about what we do as much of good IT, if done right, will not be seen but contributes to things 'just working'. This is ideal but far from universal so we should resist the trap of complacency just as the good shepherd keeps vigilant watch. The wolf is ever hungry but will find tonight's meal elsewhere.

Onega At The Fujitsu World Tour 2015 - London

We have just returned from participating in the Fujitsu World Tour 2015 in London, which was held at the venue of The Brewery, on Chiswell Street in London. This was a useful day and allowed us to catch up on all that was new at Fujitsu, see some of their latest technology on display and chat directly with members of senior management etc.

Fujitsu rolled into London for one of the first events of their 2015 World Tour. Hyperconnectivity and both its impact and potential were key themes.

Fujitsu rolled into London for one of the first events of their 2015 World Tour. Hyperconnectivity and both its impact and potential were key themes.

This year's event was a big occasion, with Fujitsu marking its 80th anniversary of formation. When we are so used to tech companies coming and going, Fujitsu has shown that it is very much here to stay (and indeed growing and thriving as a business).

First item in the day was the greeting from Fujitsu UK CEO Regina Moran who also shared some of the history of the company with us. This was interesting and new to me - Fujitsu's origination was just after the Great Earthquakes of 1923.  After this tragic and devastating event, a team of Japanese engineers made a visit to Germany to investigate the newly developed technology of the automated telephone switchboard and specifically Siemens who were one of the European leaders in this emerging field of electronic communications. This lead to the founding of Fuji Electric, from which Fujitsu Computers spun off (in 1935) and also gives us insight into the origins of the enduring relationship and strong ties between Fujitsu in the East and their counterparts in Germany over time. You may or may not remember that in Europe in recent history until 2009, the company traded as Fujitsu-Siemens computers (when Fujitsu bought out Siemens' 50% stake).

Fujitsu continue to have a large manufacturing and research facility in Germany at Augsburg where many of their business laptops, servers and desktop computers are produced. Where a lot of modern computers are now manufactured in China (not that there is anything wrong with this), it is good to know that computer manufacturing of the highest quality is still alive in Europe.

The keynote address from Fujitsu's Dr Joseph Reger was standing room only.

Next up was Dr Joseph Reger, who used to be Head of Research but is now CTO of EMEIA and a Fujitsu Fellow (the highest rank of engineering within Fujitsu). His background is in academia and we have enjoyed listening to his thoughts in the past, and his take on industry trends and insights are to be respected and in our opinion well worth paying attention to. The key theme of Dr Reger's keynote address was mainly on The Hyper Connected Society, and Human Centric Computing. At Onega we'd think of these as different takes on Digital Disruption, IoT (Internet of Things) and Pervasive Computing. Whichever terminology you use, the key message is the same - society is becoming more and more connected, to the point that we'll think it odd if something is not networked and 'smart' in a number of years and this is going to bring a lot of change, and contingent to this; opportunity for some and threats for others. By 2020, approximately 10 Billion devices will be connected to the Internet.

To give you an idea of the continuing exponential change to come after that - if all these devices were connected only to Onega's own IPV6 allocation of addresses, they would use only 0.0000000000000000003% of our available addresses. Companies have to think about their strategies to be part of this change, to embrace the opportunities, or to be left behind. Good companies simultaneously plan and think about their strategy for the next 12 months, the next 24-60 months, and the longer term. We've written about this at Onega before but it stands repeating - some industries will be created, others will be decimated. Dr Reger was frank that some companies sugar coat this with harmless sounding terminology such as IBM's preference for the term 'Augmented Intelligence' and indeed Fujitsu's own term 'Human Centric Technology' somewhat masks the fact that whilst technology connects people, it also cuts people out of the loop in the interests of efficiency and effectiveness.

There were some good points that we can all relate to. In the current age of technology, even as it is, there are simple things too that can (and will) be improved. One obvious example in the UK, Europe and most of the world, in the field of medicine, is the current status quo; when, typically, you turn up on time for your appointment with your GP and end up waiting for up to an hour to be seen, whereas in time the reverse can be true and the statement of 'Doctor, the Patient Will See You Now' will perhaps be made as per the work of Alex Topol that we link to here.

