Best IT Blog

Windows 2000 Internet Information Server

Posted in O S (375) by Guest on the December 25th, 2010

IIS Components

  • File transfer Protocol (FTP) Server
  • World Wide Web (WWW) Server
  • Simple Mail Transfer Protocol (SMTP) Service
  • Network News Transport Protocol (NNTP) Service
  • FrontPage 2000 Server Extensions
  • Internet Services Manager (HTML)
  • Internet Information Services Snap-in
  • Visual InterDev RAd Remote Deployment Support
  • Indexing Service
  • Certificate Services

Windows 2000 Professional can only support 10 network connections and Windows 2000 Servers support an unlimited number of connections. Windows 2000 Professional includes the Personal Web Manager package (a web site administration tool) not included on Windows 2000 servers. The HTML Internet Services Manager and the NNTP Service are not available on Windows 2000 Professional.
Most IIS components are installed when Windows 2000 is installed. The “Add/Remove Programs” applet in the control panel may be used to add any additional IIS components. Select “Add/Remove Windows Components”, click on “Internet Information Services (IIS)’, then click details.

Created at Installation of IIS

  • Default Web Site located in c:Inetpubwwwroot

Security Enhancements

Security of the WWW server can be increased by:

  • Obtaining a certificate for the web server
  • Enable IP address or domain name access restrictions.
  • Disable anonymous access and specify a secure authentication method.
  • Configure the web server to send encrypted communication.
  • Place all content on an NTFS file system.
  • Set up home directory security settings.
  • Use firewalls to protect the server.

Web Site Management                                                                                                  

The “Internet Services Manager” is used to manage web sites on the computer. This can be done locally or remotely.
The Web Site Properties dialog box can be displayed by starting the “Internet Services Manager”, click on the + next to the server to be configured, then right click the web site to configure, and select “Properties”. The Web Site Properties dialog box tabs are:

