You are here: Home / Archives for kjsimo

Client-Server Computing Explained in Brief

December 5, 2010 By Leave a Comment

Client-Server Computing is all around us.  By reading this web post you are experiencing client-server at work and there are countless examples and growing uses for client-server computing, especially as the popularity of cloud computing increases. So what is client-server and what are the differences between fat and thin clients?

Client-Server Computing leverages the capabilities of networking such as that used in your office, home, and the World Wide Web.  As the computing environment has evolved from mainframe systems with dumb terminals to a network of powerful desktop computers, corporations needed a way to take advantage of the computing power on both ends of the network, hence, client-server computing. By replacing mainframe systems which use dumb terminals, with a client-server architecture, a company can take advantage of the distributed computing power in the clients (the desktop PCs), rather than just using dumb terminals that require the server to do all the work.  Additionally, centralized data is still accessible to everyone who needs it.  It is a best of both worlds approach to computing.  The client-server model also offers unprecedented opportunity for growth, scalability, and concurrent multi-user access to central information.

Fat clients take the majority of the responsibility for the application logic, which frees the server from much of the work.  This approach has several advantages to the thin client approach.  Some of which are; a greater flexibility in application design and functionality, an increase system stability when updating application logic, and fat clients are generally easier to because they are client specific and do not have to be compatible with various client types as in a thin client system.

Thin clients, on the other hand, have little if any responsibility for application logic, which place most of the burden for the application on the server.  This provides several benefits distinct from the Fat Client system approach.  Updating the application logic is more easily accomplished since only the server needs to be updated.  Thin clients require less knowledge of the data on the server side, which contributes to a higher level of encapsulation and data integrity.  Thin clients are generally easier to debug and manage since the application logic is in a central location, the server.  Data management is also easier for the same reason.  Network bandwidth is less of an issue because most of the processing is performed on the server where the data resides rather than transferring data across the network to the client.  More robust applications and consistent performance from user to user, or “universally compatible” applications, are another advantage of using a thin client system.  

A client-server approach to a networked computer system provides a scalable and flexible system, which allows a company to maintain centrally accessible information, while at the same time taking advantage of the available distributed computing power that exists in the desktops throughout the company.   The client-server approach also improves the use of available computing power by separating functions and processes performed and delegating them to the appropriate and most capable machine.   

This idea of sharing resources across a network is location agnostic.  The user does not need to be aware of the how or where the process is being completed.  This encourages encapsulation of data, which also facilitates security, stability, and data integrity.

Filed Under: Data

Internet Security – Kerberos Protocol Explained

November 29, 2010 By Leave a Comment

The Kerberos protocol (named for the mythical guard dog of Hades) can defend against a variety of different security attacks.  The Kerberos protocol uses a system of tickets and authenticating applications to control access to network systems.  As messages are sent back and forth between the user, Kerberos, and the requested network services the messages are encrypted and there is always a piece of information missing from the message that only the receiver has.  This system makes these messages useless to anyone with malicious intent who may be eavesdropping on the network and trying to steal information or impersonate services. 

When a user wants access to a secured item on the network, they start the K-Init application to get a ticket-granting ticket.  The user enters their user name which is forwarded to Kerberos.  Kerberos cross references the user name and encrypts a message containing the user’s ticket-granting session ID with the user’s password.  This encrypted message prevents any rogue users from stealing a password in transit across the network.  The message is only unlocked if the user enters their password correctly in the K-Init application.

After the user unlocks the message sent by Kerberos, they are given a ticket-granting ticket and a session key.  If a user wants to access services, they send a message to Kerberos containing an authenticator message, the ticket-granting ticket, user name, user address, and the service being requested.  When the message authentication is confirmed, and the message is encrypted, the ticket-granting service gets a copy of the session ID share by the user.  Then the ticket-granting service makes a ticket for the requested service, determines a session ID between the service and the user, and then sends this message encrypted with the ticket-granting session ID that the user already received from Kerberos. 

This packet is encrypted with the session ID which only the ticket-granting service and the user have a copy.  This prevents the stealing of the tickets which authorize access to services. 

In order to prevent someone from impersonating a service and stealing information, the Kerberos protocol requires mutual authentication.  First, the authentication described above is used to authenticate the user to the service.  Before any information is sent to the requested service, the user machine waits from confirmation from the service.  The service sends a reply packet encrypted with the session ID which was granted by the ticket-granting service.  If a fake server receives these packets, it does not have the session ID and can’t properly encrypt a reply message.  If the user doesn’t receive the reply, no information is sent and the operation times out.

Filed Under: Data

Decision Making in Organizations

November 22, 2010 By Leave a Comment

Every day, countless decisions are made in organizations that impact corporate strategy.  In our work with Fortune 500 companies, we have seen decisions that range in effectiveness from brilliant to destroyers of value.  How can you ensure that your company’s decisions contribute to flawless execution and the advancement of the strategic plan?  We’ll use the example of a major health care company (fictionally named Health Tech) in financial difficulty that was evaluating a make vs. buy decision on a new software system and infrastructure.  Their existing system was blamed for inefficiencies, lack of flexibility, and ultimately loss of profits and market share that lead to its financial problems. As it turned out however, the root cause of the financial problems was ineffective decision making.     

Decision Making can be divided into Decision Management and Decision Control.  Decision Management is the process of initiating and implementing decisions.  Decision Control is the ratification and monitoring of decisions.  Different types of information are key to each of these, and in order to make effective decisions in organizations, proper assignment of both Decision Rights (the right or power to either manage or control a decision) and Decision Information (the pertinent  extrinsic and intrinsic data required to make a decision) are required. 

Decision Management requires information on the problem definition, and the potential solutions.  In our example, Health Tech’s leadership team required information on the capabilities of the current software, capabilities of the available software in the market, and the shortcomings of both with respect to the desired requirements.  Also, the Decision Makers would need to know the costs and implementation steps before presenting this information to the Decision Controllers for ratification. 

Decision Control requires information on the decision itself, such as the implementation steps, and how it will affect the company.  The effects include, the costs of the implementation, the potential failures, the various areas of the company that rely on the decision, and the intended results of each decision.  Those who are responsible for Decision Control must be able to judge each decision based on its application to the strategic business plan or “big picture”, considering both the company and the marketplace.  Additionally, the Decision Controllers must have sufficient information to monitor each decision’s performance in terms of cost and results.  For example, the Decision Controllers at Health Tech would need information on the estimated cost and time required to design and implement a custom software package before ratifying any decisions and the estimated cost and time required to modify an off the shelf solution.  Also, they would need metrics to continually monitor whether or not the new system, whether purchased or home grown, was effective after it was implemented.

Initially the symptoms pointed to a the software as the reason for the financial distress in the company, however, Health Tech’s financial problems were actually due to the poor assignment of Decision Rights within the organization.  More specifically, the problems were caused by the over assignment of Decision Rights and lack of control on Decision Making caused by Health Tech’s culture of entrepreneurship and rebellious empowerment.  Health Tech employees disliked the rigidity of health care regulatory agencies and they were empowered with both Decision Management and Decision Control. 

The assignment of Decision Rights at Health Tech was flawed.  First, the Decision Makers were not owners, and therefore could not be expected to make decisions that were in the best interest of the organization even if they had all the appropriate information.  Secondly, since the Decision Makers were not owners, they should have been assigned either Decision Management or Decision Control, not both.  Furthermore, the Decision Makers at Health Tech did not have the appropriate information needed to make the good decisions, partly because of the flawed computer system, which gave everyone misinformation and therefore blamed for the problems, and partly due to lack of communication throughout the organization.  Even the CEO did not have specific information about the severity of the problems because of the lack of communication

By separating Decision Making and Decision Control and correctly assigning Decision Rights throughout the organization, Health Tech would have had better information on the state of the company despite the errors in their software.  For example, they would have known that the computer system was giving the accounts payable department frequent problems.  Because with proper controls, billing and payables performance would have been one key metric in monitoring the effectiveness of the software application.  The Decision Controllers (presumably senior leadership) would be made aware of these flaws and could direct corrective action. 

However, Health Tech collectively did not know what problems existed or what to do about them because of a poor understanding of and lack of assignment of Decision Rights in the organization.   I would be remiss without noting that in addition to understand the basic components of Decision Making, communication horizontally across an organization (breaking down silos) is critical.  A properly designed organizational architecture is necessary to support the sharing of different pieces of information needed by Decision Management and Decision Control entities.  If this does not already exist, it will need to be created and then supported through a redesign of the organization.

Filed Under: Lead, Strategic Planning

Data Quality Management

September 30, 2010 By Leave a Comment

Have you historically understood the need to improve data quality in your company, but despite your efforts, have not addressed and resolved the root cause of data quality issues?  You are not alone. 

