Sure - asset lifecycle management is a core ITIL concept. It should be built into your CMDB.
But large orgs have tens, if not hundreds of thousands (or millions) of assets. Everything from certs to software licenses to supplier contracts. It's a full time job, for probably a small army of people, to put all these things into a system, and respond to the upcoming renewals. But alerting: that's just the first step: some alert comes up that says "xyz fire suppressant system needs to be re-certified". So what? You need to have a team to hand this off to, and they need to have a process to follow to get it done (you don't want Ops people making up stuff on-the-fly - that leads to SEV1 as well). But the reality probably is, that in the 5 years since the alert was created, the DCFM team's been through several re-organisations, several business mergers/demergers have occurred, and some functions have now been outsourced. So whatever team or position was responsible for this before is long gone, and no one ever went and updated this alert. So now someone has to go negotiate with various managers to see who should take this on, who R&R/OPEX budget this is coming out of, etc. And if that someone hasn't have the right understanding of the time criticality of getting this job done in time, then stuff will break. In large orgs, technology (like getting a warning about something ) is such a small part of actually getting anything working, or keeping it running. It's all the other stuff, which is mostly processes and human interaction where things are always breaking. Now, if you're lucky, then you never re-organise, and the same people hang around for a long time. Then you have a good understanding of responsibilities, and people have a lot of accumulated knowledge of the environment. But that's generally impossible to accomplish in a 100,000 user environment - statistically, people will always be coming and going. Cheers Ken -----Original Message----- From: Ben M. Schorr [mailto:[email protected]] Sent: Monday, 25 February 2013 10:05 AM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates I realize we're operating on a MUCH smaller basis but whenever we create a record or certificate that expires on a schedule we also create a task with a reminder that pops up 30 days before that expiration so that nothing should quietly expire on us without us getting some eyeballs on it. Seems like having some kind of tickler system would make it a lot less likely for these kinds of routine tasks to go undone. Ben M. Schorr Chief Executive Officer Roland Schorr & Tower www.rolandschorr.com -----Original Message----- From: Ken Schaefer [mailto:[email protected]] Sent: Sunday, February 24, 2013 3:23 PM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates In large orgs, it will be impossible (at least in the near future) to avoid all issues like this. There's simply too much that isn't automated, or where the full set of rules aren't loaded into your automation tool, or the tasks are divided between too many people. Large orgs have SEV1s every day, and it's not always because of negligence - there's simply too many interdependencies that are unknown. For kicks, who here knows that installing AD creates a self-signed cert that's the default EFS recovery agent for machine based EFS? And it expires after three years? Stuff like this just happens in the background and can break things, simply because the PKI team doesn't know about the cert (not issued by the CAs), the AD team doesn't manage encryption, and which ever app team decided to use machine based EFS didn't think to sorry about recovery agents. And this is just a technical problem - when you start to throw finance and HR and other areas into the mix, things will always fall through the gaps. Cheers Ken -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, 25 February 2013 3:13 AM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates On Sun, Feb 24, 2013 at 4:47 AM, <[email protected]> wrote: > Things happen. I imagine meetings are happening and discussions on > how to root this out again are occurring. Sure. But when the same sort of things keep happening, it stops being an accident and becomes negligence. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
