Best IT Blog

Sample Visio – High Level Archer Create Workflow

High Level Archer Create Workflow

Comments Off on Sample Visio – High Level Archer Create Workflow

Logrythm Architecture and Design 7.x Notes

ü  Dashboard

ü  Searching

ü  Review of alarms


ü  Qualify – to investigate (establish root cause)

ü  Then mitigate


ü  Html5 coded


ü  Risk based alarms

ü  Case workflow


ü  Realtime data 

ü  DoubleClick drill down

ü  Underlying log data.


Logviewer to analyst grid – access

Low footprint on the browser (Client)


Activities represented

Pivot sort of data / datasets


Widgets to customize dashboard 

Edit widgets, more advanced filters


Threat activity map

Drill down create a task on another task to free up resources


Flow data – Network monitor

Deep packet analytics (rule protocol mismatch) 

Packet captures – Session based


Case management

Tagging for cases (searchable and filter with dashboards)

Create new tags


Log contains

Search contextualized content for




Search contains:   (filter on classified actions (750 devices application and systems)

Pre-created processing rules 

Structure and unstructured searches


End point monitoring

File integrity monitoring

Watchlist users 

o   Account takeovers

·         Precision searches

·         Alarms page (tab)

·         Fired alarms and risk based fired

·         Entity logical segmentation of the network

·         Other filtering and sorting by risk by date

o   Smart responses based on activity (actions – multiple responses)

·         Disable accounts or quarantine devices

·         Corroborated alarms (supporting activities that are, 3 or more behavioral anomalies from the user)

·         Associate logs and alarms into cases


o   Drill down into data sets associated with the activities

·         Watchlist or searches (criteria, source with host) 

Single host or distributed host for performance.


AI Engine

Desktop console


System (Windows, Unix, remotely (no agent directly installed) Local and remote log collections

Non Server log server performance file integrity

Comments Off on Logrythm Architecture and Design 7.x Notes

How much crap does an IT specialist have to put up with today

Below are the IT and Business skill and technical certifications necessary for a long a successful IT career.

Items to Consider

Target Behaviors: Analysis and Problem Solving

1)  Follows technical interrelated sets of complex issues without difficulty

2)  Asks clarifying and shaping questions geared towards thoroughly assessing critical issues

3)  Demonstrates creative and occasionally innovative approaches to information gathering within a structured framework

4)  Able to enlist the aid of client staff to provide more information/time than originally requested/agreed

5) Structures complex problems, demonstrating understanding of pros and cons of alternative approaches to structuring

6) Draws sound conclusions, applying previous experience and best practices

7) Comfortably handles shifting problems and issues, quickly integrating new findings

8) Makes distinctive recommendations which clearly demonstrate a comprehensive understanding of the issues, best practices and risk factors, and can be implemented by the client

Client / Business Development

1) Develops strength of relationship that could/does result in follow-on work

2) Understands the implications of the client’s culture and uses this knowledge to increase effectiveness

3) Maintains close contact with client during course of engagement to ensure client goals and concerns are understood and are being addressed by the program of work

4) Identifies areas of client need; works with Organization Leadership to scope them, then provides support in development discussions, preparation and negotiation of arrangement

5) Provides insights and input to new opportunities that result in compelling proposals

IP and Capability Development

1) Actively uses assignments to test new concepts or techniques, enhancing personal and organizational capability

2) Develops and utilizes network of internal and external contacts to enhance thinking

3) Is a “go to” person for advice on complex issues in area of expertise

4) Contributes to the development and delivery of internal training

5) Looks for opportunities to at least co-author/co-present to external audiences in area of specialization

6) Documents insights and re-usable deliverables and encourages their uptake

7) Identifies needs and opportunities for Practice development and proposes plans and solutions to capitalize on those opportunities

Self, Work and Client Management

1)  Prepares project plans that are realistic and achievable

2)  Communicates expectations to project team members regarding deliverable content and quality and establishes and communicates standards for deliverables

