The Smile-IT Blog » Blog Archives

Tag Archives: communication

Automation Security

This post is part of the "Automation-Orchestration" architecture series. Posts of this series together comprise a whitepaper on Automation and Orchestration for Innovative IT-aaS Architectures.


An obvious key point to consider when choosing an automation solution is security. We’ve discussed Audit & Compliance separately from security since audit trails and compliance need the architectural support by the solution but are both less technical in itself compared to security.

Considering security issues for an automation solution means focusing on the following areas:

  • Confidentiality: How does the solution manage authorized access?
  • Integrity: How does the solution ensure that stored objects and data are consistently traceable at any point in time?
  • Availability: How does the solution guarantee availability as defined, communicated, and agreed upon?
  • Authenticity: How does the solution ensure the authenticity of identities used for communication of partners (components, objects, users)
  • Liability: How does the solution support responsibility and accountability of the organization and its managers?

None of these areas rely on one particular architectural structure. Rather they have to be assessed by reviewing the particular solution’s overall architecture and how it relates to security.

User security


Any reputable automation solution will offer industry standard authentication mechanisms such as password encryption, strong password policy, and login protection upon fail. Integrating with common identity directories such as LDAP or AD provides a higher level of security for authenticating user’s access. This allows for the “bind request” to be forwarded to the specific directory and thereby leveraging the directory’s technologies not only to protect passwords and users but also to provide audit trail data for login attempts. Going a step further, an authentication system provided through an external, integrated LDAP might offer stronger authentication – such as MFA – out-of-the-box without the need to augment the solution to gain greater security.

In addition, the solution should provide a customized interface (e.g. provided through an “exit – callback” mechanism) for customers to integrate any authentication mechanism that is not yet supported by the product out-of-the-box.

Personnel data base

Most organizations use one core personnel database within their master data management (MDM) process. For example, new employees are onboarded through an HR-triggered process which, in addition to organizational policies, ensures creation of access permissions to systems that employees use every day. As part of an automation system’s architecture, such an approach involves the need to offer automatically available interfaces and synchronization methods for users – either as objects or links. The automation workflow itself, which supports the HR onboarding process, would subsequently leverage these interfaces to create necessary authentication and authorization artifacts.

Authorization & Access

Enterprise-grade automation solutions should offer a variety of access control for managed objects. In addition to the core capabilities already discussed, IT operations should expect the solution’s support for securing various layers and objects within it. This involves:

  • Function level authorization: The ability to grant/revoke permission for certain functions of the solution.
  • Object level authorization: The ability to create access control lists (ACLs) at the single object level if necessary.
  • ACL aggregation: The ability to group object level ACLs together through intelligent filter criteria in order to reduce effort for security maintenance.
  • User grouping: The ability to aggregate users into groups for easy management.

In addition, a secure solution should protect user and group management from unauthorized manipulation through use of permission sets within the authorization system.


Automation solutions that do not include APIs are rarely enterprise ready. While compatible APIs (e.g. based on java libraries) would inherently be able to leverage previously discussed security features, Web Service APIs need to offer additional authentication technologies along commonly accepted standards. Within REST, we mainly see three different authentication methods:

  1. Basic authentication is the lowest security option as it involves simply exchanging a base64 encoded username/password. This not only requires additional security measures for storing, transporting, and processing login information, but it also fails to support authenticating against the API. It also opens external access for any authorized users through passwords only.
  2. OAuth 1.0a provides the highest level of security since sensitive data is never transmitted. However, implementation of authentication validation can be complex requiring significant effort to set up specific hash algorithms to be applied with a series of strict steps.
  3. OAuth 2.0 is a simpler implementation, but still considered a sufficiently secure industry standard for API authentication. It eliminates use of signatures and handles all encryption through transport level security (TLS) which simplifies integration.

Basic authentication might be acceptable for an automation solution’s APIs being operated solely within the boundaries of the organization. This is becoming less common as more IT operations evolve into service oriented, orchestrated delivery of business processes operating in a hybrid environment. Operating in such a landscape requires using interfaces for external integration, in which case your automation solution must provide a minimum of OAuth 2.0 security.

Object level security

The levels of authorization previously mentioned set the stage for defining a detailed authorization matrix within the automation solution’s object management layer. An object represents an execution endpoint within a highly critical target system of automated IT operation. Accessing the object representing the endpoint grants permission for the automation solution to directly impact the target system’s behavior. Therefore, an automation system must provide sufficiently detailed ACL configuration methods to control access to:

  • Endpoint adapters/agents
  • Execution artifacts such as processes and workflows
  • Other objects like statistics, reports, and catalogues
  • Logical tenants/clients

The list could be extended even further. However, the more detailed the authorization system, the greater the need for feasible aggregation and grouping mechanisms to ease complexity. At the same time, the higher the number of possibilities for controlling and managing authorization, the better the automation solution’s managability.

