Hypervisors are small bits of code that enable the creation of an abstract layer within computing. This is the basis for most efforts in virtualization. The greatest critique to virtualization is security and hypervisors are the first agents to providing security. Below are some notes on hypervisors and security concerns:
Not every hypervisor is created equally. VMware is a completely proprietary, meaning that it is developed and tested inhouse before being released for use. Xen utilizes an open-source community to vet and test the product. Because of the open collaboration, the Xen product has fewer lines of code which will result in fewer potential problems with the code.
Hyperjacking is the worst problem with using hypervisors. The term refers to the subverting the hypervisor to plant malicious software within the abstract layer which can potential provide access to the entire virtual platform which may be utilized by several customers in the form of guest OSs. The trick is to maintain hypervisor integrity while making each guest OS ‘think’ they are the only system that has access to the physical layer. Most of this is done through a series of privilege checks, specifically on transactions between the abstract layer and the physical layer. A widely adopted standard for building trust between the abstract and the physical layers is TPM, or Trusted Platform Module.
The abstract layer has most of the same security issues as a physical LAN or SAN. More so in some ways. Most threats come from internal traffic because they don’t pass through external firewalls where many of the security checks are perform as traffic enters the network. Fortunately, the risks are manageable with a little extra physical capacity, performing migration drills on virtual services and maintaining patches and updates.
A virtual machine is still a machine. Though obvious, it’s not as easy to put this fact into practice. A few rules applied in this context can reduce the amount of exposure given to threats. Disable emulated devices that are unnecessary, including virtualized features and services on the host and guest platforms. They can be made available when required and turned off at disconnect. Find where critical components like third party device drivers reside – within the hypervisor where they performance increases but are slightly more vulnerable or at a higher layer. Adopt ‘least privilege’ rules to who has access to virtual network segments, thus reducing the attack surface exposed.
Bottomline: A hypervisor is simply a tool for IT – understanding what it can and cannot do will assist in fulfilling any security plan you should already have in place.
Read Full Post »
Posted in Product Launches on Jun 20th, 2009 No Comments »
This toolkit is truly unique and like no other. It provides step-by-step guidelines on how to actually do BPM projects. The framework gives confidence that all aspects will be addressed during a project.
“The content addresses precisely the type of issues which my company is struggling with at the moment. This kit is very pragmatic, highly recommended and filled with useful tools and checklists. “
Many organizations are looking to improve their understanding with regards to aligning their business processes, and as a result are looking to implement/improve the Business Process Management process, as an overall improvement to the structure and quality of the organization.
This is where the Business Process Management toolkit comes in.
The Toolkit is designed to answer many of the questions that Business Process Management raises and provides you with useful guides, templates and essential, but simple to follow assessments.
There are a total of 28 documents in this toolkit:
6 Presentations:
Presentations can be used to educate or be used as the basis for management presentations or when making business cases for implementation.
- Presentation 1: Toolkit Introduction Business Process Management
- Presentation 2: BPM & Workflow Software
- Presentation 3: Avoiding Disaster – Your first BPM Project
- Presentation 4: Value & Benefits – Make your Case for BPM
- Presentation 5: BPM & ROI
- Presentation 5: BPM Continual Improvement
These presentations provide detailed and comprehensive guides through different aspects of Business Process Management. Starting, with an introduction to the concept, and a closer look at the Governance involved with BPM, and then following your progression in the implementation of BPM, avoiding disasters and risks, how to make a good business case for BPM – using the benefits and ROI opportunities, and finally a focus on continual proces improvement.
16 Supporting documents:
These supporting documents and assessments will help you identify the areas within your organization that require the most activity in terms of change and improvement. They underpin concepts intitially covered within the presentations, and go into lots more detail to guide you in your Business Process Management maturity.
We have itemized and categorized the supporting documents into a logial order of Plan, Do Check and Act, relating to the stages of planning, implementation, or improvement, where they will be most helpful to you. You can use these documents and resources within your own organization or as a template to help you in prepare your own bespoke documentation.
PLAN
- BPM - The Business Process Model - An introduction to the terminology and icons used in the Business Process Model.
- Business Process Modelling Overview - overview of what Business Process Modelling is all about, and where it fits in an organisation.
- Business Process Modeling Notation – this document explores BMPN and explains howBPMN defines a Business Process Diagram (BPD), which is based on a flowcharting technique tailored for creating graphical models of business process operations.
- Medicare Case Study – A glipse into a large organization who has successfully implemented BPM.
- BPM Benefits Checklist - A checklist that you can review for each of your processes or to get a general sense of the types of benefits you can expect from BPM – great for building a Business Case.