  • Web Site – Web site properties window with an IIS 3.0 Admin tab allowing selection of the web site to be administered if a user connects with the IIS 3 administration tool. Only one web site may be managed with the IIS 3 administration tool. This tab is used to configure Web site ID, Connections, and Logins. The following may be set:
    • Description – Identifies the site in the Microsoft Management Console.
    • IP Address
    • Advanced button brings up a window:
      • Multiple Identities – A text list box set of entries including IP address, port and host header the site responds to. Default port is 80 and SSL port is 443.
      • Multiple SSL Identities – The site and port number secure connections are made over (default 443).
    • TCP Port – Default is 80.
    • SSL Port – Port for SSL communications. Default is 443.
    • Connections limited or unlimited – Default limited connections is 1000.
    • Connection Timeout – Default is 900 seconds.
    • Enable Logging checkbox and specify “Active log format”. Format types:
      • Microsoft IIS Log Format
      • NCSA Common Log Fromat
      • ODBC Logging – For database, very resource intensive.
      • W3C Extended Log File Format – The most flexible
    • Log “Properties” button and window:
      • General Properties – Set log file creation frequency and location where log files are stored.
        • The New Log Time Option – Causes new file creation, set to daily, weekly, monthly, unlimited, or when the log file gets to a specific size. The default is daily.
        • Directory path the log file is stored in.
        • Extended Logging Options list items that can be in the logging file:
          • Date
          • Time – default
          • Client IP Address – default
          • User Name
          • Service Name
          • Server IP
          • Server Port
          • Method – default
          • URL Stem – default
          • URL Query
          • HTTP Status – default
          • Win32 status
          • Bytes Sent
          • Bytes Received
          • Time Taken
          • Protocol Version
          • User Agent
          • Cookie
          • Referrer
      • ODBC Properties – Set the data source name (DSN), log data table. The user name and password used to store data in the database is set.
      • Extended Properties – Use checkboxes to select fields to be put in the log file. Time, client IP address, method, URI stem, and HTTP status are saved by default.
  • Operators – Configure what users may manage the web site. In the Web Site tab, operators cannot set IP Address, Port, SSL Port, or use the Advanced button. In the performance tab, operators can’t use the Bandwidth throttling. In the home directory, operators cannot set Directory Source, read setting, write setting, and application settings.
  • Performance
    • Performance Tuning – Sliding bar used to adjust server resources to he held in reserve to service requests quickly. This can be set depending on the number of hist per day that are expected. Fewer than 10,000, fewer than 100,000, or more than 100,000.
    • Enable Bandwidth Throttling – Limits the bandwidth use of one web site. It is enabled (default) or disabled.
    • Maximum Network Use – The value in Kbps of maximum bandwidth the website may use.
    • HTTP Keep-alive Enabled – Requires more resources, but keeps the connection to t
      he web browser open for quicker response. Turning off keep-alives or setting a short timeout can improve the performance of an IIS server that is low on memory and bandwidth.
  • ISAPI Filters – Add ISAPI filters to modify IIS performance for the web site. They are Internet Server Application Prrogramming interfaces and have global and site filters. Global filters are not be displayed, although they are applied. The web server must be restarted after adding or modifying global filters but, site filters are effective immediately. Global filters are run prior to Site filters.
  • Home Directory – Enter username and password who has access to a remote directory where that username and password is used for the access. Select where home files are:
    • Content comes from “A directory located on this computer” radio button.
    • Content comes from “A share located on another computer” radio button.
    • Content comes from “A redirection to a URL”. This option is used to redirect to another web site, when that web site has been moved.
    • “Local Path” or “Network Directory”.
    • Access Permissions checkboxes of Read, Write (The browser may update files with the PUT command is Write access is allowed), and Script source access”.
    • Content Control checkboxes of “Log visits” (Access is logged), “Directory browsing” allowed (A directory listing is sent to the browser), and “Index this resource” (A searchable index is generated)).
    • Application Settings
      • Name
      • Starting point
      • Execute Permissions:
        • None
        • Scripts only – Files with appropriate extensions are run as scripts without execute permission set.
        • Scripts and Executables – Files with proper extensions are run as scripts or ISAPI DLLs or CGI executables.
      • Application Protection
  • Documents – Specifies the default document to be returned by the browser if no document on the web page is specified. A footer for all HTML pages on the web site may also be specified. Options:
    • Enable default document – The page to show if a specific page is not requested. Several documents may be listed with the document at the top of the list being the default document.
    • Enable document footer – Can be used to add footer information to each page.
  • Directory Security – Three buttons:
    • Anonymous Access and Authentication Control – Any account using the anonymous logon or basic authentication must have the log on locally privilege configured in User Manager for Domains.
      • Allow Anonymous Access checkbox – Allows any web browser to access without a username or password. Used rather than basic or Windows NT Challenge/Response authentication if this is on also.
      • Account Used for Anonymous Access button – Specification of the anonymous access account.
      • Basic Authentication checkbox – Allows uses with web browsers that don’t support Windows Authentication to give a username and password for restricted web page access. The account name and password are not encrypted. Used if anonymous access is disabled or file permission does not permit anonymous access requiring a domain user account. This requires a domain user account.
      • Default Domain for Basic Authentication “Edit” button – The domain the user using basic authentication is assumed to belong in.
      • Digest authentication for Windows domain servers. – User accounts must store passwords with reversible encryption.
      • Integrated Windows Authentication – Required for requiring SSL communications to the web. Required to connect to the administration web site for this site (To perform remote administration). This requires a domain user account. Used under these conditions:
        • Anonymous access is disabled or denied due to file permissions requiring an NT user account.
      • Secure Communications – The “Server Certificate” button starts the IIS server certificate wizard.
    • IP Address and Domain Name Restrictions – Set all computers to either be granted access (radio button) or denied access (radio button) except those listed in the textbox. The textbox lists the IP and station address or internet names.
    • Assign a certificate to the web site
  • HTTP Headers
    • Enable Content Expiration checkbox
    • Content should (radio buttons) – Sets when the content will expire in the web browser cache by sending expiration headers with the web page.
      • Expire Immediately.
      • Expire after Days(textbox) and minutes (textbox). Default is 30 minutes.
      • Expire on Date (boxes).
    • Custom HTTP Headers
    • Content Rating (Edit Ratings button) – Voluntary classification of subject matter.
      • Rating Service – Tab containing buttons to display a public web site with rating classification information.
      • Ratings – Set ratings from 0 to 4 for violence, sex, language, and nudity. An e-mail address of the rating person and rating expiration date is set.
    • MIME Map (File Types button) – Associate file types on the web page with MIME types. Multipurpose Internet Mail Extensions (MIME) types are sent to the web browser.
  • Custom Errors – What to do if an error is encountered in serving the requested web page. Can specify an HTML file to be sent when an error occurs and use one of the following to specify where the file is:
    • File path
    • URL
  • Server Extensions – Can be used after the web server is configured to use FrontPage server extensions.

