Russell Mickler 10/20/09 Russell Mickler 10/20/09

5 Rules of Thumb for Windows 7

Microsoft will release its latest version of Windows this week. If you're a small to mid-range business, here are five rules of thumb if you're considering an upgrade. 1. Don't.

Well, don't "upgrade". If you're technically capable, install the operating system clean instead of upgrading and restore your data from a backup. This may help avoid a lengthy upgrade process; some instances of upgrades from Vista to Windows 7 are reported to take upwards of six hours to complete. You can install the o/s cleanly and avoid many migration hassles. In fact, you may wish to just purchase a machine with Windows 7 already loaded on it and forget about the upgrade - especially if you're running Windows XP. There's no upgrade path from XP so you're going to have to install clean anyway.

2. Backups.

"Don't get cocky, kid." It was good advice from Han, and you can use it, too. You need to realize that an operating system upgrade isn't the same risk as installing a hotfix or a service pack. This is a major upgrade that may prevent your system from restarting correctly, and may even contribute to data loss. Don't be a fool: back up your critical files prior to the upgrade. In fact, now would be a great time to review why anything "critical" is on a PC anyway and try to relocate that data to your network. Start to consider your PC as a disposable asset whereas the real treasure of information is available on network resources. Even better, start thinking about what you can do to get rid of that server... but that's a topic for another day.

3. Compatibility.

Windows 7 is perfectly compatible with your existing Microsoft networking solutions. What you may run into are problems with legacy software applications and hardware drivers. You may want to make a list of critical applications that you just can't live without, and check with the vendor on whether or not they've been tested on Windows 7, and can run on that platform. Believe you me: you don't want to be in a situation where you've gone through the trouble of upgrading and suddenly can't run your mission-critical apps. As for hardware requirements, the kernel is the same as Vista, so if your machine ran Vista fine, you can expect the same performance and response from Windows 7, so let's dispell any idea that you'll get some performance of this.

4. What are your Reasons?

I think you need to be very clear - with yourself and your stakeholders - why an upgrade to Windows 7 is necessary. What's the strategic, compelling reason for an upgrade "right now". Is it timing? Is it compatibility with upcoming vendor solutions? Is now a better time than, say, 2nd QTR 2010? What motivates you for introducing the new window dressing now? Certainly, for the small to mid-range business, it's hard to see a strategic reason to upgrade to the next release of Windows very rapidly. Windows 7 will not change the way that you get your work done. It won't change the way you see the Internet. It won't change the way you collaborate and use data. It will change the way you view files on your hard disk, how your applications perform, and how you access the settings on your computer. Think very carefully about your reasons for introducing Windows 7 to you and your team right now.

5. Consider a Test.

When you buy a car, you want to test it. You want to drive it around the block a few times and make sure that it meets your needs. The same is true with 7. Don't take the hype for granted: install the upgrade on a separate, non-production workstation and see how you like the look and feel. Give it a whirl. Get some feedback from others in your workplace. They can sit behind the wheel and give it a shot, too. You can decide then if you really want to deal with the learning curve now, or, put it off until a later date.

Just a couple of practical pieces of advice before you take the plunge. Listen, be practical: think about a strategy. Who will you upgrade? When? Why? What's the purpose? When could you upgrade all of your machines, not just one, as to reduce the complexity of your technology environment? When is the best time to facilitate training with your staff? Which members of your staff would be good candidates for beta testing the product on a spare machine? What's your company going to do if the PC's don't start back up the way they should? How about a means to recover lost data? Don't look at this as something your company is doing for kicks and giggles: take it seriously, and have a plan.

Russell Mickler 7/28/09 Russell Mickler 7/28/09

2010: Server Upgrade Choices for the SMB

Many small to mid-range companies upgraded their server assets with the release of Windows Server 2003. The 2003 server was very popular and contributed to Microsoft retaining a 88% server market share, fending off Mac and Linux in this space for most of the decade. However, as it's now five years old, the 2003 R1 Server product is entering its extended support phase, meaning direct support costs from will go up and Microsoft will begin releasing only limited updates for licensing, compatibility, and new features. Hardware warranties on this equipment have long expired, and many of the hard disks/arrays in these units will be reaching their MTBF (Mean Time Before Failure) ratings this year; their likelihood of crashing is much higher. So, small to mid-range businesses should soon be thinking about their strategy for retiring the legacy asset.

