Elsinore Technologies announced July 21, 2010 that it will be exhibiting at the 2010 HDI Service Desk Expo in Miami Florida. The event scheduled for October 6-8^th at the InterContinental Miami is an annual conference that brings together members of HDI community to discuss industry related topics such as Service Management, Governance, Service Quality, and much more.

This show appealed to us for a variety of reasons, but we ultimately made the decision because of the HDI community itself. Their focus on quality, knowledge sharing, and innovation mirrored what we as a small software company are trying to achieve every day. As we worked with the Expo team for several months learning, reading, and asking questions it was clear that HDI had a well thought out and focused event which we wanted to be involved with going forward.

The entire team here is excited about our first HDI Expo and no it’s not just because it’s in Miami! So if you are in Miami October 6-8^th and you want to talk about ITSM, Issue Tracking, or Remote Support stop by booth 3 and say hello to Jeff, Jake, or Morgan.

Elsinore Press Release

HDI Service Desk Exp 2010 

Much thanks to our friends at www.wareprise.com for taking the time to review ScreenConnect recently. As we try to get the word out we reached out to a few key editors and technology writers to see if they would give us feedback on our product. Wareprise took it a step further and even posted their review online. It was a great surprise when they contacted us with their review, so if you get a second take a look at our ScreenConnect review http://www.wareprise.com/2010/02/25/screenconnect-a-self-hosted-remote-support-software/

 

Many global organizations are working on standardizing the best practices for workflows. One of the most notable practices is the business process modeling notation (BPMN). The BPMN provides a set of symbols and guidelines for charting the flow of a business process. In this second installment of our workflow discussion, we’ll talk about the different elements that comprise a BPMN compliant workflow.

 

Annotations – These are small text paragraphs that are often added by the workflow designer to explain what is being done at that stage of the workflow. Annotations can provide additional information, but they can also take up a lot of additional room on the canvas. Because annotations are not necessarily required in a workflow, there are a few modes of use:  always visible, visible if the mouse is over a particular element or icon (also known as “tool tips”), or toggled on and off as the user requires through a button or similar mode of use.

Events –Events, denoted by circles, signal “something happening,” such as an email notification, a scheduled meeting, or the end of a particular process. Icons may be present inside the circle, such as an email icon or a clock picture. Though a user will immediately know the type of an event by the icon or color of the circle, the user will not know exactly what transpired during that event. Annotations may be added for clarity, which will result in a workflow with more elements.

Activities –Activities, such as meeting requests and task assignments, are sometimes represented as rounded rectangles with small icons. However, these icons only tell the user that “something” is happening at that point; the user will not necessarily know exactly what happened at a meeting, who is involved, what was said in an email, etc. Having more information about the activities can be useful, but it creates additional design elements in the workflow.

Question:  If you are assigning the same task to multiple individuals, should workflow designers use one task element to represent this activity? Or should the designers use multiple elements?

Gateways – These are elements that take transitions from the output(s) of elements and then transition them to the input(s) of others. There are two main types of gateways: combiners (fork/join) and multipliers (inclusive decision/merge). A combiner takes multiple inputs and creates a single output, while a multiplier takes a single input and creates multiple output transitions. These elements are not required in a process. However if the goal is to show as much detail as possible about the events of a workflow, they can be very useful.

Question:  Should a gateway that has internal logic denote that to the observers of the workflow?

Swimlanes – Represented as horizontal or vertical lanes (often different colors), swimlanes help teams and designers to keep track of what work is done by which department or what category the work falls under. These can add complexity to the layout and design of the workflow.  

There are many more elements within the BPMN standard that can be added to a workflow. Again, however, we must ask the question: which elements are the most important? By utilizing a large variety of geometrical icons, will the workflow become too cluttered, hindering the understanding of the user?

The team here at Elsinore has spent quite a bit of time this past week reviewing how workflows should look and feel to users.  We thought it would be great to hear our customers’ and visitors’ opinions on workflow design usages.

For the purpose of this blog we will focus specifically on business processes, though the principles could apply to any type of organization. A typical workflow diagram will have geometrical elements (such as rectangles, diamonds, and triangles), each representing or describing some action, activity, or decision that has to be made during the process. Most of these elements will typically have a one or two word label to help observers keep track of the flow. These elements are however only a few of the possible graphical and text representations available.

