CHAPTER 9
SYSTEM MAINTENANCE
Chapter Objectives 2
Explain the systems support and security phase
Describe user support activities, including user training and help desks
Define the four types of maintenance Explain various techniques for
managing systems maintenance and support
Chapter Objectives3
Describe techniques for measuring, managing, and planning system performance
Explain risk management concepts Assess system security at six levels:
physical security, network security, application security, file security, user security, and procedural security
Chapter Objectives4
Describe backup and disaster recovery List factors indicating that a system has
reached the end of its useful life Assess future challenges and
opportunities for IT professionals Develop a strategic plan for career
advancement and strong IT credentials
Introduction5
Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements
Successful, robust systems often need the most support
In most organizations, more than half of all IT department effort goes into supporting existing systems
Overview6
The systems operation, support, and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life
After delivering the system, the IT team focuses on support and maintenance tasks
User Support7
User Training Additionally, new employees must be
trained on the company’s information systems
User training package Training users about system changes is
similar to initial training Objective is to show users how the system
can help them perform their jobs
User Support8
Help Desks Often called an information center (IC) Enhance productivity and improve
utilization of a company’s information resources
User Support9
Help Desk Might have to perform the following tasks:
Show a user how to create a data query or report that displays specific business information
Resolve network access or password problems Demonstrate an advanced feature of a system
or a commercial package Help a user recover damaged data
User Support10
Help Desk In addition to functioning as a valuable link
between IT staff and users, the help desk is a central contact point for all IT maintenance activities
Can utilize many types of automated support
Maintenance Tasks11
The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system
Operational costs Maintenance expenses Maintenance activities
Maintenance Tasks12
Four types of maintenance task can be identified
Corrective maintenance Adaptive maintenance Perfective maintenance Preventive maintenance
Maintenance Tasks13
[1] Corrective Maintenance Diagnoses and corrects errors in an
operational system Respond to errors in various ways,
depending on nature and severity of the problem
In a typical procedure, a user submits a systems request that is evaluated, prioritized and scheduled
Maintenance Tasks14
[1] Corrective Maintenance For more serious situations, a user submits
a systems request with supporting evidence
Worst-case situation is a system failure
When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution
Maintenance Tasks15
[2] Adaptive Maintenance Adds enhancements to an operational
system and makes the system easier to use
The procedure for minor adaptive maintenance is similar to routine corrective maintenance
Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system
Maintenance Tasks16
[3] Perfective Maintenance Involves changing an operational
system to make it more efficient, reliable and maintainable
Can improve system reliability Cost-effective during the middle of the
system’s operational life
Maintenance Tasks17
[3] Perfective Maintenance Software reengineering Programs that need a large number of
maintenance changes usually are good candidates for reengineering
The more a program changes, the more likely it is to become inefficient and difficult to maintain
Maintenance Tasks18
[4] Preventive Maintenance Requires analysis of areas where
trouble is likely to occur IT department normally initiates
preventative maintenance Often results in increased user satisfaction,
decreased downtime, and reduced TCO Sometimes does not receive the high
priority that it deserves
Maintenance Management19
Requires effective management, quality assurance and cost control
To achieve these goals, companies use various strategies
In addition, firms use version control and baselines to track system releases and analyze the system’s life cycle
Maintenance Management20
The Maintenance Team System administrator Systems analysts
Analysis Synthesis
Programmers Applications programmer Systems programmer Database programmer Programmer/analyst
Maintenance Management21
The Maintenance Team Organizational issues
IT managers often divide systems analysts and programmers into two groups: one group performs new system development, and the other group handles maintenance
Many analysts feel that maintenance work is less attractive than developing new systems
One disadvantage of rotation is that it increases overhead costs
Maintenance Management22
Maintenance Requests Involve a series of steps All work must be covered by a specific
request Initial determination The systems review committee Task completion User notification
Maintenance Management23
Establishing Priorities In many companies, systems review
committee separates maintenance requests from new systems development requests
Some IT managers believe that evaluating all projects together leads to the best possible decisions
Object is to have a procedure that balances new development and necessary maintenance work
Maintenance Management24
Configuration Management Configuration management (CM)
Configuration management (CM) is a process for controlling changes in system requirements during the development phases of the SDLC.