3)  Manages scope, changes to assignments and priorities as the project situation changes

4)  Effectively monitors the quality and timeliness of delivery of Organization engagements, taking action where appropriate to mitigate emerging risks

5)  Manages timely resolution of project (technical, schedule, scope and risk) issues

6)  Quickly identifies situations in which client is falling short on commitments and raises issue in a manner that contributes to its resolution

7)  Effectively communicates project status to Organization and client management


1)   Initiative to learn and take initiative

2)   Working knowledge of the IT Infrastructure and IT Security Industry

3)   Good communalization and Presentation Skills

4)   Is a role model for Organizational Values, making decisions that support our Mission and Vision

5)   Demonstrates intellectual rigor

6)   Leads team to reconsider critical issues by presenting ideas in new ways or with new supporting data

7)   Demonstrates significant initiative in area of expertise, enabling movement of the company along a particular strategic or operational dimension

8)   Asks questions that help shape others’ thinking

9)   Holds self and others accountable for actions and outcomes

10) Demonstrates multi-dimensional decision making that accounts for business, people and client outcomes

Technical IT skills needed

Security Industry Certifications, Knowledge, Practical and Professional Experience:

1)    CISSP or equivalence practical and academic experience (over-rated), proven experience it 10 times more worth while

a.    Security+

2)    CCNA

3)  Firewalls;

b.    Netscreen

c.     Checkpoint

d.    Cisco PIX

e.    Sidewinder

4)  Proxies:

f.     Bluecoat

g.    Websense

h.    MS ISA


i.     MS Windows 2008 or 2012

j.     MCDST

k.    MCTS

6)  Certifications:

l.     Linux

m.   Unix

n.    ITIL

o.    PMI

Experience in enterprise technology deployments

1)  Ability to translate the customer business needs into a customized proof of concept to demonstrate business value.

2)  Project experience with IT security technologies.

3)  Knowledge of security policy definition, user provisioning.

4)  Working knowledge of multiple operating systems, including Windows, Unix and Linux

  1. Ability to articulate the architecture of Unix OS and user of NIS / LDAP.
  2. Ability to articulate the architecture of SANS or similar technologies
  3. Ability to articulate the concept of Unix system kernel
  4. Authentication;

i. Ability to articulate a password sync solution for Unix, NT, Linux and Mainframe identity management solutions.

ii. Ability to articulate the concept of super-user containment and delegation.

iii. Experience integrating biometric and other Single Sign-On hardware components.

iv. Smart Cards, Token technologies, fingerprint / inis / etc. Technologies.

v. Ability to articulate the concept of User ID Synchronization and how it effects access controls.

vi. Ability to articulate the concepts related to integration of mainframe and client server access and identity management solutions.

5)  Ability to articulate the architecture of Windows operating systems and Active Directory Architecture.

a.    Describe methods for design / suggestions for directory schema enhancements for performance.

b.    A Should include concepts related to partitioning, replicas, fault tolerance and load balancing methods.

c.     Discuss the business advantages of a directory backbone.

d.    Ability to articulate the concepts of user provisioning workflow (e.g. business approver, technical approver, regular, “HR” manager, etc…)

6)  Ability to articulate the concepts of platform hardening

7)  Ability to locate and modify the configuration files on the Windows platform

8)  Ability to articulate the concept of strong protection around critical applications and data.

9)  Ability to describe and demonstrate chalk / white board identity and access control integration components.

10) Describe the concepts and design methods to improve the identity and reliability of directory services.

11)  Ability to tailor an identity and Access Management demonstration to a client’s
specific business issues.

12)  Ability to articulate the value of a combined access and Identity Management solution.

13)  Ability to demonstrate via chalk-talk / whiteboard identity management architecture.

e.  Ability to demonstrate access management product integration into enterprise and security management solutions.

f.   Ability to translate a proposed identity / access management solution into a valid technical architecture.