The amount of detail provided by a workflow diagram is determined by the workflow designer. Workflows can be designed at a high level, only outlining the general scope of the process and keeping the layout simple. On the other hand, workflows can be very detailed, showing exactly what activities are being performed, to whom the emails are sent, what divisions are doing the work, who is responsible for scheduling a meeting, etc. The information is all available but the key is balance. When we consider these and other elements that could be represented, are they useful or do they add clutter to the workflow canvas? What elements do you think are important?  And should workflow designers err on the side of simplicity, or should they strive to display as much information as possible?

It’s a difficult philosophy to capture in a single blog, so in the next installment we’ll capture a few of the most common design elements of a workflow and discuss some of their pros and cons as graphical representations on a workflow.

Remote support software or remote desktop support software are applications that allow the remote access of another device, typically a computer, for the purpose of controlling the target device.  “Controlling the target device” can have several connotations; while most remote support applications do permit the control of the target computer, some only provide viewing capabilities. By using remote support software, a user can troubleshoot another user’s computer with efficiency and ease.

The method of installation can vary widely between one remote support application and another. Some remote support software applications require both the client and the host to install a small program on their machines. Other applications only require installation on the host’s machine, and the client connects to the remote support session via a web page portal. Finally, a remote support application can be entirely web-based, connecting two machines via a single web portal. 

Remote support software applications can offer a number of features to assist a client.

1. Video recording - enables a host to send a client a video file of all actions performed in the session.
2. Chat - Allows a host to easily communicate with a client while the remote connection is taking place.
3. File transfer - Permits the transfer of files easily between the host and client quickly. A typical use model would be the replacement of a corupt file or installing new software.
4. Reboot/Reconnect - When your dealing with software you will often be required to shut down the PC and log back in. This feature allows the two computers to reconnect after the reboot occurs.

According to the UK’s Office of Government Commerce (OGC), the Information Technology Infrastructure Library (ITIL) Version 2 (v2) is finally being laid to rest. ITIL v2 was lauded as the “most widely accepted approach to IT service management in the world.” In 2007 ITIL v3 was launched with, a few major changes, possibly most significant a key shift in methodology by encouraging inter-department communication between IT and business teams. Having worked on both sides of this equation in different careers, I can attest that improved communication between these departments definitely needed addressing. But as we move into this new decade, let’s look back at some of the stats and the history of ITIL v2. 

• Some general ITIL Information
• A Google search for ITIL v2 returns over 353,000 results
• ITIL v2 was launched in tandem with BS 15000 which later became ISO/IEC 20000
• A Google search for ISO/IEC 20000 returns 226,000 results
• Some notable ITIL adopters: Microsoft, IBM, Cat,and Boeing

The blog IT Skeptic has worked out the cost to obtain full ITIL certification: $60k. This includes hourly rates for your time,travel, etc.  The actual cost, should you choose to obtain just the certification, is probably closer to $20k-30k.

ITIL began with a decision from the UK government recognized a need for a set of standards for IT infrastructure and management.  The original group formed to address this issue was the Central Computer and Telecommunications Agency (CCTA). The CCTA then produced the Government Information Technology Infrastructure Management (GITIM). Yes, that’s a lot of acronyms, but stay with us! So the GITIM lost the G and the M, improvised with library, and the ITIL was born.

History

1989 – ITIL v1, thirty volumes long, is released. 

2000/2001 – CCTA becomes the OGC, which is under the office of the UK Treasury. Perhaps the government suspected that IT service management would yield lots of revenue!

2000/2001 - ITIL v2 is released at a trim eight volumes long, since thirty volumes is a heavy load for a bookshelf!

2006 – The ITIL Glossary is released.

2007 – ITIL v3 is released. It is five volumes long, with a focus on communication with business teams. 

2009 – OGC announces the end of ITIL v2, and there will be no more books or certifications.

2010 – 1 year notification/warning from OGC

June 30, 2011 – RIP ITIL v2

AES stands for Advanced Encryption Standard (AES) and among many other use models such as the NSA, it is the encryption used by ScreenConnect to protect information between clients and hosts. The principal and requirements for AES were dictated by NIST (National Institute of Standards and Technology), however the ciphers themselves and much of the requirements were provided as part of feedback loop organized by NIST with experts and enthusiasts around the world. NIST had several requirements but the two most critical, that the cipher utilize a 128bit block size and have key sizes of 128, 192, or 256bits.

