IT Infrastructure Management

In Part one, I introduced the idea of Test Data Management or TDM.  TDM is not something unique to IT Applications in Cincinnati, Dayton or to Ohio. It’s something that will need to be addressed nationwide.  With more and more government regulations and data privacy concerns, it will be more and more important to not only manage production data, but also test data used for quality assurance as well. 

One of the aspects of good TDM is for the obfuscation (sometimes referred to as de-identification or masking) of data values from a production database in order to make the test instances “safe”.   One of the challenges is preserving data distributions and referential integrity–even across distributed database systems.  This is particularly important in the healthcare and financial industries where PHI (Personal Health Information), social security numbers or banking information could get exposed.

Another aspect is the challenge of maintaining security around the test databases themselves.   Many companies have tight security around production data, but next to none around test and developer data.   Often this data is just a copy of production data that is not masked in any way.   According to a Ponemon Institute study, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, that is compared to $197 in 2007.  With the cases studied a range of 4,200 to 113,000 records that were affected. 

Do any of you reading this have a little twinge in your stomach?  Can’t anything be easy anymore?  Maybe some RX is in order.  That was EASY!!!!
 

I had lunch today with one of our Cincinnati customers and he made the comment that his company had eliminated a lot of costs via their IT applications.  He also said there was no more low hanging fruit in their IT applications.  Everything is integrated and there are no easy changes. I laughed and said there is nothing easy any more; even my easy button quit talking!

In today’s world some IT applications have grown quite complex.  It was not that long ago an application developer that knew business could do the business analysis, the technical design, program the application, test and implement it.
Enterprise IT applications today require a team of dedicated professional working together and a good process methodology.  Many members of the team are specialized in a particular skill or a part in the development process.

One of the things that is sometimes overlooked or gets glossed over is testing and quality assurance.  I have even heard developers say “why should I test, that’s what we have users for”.   Because systems have become so integrated and complex, quality assurance is not something to be taken lightly.  As a matter of fact, it is quickly becoming a specialty in and of its self.  There are many aspects to quality assurance, but one that I think we will be seeing a lot more of in the coming months and years is the notion of Test Data Management.   To be continued……….

 

Yes, this is another of my continuing series of JavaFX posts. I hope you are enjoying the posts, and hopefully you will take a look at JavaFX, because it's really going to be a great platform. One of the key complaints from some application development folks is “yea it does cool animations, but where's the non-trivial uses?”. True there has been a lot of “toy” applications, some touted as “Enterprise”, but I want to give you a key usage for your business application development.
First off a brief primer on JPA, or Java Persistent API. The technology grew out of the complexity and (loathing) of the EJB 2.0 spec. Hibernate came up with way to use POJOs to persist data. The brains behind JPA were the driving force behind JPA. Now is the time to learn JPA, because it's a big part of the EE 6 spec.
Some notices here first; I am using NetBeans as my IDE. You should be able to use the general theme with Eclipse though. JavaFX can use Java classes in the script. The key part for me was how to integrate them. The easiest thing to is create a new Desktop application project (New Project → Java → Desktop Application). Pick the database application, so the JPA wizard displays. Select your table, and the wizard creates the JPA controller, and all of the Entity classes for you. Run the Build project, and now you have a JAR file. If you don't have NetBeans, or want to do this by hand, create the Controller and Entity classes and put them in a JAR file. Add the JAR file to your JavaFX project path, and your ready to go! The following Code can be put in your script to access:

To display all of the values, you can run a for loop like this:

The code above iterates through the List object created by findYourTableEntites, and puts it in a Vertical Box (Vbox). Each item in the Box is a Text object whose display value is one of your fields from your table.

You can now dynamically populate your fields from a database, but more importantly, you are using JPA to handle all of the heavy lifting. Notice I didn't mention anything JDBC. I let JPA do all of the communicating with the database. This is a layer abstraction that let's be an application development guy, not a DBA or Network Admin (not that there's anything wrong with that). If you are using an application server that handles JPA like Glassfish, then you can make your JavaFX application available on the browser and desktop. Now you can have that awesome looking application that actually does something. You are happy to start doing something cool, and your boss is happy because it does something he wants.

Happy New Year!!!  Welcome to a new year, new decade and a new beginning. 