Separation of concern

Finally, to allow for a role model implementation that supports a typical IT organizational structure, execution must be separated from design and implementation. Object usage must not automatically imply permission for object definition. This allows another automation specialist to access the system to construct workflows with this and other objects without revealing the underlying credentials.

Communication Security

Securing the communication between systems, objects, and endpoints is the final security issue to be considered when assessing an automation solution. This includes

  • Encryption
  • Remote endpoint authentication – the ability to allow configuration of target endpoints authentication when interacting with the core automation management engine

For communication between components, encryption must be able to leverage standard algorithms. The solution should also allow configuration of the desired encryption method. At minimum, it should support AES-256.

Endpoint authentication provides a view of security from the opposite side of automation. To this point, we’ve discussed how the solution should support security implementation. When a solution is rolled out, however, endpoints need to automatically and securely interact with the automation core. Ideally the automation solution should generate a certification key deployable as a package to endpoint installations. Ideally this would happen via a separate, secure connection. This configuration enables a unique fingerprint for each endpoint and avoids intrusion of untrusted endpoints into the automation infrastructure.

Published by:

3 Gründe, warum es egal ist, was in den facebook AGBs steht

Da war er wieder – der 2-3 mal jährliche Aufschrei der Online-Gemeinde über die AGBs eines Sozialen Netzwerks. Nicht irgendeines Sozialen Netzwerks: DES Sozialen Netzwerks.

Facebook hatte seine “Allgemeinen Nutzungsbedingungen” wieder einmal überarbeitet und ich stolperte unvermeidbar über den diesbezüglichen Artikel der ORF futurezone (es gab bestimmt noch weitere).

Kurz darauf überschlugen sich Kritiker und Kalmierer und warfen sich gegenseitig vor, den falschen Umgang mit der nackten Tatsache der Änderung zu pflegen (erfrischend dabei lediglich jene facebook (sic!) Posts, die dazu aufforderten, irgendetwas auf das persönliche Profil zu stellen, um dadurch den neuen AGBs zu widersprechen; mein unerreichter Favorit dabei: das Einhorn – ich bin sicher, auch dazu gibt’s ein paar “Gläubige”).

Letztendlich bleibt jedoch ohnehin von solchem Aufruhr nichts übrig – und das ist auch gut so. Weil es nämlich vollkommen wurscht ist, was in den facebook AGBs steht. Und zwar aus folgenden simplen Gründen:

1. Die Welt ist Werbung!

So ist das nun mal. Was immer wir tun (falsch: was immer wir schon immer taten) wurde und wird dazu benutzt, dass Unternehmen versuchen, uns zu sagen, was wir in Zukunft tun, kaufen, benutzen, buchen, … leben sollen. Schauen Sie sich einfach nur die Evolution von Werbung (vom Plakat, über die Radio-Information, zum Fernsehspot, zwei-, drei-, viermal pro Tag, vor und nach Sendungen, inmitten des Films, nun vor dem youtube-Video, … usw.) an: Unternehmen und Medien versuchen, in gegenseitigem Kreativwettlauf an immer noch mehr Möglichkeiten zu kommen, uns mit ihrer “Information” zu überschütten. Neuerdings bekomme ich vor jedem youtube-Video den Spot eines SharePoint Migrationstools zu sehen (womit habe ich mich wohl in letzter Zeit online beschäftigt).

Und ehrlich gestanden frage ich mich: Was ist so falsch daran? Wenn ich ein Hotelzimmer in Madrid buchen möchte, besuche ich mal kurz, suche ausgiebig danach und warte dann, bis mir was günstiges vorschlägt. War ich dann dort und es war gut, schreib ich mir die eMail-Adresse auf und sieht mich für diese Stadt nie wieder. Werbung kann so einfach ausgeblendet und gleichzeitig zielführend genutzt werden. Daher ist allein dieser Grund genug, die facebook AGB Änderung zu ignorieren, wenn es – wie die futurezone einleitend feststellt – doch nur darum geht, zielgerichtetere Werbung zu ermöglichen.

2. Welches Recht zählt wirklich?

Schon mal genauer in die AGBs reingeschaut? Hier nochmal der Link dazu. Wenn man nach dem Gerichtsstand sucht, findet man da:

“You will resolve any claim, cause of action or dispute (claim) you have with us arising out of or relating to this Statement or Facebook exclusively in the U.S. District Court for the Northern District of California or a state court located in San Mateo County, and you agree to submit to the personal jurisdiction of such courts for the purpose of litigating all such claims. The laws of the State of California will govern this Statement, as well as any claim that might arise between you and us, without regard to conflict of law provisions.”

Na dann! Auf in die Staaten. Gehen wir uns beschweren, was uns facebook da antut.