After the Morning Plenary Session, the rest of the day contained a number of breakout sessions including Government as a Platform (Gaap), Hybrid IT, CyberSecurity, Democratisation of application development in a business, Windows 10 and many others. Like many days with multiple tracks; Murphy's law dictates that the three sessions you're particularly keen on attending will all be on at the same time.

We attended the Partner Session which was a good briefing for Partners (Onega are one of the most qualified Fujitsu Partners in London and the UK) and learnt about progressions in Fujitsu's channel operations etc. Fujitsu works well and is responsive to the partner channel, and they are introducing new concepts to their Innovation Centre in Baker Street as well as continuing to grow UK sales and engineering presence. The business is profitable and growing, and this was only good news. We and other partners asked questions and gave feedback, and the session was in good spirit.  After the session we had a short meeting with Alistair Hollands who is Retail and Volume Sales Director at Fujitsu in the UK, and this was also productive.

Bet you didn't know that Fujitsu make biscuits, beans, soup or FujiFlakes? Sadly, alongside their excellent business smartphones, these are only available in Japan for now. OK, we know you're smarter than that - this was part of the Connected Retail Display Showcase.

Bet you didn't know that Fujitsu make biscuits, beans, soup or FujiFlakes? Sadly, alongside their excellent business smartphones, these are only available in Japan for now. OK, we know you're smarter than that - this was part of the Connected Retail Display Showcase.

The evening before the event, I'd seen that Fujitsu had a smartphone app (for both Android and iPhone) for The World Tour - this I downloaded to see the agenda and map and it proved useful during the day as The Brewery is not a small venue and some of the halls had a lot of display areas from Fujitsu and their key partners; Brocade, Citrix and Intel. The app was genuinely useful on the day and I noticed that they also had a Challenge Game in this. The goal of the game was to fulfil a set of challenges and take photos which were uploaded for evidence (and embarrassment!) to prove you'd completed the task. These involved visiting nearly every stand and investigating something on it; ranging from the Oculus Rift VR Headset through to the Financial Services Innovation display and storage areas. Fujitsu now thus have photos of me doing dodgy yoga in their Human Centric Zone etc.  The game was fun and while I decided to participate competitively on this and visit all the stands quite quickly for the points, I then went back later and had good in-depth conversations with staff on a number of the stands of most relevance to our work at Onega.

The 3D view from the cockpit with an Oculus Rift in the busy demo hall.

The 3D view from the cockpit with an Oculus Rift in the busy demo hall.

The lunch time break allowed for plenty of time to visit the key stalls and have good conversations with engineers who very much knew their stuff. As with any exhibition style event, not everything brought was working.  One of the displays of interest was a state of-the-art Fujitsu Cashpoint system which incorporated palm vein scanning technology which actually scans the blood veins within a hand with IR to make a map and is more secure than fingerprints as they can't (yet) be copied. Onega have one of these scanners in our own office for staff access identification, complete with the relevant SDK which is quite simple to use.  The demo cash machine however did not want to co-operate, and thus was said to be running in 'Full Greek Mode' as the day of the Fujitsu London World Tour coincided with the day that the Greek government failed to pay EUR 1.5B to its creditors and thus became in default. We do of course empathise with the case of temporary financial hardship and correction in the birthplace of democracy.

Onega's Ben Fitzgerald with a member of the Fujitsu Hoodie Hacker brigade, who had been released for the day to come and demonstrate their ability to keep your network safe whilst enduring air conducting of the 1812 Overture and other impressive feats.

Onega's Ben Fitzgerald with a member of the Fujitsu Hoodie Hacker brigade, who had been released for the day to come and demonstrate their ability to keep your network safe whilst enduring air conducting of the 1812 Overture and other impressive feats.

