When working with hosted services providers, assumptions can sometimes introduce risk that, in turn, can really mess up operations.
I'll use one of my recent cloud adventures to illustrate my point.
I recently was called in and needed to stand up a server in the cloud as quickly as possible to launch BelAudit, an application from Belarc, a systems management provider. This is a 90-day software package that's transferable to a fully managed app, BelManage, and so accounts for initial licensing cost.
With BelAudit, I needed to create a baseline of reports on 250 desktops and three servers. The goal was getting to the root cause for an overload of trouble tickets. The help desk was getting too many calls and on a varied range of issues, from loss of Internet to poor voice quality. Other concerns included security, compliance and licensing, and lack of inventory management.
We deployed BelAudit on two servers and then used the LogMeIn tool for connecting to remote desktops. We also used spare computers in inventory as clients, and launched the reports.
From the Belarc console, we could see a complete inventory of desktops and servers, with all hardware, firmware and applications visible. We also could see any recent log ins and changes, and got an at-a-glance view of updates and which machines were out of date with patches and so in need of updating. We could easily drill down to the finer details of each machine, and a summary page showed all software license keys for matching against purchased keys.
I had suspected desktops weren't up to date on patches and weren't being appropriately managed because of recent malware outbreaks. But I didn't realize how widespread the problem was across not only desktops but also servers until seeing the Belarc reports. We quickly saw which desktops didn't have antivirus/malware protections in place and which laptops (all of them) had no encryption mechanism. As we saw the high numbers of desktops that were out of date on software patches and antivirus/malware protection, it became clear why the help desk was swamped with tickets regarding poor voice quality and loss of Internet access.
Next we discovered that the host of the managed voice platform was pushing out updates to the phones but the phones weren't rebooting. While some phones were still working, some desktops connected to phone LAN ports weren't connecting and updating since the phones themselves required rebooting. When SIP phones were manually rebooted, the desktops would then connect and route outbound calls to the Internet -- and updates would flood the site.
This is where those assumptive risks I talked about come into play. When signing on for hosted telephony service, the customer assumed the carrier had a vested interest in its solution. That was errant. Hosted voice/best-choice Internet is what it is. This serves as a classic case of what not to do when getting white-labeled hosted telephony service -- you can't just plug in your phones and assume they'll work.
The monthly bill was absurd, too. The firm thought it would be saving money by migrating from a PBX to IP telephony service, but it was actually burning cash faster on OpEx -- and unnecessarily so since it relied on the carrier's recommendation with no regard to call quality, cost or reliability. And, because the desktops connect to SIP phone data ports, the lightning rod effect showed up on numerous occasions.
Walking in and around landmines is no fun and knowing the facts about inventory does open avenues for better management and controls of IT assets. The Belarc reports aren't network assessment tools but they absolutely contributed to our being able to identify key weaknesses and led us to issues that otherwise would have taken more time to identify and resolve.
We were able to quickly fix the holes in desktops by adding endpoint security. Then we armed the company with information about inventory, patch and change management, and identified potential desktop threats and infrastructure weaknesses. In the end, we opened the door for improvements and a much more solid foundation going forward.
