Dave Bartlett leads a select team of black belt architects who are focused on transforming the way Tivoli is used to deliver state of the art industry based solutions. This mission will take you to a place where service management meets SOA to create eye-popping sustainable value.

Verizon focusing on 700 mhz band spectrum across the country

a quiet evolution is now advancing the wireless revolution

Verizon Wireless announced last year that it would open up its network for any company to leverage!

Industry watchers anticipated market leading, high profile features around low cost international calls and Google applications.

It it interesting to note that the first to take advantage of the open network was a machine-to-machine device and automated system. Is this the next evolutionary phase of devices on the open network?

What was this device and who made it?

A wireless device from SupplyNet Communications, a 21-employee firm in Schaumburg, Ill., which certified under Verizon's Open Development Initiative.

Their battery-powered modem connects to a sensor that dips into large storage containers, like construction-site diesel tanks or tanks of shortening at a food factory. When a tank runs low, the modem zips off a text message to SupplyNet, which alerts the customer that it needs a refill.

Why Tivoli Monitoring Solutions are so important to payment systems

In any profit-making enterprise, minimizing the time between the moment the goods have been sold to the time payment is collected is crucial for maintaining good cash flow. The importance of keeping accounts receivables to a minimum is more sensitive in industries which depend on volume-sales with razor-thin profit margins. Let's consider Supply-chain-management in such environments.

A PC manufacturer is in the business of assembling "custom" built PCs receiving customized orders on the web. The firm buys PC components from hundreds of vendors using a 'Just-in-Time' inventory model. Because vendors sell in small batches, they need payment on delivery - no long accounts receivable credit cycles. Payments flow continuously between the PC maker and hundreds of global vendors. In a modern-day efficient supply chain management environments, Straight-Through-Processing between buyers and sellers, commonly abbreviated in payments parlance as STP, are a prerequisite for the chain to function efficiently. No human interactions are expected as invoices and payments exchanges transact between parties.

Consider payment transactions between the PC manufacturer and a hard drive manufacturer, assuming invoices are paid through bank-to-bank automated payment transactions.

When payments get lost or delayed, the originating bank (buyer) and the receiving bank (seller) respectively have to probe deeply where payments are stuck and where the delays occurred. The problem doesn't end there- bedlam occurs all over. When payments are delayed, the hard drive maker runs into negative cash flow situations, and is then subject to angst from its own vendors, stopping hard drive supplies to the PC maker. On the other end, the PC manufacturer shop floor comes to a grinding halt for want of hard drives. Production managers, buyers, accounting and shipping personnel spar with each other, pointing fingers. Repeated occurrences of such supply-chain payment malfunctions ultimately bring loss of revenue and loss of reputation for the banks.

Banks can alleviate such situations by deploying a robust monitoring solution across the enterprise. Tivoli Monitoring comes in many flavors and its abstraction of data being monitored caters to the needs of the observer.

An operational IT admin may want to monitor CPU utilization, memory usage, disk usage across the swath of heterogeneous platforms and technologies in the banking data center. An application developer or performance analyst may want to understand the decomposition of a payment functions into transactions the application memory usage pattern and the response times of individual requests. A SOA architect may want to analyze relationships between payment service requests and the implementation artifacts such as J2EE beans, CICS calls, and database requests.. A business analyst may want to monitor payment processes to spot payment bottlenecks, inefficiencies and duplication of functions

Tivoli Monitoring solutions address them all!

Lack of monitoring increases operational risk for banks. This can cause delays in payments, that, if left unchecked, indirectly increases intraday-credit risk for the banks. Delays in payments can affect the buyer's bank, seller's bank, the buyer and the seller. Payment services monitoring becomes crucial here. Tivoli Monitoring tools allow integrated payment solutions to function smoothly by overseeing their operations. This lowers payment costs- a huge profit eater. Monitoring provides a higher service quality to banking payment services and results in more productive, efficient STP throughputs. Faster payments become a key differentiator to the bank.