Publication Methods

  • Copy web pages into the default web site’s home folder in c:Inetpubwwwroot.
  • Virtual Directories – Causes directories on other servers to appear as though they are on your server. The Web Services Manager or Windows Explorer can be used to create virtual directories
  • Virtual Servers – A single server is made to appear as though it is more than one server. They only work on Windows 2000 Servers, not on Windows 2000 Professional. Requirements:
    1. One of:
      • An IP address is required for the primary server and each virtual server. IP addresses must be on one NIC. Multiple IP addresses can be assigned to one NIC using the “Network Dial-up Connections” folder.
      • A different TCP port number to be used.
      • A different FQDN to be used to access the new si
        te in the Host Header for this site: text box.
    2. A home directory must be assigned to each IP address using the directories tab.

Web Services Manager Menu Selections

Selections when the web site is selected:

  • New
    • Virtual directory
    • Web Site – Used to create additional virtual web servers.

Personal Web Manager

Accessed from Administrative Tools, Personal Web Manager is for novices.

Indexing Service

This service indexes web site content by creating two databases of words, one based on web server HTML files and the other based on other document types. The database take about 40% of the amount of room the original data takes. The Indexing Service works on all Windows 2000 operating systems and must be configured to start automatically if desired.
Search Tools:

  • Windows Explorer search tool.
  • Start menu search tool.
  • The “Computer Management” Index Service search tool. Computer Management is started by right clicking on “My computer” and selecting “Manage”.

Certificate Services

Used to manage and issue security certificates which are used for providing secure web connections between the web client and the web server. The “Add/Remove Programs” applet in the control panel may be used to add Certificate Services.

  • Certificate Authority (CA) – An organization that is trusted to issue certificates.
    • Enterprise root CA – The first and most trusted CA on the network requires the use of Active Directory.
    • Enterprise subordinate CA – Subordinate to the enterprise root CA requires the use of Active Directory.
    • Stand-alone root CA – A root for the certificate hierarchy and does not require Active Directory.
    • Stand-alone subordinate CA – Subordinate to the stand-alone root CA and does not require Active Directory.
  • Public Key Infastructure (PKI) – Implemented when certificates are used.
  • Public Key
  • Private Key

After Certificate Authorities are created, certificates can be set up fro use th selecting the administrative tool, “Certification Authority”. Selections:

  • Action
    • New
      • Certificate to Issue – Display certificates the CA cannot issue yet. This is where the CA can be authorized to issue these various certificates.

How users get Certificates

  • Windows 2000 users can use the MMC Certificate snap-in command line utility by typing “mmc” on the command line.
  • Access http://CA_server_name/certsrv with a web browser.
  • Administrators can set group policy so computers request certificates automatically when they are required using the administrative tool “Active Directory Users and Computers”.

Comments Off on Windows 2000 Internet Information Server

System and Application Unit Testing

Posted in Application (380) by Guest on the December 20th, 2010

Testing must be an on-going activity throughout all phases of a project and should be an integral component of quality assurance efforts. A complete testing strategy cannot be developed until after vendor selection, so this section contains suggestions for possible activities that could be included in a testing strategy, and a general description of the types of testing Project Manager should consider. A complete testing strategy and plan must be developed once the project reaches the implementation planning phase. The Project Workbook should be updated by the Project Director to include the Test Plan, once it is finalized.