- Example Common Business Objectives – A supporting document from the BRM & ROI presentation, looking at the common business objectives for all organizations.
DO
- The Integration of Knowledge Mapping into Existing Business Processes - The creation, renewal and sharing of knowledge are clearly critical to the delivery of innovative, and cost effective, products and services, this document looks at how Knowledge Management and BPM can work together, to ensure organizational objectives and success.
- Business Process Management-How to Scale your Process Documentation Initiative – This extensive document gives a clear, step by step pathway to a successful documentation initiative – a crucual element of BPM.
- RACI Methodology and BPM - A simple yet powerful methodology that focuses on the “human-side” of BPM is the RACI Methodology – used to identifying roles and responsibilities during a BPM implementation process.
- BPM - Design for Workflow & Rules Management Systems – Definitions and insight into Workflow and Rules Management systems, including characteristics, design considerations and interfaces.
- BPM Architecture Considerations - This document outlines three sets of key architecture considerations required for a successful configuration of an enterprise Business Process Management (BPM) implementation and deployment. These considerations are:
- Deployment Environments
- Architecture Options
- Hardware and Database Sizing
CHECK
- KPI’s - Key Performance Indicators (KPIs) are quantitative and qualitative measures used to review an organisation’s progress against its goals. This document explains the concept and application of KPI’s.
- Align Roles and Responsibilities to Make BPM Work - Business units and the IT organization are both responsible for ensuring that business process management initiatives are successfully executed. The more roles and responsibilities for each side that are defined at the onset of a BPM project, the more quickly an organization can reap the benefits. This document identifies the roles and responsibilities required for successful BPM.
ACT
- Project to Program - This document describes how the movement toward broad BPM Programs has changed what companies need in terms of BPM technology and “know how”. It describes 3 steps for establishing a solid foundation for a BPM Program that will enable your organization to scale its process improvement capability in a way that will deliver maximum value to the business.
- Perform Business Continuity and Disaster Recovery via Business Process Management and Other Software Tools – This document is a great aid for organizations wishing to improve their Enterprise Architecture and their Business Continuity and Disaster Recovery capabilities, and explains the way to implement an approach using BPM tools for planning their business processes.
6 Bonus Documents:
In addition, to the supporting documents, we have also provided some ‘bonus documents’ as part of this toolkit. This additional information will enable you to improve your organizations Business Process Management understanding and knowledge base. These bonus documents are focused on the Six Sigma Methodology. As part of this file, you will find:
- Six Sigma Presentation – an introduction to the methodology, including –what it is, history and how and when to use it.
- Six Sigma – Short Overview – a detailed overview including statistics and the ‘six themes’ of Six Sigma.
- Six Sigma – Factsheet – A perfect tool for education –use this to update your own knowledge and understanding of Six Sigma, or as a development tool for your staff.
- Six Sigma Starter Kit – An extensive document, designed to easily guide you through the scary intitial stages of Six Sigma.
- Six Sigma Defining Requirements - The objective of this document is to be a standard/template for the development of Service Level Requirements. The development of Service Level Requirements is the first step to quantify the desired service delivery.
- Simple Sigma Calculator – a fantastic tool to aid your Six Sigma understanding and implementation.
Sincerely,
The Art of Service http://theartofservice.com
Read Full Post »
Nearly twenty years have gone by since the World Wide Web was introduced. Only ten years have gone by since the dot.com bubble. Pretty amazing when you consider that the glass mirror was introduced 800 years ago.
Today, the glass mirror is Web 2.0. All the hype may just be a lot of smoke for business. Commercial uses of Web 2.0 technologies are in full swing, but can they or should they be used in business. With proper planning, maybe.
Blogs are extremely useful tools for disseminating information out. The subscription features allow continuous updates to be sent to interested parties whenever the blog is updated. For business, the greatest concern is ensuring that the number of blogs that are supported is limited. Three opportunities seem the most likely uses of a blog: management to employee updates, departments like IT to employees, business to customers. Most other uses may be deemed extraneous and hinder productivity.
Compared to Facebook or MySpace, social networking has little use in business. However, the concepts behind social networking are valuable for creating learning organizations. On the technical side, mashup APIs can prove very valuable in facilitating communications internally and with customers.
Virtual environments are excellent places to host internal meetings that are more interactive than voice or videoconferencing, at a much lower price. The same is true for wikis for knowledge generation.
Web 2.0 technologies can provide interactivity on the web, but should only be used on web pages that change frequently or requesting customer information.
For companies that have already ventured into Web services, Web 2.0 is an excellent next step. For others, develop your strategy before selecting the solution.
Read Full Post »