A chain is only as strong as its' weakest link

Hannaford, the large grocery chain based in Maine(where we often shop) had 4,200,000 credit card numbers intercepted as they were being transmitted last month from store point-of-sale systems to their payments systems. The credit and debit numbers were intercepted and then transmitted in batches to a location overseas.

Hannaford claims to be PCI(Payment Card security standard) compliant, although, that has not been independently validated. For sure, PCI is critically important and goes a long way to protect card details but to insure protection of transit and payment systems, where hackers apparently are now focusing, you have to go beyond PCI! To Hannaford's credit they are now doing just that!

I was with a number of large banks in a financial security conference in Milan, Italy this month to study this issue. Our Tivoli architects have teamed with IBM ISS (internet security) to cover the 12 major areas of PCI compliance. More importantly we have products that go beyond PCI to provide more holistic protection. We are also developing this capability with companies such as ACI that provide banking applications.

After all, a supermarket 'chain' is only as strong as its weakest link, and it only takes one unmonitored port, for example, to destroy the credibility and trust of an enterprise.

Lessons learned from 2,400 cancelled flights ?

What was behind the cancellations?

American's (AA) problem and other Airlines' cancellation of flights stems from a September 2006 airworthiness directive (AD), based on a July 2006 Boeing Co. service bulletin, required airlines to inspect the planes (MD-80) within 18 months and do any required modifications.The 2006 directive said the work was needed "to prevent shorted wires or arcing at the auxiliary hydraulic pump, which could result in loss of auxiliary hydraulic power, or a fire in the wheel well of the airplane; and to reduce the potential of an ignition source adjacent to the fuel tanks, which, in combination with flammable fuel.”

Whose fault was it?

Was this a case of AA failing to comply with the AD? It appears that AA performed the inspections and the work was approved by a different FAA inspectors that where assigned to AA. But the new inspectors did not agree with the approval records and hence the mess. So, was this more of a FAA auditing problem or a problem of AA not doing the inspections? Evidence points to the FAA , but AA paid the price...

What can be done to mitigate future related risks for the airlines (and the passengers)?

Putting all the political FAA and AA issue debate aside, this shows how important having the “Best” Asset Management System is. In Tivoli's Maximo Configuration Manager for Aerospace solution, service bulletins and airworthiness directives are entered and associated to each related aircraft to have maintenance work performed. As part of the process, all work, materials, costs and documentation (including pictures) are recorded and time stamped for each asset. It would have to include, who did the work and who approved the work. We are investing a lot architecting such solutions for airlines. The use of Maximo for Aerospace solution could significantly help companies like AA, to show what work had been performed and on what specific assets.

Payment Frameworks - The time is right

Banks have been in the headlines recently. Most of the news is not what banking institutions and investors want to see. For sure this is a global event that is being felt around the world. Europe has not been exempt with highly esteemed institutions such as UBS recently stating they will take yet another multi billion write-off. More than ever, cost reduction strategies and the implementation of better management is required.

So what is the good news? Payment Systems initiatives such as The Single Euro Payments Area (SEPA) initiative for the European financial infrastructure are an area of great promise for cost reduction and efficiency. According to Wikipedia, A payment system are the procedures and associated computer networks used to settle financial transactions in bond markets, currency markets, and futures, derivatives and options markets, and to transfer funds between financial institutions.

The SEPA project aims to improve the efficiency of cross border payments and turn the fragmented national markets for euro payments into a single domestic one: SEPA will enable customers to make cashless euro payments to anyone located anywhere in the area using only a single bank account and a single set of payment instruments.[1] The project includes the development of common financial instruments, standards, procedures, and infrastructure to enable economies of scale. This should in turn reduce the overall cost to the European economy of moving capital around the region (estimated today as 2%-3% of total GDP).