Testing starts at the unit level, as team members test portions of the functionality encompassed within a single module, interface, report or modification. Data modeling is used to test delivered functionality. Customizations, interfaces and reports are first tested by their developer before they are submitted for testing by functional users. Functional users will conduct a unit test of the customization, report or interface and formally accept it before it is moved to production.

As the implementation of the project progresses, so does the nature of testing. After each module has been thoroughly unit tested, integration testing begins. As integration testing proceeds, more end-user participation is needed. Project Management Office (PMO) recommends that there be one person (a central point of contact or testing coordinator) responsible for tracking the status of test scripts and the documented results of each test. Any test scripts which identify errors should be tracked and given to the appropriate person to resolve. After the error has been resolved, it should be re-tested by the same individual who originally uncovered the error.

The next step in the testing cycle is to carry out system testing, to validate that the entire system performs as expected. Given concerns voiced by members of the user community over an “all or nothing” cutover, Project Manager may choose to perform a modified parallel test. In this scenario test scripts are created using two to four weeks of live data from a previous month. The output from the scripts (including process, interface and reporting outputs) is compared to the output from the legacy system. Unexpected discrepancies will be analyzed, resolved, and re-tested. This cycle is repeated until the team (and the user community) is confident that the new system is ready for production.

Each module Project Team should develop detailed test plans and acceptance criteria. These plans will be integrated and coordinated for the testing of inter-module processes. The plan should also identify one or more Testing Coordinators.

Test Scenarios

A test scenario documents the scope of a testing effort. It identifies the portion of the system being tested, which major functions or areas are to be tested, the approach to be used, the resources assigned, and the expected outcome of the testing. One or more test cases will be defined to accomplish the defined test scenario.

Test Cases

A test case describes the data and the process steps required to test a portion of the system for correctness, in support of a test scenario. A test case defines the specific functions to be tested, any base data that must be present prior to testing, data that will be input during the test, the process steps to be performed to accomplish the test, and the expected outcome from the test in the form of expected data results and deliverables. Test cases should be established for both functional and technical testing.

Test cases are also referred to as test scripts. As these test scripts are completed they serve as a good foundation for documentation and training.

Test cases should be designed to be reusable – individual test cases should be used as a component of later business process and integration testing, and should use the same general format as training and documentation materials.

Functional Testing

Functional tests allow the institution to validate the utility and accuracy of end-user processes. To accomplish functional tests, users run through a process from end to end. For example, the user looks up data, enters new data, executes system processes (interfaces or batch updates), generates output (reports or queries), and verifies the results of the test.

Technical Testing

A technical expert defines a technical test to ensure that the system operates correctly from a technical and performance standpoint. This involves the technical specialist verifying that the system operates correctly, that interfaces are correctly developed, that data loads correctly, that control tables are loaded, and that any system fixes are applied and operate correctly. Technical testing should also include load testing to ensure that system performance (including network, server and client architecture) meets expectations.

Unit Testing

This is a test with a narrow scope, relating to the test of a single module, a conversion process, an interface, a report or query, or any other single component of the system. This test can be both a technical test and/or a functional test, with the task owner taking responsibility for configuration and base documentation.

Integration Testing

An integration test verifies the correctness of several system components working together. An ERP system implementation typically includes integration testing and acceptance

  • At the time the delivered system is installed and configured with basic institutional data,
  • After any customizations and custom interfaces or processes are developed,
  • And as part of test conversions prior to deployment, to ensure that the system works properly with all customizations and legacy data in place.

This test includes both technical and functional testing, validating the ability of the system components to “talk” to each other and pass data correctly. Each iteration of integration testing fosters user ownership and knowledge transfer.

