Direct System Access – Necessity or Risk?
London, December 2013. What is Direct System Access ? A System Administrator can log into a server to carry out tasks as part of his duties, often working directly on a production system.
Even though necessary, this poses the risk of unintended System Updates to a company’s server infrastructure and therefore a risk to its business. Although in most cases only System Enquiry access is intended, we frequently come across situations like the one in this real life anecdote:
“A few years back I worked in a consulting capacity with a customer on a new system design. After a few iterations we needed to look at an existing production system design running a mobile call processing application for a Telecoms client. The customer phoned their in-house Technical Support, with the question of how often these systems actually get restarted.
The friendly System Administrator on the phone said ‘ Let me log on to the server quickly. I’ll have a look for you.’
Then silence …
What had happened ?
As we found out later the System Administrator had directly logged into the machine as a privileged user to enquire about the machine’s reboot history. He used the following command:
‘ last | reboot ‘ , however he meant to use ’ last | grep reboot ‘. What should have been a simple ‘System Enquiry’ turned into mistakenly shutting down a production server, which in this case was followed by a lengthy attempt to invoke DR – the business impact was significant !”
Direct System Access is a risk, regardless of System Enquiry or System Update ! According to Emerson Network Power 2013 Study On Datacenter Outages 584 respondents in U.S. organisations reported unplanned outages. 48 percent cited Human Error as Root Cause.
(Source: www.emersonnetworkpower.com)
Unplanned outages can cause significant cost to companies strongly relying on IT Infrastructure. A more detailed cost analysis can be found here.
How much Direct System Access is really needed?
The following table shows typical Infrastructure Operations tasks and how their access types compare.
Access type | System Enquiry | System Update |
Access reasons | ||
Casual access to view configuration | 100% | 0% |
Change preparation | 100% | 0% |
Change execution | 60% | 40% |
Trouble shooting | 95% | 5% |
Automated data collection scripts | 100% | 0% |
The majority of all system access results in (intended) System Enquiry operations. As System Enquiry operations are typically not time-critical they don’t necessarily require Direct System Access.
Can the associated risk be removed or minimised ?
threeisquared’s technology helps avoid all or a large percentage of System Enquiry access – with I-Insight we replace ‘Direct System Access’ with ‘Cached System Access’.
‘Cached System Access’ is a technology allowing most day-to-day System Administration tasks including configuration view, troubleshooting, change preparation and data collection scripts to be carried out in a ‘zero-touch’ fashion. No single production machine will be accessed during those tasks. Our solution will eliminate unnecessary risks and significantly speed up work streams that would otherwise require Direct System Access to large numbers of servers.
For detailed information how ‘Cached System Access’ can work for your IT Operations please get in touch with us here.