Client Server Management Book Review
Reprinted with permission of The Best
A publication of the Open Systems Research Group
The Client Server Management HandiGuide®
NOTE: All of the materials included in this offering have been updated and are included in the IT Governance Infrastructure Strategy and Charter Template. This product is obsolete and no longer sold.
The Best Practices Report has made a point of insisting that sound policies, rather than technology quick-fixes, represent the only competent way to manage an enterprise computing environment. Without well-defined, carefully-enforced policies, IT organizations leave themselves open to problems caused by incompetence, maliciousness, or plain bad luck. With policies that include clearly-defined responsibilities for IT personnel and clear, step-by-step processes, most management challenges can be overcome.
Well and good. But what if you don't have any policies-or, at any rate, any worth talking about? What if it's your first major foray into client/server computing, or you've woken up one day to find yourself in control of a sprawling network?
The Client Server Management HandiGuide, by M. Victor Janulaitis provides a comprehensive set of policies for the important areas of client/server management. The book offers an excellent foundation from which managers can build their policies as they gain expertise. As Janulaitis warns, not having such a foundation could be a real liability for a manager:
You have to understand what auditors and executives in
corporations look for, and how they measure whether someone is operating efficiently and
effectively. The first thing they will always ask is, "Do you have a policy and
procedure in place to deal with the situation?" If you don't have that in a critical
area, you can be marked down in your organization. Secondly, are you following the policy
and procedure that you had in place? And third, is It the right policy and procedure? Each
is a different level of priority. What I would say within an organization is, if you have a client/server operating environment, you have to have some management guidelines and rules.
The book is divided into four major sections:
- "Management," which covers the structure and processes of managing a client/server environment
- "Technology," which provides rules and guidelines
for handling technology issues such as LAN management,
Backup and Recovery, Application Development, and more;
- "Asset Security and Control," which provides detailed policy on security and access control; and a glossary of key terms.
The problem with [client/server computing] is that it's so sexy... that you want it right away But unless people are willing to do it properly and within the context of the technology, what you're going to get is going to be very disappointing. And that's what [Janulaitis'] publication does: It just puts a skeletal system on this beast-and at the end, it works. -- Frank Piluso, VP & CIO, New World Pictures.
Janulaitis approaches the task of establishing policies systematically, beginning by defining a prototypical management structure, and the job descriptions of its employees. He then takes the reader step-by-step through the important operations that must be carried out by this IT organization: personnel practices, risk assessment, business resumption planning and insurance, backup and recovery, service requests, security and access control, and so forth.
The book was developed out of a number of client-server projects that Janulaitis performed for its clients. He explains:
"One of the things that we do in our consulting world is to help develop guidelines and rules for people to manage more effectively We had about three or four projects where we started putting into place a client/server operating environment, and in the course of doing that we said, Wait a second, this is the same set of things we used to do in the mainframe world a few years ago," and it was very complicated and a lot of people don't even know where to start. So we started taking a look at our processes-when you put a client/server system in place, what do you have to deal with for fire, with backup and recovery, with management and reporting relationships?
We said that these are issues that are generic across anyone
in the client/server environment So we took a lot of information from our consulting work,
and put it together in this book."
The Best Practices Report
The book is written with a clear "mainframe class management" mentality, which is to say that it stresses security and control over openness and flexibility. Janulaitis is writing for people whose client/server systems will be handling mission critical applications or sensitive data, and he does a good job of applying the lessons learned in the mainframe world to the client/server arena. His handling of the area of security and access control is particularly thorough, covering physical access control, software and data access control, resource protection for specific network elements, and facility requirements for secure operations. He also defines a comprehensive service request process through the entire life cycle of the process.
Nor is Janulaitis a mere armchair quarterback:
We practice what we write, and it has worked for us in two recent situations. One, our corporate accounting offices are in Malibu CA, and about two years ago there were some fires in our area. One of my neighbors was running a client/server DEC-based application about three blocks away from where our offices are. The fires came through, and we had everything offloaded, everything out of our offices so that we could recreate anything that we needed to. This other guy who was running a hospital design firm was unable to do that. His facility burned, he had no backup and recovery, no tapes loaded offsite -- he went bankrupt. I'm still in business. Three months later, comes January, we have this major earthquake.
My offices are right beneath a major studio, and the pipes break in their offices. Through my entire offices, 5000 square feet, I've got 4 inches of standing water on the second floor. Our office was out of operation for a grand total of 36 hours. We got all of our data back, we got our network back, and all our client/server applications back up and operational. And by the way, anything we had for business interruption was covered by the insurance, because we had identified our requirements for insurance.
Even for organizations with an established set of policies, the Client Server Management HandiGuide is useful because of its comprehensiveness and level of detail -- it can be used to assess the adequacy of existing policies, and to add new ones. For example, in his section on Personnel, Janulaitis notes that the two times when an employee is most dangerous are (1) when he is first hired, and doesn't know what he is doing; and (2) when he is terminated, and does. He provides an analysis of the appropriate policies in the case of termination of an employee, and identifies key practices:
The staff member should be restricted from all critical Client Server processing areas The staff member should be immediately taken off the computer system as users, e-mail and voice mail lists and have the associated passwords deleted If the staff member is in a sensitive Client Server position, his system passwords, security cards, and locks should be immediately changed The staff member should be required to return all keys, identification cards, software, data, and documentation to the supervisor The staff member should be debriefed by the supervisor and advised that he may not continue to use any enterprise Client Server facilities, data, or equipment.
A list of Client Server accounts which the individual was authorized or able to interact with should be forwarded immediately to the Client Server Resource Manager.
This degree of thoroughness is provided throughout the manual. The book assumes a need for a level of control characteristic of an operations-center; as a result, it may be overkill for smaller environments or environments with widely dispersed, non-mission-critical functions. And no policy will be effective without adequate enforcement and support from upper management.
Still, its basic tenets are as valid for small operations as large, and in any case, small organizations that lay a policy groundwork for their IT organization will be well prepared for the day they become large.
I think anyone who's going to go off into client/server needs some documented guidelines-"how-to" books. It's one thing to bring a consultant in and hear all the good words, it's another to have a reference book to go back to when you've forgotten all the wonderful things that the person said when he was here. I think we use it very much as a reference guide... [The book] is not client/server as an end unto itself -- it works very well in reference to environments where you may be migrating from the mainframe or PCs to client/server, or you may realize that you're always going to have a mix of platforms, or you may have to make platforms work together as you start a migration one way or the other. I think the book is very good at helping you do those type of things. For example, we have disaster recovery plans in place for our mainframe, and one for our PCs and LANs, but there are a lot of considerations when you start doing client/server relative to disaster-recovery and business resumption, and this book pointed out a lot of good areas on how to do that. -- Stan Johnson, Former VP & CIO, Port of Los Angeles
In addition to the Client Server Management HandiGuide, Janulaitis publishes another book of interest to IT managers: The Information Systems Position Description HandiGuide. This book provides a comprehensive listing and description of all IT job titles, from senior and executive management to middle management and staff. Over 125 different positions are defined in detail. In addition, the book provides an overview of applicable laws governing employment practices.
The best book we've ever seen that he's put out is called the Information Systems Positions Descriptions HandiGuide. The reason we like that one so much is because I've been able to justify additional staff based upon using his description of the jobs. It has been a very, very great help to me.