14)  Experience with directory technologies including MSAD, LDAP, x.500, Novell, Sun etc…

 15)  Ability to articulate LDAP, CIM, x.500 from IETF, DTMF and ITU.

 16)  Ability to articulate the concepts of Web services.

17)  Ability to articulate the integration between access control and high availability software.

18)  Convey the differences between standalone, enterprise, backbone and empire directories.

19)  Articulate the security of SSL / TLS.

g.  Describe the technical drivers for x.509 / SSL.

h.  Convey the performance advantages of SQL, Oracle, DBMS and RDBMS.


Comments Off on How much crap does an IT specialist have to put up with today

What is key about ITIL and a Life Cycle approach

  1. Improved quality, cost, value and effectiveness of IT
  2. Improved IT Productivity
  3. Improved IT Services
  4. Managed expectations
  5. Improved Customer Satisfaction
  6. Reduce Operating costs


Organizations can clearly align themselves with the business by agreeing on a service portfolio that describes what customers use, in business language.

A strategic lifecycle framework for quality service

Globally used and non-proprietary

Convergence of Strategy, Governance & Management practices for IT service

Measurable IT in business value outcomes

Functional elements help deliver real value


Comments Off on What is key about ITIL and a Life Cycle approach

Sample Excel – Weekly Change Management Rule Summary

Comments Off on Sample Excel – Weekly Change Management Rule Summary

Simple Change Management Objectives

Purpose and Scope

To establish the activities needed to create and authorize a Standard Change for Change Management.

A Standard Change generally is a low risk, repeatable procedure that has demonstrated implementation success and been pre-approved for future implementations.


A Standard Change requires the following:

  • Is a low risk change
  • Occurs frequently
  • Has an Installation Instruction
  • Has a predefined Backout Plan
  • Have previous successful changes previously implemented in IT Service Request
  • Can be identified as a unique item on the approved Global Standard Change List
  • Has a scope that exactly matches the identified unique item on the approved Global Standard Change List

Standard Change Policy

Standard changes are pre-approved for creation of the RFC and deployment.

Key business rules include:

  • Standard changes will be restricted to those supported by a single implementation group (Change Owner group is Implementer group)
  • A particular type of RFC must be successfully deployed at least three consecutive times in order to be considered a candidate for a “Standard” pre-approved change type
  • The approval required in order to certify a normal change as a Standard Pre-Approved change requires approval by those owning the CIs the change may impact (based upon the business criticality). Annual re-authorization is required by all parties authorizing the original change
  • Changes owned by third party groups require approval from Corporate IT. and the appropriate account manager from the third party.
  • The Change Manager for the “domain” of the change must formally approve of the change becoming a Standard Pre-Approved change
  • Each Standard Change will be defined with the majority of the fields pre-defined
  • Those submitting an authorized Standard Change for deployment will use only the appropriate form / template that can be accessed
  • If a Standard Change’s deployment fails it will become a “Normal Change” and the Change Owner must re-apply to be considered a candidate for a Standard change once the issue causing the failure has been resolved and the change has been successfully deployed three consecutive times.
  • Must follow the Standard Change Procedures


Comments Off on Simple Change Management Objectives

Sample Visio – ITIL Service Design Management Processes

Comments Off on Sample Visio – ITIL Service Design Management Processes

Sample ITIL – Security’s Methodology Framework

1)    Project Initiation – The project is setup in this phases.  A project manager (PM) is assigned, the project scope is clearly identified, the project organization is established, and an initial project plan is drafted. 

2)    Discover – This is the most critical of all phases.  During this phase, the business and technical requirements are identified. Because these requirements guide the other phases, care must be taken to identify and understand the impact of each. Additionally points of pain or concern are documented for increased scrutiny in the following phases. 

3)    Strategy – Based on the requirements gathered in the discovery phase, ‘Consultant’ begins the process of establishing the desired security state. 