One particularly good conversation I had was with the Fujitsu Managed Security team - they have a number of outsourced services that are relevant to Onega clients and take IT elements that are important but often in reality boring and apply excellence to these. An example of this is in their firewall log file monitoring and management service. Traditionally this is something that would be done by internal staff in a large organisation, but it is hardly the sexy job that everyone wants. Analysing large amounts of data is something that is vital in order to find the needles in the haystack and manage the information that matters. Through best practice and a high degree of automation, Fujitsu can offload this task from an organisation and in 99% of cases do it better - alerting a business to threats and realities that they would want to know about in order to manage reduce the risk of cyber fraud and information (which leads inevitably to financial loss). This service is evolving so that it will be of emerging interest to mid size firms who want to make sure their security is in good hands.

Fujitsu had all their latest laptops on display and these are among the slickest and best built business laptops available - many members of Onega staff are equipped with Fujitsu laptops and for good reason. They are good and dependable, light and with excellent screens and battery life (some up to 20+ hours with an extended battery - and this is genuinely achievable). Also on display was the lineup of storage solutions, for which Fujitsu are particularly strong. Their storage we also use here at Onega with our DX90S2 SAN, which has had zero unplanned downtime since installation and is boringly dependable (in a good way - some things in life you want to be boring and dependable so that you can sleep easy and worry about other things instead).

Stepping outside my comfort zone (I'm neither photogenic or telegenic), I also had the pleasure of an interview with George Barker from Cloud-Channel.TV  which was actually fun and I look forward to (read: 'am dreading!') seeing the results.  I was asked about my take on current and future trends and shared thoughts on some of the disruption we see coming.

After this, we attended a world first at the event which was the Global Launch of Fujitsu's'Beluga' storage system. Answering the needs of 'big data users' this a storage array system that can scale massively to 18 PBytes+ of data in a single array, with a massive IOPS capability to go with this. This allows for massive data sets to be stored and crunched through in a large scale system with greater coherence than you'd get in a (lower cost) distributed data system. We understand that the code name of Beluga was adopted as it is big but agile. The Caviar of the Beluga is also the most sought after, and the digital equivalent is the meaningful insight that large data can give, which can give a company significant competitive advantage.  The launch event was motor sport themed and included a racing driver on standby to demonstrate the speed of the system to get everyone 'revved up'.  After the formal launch I spoke with Mr Reichart about the systems and some of the business results that clients are finding that large data analysis is delivering.

The launch of the Beluga storage system complete with the 'Fujitsu Stig' racing driver and F1 engine sound effects to get us all 'revved up'.

The launch of the Beluga storage system complete with the 'Fujitsu Stig' racing driver and F1 engine sound effects to get us all 'revved up'.

The final session of the day was a plenary session with a talk and thoughts from Futurologist Rohit Talwar, author of 'First to the Future' and a Panel Session that included Dr Reger, who shared with us his serious concern that IOT may be 'The Last Chance For Europe to Lead in Technology'. Michael Ibbitson, Gatwick Airport CIO spoke on Open Data and integration between services and there was some joint thought of the Circular Economy (a return to the past). A few interesting things we noted were the '30 Storey Hotel Built in 360 hours' (15 days) - by Dongting Lake in China and New York based Quirky Consumer Products, who help inventors get their ideas into production with the power of the crowd. Good examples of innovation and agility in business in the current day.

In closing, people were thanked, and awards given. I was surprised and happy to find that I'd won the Fujitsu Challenge competition by completing the challenges first (partly I was late entering my pictures due to the TV interview). I met a fellow competitor at the last of the challenges who worked at Bletchley Park so it must have been a close run race. Many Thanks to Fujitsu for the Virgin Experience Voucher which I was grateful to accept on behalf of the team at Onega and which will be very much enjoyed.

A very worthwhile day in all and very good to catch up with people at Fujitsu in person, with many that we normally might mainly talk to electronically or by phone. Onega are happy to partner with Fujitsu, and value the strong relationship.  

What To Do If You Lose Your Laptop Computer - Onega Style

One of our clients recently had the misfortune to become separated from and lose his laptop computer while on a business trip to Sweden. This is the story of what happened and how we were able to help later reunite him with his laptop.