In my work with Fortune 50 financial firms,data quality is a frequent topic of discussion and can seem as unachieveable as finding the Holy Grail. Typically firms will execute and deliver on several tactical fixes that help discrete data quality or metadata problems, but fail to systemically resolve the issues.  Additionally, approaching the problem from an tactical point of view is neither scalable nor cost efficient. 

In most cases resolving these data quality issues are both complex and require horizontal teams across the organization.  So what does an effective horizontal team look like and what is their function?

A horizontal data management team is chartered to:

  • prioritize the strategic focus for data quality management and data stewardship
  • sponsor a horizontal (end to end) understanding of the data from sales to service
  • identify data stewards or end to end data owners for high priority data sets
  • identify and publish controls and processes to improve both operational and management reporting data
  • identify required infrastructure and assign day to day ownership of data quality
  • integrate data related projects to ensure data consistency

Assigning common roles and responsibilities to a horizontal team is a key step in improving corporate data quality.

Filed Under: Data

Part 3: Data Governance Framework – Business Element and Actions Defined

July 20, 2009 By Leave a Comment

Congratulations!  By this step you have made the commitment to protect your most valuable data assets, identified key stakeholders, established regular discussions with these stakeholders, and identified the scope of your governance initiative.

Remember a key to success will be keeping this small, gathering senior level support, and celebrating frequent successes.

The governance model has several components; business elements, actions, metrics, agents.

In your stakeholder meetings you likely have discussed the scope of your initiative and through that discussion identified the key business elements that need governance.   These should be the business’s most important or most used data.  It is also likely to be the most confidential or most controversial.  And for all of these reasons each line of business, business department, or analytic team probably has their own data store and their own data definitions for these (therein lies the problem that you are working to solve).

Next, you and your stakeholder group will define the actions or operations that will be used to align these business elements across the disparate teams, data stores, or reports and get a common definition and common method of handling this data.  How will your group make decisions, process approvals, and reconcile differences?

It is critical at this step to be selective and pick the low hanging fruit and the items with the biggest bang for the buck.  Don’t try to define actions that cover all situations or you will find yourself endlessly meeting and discussing to account for every possible scenario.  I have seen many data governance initiative die at this point because teams cannot agree.

Next, we focus on metrics and the agents that will enforce the model you create.

Filed Under: Data

Part 2: Data Governance Framework – A Framework Defined

July 12, 2009 By Leave a Comment

A  Data Governance framework is comprised of the following parts;

  • Oversight Board
  • Stakeholder Forum
  • Process Agents
  • Business and Technical Liaisons
  • A Repository
  • Defined Focus Areas

Approaches that begin with spending money are doomed to failure, so start by building the portions that don’t require capital expenditures yet have real business impact.  The Stakeholder Forum is a perfect place to start for both of these reasons.

Stakeholders are the people, functional groups, and teams that depend on the data within the scope of your governance initiative.  To incubate this initiative, be sure to hand pick stakeholders that are already active in data.  Business analysts make excellent candidates because the quality of their reports and analytics are directly dependent on the data you are trying to govern.

Establish a roundtable with these stakeholders where you jointly identify the business needs and justification for a Data Governance function in your organization.  Next, define the role of Data Steward and leverage the Stewards to solve problems that arise with your data, such as conflicting data definitions.  Finally, establish some training, even if just simple documentation. 

Remember to start your Data Governance program by identifying the business’s most important or most used data.  Select a team of folks (such as business analysts) that use and depend upon this data and therefore have a vested interest.  Then leverage this team to create a Data Stakeholder forum and define needs, solutions, and training.

Filed Under: Data

Data Governance Framework – Getting Started

July 5, 2009 By Leave a Comment

The topic of Data Governance can be abstract and difficult to define, furthermore, it often fails because of a lack of business focus.

Don’t let these challenges keep you from managing your extremely valuable data assets. Data Governance, done properly, establishes a foundation for defining, managing, changing, and integrating the Data in your organization. It enables the processes that will care for your Data and outlines the organizational decisions which impact Data’s meaning and value.

In this series of posts, we’ll outline the steps in building a framework to give concrete meaning to Data Governance in real business terms.