4)    Penetration and Vulnerability Assessment – In this phase, a external security assessment and review of the technology and architecture with business and technical requirements is performed.  Host and network configuration detail is captured; risks and system dependencies are also documented.  All possible impacts to the customer’s environment are reviewed and documented for analysis. 

5)    Data Assimilation and Analysis – Technical brain storming session occurs with various subject matter experts. Security experts, using ‘Consultant’s methodology and a combination of in-house and industry tools, create a set of best business practice recommendation’s based on gathered data and facilitated discussions. 

6)    Document and Recommend – A formal document outlining the current state of the client’s environment is created. All detailed configuration information, which was gathered during this process, is included in this document with identified areas of concern and appropriate recommendations for remediation. 

7)    Baseline Presentation – This phase is a formal presentation of the current state of security. The delta to the desired state is defined and the remediation plan is presented.  

8)    Remediation – The corrective measures are implemented in this phase. 

9)    Management – This phase is the ongoing maintenance of the corporate assessments. It includes periodic assessments, server management, network device management as well as security monitoring of mission critical devices and networks.


Comments Off on Sample ITIL – Security’s Methodology Framework

What Is ITIL All About?

Posted in Compliances (1300),ITIL - Change Management - Help Desk (95) by Guest on the April 24th, 2013
  • Aligning IT services with business requirements 
  • A set of best practices, not a methodology
  • Providing guidance, not a step-by-step, how-to manual; the implementation of ITIL processes will vary from organization to organization 
  • Providing optimal service provision at a justifiable cost
  • A non-proprietary, vendor-neutral, technology-agnostic set of best practices.


Comments Off on What Is ITIL All About?

Sample ITIL – SDLC Framework

Sample ITIL – SDLC Framework


Comments Off on Sample ITIL – SDLC Framework

Sample Visio – ITIL Server Application Administration (MACs)

Comments Off on Sample Visio – ITIL Server Application Administration (MACs)

Sample Visio – ITIL Remedy – Vulnerability Assessment Tracking List Processes

Comments Off on Sample Visio – ITIL Remedy – Vulnerability Assessment Tracking List Processes

Sample Visio – SAS / ITIL Framework

Comments Off on Sample Visio – SAS / ITIL Framework

Sample Visio – ITIL to ISO 200xx Service Processes

Comments Off on Sample Visio – ITIL to ISO 200xx Service Processes

Sample Visio – ITIL Service Delivery Model

Comments Off on Sample Visio – ITIL Service Delivery Model

Sample Visio – ITIL Solution Design Principles

Comments Off on Sample Visio – ITIL Solution Design Principles

Sample ITIL – Business Requirements for Application Performance Management

SLA / OLA Application Monitoring

Detect and view network and application activity and volume outside the normal performance range.

  • Create alerts for when a:
    • New,
    • Unknown,
    • Rogue application hits the network.
  • Develop a deep understanding of application’s performance over time, with the in-depth metrics for:
    • Transaction time,
    • Server response time,
    • Network round trip time to verify performance and identify issues.
  • Get a clear picture of the overall transaction time for applications.
  • Quantify and manage the end user experience to determine which users experience degraded.
  • Quickly identify and isolate application performance degradation.
    • Gain the visibility into individual application flows – whether:
      • Client-to-server,
      • Server-to-server,
      • Or peer-to-peer – to identify unauthorized, business-critical or recreational applications and quickly isolate any problem source.
  • Gain the visibility to identify and monitor applications – with a total view of application use across your LAN/WAN distributed network.
    • The graphical user interface provides visibility into the applications used and lets you see new applications running on your network.
    • Understand the impact of server connect and server response times.
      • Measure the effectiveness of data center operations, with performance comparisons across servers within a server farm.
      • In-depth visibility to baseline server and application availability across your distributed environment before making a change:
        • Measure the effectiveness of the change – all through a single pane of glass.
        • See the impact of network round trip time; quantify the level of services provided by your network and/or carrier for each provisioned link.
        • Understand how much bandwidth each application is using in each traffic class.
          • Track applications including:
            • Voice,
            • Video,
            • Web,
            • FTP
            • And streaming.


