Users of mainframe-based applications may grumble about costs, response time, inflexibility, lack of user friendliness, bureaucracy, and their particular piques in a specific environment. One thing they
should not complain about is data loss. Mainframe users expect that when a host transaction completes, the data is reliably stored. Any subsequent application, system, hardware, or power failure will not cause data loss. In some sites a fire, flood,
hurricane, or other natural disaster will cause minimal or no data loss.
Personal computer users historically have had different expectations. In the past, if after an hour working on a spreadsheet the system hangs up, power fails, or a virus reboots the machine, users certainly feel annoyed but not really surprised.
Likewise, even with companies that have moved beyond single-user PC applications and have embraced networking, users historically have been more tolerant of less rigorous standards. For example, Forester Research projects that the costs to manage
distributed networks of PCs and servers will be 10 to 30 percent more than to manage minicomputers and mainframes. Other studies have claimed costs are double. This higher cost is the case when LANs evolve and applications are built without an
architectural view and without appropriate standards to support the design.
With the movement to client/server computing, demand for mainframe-like performance from client/server architectures increases. If firms are going to move the business of the corporation into the client/server world, mainframe-like expectations will
prevail and mainframe-like support must be provided.
Recent experience with remotely-managed LAN applications is demonstrating that costs are equal to or less than costs for traditional mainframe applications. Effective remote management requires systems and application architectures that anticipate the
requirement for remote management.
Like many things in life, the principle of "do it right the first time" applies to the long-term success of your client/server application. Thus, it is important to ensure that client/server hardware is specified and assembled according to
organizational standards and tested prior to implementation. Software should be loaded by trained staff and tested to ensure that it is installed according to standards and works as expected. The largest number of user problems are caused by incorrect
installation and equipment that is faulty at installation. Most LAN administration problems can be prevented by proper architecture supported by trained installers.
Availability means system uptimeor the capability of the system to be available for processing information and doing its expected work whenever called on. Minicomputer and mainframe data centers should provide at least 99.8-percent availability
with today's technology. To achieve this level of availability, a combination of technological and procedural steps are followed. Most availability failure today is caused by human error. To minimize this, data centers implement rigid procedures to manage
Whether the change is hardware, network, system, or application software, stringent procedures to request, validate, test, and implement the change are defined and adhered to. Backout procedures are defined and tested to ensure that if a failure occurs
after implementation of the change, the data center can fall back to its previous status.
Technological features such as separate electrical power sources, backup diesel generator and battery power sources, redundant processors, and magnetic disk devices all are used to ensure that failure of a single component will not take down the data
center. Very critical systems use fault-tolerant processors from vendors such as Tandem and Stratus to ensure that availability approaches 100 percent.
Data centers use highly skilled professionals in the central location. They are expected to be able to recover the site quickly after any failure. Vendor service contracts are used to guarantee that repair can be accomplished in one, four, or eight
hours as necessary.
Client/server applications must be able to provide the appropriate level of availability demanded by the business need. Certain features, such as redundant power supplies and battery backup, are relatively easy to provide. In large cities, vendor
service-level agreements can be purchased to ensure that failures can be repaired quickly. In smaller cities, repair by replacement will be necessary if the required service levels cannot be provided because of the travel time.
The provision of highly qualified technical staff at each site is sometimes physically and rarely economically feasible. Remote LAN management is the only way to make effective use of scarce resources. Remote management requires a central site
connected through WAN services to each LAN. Network management service levels are defined through reasonability levels. This enables comparative interrogation of the availability of individual devices, of performance, and even of server magnetic disk space
Products such as Openvison, Sun Connect, HP Openview, IBM's NetView and SystemView can be integrated through industry-standard network management protocols to provide the desired level of availability for reasonable cost. The OSF has defined a standard
Distributed Management Environment (DME) for management of its Distributed Computing Environments (DCE) standard, which is evolving as the definition for an object technology based management platform. Although this technology is less mature than the DCE
standard, experienced systems from integrators are demonstrating effective remote systems management network operations centers.
All current technology minicomputer and mainframe operating systems provide basic services to support system reliability. Reliability first requires availability factors to be resolved. Reliability requires applications to be protected from overwriting
each other and requires shared memory to be accessed only by authorized tasks. Security must be implemented to allow access to resources only by authorized users. Database management software must ensure that either the entire set of updates requested by a
unit-of-work be completed or that none be completed. Specifically, the software must automatically handle multiple user contention, provide full recovery after failure of in-flight updates, and provide utility functions to recover a damaged magnetic disk.
Most minicomputer and mainframe operating systems and hardware provide diagnostic services that pinpoint the location of failures.Transient errors are noted so that preventive maintenance can correct problems before they affect availability. The
central location of the equipment allows trained technicians to institute regular preventive maintenance programs. For this reason, many organizations install their first servers in the glass room until they have more experience with remote LAN management.
Products based on standard protocols such as the Simple Network Management Protocol (SNMP) provide the necessary feedback of event alerts to support the remote systems management function. It is necessary that the architecture design take into account
the issues of standards and products to be serviceable.
The centralized minicomputer and mainframe environment shares executable software from a single library. Software maintenance and enhancement are accomplished by changes to a single location. In the distributed client/server model, executable software
is resident on servers located throughout the organization. Changes to system and application software must be replicated across the organization. This presents a tremendous complication in serviceability of these applications.
An additional complexity is incurred in the UNIX world when several different hardware platforms are used. Despite the fact that the source level of the software is compatible across the various platforms, the executable binary form of the software is
not compatible. An HP 9000 and an IBM RS 6000 may run the same application and use the same Ingres Windows 4GL development software, but the same generated applications cannot be distributed to each location.
The executable libraries must be created on a machine with the same physical hardware. This causes serious problems for distribution of software throughout a large network of disparate computer platforms. Testing should also be done on each platform
before changes are distributed. Most organizations have addressed this requirement by installing one of each of the hardware platforms from the field in a central support location.
The solution to this problem is a properly designed client/server architecture supported by effective software management tools. This problem is certainly solvable but only through design and planning. It will not be solved in an ad hoc fashion after
There are special requirements in supporting distributed technology. An advantage of the personal computer is that it is easy to modify. This is of course a disadvantage for production environments. Remote support personnel must be able to discover the
hardware and software configuration of the remote technology. With this discovery they can determine which software versions to send and provide educated support for problems.
In the centralized minicomputer and mainframe environment, trained technical support personnel and operations staff monitor performance on an ongoing basis. Sophisticated monitoring tools, such as Candle Corporation's Omegamon MVS, and analysis tools,
such as RMF from IBM, track the system's day-to-day performance. IBM and Digital Equipment Corporation include features in their large computers' operating systems that provide considerable dynamic tuning capabilities. If trends show performance degrading,
systems managers can add hardware or make adjustments to improve performance before it affects the user community.
Additional tools, such as Crystal from BBN and TPNS from IBM, are available to simulate new applications before they move into production. This means that the organization learns in advance the resource requirements of new applications. Changes can be
made to the operating environment to ensure that performance will be acceptable.
In the client/server environment, neither UNIX, Windows NT, nor OS/2 yet provides these sophisticated performance-monitoring tools. Certain tools, such as Network General's Sniffer, are available to remotely monitor the LAN traffic. UNIX, Windows NT
and OS/2 provide limited capabilities to define task priorities. Many vendors are now marketing products to support this need. At present, though, the design expertise of enterprise architects is essential to avoid performance shortcomings. Fortunately the
cost of hardware for client workstations or Windows NT, OS/2, and UNIX servers is such that adding extra capacity to improve performance is usually not a major cost factor for a client/server system.
Network management tools such as those from OpenVision, IBM's NetView, AT&T's UNMA, and Digital Equipment Corporation's EMA products, to name a few, all provide a level of remote monitoring that can track response time and network loading. None of
these products provides the type of analysis of the remote server that RMF provides or the tuning tools that are provided within MVS and VMS. Products such as ESRA from Elegant Computing, are available to do remote analysis of UNIX servers in order to
monitor disk usage, error logs, and user profiles. This product is used extensively to manage remote UNIX servers.