Planning for intermediate sign-off points also ensures that errors are caught and corrected at the right time. For example, performing an integration test immediately after basic installation and configuration identifies errors in configuration or system bugs. Correcting these early allows later integration testing to focus on errors in customization or data conversion.

System Testing

The system test validates that all aspects of the system are functional. This will require both functional and technical testing, and should also include a system stress or load test. The stress test will assess the ability of the system to handle expected production-size volumes.

Security Testing

Security testing validates that each type of user profile provides access to the correct areas of the application, and that data inquiry and update controls behave as expected. Security testing should include validating a user’s access to the online application, and any relevant batch or reporting processes the user should be able to execute. The security test must also validate that technical and project team members have appropriate access to development environments, but that both data and processes in the eventual production environment are properly secured. As such, the security test should be specifically defined within the context of the database environment.

Date Testing

Date testing is designed to test the system’s response to data-sensitive transactions.

Acceptance Testing

The main function of Acceptance Testing is to validate that a given module or function meets end-user expectations, and that no further development or correction is required. User acceptance tasks should be included as milestones in the project WBS, and serve several important functions:

  • Acceptance validates that the work in a given area is 100% complete,
    and will not be revisited,
  • Acceptance gives end users a chance to interact with, approve and begin to “own” a function or area,
  • Any re-work discovered after acceptance constitutes a scope change, and must be handled through the issue and change control processes.

Acceptance testing should be performed at the completion of each major (i.e.: requiring many days effort to complete) functional module, customization, interface or report. The acceptance test is not necessary for low-effort tasks, but in any situation where re-work would cause significant project schedule, resource or budget disruption, or where dependent processes would be significantly impacted, the acceptance test is a necessary quality assurance step.

The final acceptance test is the testing of the full system after it has been placed into a “non-live” production environment. This test can include performing the same tests used during the system test, and may include a mini parallel test with data loaded into both the new and legacy system so that results can be cross-checked and validated. Upon user satisfaction with the final acceptance testing, the new system goes into production.


Comments Off on System and Application Unit Testing

Sample Change Management Perspective

Posted in Compliances (1300) by Guest on the December 20th, 2010

Any project with the scope of an IT implementation will introduce change into an organization, and you need to use this opportunity to review existing processes, and adopt best practices where they provide benefit and can be implemented with reasonable effort. These kinds of changes can impact both individuals and departments, and may affect departmental interactions, working habits and even institutional culture.  Institutional change must be carefully managed to ensure that the outcome of any change is positive. 

A strong Change Management program will include an integrated communications plan, training and documentation plan, and an organizational development plan, which will be tied into the overall project so that activities take place at appropriate times.

Once the project moves into the implementation planning phase, you should plan for, and develop a support structure for the following general phases of a Change Management process:

Planning the Change Program: Developing a dynamic change plan with milestones and feedback loops tied to the phases of the system implementation.

Generating Sponsorship: Ensuring that the leadership teams are on board and committed, and that they understand and act on their roles as required for the successful outcome of program.  The project Steering Committee and Project Sponsors will need to fill this role.

Managing Organizational Impacts: Determining the extent to which current processes and institutional characteristics are aligned with the requirements of the planned business processes.  Understanding the new work processes that will be implemented, and defining the job and workplace skills required to support the new organization.  Assessing the current level of skill within the affected user population and comparing current to desired skills.

Preparing End Users: Providing stakeholders with a clear understanding of specific changes, how the changes affect them, and how the changes fit into the bigger picture is imperative to create end user acceptance and advocacy. 

Providing Production Support Post Go-Live:  Because you might implement several major systems, applications technology and reporting tools in overlapping phases or migrations, there will be a need to provide production support for some migrations while others are still being implemented. The organizational and staffing impacts of these competing needs have to be considered and managed.