Comments Off on Sample ITIL – Business Requirements for Application Performance Management

Sample Visio – ITIL Service Support Processes – Functions

Comments Off on Sample Visio – ITIL Service Support Processes – Functions

Sample Visio – ITIL Relationships with ISO and BIP

Comments Off on Sample Visio – ITIL Relationships with ISO and BIP

Sample Visio – ITIL Processes

Comments Off on Sample Visio – ITIL Processes

Sample Visio – ITIL – Service Project Lifecycle Flow

Comments Off on Sample Visio – ITIL – Service Project Lifecycle Flow

ITIL – Storage Backups Best Practices

 Best Practices:

1) Periodic backups of servers; periodic backup of application and database servers (os platforms and application files – not data) should be performed and shipped to an offsite location.

2) These backups can be either tape-based backups or backup to disk (based on the discretion of the service delivery teams).

3) Full backup should be performed at least monthly. It’s is recommended that incremental backups occur daily until changes to the systems and their configurations become infrequent – at which time it will be acceptable to perform weekly incremental backups, 

4) Snapshot of EMPI data; Where possible, 24 worth of local snapshots of changes to data (stored on SAN / NAS storage) should be maintained in 15 minutes increments to ensure that rollbacks of corrupted data can meet stated RPO requirements (assuming that the corruption is detected), 

5) Replication of EMPI Data to alternative Data Center.


Comments Off on ITIL – Storage Backups Best Practices

ITIL – Storage Infrastructure Redundancy

 It is assumed that Enterprise service delivery teams have configured the underlying infrastructure to eliminate as many single points of failure as possible. The following best practices and redundancies are assumed to exist in the network, server and storage infrastructures:

1) Redundant fiber-channel and / or Ethernet (for FCoE / iSCSI implementation) switches connected to redundant ports on the storage array.

2) Storage array has redundant processors, ports (SAN and Ethernet), and power supplies.

3) Storage volumes are created on RAID groups that meet recommended performance requirements and are capable and are capable of continuing to function after the loss of one or more hard disks or disk sets.

4) Redundant Ethernet switches and routers for business-critical networks (including WAN networks)

5) Multiple network paths between corporate datacenters and satellite locations (where practical / possible)

6) Servers with redundant power supplies

7) Servers have redundant network and storage network ports / cards (e.g. NIC, SCSI, HBA CAN, etc…)

8) Servers have multiple internal hard disks configured in an appropriate RAID configuration to meet performance requirements and provide protection from the failure of a single drive.

9) Each rack / cabinet should have multiple power feeds from separate and redundant power distribution units (PDU) (where possible).

10) Datacenters should be equipped with redundant power (including generators, UPS system, etc…) sources

11)  Datacenters should have sufficient cooling capacity to allow for the failure of a cooling unit

12)  Multiple WAN providers (where practical / possible)


Comments Off on ITIL – Storage Infrastructure Redundancy

Sample Visio – ITIL Visual Framework

Comments Off on Sample Visio – ITIL Visual Framework

Sample Visio – Developing effective Quality ITSM solutions

 Free – Visio Document download

Developing effective Quality ITSM solutions 

The alignment of IT and business, mapping product and service delivery to institutional planning and identified needs, is strongly emphasized in the ITIL framework. 

Over the course of the last three years, ITS has provided ITIL Essentials Training or workshops to more than 70 staff members of our staff. In addition, staff members take advantage of tuition remission and workshop offerings in project management, service delivery and communication. 

ITS has been leveraging ITIL’s Best Practices for internal communication and project planning. 

ITS is committed to long term strategic and tactical partnerships with ITS service partners and academic and operational units. These includes areas directly recommended by ITIL best practices, such as the strengthening of service delivery, service support, and continuity and availability management.


Comments Off on Sample Visio – Developing effective Quality ITSM solutions
Next Page »