Other products, such as Microcoms LANlord, provide significant capabilities for remote access to Windows and OS/2 PC LAN desktops. It is impossible to provide adequate support for distributed client/server applications without the capability to support
the desktop and the server remotely. This is an area of intense focus by the industry, and during 1993, a number of major systems integrators implemented NOS to provide desktop support for Novell, LAN Manager, LAN Server, and NFS client/server
environments. During 1994, this capability will become essential to all organizations.
The most efficient and effective way to provide support to client/server users is through the use of the help desk. A help desk is a set of systems and procedures used by technical and applications staff to provide support to end-users in areas
ranging from basic how to do and problem determination to advanced troubleshooting and diagnosis. This type of support may be provided using remote PCs, voice-only assistance over the telephone, or in-person assistance via an on-site help request. This
provides immediate feedback for simple problems and an early and complete audit trail of problems. Proper follow-up is essential to provide users with confidence in the help desk function.
A professional help desk is one of the keys to successful implementation of the client/server model. Remote users require immediate access to assistance. Effective implementation of a client/server application depends on the availability of immediate
support when problems occur.
Experience with distributed client/server implementations demonstrates that successful implementation requires that 80 percent of problems be solved while the user is on the phone. A further 10 percent must be solved within an hour of the call. The
remainder should be resolved or a workaround found within 24 hours.
Users familiar with PC software expect ease of use and intuitive navigation and recovery in their software. If a client/server application lacks these features internally, it is critical for a help desk to be available at the first sign of trouble. The
help desk support personnel must take over control of the client workstation in order to assess the situation well. This process called over the shoulder helps enable the remote help desk to work as if they were working over the shoulder of the
user. The help desk is able to see the screen, execute software on the user workstation, review local data files and make software changes as necessary. Centralized help desks must identify and track problems and then ensure that corrective action is
provided to the user as soon as possible. They are the lifeline that explains discovered problems and ways to work around them.
Help desk personnel must be able to identify with the frustration of a user working remotely from any personal support. They must be sympathetic and clear in their explanation of solutions.
The help desk must provide one-stop shopping for help. Help must be available whenever a user is working. The Royal Bank of Canada has over 45,000 users of an interactive voice response (IVR) system that enables the caller to select the type of help
needed and to be in contact with a help desk analyst in less than 90 seconds.1 The value of this capability is so great that many organizations are outsourcing this function to help desk specialty organizations. Computerland Canada has implemented this
service for several of the largest organizations in Canada. Help services are one of the fastest growing segments of that company's business.
Help desks provide feedback to the developers not only on all application errors but also in the critical areas of usage complexity and additional training needs. More than 75 percent of the 1,200 organizations surveyed in a 1991 survey by the Help
Desk Institute expect to expand their current help desk operations over the next five years by increasing staff and expanding operating hours.2
Help desk personnel require trouble-ticket support software to be effective. Remedy software provides an effective implementation. All calls are logged, and the collective expertise of the help desk is available. All previous calls, problems, and
solutions can be searched to help solve the current problem. Remedy records each problem and implements escalation procedures to ensure problems are solved in a timely manner. In addition, and more importantly, the software provides management with the
capability to review problems and determine what changes are necessary to ensure that problems do not occur again.
Most calls in new implementations are caused by software that is awkward to use. Correcting these problems will greatly improve user efficiency. Many organizations who outsource help desk services do so at a declining cost each yearand will
continue to do sobecause as usage problems are resolved, calls will decline.
LAN administrators should be able to connect remotely to and then manage the workstation of any user who has a problem. LANlord from Microcom provides support for the Windows 3.x desktop. Microsoft's Hermes product will provide support for Windows NT
desktops in late 1994. The products DCAF from IBM, PolyMod2 from Memsoft and Remote OS from Menlo provide support for the OS/2 environment. DCAF requires an OS/2 workstation but can control a user DOS or Windows workstation. Network General provides
Distributed Sniffer, which operates both locally and remotely. It provides excellent support to a LAN administrator with a graphical user interface (GUI) to display results.
Because UNIX provides support for remote login, all UNIX environments provide good tools for remote systems management. Sun Connect, IBM Netview 6000, HP Openview, and OpenVisons products all provide good support dependent on the specific requirements
of the distributed computing environment.
