1. CHAPTER 9 System maintenance

2. Chapter Objectives Explain the systems support and security phase
Describe user support activities, including user training and help desks
Define the four types of maintenance
Explain various techniques for managing systems maintenance and support 3

3. Chapter Objectives
Describe techniques for measuring, managing, and planning system performance
Explain risk management concepts
Assess system security at six levels: physical security, network security, application security, file security, user security, and procedural security 3

4. Chapter Objectives Describe backup and disaster recovery
List factors indicating that a system has reached the end of its useful life
Assess future challenges and opportunities for IT professionals
Develop a strategic plan for career advancement and strong IT credentials

5. Introduction
Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements
Successful, robust systems often need the most support
In most organizations, more than half of all IT department effort goes into supporting existing systems 4

6. Overview
The systems operation, support, and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life
After delivering the system, the IT team focuses on support and maintenance tasks

7. User Support User Training
Additionally, new employees must be trained on the company’s information systems
User training package
Training users about system changes is similar to initial training
Objective is to show users how the system can help them perform their jobs

8. User Support Help Desks Often called an information center (IC)
Enhance productivity and improve utilization of a company’s information resources

9. User Support Help Desk Might have to perform the following tasks:
Show a user how to create a data query or report that displays specific business information
Resolve network access or password problems
Demonstrate an advanced feature of a system or a commercial package
Help a user recover damaged data

10. User Support
Help Desk
In addition to functioning as a valuable link between IT staff and users, the help desk is a central contact point for all IT maintenance activities
Can utilize many types of automated support

11. Maintenance Tasks
The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system
Operational costs
Maintenance expenses
Maintenance activities

12. Maintenance Tasks Four types of maintenance task can be identified
Corrective maintenance
Adaptive maintenance
Perfective maintenance
Preventative maintenance

13. Maintenance Tasks [1] Corrective Maintenance
Diagnoses and corrects errors in an operational system
Respond to errors in various ways, depending on nature and severity of the problem
In a typical procedure, a user submits a systems request that is evaluated, prioritized and scheduled

14. Maintenance Tasks [1] Corrective Maintenance
For more serious situations, a user submits a systems request with supporting evidence
Worst-case situation is a system failure
When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution

15. Maintenance Tasks [2] Adaptive Maintenance
Adds enhancements to an operational system and makes the system easier to use
The procedure for minor adaptive maintenance is similar to routine corrective maintenance
Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system

16. Maintenance Tasks [3] Perfective Maintenance
Involves changing an operational system to make it more efficient, reliable and maintainable
Can improve system reliability
Cost-effective during the middle of the system’s operational life

17. Maintenance Tasks [3] Perfective Maintenance Software reengineering
Programs that need a large number of maintenance changes usually are good candidates for reengineering
The more a program changes, the more likely it is to become inefficient and difficult to maintain

18. Maintenance Tasks [4] Preventive Maintenance
Requires analysis of areas where trouble is likely to occur
IT department normally initiates preventative maintenance
Often results in increased user satisfaction, decreased downtime, and reduced TCO
Sometimes does not receive the high priority that it deserves

19. Maintenance Management
Requires effective management, quality assurance and cost control
To achieve these goals, companies use various strategies
In addition, firms use version control and baselines to track system releases and analyze the system’s life cycle

20. Maintenance Management
The Maintenance Team
System administrator
Systems analysts
Analysis
Synthesis
Programmers
Applications programmer
Systems programmer
Database programmer
Programmer/analyst

21. Maintenance Management
The Maintenance Team
Organizational issues
IT managers often divide systems analysts and programmers into two groups: one group performs new system development, and the other group handles maintenance
Many analysts feel that maintenance work is less attractive than developing new systems
One disadvantage of rotation is that it increases overhead costs

22. Maintenance Management
Maintenance Requests
Involve a series of steps
All work must be covered by a specific request
Initial determination
The systems review committee
Task completion
User notification