So why did NIST push for a new method to replace its existing DES cipher? Well that has to do with PC boom in the late 80’s and 90’s and the demand for larger amounts of data to be transferred securely. Some really smart people figured out that with a 64bit encryption that the chances of information leaking out would be very probably if the information packaged under one key exceeded 32GB. Therefore by moving to a 128 bit block length the opportunity for information leakage would not be likely until packets reached 256Exabytes which is considerably more than most people are sending today.

But what about brute force, is there a possibility someone can decipher the AES key? Deciphering an encrypted key is similar to figuring out a combination lock, but with a lot more possible combinations. The math is pretty straight forward but Wikipedia has one of the best examples I have seen to explain why breaking a 128 or 256 bit encryption is difficult to say the least. For our example we will ignore the power consumption of the computer assuming that it is possible for the computer to run long enough to crack the code and for the owner to pay the electricity bill. Instead we will focus on the time required to actually test all the possible combinations, but don’t forget even if they figure out the key they would still need software to apply the key, decipher the packet, and determine if the message makes sense. For a 128bit key all of the 2¹²⁸ possibilities would need to be checked. A device that can check one billion possible keys per second would have to run longer than the universe as theoretically existed in order to get close to cracking the code. That’s a long time in case anyone is keeping score.

Do you remember the shell game? The principal was quite simple; there is an object and three cups.  The owner of the game places the object under one of the three cups and then moves them around in what seems to be very unpredictable pattern.  The player has to watch the cup with the object and then find it when the owner stops moving them around.  Well these street games are not always fair, sometimes the owner cheats and removes the object or hides it through some sleight of hand.  But the principal of the game is about confusing the people watching, very similar to the way ciphers are used today to protect information. 

Claude Shannon in his paper Communication Theory of Secrecy Systems published in 1949 outlined the principals that still govern the general design of encryption systems today, confusion and diffusion.  In Shannon’s paper confusion is the process of making deciphering the ciphertext as difficult as possible unless you have the key.  The process involved replacing each character with a representing character or symbol from a lookup table.  Quite often the lookup tables would be quite elaborate not only taking into account the original character but also the neighboring characters and a host of other variables.  The diffusion would represent the next layer of protection, the redundancy of rearranging the characters and then running the ciphertext (the resulting text after the confusion layer) back through the lookup table a second or third time.  The result was a complex spider web of non-linear links and mathematical substitutions that is nearly impossible to backward engineer without the key. 

Mr. Shannon outlined the basic principals used by banks, government organizations, and little remote support tools like ScreenConnect to encrypt and protect information.  To learn more about Communication Theory of Secrecy Systems or Claude Shannon visit Wikipedia.org which provides a good overview of both and has links to other supporting sites.

Remote desktop support solutions provide users the capability to directly interface with a PC over an internal network or the internet for support purposes such as software updates, troubleshooting, etc. The majority of these 3^rd party solutions operate under the software as a service (SaaS) model, requiring users to purchase subscription based licensing to access the software. This has been the widely accepted model for the past decade with companies like LogMeIn and Webex implementing recurring costs ranging from $50-$100/month per user. These solutions have established a solid market and have a huge global customer base, but this model is not ideal for all companies. Small and mid-size businesses (SMBs) and even some large organizations often have a tough time incurring the high monthly cost and there are also the security concerns.  Regardless of the promises, documentation, and visibility provided some customers just do not like their information travelling through the server connections of 3^rd party companies, many military organizations and contractors have implemented their own solutions over the years specifically for this reason.

A result of these concerns has launched a new series of remote support solutions that are designed to be hosted by the user which means all security concerns can be managed internally and the overall cost of ownership is significantly less. With no annual or monthly costs, most users expect to see significantly less feature sets but that is not the case. Our product ScreenConnect provides

1. Support for Linux, MAC, and PC
2. Has screen recording capability
3. Manages UAC for Vista and Windows 7
4. Dual monitor support
5. Can configure theme and external appearance to match company branding
6. Logging
7. And much more

Will self hosted solutions be the direction of the future? Most likely many companies will still see value in hosted solutions, they keep things simple from an infrastructure perspective but you pay heavily for that simplicity. The hopes of tools like ScreenConnect is that we can continually make it easier for business and IT groups alike to adopt and that the cost savings will justify the transition.