IT Infrastructure Chapters 5

1
IT InfrastructureChapters 5 6

• INFO 410
• Glenn Booker

Images are from the text authors slides
INFO 410
Chapters 5-6
1
2
Five competitive forces

• Before diving into the second module, well
  examine the five competitive forces that shape
  strategy (case study 1-1)
• Technology can influence or drive all of them
• Our overall goal is to be profitable (yay
  capitalism!)
• The most obvious competitive force is your
  competitors in the industry
• Most dont look beyond that

3
Five competitive forces

• Customers can play you against your rivals,
  lowering prices
• Suppliers can limit your profits by charging high
  prices
• Threat of new rivals can increase capacity, and
  increase the investment needed to play
• Substitute products can steal customers

4
The big picture

• So we need to consider all five major forces in a
  given industry to produce a good strategy
• A common approach is to position yourself where
  forces are weakest
• Paccar sells custom trucks to owner-operators
• MP3s created a substitute for buying music CDs
  Apple filled the void with iTunes

5
Tricks to win

• Limit supplier power via standardized parts
• Expand services so its harder for customers to
  leave
• Invest in products different from your rivals, to
  avoid price wars
• Invest in RD to scare off new rivals
• Make products very available, to offset subs

6
Strength of forces drives profit

• When competitive forces are all strong (airlines,
  textiles) there is little profit
• Conversely, weak competition leads to high
  profits (soda, software, toiletries)
• Profitability, measured by ROIC (return on
  invested capital) is typically 10-20
• Airlines and mail order about 5
• Soda and software are over 35

7
Strength of forces drives profit

• Short term profits are affected by many things
  (weather, industry cycles) but long term
  performance is dominated by these five forces
• The strongest competitive force(s) determines how
  profitable an industry can be
• Hence it/they are key factors in choosing the
  best strategy

8
Threat of new rivals

• New players add capacity to produce products, and
  pressure to lower prices
• Especially if they are established firms in other
  areas
• Pepsi ? bottled water
• Microsoft ? Web browsers
• Apple ? music distribution

9
Threat of new rivals

• To avoid this threat, existing producers must
  hold down prices, and/or invest in new products
  to keep customers loyal (Starbucks)
• Notice its the threat of rivals, not actual new
  rivals, that limits profitability
• Barriers to entry help keep out new competition

10
Barriers to entry

• Supply-side economies of scale
• Its cheaper to make lots of stuff than a little
• Every aspect of the value chain, even marketing
  and research, benefit from large scale operations
• Demand-side benefits of scale
• Larger companies attract more customers
• No one ever got fired for buying IBM
• eBay has more auctions, so more people use it

11
Barriers to entry

• Customer switching costs
• Changing vendors may mean changing product specs,
  retraining staff, adapting processes, etc.
• ERP systems have huge switching costs!
• Capital requirements
• Make it expensive to compete with you
• Facility costs, provide credit to customers,
  inventory costs, start-up costs, ads, RD, etc.

12
Barriers to entry

• Incumbent advantages
• Not just for politicians!
• May have cost or quality advantages over rivals,
  proprietary technology, best sources, best
  locations, known brand identity
• Counter by placing self away from rivals
  (Wal-Mart)
• Unequal access to distribution channels
• Limited shelf space, available distributors

13
Barriers to entry

• Government policies
• Government can limit or forbid new entrants in an
  industry (e.g. radio, liquor, taxi, airlines)
• Government can also encourage new entrants
  subsidies, grants, 8(a) programs, etc.
• Of course, new entrants in a field could expect
  retaliation

14
Barriers to entry - retaliation

• Retaliation is likely, if incumbent players
• Have squashed rivals before
• Have lots of money
• Can cut prices to drive you out of business
• Or if industry growth is slow

15
Power of suppliers

• Key suppliers can simply charge more for their
  products, reducing your profitability
• This can include suppliers of labor!
• Microsoft reduces profitability of PCs by OS
  costs

16
Power of suppliers

• Suppliers are powerful if
• They are more concentrated than the industry they
  supply (1 Microsoft vs. many PC makers)
• The supplier doesnt depend on one industry for
  revenue
• If you only have one customer, you have to take
  better care of them!
• There are high switching costs to another
  supplier
• Training, location, etc. could contribute