23. Maintenance Management
Establishing Priorities
In many companies, systems review committee separates maintenance requests from new systems development requests
Some IT managers believe that evaluating all projects together leads to the best possible decisions
Object is to have a procedure that balances new development and necessary maintenance work

24. Maintenance Management
Configuration Management
Configuration management (CM)
Configuration management (CM) is a process for controlling changes in system requirements during the development phases of the SDLC.
As enterprise-wide information systems grow more complex, configuration management becomes critical
Also helps to organize and handle documentation

25. Maintenance Management
Maintenance Releases
Maintenance release methodology: numbering system
Maintenance release
A numbering pattern distinguishes the different released
Reduces the documentation burden
But new features or upgrades are available less often
Service packs

26. Maintenance Management
Version Control
Version control
Archived
Essential part of system documentation
Companies can purchase software such as Serena

27. Maintenance Management
Baselines
Systems analysts use baselines as yardsticks to document features and performance during the systems development process
Functional baseline: beginning of the project
Sys. Req. & design constraints
Allocated baseline: design phase
Testing, verification of sys. req. & features
Product baseline: system operation
Performance results & UAT

28. System Performance Management
Today, companies use complex networks and client/server systems to support business needs
To ensure satisfactory support for business operations, the IT department must manage system faults and interruptions, measure system performance and workload, and anticipate future needs

29. System Performance Management
Fault Management
The more complex the system, the more difficult it can be to analyze symptoms and isolate a cause
The best strategy is to prevent problems by monitoring system performance and workload

30. System Performance Management
Performance and Workload Measurement
Benchmark testing
Metrics
Response time
Bandwidth and throughput
Kbps (kilobits per second)
Mbps (megabits per second)
Gbps (gigabits per second)

31. System Performance Management
Performance and Workload Measurement
Turnaround time
The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements
Management uses current performance and workload data as input for the capacity planning process

32. System Performance Management
Capacity Planning
What-if analysis
You need detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports

33. System Performance Management
Capacity Planning
Most important, you need an accurate forecast of future business activities
If new business functions or requirements are predicted, you should develop contingency plans based on input from users and management

34. System Performance Management
System Maintenance Tools
Many CASE tools include system evaluation and maintenance features
In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results

35. System Security Overview
Security is a vital part of every computer system
System Security Concepts
CIA triangle
Integrity
Availability
Security policy

36. System Security Overview
Risk Management
Absolute security is not a realistic goal
Risk identification - exploit
Risk assessment - risk
Risk control
Avoidance, mitigation, transference, acceptance

37. System Security Overview
Attacker Profiles and Attacks
An attack might be launched by a disgruntled employee, or a hacker who is 10,000 miles away
Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons

38. Security Levels Must consider six separate but interrelated levels
Physical Security
First level of security concerns the physical environment
Physical access to a computer represents an entry point into the system and must be controlled and protected

39. Security Levels Physical Security Operations center security
Biometric scanning systems
Servers and desktop computers
Keystroke logger
Tamper-evident cases
BIOS-level password
Boot-level password
Power-on password
Uninterruptible power supply (UPS)

40. Security Levels Physical Security Notebook computers
Select an operating system that allows secure logons and BIOS-level passwords
Mark or engrave the computer’s case
Consider notebook models that have a built-in fingerprint reader
many notebook computers have a Universal Security Slot (USS)
Back up all vital data

41. Security Levels Physical Security Notebook computers
Use tracking software
While traveling, try to be alert to potential high-risk situations
Establish stringent password protection policies

42. Security Levels Network Security Network Network interface Encrypted
Encrypting network traffic
Unencrypted – plain text
Private key encryption
Public key encryption (PKE)

43. Security Levels Network Security Wireless networks
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
WPA2
IEEE i
WPA2 is compatible with WPA, so companies easily can migrate to the new security standard

44. Security Levels Network Security Private networks
Virtual private networks
Virtual private network (VPN)
Tunnel

45. Security Levels Network Security Ports and services Port Service
Port scans
Denial of service (DOS)
Distributed denial of service (DDOS)