Verstehen Sie mich richtig, bitte: Die Sammelklage des österr. Jusstudenten, Max Schrems, beispielsweise finde ich im Grunde richtig und sogar notwendig. Leider gerät der ursprünglich auslösende Moment für dieses Vorgehen ein wenig in Vergessenheit: Begonnen hatte dieser Fall ja mit dem Versuch, alle gesammelten Daten von facebook zu erhalten; ich halte es für ein Grundrecht jedes Menschen auf dieser Welt, detailliert erfahren zu können, was wo über einen selbst gespeichert ist (vgl. auch meine Transparenz-Forderung im “Citizenfour”-Artikel).

Ich halte es natürlich auch für ein Grundrecht, selbst entscheiden zu können, welche persönlichen Daten verwendet werden – und genau deshalb sind die AGBs von facebook genau genommen Makulatur, denn (last not least):

3. Ich entscheide selbst, was ich wie nutze!

facebook zwingt mich in keiner Weise, facebook zu nutzen. facebook zwingt mich nicht einmal, facebook auf eine bestimmte Art und Weise zu nutzen. facebook bietet mir Möglichkeiten. Möglichkeiten zur Kommunikation, zur Information, … ja: zu Eigenwerbung. Ich kann das Medium ja auch selbst dazu nutzen, für etwas, das mir ein Anliegen ist, Werbung zu machen. Das geht so weit, dass ich gegen Einwurf kleiner Münzen die Datenmaschine “facebook” selbst für meine Zwecke gebrauchen kann: Zielgerichtet wird facebook dann meine Statusmeldungen und Seiten-Aktualisierungen in den “Newsfeed” meiner Freunde platzieren, um sie auf mein Anliegen aufmerksam zu machen. Perfekt. Genau so wünsche ich mir das.

Wenn ich bestimmte Informationen sehen möchte, werde ich bestimmte Dinge, Themen, Inhalte, Schlüsselwörter im Netz publizieren. Wenn ich für ein bestimmtes Thema nicht gefunden oder damit identifiziert werden möchte, werde ich zu diesem Thema einfach die Klappe halten.

Der Punkt ist doch der:

Unser unbändiges Mitteilungsbedürfnis und unsere unbändige Neugierde spielen uns bei der Nutzung von Online-Medien einen bösen Streich: Denn heutige Technologien ermöglichen halt einfach ein Mehr an Zielgenauigkeit, als es der guten alten Fernsehwerbung im spannendsten Moment des Hauptabendfilms möglich war – sie erlauben es dem Informationsanbieter einfach, seine Information exakter passend zu platzieren.

Das Argument einiger lautstarker Kritiker der neuen facebook-AGBs, man könne sich der Nutzung von facebook ja heutzutage gar nicht mehr entziehen, ist schlichter, wenig differenzierender Blödsinn. Es mag stimmen, dass Schulen, Vereine und andere menschliche “Netzwerke” das Medium “facebook” als einzige Kommunikations-Plattform nutzen und man daher zur Teilnahme an dieser Kommunikation an einem facebook-Benutzerprofil nicht vorbei kommt. Die Inhalte dieses Profils – allerdings – bestimme ich dann selbst. Und ich kann die Inhalte durchaus auf den Zweck meines Dabei-Seins beschränken.

Und abgesehen davon: Suchen Sie auch machmal im Internet nach Dingen, Themen, Inhalten oder bestimmten Schlüsselwörtern? Und was zeigt die Suchmaschine ihrer Wahl dann gleich zu oberst an?

Es ist halt einfach zu einfach, die Verantwortung für meine eigenen Handlungen (Mitteilungen, Suchanfragen, Bilder oder Videos, …) den AGBs eines Unternehmens zu übertragen, das sich die hochgradig effektive Nutzung dieser meiner “Handlungen” zum eigenen Geschäftszweck gemacht hat.


{feature image “Digital Footprint” via Flickr/Creative Commons}

Published by:

The “Next Big Thing” series: #Mobile Everywhere

{this is No. 4 of the “Next Big Thing” blog post series, which discusses the revolution to come through ongoing innovation in IT and the challenges involved with’em}


I would be interested in getting to know, how many readers of this series still know a person not owning a smartphone? (I do, by the way ;))

Even though I have written several times about the danger of it and how important it is to consider behaviour for a healthy adoption of “Mobile Everywhere” (e.g. in “Switch Offor “3 importances for a self-aware social networker) I am still a strong believer in the advantages that elaborate mobile technology brings into day-2-day life.

Not only do mobile phone technology and mobile app ecosystems add significant value to the other two forces (data and social) but additionally they’ve meanwhile “learned” to make vast use of them. You could actually describe a stacked model of this bond of disruptive technologies which are discussed in this series in a way that

  • data is the back-end business layer of the future
  • social platforms are the middleware to bring together information offers and information needs
  • and mobile technology is the front end to support information and data consumption in both ways

The image below turns the “Nexus”-model from the beginning of this series into a stack appearance:


Nexus of Forces (stacked)

Nexus of Forces (stacked)


Which – essentially – closes the loop with why we do see a bond of not only the technologies in mobility, social media and data and analytics but even more the visions, strategies and concepts of these three. Needless to say, therefore, that businesses who have a strong strategy and vision around the Nexus of Forces and – at the same time – are backed by a strong Service Orchestration roadmap will be the winners of the “race of embrace” of this bond.

