According to the UK’s Office of Government Commerce (OGC), the Information Technology Infrastructure Library (ITIL) Version 2 (v2) is finally being laid to rest. ITIL v2 was lauded as the “most widely accepted approach to IT service management in the world.” In 2007 ITIL v3 was launched with, a few major changes, possibly most significant a key shift in methodology by encouraging inter-department communication between IT and business teams. Having worked on both sides of this equation in different careers, I can attest that improved communication between these departments definitely needed addressing. But as we move into this new decade, let’s look back at some of the stats and the history of ITIL v2. 

• Some general ITIL Information
• A Google search for ITIL v2 returns over 353,000 results
• ITIL v2 was launched in tandem with BS 15000 which later became ISO/IEC 20000
• A Google search for ISO/IEC 20000 returns 226,000 results
• Some notable ITIL adopters: Microsoft, IBM, Cat,and Boeing

The blog IT Skeptic has worked out the cost to obtain full ITIL certification: $60k. This includes hourly rates for your time,travel, etc.  The actual cost, should you choose to obtain just the certification, is probably closer to $20k-30k.

ITIL began with a decision from the UK government recognized a need for a set of standards for IT infrastructure and management.  The original group formed to address this issue was the Central Computer and Telecommunications Agency (CCTA). The CCTA then produced the Government Information Technology Infrastructure Management (GITIM). Yes, that’s a lot of acronyms, but stay with us! So the GITIM lost the G and the M, improvised with library, and the ITIL was born.

History

1989 – ITIL v1, thirty volumes long, is released. 

2000/2001 – CCTA becomes the OGC, which is under the office of the UK Treasury. Perhaps the government suspected that IT service management would yield lots of revenue!

2000/2001 - ITIL v2 is released at a trim eight volumes long, since thirty volumes is a heavy load for a bookshelf!

2006 – The ITIL Glossary is released.

2007 – ITIL v3 is released. It is five volumes long, with a focus on communication with business teams. 

2009 – OGC announces the end of ITIL v2, and there will be no more books or certifications.

2010 – 1 year notification/warning from OGC

June 30, 2011 – RIP ITIL v2

AES stands for Advanced Encryption Standard (AES) and among many other use models such as the NSA, it is the encryption used by ScreenConnect to protect information between clients and hosts. The principal and requirements for AES were dictated by NIST (National Institute of Standards and Technology), however the ciphers themselves and much of the requirements were provided as part of feedback loop organized by NIST with experts and enthusiasts around the world. NIST had several requirements but the two most critical, that the cipher utilize a 128bit block size and have key sizes of 128, 192, or 256bits.

So why did NIST push for a new method to replace its existing DES cipher? Well that has to do with PC boom in the late 80’s and 90’s and the demand for larger amounts of data to be transferred securely. Some really smart people figured out that with a 64bit encryption that the chances of information leaking out would be very probably if the information packaged under one key exceeded 32GB. Therefore by moving to a 128 bit block length the opportunity for information leakage would not be likely until packets reached 256Exabytes which is considerably more than most people are sending today.

But what about brute force, is there a possibility someone can decipher the AES key? Deciphering an encrypted key is similar to figuring out a combination lock, but with a lot more possible combinations. The math is pretty straight forward but Wikipedia has one of the best examples I have seen to explain why breaking a 128 or 256 bit encryption is difficult to say the least. For our example we will ignore the power consumption of the computer assuming that it is possible for the computer to run long enough to crack the code and for the owner to pay the electricity bill. Instead we will focus on the time required to actually test all the possible combinations, but don’t forget even if they figure out the key they would still need software to apply the key, decipher the packet, and determine if the message makes sense. For a 128bit key all of the 2¹²⁸ possibilities would need to be checked. A device that can check one billion possible keys per second would have to run longer than the universe as theoretically existed in order to get close to cracking the code. That’s a long time in case anyone is keeping score.

Do you remember the shell game? The principal was quite simple; there is an object and three cups.  The owner of the game places the object under one of the three cups and then moves them around in what seems to be very unpredictable pattern.  The player has to watch the cup with the object and then find it when the owner stops moving them around.  Well these street games are not always fair, sometimes the owner cheats and removes the object or hides it through some sleight of hand.  But the principal of the game is about confusing the people watching, very similar to the way ciphers are used today to protect information. 

Claude Shannon in his paper Communication Theory of Secrecy Systems published in 1949 outlined the principals that still govern the general design of encryption systems today, confusion and diffusion.  In Shannon’s paper confusion is the process of making deciphering the ciphertext as difficult as possible unless you have the key.  The process involved replacing each character with a representing character or symbol from a lookup table.  Quite often the lookup tables would be quite elaborate not only taking into account the original character but also the neighboring characters and a host of other variables.  The diffusion would represent the next layer of protection, the redundancy of rearranging the characters and then running the ciphertext (the resulting text after the confusion layer) back through the lookup table a second or third time.  The result was a complex spider web of non-linear links and mathematical substitutions that is nearly impossible to backward engineer without the key. 

Mr. Shannon outlined the basic principals used by banks, government organizations, and little remote support tools like ScreenConnect to encrypt and protect information.  To learn more about Communication Theory of Secrecy Systems or Claude Shannon visit Wikipedia.org which provides a good overview of both and has links to other supporting sites.

Remote desktop support solutions provide users the capability to directly interface with a PC over an internal network or the internet for support purposes such as software updates, troubleshooting, etc. The majority of these 3^rd party solutions operate under the software as a service (SaaS) model, requiring users to purchase subscription based licensing to access the software. This has been the widely accepted model for the past decade with companies like LogMeIn and Webex implementing recurring costs ranging from $50-$100/month per user. These solutions have established a solid market and have a huge global customer base, but this model is not ideal for all companies. Small and mid-size businesses (SMBs) and even some large organizations often have a tough time incurring the high monthly cost and there are also the security concerns.  Regardless of the promises, documentation, and visibility provided some customers just do not like their information travelling through the server connections of 3^rd party companies, many military organizations and contractors have implemented their own solutions over the years specifically for this reason.

A result of these concerns has launched a new series of remote support solutions that are designed to be hosted by the user which means all security concerns can be managed internally and the overall cost of ownership is significantly less. With no annual or monthly costs, most users expect to see significantly less feature sets but that is not the case. Our product ScreenConnect provides

1. Support for Linux, MAC, and PC
2. Has screen recording capability
3. Manages UAC for Vista and Windows 7
4. Dual monitor support
5. Can configure theme and external appearance to match company branding
6. Logging
7. And much more

Will self hosted solutions be the direction of the future? Most likely many companies will still see value in hosted solutions, they keep things simple from an infrastructure perspective but you pay heavily for that simplicity. The hopes of tools like ScreenConnect is that we can continually make it easier for business and IT groups alike to adopt and that the cost savings will justify the transition.

ScreenConnect is a self-hosted remote support software solution developed by Elsinore Technologies.  Elsinore has produced several related solutions including Virtual Intercept and IssueNet both highly customizable and cost efficient issue tracking and management solutions.  As with most software development companies remote support solutions were required in order to assist customers with questions, providing consulting, and working on feature issues and enhancements remotely.

Our current solution a 3^rd party hosted model with monthly charges per user worked ok but the cost was significant and we had to direct customers to a different site to establish connections which wasn’t ideal.  The goal was to find a solution that provided the basic remote support capability and features, we required without having to pay for others that provided us little to no value.  We evaluated several solutions with 4 criteria:

1. We needed minimal software footprint on the client machine
2. A reliable solution that worked quickly and efficiently
3. We ideally wanted a self hosted solution so that customers would be directed to our site for support
4. Needed to work with Java , PC, and Mac clients
   

As we evaluated the remote support market we found several software tools with impressive feature sets but none that met all 4 of our criteria.  So since we couldn’t find what we needed we decided to build our own solution, ScreenConnect.

ScreenConnect is a self-hosted, cost efficient, remote support software solution with an extensive feature set.  The solution saved us thousands of dollars in monthly fees and provided us with a support model ideal for our customers.

With the transition from ITIL Version 2.0 to 3.0 and the increasing exposure of Microsoft Operations Framework (MOF) the terminology and organization of the terminology used in the industry is changing and evolving.  But am I confusing my customers when I use the old ITIL terms or am I confusing them worse using the new terms they have less experience with? I need a way to figure out what is still the same and what is different in ITIL version 2 and version 3.

So I looked out to the web to see if anyone had done a direct comparison of the terms and books of ITIL v2 and v3.  I found where someone had done a pretty nice write up and several other sources plagiarized the work; but, it was still all written comparisons and I wanted more of a diagram, a drawing, something with arrows!  I never found what I was looking for so between episodes of NCIS last night I resolved my problem.

So without delay here is the Elsinore Technologies ITIL v2 vs. v3 comparison diagram.  If you note any mistakes on my part please let me know and I will correct my oversight immediately.  Regarding the diagram ITIL v2 books are broken out on the left and v3 on the right, the type of arrow doesn’t matter I used a few different styles for aesthetics only, also I added the service desk and variations thereof to the Service Operations book of ITIL v3.

A higher resolution version can be downloaded from our Oversight website at:

ITILv2-vs-v3-Diagram

u5x47ith3m

It doesn’t take but a few hours of searching the web to find that there are quite a few players in the world of certification and IT Operations Frameworks.  The Information Technology Infrastructure Library (ITIL) developed in the UK in 1989 by CCTA which now resides under the ownership of the UK Office of Government Commerce (OGC) was one of the first attempts at documenting the concepts, policies, and best practices for managing information technology (IT) infrastructure.  Over the past few decades IT departments have seen the development of websites, blogs, certification processes, revision changes of ITIL strategies, and teams of consultants grow at staggering rates.  A lot of this could be contributed to many economic factors but I believe the biggest changes are contributed to IT alignment with business units.  As IT services becomes more measurable in conjunction with business unit profitability, company executives can better see the bottom line revenue potential of investing in their IT department processes, training, and service management; not just the hardware and software assets.  With this shift in visibility IT departments go from black boxes which few executives understood to glass boxes that play an immediate role in productivity, revenue generation, and customer satisfaction visible to everyone.  And with this visibility comes money and as companies start spending more of it the private sector reacts providing an increasing number of services and solutions to help fill the needs.

Since its inception both formally and informally the playing field has changed and grown springing up new players such as ITSMF International, ITSMPA.org, ISACA, COBIT, ISO 20000, and Microsoft Operations Framework just to name a few.  These companies coupled with mandated compliances such as Sarbanes-Oxley, HIPPA, and SOX have made IT operations a huge growth area for companies of all types who want to provide their touch, insight, and experience to this unquestionably fast moving and high growth business segment.

But with all of these new players and the push by companies like Microsoft into the market defining new terms and best practices which organizations and sectors of this model will be the industry leaders moving forward.  The direction of operations is changing, in the past few years we have seen the process driven ITIL version 2.0 replaced with a business aligned version 3.0.  And now Microsoft is providing their version of operations framework which is similar to ITIL but has its own unique twists.  So who is going to jump into the mix next?  One thing is for sure competition sparks productivity, new ideas, and new ways of approaching problems.  All though I would like to see continued alignment in terminology I like the idea of new companies pushing the incumbents, if nothing else it gives me something to blog about!

I always look forward to the new Microsoft Office releases; I look for those cool new features that will make my work life easier or my presentations cooler.  Wow ok I guess I am a bit of a nerd but I also look forward to football season and UFC fights as well!

Debra Shinder did an article for Techrepublic, I assume she was one of the privileged few with access to the alpha testing of Office 2010 and she has some screen captures and a list of her top 10 favorite new features.  Make sure you check out the deleting conversations in Outlook and the linking to documents in OneNote.  I always thought OneNote was a joke and not very useful but lately I have found some really good applications for the tool and I’m really looking forward to it seeing some love from Microsoft for OneNote in 2010. http://blogs.techrepublic.com.com/10things/?p=900&tag=nl.e103

So in keeping with our review of Microsoft Outlook Plug-In solutions we decided to setup a little experiment to compare one of the brightest stars in the industry Xobni and another product we had looked at once before Lookeen.  The heart of both products is Outlook productivity through Search.  So we setup 3 test sets where we had emails, attachments, contacts, appointments, and tasks.  We did not try multiple .pst files maybe we will try that experiment at a later date.  The results were interesting, but not surprising both products index your email folders keeping track of what you receive and send so expectations were that both would perform equally well.  Both products presented basically the same information and the speed was almost identical, so this required us to look at more subjective matters such as aesthetics and personal opinions.  We stayed away from price but the two products are only separated by about $10.

Xobni - Their integrated model with Outlook and fashionable user interface won them a lot of points among the staff here.  They had nice features such as analytics and well organized information window that quickly displayed contact information, conversations, and files exchanged.  On the downside they did miss one email in our tests that Lookeen caught and the integration does take up a bit of room in an already busy Outlook window.

Lookeen - The product seems to find the emails, appointments, and tasks as fast as Xobni and the results are displayed in a separate window that can easily be displayed alongside Outlook or on a second monitor(even better).  This product is not as pretty as Xobni and it is missing some nice features most notably the analytics but if you are just looking for search capability it is a good product.

At the end of the day we have mixed reviews internally but the majority of people are using Xobni free version currently with a few looking to upgrade to pro.  Lookeen hasn’t disappeared but with pricing being similar most people went with Xobni at least for now.