As the recession recedes and recovery takes hold, IT executives are looking at their project lists and trying to decide what their priorities are.  Should we do application development in house or bring in an IT consulting company?  Should we consider an open source application?   What is the ROI?  What’s a company to do?   It doesn’t matter if your company is in Cincinnati, Dayton or Katmandu, the questions are the same.

Last month we did a pulse survey to see how IT leaders are managing ROI measurement.  The results were surprising and sparked a lot of conversation here at STAR BASE, Inc.  The thing that surprised us the most was the number of companies that did NOT look at ROI before doing a project.   Most of our respondents (58%) do not.

Some of conversations we have had revolved around the idea of doing a project or installing an application just to stay in the game.   Could you imagine a company of any size today functioning without email?  I could argue that there is negative ROI with amount of time managing my email in box takes! 

For those that measure ROI, only about half see the actual ROI align with the projected ROI most of the time.  The other half report that they see the actual ROI align with the projected ROI less than half the time and most said seldom or never.  I have often said that if management knew how much it was really going to cost to install that new ERP system before they started, they probably wouldn’t.

Since most of our respondents don’t look at ROI and of those that did, half said the ROI did not align, my question is this:  How do you decide what projects to do?  Are most companies spending money on IT because they need to “keep up with the Jones’ “?  Is it because installing that new ERP will look good on everyone’s resume?

Get your copy of our ROI Survey results by going here.

According to ComputerWorld, web application development remains top dog by far in the top IT skills to have in 2010.  Specifically, companies will look for developers with knowledge of .Net, Java, Web development, open source and portal technologies.  The article goes on to suggest that combining web application development skills with business analysis or project management skills is a big plus.  ComputerWorld lists the remaining skills to have for 2010 in its top six as:  Help Desk/Technical Support, Networking, Project Management, Security and Business Intelligence.

I feel ComputerWorld did not put enough emphasis on Security; this without doubt will be the biggest challenge for IT executives in the coming years.  Open-source software may be an innovative money saver, but IT professionals still have concerns that networks could be vulnerable to viruses, cyberattacks and other intrusions.

According to InfoWorld, a new survey from Forrester Research found that 58 percent of large companies have security concerns about open source. In addition, 57 percent of small and mid-sized businesses expressed concern that open-source software would be "complex and hard to adopt".

With the advent and increasing usage of open-source in the business world, expect to see demand for IT security related skills to grow.  According to the FLOSS 2020 roadmap presented at the Open World Forum in Paris, 40 percent of jobs will be related in some way to open source by 2020.  You can expect application development and security to comprise a great majority of these jobs.
 

When I went to JavaOne this year, I had some friends who went to the Google I/O conference a few days before. Besides getting a new G2 phone (lucky), they were raving about Google Wave. Google recently released Wave into beta, and I have had a chance to play with it.
For those who do not know, Google Wave is a new type of communication software that allows real time collaboration. I know, it sounds all buzzwordy, but it is real cool. Think of Wave as email, SMS, and a working SharePoint all in one. To start a Wave you select new and a text area displays. Select from your contacts to add people, write some text and press send. Sounds like email right? Well, what if after some correspondence, you need to bring other people into the loop? And those late comers are now asking new questions? I don't know about you, but I get confused trying to read emails with lot's of history, and getting new emails based off of some of that history. Google Wave fixes this because everyone is updating a single thread in real time. If you are added late, there is a play button to show the order of the messages. Since it is in real time, all response are shown when entered. You could follow a meeting while listening to a conference call, and ask questions during the meeting, instead of having a second meeting to discuss the first meeting.
Collaboration is the key aspect of Wave. I am using Wave to let some people in Brazil help me test my JavaFX application. As a Cincinnati based application development person, this already saves me time and money. I added a zip file, and instructions on how to use it. I can get their feedback, and update the zip file. I think all application development people can see how useful this is. I can update my code to my users, and have a history of feedback. This will work well for those “confused” management types who “forgot” their feedback.

Google Wave is also a development platform. You can create your own widgets to run on Google Wave. The widgets provided by Google are a poll widget, collaborative Sudoku, and emoticons. I have used the poll widget, and works nicely. If you have a yes/no/maybe question to ask, it really is useful. I have an idea of using TTS to create “talking” Waves.

