How to plan for the end of life (EOL) of your IT kit
Monday, 20 August, 2012
Diamonds might be forever, but IT is not. Technologies and products that were once hot are now as dated as Joan Collins’ shoulder pads, Red Symons’ Skyhooks make-up or Warwick Capper’s footy shorts. While the aforementioned treasures may be lost to us forever, it is possible to plan for the end of life (EOL) of your IT kit.
Perhaps the only known copy of a historically important document is a WordStar file on a 5.25″ diskette. Maybe an AutoCAD drawing stored on a SyQuest cartridge could help prove that you developed a certain design feature ahead of a competitor.
You might need a way to migrate an old, yet essential application to a more cost-effective platform, or to modernise so it can feed data to a tablet app.
And while it’s relatively easy to get into the cloud, have you thought about how you’d get out again?
Let’s take a look at some of the issues involved.
Security
What happens when a vendor brings down the curtain on a piece of software before you’re ready to stop using it? The functionality might be adequate - if not, you would already have found a replacement - but what about ongoing security?
A prime example is Windows XP - the venerable and (at least in some circles) well-regarded operating system will reach the end of its extended support period on 8 April 2014. But from what we hear, some large and small businesses aren’t planning to complete their migration to Windows 7 or 8 by then.
Leaving aside any discussion of whether that’s sensible, the problem is that there’s no guarantee that the Bad Guys will start ignoring XP. If they think there will be enough systems to be worth attacking, they will continue to research vulnerabilities. Indeed, a smart move might be to keep any remaining XP vulnerabilities up their collective sleeve until April 2014, as Microsoft won’t then provide a protective patch.
Sophos director Rob Forsyth notes that security vendors delay EOLing - end-of-lifing, aka discontinuing - their products for as long as possible, often by as much as five years after the end of support for the OS they run on. This does provide customers with a way of detecting and blocking new threats, although it won’t do so as efficiently as a properly developed patch. He drew an analogy with the way taking aspirin can remove pain even if it doesn’t cure the underlying issue.
If an operating system vendor EOLs a product, its continuing use means trusting a security vendor, Forsyth observed.
This is also an issue for users of Mac OS X, as Apple doesn’t even say how long it will provide security patches for non-current operating systems. Custom and practice has been to support one version behind whatever’s current, but that hasn’t been explicitly stated. The problem is that backward compatibility of new OS X releases tends to be limited. Coupled with the now annual pace of OS upgrades, this makes it increasingly common to find a Mac that has plenty of life left in the hardware but is unable to run a currently supported version of the operating system.
Voice+Data sought comment from Apple for this article, but a spokesperson declined, saying “We’re very much about looking to the future.” Our approaches to Microsoft were also politely rebuffed: “They don’t want to participate in this opportunity,” said a spokesperson.
Mobile devices are also affected. The upgrade path for iOS has been reasonably good, but a lot of Android phones are still running the OS they shipped with, whether that’s because of incompatibilities with newer versions or because the vendors or carriers chose not to offer updates. That wouldn’t be a corporate issue, if not for the spread of BYOD (bring your own devices) - the practice of supporting employees’ mobile devices on the corporate network.
Forsyth suggests BYOD policies should require employees to install appropriate security software (antimalware, remote wipe and encryption) before the devices are used for work and pointed out that the Sophos product offers the same centralised management for Android (right back to version 2.2), iOS, Windows Mobile/Phone and BlackBerry as it does for desktop operating systems.
Storage
Migrating from one generation of storage is getting easier, given the increasing tendency to keep corporate data on centrally managed storage rather than individual users’ hard drives or external devices. It might not be a simple or quick job to copy all the data when you install a new disk array or tape library, but it’s easier than rounding up all the floppies or thumb drives sitting in desk drawers around the organisation.
The problem comes when you suddenly discover that you need some information that only exists on obsolete media that can’t be read by your current hardware. Perhaps you have some old LTO-2 tapes that you didn’t copy before upgrading to LTO-5 drives. That’s where companies such as Kroll Ontrack come in.
Kroll Ontrack’s General Manager for Asia Pacific, Adrian Briscoe, explained that recovering data from old media is an everyday job at the company. Not only does the company maintain a huge stock of outdated storage hardware at its branches around the world, it also has licences for a wide variety of software - it’s not enough to merely read the data from the device, the right backup software or other application is needed to make sense of it.
A typical scenario is a sudden need to read old emails (eg, because of pending or actual litigation) that now only exist in a stockpile of archive tapes. “LTO is a good standard,” he said, but backward compatibility is only retained for two generations, and “large OEMs will always be keen to move a client forward to the next generation.”
Another example is that certain medical records must be held for 30 years, and in previous decades they were commonly entrusted to magneto-optical storage, and such drives are now rare.
Kroll Ontrack also has software that can extract individual messages from an email backup, which is more efficient than restoring the entire database.
But “we still get requests for [recovering] 5.25″ floppies,” said Briscoe.
His suggestions include:
- Identify your important data and know where it resides (eg, down to the individual tape level), as it’s not easy to create an index after the event.
- Establish an archiving policy, and ensure that important data is deduplicated and then moved to new media whenever hardware is upgraded, or at least to a type of storage that can be affordably accessed.
- Establish and enforce a retention policy so data is not kept longer than necessary - if you no longer have it, you don’t have to worry about retrieving it. Just be careful to comply with any relevant laws or regulations.
Custom software
One of the trickier parts of migrating away from obsolete or outmoded hardware involves porting any custom software. Much the same problem faces software vendors when a platform they have been supporting falls out of favour.
Moving away from a mainframe presents “a conundrum”, according to Bruce Craig, Country General Manager for Australia & New Zealand at Micro Focus, because custom applications are “the lifeblood of the business” - if they didn’t provide something unique, they would have been replaced by packaged software long ago.
“You need to differentiate the application from the hardware,” he said. Mainframe hardware and supporting services “have become extremely expensive” (though that’s mainly in comparison with other platforms that have become so cheap), and customer touchpoints have moved further from the application (eg, the widespread use of tablets).
There are plenty of programs written in COBOL, PL/1, Natural and other languages that are still as valid as ever, he suggested. In particular, COBOL applications are “incredibly stable,” said Craig, “they work, they don’t break” and all that may be needed is to move them to a cheaper platform.
He pointed to a recent migration of mainframe applications by the Insurance Commission of Western Australia. The software had been developed over three decades, and no commercial packages provided equivalent functionality.
Other examples of migrations using Micro Focus products (which include a range of mainframe development tools as well as the compilers for which the company is probably best known) include the B&NCS banking system originally developed by Australian company FNS and now owned by Tata, as well as applications from PeopleSoft (now part of Oracle), Mincom and Amdocs.
Organisations often combine the task of moving an application from a mainframe and adding a web services wrapper allowing its functionality to be consumed by web or mobile apps. Eliminating mainframe costs can trim operating costs by millions, freeing up budget for new projects such as mobile apps, a process Craig called “self-funded innovation”.
Furthermore, such migrations typically have a payback period of 12 months, which makes the projects acceptable to boards.
And even if you’re not yet ready to move production applications off a mainframe, Craig pointed out that offloading development and testing to a lower cost platform can often save around 50% of mainframe capacity and improve productivity thanks to the ability to use better tools.
Cloud
There’s “a rapid acceleration to cloud services”, according to Liam Fraser, General Manager, Cloud Services, Optus Business, but there’s a need “to go in with eyes open”. Apart from having to decide whether it is the right technology and if its potential benefits can be realised, it’s also important to think about how you will be able to unwind from a particular service or provider.
There’s always a risk, however slight, that a provider will bring a service to an end, go out of business or fall into the hands of an unacceptable owner (eg, a rival or a member of a rival alliance, or an overseas company that presents sovereignty issues). Or maybe down the track another provider will offer better terms.
In a situation where an organisation’s applications are running in a set of virtual machines, all the relevant files can, in theory, be moved elsewhere, Fraser observed, but this requires IT and contract management skills. Optus Business uses vCloud Director, making it relatively easy to extract the files either across a network or on physical media.
He advocates consultative relationships with suppliers, because if you want regular backup or mirroring of your data to a destination outside your provider, “that’s not likely to be achieved as an off-the-shelf function”.
Similarly, if the migration of an obsolete system to the cloud was proposed, “we would consult very closely with our customer”, Fraser said, as in some circumstances it could be an excessively risky move.
But his company can provide consulting services for customers planning to run applications in public or private clouds, whether those applications are old and obsolete or being deployed for the first time by that organisation.
Optus offers a range of services covering infrastructure as a service (under the PowerOn brand, and available as a fully hosted service or managed - and possibly owned - by Optus but physically located on the customer’s premises) and software as a service (OfficeApps - initially rebranded Google Apps with local support, but with other applications planned). And at a regional level, parent company SingTel has “a rich ecosystem” of software as a service covering various vertical and horizontal applications - “it’s a very broad story,” he said.
A successful move to the cloud “takes a considered and methodical approach,” said Fraser.
Is the Australian tech skills gap a myth?
As Australia navigates this shift towards a skills-based economy, addressing the learning gap...
How 'pre-mortem' analysis can support successful IT deployments
As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...
The key to navigating the data privacy dilemma
Feeding personal and sensitive consumer data into AI models presents a privacy challenge.