Each of these products provides an accurate record of performance and traffic loading at the point of analysis. If these analyses are done regularly, LAN administrators can detect problems as they arise. If the exploratory programs are infrequently run
or trend lines are not created, problems will sneak up with no warning.
In any application environment, managers must assess the security requirements. It is necessary to walk a thin line between enough security and overbearing security measures. Users should find security to be invisible when they are authorized for a
function and impenetrable when they are unauthorized. Security of the server should start by placing physical barriers around unauthorized access. Because users do not need physical access to the database and application servers, both should be placed in a
locked room. Frequently the existing host computer room can be used to hold workgroup servers.
Every user of a client/server application should be assigned a personal ID and password. The ID can be used to assign authority and track access. Customized procedures can be built for each individual ID to manage backup, access times, and prompting.
The DCE-defined Kerberos standard is preferred for UNIX servers. SunSoft provides Kerberos as an option to Secure RPC and Secure NFS, its C2-securable networking features available in Solaris, Version 2.1. Security is now recognized as an essential element
in next-generation operating systems. Microsoft for NT and Novell with NetWare 4.x are both building security to meet the U.S. government C2 specifications.
Physical network security standards are being defined by several groups including the IEEE. SNMP-2 is being enhanced to support greater security. Operating systems designed from the ground up with security in mind form a trusted computing base (TCB)
that incorporates encryption of passwords, safeguards against bypassing the logon system and the capability to assign privileges to user groups. NetWare 4.0 and Windows NT can also log attempted security breaches and trigger alarms that notify a network
The new operating systems require that each account specifically be granted rights for remote access or encrypt passwords during remote access. Effective security must be defined as part of the enterprise-wide architecture put in place as an
organization moves to the client/server model. In addition, effective administrative procedures for user definition, password maintenance, physical security, and application design must be instituted.
When maximum security is required, network and permanently stored data should be encrypted. Products such as Beaver Computer Company's DES coprocessor plug into sockets on its SL007 Notebook Computer to intercept data moving to and from the hard disk.
The data encryption standard (DES) algorithm uses a personal key to make data unusable to anyone who lacks that key. This data is encrypted when it's stored and decrypted on retrieval. Only when the correct DES key is provided is the information
meaningful. The U.S. government has attempted to define a standard data encryption algorithm for which they would possess a back door key. It is unlikely that this algorithm will be adopted by any other organizations.
Diskless workstations can prevent information from being copied to a floppy and removed or from being left where someone might break into the workstation to access the hard disk. No sensitive data should be stored on the client workstation or on an
unprotected workgroup server.
As companies integrate LANs into their enterprise networks, the network administrator's role is changing drasticallygaining complexity and growing in importance, according to a market research report from Business Research Group (BRG) of Newton,
LAN management has changed from managing an isolated LAN to managing a LAN that's part of an enterprise network. The challenges of managing local networks, remote networks, and interconnections among them are complicated by the lack of global network
administration software. Several studies have determined that network administration is the major priority of most organizations.
LAN administrators are working more closely with the existing host systems support groupthe management information systems (MIS) department. Although workstations were once seen as the nemesis of MIS, they are now a key part of the strategic
information technology direction of many companies. MIS departments must see their survival as dependent on integration of LANs into the enterprise system.
Integrating different technologies from different vendors requires a lot of work, and frequently the tools to build multivendor, multiprotocol networks are missing. Lack of knowledge of these new technologies is yet another stumbling block for LAN
Although the network administrator's job is becoming more difficult, it also is becoming increasingly important as the network plays a more strategic role in business-critical applications.
The shift from running business-critical applications on mainframes to workstation LANs has elevated the influence of workstation users and, subsequently, LAN administrators. Because of that shift from terminals to workstations, the people who reside
between the data and the workstationthe LAN administratorshave an increasingly important role.
The LAN administrator should be responsible to both the MIS network management and the user community. Nearly three-quarters of respondents to the BRG survey agreed that department managers should control LAN applications, but MIS should control other
aspects of LANs. The services that MIS departments provide for LANs typically are traditional MIS services carried over to the LAN environment. These services include:
Other services include:
Despite the growing complexity of networks, only 37 percent of the surveyed sites use a LAN management package. This lack of management tools is an impediment to enterprise-wide applications. Lack of security on LANs is another roadblock. Respondents
tended to define a LAN management package as an umbrella enterprise-wide management system, such as IBM's NetView, rather than as an integration of tools that manage specific devices.
Many companies do not have the diagnostic devices or the expertise to effectively manage network hardware. Very few maintain historical records for ongoing comparative analysis. Only 41 percent of the respondents use protocol analyzers; about the same
percentage use cable activity testers and tracers. Only 28 percent use time domain reflectom-eters. Learning to operate such diagnostic tools is relatively easy; understanding what the results mean is not so simple.
In another recent survey, this time by Infonetics, Fortune 500 companies were asked to determine the reliability of their LANs and the costs related to unavailability. The survey produced statistics to which organizations making the move to
client/server computing must be sensitive.
The first question evaluated the average length of time the LAN was unavailable after a failure. More than 50 percent of respondents noted that the LAN was unavailable for more than two hours. In fact 19 percent of the respondents noted that each
failure took more than eight hours to repair. A failure meant the system was unavailable for the remainder of the working day. This will be an unacceptably long time if the business requires LAN availability in order to operate.
The second question determined the number of failures per year. More than 50 percent of the respondents noted more than 10 failures per year. In fact, 20 percent noted more than 50 per year, or one per week. Clearly, if each failure takes more than two
hours to fix, the amount of downtime is well beyond acceptable levels.
The third question attempted to quantify the cost of lost productivity per year caused by LAN failure. In 36 percent of the organizations, more than $100,000 in lost productivity occurred in one year. Amazingly, in 7 percent of the organizations, the
lost productivity exceeded $15 million. Clearly, there is an opportunity for substantial cost savings by reducing the frequency of errors and the mean time to repair. In critical applications such as the Fire Department dispatch systems described in
Appendix A, the cost of downtime is measured in human lives as well as property damage.
The final question looked at lost revenue caused by failures. In 10 percent of organizations, more than $100,000 in losses were caused by system failures. Again amazingly, in 4 percent of the organizations, the loss exceeded $1 million. In the 25
percent of organizations where lost revenue was less than $100 and lost productivity was less than $5,000 per year, we can assume that the LAN is not integral to running the business.
Mini- and mainframe software licensing costs have traditionally been based on the processing capability of the computers involved. The costs are based on the model of hardware and on the number of users typically supported by that equipment. The more
powerful the machine and the more simultaneous users it can support, the higher the software license fee. UNIX software continues to be licensed in the LAN arena on this basis. DOS, Windows, and OS/2 personal computer software licensing agreements were
developed when software was being acquired for single-user use on a dedicated personal computer. The dramatic increase in processing power of personal computers and the advent of LANs have created a licensing cost issue for software vendors.
Three charging algorithms are used today: single use, LAN use, and site license. Single use requires that every workstation acquire its own license. LAN use typically allows up to a maximum number of simultaneous users for a fixed fee. Site licenses
allow unlimited usage by an organization, either at a single site or across an entire organization. Because organizations have increasing standardization of software products, more site-licensing agreements are being signed.
The Software Publishers' Association (SPA) has raised the visibility of licensing recently by filing lawsuits against organizations that appear to be using software without proper licensing agreements. Many of these organizations are LAN users. Buyer
organizations such as the Software Managers' Interest Group, and other user/vendor associations such as the Open User Recommended Solutions (OURS) organization, are working to define standards for licensing that reflect the way software is used.
Products such as BrightWork's SiteLock, DEC's License Management Facility (LMF) and Hewlett-Packard's Network Licensing System (NetLS) allow software licensing that reflects software usage. In many organizations, hundreds of users may have access to a
software product but only tens of users may be active with it at any one time.
With single-user licensing, many LAN users are obligated to buy hundreds of licenses. Organizations are usually willing to restrict the number of active users to substantially fewer than the maximum possible. In return, they expect a reduction in the
1 Julia King, "Executive Report: Help Desks," Computerworld 25, No. 45 (November 11, 1991), p. 74.
2 Ibid., p. 73.
3 Elizabeth Doughtery, "Who's Behind the LAN," LAN Magazine 6, No. 10 (October 1991), pp. 73-78.