Your starting point is to create a Data Governance Framework which defines the essential scope and supporting processes. The goal is to align business needs with the governing functions, ensuring that the most important and most necessary pieces are established first. Move one step at a time and do not try to tackle the entire framework at once (it’s too daunting).

Before you can obtain the support of your executive management team, you first must identify critical business data needs and then pick the one most relevant to your business. If you are unsure where to start, try in sales or financials. Find the data elements are most controversial, most used, most confidential, or most regulated. Use these examples to build your business case and your sales pitch to gain executive leadership support for the concept.

Assuming you have support for the initiative, establish your Data Governance Organization. This is the authoritative body when it comes to Data decisions. Most importantly, it can be virtual and does not require additional staff (avoiding additional costs will be key to your success). This organization is responsible for the guidance, planning, and stewardship of your Governance initiative and we will define these responsibilities in more detail in the next post.

Let the framework serve as your roadmap to creating and launching a successful and business focused Data Governance program.

Filed Under: Data

Optimizing Your IT Budget – Got Transparency?

April 1, 2009 By Leave a Comment

What is wrong with your IT budget?  Is it too high?  Too low? Or worse yet, maybe you don’t know.  Now more than ever it is important to analyze the spending activities that comprise your IT budget.  As an IT leader and business consultant, I can confidently state that assessing a blanket xx% cut across the board is not an effective method to optimize an IT budget and leaves too much to chance.  While it may be effective at getting the necessary haircut, it does not rank the importance of IT activities and puts critical revenue generating functions at risk.  Additionally, it strains the relationship between business and IT leaders.  The business side claims that IT is too expensive and the technology side claims that the business side does not sufficiently understand what it takes to keep the systems maintained and available.

Business and technical leaders both have a responsibility when it comes to the IT budget and therefore both sides must come together to agree on how to optimize the IT budget.  First and foremost is gaining transparency and understanding of the activities in the IT budgets.  This is critical to minimizing wasteful spending and to optimize the IT activities which support revenue generation.  Business leaders need transparency and understanding of the technology that supports their areas.  IT leaders can help by categorizing their activities.

  • 1. Keep the Lights On. These are the activities that are necessary and required in order for the system (I will use the term ‘system’ to broadly describe applications, databases, networks, etc. whether hardware or software) to run and be available in accordance with the users’ expectations (24/7, 8 to 5 Monday through Friday, etc.). It is important that this does not include activities (described below) that enhance or change the system in anyway. This does not include organic growth or other capacity planning. It only keeps the system running in an “as is” state.
  • 2. Regulatory and Compliance. Whether required for compliance by your internal compliance team or by an outside regulatory agency, these are the activities that are necessary to update or change the system to comply with these requirements. These changes usually have a deadline associated with them. You can further break this category into group A (external agency) and B (internal agency) if you need to more closely understand the nature of these activities.
  • 3. Upgrades and Updates. These changes are strongly recommended by hardware and software vendors for proper maintenance. These are updates to the system that might be necessary because of a product version change or other end of life event that forces the current version to become obsolete or go “out of support”. It does not mean that the system comes to screeching halt, rather it means that without it, the system becomes outdated and either performance is compromised or repairs become more difficult.
  • 4. Growth. This category describes the activities needed to keep pace with the organization’s growth.
  • 5. System Enhancement. Technology groups tend to enjoy this category the most because of their passion to see and work with the latest and greatest. As a business leader, be careful not to discount the value associated with enhancements as many times there is a valid business case that is simply not articulated in business or revenue generating terms.
  • 6. Projects. Project activities could result from business needs or from IT needs, however, they both are grouped in the same category and both need to evaluated against the discretionary budget and the value they bring to the organization.

With a common way to parse and describe the often indescribable IT budget, business and technical leaders can effectively optimize the IT budget, improve their working relationships, and foster greater understanding of each other’s worlds.

Filed Under: Data, Monitor

Assessing Your Data Problem

March 19, 2009 By Leave a Comment

Do you have a data problem?  Don’t feel bad, most companies do.  It seems there is either too little data or you are swimming in meaningless mounds of data.  Maybe you have data but can’t access it, analyze it, or report on it easily.  If you want to improve your data you’ll undoubtedly be faced with the need to make a business case for data quality.  This can be tough to justify and unfortunately you will have to make choices about which problems to fix and which to leave for later.  In order to make the best decisions, you will need some tools to express the impact that poor quality data has on your company.  Here is a quick guide to help you get started. 

