Last in a too long series of columns on what’s wrong with IBM.
Enough horror stories, already! How do we just fix IBM?
Well it can’t be done from the inside so it has to be done from the outside. And the only outside power scary enough to get through the self-satisfied skulls of IBM top management is IBM customers. A huge threat to revenue is the only way to move IBM in the proper direction. But a big enough such threat will not only get a swift and positive reaction from Big Blue, it will makes things ultimately much better for customers, too.
So here is exactly what to do, down to the letter. Print this out, if necessary, give it to your CEO or CIO and have them hand it personally to your IBM account rep. Give the IBM rep one business day to complete the work. They will fail. Then go ballistic, open up a can of whoop-ass, and point out that these requirements are all covered by your Service Level Agreement. Cancel the contract if you feel inclined.
If enough CIO’s ask for it, this action will send immediate shock waves throughout IBM. Once IBM’s customers find out how long it takes to get this information and they see what they get, then things will get really interesting.
But don’t limit this test just to IBM. Give it to any IT service vendor. See how yours stacks up.
Ask your IT outsourcing provider to produce the following:
1) A list of all your servers under their support. That list should include:
- Serial Number
- Purchase Date
- Original and current asset value
- Processor type and speed
- Disk Storage
- IP address(s)
- Operating system(s)
- Software product(s)
- Business Application(s)
Is this list complete? How long did it take your provider to produce the list? Did they have all this information readily accessible and in one place?
2) A report on the backup for your servers for the last 2 weeks.
- Are all servers being backed up?
- Are all the backups running in the planned time window? Is there ample time left over, or is the operation using every minute of the backup window?
- When backup runs on a server there are always files that are open or locked and the backup cannot copy them. Every day the backup team needs to look at their reports and make sure that files that were missed are backed up. In your examination of the backup reports you should see evidence of this being done.
- If you spot any potential problems with a server ask for a list of all the files on the server. The list should show the filenames, date’s, and if the archive (backup) bit has been flipped
Is this list complete? How long did it take your provider to produce the report? How often does your provider conduct a data recovery test? If a file is accidentally deleted, how long does it take your provide to recover it? Can your provider perform a “bare metal” restoration? (bare metal is the recovery of everything, the operating system included onto a blank system)
3) A report on the antivirus software on your Windows servers.
- Is antivirus software running on all your Windows servers?
- Is it the same (standard) version?
- Are the virus signature file(s) current?
- Ask for case information on any recent virus infections.
Is this list complete? How long did it take your provider to produce the report? When a virus is detected on a server, how is the alert communicated to your IT provider? How fast do they log the event and act on it?
4) A report on your network. It should include:
- Illustrations of the major network equipment including routers, switches, firewalls, etc.
- IP address allocations.
- Internal DNS entries.
- Current routing and firewall rules.
Is this information complete and current? How long did it take your provider to produce this information? Is this information stored in a readily accessible place so that anyone from your IT provider can use it to diagnose problems?
5) Information on your Disaster Recovery plans Here is what you want to know:
- Documentation on a recent DR test, the plan and results. It should show the actual times tasks were started and completed. Problems should be logged. (it is okay for there to be some problems, that is the purpose of the test)
- Ask for a list of names from the IT provider of the people who worked on the test.
- How many people who worked on the test live full time in the same country as your DR facility?
- Did your IT provider fly in an army of offshore support folks for the test?
- If there was a real disaster how long would it take your IT provider to assemble a team to support your emergency?
- Ask for a list of your critical applications to be provided and supported in a disaster.
- Is the list complete and correct? Is there sufficiently detailed information on each critical application? How much data is involved? Is the data actively sync’d over a network? How often is the sync’ing process checked? What hostnames and filesystems need to be restored? What application skills are needed to start up the applications?
6) Help desk information. Here is what you want to know:
- Ask for a report of all the help desk tickets for the last 2 weeks.
- Independently ask your company (not your IT provider) for information on known IT problems over the last two weeks.
- Compare the information from the helpdesk and your company sources.
- Pick a few random incidents from the help desk ticket report. How long did it take to discover the problem? How long did it take your IT provider to begin to work on the problem? How long did it take your IT provider to fix the problem? Was the problem really fixed?
- Is there an active problem prevention program? Is your IT provider examining the reported IT problems and finding ways to reduce the number and frequency of problems?
How long did it take your provider to produce this report? Did they have all the help desk ticket information readily accessible to everyone and in one place?
7) Look for evidence of continuous improvement.
- Repeat this process once a month.
- Look for changes and improvements month to month and over several months.
- Are the total number of problems being reduced?
- Is the response time to fix problems being improved?
- Is there clear evidence your IT provider has an active and effective continuous improvement program.
A good IT provider will have the tools to automatically collect this data and will have reports like these readily available. It should be very easy and quick for a good IT provider to produce this information.
A key thing to observe is how much time and effort does it take your IT provider to produce this information. If they can’t produce it quickly, then they don’t have it. If they don’t have it they can’t be using it to support you. This then will lead you to the most important question: are they doing the work you are paying them for?