However, there is a cost of implementation and the expense of payments systems is compounded by global influences that are forcing significant regulatory changes as well as customer demands for easy, quick, and transparent transactions. Implementing an efficient payments system that can manage the integration of various payment services through a common platform, can streamline operations, helping financial institutions to focus on innovation and growth.

Solutions based on service-oriented architecture(SOA), such as the IBM Payments Framework, answer the call for global initiatives such as SEPA. Financial companies, however, also need a way to manage the rich functionality offered by SOA based frameworks. Our Tivoli, industry focused solutions, provides such management in four critical areas: Security Management, Performance and availability monitoring, Service Management, and Risk and Compliance Management. Using Tiovli products as building blocks, we have architected what I like to call the Management Services Bus that can be applied to any payments framework.

Hey, Who turned the 3,400 megawatt lightbulb off?

This Tuesday we will see who will gets the power in the primaries. Last Tuesday we saw who lost the power: 584,000 customers in Florida! Not a pretty sight. The good news? 66% had power restored within an hour, 90% within two hours, and virtually all power restored in time for dinner. Most importantly, the nuclear reactors did what they were supposed to and protected themselves. All-in-all very significant when you consider that the outage involved 3,400 megawatts of generating capacity: 26 transmission lines, 38 substations, and three major generation plants including Turkey Point. You have to give credit to Florida Power & Light Company. Its' reputation as a high quality, efficient and customer-driven utility company was unfortunately put through quite a the test that, upon reflection, I think many people in Florida should feel fortunate about them passing. It could have been so much worse.

So what happened? Who turned out the lights? Well, apparently this was caused by a single individual(not a terrorist) but rather an employee. Chalk it down to human error! Looks like a field engineer, fixing a switch, went a bit too far disabling relays. In most of the industry's I work with, human induced problems now accounts for the largest and fastest growing percentage of errors companies face. We all know that part of the human experience is we do make mistakes. "To err is human..." "If you are not making mistakes, you are not trying hard enough...", etc... Of course, when it comes to critical systems such as power, we have to see this as an opportunity to learn and to apply more automation or (autonomic) responses and procedures for faults thus reducing the opportunity for this kind of human error to repeat itself. That is very relevant to the solution architecture we are working on. For example, the ability to combine recently acquired Maximo technology with fault and topology knowledge provided by Tivoli discovery and monitoring enables us to drive more intelligent automation based on these types of learning.

You know, it is only a matter of time before it happens again. Remember the last massive power outage in 2003, when about 50 million people were left without power across the northeastern United States and Canada? I do!(I lost a whole freezer full of food in that one) This is indeed a critical area we continue to focus on. We have a ways to go but it is encouraging that we are making progress in continually improving management systems to learn, to better protect and to reduce response time to such events.

The not so innocent MFP

A metamorphism has been quietly taking place down the hall in the printer room. Printers are quietly proliferating into network connected MFPs (Multi-Function Peripheral) devices with numbers in the 10's of thousands(and growing) in today's enterprise accounts.

So what else is sitting in the print station besides ink and paper? How about a network connected CPU processor, memory and a serious hard drive that is running Linux, Apache and PostGreSQL?

'That networked multifunction printer sitting innocently in the corner of your office just might be the most significant entry point for hackers to hijack sensitive data from your business' according to Ryan Naraine in a recent eWeek article

dated February 13th. 'Even worse, security researchers warn, they are a forgotten risk in every enterprise, featuring hardware that combines several functions in a single unit—fax, copier, printer and scanner.'

"A compromised [multifunction printer] is dangerous for a number of reasons. First and foremost, no one in the enterprise pays attention to them. That lack of visibility makes for a very attractive attack platform," according to Brendan O'Connor, in a presentation at Black Hat in 2006.

So what are we doing about this serious enterprise risk as the black belt team of Tivoli industry Solution Architects? A lot actually! We are working on a security framework for networked MFPs. We are designing security into this space(aka management by design), as opposed to throwing security products at it, in order to deliver enterprise class protection that leverages the full capability across Tivoli and IBM.

You don't need a hired gun when you have the right business model

In the absence of a 'killer' app, it looks like IMS will quietly replace standalone and disparate systems that are currently deployed over some time. We believe its not a 'killer' app that is going to drive IMS deployment, its going to be a 'killer' business model.

The latest generation of cell phones, (like the iphone) , has made web access much easier. Deutsche Telekom reports that iphone customer data downloads are 30 times greater than their other cell phone users. IMS is the vehicle whereby those mobile browsers can be delivered with location aware content, especially as they go from wireless to wi fi and back. What this means is that instead of competing on price in a maturing market, wireless service providers can now take what they know about the user (and where the user is!) and go after some of the advertising revenue opportunity. For example, information about the closest gas station or restaurant.

This web interface, group and presence arms race is already on. Google is bidding on wireless spectrum and developing an open os for handsets, they see very clearly that the carrier has a lock on the user and his location and they are trying to break that lock.

When it comes to 'killer' business models, it is like pushing the steamroller down the hill. Look at what just happened when Verizon came out with a new price plan that drives a new business model. Within 8 hours their two major competitors had matched it!

http://news.yahoo.com/s/ap/20080219/ap_on_hi_te/verizon_wireless_unlimited_10

Happy Valentine's Day Vallent!

Sweet! On Valentine’s Day, a year ago, IBM acquired the Vallent Corporation. Vallent's telecommunications software, combined with IBM Tivoli’s Netcool assets, created a unique portfolio of wired and wireless network management products and services. Adding Vallent’s technology has provided an integrated portfolio of service assurance software to help communications service providers manage fixed, mobile or IP networks.

In Industry Solutions we have been working with Vallent to enable a more intelligent and complete view of a network. For example, consider a simple voice service that a wireless service provider offers to its customers. Once initiated, a single call must cross multiple, wired and wireless networks just to establish and maintain a call. Every part of the network must not only be available, but also perform properly to assure service. If not, the customer might experience a dropped call or be unable to understand the conversation. Vallent helps service providers manage performance and quality at the network, service and customer levels.

CIA warns utilities about cyberattacks

"In a rare public warning to the power and utility industry, a CIA analyst last week said that cyberattackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities. "We do not know who executed these attacks or why, but all involved intrusions through the Internet," Tom Donahue, the CIA's top cybersecurity analyst, said Wednesday at a trade conference in New Orleans... "

Ref http://www.statesman.com/news/content/news/stories/nation/01/20/0120hackers.html

Our Tivoli Industry Solutions architecture team for the Intelligent Utility takes this kind of news seriously.

The Tivoli Security framework provide a comprehensive protection against isolating control networks in industrial environments such as power generating stations, water treatment plants and gas industries. Starting with operating systems, Tivoli products such as Tivoli Access Manager for Operating Systems provide a layer of authorization policy enforcement in addition to that provided by the UNIX(R) and Linux(R) operating systems. An administrator defines additional authorization policy by applying fine-grained access controls that restrict or permit access to key system resources. Controls are based on user identity, group membership, the type of operation, the time of day or the day of the week, and the accessing application.

User identity management and provisioning entitlements are managed through a robust role based access control product called Tivoli Identity Manager. Identities are vetted with a stringent process using a Trusted Identity framework to provide identity-proofing before enrolling contract laborers. Web applications managing utility controls can be finely tuned to adhere to strict separation of duties and role and rule-based access control policies. Tivoli's Federated Identity Manager establishes a circle-of-trust to ensure only the most stringently vetted identities from outside the utility company can come in through the IP networks to access secure resources such as switchgear control switching centers and equipment. To complement these enforcement products, Tivoli provides a range of audit and compliance management products such as Tivoli Security Operations Manager and Tivoli Compliance Insight Manager to track operational activity, correlate events generated by the security infrastructure as well as perform compliance monitoring analysis on privileged user activity.

Together, Tivoli's products reduce the risk of unauthorized entry into the utilities control networks.

As industries advance digitally so does the security risk

I am a fan of the Die Hard series (and that genre of movies.) The last film in the series Live Free or Die Hard did not disappoint. It was a worst case scenario security breach, that drives home the point that we cannot spend too much time thinking about security of the systems we are continually evolving.

While touring an energy company’s distribution center a few weeks ago, questions arose about how the company secures its SCADA (Supervisory Control and Data Acquisition) and process control systems. Of course this particular energy company goes to great lengths to isolate the distribution control systems from the corporate network, to diligently perform intrusion detection, and to rigidly enforce identity life cycle management.

The United States government is also very interested in how the owners and operators of bulk-power systems have either taken or are taking appropriate steps to protect against cyber-security vulnerabilities. Energy and utility companies are evolving to intelligent grids with integrated business and control systems that require access by a greater number of users. The concern is that as the utility grids become more interconnected to the Internet, run of the mill hackers and even terrorist groups will have greater opportunity to attack power generation, transmission, and distribution centers. A succession of minor disruptions to the flow of electricity flowing across power lines and transformers into homes and business has the potential to greatly impact the profit margins of energy and utility companies.

The problem has gained the attention of the National Cyber Security Division (NCSD) at the U.S. Department of Homeland Security, the Federal Energy Regulatory Commission. Federal regulators have issued a directive which:

'…requires all generator owners, generator operators, transmission owners and transmission operators that are registered by the North American Electric Reliability Corp. and located in the United States to provide to NERC certain information related to actions they have taken or intend to take to protect against' similar cyber vulnerabilities, according to the notice...'

While this is good step in the right direction, I think American energy and utility companies will need to take a good hard look at how they can better thwart future cyber attacks of the energy infrastructure.

Sources:

Why is asset management software so critically important?

At a point in the past we were focused on root cause analysis, but it turns out that the root cause of the problem is frequently outside the system, here's an example...

It's a few minutes before midnight at a cable company. The plan is to test the battery backup by cutting off the power. Someone is standing by the big junction box and ready to cut off the power to the street. (Over the past few years the focus has been on adding devices to the network and not on maintaining the batteries that backed up the street power...you get the picture...)

The clock strikes twelve and the lever is thrown, the power doesn't even stutter and the entire head end switches over to battery backup....success!....then someone says, "what's that smell?" uh oh, it looks like the batteries are cooking off...no problem, back they go to street power with a flick of the switch....meanwhile,a couple blocks away, a transformer turns into a roman candle. turns out they'd crossed some electrical line with the load rating of the transformer that served their facility.

The power goes out

Thousands of subscribers marooned

It is now a couple minutes past midnight and the cable company has gone from a perfectly functioning head end serving thousands of customers to a cable tv black hole...all without having a single problem ( outside the ones they made for themselves.)

Service Providers. Addressing the challenges

Another important thread that goes through this architecture is the convergence of system and network management. In the process of working with Service Providers we were able to see two things, one; carriers want to treat general purpose hosts running general purpose operating systems and specific applications as network devices performing specific tasks that use SNMP for events and counters related to the performance of those tasks, two; that there are some obvious problems with an approach to managing systems that doesn’t treat them as systems and leverage what we know about managing systems.

We also discovered pretty early on that security is a critical part of NexGen service assurance, first; because Denial of Service attacks have critical effects on device and system performance, and second, because these are income generating services and revenues that ride on being able to deliver services to paying customers and deny services to those who don’t pay or aren’t customers.

As we face the question of how to converge our systems and network management styles and capabilities, our customers are facing the same challenges. What is exciting for us is that we, as a solutions group, get to participate in the cross product/cross platform/cross customer convergence efforts and if we get it right enough soon enough, we’ll be able to help our customers with the same problems.


Oct 26 2007, 05:10:01 AM EDT Permalink

Service Providers. What's the challenge?