Monitoring Tools – Discover Objectives
Posted by: Derek Kuhr
Uncategorized
Over the past few months, I have had several monitoring tool discussions with various clients. I am going to pull together some of my thoughts, experiences, and discoveries to walk through a framework for identifying monitoring needs and objectives. Hopefully this can help you think a bit out of the box and focus on the customer needs rather than a set of feature/function requirements.
Step 1 – Define Business Objectives
Before just diving into tools and features, it is important to build a prioritized list of business pains or objectives that will guide the monitoring requirements. In many cases, these objectives can have many common elements or can even be the same from business to business. Yet, every business has some unique aspects that need addressed. Often, this means stepping back away from “monitoring” and looking at what concerns or pains started the whole discussion. Examples of common business requirements may be:
- Contracts require timely responses to customer requests
- Sales are lost if systems are not available
- Decrease the amount of time users spend waiting for systems to respond
- Prevent unplanned system outages
- Enforce acceptable use policies
- Provide legal discovery capabilities
- Provide supporting information for employee termination
Step 2 – Convert Business Objectives to Technical Requirements
These concerns or requirements can then be translated into a combination of technical requirements. You need to look into the “who, what, when, where, why, and how“ of each concern to really understand them and all the components that are involved. For example, let us look at the first objective from above. You can use this list of questions or areas of discussion to go deep and get past the geek speak.
Who
1. Who accesses the application/system?
a. Internal users
b. External users
c. Clients
d. Business partners
e. Support staff
2. Who is the customer?
a. Industry
b. Location
i. Geographic
ii. Time zone
c. Financial impact on business
i. % of gross sales
ii. $ Gross sales
iii. Contribution towards net profit
iv. Overall impact of loss of customer (out of business, profit loss, etc)
d. Technical capabilities
e. Special requirements/needs
f. Overall number of users
g. Average concurrent users
h. Proximity to business
i. Relationship status (key, new, old/longstanding, family, parent/child corporation, etc)
3. Who is responsible for the various systems involved/impacted?
4. Who is responsible for maintaining the various systems involved/impacted?
5. Who is responsible for handling issues with the systems?
6. Who is responsible for handling issues with the customer?
7. Who with the customer reports on issues?
What
1. What is the purpose of this system(s)/application(s)?
2. What defines a customer request?
a. Process of request
b. Inputs provided
c. Outputs expected
d. People involved
e. Primary data sources
f. Supporting data sources
3. What defines timely?
a. Time to response available threshold(s)
b. Time to response generated threshold(s)
c. Time to response transmitted to customer threshold(s)
d. Time to log in threshold(s)
e. Time to wait on hold (if phone involved) threshold(s)
f. Response times between system components
g. Other timing components as can be determined by looking at the process.
4. What are the various systems involved/impacted?
a. Switches, Routers, Wireless, WAN, Internet, or other network components
b. Application Services, Databases, DNS, or other services
c. Power, cooling, and other environmental controls
d. Firewalls, IPS, Web Filters, Proxies, or other security services/equipment
5. What is the impact of the outage
a. Financial
i. Fines
ii. Fees
iii. Contract lost
iv. Refund
v. Other
b. Regulatory
i. Legal action
ii. Civil action
iii. Compliance
iv. Certifications/Authorizations/Registrations
c. Customer loses business
d. Customer retention
e. Bad PR
f. Public Outrage
g. Direct staff terminations (disciplinary action)
h. Layoffs
i. Other
When
1. When does the customer use the system?
a. 24×7?
b. Peak times
c. Off times (holidays)
d. Do they have their own customer waiting on them?
2. When can you perform maintenance?
a. Available 24×7, except during defined maintenance windows
b. When are regular non-outage maintenance windows
c. When are regular short outage maintenance windows
d. Is there a regular longer outage maintenance window
e. Is there a time of year when things are “slow” or less busy
2. When does the contract go into effect, or when did it go into effect?
3. When does the contract get renewed/re-evaluated/renegotiated?
Where
1. Where are systems located?
a. Centralized/Decentralized
b. Data Center/Business Office
c. Basement/Utility Closet/Server Room/Hardened Server Room
2. Where are internal users located?
a. Domestic
b. International
c. Business Office
d. Branch Offices
e. Data Center
f. Network Operations Center
g. Home
h. Mobile
i. PDA’s
ii. Laptops
iii. Kiosks
iv. Hotels
v. Airports
vi. Coffee shops
vii. Customer sites
viii. Others
i. Other
3. Where are the customers located?
a. Domestic
b. International
c. Single Site
d. Multiple Sites
e. Other
4. Where are customer users located?
a. Domestic
b. International
c. Business Office
d. Branch Offices
e. Data Center
f. Network Operations Center
g. Home
h. Mobile
i. PDA’s
ii. Laptops
iii. Kiosks
iv. Hotels
v. Airports
vi. Coffee shops
vii. Customer sites
viii. Others
Why
1. Why are systems located where they are?
a. Always been there
b. Disaster Recovery / Business Continuity
c. Budget/Expenses
d. Compliance
e. Other
2. Why are responsibilities assigned to individuals/groups
a. Historical (individual always been responsible)
b. Subject matter expert
c. Job Descriptions
d. Special skills
e. Business unit/organizational hierarchy
3. Why are systems configured as they are
a. Always been this way
b. Best practice recommendations
c. Consultant recommendation
d. Application vendor requirements
e. Required to be supported by vendor
f. Disaster Recovery / Business Continuity
g. Budget/Expenses
h. Compliance
i. Other
How
1. Do customers get to the system/application?
a. Dedicated circuits/connectivity
b. Onsite with system/application
c. Internet based
2. How is the system/application secured?
a. Username/Password
b. Token
c. One-time-password
d. Smartcard
e. SSL
f. IPSec
g. Firewall
h. IPS
i. IDS
j. Firewall ports opened
k. NAT
l. Proxy
m. Other
3. How is the application accessed
a. Web app (HTTP/HTTPS)
b. Fat app (Installed on customer system)
c. Thin client (RDP/Citrix/etc)
d. Other
Now that you have gathered all this wonderful data, you should have a better understanding of the business, the application, and the customer as related to this particular application or system. In reality, I would probably ask even more questions based on the responses and trying to keep it conversational rather than a survey, but I can only cram so much into this in a short amount of time. It may have been a painful and time-consuming process depending on the scenario, but the customer will likely appreciate that you have taken the time for a thorough evaluation and be looking forward to your recommendations. Also, you can reuse the majority of these questions on the other business goals as well. Yes, it’s rinse and repeat time. This was just the first business objective.
From the responses, you should be able to get a better idea of what is truly important versus assumed to be important or important based on individual perspective. This allows you to then start identifying the key SLA’s and target monitoring solutions to those SLA’s.
Lessons learned
· Always start with business objectives, and then break them down into components to discover all the components behind the objective that need fulfilled.
· Ask questions rather than jump to a solution, or you risk overlooking important details.
· A good rule of thumb is to try asking three questions for every question a customer/client asks you.
Until next time, keep on learning and asking questions!
Comment
RSS Feed
Email a friend