Now, thinking of the Pioneers, which I’ve started this blog series with, I recall that one could see all forms of leveraging the aforementioned concepts in the ideas of the startups presenting there. And – unsurprisingly to me – not a single moment during those 2 festival days back in October this year, “Cloud” was even mentioned, let alone discussed. It is no topic anymore. Period.

However, there’s more: The Nexus of Forces as such is only the beginning of a path leading into the next industrial revolution and we’re already well under way. Hence, this blog series will continue discussing concepts and challenges which build upon the Nexus of Forces and takes it to the next level with change to come for each and every enterprise – software-based, hardware-based or not even technology-based at all.


{No. 5 of this blog post series takes the first step into “Industry 4.0” and related disruptive topics}

Published by:

The “Next Big Thing” series: From Social Network to #Social #Revolution

{this is No. 3 of the “Next Big Thing” blog post series, which discusses the revolution to come through ongoing innovation in IT and the challenges involved with’em}


Along with Cloud patterns the delivery of large engagement platforms – essentially web applications architectured, of course, specifically to serve a vast amount of simultaneous access and a huge stream of information – became possible.

If one does take a look back into history of social media, these platforms step-by-step evolved from pure public-chat and tweet apps into full blown areas for (group) communications, gaming, advertising and (sometimes) simply storing information. Not by what they were originally intended to be (facebook’s core goal was – and still is, if you trust Zuckerberg – to connect everyone) but by how the consumers (private or business ones) developed themselves within them as well as developed and matured their usage patterns.

However, there is a “meta level” beyond the obvious: Observing youth and their approach to using technology surrounding them might lead to thinking: Those guys have completely forgotten about communication and engagement. I trust, the opposite is the case. When I talk to my kids, I learn that they read everything, absorb everything, have a much faster ability to notice news, information, consume different channels, etc. The only thing is: They do not react, if it doesn’t touch them. And that pattern applies not only to advertisement-backed social media feeds but also – and maybe foremost – to direct 1:1 or group conversations. And this is why I believe that the social aspect within the Nexus of Forces will have a much stronger impact than we currently notice.

I tend to claim a social revolution to approach us because – together with the other forces – social media will become the integrative middleware between what we want to consume, businesses want to drive us to consume and how we consume it. No advertising phone calls anymore, no spamming in our mailboxes (hurray!), but a social feed of information which is far better suited to create the impression of personal engagement while in truth being just an efficient aggregation and combination of data that we all have earlier produced ourselves.

Are businesses ready for that revolution? Can they adapt their marketing strategies to leverage those vast new possibilities? Orchestrating services and data in order to feed social platforms with what is considered relevant to the customers of a certain enterprise will become a core IT capability in order to be able to become a player of relevance in the social revolution.


{No. 4 of this blog post series talks about the challenges of the “mobile everywhere” culture – soon to come – stay tuned}

feature image found at AFAO talks (

Published by:

3 importances for a self-aware social networker

The social and mobile world is undergoing another change in perception. Back in 2006++ when most of today’s social networks commenced their big leap into our everyday life, they drove the always-on culture, the work-everywhere culture, the instant-communication culture. People where happily adopting all the tremendously great possibilities they were given by the smartphone vendors who in turn where driven to ever-new feature climaxes by the evolving hype. And today – these days, virtually – a shift (maybe: a turn) is notable. The crucial point here: This turn is risking to go utterly and completely into the wrong direction!

And here’s why!

Why dictate instead of educate?

These days an article crossed my desk saying, that the German government has introduced a policy that employees must not be called or contacted anymore outside working hours. “The guidelines state that ministry staff should not be penalised for switching off their mobiles or failing to pick up messages out of hours”, says the article in The Telegraph. Digging further, one can find the Daimler “Mail on Holiday” program which allows employees to invoke an automatic process delegating and deleting eMails form their inboxes when on vacation or a Volkswagen initiative (admittedly already from 2011) where the company switched off eMail synchronization during out-of-work hours.

When reading this, the very simple thing I am really asking myself is: Where is the awareness education for people confronted with such kind of policies? How do employers or governmental organizations ensure that their core value – their employees – actually understand how mobile technology and social interaction influences their behaviour and – even more important – how they can find an approach of wellbeing to all the thrilling possibilities of technology for themselves?

Why allow speeding in messaging?

The second thing that hit me really hard was the article of a 17yo girl in an Austrian newspaper, contemplating the behaviour of herself and her friends in WhatsApp. What she essentially says is that FOMO (“fear of missing out”) is actually FOMF (“fear of missing friends”). Young people everywhere seem to have floated into a symbiosis with their phone for the sole purpose of instantly – literally within a second – answering any incoming message. Otherwise they would risk losing friends and social contacts because when their friends and schoolmates having seen them online sometime during the day wouldn’t receive an answer within “due course”, they’d assume not to be liked anymore and quit friendship.