17
Power of suppliers

• Or if
• Supplier offers unique products (or at least
  different, such as drug products)
• There is no substitute for the supplier (airline
  pilots)
• The supplier could enter the market themselves
  (Shuttle selling barebones computers)

18
Power of buyers

• Customers (buyers) can force down prices, demand
  better quality or service, reducing your
  profitability through price reductions
• Buyer power is similar for consumers and B2B
  customers
• Consumer needs may be harder to pin down

19
Power of buyers

• Buyers have power if
• There are few of them, and/or they purchase in
  large volume
• The latter especially if the industry has high
  fixed costs (telecom, chemicals, oil drilling)
• Products are standardized (paper clips)
• Switching costs are low
• The buyers can integrate backward, and make the
  product themselves (packaging for sodas)

20
Power of buyers

• Buyers are price sensitive if
• The products are a major fraction of its budget
  (mortgages)
• Buyers earn little profit, or have little cash,
  or otherwise need to cut purchasing costs
• Buyers product quality is little affected by the
  items bought (opposite of movie cameras)
• Product has little effect on buyers other costs

21
Power of buyers

• Intermediate customers (distribution or assembly
  channels) also gain power when they influence
  customers buying decisions
• Consumer electronics or jewelry retailers, or
  agriculture equipment distributors
• Producers may avoid this through direct channels
  to consumers, or exclusive distribution channels
  (sweeteners, DuPont Stainmaster, bike parts)

22
Threat of substitutes

• A substitute does the same function as a product
  in a different manner
• Videoconference instead of traveling
• Email instead of snail mail
• Software for travel agents, when people shop
  online instead
• Only have a cell phone instead of wired phones

23
Threat of substitutes

• Because substitutes may be very different
  products, theyre easy to overlook
• Used vs new products, or do-it-yourself vs.
  purchased could also be factors
• High threat of substitutes lowers profitability
• Industries often need to distance themselves from
  well known substitutes

24
Threat of substitutes

• Threat of substitutes is high if
• There is good price-performance compared to the
  industry product (Skype vs long distance calls,
  Netflix vs YouTube)
• Switching cost to substitute is low (generic
  drugs)
• Hence need to monitor other industries for new
  substitutes (e.g. plastic for car parts instead
  of metal)

25
Competitive rivalry

• Rivalry among competitors in an industry is very
  familiar
• Sales, new products, ad campaigns, service
  improvements
• Rivalry limits profitability
• Rivalry has dimensions of intensity and the basis
  upon which it depends

26
Competitive rivalry

• Intensity of rivalry is high when
• There are many competitors, or they are the same
  size power
• Industry growth is slow, makes for fight over
  market share
• Exit barriers are high, hence stuck in industry
• Rivals are striving for leadership
• Rivals cant read each others strategies well

27
Competitive rivalry

• Rivalry is worst for profits when its on the
  basis of price alone
• Price rivalry is common when
• Products or services cant be told apart
• Fixed costs are high
• Capacity need to grow in leaps to be efficient
• Product is perishable! (produce, or hotel rooms)

28
Competitive rivalry

• Competitive rivalry can have other basis
• Features, support, delivery speed, brand image
• These are less likely to affect price, since they
  help differentiate products
• If you compete on the same basis as your rivals,
  might be fighting over the same customers
  instead of winning new ones via differentiation,
  a positive sum game

29
Other factors

• The five competitive forces are key to developing
  a good strategy
• But there are other factors to consider
• Industry growth rate
• Technology and innovation
• Government
• Complementary products and services

30
Industry growth rate

• Fast-growing industries often have little
  rivalry, but gives suppliers a lot of power
• Low barriers to entry will guarantee a lot of
  competitors
• PCs have been very low in profit for that reason
• Substitutes might still exist

31
Technology and innovation

• Technology alone will rarely make an industry
  attractive
• New technology attracts a lot of interest, and
  hence rivals
• Low tech, price insensitive industries are often
  the most profitable

32
Government

• Government involvement could be good or bad
• Look at how they affect the five forces
• Patents create barriers to entry, for example
• Unions often raise supplier power
• Lenient bankruptcy rules favor excess capacity
  and more rivalry
• Consider different levels of government too