46. Security Levels Network Security Firewalls Firewall
Firewalls can be configured to detect and respond to denial-of-service attacks, port scans, and other suspicious activity
Network intrusion detection – network intrusion detection system (NIDS)

47. Security Levels Application Security Services Hardening
Security hole
Hardening
Malware
Application permissions
Administrator – super-user
User rights - permissions

48. Security Levels Application Security Input validation
Patches and updates
Patches
Third-party software
Automatic update service
Software Logs
Log

49. Security Levels File Security Permissions User Groups Read a file
Write a file
Execute a file
Read a directory
Write a directory
User Groups

50. Security Levels User Security Privilege escalation attack
Identity management
Password protection
Social engineering
Pretexting

51. Security Levels User Security Procedural Security User resistance
New technologies
Security token
Procedural Security
Operational security
Dumpster diving
Paper shredders

52. Backup and Disaster Recovery
Backup: copying data regularly
Recovery: restore data & restarting the sys. after an interruption
Disaster recovery plan: backup & recovery plan
Backup and disaster recovery issues usually are intertwined

53. Backup and Disaster Recovery
Backup Policies
Backup policy: detailed instructions & procedures
Backup media
Rotation schedule
Offsiting
Backup Types
Full backup: All files that match your selection are included into the backup
Differential backup: Only those files will be included which have been changed since the last FULL backup

54. Backup and Disaster Recovery
Backup Policies
Backup Types
Incremental backup: Only those files will be included which have been changed since the last backup
Continuous backup: automatically saved of every changed made
RAID (Redundant array of independent disks)
Fault tolerant
Retention periods: keep the backup for a certain period of time

55. Backup and Disaster Recovery
Business Continuity Issues
Test plan
Business continuity plan (BCP)
Hot site
Data replication
Business insurance

56. System Obsolescence At some point every system becomes obsolete Signs:
The system’s maintenance history indicates that adaptive and corrective maintenance is increasing steadily
Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend

57. System Obsolescence Signs:
A software package is available that provides the same or additional services faster, better, and less expensively than the current system
New technology offers a way to perform the same or additional functions more efficiently
Maintenance changes or additions are difficult and expensive to perform

58. System Obsolescence Signs:
Users request significant new features to support business requirements
Systems operation and support continues until a replacement system is installed
At some point in a system’s operational life, maintenance costs start to increase, users begin to ask for more features and capability, new systems requests are submitted, and the SDLC begins again

59. Future Challenges and Opportunities
The only thing that is certain about the future is continuous change
Change itself is neither good nor bad — the real issue is how people and companies deal with the challenges and opportunities that are bound to occur

60. Future Challenges and Opportunities
Predictions
The highest priorities will be the safety and security of corporate operations, environmental concerns, and bottom-line TCO
Gartner, Inc. is a leading IT consulting firm that is famous for forecasting industry trends

61. Future Challenges and Opportunities
Predictions
Gartner also predicted that by 2011, large enterprises will require suppliers to certify their green credentials and sourcing policies
Author Randall Stross notes that the enormous amount of energy needed to drive cloud computing, including Google’s servers, has raised serious environmental concerns

62. Future Challenges and Opportunities
Strategic planning for IT professionals
Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project
Planning a career is not unlike planting a tree that takes several years to reach a certain height

63. Future Challenges and Opportunities
IT Credentials and Certification
Credentials
Certification
In addition to Microsoft, many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems

64. Chapter Summary
Systems support and security covers the entire period from the implementation of an information system until the system no longer is used
A systems analyst’s primary involvement with an operational system is to manage and solve user support requests
A maintenance team consists of one or more systems analysts and programmers

65. Chapter Summary
Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system
Configuration management is necessary to handle maintenance requests
Security is a vital part of every computer system
Risk management creates a workable security policy 49

66. Chapter Summary All information systems eventually become obsolete
An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones
An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills 49