The shocking detail here is two-folded: On the one hand, instant messaging conversations in 90% of all cases completely lack content anyway (they run along a thread something like “hey :)” – “hey :)” – “how r u” – “ok. and u” – ok, too” – what r u doin” – “nothing”) and on the other hand, not being answered can so frighteningly quickly evolve from frustration into anger and into ignorance within instances.

And I am asking myself: Is friendship worth anything these days? And who teaches our children how to keep it up? Who educates them for responsibility humans deserve and for responsibility and self-awareness and caution with the technological possibilities they are so happy to be given.

Why allow loneliness when everyone is always around?

The third thing that stroke me was another awesome TED talk (TED talks tend to be awesome whatever topic they touch) by Sherry Turkle, a psychologist and cultural analyst, talking about being connected and still remaining alone (here’s the link to it). What she is stating – undermined with respective research – is that we have grown more alone then in former times when getting in touch with each other was so much harder due to the lack of communication facilities. The truth of what she says is undeniable: When we wanted to arrange to meet our friends in the 8oies or even 90ies, we had to pick a landline, hope the other one was where his landline was and plan around other duties (like school, sports, music education, homework, shopping, etc.) as a long as to find a free timeslot for meeting for a coffee or coke. And by that, we were closer to each other than we are now. We always and ever knew our friends plans. We literally felt them without having to talk to them. Today, we don’t talk. We chat, message, eMail or tag’em in a post – and know nothing about how they feel. They remain as alone as we are in fact – with all those 100s of social network “friends” around.

And I am simply asking myself why nobody really notices?

The answer

The items above kept me thinking … thinking of a solution … Here’s what I think, we can do – as a parental guide, a school teacher, an employer or just a human friend. The solution to the huge challenge our society is facing with the equally huge technological possibilities does not lie with rules, regulations, policies and prohibitions. It will not help at all to tell our kids, our employees or our friends what they can do, shall do or must not do.

The true answer is within ourselves and the only thing helping it to surface is helping to create self-awareness about how we treat technology around us. So here’s 3 simple things to try:

  1. Do not ban eMail, switch off sync or forbid mobile phones. Instead, offer freedom to employees. Start with educating management to not expect availability from their people at weird times, teach them to accept individuality in how employees use the technology around them. And coach the employees in acquiring and living up to what they need for wellbeing at work. If one wants to switch off when leaving the building: Fine. If one wants to check eMails during vacation: Fine, too. I trust more than anything, that productivity increases when one can use social interaction and mobility the way they want it.
  2. Do make children understand the amount of pressure they put themselves and others into when expecting behaviour without explicitly explaining it. In terms of communications, I think, it is no bad thing to chat and message a response instantly upon message arrival. It’s getting tremendously dangerous when a response is expected without even taking into account what hurdles might hinder the other to respond. They might have forgotten their phone, be on holiday without parental phone admittance, be in a verbose conversation with someone. And their lack of responsiveness may have nothing at all to do with a lack of appreciation. Understanding the difference may make them truly self-aware and sensitive users of that great mobile and social revolution, we’re facing.
  3. And finally: Get a feeling on how much in touch you really are. How much you really know about someone who is posting on facebook or twitter, is joking with 20-something groups on whatsapp … and at the same time is feeling tremendously alone because of a complete lack of real life relationships. And maybe that one is you …

I think, the technology surrounding us – and the path, twists and turns this technology keeps taking – bares so many great advantages for our day to day lifes, if we only learn how to integrate them without letting it role over us destructively. So let us not let it do so!


Published by:

Mind: DevOps isn’t a role model!

This blog post (“How ‘DevOps’ is Killing the Developer”) airwaves a bit at the moment. It reached me right at some really cool, breakthrough conversations on how DevOps will lead change of culture and role perception … and it fully truly nailed the opposite of those highly positive talks. To say it in the words of one of the commenters: “I couldn’t disagree more!” I even would go as far as to consider it dangerous!


Because the post reflects a totally wrong perception of DevOps! The article claims that DevOps would transform the role and responsibility of a particular person – a developer in this case. I would be surprised if literature really postulates this – the change of a role. DevOps is the transformation of HOW things are done, not WHO does it. Firstly, you have to lay the basis for a DevOps company transformation. Do developers change their expertise by that? No. Do OPS guys do? Neither. BUT: They do get closer together, get better understanding for each others challenges.

Secondly: The post misses another highly important – maybe the most important – investment along with DevOps introduction: Automation! Along with the cultural change, you’ll have to invest in automation of processes for artefacts which would formerly have taken you days and weeks to create/setup/deploy/run.


So – let’s be clear here: DevOps isn’t the change of a role! DevOps is a 90° turn of a modus operandi. The whole movement derives from manufacturing where the importance lies in getting rid of any blocker in a production pipeline. Neither would a continous production change the role of the screwmaster (to name just anything) nor would DevOps change that of a QA expert or buildmaster … or – well: developer (as exemplarly taken here)!

The article is dangerous in another aspect: It claims developers to concentrate on development and nothing else. It is – but – another important aspect of DevOps as a cultural tranformation: To bring understanding for everybody else’s responsibility in the process to everybody. And thereby encourage Automation even more to take its place in it all. This importance is totally missed out in the post!

Bottom line

Let’s be crystal clear on a few things with DevOps:

  • It’s a cultural and organizational change; not a role and responsibility change for single individuals
  • It is a 90° turn of a modus operandi. It turns vertical silos of responsibility and action into horizontal pipelines/chains of continous work-flow
  • It’s a way to create role and responsibility awareness throughout the whole chain of collaborating individuals
  • And it surfaces the need of Automation to support cultural and process transformation, stability, security, repeatability, speed, continuity, …

There’s – however – a really positive DevOps-supporting aspect in that post: It does indeed drive discussion into a good direction … just browse through the comments there … 😉


( This post was also published in the official Automic company blog: )


Published by:

Tomorrow’s skills: Teachers watch-out!

IDC published a study: ”

“Skills Requirements for Tomorrow’s Best Jobs”.

I discovered it – gratefully – through @leitenmu and a Microsoft link:


About 15 years ago, when it also became part of my job to select new hires from applicants and lead them towards becoming a valuable team-oriented fun-loving contributor to projects and tasks, I had to painfully admit that most of what universities and high schools had trained those applicants, wasn’t precisely what we sought to add to our teams.

Those who were the quickest to learn and adopt, eventually had the greatest success in their ongoing careers (and where the greatest fun to work with).

Now, what IDC predicts in their study is an increased need for what they call CIP-skills – communication, integration and presentation. That’s not that different from what I had the honour to already experience a decade ago. As an appetizer to the whole, just have a look to that figure:

Top Skills for all U.S. occupations

Figure: Top Skills for all U.S. occupations


But while the whole study presents a highly interesting, thought-provoking outlook to what teaching institutions today need to focus on in order to provide the skills needed for tomorrow, I’d like to seriously ask: How can a school system stuck within 30-or-more year old paradigms ever gain even the faintest ability to educate what their students will need for their jobs?


Published by:

Change “the Change”?

I’ve made up a little story.

The story is fictious. Characters in the story are fictious. Any resemblance to any existing persons are purely in the reader’s mind. Any resemblance with your company’s processes are mere coincidence.


Is it the process or is it communication?


  • George: a very helpful infrastructure project manager located somewhere in Europe
  • Francis: an application manager located somewhere else in Europe
  • Olaf: an even more helpful datacenter operator geographically close to George
  • Dakshi: a very talented cloud operations engineer in/from India
  • Hans: a knowledgable senior cloud technician, European
  • Bob: the senior architect for infrastructure engineering (US)
  • Eveyln: the infrastructure engineering project manager (US, close to Bob)
  • a support mailbox

On Feb, 4th Francis writes:

Hi Hans, Dakshi,

I currently have an issue you’ll probably able to solve easily.

Our company has signed a deal with a European government’s ministry to host an instance of our social enterprise application. For obvious reasons, that instance needs to be hosted in the customer’s country (not in our cloud)

As this project has a very tight schedule, and to be sure we can deliver in time, I need a dump of a few virtual machines from our existing V2 implementation so we can import them on our local VMWare infrastructure.

Machines needed are:

  • webserver01
  • dbserver01
  • accesssrv01
  • worker01
  • viewer01

I’m not sure what would be the best and fastest way to transfer them. A network transfer may be too long so maybe we can use a hard drive sent to us by UPS as we did for earlier transfers across the ocean.

I hope we can do this very quickly as the schedule is very tight, and I’m a bit late due to the time spent trying to fix the current V1 issues.

Best regards,


Let us briefly elaborate on the geographical circumstances of this request:

  • The datacenter running the V1 and V2 versions of the application under question is located in Europe
  • The customer is located in a different European country from the datacenter
  • The DC operations team is located in India

Dakshi is a very talented and quick operations guy, who picks up the request just 5 minutes later and responds willingly to export the requested VMs but being in need of a contact geographically close to the cloud DC to x-plug (and deliver) a USB harddisk . For this he redirects to Hans. Hans is known to know virtually everything which in certain organizations sometime means that Hans would be the one also doing everything – not so here: Hans redirects to George. George is a project manager located close to and responsible for activities in the DC in question, hence supposed to be best choice to coordinate the HDD x-plug and delivery process.


On Feb, 13th Francis writes:

Hi George,

I’m Francis, in charge of our social enterprise application. We’ve been working with our cloud team on the company’s “DriveSocial” project (V1 and V2). I’m writing to you on behalf of Hans. Our company has signed a deal with a local government’s ministry to host an instance of our social enterprise application. For obvious reasons, that instance needs to be hosted in the customer’s country.

As this project has a very tight schedule, and to be sure we can deliver in time, I need a dump of a few virtual machines from our application’s V2 implementation so we can import them on our local VMWare infrastructure.

Machines are:

  • webserver01
  • dbserver01
  • accesssrv01
  • worker01
  • viewer01

Can you please have them dumped and sent on a hard drive to:

DC1GER – Markus Verdinger, Sackstrasse 240, 99999 Praiss, Germany

The latest snapshot of the virtual machines, even though from last week would be perfect.

Thank you very much in advance,


A few minutes later the same day, Hans (in a supportive manner) shares a diagram of the V2 implementation with everybody; included is a detailed directive how to discover the right VMs within the “complicated jungle” of virtual organizations and virtual appliances [2(!) ORGs; 5(!) vApps].

George, the project manager and always eager to exactly specify the right activities, now kicks off a conversation about which server to plug the harddisk into – which ultimately involves Bob, the infrastructure architect.

On Feb, 13th Bob writes clarifyingly:


They are looking for physical jump server in the EU1DC rack 0815.  On the rack elevation diagram, you are looking for CWRWTs001 in RU99.

Looks like these UCSs have the old US names on them.  We need to review the names for the UCSs in Rack 0815 and make the corrections.

@Evelyn, please set up meeting to talk about and correct this issue.  We should double check EU2DC too.

Thanks. Bob

Evelyn confirms instantly. Case closed for today.

  • Total #mail: 11
  • Total #mail today: 8

The next day passes by with Georges proactive attempts to get the right HDD into the right server. He’s supported by Olaf who gives regular live reports from the actual situation in the DC (i.e. precisely explaning which HDD is plugged into which server and asking for admittance to x-plug).

On Feb, 15th Geroge writes:


Can you let us know who will be baring the costs for sending this HDD over to Praiss, Germany?

cheers G

Hans in all honesty responds not to know this and directs back to Francis “coram publico” assuming, that the cost question will for sure be no issue here as it all is about a very important customer and a very urgent request.

For the first time in our story things become “a bit complicated” here, as George has to ask admittance to book costs for x-plugging a HDD, putting it into an envelope and filing it with UPS. The representative of the respective delivery organization for this customer kicks in and asks whether sales has a budget (and PO) for this effort. George suggests to use a cloud development PO for the sake of simplicity, Hans again suggests – for the sake of even more simplicity – to invoice the department responsible for the social enterprise application directly (as this will be the benefitting party in this whole story anyway).

On Feb 15th, late in the evening (after having patiently watched the emails on the matter so far), Francis writes:

Jesus Christ…

Please invoice our department

In any case this is still our comapny’s money – so what!

Best regards


… and George kicks off the task of x-plugging and exporting with Dakshi by — — — asking Hans to open a Change Ticket in the Change Management system for this activity!

… which now – for the first time – leaves Hans standing in complete awe and totally leaking to understand his involveness in the case (especially as Hans is a future oriented agile minded technician who disbelieves in the flexibility of traditional change processes based on ITIL; ITIL was great some 10 years ago – Hans believes, that this is the cloud era which asks for more rapid process definitions and especially executions – but that’s a different story …)

This is the last we hear from our story’s heros before the weekend begins …

  • Time elapsed: 11 days
  • Total #mail: 34
  • Total #mail today: 17

On the following Monday, Hans and George spend some time (writtenly and verbously) to clarify how to rightly kick off such an activity and George (who asked for a change ticket just a few days ago) suggests, that the right way would be to engage with the cloud operations team in India directly. … Wait. … Directly with India. … I need to scroll up to the beginning here … Wasn’t that what Francis … did …

On Feb, 18th late in the evening, George writes:

Hi Dakshi,

could you please give me a feedback of the status regarding the transfer of the desired files?

Thanks and Best Regards


Dakshi now asks his colleague Abhu to act on the request (giving information on which VMs needed), Abhu asks Prahti to start the export. And Prahti re-queries the right ORG and vApps. Wait. … I need to scroll up again … Didn’t Hans … provide this very same information … directly to … Dakshi; well – it’s only copy-paste anyway and Hans is known to have an everlasting rapidly-searchable email-archive. Info delivered. Now to Prahti.

It’s Monday, Feb 18th.

  • Time elapsed: 14 days
  • Total #mail: 41
  • Total #mail today: 7


On Feb, 25th, Francis writes:

Hi Hans,

Sorry to disturb you but do you know if the virtual machines hard drive has been sent to our DC? I just had a call with them and apparently they had nothing delivered yet.