33
Complementary products

• Some product go well together, like hardware and
  software!
• Complements can affect demand for a product see
  how they affect the five forces
• Can affect barriers to entry (app development),
  threat of substitutes (hydrogen cars, iTunes),
  rivalry (pro or con)

34
Changes over time

• Everything so far has been at one moment in time
  now consider how these factors can change over
  time
• New entries can arise from a patent expiring
• Limited retail freezer space can limit new
  products
• Large scale retailers create barriers for small
  competitors

35
Changes over time

• Consolidation of appliance retailers have limited
  the power of their suppliers
• Travel agents have little power over their
  commissions, due to online sales
• Technology often shifts price/performance
  (microwaves) or creates new substitutes (flash
  drives instead of small hard drives)

36
Changes over time

• Rivalries often intensify over time, as industry
  growth slows
• Rivals become more alike as products become
  similar, consumer taste settles down
• Some areas avoid this, e.g. casino catering to
  different populations
• Mergers, acquisitions, and technology can alter
  rivalries, create customer backlash

37
Strategy implications

• All of these forces and factors should play into
  creating a good business strategy
• Where do you stand relative to buyers, suppliers,
  new entrants, rivals, and substitutes?
• What changes in these forces can be anticipated?
• Can you change the industry structure?
• Your strategy should defend against the strong
  forces, and exploit the weak ones

38
Positioning the company

• Also consider the entry and unpopular exit
  options is this a good time to enter or leave a
  market? Or industry?
• Are there changes in the industry of which you
  can take advantage?
• Often such changes can create prime
  opportunities, if you can spot them

39
Reshape industry structure

• This can be done by redividing profitability
  changing the forces which affect the current
  industrys profitability
• Find which forces are key limits on profits, and
  do something to release them!

40
Reshape industry structure

• Or expand the profit pool increase overall
  demand for the products
• Find new buyers
• Make channels become more competitive
• Coordinate with suppliers
• Improve quality standards, etc.

41
Play in the right sandbox

• Make sure you have clear industry boundaries
• Sounds basic, but each industry typically needs
  its own strategy
• Identify product or services scope, and
  geographic scope of each industry
• Huge mistakes can result otherwise!
• Miss major markets, product needs, etc.

42
Competition and value

• The five forces (and lesser factors) identify how
  competition will affect a business strategy
• Key is not only to identify competitive threats,
  but also possible opportunities
• Also helps investors understand a business
• Separate short term blips from structural changes

43
The Business of IT

• Understanding IT infrastructure

44
IT a key capability

• IT is now a critical part of how businesses
  realize their business models
• This module is about how IT affects management of
  a business, affects availability and security,
  makes new service models possible, and supports
  project management

45
IT infrastructure

• Cheap computing and universal networks have
  formed the foundation for levels of information
  sharing and services never possible before
• The challenges its implementation introduces can
  be huge, however
• Reliability, interoperability with legacy systems
• Reduced ability to differentiate from competition

46
Infrastructure constraints

• Dangers include basing your infrastructure on a
  technology which dies
• Business needs and technology decisions need to
  be interwoven
• Thats where IS people are critical interfaces!
• So what drives technology changes?

47
Moores Law

• Gordon Moore (later cofounder of Intel) noted in
  1965 that computer chip prices stayed about the
  same, but their speed doubled every 18-24 months
• Still true today!
• The 60s and 70s saw centralized computer
  architecture
• Mainframes, punch cards, ttys, dumb terminals

48
Computer evolution

• The computer on a chip concept started roughly
  in 1971 with the Intel 4004 CPU, leading to the
  8088, 286/386/486/Pentium, PII, PIII, P4, etc.
• With the introduction of PCs in 1981, computing
  started to spread from the mainframes throughout
  an organization
• Spreadsheets, databases, CAD, programming

49
Computer evolution

• Then the baby computers started talking to each
  other the LAN was born
• Led to the client/server architecture
• Let the PCs do some of the work!
• And the world saw the Internet explode in the
  early 90s
• WANs, internetworking technologies, open
  standards, and of course WWW

50
Computer evolution

• Robert Metcalfes Law The usefulness of a
  network increases with the square of the number
  of users connected to the network
• Metcalfe created Ethernet, founded 3Com
• Network capacity grew even faster than Moores
  Law, with cheap powerful CPUs and easy TCP/IP
  networks
• Led to changes in computing infrastructure