Surely, the state of economy will likely push these decisions out for another 12-18 months as business owners stay put with what they got and contend with larger problems. Analysts are seeing the results of fear and uncertainty when we look at the results of Microsoft's last earnings report in June 2009: sales are down 17-percent from the previous quarter and profits are down 30-percent for the year. Okay, so you're a small business: what are your options?

It used to be that I had only three answers to that question: one, do nothing - ride out the extended support period for the next five years and assume increasing risk of hardware failure; two, upgrade the existing platform and the operating system to the current o/s release; three, replace the server entirely. This year, I'm really happy to say that the small business has many more choices.

Windows Server Upgrade and Asset Replacement.

The default position for most will be upgrading or replacing their Windows Server 2003 with a Windows Server 2008 - whether or not they do it now, or, wait for Windows Server 2008 R2 scheduled to be released Q4 2010. Companies that would do this are tied to the Microsoft Windows product: software solutions they own are locally-installed apps that require a centralized server on their LAN to function, and they use Windows, and these companies are forced to upgrade to maintain support on those legacy applications. Or, maybe they'll stay on the Windows platform because they know Microsoft and trust it. Either way, it's the default choice.

Doing Nothing and Staying Put.

An alternative is to do nothing. I think a lot of SMB (small to mid-range business) consumers are going to stay with Windows 2003 for as long as possible; similar to what we're likely to see with WindowsXP, Windows Server 2003 will be one of those microcomputer software products that will have an extreme, unheardof longevity encouraged by apathy for Microsoft's licensing costs and complexity. Business owners will find no compelling functional reason to upgrade, may be risk-adverse with the economy the way it is, may distrust other choices presented to them, or simply have shallow pockets.

[adsense format = "wide"]

Open Source.

The risk-tolerant SMB may look at the need for an in-house server because they have privacy concerns. They don't want anybody else holding their files, mail, or mission-critical data; they want to hold this stuff close to their chest and mistrust cloud or hosting options. On the other hand, this consumer isn't married to Microsoft: they just need a network appliance. Something that can perform backups and disaster recovery, centralize security, manage a database, file, and print services, and route email. Linux - particular the Ubuntu distribution - is a good choice here, either as an alternative to Windows with existing hardware, or an alternative o/s for a new machine. Up-front licensing costs would be much lower, and TCO (Total Cost of Ownership) would be comparable to a Windows Server. If the SMB is looking for a reliable appliance - just something that runs in the background and provides basic network services - and doesn't have a dependency upon Windows in their application portfolio, Open Source is a credible option in 2010.

Private Hosting.

Some companies just can't escape the need for a server - a Windows server or otherwise. They have mission-critical apps that are specific to their industry and they need to have that functionality. On the other hand, they don't want to be saddled with the cost and expense of owning a server; they want to get out of "ownership" and into "rental" or "leasing". They want to "rent" their capabilities, not "own" their capabilities, and cap their costs to a fixed-term, fixed-rate subscription expense that scales with their needs. Virtualization and terminal services make this option pretty attractive in terms of cost: some ROI projections see this as a 15-20% savings plus the added benefit of having your data and applications accessible anywhere you are, and, transferring the risk to a 2nd party.

Abandoning the Server - Cloud Computing.

Even more trendy is the fashionable idea of ditching the server entirely. Cloud computing is a more risk-tolerant model where we'd transfer your data and services to a 2nd party provider. Google, for example, could host and manage your email, your files, and information security and disaster recovery. The investment would be made in migrating the data away from servers to the 2nd party, then training and configuration expenses to get applications and devices to use the 2nd party. The ROI is fairly material: 30-50% savings as compared to owning your own server. Data is available anywhere, there are no licensing or up-front capital expenses (usage is billed by subscription, per-user), and the risk for managing your applications is transferred to the 2nd party provider. Again, instead of "owning" capability, the small business is "renting" capability, allowing for zero time to maturity and low barriers to entry - out of the gate, the small business can have the same technical capabilities as more mature competitors who paid a premium over the years developing their IT infrastructure.

So the small biz has a lot to consider over the next twelve months - especially if you tack on problems associated with workstation upgrades and Windows 7. Here's a real chance, I think, for competitive advantage: business can either stay the course and own their assets, and pay a premium for similar services that their competitors can acquire at costs up to 50-percent lower; or, businesses can strategically adopt open, hosted, or cloud solutions that take advantage of mobile computing, low licensing and maintenance expenses, and risk transfer; or, the small biz can do nothing - stay put and hope for the best. I think, in today's economy, staying put is exactly the opposite that somebody would want to do, and strategically-applying technology to dramatically reduce costs and liability... in some shape or fashion... would be the better option.

Russell Mickler 2/23/09 Russell Mickler 2/23/09

5 Tech Policies You Should Be Reviewing Right Now

Admittedly, we all have a little extra time on our hands this year. Hey, so now's the time to take care of those important management details that help govern the operation of your business!

Technology-related policies reflect management's intent to control their information system - the absence of policies usually reflects poorly in court of law and public opinion: if management never communicated a position on a technology governance to employees, customers, or vendors, then "Due Care" obligations could be considered ignored. Thus, it could be seen that management was negligent in their handling of an issue which extends liability, making it difficult to prove that "reasonable" precautions were taken in preserving customer data, securing network resources, or terminating an employee due to cause.

1. Write or revisit your Technology Plan (TP). The TP is a complementary document to your overall business plan and would traditionally be prepared by the executive responsible for technology strategy. It is usually 24 months in scope and identifies how tech spend complements your business strategy. It is an evolving document that lays down principles in how technology will be used and managed within your firm, and how tech relates to your success. This document should help guide your purchasing, management, and deployment of tech indefinitely, and should evolve over time as technology issues continue to shape the macro economy.

2. Write or revisit your Disaster Recovery and Business Continuity Plan (DR/BCP). Think about how critical software and hardware is to the execution of your business strategy. Think about how important the years of electronic data is to your ability to do your job. Now think about this stuff being wiped out in a flood, burned in a fire, or just the victim of bad luck - a hard drive failure. After Hurricane Katrina, more than 20,000 small businesses folded on the Gulf Coast because they didn't have a way to recover their electronic data to resume business operations. Now is precisely the time to revisit how data is stored, how it is backed up, how it is moved off-site, and services would be restored in the event of an emergency.

3. Write or revisit your Acceptable Use Policy (AUP). The AUP is the most critical policy in your Administrative arsenal. It outlines to employees and others who use your electronic resources what rights and obligations they have in using your resources. It is usually the principal document that is signed at the employee hire that outlines what is good and bad behavior in using your resources, and is the governing document allowing employers to terminate for cause. If an AUP doesn't exist, it's difficult to suggest that expectations of behavior was communicated to employees and a wrongful termination defense could be mounted. An AUP should be an evolving document as threats in IT change every 24 months. Now's the time to really take a look at this again.

4. Write or revisit your privacy policy and legal liability towards protecting personal private information (PPI). Your firm may be subject to federal or state regulations governing the security and privacy of electronic information - of patients, consumers, job applicants, or financial records. Fines are usually bestowed on a "per incident" basis, and if you have thousands of records outside of compliance, the liability is enormous. Further, it's best practice these days to communicate to stakeholders up front how you manage PPI and secure it. If you don't have a privacy policy, "Due Care" concerns could be raised that management was negligent in managing the private information of a party, which could result in civil tort for damages. Over 31 states have individual laws governing PPI; that in addition to the federal laws governing protected classes of information demands a thorough investigation in your compliance obligation.

5. Write or revisit your procedures governing employee terminations and audits. Finally, keep in mind the number one security risk for you during these economic times. It's not hackers, viruses, or malware. It's employees, and specifically, terminated employees who've still access to your confidential intellectual property. Now's the time - if any - to revisit those procedures and verify that employee access restrictions are performed, documented, and reviewed.

Policies, procedures, work instructions, and plans are Administrative Controls that reflect management's _intent_. If management's intent isn't communicated, and technology is governed by assumption and intuition, then management isn't "managing" technology - they are hoping for the best without taking on responsibility to effectively govern it. Now is your chance to reflect upon how your intent is reflected in the workplace and how well you've addressed technology "Best Practices" and regulatory compliance issues as a management team.