As enterprise-wide information systems grow more complex, configuration management becomes critical
Also helps to organize and handle documentation
Maintenance Management25
Maintenance Releases Maintenance release methodology:
numbering system Maintenance release A numbering pattern distinguishes the
different released Reduces the documentation burden But new features or upgrades are
available less often Service packs
Maintenance Management26
Version Control Version control Archived Essential part of system documentation Companies can purchase software such as
Serena
Maintenance Management27
Baselines Systems analysts use baselines as yardsticks to
document features and performance during the systems development process
Functional baseline: beginning of the project Sys. Req. & design constraints
Allocated baseline: design phase Testing, verification of sys. req. & features
Product baseline: system operation Performance results & UAT
System Performance Management
28
Today, companies use complex networks and client/server systems to support business needs
To ensure satisfactory support for business operations, the IT department must manage system faults and interruptions, measure system performance and workload, and anticipate future needs
System Performance Management
29
Fault Management The more complex the system, the more
difficult it can be to analyze symptoms and isolate a cause
The best strategy is to prevent problems by monitoring system performance and workload
System Performance Management
30
Performance and Workload Measurement Benchmark testing Metrics Response time Bandwidth and throughput
Kbps (kilobits per second) Mbps (megabits per second) Gbps (gigabits per second)
System Performance Management
31
Performance and Workload Measurement Turnaround time The IT department often measures
response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements
Management uses current performance and workload data as input for the capacity planning process
System Performance Management
32
Capacity Planning What-if analysis You need detailed information about the
number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports
System Performance Management
33
Capacity Planning Most important, you need an accurate
forecast of future business activities If new business functions or requirements
are predicted, you should develop contingency plans based on input from users and management
System Performance Management
34
System Maintenance Tools Many CASE tools include system
evaluation and maintenance features In addition to CASE tools, you also can use
spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results
System Security Overview35
Security is a vital part of every computer system
System Security Concepts CIA triangle Integrity Availability Security policy
System Security Overview36
Risk Management Absolute security is not a realistic goal Risk identification - exploit Risk assessment - risk Risk control
Avoidance, mitigation, transference, acceptance
System Security Overview37
Attacker Profiles and Attacks An attack might be launched by a
disgruntled employee, or a hacker who is 10,000 miles away
Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons
Security Levels38
Must consider six separate but interrelated levels
Physical Security First level of security concerns the physical
environment Physical access to a computer represents
an entry point into the system and must be controlled and protected
Security Levels39
Physical Security Operations center security
Biometric scanning systems Servers and desktop computers
Keystroke logger Tamper-evident cases BIOS-level password Boot-level password Power-on password Uninterruptible power supply (UPS)
Security Levels40
Physical Security Notebook computers
Select an operating system that allows secure logons and BIOS-level passwords
Mark or engrave the computer’s case Consider notebook models that have a built-in
fingerprint reader many notebook computers have a Universal
Security Slot (USS) Back up all vital data
Security Levels41
Physical Security Notebook computers
Use tracking software While traveling, try to be alert to potential high-
risk situations Establish stringent password protection policies
Security Levels42
Network Security Network Network interface Encrypted Encrypting network traffic
Unencrypted – plain text Private key encryption Public key encryption (PKE)
Security Levels43
Network Security Wireless networks
Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) WPA2 IEEE 802.11i WPA2 is compatible with WPA, so companies
easily can migrate to the new security standard
Security Levels44
Network Security Private networks
Private network Virtual private networks
Virtual private network (VPN) Tunnel
Security Levels45
Network Security Ports and services
Port Service Port scans Denial of service (DOS) Distributed denial of service (DDOS)
Security Levels46
Network Security Firewalls
Firewall Firewalls can be configured to detect and
respond to denial-of-service attacks, port scans, and other suspicious activity
Network intrusion detection – network intrusion detection system (NIDS)
Security Levels47
Application Security Services
Security hole Hardening
Malware Application permissions
Administrator – super-user User rights - permissions
Security Levels48
Application Security Input validation Patches and updates
Patches Third-party software Automatic update service
Software Logs Log
Security Levels49
File Security Permissions
Read a file Write a file Execute a file Read a directory Write a directory
User Groups
Security Levels50
User Security Privilege escalation attack Identity management Password protection Social engineering
Pretexting
Security Levels51
User Security User resistance New technologies
Security token Procedural Security
Operational security Dumpster diving Paper shredders
Backup and Disaster Recovery
52
Backup: copying data regularly Recovery: restore data & restarting the
sys. after an interruption Disaster recovery plan: backup &
recovery plan Backup and disaster recovery issues
usually are intertwined
Backup and Disaster Recovery
53
Backup Policies Backup policy: detailed instructions &
procedures Backup media
Rotation schedule Offsiting
Backup Types Full backup: All files that match your selection are
included into the backup Differential backup: Only those files will be included
which have been changed since the last FULL backup
Backup and Disaster Recovery
54
Backup Policies Backup Types
Incremental backup: Only those files will be included which have been changed since the last backup
Continuous backup: automatically saved of every changed made
RAID (Redundant array of independent disks) Fault tolerant
Retention periods: keep the backup for a certain period of time
Backup and Disaster Recovery
55
Business Continuity Issues Test plan Business continuity plan (BCP) Hot site Data replication Business insurance
System Obsolescence56
At some point every system becomes obsolete
Signs: The system’s maintenance history
indicates that adaptive and corrective maintenance is increasing steadily
Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend
System Obsolescence57
Signs: A software package is available that
provides the same or additional services faster, better, and less expensively than the current system
New technology offers a way to perform the same or additional functions more efficiently
Maintenance changes or additions are difficult and expensive to perform
System Obsolescence58
Signs: Users request significant new features
to support business requirements Systems operation and support continues
until a replacement system is installed At some point in a system’s operational
life, maintenance costs start to increase, users begin to ask for more features and capability, new systems requests are submitted, and the SDLC begins again
Future Challenges and Opportunities
59
The only thing that is certain about the future is continuous change
Change itself is neither good nor bad — the real issue is how people and companies deal with the challenges and opportunities that are bound to occur
Future Challenges and Opportunities
60
Predictions The highest priorities will be the safety and
security of corporate operations, environmental concerns, and bottom-line TCO
Gartner, Inc. is a leading IT consulting firm that is famous for forecasting industry trends
Future Challenges and Opportunities
61
Predictions Gartner also predicted that by 2011, large
enterprises will require suppliers to certify their green credentials and sourcing policies
Author Randall Stross notes that the enormous amount of energy needed to drive cloud computing, including Google’s servers, has raised serious environmental concerns
Future Challenges and Opportunities
62
Strategic planning for IT professionals Working backwards from your long-term
goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project
Planning a career is not unlike planting a tree that takes several years to reach a certain height
Future Challenges and Opportunities
63
IT Credentials and Certification Credentials Certification In addition to Microsoft, many other IT
industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems
Chapter Summary64
Systems support and security covers the entire period from the implementation of an information system until the system no longer is used
A systems analyst’s primary involvement with an operational system is to manage and solve user support requests
A maintenance team consists of one or more systems analysts and programmers
Chapter Summary65
Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system
Configuration management is necessary to handle maintenance requests
Security is a vital part of every computer system
Risk management creates a workable security policy
Chapter Summary66
All information systems eventually become obsolete
An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones
An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills