AppliTrak Overview

Managing information systems requires a combination of vigilance and effort to differentiate between the “cash cows” and the “pondscum.” 

Critical systems and data need to be monitored to ensure they comply with mandates like the Payment Card Industry (PCI) Data Security Standard (DSS), or  Federal Government requirements like the DoD Directive 8320.02-G.  Unimportant systems (if there are any), don’t require the same rigorous level of monitoring.

The crux of the problem is understanding how to manage and discriminate between these systems, and knowing that it not the file’s name, location, or owner that are important but its contents.  A file’s provenance or pedigree is much more important than other metadata.   A file’s provenance indicates:

  • Who and/or what business application created the file

  • What was the disposition of the file after its use (e.g., was it destroyed, renamed, or closed)

  • When did the event occur

  • Where did the file’s contents originate

  • Where were the file’s contents used next

It is a fact that the average enterprise has tens or even hundreds of billions of files and the number doesn’t ever go down; just up, and up, and up.  Another unpleasant fact is that critical information doesn’t “stay put.”  Critical information tends to wander, migrate, and reproduce; from critical application servers into ad hoc applications, emails, nooks, and crannies that may or (more likely) may not be known.

Another vexing corollary to the issue of billions and billions of files is that today’s business applications are made up of hundreds or even thousands of installed software components spread across multiple servers.  Tracing a workflow from its origin to its destination often requires monitoring a whole network of servers and software.  It is much too expensive, time-consuming, and error-prone, to manually track and manage workflows but there are few options available to the enterprise.  One consequence of not knowing how systems are put together is that files accumulate and are unlikely to ever get deleted (I offer the ever popular, ever growing, Windows “C” drive as proof).

A second, more sinister consequence of not having a thorough understanding of a system’s bits and pieces is that system changes often have unexpected, or even catastrophic outcomes.  The Information Technology Infrastructure Library (ITIL) Version 3 discusses the threat of fixes that are more painful than the original problem they were intended to address.   It’s a safe guess that no one has been spared from the occasional rogue “fix.”

The earlier Windows “C” drive example was offered with tongue-in-cheek, but how many applications install files on a “C” drive because they know it will always be there?

Finally, litigation is a threat (if not a certainty), and the enemy is time.  Finding and producing critical information is just one issue; being able to ensure authenticity can be a much more serious issue.

All of this points to the need for an information asset portfolio.  The information asset portfolio catalogs information objects, service requirements, and their relationship(s) to business workflows, processes, and line of business applications.  An information asset portfolio is one element of the complete IT portfolio:

  • Infrastructure assets

  • Application assets

  • Information assets

  • Process assets

  • Human assets

Change Management

Change Management is one of the most important functions associated with a well run IT operation. A good, conscientious, change management group is usually at the center of the IT operation, aware of major projects, hardware and software rollouts, configuration changes, resource constraints, and even staffing changes. Sadly, that level of change management expertise is in short supply because it can take years to develop relationships and understand how applications function.

AppliTrak can help. It might take years for a staff person to develop the expertise to identify critical line of business applications, workflows, business processes, and the software components that make it all work, but AppliTrak can figure that out and map the processes. Furthermore, when a change yields unexpected consequences, AppliTrak can immediately pinpoint the extent of the changes. Finally, and perhaps most important of all, when a change produces unexpected results there are often downstream repercussions until the process is disabled or suspended; AppliTrak can trace these repercussions through the enterprise to assist the change management staff and application owners assess effects.

The proactive change management staff can exploit AppliTrak’s inventory of applications and their associations to assess the risk of a change and head off unexpected results. Often a seemingly inconsequential change can have dramatic effects because no one was aware of dependencies between applications or components.

 

Security

The Payment Card Industry (PCI) Data Security Standard (DSS) talks about the need for file integrity monitoring to alert personnel to unauthorized modification of critical system files, configuration files, or content files. Detecting unauthorized modifications is important to preserving the integrity of the environment. However, equally important is the need to identify unauthorized access (not necessarily modification) to monitor the disposition of that information. For example, it is not at all unusual to find file copies with permissions, access lists, or security descriptors that no longer match the original information object. The capability of observing the creation of those copies, and even tracking where derivative copies are located throughout the enterprise is a powerful security auditing tool; the fact that this tracking is taking place in near real-time offers the possibility of shutting down insider data breaches.

Forensics

AppliTrak assists the forensics investigator by creating a data provenance or history of actions applied to structured and semi-structured files. For example, anytime that a file is opened, modified, renamed, copied, attached to an email, moved, or deleted, a provenance record is created indicating the date, time, user, and application associated with that action.

The data provenance enables the forensics investigator to identify how and where unauthorized disclosures have occurred. Each provenance record contains a checksum of the reference data to assure the investigator of the authenticity of the information contained within the data file. Data provenance files are encrypted to prevent tampering with their contents.

Performance

Assessing the performance and resource usage of business processes and applications has long been a difficult task. The Application Response Measurement (ARM) standard was developed in 1996. An ARM implementation provides a “correlator” so that as a transaction is passed from application to application, it retains its identity so that its response time, and its path can be traced. The problem with ARM is that an application has to be enabled for ARM instrumentation. Many Online Transaction Processing (OLTP) systems are equipped to provide ARM instrumentation; however, unstructured and semi-structured data are poorly represented by ARM instrumentation. AppliTrak builds a data provenance which is similar to a rich ARM correlator independent of application type or data type.

Portfolio Management

There are many types of portfolios to be managed in an IT operation and all of them together constitute an IT portfolio. However, the most difficult of all the portfolios to create and maintain is an information asset portfolio. The information asset portfolio enumerates the “family jewels” the files and information that are essential to the business as well as other information assets that rank lower in priority.

Interestingly, most IT operations have service level objectives or even service level agreements for their applications, but fail to define service criteria for their information assets associated with those applications. This is a task that Records Information Managers have tried to address, but without a diagram of how business processes use information it is an all but impossible task.

Supported Environments

Collectors

AppliTrak V1 has collectors for all (32 and 64 bit) versions of Microsoft Windows 7, Vista, XP, Server 2003, and Server 2008. AppliTrak collectors operate under a variety of conditions ranging from dedicated servers to laptop computers that are intermittently connected to virtual private networks or even dial-up access. These collectors interoperate with all versions of Microsoft Office, Exchange, third-party, and home-grown applications that are installed using the Microsoft installer.

Linux collectors are available for Version 4 and 5 Red Hat Enterprise and Advanced Servers (32-bit). The Red Hat collectors interoperate with all Red Hat, third-party, and home-grown applications that are installed using the RPM installer.

Solaris (x86 and SPARC) collectors for Solaris V10 are also available. The Solaris collectors interoperate with all Solaris, third-party, and home-grown applications that are installed using the Solaris package installer.

Servers

The AppliTrak V1 server requires Microsoft Windows Server 2003 or Server 2008, and SQL Server 2003 or later. The user interface to the AppliTrak server is based on the Microsoft Management Console (MMC). A Secure File Transfer Protocol (SFTP) server must be installed with the AppliTrak server. Application Matrix recommends the Tectia server from SSH.