Friday, June 15, 2007

Tenet #12 - Don’t Forget the Monitoring and Operational Requirements!

Here's tenet #12 from my whitepaper "Tenets of Identity Management". Part #1 of the "Tenets of Identity Management" podcast is posted on the Quest web site. Part #2 is also now available.

Don’t Forget the Monitoring and Operational Requirements!

I’ve seen countless organizations forget this. It’s a check-box in the RFP and is extremely important!

In many larger enterprises, one group manages the operations of production infrastructure components. Typically, this group is involved in some way with the purchase of infrastructure products. The group can influence how the company will monitor and handle the day-to-day operations of software that’s acquired. However, in many smaller companies, such a group either doesn’t exist or it isn’t involved in the software acquisition. This is not a trivial requirement. If you’ve done a proper POC (see previous tenet), you know at least whether a vendor’s products can handle your environment. But, if something happens and things start to fall apart, will you have advance warning? If so, how? From an operational perspective, will you have the tools to diagnose problems or will every hiccup lead to a call to the vendor’s support hotline?

Have you already deployed a monitoring product like Tivoli, OpenView or Microsoft Operations Manager? If so, will your identity management product integrate with your monitoring package? If not, does it have built-in monitoring? While built-in monitoring is better than no monitoring, your operations staff really shouldn’t have to monitor yet another console.

Day-to-day operational requirements are also something to examine closely. How do you back up the solution? How do you perform full and partial restores? Does the product require a database back-end? If so, is that database one of the standards within your organization? If mySQL is not one of your company standards and your identity management software requires mySQL, you are going to be forced to adopt new operational procedures. The same goes for programming languages and interfaces. One European identity management vendor’s programming interface is limited to TQL. TQL may be the best programming language to use, but how many developers know TQL? If you choose this system, you will be paying expensive consulting rates for implementing and customizing your project.

Technorati Tags:

No comments: