28 June, 2010

Cloud Computing

What is Cloud Computing?

Cloud computing is a way to increase capacity or add capabilities on a fly without the investment in new Infrastructure, training personnel for supporting the new Infrastructure or licensing new software. Cloud computing encompasses any subscription based or pay-per-use service that is available in real time over Internet. Cloud computing can deliver cloud based solution from full-blown applications to storage services. After some goggling I am able to collect a rough breakdown of what cloud computing is all about.

  1. SaaS (Software as a Service)

    Saas delivers a single application through the browser to thousands of customers using a multi-tenant architecture. On the customer side, it means no upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting.

  2. Utility Computing

    Utility computing offers storage and virtual servers or even virtual datacenters that IT can use on demand. Some players offering this service are Sun, IBM and Amazon. Utility computing is currently used for supplemental and non-mission critical use, but soon it will replace few components from the Datacenter.

  3. Web services in the Cloud

    Closely related to SaaS, Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications

  4. Platform as a service

    It is another variant of SaaS and it provides development environment as a service. Developers can build their own applications that run on the provider's infrastructure and are delivered to their users via the Internet from the provider's servers. You don't get complete freedom because these services are constrained by the vendor's design and capabilities.

  5. Managed Service Provider (MSP)

    A Managed service is basically an application exposed to IT rather than to the end user. The MSP's may provide applications such as virus scanning, email or any other application monitoring service or desktop management service.

  6. Service Commerce Platforms (SCP)

    A hybrid of SaaS and MSP, this cloud computing service offers a service hub that users interact with. They're most common in trading environments, such as expense management systems that allow users to order travel or secretarial services from a common platform that then coordinates the service delivery and pricing within the specifications set by the user.

Today for IT decision makers it is a challenge to decide which service they should be opting from Cloud due to security or control on data as some of the risk. In any case Cloud computing is a good solution for Small Organization who can leverage on the Private Cloud infrastructure instead of investing on the physical datacenter and maintaining it. It is also a good option for Medium Organization which can utilize the virtual datacenter on demand in Hybrid Cloud scenario for application testing or non mission critical applications.

17 June, 2010

PMP® Formula Pocket Guide

Earned Value
CV = EV - AC CPI = EV / AC
SV = EV - PV
SPI = EV / PV
EAC 'no variances' = BAC / CPI
EAC 'fundamentally flawed' = AC + ETC EAC 'atypical' = AC + BAC - EV
EAC 'typical' = AC + ((BAC - EV) / CPI) ETC = EAC - AC
ETC 'atypical' = BAC - EV
ETC 'typical' = (BAC - EV) / CPI ETC 'flawed' = new estimate
Percent Complete = EV / BAC * 100
VAC = BAC - EAC
EV = % complete * BAC

PERT
PERT 3-point = (Pessimistic+(4*Most Likely)+Optimistic)/6
PERT σ = (Pessimistic - Optimistic) / 6
PERT Activity Variance = ((Pessimistic - Optimistic) / 6)^2
PERT Variance all activities = √sum((Pessimistic - Optimistic) / 6)^2

Network Diagram
Activity Duration = EF - ES + 1 or Activity Duration = LF - LS + 1
Total Float = LS - ES or Total Float = LF – EF
Free Float = ES of Following - ES of Present - DUR of Present
EF = ES + duration - 1
ES = EF of predecessor + 1
LF = LS of successor - 1
LS = LF - duration + 1


Project Selection
PV = FV / (1+r)^n
FV = PV * (1+r)^n
NPV = Formula not required. Select biggest number. ROI = Formula not required. Select biggest number. IRR = Formula not required. Select biggest number.
Payback Period = Add up the projected cash inflow minus expenses
until you reach the initial investment. BCR = Benefit / Cost
CBR = Cost / Benefit
Opportunity Cost = The value of the project not chosen.

Communications
Communication Channels = n * (n-1) / 2

Probability
EMV = Probability * Impact in currency

Procurement
PTA = ((Ceiling Price - Target Price) / Buyer's Share Ratio) + Target
Cost

Depreciation
Straight-line Depreciation:
Depr. Expense = Asset Cost / Useful Life
Depr. Rate = 100% / Useful Life Double Declining Balance Method: Depr. Rate = 2 * (100% / Useful Life)
Depr. Expense = Depreciation Rate * Book Value at Beginning of Year Book Value = Book Value at beginning of year - Depreciation Expense Sum-of-Years' Digits Method:
Sum of digits = Useful Life + (Useful Life - 1) + (Useful Life - 2) + etc. Depr. rate = fraction of years left and sum of the digits (i.e. 4/15th)
Mathematical Basics
Average (Mean) = Sum of all members divided by the number of items. Median = Arrange values from lowest value to highest. Pick the middle
one. If there is an even number of values, calculate the mean of the
two middle values.
Mode = Find the value in a data set that occurs most often.

Values
1 sigma = 68.26%
2 sigma = 95.46%
3 sigma = 99.73%
6 sigma = 99.99%
Control Limits = 3 sigma from mean
Control Specifications = Defined by customer; looser than the control limits
Order of Magnitude estimate = -25% to +75% Preliminary estimate = -15% to + 50%
Budget estimate = -10% to +25% Definitive estimate = -5% to +10% Final estimate = 0%
Float on the critical path = 0 days
Pareto Diagram = 80/20
Time a PM spends communicating = 90%
Crashing a project = Crash least expensive tasks on critical path.
JIT inventory = 0% (or very close to 0%.) Minus 100 = (100) or -100


Acronyms
AC Actual Cost
BAC Budget at Completion BCR Benefit Cost Ratio CBR Cost Benefit Ratio
CPI Cost Performance Index
CV Cost Variance
DUR Duration
EAC Estimate at Completion
EF Early Finish
EMV Expected Monetary Value
ES Early Start
ETC Estimate to Complete
EV Earned Value
FV Future Value
IRR Internal Rate of Return
LF Late Finish
LS Late Start
NPV Net Present Value
PERT Program Evaluation and Review Technique
PTA Point of Total Assumption
PV Planned Value
PV Present Value
ROI Return on Investment
SPI Schedule Performance Index
SV Schedule Variance
VAC Variance at Completion
σ Sigma / Standard Deviation
^ "To the power of" (2^3 = 2*2*2 = 8

16 June, 2010

Group Policy Guide

Group Policy settings worksheet

The policy settings for computer and user configurations included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy objects (GPOs).


Administrative Templates

Administrative Templates are custom ADM templates that can be imported for specific purpose (ADMX/ADML for Windows Vista/7/2008/R2). Below are the references for pre-generated templates you can download and use immediately.

Office 2007 Administrative Templates -This includes ADM, ADMX, and ADML templates for you to use

Office 2003 Administrative Templates -This includes ADM templates for Office 2003

Windows Powershell - Controls for Powershell via Group Policy

App-V (Application Virtualization) - The Microsoft Application Virtualization ADM template configures client settings for the App-V Windows Desktop Client and for the Terminal Services client

ADMX Migrator - Allows for migration from your ADM to ADMX/ADML file format


Group Policy Demos

14 June, 2010

Business Continuity Planning / Disaster Recovery Planning

Disaster

A disaster is the tragedy of a natural or human-made hazard that affects negatively and cause irrecoverable losses. Proper Business continuous planning is required to avoid and lessening losses during disaster. The BCP may consist of Hot, Cold or Warm DR Site depending on the Organizational needs. The DR site may be operated at a different location by the Organization or contracted to a vendor who specializes in DR services.


Cold Sites

A cold site is the most inexpensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. The lack of hardware contributes to the minimal startup costs of the cold site, but requires additional time following the disaster to have the operation running at a capacity close to that prior to the disaster.


Hot Sites

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites may be used to completely mirror the data environment of the original site using wide area network links and specialized software. Following a disruption to the original site, the hot site exists so that the organization can relocate with minimal losses to normal operations. Ideally, a hot site will be up and running within a matter of hours or even less. Personnel may still have to be moved to the hot site so it is possible that the hot site may be operational from a data processing perspective before staff has relocated. The capacity of the hot site may or may not match the capacity of the original site depending on the organization's requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies and ecommerce providers


Warm Sites

A warm site is, quite logically, a compromise between hot and cold. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. Warm sites will have backups on hand, but they may not be complete and may be between several days and a week old. An example would be backup tapes sent to the warm site by courier.


General steps to follow while creating BCP/DRP

  1. Identify the scope and boundaries of business continuity plan. It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution's assets.
  2. Conduct a business impact analysis (BIA). Business impact analysis is the study and assessment of effects to the organization in the event of the loss or degradation of business/mission functions resulting from a destructive event. Such loss may be financial, or less tangible but nevertheless essential (e.g. human resources, shareholder liaison)
  3. Sell the concept of BCP to upper management and obtain organizational and financial commitment. Convincing senior management to approve BCP/DRP is key task. It is very important for security professionals to get approval for plan from upper management to bring it to effect.
  4. Each department will need to understand its role in plan and support to maintain it. In case of disaster, each department has to be prepared for the action. To recover and to protect the critical functions, each department has to understand the plan and follow it accordingly. It is also important for each department to help in the creation and maintenance of its portion of the plan.
  5. The BCP project team must implement the plan. After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan.
  6. NIST tool set can be used for doing BCP. National Institute of Standards and Technologies has published tools which can help in creating BCP.

With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.


Control measures in recovery plan

Control measures are steps or mechanisms that can reduce or eliminate computer security threats. Different types of measures can be included in BCP/DRP. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure. Types of measures:

  1. Preventive measures - These controls are aimed at preventing an event from occurring.
  2. Detective measures - These controls are aimed at detecting or discovering unwanted events.
  3. Corrective measures - These controls are aimed at correcting or restoring the system after disaster or event.

These controls should be always documented and tested regularly.


Further reading

  • "A Guide to Business Continuity Planning" by James C. Barnes
  • "Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L Fulmer
  • "Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell
  • ICE Data Management (In Case of Emergency) made simple - by MyriadOptima.com
  • Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down.
  • AIIM E-Doc Magazine, 18(4), 42-48.
  • Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32-34.