The one thing I would like to point out is that you will be able to run the Google Wave engine on your boxes. That means you can have a “private” Wave and a “public” Wave. You can set access restrictions on Wave, so you can have control of who uses Wave. Now that it is in beta, look for an invite and get riding!

“IT executives increasingly implement marketing initiatives to improve the communications with their business customers. But these efforts often focus solely on the brand aspects of the services under the IT’s control without understanding the business’ perception of IT. To maximize the success, IT must add business satisfaction assessments to its tool kit. Understanding business satisfaction requires qualitative and quantitative data that capture customer expectations and perceptions through different types of interactions such as interviews, panels, focus groups, complaint systems, and surveys. This report provides best-practice recommendations, survey templates, and questions to guide IT executives through the deployment of a business satisfaction assessment. It applies Forrester’s deep expertise in external customer satisfaction to the interface between business customers and their internal IT suppliers.” says a new Forrester report.

I have served on countless business application development teams within several organizations in the Southwest Ohio and Cincinnati Information Technology community, one thing I can say is that most IT organizations do not gauge business satisfaction with IT business solutions.  I have served in only a couple of organizations where the business serves on the IT governance committee.  An organization does not have to be “big” to have an IT governance committee.  No matter what the size of the organization decisions are made as to priorities in IT work.  IT governance does not have to be a long drawn out process or take great time commitment from the business or IT executives, but business involvement in IT governance goes a long way in gaining business buy-in as you roll out the IT business solutions to the business.

Involvement in IT governance is just one way that many organizations in the Greater Cincinnati area can improve the IT-business relationship.  The Forrester report goes into ways to solicit and gauge business satisfaction with IT business solutions.  Doing so should affect decisions concerning not only IT business solution delivery but also IT Infrastructure and IT outsourcing initiatives.

 

• Network security specialist: A person familiar with intrusion detection systems.
• Penetration testers: Someone who can assess a system's potential vulnerabilities.
• Incident handlers: People who understand attack methodology and can apply critical thinking skills to respond to incidents.
• Forensics Analyst: The person who looks for evidence after an attack.
• Research Analyst: The person to keep abreast technological advances in incident response activities.
• Team Leader: Leads the team through crises and communicates to the business incident activities and cost to the business.

• Preparation and Training: for both prevention and incident response.
• Identification: fast identification of an occurring attack and its impact on the IT infrastructure can help in minimizing the duration and cost of clean-up.
• Containment: Once an attack has been identified, steps must be taken to minimize the effects of the attack.
• Recovery and Analysis: The recovery period allows analysis and lessons learned of What happened? Why did it happened? Was the response effective?

             PGM        PARM(&DBF &ZIPFILE &FORMAT)


             DCL        VAR(&DBF) TYPE(*CHAR) LEN(32)
             DCL        VAR(&ZIPFILE) TYPE(*CHAR) LEN(255)
             DCL        VAR(&FORMAT) TYPE(*CHAR) LEN(6)
             DCL        VAR(&FILE) TYPE(*CHAR) LEN(10)
             DCL        VAR(&LIB) TYPE(*CHAR) LEN(10)
             DCL        VAR(&MBR) TYPE(*CHAR) LEN(10)
             DCL        VAR(&CMD) TYPE(*CHAR) LEN(255)
             DCL        VAR(&TEXTFILE) TYPE(*CHAR) LEN(15)
             DCL        VAR(&TEMPFILE) TYPE(*CHAR) LEN(40)
             DCL        VAR(&ERRLOOP) TYPE(*CHAR) LEN(1) VALUE(N)
             DCL        VAR(&INTER) TYPE(*CHAR) LEN(1)

             MONMSG     MSGID(CPF0000 QSH0000) EXEC(GOTO CMDLBL(ERROR))

             RTVJOBA    TYPE(&INTER)

             CHGVAR     VAR(&FILE) VALUE(%SST(&DBF 3 10))
             CHGVAR     VAR(&LIB) VALUE(%SST(&DBF 13 10))
             CHGVAR     VAR(&MBR) VALUE(%SST(&DBF 23 10))

             /* Ensure ZIP directory exists for error logging */
             MKDIR      DIR('/zip')
             MONMSG     MSGID(CPFA0A0)

             /* Delete &zipfile if it exists */
             RMVLNK     OBJLNK(&ZIPFILE)
             MONMSG     MSGID(CPFA0A9)

             /* build text file name */
             IF         COND(&FORMAT *EQ *DLM) THEN(DO)
                CHGVAR     VAR(&TEXTFILE) VALUE(&FILE *TCAT '.csv')
             ENDDO
             ELSE       CMD(DO)
                CHGVAR     VAR(&TEXTFILE) VALUE(&FILE *TCAT '.txt')
             ENDDO

             /* generate temporary file name */
             RTVTMPIFSN NAME(&TEMPFILE)
             IF         COND(&TEMPFILE *EQ ' ') THEN(CHGVAR VAR(&TEMPFILE) +
                          VALUE('/tmp/$$__tempfile'))

             /* export DBF to temporary file */
             CPYTOIMPF  FROMFILE(&LIB/&FILE &MBR) TOSTMF(&TEMPFILE) +
                          MBROPT(*REPLACE) STMFCODPAG(*STDASCII) +
                          RCDDLM(*CRLF) DTAFMT(&FORMAT) RMVBLANK(*TRAILING)
             MONMSG     MSGID(CPF2817) EXEC(DO)
                SNDPGMMSG  MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA('Error +
                             converting Database File to Interface File') +
                             MSGTYPE(*DIAG)
                GOTO       CMDLBL(ERROR)
             ENDDO

             /* Send 'compressing' status message */
             IF         COND(&INTER *EQ '1') THEN(SNDPGMMSG MSGID(CPF9897) +
                          MSGF(QCPFMSG) MSGDTA('Compressing file ' *CAT +
                          &FILE) TOPGMQ(*EXT) MSGTYPE(*STATUS))

             /*---------------------------------------------------------------*/
             /* This command is using the unix environment to zip up the file */
             /* extracted above.  All errors are logged to a text file        */
             /* named error.txt.  The 2>> operator redirects stderr to the    */
             /* file following it, and adds any messages to the end of the    */
             /* file.                                                         */
             /*                                                               */
             /* The following unix utilities are used here:                   */
             /*  ajar - create an archive                                     */
             /*                                                               */
             /* The following environment variables are used here:            */
             /*  QIBM_QSH_CMD_ESCAPE_MSG - Sends QSH0005 as an escape message */
             /*        if the exit status is not 0 (Qshell error condition)   */
             /*---------------------------------------------------------------*/
             /* Send an escape message if the command fails */
             ADDENVVAR  ENVVAR(QIBM_QSH_CMD_ESCAPE_MSG) VALUE(Y) +
                          REPLACE(*YES)

             /* Create &zipfile from temporary file */
             CHGVAR     VAR(&CMD) VALUE('ajar -c -M' *BCAT &ZIPFILE *BCAT +
                          '''' *CAT &TEMPFILE *TCAT ''' :' *BCAT &TEXTFILE +
                          *BCAT '2>>' *BCAT '/zip/error.txt')
             QSH        CMD(&CMD)
             MONMSG     MSGID(QSH0005) EXEC(DO)
                SNDPGMMSG  MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA('Error +
                             creating ZIP file') MSGTYPE(*DIAG)
                GOTO       CMDLBL(ERROR)
             ENDDO

             /* Delete temporaty file */
             RMVLNK     OBJLNK(&TEMPFILE)
             MONMSG     MSGID(CPFA0A9)

             /* Exit Normally */
             GOTO       CMDLBL(OUT)


             /* Process Errors */
 ERROR:      IF         COND(&ERRLOOP *EQ Y) THEN(GOTO CMDLBL(OUT))
             CHGVAR     VAR(&ERRLOOP) VALUE(Y)

             /* Delete temporaty file */
             RMVLNK     OBJLNK(&TEMPFILE)
             MONMSG     MSGID(CPFA0A9)

             /* Send Escape message */
             SNDPGMMSG  MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA('Error +
                          Processing File') MSGTYPE(*ESCAPE)

 OUT:        ENDPGM

A couple of weeks ago, I made the trek to Columbus and attended the Ohio chapter meeting of TechServe Alliance of which STAR BASE, Inc. is a member.  In talking with other owners and corporate executives, everyone is pretty much saying the same thing: “We are seeing more sales activity, just no commitments.”   Seems like everyone involved with Ohio Information Technology firms is in the same boat.  In Cincinnati, things might not be quite as bad as Columbus because there is less state government work.

So why is there a lack of commitment?  There could be many reasons, but it all boils down to what I call the FUD Factor.   Never heard of the FUD Factor?  We would not be a real IT Consulting firm if we couldn’t use a TLA (three letter acronym) and it’s not what you’re thinking!  FUD is short for Fear, Uncertainty and Doubt. 

When the FUD factor is high, people tend not to make commitments, changes or decisions.  Doing nothing seems like the safest choice.  A high FUD factor equals RISK and as a society, we have become very risk adverse.   When the FUD factor is low, decisions are much easier to make, less risky. 

With the economy down and so much uncertainty, the FUD factor is definitely high.  So is doing nothing really a good choice?  Things tend to move in cycles or patterns, it is the way of the world... Losers become winners. Winners become losers. Day yields to night; nights divide the days; summer gives way to winter. Life goes on...always as it always was...but never the same.

Will you be ready?
 

Reasons hacking is easy for Chuck Norris
1. Chuck Norris can overflow your stack just by looking at it.
2. To Chuck Norris, everything contains a vulnerability.
3. Malicious File Execution. Nuff said.
4. Chuck Norris doesn’t need sudo, he just types “Chuck Norris” before his commands.
5. Two words: Brute Force.
 

1. Document more than the minimum 7,500 hours of business analysis work.  This ensures that if your hours are reduced in the review process that you will still have enough hours to qualify to sit for the exam.  This goes for total hours as well as hours in each of the knowledge areas.  I personally documented 9,000 hours on my application.
2. Put the language on your application in the wording of the BABOK®.  By putting your work tasks and deliverables in the language of the profession it is less likely that the hours will be discounted in review.
    

This is the last of a three part series; part one is here and part two is here. Many application development guys are wondering, what is the Cloud, and what is the Sun Cloud? Think of Cloud computing as a virtualized data center. In part one I talked about VirtualBox, which allows you to virtualize network components and resources. Think of VirtualBox working on the atomic level, taking small resources to create a virtualized network. Now Cloud computing takes all of the virtualized networks and utilizes them as resources in a virtualized data center. The Sun Cloud is a set of APIs to let you manage networks and storage areas as resources. You can cluster or categorize networks in any way you wish. You can manage user access to the resources, not unlike application development teams utilize in web applications.
What does all this mean to application development and management? It means that you can create a single network and copy or clone it. For example, you can create a single network instance with servers, storage areas databases, and clone the entire network for each region you manage. That means all networks are managed in one spot, and all regions are setup exactly the same. No application compatibility issues. You can, of course, add or remove components, but they are all have the same infrastructure. You can upgrade the virtual network, and pass the changes to the other regions. The electricity saved by running virtualized datacenters would be significant. You can connect to your partners’ virtualized networks to access their data. For application development teams, that would change how we design applications if we have access to external data and applications.

This was my fifth JavaOne conference. Since it is always at the Moscone center, I know pretty much every nook and cranny of JavaOne. Although smaller this year, I thought this was the best one yet. The people there were truly happy to be there, and combined with takeover news and a bad global economy, a bigger sense of cooperation. I would highly recommend coming to one if they still have one. Nobody, not even James Gosling (I was in a group of 20 who had a 45 minute meeting with him) knows if there will be one next year. The reason you come to JavaOne is not the presentations (they are great!), but the people. Meeting and befriending people who created your favorite blog, book, or technology is the reason to come. I remember meeting Craig McClanahan (co-creator of struts) in 2004, and saying "that’s Craig freaking McClanahan!" Last year, I was honored a share a picture of beer with him, Jarda Tulach (inventor of NetBeans), and Geertjan Wielenga (JavaLobby blogger extraordinaire). Application development people get to "network" with the best and brightest architects, technical press, and business owners. This year I got hang with the JUG leaders, NetBeans Dream Teamers, and the JavaFX guys. I wrote, and helped edit a YouTube video "pushing Java", and met more of my fellow Java music software developers. I literally have friends from all over the world (yes Cincinnati too), and I am considered an honorary Brazilian because of JavaOne. Larry Ellison, if you are reading this, please don’t stop JavaOne!