Best regards,


Hans in all honesty responds not to have any new status and Francis redirects his question to George. George in turn asks Dakshi. Dakshi confirms to have started the export but reports, that he had issues with some of the VMs (their export causing high load on the servers, which is why he did (does) not want to continue in order not to disturb productive environments). This leads Francis to ask the blunt question why it wouldn’t be possible to just use latest backups of the very same VMs. thereafter confirms that backups can be restored to a seperate location and the export can then be started. Wait. … ? … Let’s contemplate briefly on why a restore … … …

On Feb, 26th, Prahti writes:

Hi Francis,

We have exported following machines to the attached hard drive:

  • webserver01
  • dbserver01
  • accesssrv01
  • worker01
  • viewer01
  • loadbalancer01


  • Time elapsed: 22 days
  • Total #mail: 49
  • Total #mail today: 2


On Mar, 15th, Francis writes:

Hello Geroge and Hans,

I just had our DC people on the phone, and they’re still waiting for the VMs. It’s been one month now. Do you have a status on this please?

Best regards,


George, some hours later, replies:

Hi Hans, Hi Francis,

sorry for the delay, but there was no change ticket in place.

But in this case the colleagues will do an unconventional approach. However, the arrival of the disk at the agreed shipping address is expected during next week only.

Best Regards



On Mar, 27th, Francis writes:

Hi George,

I’ve been contacted by the DC, and they’re still waiting for your shipment to be delivered. Do you have any update on this please?

Best regards,

After this we lose track and the emails trickle away.

  • Time elapsed: 51 days
  • Total #mail: 53
  • Total #mail today: 1


On June, 6th, Francis writes:

Good afternoon,

Our DC has mounted the machines and it appears you did not provided the right machines. Actually, you sent us virtual machines that belongs to another client and that are not even running WindowsServer.

Beside the fact that it is unacceptable to get the data from another client, the delay introduced by this makes our company at risk with that very important client (government ministry for employment).

For the record, virtual machines needed to be cloned, copied onto a USB drive and sent to our DC are:

  • webserver01
  • dbserver01
  • accesssrv01
  • worker01
  • viewer01
  • loadbalancer01

The client’s DC address is: DC1GER – Markus Verdinger, Sackstrasse 240, 99999 Praiss, Germany

Please, fix ASAP.


Rewind to start …



  • Where is the leak of communication?
  • Where is the process leaking clarity?
  • What could have been done by whom to improve the result of this operation/request?
  • Who should consider their job attitude?
  • How would ITIL support such a case?
  • Would this be possible to happen in your company? Why not?
Published by:

5 reasons for me being only 1

Just recently I heard that quote again: “No, I don’t connect with my colleagues on facebook. facebook is for my private endeavours.”

Vice versa is heard as well sometimes, when people complain about my fb-feed being mingled with boring IT posts from twitter (“I don’t understand that, I just scroll over it.”).

Appreciated and respected, folks.

Why then am I still convinced that maintaining just 1 single profile is the better way of making myself seen online. I could well split up the fully automated fb-twitter connect. I could make dedicated use of the #fb tag in twitter to specifically decide what to push over to fb. I’m online enough to even post completely seperatly in the various medias (and the apps supporting it are convenient enough to do so).

So, here’s my 5 reasons why I don’t:

  1. My employer/customer may (should) get the full picture. Be it whilst looking for a new job or within an existing employment, I am convinced that it is beneficial for the company’s culture if people offer their complete “self”, if they do offer any such information on the net. If you intend to create a true colleagueship culture in your enterprise you’re doing better in encouraging your people to just show what they are (baring in mind that showing off in the net means of course always to consider carefully what you show anyway). But hiding certain aspects from your fellow colleagues that you show  – well – the NSA (in a way) just doesn’t make sense to me. The same – BTW – applies for your customers in case you’re running the company: why shouldn’t your customers know whom they’re engaging with?
  2. I wanna know what my friends do for a living.
    Consider going out with your friends: Is talking about what you do for a living a tabu? Wouldn’t you chat about your latest achievements, your most beautiful line of code, your latest plenary presentation received with awe by the audience. Why shouldn’t my friends know that I like what I do?
  3. Splitting posts causes too much time.
    I’m a lazy guy. Tasks I can avoid, I will avoid. Considering whether some nice piece that I wanna share may go to one or the other account (to the private or to the open, to the technical or to the musical, e.g., …) is just too cumbersome and effort consuming to do it. As simple as that.
  4. I disbelieve that literally everything within or coming from a person’s employing company is great (even if it’s my own).
    I got in touch with companies which put up a social media policy employees have to adher to. These policies normally prohibit employees from posting other than company praises to their online profiles (well, I might exagerate a bit here). However, reading about the big awesomeness of a product, company, service, etc. is something I may expect from a company’s marketing account but not from a human being capable of using her/his grey cells. Hence, don’t expect it from me!
  5. I am 1 person.
    Not 2, 3 or more. What you find about me in the net, will always show you the whole “me”. No hidden agenda, no false illusions about me seeming a technical nerd or not at all interested in my job. It’s just WYSIWYG.

Of course, living virtually according these 5 reasons involves a little bit of care about what people do with your profile with regards to tagging, linking, mentioning, etc. … but being online with just a single profile allows you doing that on the go anyway – more or less …


Published by:
%d bloggers like this: