I recently experienced a very interesting scenario related to the failure of an organization (a client of mine) in keeping some of their IT systems semi-up-to-date. The scenario (like many of my projects these days) is PKI related. At this client we (the team that I work with) are in the process of re-building their PKI which involves establishing a new trust hierarchy and issuing a number of certificates to their systems.
Seems simple enough, however, we ran into an issue with their HR system. In this case, we encountered an error when attempting to import the Root CA's certificate into that system's Java KeyStore. Hmmm... odd problem, but then again we also noticed that they were using a very old version of Java (1.3 to be exact). Never mind the fact that Sun dropped support for that version in 2003, but through the wonders of Google we also found that this was a known issue that was corrected in 1.5.
With all of this wonderful knowledge in our hands, and giddy as school children perhaps, we approached the application owner with a solution: "Upgrade your version of Java." The reply: "We can't do that, because our version of the HR system will not support it."
Thus, the tangled web soon became unraveled as we then also learned that not only was their Java version old, unsupported, and out of date. But, the HR system was also no longer a supported version, which also ran on an unsupported version of Oracle, and there were no plans to upgrade (instead they had pinned their hopes on a very long-term system migration to another platform). In other words, there was no solution.
***Scratches Head***
Here is my ode. Why! This is not the only instance where I have seen the failure of organizations to keep their systems current. Examples range from:
Now, I'm all for getting the most of your investment. In addition, I don't advocate always deploying the latest and greatest (it all depends). But, there has to be a middle ground. After all, I tend to consider Information Technology as a piece of infrastructure that most organizations use to run their operations. Thus, like any other piece of infrastructure it should be maintained. If you don't believe me, then watch any of the engineering/architecture shows that on the science channel. Whenever there is a show about some marvel of engineering, which in this case I'm refereeing to a piece of infrastructure (like a bridge, dam, tunnel, etc.). One of the main things that they always point out is the rigorous maintenance schedule for that piece of infrastructure.
Why, anyone would treat IT infrastructure as any different is beyond me. If anything (until SaaS rules and Google has all of my data), IT related stuff requires more diligence in relation to maintenance because of how fast technology moves.
So... if you haven't started looking at the next Linux distro, Windows Server 2008, or that fancy thing called PowerShell, then you might want to get moving. IT is all about evolution, if you don't evolve to meet the needs of a changing and dynamic ecosystem. Then you may as well step away from the big red button!
With more than nine years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Group Policy, Windows scripting, Windows Rights Management Services, PKI, and IT security practices. Tyson is the author of the new book Windows PowerShell Unleashed (read a sample chapter and learn about the drawing for a free copy here). Tyson has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed and Microsoft Windows Server 2003 Unleashed (R2 Edition). He has also written detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson has worked with next generation Microsoft technologies since their inception and played a key role in expanding scripting and development practices. Tyson also holds the SANS Security Essentials Certification, Microsoft Certified Systems Engineer Security certification, CompTIA Security+ certification and SANS Certified Incident Handler certification.
Subscrib to Tyson Kopczynski's Hidden Microsoft feed.
Blog archive. Microsoft news RSS feed
|
|
Building systems in a changing environment
Great item on obsolete systems.
I am a consultant and I run into this every day.
My take is that it is like building a tower out of playing cards. These cards are of various thicknesses and material. Some cards are sturdy and are maintained. Some are a bit weak but are maintained and retain their structure but will erode and fail if not maintained. So you can imagine that your payroll system is sitting on the 4 level up in the tower of cards and somewhere below, say at the bottom, is a card that is eroding and one day will break.
I think many people understand the complexity of this and then rely on the theory of RUF - Run until Failure. This means that they understand the weakness of the system but will run it until something fails and fix that and then continue. RUF may be the most cost effective solution. Railways use this all the time. The city road maintenance also do it. When a pot hole appears then it is fixed if it hurts enough.
Cheers..Ted in the land of the Ogopogo
Sounds like my world...
Ted,
Sounds like you and I have the same experiences... Also like the RUF term Its a very true statement.
- T