Anyone who travels on business will be aware that current rules and procedures for airport security require that, if you are travelling with a laptop computer in your hand luggage, then you must take it out of the bag and run it separately through the x-ray machine at the security station.

On this occasion Onega's client, Tim (who was happy for us to share this story), was on his way back to the UK from a business trip to Sweden and running close for time to get on the plane. After having gone through the bag check and x-ray station, in the rush to get on the plane, he was distracted and forgot to pick up the laptop after it had gone through the scan.

It was only the morning after returning home from the evening flight back that he realised the computer was missing and what had happened. Airport lost property was contacted with a description and identification details of the laptop, but unfortunately nothing had been handed into lost property. A report was left of the loss of the computer with the airport authorities and for our client's insurance purposes. From a practical perspective Onega then proceeded to procure a replacement laptop for our client the same day and configure for email, restore the files from most recent backup and generally get our client back to operation quickly and efficiently.

Normally this would be the end of the tale and you'd kick yourself for forgetting the laptop (though it's easily done and we're all human), but in this case the tale then continued a few days later...

Onega like to pro-actively manage our client's systems, and we have some software and systems that help us make sure that machines are in good health, up to date with security patches and generally happy. While monitoring the management system, we noticed that the lost laptop had done an electronic check-in, so must be alive somewhere, just not with our client. So we knew the machine was being used and now had a clue as to where it was.

Following the clues here our management system logs showed us the Internet IP address that the computer had registered on, and we could in turn find out which Swedish ISP ran this particular network.

Next step was to get in contact with the Swedish Airport Police. We must say that they were incredibly helpful. We filled them in on what we'd found and they were able to contact the ISP to find the subscriber details related to the IP address where the laptop had checked in from.

The next day, armed with this information and after we confirmed that the computer was still online from the same address, the police visited the house. Unfortunately there was no one in; so they broke the door down and entered the property, recovered the laptop, and left a note on the door asking the householder to get in touch.

The person who had the laptop claimed to have bought it from someone in a park, so was let go with a warning, a note on record, minus the laptop of course and with the task of replacing their front door.

The evidence here was later used to support (alongside other evidence) a successful prosecution of a member of the airport security scanning station staff; who it turned out had a sideline in taking and selling items that were left behind on the scan station when they really should have been handed into the airport lost property office.

Our client picked his laptop up a few weeks later when he returned again through the airport on business, and the laptop has now become a 'good spare' which is always a useful thing to have.

So a good result all round (unless you were the unwitting buyer of the laptop or the light fingered security officer of course!). Here at Onega we rather enjoyed working with the Swedish Airport Police as well as the happy outcome for our client in getting his computer back.

We can't promise that we'll be able to reunite every owner with their lost laptop, but we do promise to do our best for our clients to continue to provide excellence in IT support delivery that 'goes one step beyond' as Onega's normal standard.

The Big Difference a New Firewall Can Make

We have just returned from London's West End having finished swapping out a client's older firewall for a 'latest and greatest' Watchguard Firebox M200

This all went very smoothly with only a few minutes downtime while the old firewall was taken out of the rack and the new one mounted and connected. We timed this at 3 minutes and 21 seconds which is not bad considering the new firewall needed to boot as well once plugged in. Normally we aim for about 6 seconds disruption if we can mount the new firewall alongside the old unit in the rack ready for switchover (which was not possible in this case). Given that the old firewall (a venerable Watchguard X750e) had served since 2008 or 2009, it had very much done its time. Despite the office being a nice clean, light and airy environment, the amount of dust that had accumulated in the legacy firewall reminded us of the pictures you are shown at school of the inside of a smoker's lungs.  

The old firewall was still working though so why did we recommend swapping it out and why is our client glad that we did? 

Technology has come along a fair bit in the 6 years between 2008 and 2015 and as ever, machines get quicker and more capable. The most important things in our eyes (and from long experience in support) that made this worthwhile were: 

1) UTM services at full speed. UTM stands for 'Unified Threat Management' and basically means one box doing many jobs. It used to be that you had one box for web filtering, another for gateway antivirus, another again for anti-spam, one for your SSL VPN (if you had one) and of course one for your router and one for your firewall. With the current generation of hardware, and leveraging 'The Cloud' one box can do it all. This saves cost, space, power, money etc. and makes everything easy to manage from one place.

