Tag Archive: Best Practices


Is It Time to Upgrade IT?

Filed under: Best PracticesLeave a comment
February 27, 2011

Today, a trip to your local computer store to buy a new PC can be an eye-opening experience. Notebooks, for example, come in many shapes and sizes: desktop replacement, notebook, sub-notebook, and netbook. The relative processing power of PCs also varies greatly. This may not matter to users who just want to use their PC for basic office applications and web browsing. However, power users that never want to wait for their computers still care very much about processing power.

When PCs were first introduced, it was far easier to understand the relative processing power of workstations. Each new PC model that was released was a quantum leap beyond its predecessors. If you were around back then, you may remember XTs, ATs, 386s, 486s and 586s. Thanks to those classifications and the relative clock speeds, you didn’t need to be a rocket scientist to determine the approximate speed of one of these PCs.

You knew when to buy a new one.

In later years, other speed-related issues became increasingly important: memory, hard drive, front-side bus, hard drive interface, PCI Express slots, USB version, hyper-threading, multitasking, operating systems, et cetera. Somewhere along the way, the ability to easily differentiate the relative power of various PCs became blurred. Today, even technology experts have to scrutinize specific benchmarks to be sure of exactly what processing power they are getting. The difficulty lies in understanding your primary applications’ infrastructure needs, knowledge of potential bottlenecks and the vast array of available choices that can satisfy your business requirements.

Best Practice
Many firms in the financial industry regularly replace their equipment after two or three years of use. This strategy has as much to do with leasing and depreciation as it does with proactive maintenance and a commitment to technology standards. It is considered a best practice to replace equipment that is older than three years. This practice provides an opportunity to implement more efficient technology, limit future maintenance costs, and reduce the risk of catastrophic system failures. Though we occasionally see firms stretch equipment into a fourth or fifth year, we don’t recommend it.

Our advice is to establish a regular routine for replacing equipment, with priority on shared resources. For instance, a firm might replace all servers every two years and workstations every three years. As game-changing technology emerges, we also make additional recommendations for purchases when appropriate.

Simplifed Hierarchy of Processing Speed Factors

Assessing your systems

For business applications, the most important factors in determining yoursystem’s operating speed are CPU, memory, hard drive, and operating system (OS).  Internet bandwidth and network speed also contribute to how fast your systems process data.   In the remainder of this article, we will take a closer, slightly more technical look at these individual factors, offer some specific recommendations, and give you instructions on how to evaluate certain components.  A software program can effect your perception of system performance too, but we won’t be getting into that.

In order to get a more comprehensive evaluation of your individual systems, you can download a trial of the Passmark’s Benchmarking software and see how your machines compare with other users’ benchmarked systems:
http://www.passmark.com/products/pt.htm

CPU
Passmark’s extensive database benchmarks over 1,300 CPUs . Some are specifically designed for virtualized server environments, while others are designed to maximize the battery life of notebooks. Understanding where your current CPU fits within the benchmarks will help you glean what type of benefit you would see from a faster processor.

 Assuming you are using a Windows operating system, you can identify the processor your PC uses by holding down the WINDOWS key and pressing the BREAK key, which is usually in the upper right corner of your keyboard. Once you do this, you will see text similar to what is shown below:

Look for the line that identifies your processor, then click on the link below and see if you can find your processor on one of the lists.
http://www.cpubenchmark.net/

Using this resource, you should be able to compare the benchmark scores of your processor to those of prospective new PC replacements and approximate the relative processing speed gain.

When purchasing new PCs, we prefer to buy the fastest processors we can without paying an unreasonable premium. We expect the cost to be relatively proportional to the processing speed of various CPU options; we might pay 15% more for a processor that is 20% faster, but we would not pay 66% more for a processor that’s only 10% faster.

Memory
Memory is relatively cheap. Accessing information from random access memory (RAM) rather than hard drive space or network storage is ideal, since accessing RAM is much quicker than pulling data from your hard drive or network. PCs running XP should have 3-4gb. XP cannot access all 4gb, but typically uses a little more than 3gb. Machines running Windows 7 should have at least 4gb, or even better, 8gb. In some cases, you can add 8gb of memory to an older PC for a little as $100.

For optimal performance, memory speeds should match the maximum supported by your PC.