51
Computer evolution

• But these changes have been so fast that many
  organizations are left with fragments from
  different eras of technology
• Internetworking infrastructure consists of
• Network(s)
• Computer HW and SW (processing systems)
• Facilities

52
Network elements

• LANs, WANs
• Routers, switches, hubs??
• Wireless access points
• Network cards (wireless or not)
• Firewalls
• Cache, media, print, or other servers
• If it performs a business function, its a
  processing element otherwise its a network
  element

53
Network(s)

• Includes links, network hardware, software,
  policy management and monitoring
• Key issues include
• Selecting technologies and standards
• Selecting and managing partners
• Assuring reliability
• Maintaining security
• Interconnection among networks

54
Processing system elements

• Client devices and systems (PCs, cell phones,
  cars, refrigerators, etc.)
• Servers general processing, transaction, file,
  database, Web, and application servers
• Enterprise servers (and legacy mainframes)
• Middleware often overlooked
• Network management software
• Business applications

55
Processing systems

• Includes most servers, clients, phones, and
  software (custom code, SAP, Oracle, etc.)
• Management issues include
• Whats internally developed vs. outsourced
• How to grow, deploy, modify
• Connecting to legacy systems
• Problem management
• Disaster recovery

56
Facility elements

• Facilities include
• Buildings, physical spaces
• Network conduits and links
• Power
• Environmental control systems (temp, humidity)
• Security (physical and network)

57
Facilities

• Includes data centers, network ops centers, data
  closets, managed services
• Issues include
• Manage internally vs. outsource
• Choosing the right facilities model
• Reliability, security
• Energy efficiency environmental impact

58
Internetworking characteristics

• Internetworking technologies differ from some
  other info technologies in several ways
• Based on open standards
• Operate asynchronously (think datagram network)
• Have inherent latency (delivery delays)
• Are decentralized (no single point of failure)
• Are scalable (lots of pathways help here)

59
Business implications

• On a fast network, all computers can act
  essentially as one
• The network becomes a computer
• Sequential events become nearly simultaneous
• Huge paradigm shift
• Physical location is less important, changing
  outsourcing, partnerships, industry structure
• But increasing complexity, interactions, threats

60
Real-time infrastructures

• The mainframe era used batch computing, often at
  the end of the day
• Real-time (or nearly so) computing has erased
  those expectations
• Other benefits include
• Better data, better decisions
• Easier synchronization of data sources

61
Real-time infrastructures

• Better process visibility
• Instant order status
• Improved process efficiency
• JIT inventory, faster cycle times, response to
  market conditions
• From make and sell to sense and respond
• Respond to actual demand, rather than forecasted
  demand, e.g. Dell
• Requires faster transaction and communication
  systems

62
Not all good

• The faster response time has produced new threats
• Wall St panic on 10/19/1987, due largely to
  automated stock buying programs causing a chain
  reaction
• While value can be created faster, so can bad
  side effects
• Need high availability, fast disaster response,
  and improved security

63
New service delivery models

• IT can be a service provided by outsourcing,
  instead of being internally managed
• Scarcity of IT people is partly driving this!
• The industry is becoming more standardized, and
  cost reduction pressure is strong
• Where exactly is your Gmail???
• Similar to shifts from answering machines to
  voice mail, or power as a commodity
• Need to manage IT providers and partners well!

64
Managing legacy systems

• Any infrastructure from an older organization
  probably still has legacy components in it
• Often obsolete, proprietary
• Also includes legacy organizations, processes,
  and cultures!
• How do new technologies relate to the legacy
  systems? Change the organization, processes, and
  culture?