The difference between the current mainstream firewalls in the wild and the very latest is that with the Watchguard M200, M300 and its cousins higher up the line, the UTM functionality all works close to wire speed for the rated number of users supported by the device. This contrasts with the previous status quo whereby you would accept that when you turn on a new feature, you implicitly trade off some response time. Thus you had to find the right balance of how secure the firewall (and hence your network) was set to be and how this would deliver on user expectations as to web page load times etc. We like turning the whole UTM suite on as, when configured correctly, it will more than pay for the cost of the firewall over time. It does this by helping reduce instances of (for example) staff accidentally loading malware onto their PCs as every page is virus scanned, checked against a good reputation database and regularly updated blacklists, to ensure that the risk of loading something bad onto your machine is minimised. This saves staff time from lost productivity while their machine is down, saves time and cost in IT support for the company, and reduces risk of data loss through a Trojan getting into the system. If it all works as it should (it does) then IT gets to sleep easier over systems and the only problem you are then faced with is that as it works so well, management might question if a firewall is needed as 'we don't have any network security problems'. The answer to this is of course that it is partly thanks to the firewall that this is the case (and of course your efficient patch schedule, up to date endpoint antivirus, secure DNS and careful network privilege management etc.).

2) SSL-VPN - This is not a new feature to Watchguard, but it is one that was not available on the older firewall that was in place at our client site, and something that many may have available on their firewalls but not be currently using. While the world is moving to the cloud, and the latest Watchguard firewalls are very 'Cloud Connected', there are still plenty of times when you need to connect from a laptop or home office PC back to your office network. One of the very best ways to do this is with an SSL VPN (as opposed to an IPSEC or PPTP VPN) - if these TLA's (Three Letter Acronyms! - and yes there are 4 or 5 here) are confusing then suffice to say that PPTP is generally regarded as weak and obsolete, IPSEC can be secure but also complex, cumbersome and liable to blocking, but SSL VPN connections will allow you to connect to your office anywhere you can get a secure web page from (i.e. hotels, airports, anywhere really). Now you can have a reliable and robust VPN that works from nearly anywhere with minimal hassle.  The M200 makes this easy and with a few clicks it is configured, and the corresponding client software setup is a Click Next Click install. Bottom line is less frustration as a business user when travelling, in terms of getting online from wherever work takes you.

We only had two points here, but actually have covered many areas. When you invest in IT, you need to consider not only cost but benefit, ROI, TCO etc. which pale the dollar cost of the machines into insignificance over time.

To sum it up, we like the new M200 series fireboxes as they really do let you have your firewall UTM cake and eat it. 

A Visit to Bletchley Park

The National Museum of Computing, located at Bletchley Park, is an independent charity housing the largest collection of functional historic computers in Europe, including a rebuilt Colossus, the world’s first electronic computer and the WITCH, the world's oldest working digital computer. The Museum enables visitors to follow the development of computing from the ultra-secret pioneering efforts of the 1940s through the large systems and mainframes of the 1950s, 60s and 70s to the rise of personal computing in the 1980s and beyond.

Funders of the museum include Bletchley Park Capital Partners, CreateOnline, Ceravision, InsightSoftware.com, Google UK, PGP Corporation, IBM, NPL, HP Labs, BCS, the Drapers' Foundation, Black Marble, and the School of Computer Science at the University of Hertfordshire.

The museum is currently open to the public on Thursdays, Saturdays and Sundays from 1pm and on summer Bank Holidays. Guided tours are also available at 2.30pm on Tuesdays. There are often additional opening times for the public; see the website or the iPhone app for updates. Educational and corporate groups are very welcome and may be on any day or evening by prior arrangement.

For more information, see www.tnmoc.org (link is external) and follow @tnmoc on Twitter and The National Museum of Computing on Facebook and Google+. A TNMOC iPhone App is also now available from the iPhone App Store.