Hard Drive
Buy the fastest hard drives you can afford. You are unlikely to regret it. We have long enjoyed using Western Digital’s Raptor drives (10k RPM) on our workstations. More recently, we have selectively switched to OCZ’s Solid State Drive (SSD).

The link below will take you to Passmark’s list of benchmarked hard drives:
http://www.harddrivebenchmark.net/

Hopefully, you can find your workstation’s hard drive in the “High-End Drive Chart.” If you cannot, you should strongly consider upgrading it to an SSD drive because:

1. SSDs use 80% less power.
2. SSDs are silent.
3. SSDs are much faster than traditional hard drives. (An OCZ Vertex 2 SSD drive is about twice as fast as a 10k Western Digital Raptor drive.)
4. SSDs are more durable, and reliable.
5. SSDs are affordable. An 80gb drive, which should be enough for most workstations, costs $150.

If you want to compare your current hard drive’s benchmark to drives, with which you could replace it, open up Windows Explorer by holding down the WINDOWS key and pressing the “E” key, then right-click on your C-drive, and select properties. The hardware tab should contain the model number of your hard drive, and using this information you should be able to find the benchmark of your current hard drive.

 

Operating System
In the investment business, the reliability of systems is paramount. Selecting the right operating system for your workstations may be one of the most important things you can do to improve systems infrastructure. The majority of RIAs have been stuck on Windows XP for quite some time. Torn between staying on what works with all their existing software and switching to the latest Microsoft OS, many have done nothing.

Vista was a nightmare for early adopters. We upgraded our best system, when it came out, and it subsequently became dedicated to IE browsing and Office 2007 use. In all other respects, it was a pain.

In contrast to Windows XP and Vista, Windows 7 is a rock-solid product. We have been using Windows 7 Ultimate (64-bit) heavily for about a year. Configured with 4gb to 8gb of RAM and high-end hard drives (the SSDs and Raptors mentioned earlier), we have yet to see these systems seize up like Windows XP and Vista might. They consistently and fluidly respond to user requests.

When Advent Software proclaims support of Windows 7 with Axys, we expect that many RIAs will finally upgrade to Windows 7 Professional. Before you decide to move to Windows 7, you should verify that all of your software is compatible with the specific version of Windows 7 you intend to implement.

Choosing the right Network operating system (NOS) is also extremely important. A large number of firms are still using Windows 2003 Server, but they should be planning on migrating to Windows 2008 Server R2 within the next year. The prevalence of DR sites make switching an RIA’s NOS a more complicated and expensive venture, but newer systems offer valuable features such as increased security and integration with Windows 7 providing meaningful incentives to upgrade.

Upgrading the “brains” of your IT infrastructure needs to be carefully planned, scheduled and executed to ensure a successful outcome. In place upgrades of mission-critical servers are an absolute “no-no” without redundant systems to fall back on.

The best practice for systems that aren’t virtualized is buy new equipment with the new NOS for your primary site and your DR site. Virtualized systems offer more flexibility. The ability to store server images allows you to easily backup virtual machines, and revert back to a previous image if necessary.

Internet Bandwidth
Sometime users mistake slow Internet access as slow processing speed on their PC. Identifying these problems correctly is an important part of assessing the speed of your systems.

You can use the link below to test your Internet speed, but in order to get a truly accurate reading you will need to be the only user connected to the Internet. In any event, this test should give you a general idea of your Internet connection’s upload and download speeds.

http://www.speakeasy.net/speedtest/

If you are experiencing a processing problem on your system, try running this test to see what your upload and download speeds are at the time.

Domain Name Server (DNS)
When you type a URL into a web browser, the domain name you type needs to be resolved to an IP address in order to download the information to your web browser. By default, a DNS provided by your Internet Service Provider (ISP) handles this. If you haven’t already done so, you should consider establishing a local DNS server to accelerate domain name resolution.

Network Speed
Network speed is critical for clients that do processing-intensive work on their PCs. Firms using flat-file programs like Axys can see a dramatic improvement in processing by upgrading their LAN technology, but firms that utilize client-server databases locally or cloud-based apps may not.

Gigabit Ethernet (1G) is the standard. Ten Gigabit (10G) Ethernet is available, but with an estimated entry-level hardware cost of $1,500 per user (based on 24 users), the technology is cost-prohibitive for small to medium-sized RIAs, and typically found in enterprise server rooms not small and medium-sized businesses. To be implemented in most office environments special cabling (category 6a or category 7)  is required.  With the future in mind, those moving into new office space should consider paying the premium to install category 6a  or category 7 cabling instead of category 5e or category 6, but do their own cost-benefit analysis.

There are situations where decentralized use of 10G Ethernet could make sense (e.g. an Axys user with more than 10,000 accounts), but most firms will wait for the cost to come down to a more reasonable level. Since faster localized data processing is in demand at the enterprise level, prices may remain where they are for some time.

Many notebooks still do not have gigabit ports. If you are shopping for a notebook make sure it has a Gigabit Ethernet port. If you still haven’t standardized on Gigabit Ethernet at your office, you should be able to, do so at a hardware cost of less than $75 per user.

New systems or new parts?
The best configuration for your new workstations and servers is an affordable one that you never have to upgrade during the useful life of the equipment. While some of the recommendations we have made in this article can be applied individually, it is usually more cost-efficient to buy new equipment that has the right configuration of OS, memory, CPU and hard drive.

Before you spend money upgrading older technology, find out how much your existing equipment is worth. If you aren’t certain, you can look it up on eBay and see what the approximate replacement cost is. This is usually a good indication of how desirable your equipment is as well as its relative processing power by today’s standards, and may validate further investment in the equipment or help solidify plans to upgrade to new equipment in the near future.

About the Author:
Kevin Shea is President of InfoSystems Integrated, Inc. (ISI); ISI provides a wide variety of outsourced IT solutions to investment advisors nationwide. For details, please visit isitc.com or contact Kevin Shea via phone at 617-720-3400 x202 or e-mail at kshea@isitc.com.

Tags: , , , , , , , , ,
Comment

Meet the Technology Challenges of Compliance at Your Firm Head-on

Filed under: Best Practices, Portfolio Management SystemsLeave a comment
December 10, 2010

Compliance demands vis‐à‐vis the SEC, Gramm‐Leach Bliley, and most recently emerging local regulations like Massachusetts 201 CMR 17.00, require a significant investment of resources in terms of both time and capital to meet the ever‐growing regulations associated with doing business in the information age. In this article, we summarize the requirements of 201 CMR 17.00, which went into effect March 1, 2010.

Many businesses across the nation are looking closely at the law that Massachusetts implemented with the concern that similar legislation will soon be coming their way. In a nutshell, Massachusetts’ new law dictates that businesses nationwide take appropriate steps to protect the privacy of Massachusetts residents’ Personal Information (PI) according to their ability to do so. As such, the right solution for a small business may not be acceptable for a large business ‐ if a more robust solution exists at a higher, yet affordable, cost for the larger business.

The new law charges businesses with the responsibility of protecting this consumer data from being lost or stolen, and may seem redundant to those familiar with the best practices from preexisting government regulations and industry standards. Companies need to know what they are up against. The threats are real. It is amazing that we have not heard more in the news about the security of private records being compromised.

The level of vigilance required to establish and maintain a secure environment at the workplace would surprise many. In truth, the only absolutely secure PC is one that is locked away out of physical reach and not connected to the Internet. The best security is established through a combination of proactive measures, and is still dependent on appropriate reactive responses to would‐be hackers.

In an effort to make our checklist easier to digest, we have broken it into the four fundamental areas addressed by the law: updates, attentiveness, policy and documentation, and encryption. In the remainder of this article we take a closer look at the specific requirements of these areas.

Updates
1. Apply operating system patches and software updates on a timely basis.
2. Reasonably current versions of Antivirus and Antispyware must be installed and updated regularly.
3. The software portion of your firewall should be kept reasonably up to date.

Attentiveness
4. Monitor your firewall and take appropriate actions when merited.
5. Perform an annual security audit.
6. Take reasonable steps to verify that third parties with access to Personal Information (PI) protect it.

Policy & Documentation
7. Create a Written Information Security Program (WISP); appoint a person at your firm to manage the program, and detail disciplinary actions associated with non‐compliance by employees.
8. Create secure user authentication protocols, strict control of user IDs and passwords.
9. Any inactive employees should be removed from systems immediately.
10. Educate and train all employees about security.
11. Limit access to PI to those who specifically need it.

Encryption
12. Encrypt email that contains PI (defined as a person’s name with any one or combination of the following: driver’s license, social security number, financial account number, debit/credit account number, or state issued identification number).
13. Encrypt all remote access connections.
14. Encrypt backup media, notebook hard drives, portable hard drives, and all removable media that contain PI.

Updates
Downloading and applying recent security updates to your operating system and primary applications is an integral component to keeping hackers at bay. It is alsoa relatively low tech item that most users can take care of by themselves. Unfortunately, an occasional bad update can bring all productivity on your system to a screeching halt. This was the case with Windows XP SP3 where, in some instances, users who installed it lost their Internet connectivity. Professional IT consultants are aware of the potential issues new updates to workstations and servers can raise. We recommend controlling the updates through Windows Server Update Services (WSUS) or opting to perform the updates manually in smaller offices.

Perhaps the authors of Massachusetts’ new law also recognized that all new updates should not necessarily be installed immediately. Ergo, the language indicatesthat systems should be reasonably up to date.

Your IT vendor should be qualified to determine exactly when updates must be applied, but if you go to the http://www.windowsupdate.com site and find that there are over twenty security updates to install on your PC, you should not consider your PC “reasonably” up to date. Antivirus definitions need to be downloaded and applied regularly. Antivirus images are released bytheir software providers nearly everyday and sometimes more frequently. You can usually check your update by clicking on the Antivirus client program that sits on your taskbar in the lower right hand corner of your computer screen.

Keeping your firewall software reasonably up to date and security rules relevant is paramount to the security of your systems. However, only firewall patches that have been vetted by your IT staff should be installed. A bad firewall update can cause more harm than good.

Attentiveness
You will need to allocate extra resources towards maintaining and monitoring these required standards. Your firewall should be configured to log all suspicious activity, but to properly manage the security of your systems someone needs to review the logs on a regular basis and take corrective actions when required. Though the law requires an annual audit of your security policy the reality is that it should receive much more frequent attention and amendments. Your firm is also expected to verify that third parties with access to PI can protect it.

Policy & Documentation
Your Written Information Security Program (WISP) should spell out the policies related to keeping PI private. A person at your firm must be appointed to manage the program. Since most Massachusetts businesses have already created a WISP, you can find samples online via Google.

Secure user authentication protocol (such as limiting the number of login attempts before locking out users) are expected to be in use at your firm. In addition, passwords need to be kept private and relatively complex. If everyone at your office knows each other’s passwords, you definitely need to change your policy.

When employees or contractors become inactive, their accounts must be promptly removed from your system. Educating your users is a critical aspect of securing your enterprise. Malware, for example, can be accidentally loaded by employees who do not recognize it.

Due to their size, small firms may have difficulty limiting data access to employee subgroups, but larger companies should not have as much trouble with this requirement.

Encryption
Encrypting remote access connections can be done by standardizing on Logmein, GotoMyPC, or a combination of VPN and Remote Desktop or Terminal Services.

Notebook hard drives containing PI must be encrypted. Though it is possible to buy new equipment with encrypted hard drives, you may find it easier on the wallet to purchase hardware encrypted thumb drives and enforce a policy that forbids users from saving private information on their notebook hard drives.

Likewise, any removable media such as backup tapes and/or hard drives must be encrypted. These drives are relatively inexpensive. So being a small company with limited resources will not be a valid reason for not taking care of this.

To meet the email encryption requirements for sending PI, some larger companies may elect to address the issue by encrypting all email. Smaller firms may selectively encrypt emails containing PI via Adobe Acrobat. In a perfect world, all of your clients would have a class 1 digital certificate or better and email encryption would be simplified.

If your firm performs Internet vaulting of your data, double check the encryption settings, and use 256‐bit encryption or higher if possible.

This article was originally published in the Advent Users Group Newsletter in 2010. It is an interpretation of the technology issues related to the new law. To review all of the requirements, refer to the PDF link on the mass.gov web site: www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf

About the Author:
Kevin Shea is President of InfoSystems Integrated, Inc. (ISI). ISI provides a wide variety of outsourced IT solutions to investment advisors nationwide. For details, please visit http://www.isitc.com. You can also contact Kevin Shea via phone at 617‐720‐3400 x202 or e‐mail kshea@isitc.com.

Tags: , , , ,
Comment