Begin by attempting to quantify the impact that a data quality issue could have on your business.  Consider both the area of the company that is affected by the data you are investigating and the number of users impacted.  Considering both dimensions will help you assess the severity of data quality impacts to your business.

  1. Data that impacts legal and/or compliance reporting or management should be marked critical.
  2. Financial reporting data, which should also be rated critical regardless of the number of users affected. Data that impacts your GL reporting always warrants a critical rating.
  3. Operational data (used for daily management and reporting) is certainly important, but the severity of the impact can range from slight to critical depending on the number of users or business areas impacted. Consider the case when a few users are impacted and maybe their job is less efficient because of the issue, but the business does not grind to a halt. This would be rated a slight or possibly moderate impact.
  4. Analytical data used for forecasting, modeling, scorecarding, etc. generally would have slight or moderate severity impact on your business. However, in the case where a large percentage of the users or quantity of data has been affected (say greater than 5%) the impact could be rated serious.

 By understanding the severity of the impact that data has on your organization, the areas affected, and the number of users impacted you will identify which data you can trust and which data need stronger controls and possibly clean up.
Data Quality Impact Severity Matrix

Filed Under: Data

Trusting Your Data

February 22, 2009 By Leave a Comment

Have you ever had two reports of “the same” data land on your desk and wonder why the bottom line is different?  If you don’t trust the data in your company, whether in a report, a database, or an email, you are not alone.  In fact, the problem is so pervasive that companies waste millions (insert exorbitant dollar figure here) building redundant islands of data in order to access and control data they trust.

As a society we are comfortable finding and relying upon information provided by others without explicitly knowing the origin of or without directly controlling that data; think how many times you Google something and rely upon that information.   So, why don’t we trust the data within our own companies?  Myriad reasons come to mind and the problems can certainly be many fold, first and foremost are differences in the definition of a piece of seemingly identical data, especially in large organizations with multiple, disparate systems that generate and process data.

Don’t despair.  There is hope.  And you don’t have to be technically savvy to save your budget dollars, help contain the problem, maintain control over the data, and (bottom line) trust readily available data. 

Before embarking down a path to build your own data island, first understand the definition of the available data.  While there are a few lucky ones with an easily accessible repository of data definitions that you can quickly reference (like Wikipedia for your company data), the rest of us need to ask a few key questions, because you won’t get the complete answer if you just ask for “the definition”.

Here are the important points to review with your technical partners to get the whole definition and business relevant context and to maintain control and trust in the data. 

Data Definition and Context (also known as metadata):

  • Understand whether you are getting data from the transactional source system directly or from a database that takes snapshots of the transactional source system data and stores it.
  • Find the source of the data. Know the system name, the screen name, and the exact field on the screen that produces this data.
  • Understand the source of the source. Example; human data entry (free text, multiple choice), automated entry (date/time stamp), calculated system entry (sales tax), or system reference entry (zip code = city and state)
  • Know the possible, valid, or system allowed values Example; Yes/No, Married/Single/Other, Alphanumeric 16 characters.
  • Ask about any transformation rules. If the data from your source moves was it changed or filtered in anyway. Sometimes these can be rule based, for example customers with California zip code in the primary mailing address are assigned to the Pacific Sales Region. Other times these can be converted to make database storage more manageable. Example; Yes/No was converted to Y/N, a check box was converted to Y/N, or First Name, Middle Name, Last Name was combined into Name.
  • If there are transformation rules, find the administrator of the rule. You’d be surprised (or maybe you wouldn’t) to find that many times these rules are created by the programmers or analysts that move or manipulate the data and there is no formal change management or notification. To control the data, you need to control these rules so find the person or team who implements these rules and enforce your change management and change notification criteria.
  • Understand the update frequency of the data (how often is a snapshot of the data taken and stored)
  • Persistence (part 1) Understand the historical transaction record. Does more recent data overwrite older data or is every snap shot stored?
  • Persistence (part 2). How long is the data stored? What happens when it reaches “end of life”? Is it deleted permanently or stored offsite? For how long?

It is critical to understand the context and definition used to describe data, and unfortunately terms like metadata are thrown around without a business based understanding of how it can be relevant to sales, marketing, or operations.  Asking these questions about your data can help you take control of your data destiny while maintain shareable data the greater organization can leverage as well.  Resist the temptation to build a data island and know that the grass is not always greener on the other side (or on your own island).

Filed Under: Monitor
« Older Posts