65
Future of internetworking

• The technologies we rely on have been refined
  over the last 30-40 years
• Markets want reliable, secure, high speed
  connectivity
• Changes to QoS (quality of service) possible on
  the Internet are needed to help meet demand
• Availability, authentication, security, bandwidth
  guarantees, nonrepudiation are all highly desired

66
Summary

• Internetworking infrastructure includes not only
  the physical hardware and software, but the
  processes, organization, and culture that use
  them
• Technology changes are creating faster, more
  flexible, interoperable global networks, speeding
  creation of value at the cost of high complexity,
  uncertainty, and new threats

67
The Business of IT

• Assuring reliable and secure IT services

68
Reliability of the Internet

• The reliability of the Internet is based on its
  many redundant paths among hosts
• Failures at one or more routers are unlikely to
  stop a message from getting to its destination
• Most organizations dont have the luxury of that
  much redundancy!
• Key tradeoff is the expense of redundancy, versus
  the reliability it can bring

69
How much can you afford?

• Added complexity of redundant systems adds new
  kinds of possible failures
• So it boils down to asking how much reliability
  can you afford?
• Kind of like how fast do you want your car?
• How expensive is a 15-minute failure of your IT
  infrastructure? 12 hours?
• How does reliability differ from availability?

70
Availability
71
Timing

• The number of failures and their duration each is
  also important
• Many very brief failures may have less impact
  than one long one
• Timing when failures occur also matters
• 300 am often not as bad as 1000 am?
• Planned system outages dont count

72
Calculating availability

• For systems that all need to be running at once
  (serial), multiply their individual
  availabilities
• System avail P component avail
• So a system of five serial components, each with
  98 availability, will have a system availability
  of System avail 0.980.980.980.980.98
  90.4
• Adding more components hurts overall availability

73
Calculating availability

• If components are in parallel (any of the
  redundant components could perform the function),
  then multiply the failure rates of the components
  to get the system failure rate
• Failure rate 1 Availability rate
• So five components in parallel would have a
  failure rate of (1 - 0.98)5 3.2E-09 for an
  availability of 1 - 3.2E-9 99.99999968

74
High availability facilities

• A typical high availability data center should
  have many features
• Uninterruptible power supply
• Major equipment should have multiple power
  supplies, powered by separate circuits
• A UPS is ready to take over if main power source
  fails
• UPS might be a diesel generator for sustained
  outages
• Physical security to restrict access to the
  equipment

75
High availability facilities

• Extreme facilities might be protected from blast
  or other attacks
• Weighing visitors, biometric identification, etc.
  could be used
• Climate control and fire suppression
• Network connectivity to two or more backbone
  Internet providers
• Might have redundant NOCs

76
High availability facilities

• Help desk incident response procedures
• N1 or NN redundancy
• N1 means at least one redundant system standing
  by typically good for up to 3 9s of
  availability
• NN means double the number of systems normally
  needed, needed for 4 or more 9s of availability
• See earlier availability chart for Level 1 to 4
  Data Center classifications
• A single component can have redundant features,
  even if the entire component isnt duplicated

77
Malicious threats

• Its no secret that there are many threats to
  network security, from casual bored hackers to
  well organized spies and terrorists
• Threats can be loosely grouped into three
  categories
• External attacks
• Intrusion
• Viruses and worms

78
External attacks

• External attacks hurt a site or degrade its
  services, without getting access inside it
• Denial of service attacks (DoS) typically flood
  web servers with TCP SYN messages, until they
  crash
• Distributed DoS (DDoS) attacks do the same thing
  from many computers at once
• IP spoofing might be used to mask the true source
  of these attacks

79
External attacks

• DoS attacks are easy to do script kiddies
• And are hard to defend against
• Slow DoS attacks can look like normal traffic

80
Intrusion

• Intrusion attacks gain access inside your network
• Guess or obtain user names and passwords (maybe
  via packet sniffing, or clever social
  engineering)
• Back doors left by developers
• Port scanning to look for open entries to servers

81
Intrusion

• Once inside the network, hackers might
• Download, alter, or delete data (SSN, CC numbers)
• Deface web sites
• Posing as a user, send malicious messages
• Leave software to perform DDoS later, or time
  bombs to delete data
• Proving what they did is often very hard
• Can produce tough PR issues!

82
Viruses and worms

• Viruses and worms are self-replicating programs
• Viruses need help to spread, worms dont
• Both are often incorporated into other attacks,
  e.g. set up a DDoS attack

83
Defensive measures

• Many types of defenses are often used
• Security policies
• Firewalls
• Authentication
• Encryption
• Patching and change management
• Intrusion detection and network monitoring

84
Security policies

• Security policies are needed to define
• How passwords are managed
• Who has accounts on the network?
• What security is needed on network computers?
• What services are running in the network?
• What can users download?
• How are these policies enforced?

85
Firewalls

• Firewalls can be hardware- and/or software-based
  methods to control network access
• Can people access the network from outside?
• Most firewalls filter packets to look for
  attacks, illegal applications, IP spoofing, etc.
• Cant stop internal traffic, most viruses, or
  bypassing the network (wireless, flash drives)
• They also provide good traffic monitoring points

86
Authentication

• Authentication proves you are who you claim to be
  could be applied to hosts or users
• Could be as basic as user name and password, or
  involve certificate authorities, biometrics, etc.
• How tough are passwords? Change them how often?
  Can you reuse them?
• After that, can control access to data, network
  resources based on identity

87
Encryption

• Encryption provides confidentiality of data
• Even if intercepted, cant easily be read
• Protect your keys!!!
• Encryption can be symmetric or public key
• Often both are used to provide authentication and
  confidentiality
• Digital signatures also prove authentication
• Message digests provide integrity check

88
Patching and change management

• Known weaknesses in apps or OSs can be patched
  if you USE the patches!
• Keeping current is tedious
• Patches might cause side effects in other apps
• Change management needs to know what patches are
  installed, what apps should be running, and what
  files should be on production systems

89
Intrusion detection

• Intrusion detection systems look at packet
  contents to look for attack patterns or look for
  weird patterns of traffic behavior
• Could also include hardware and software
  monitoring to look for unusual configurations
  (e.g. a NIC in promiscuous mode) or suspicious
  behavior

90
Security management framework

• Security affects the design of a network, and
  requires policies and procedures to keep it safer
• Some basic principles of good security management
  include
• Make security decisions dont ignore the issue!
• Realize that security threats change and evolve
  dont expect anything to be static

91
Security management framework

• Consistent change management is critical
• Educate users what not to click on, how to keep
  passwords secure, why procedures are in place
• Great ignored procedures are worthless!
• Use layered security
• Consider host, network, and application levels of
  security, and prioritize measures

92
Risk management

• Risk management for availability and security is
  critical
• Cant avoid all risks, so need to estimate the
  probability of risks occurring, and how severe
  the impact (consequences) of each risk is
• Obviously, low probability and low impact risks
  are minor threats and high probability and high
  impact risks are critical ones to address

93
Risk management

• But the other combinations (low probability, high
  impact, or high probability, low impact) are
  harder to assess
• E.g. we often pay for insurance against unlikely
  but rare events, like severe illness or death
• Can define expected lossprobabilityimpact
• But intangible losses are hard to quantify
• New technologies may add new risks (complexity,
  instability)

94
Incident management

• All infrastructures experience incidents, so its
  important to plan for them
• What could be typical incidents affecting
  availability and/or security?
• Plan for actions to be taken before, during, and
  after an incident

95
Actions before an incident

• Design the infrastructure for recoverability and
  failure tolerance
• Follow your own procedures, especially for change
  management and data backup
• Document procedures and configurations carefully

96
Actions before an incident

• Have crisis management procedures
• How do you diagnose problems?
• Who is available to help?
• Practice incident response
• Do you have current contact information for key
  people?
• What outside resources are available to help?

97
Actions during an incident

• Beyond the apparent technical issues, there are
  many other factors in a crisis
• Emotional responses (confusion, denial, panic)
• Wishful thinking
• Political maneuvering, avoiding responsibility
• Leaping to conclusions, ignoring unwanted evidence

98
Actions during an incident

• Public relations issues can also be overwhelming
• Reluctant to admit how serious the problem is
  (FEMA in NO?)
• Major decisions are risky, and you have to make
  confident decisions even if data is never
  complete

99
Actions after an incident

• After an incident, may have to rebuild part of
  the infrastructure, or even everything
• This is why you had good CM!
• Processes might have to be changed to accommodate
  the new infrastructure
• Document lessons learned from this incident, to
  help reliving it in the future!
• What caused it? How can you prevent it?

100
Actions after an incident

• May also need to explain to customers and other
  stakeholders what happened, and what your actions
  have been
• Again can be a PR issue to show your steps to
  secure your infrastructure are sound and thorough

101
Summary

• Availability for IT infrastructures
• How to calculate availability with serial or
  parallel components
• Features needed for high availability facilities
• Security threats and defenses
• Security management framework
• Risk and incident management