Comments Off on Sample Change Management Perspective

A Good Project Starting Point Considerations

Posted in Projects (400) by Guest on the December 19th, 2010
  1. Clearly define project deliverables
  2. Carefully contemplate the objectives of each deliverable  
  3. Define what constitutes successful completion of the deliverable
  4. Provide an estimate of effort and / or duration needed to complete the deliverable
  5. Prepare appropriate documentation needed to complete the deliverable
  6. Communicate and / or implement any associated processes defines as part of the deliverable


Comments Off on A Good Project Starting Point Considerations

Sample Visio – Unix Privileges: Sudo – Bigadmin

Posted in Visio Samples - Stencils (457) by Guest on the December 18th, 2010
Comments Off on Sample Visio – Unix Privileges: Sudo – Bigadmin

Sample Remedy / Heat Incident Tracking ID

Posted in Business (600) by Guest on the December 17th, 2010


Remedy / Heat Tracking ID:
Date / Time: 

Item #

Support Need


Notes / Description


Comments Off on Sample Remedy / Heat Incident Tracking ID

Autocad 2010 Print to Adobe

Posted in Business (600) by Guest on the December 16th, 2010
Comments Off on Autocad 2010 Print to Adobe

ITIL – Change and Patch Management

Posted in Business (600),ITIL - Change Management - Help Desk (95) by Guest on the December 15th, 2010

A set of processes executed within the organization’s IT organization designed to manage the enhancements, updates, incremental fixes and patches to production systems, which include:
   · Infrastructure changes (routers, firewalls, proxies, cabling, etc)
   · System upgrades (servers, operating systems, , applications, databases)
   · Application code revisions (development and testing)

Change management is sometimes difficult for organizations to master because so many stakeholders are involved (e.g., business managers, application system developers, IT operations staff, auditors). However, this is not a reason for organizations to be complacent about inadequate controls or low performance.

Stable and managed production environments require that implementation of changes be predictable and repeatable, following a controlled process that is defined, monitored and enforced. These controls are used in financial processes to reduce the risk of fraud and errors.

Organizations should be very familiar with these controls: Only the minimal staff required to implement IT production changes should have access to the production environment (preventive). Authorization processes should involve stakeholders to assess and mitigate risks associated with proposed changes (preventive). Supervisory processes should encourage IT management and staff to undertake their duties responsibly (preventive), and be able to detect errant performance (detective).

Benefits of Good Change and Patch Management Processes
    · Spend more time on new development work to advance business goals and objectives
    · Reallocate IT staff resources to deliver new capabilities versus “putting out fires”
    · Spend less time on unplanned IT work
    · Less IT downtime
    · Ability to install critical patches with minimal disruption

Control Activities:
    · Common Process in Place and Documented
    · Effective Change Control Committee Structure
    · Change Control Log Used
    · Segregation of Duties Between Developers and Technical Staff Maintained
    · Automated Controls to Enforce Process of Promoting Changes into Production
    · Automated Process to Return Production Environment to Pre-change State
    · Approved Configurations Documented
    · Clear Delegation of Authority Documented
    · Approvals for Changes Documented
    · Automated System and Data Backups and Ability to Restore from Approved Environment


Comments Off on ITIL – Change and Patch Management

SDLC – Application System Definition Model

Posted in Application (380) by Guest on the December 14th, 2010


Application & System Services

Communication & Collaboration Service:

Database Administration

Desktop Computer Services

Disaster Recovery & Business Continuity Services


A formal model of a complete system

All information pertinent to deployment and operations

Machine-readable, capturing intent of developers and administrators

System topology

Developer constraints

IT policy

Installation directives

Health model

Monitoring rules

Service Level Agreements


Applications Layers

Applications Host Layers (internal / External)

Network Topology and OS Layer

Hardware Layer


Comments Off on SDLC – Application System Definition Model

Testing Approach and Strategy

Posted in Application (380) by Guest on the December 13th, 2010

Testing Approach and strategy helps you prepare the list of testing requirements and the testing strategy for supporting the new corporate procurement and application module.

Included are descriptions of the target audience, delivery method, and objectives. In addition, the testing approach and strategy identify:

The high level objectives and tasks of each testing phase

The human and physical resources required to support testing

The assumptions, dependencies and risks associated with the testing effort

The strategy for developing test scripts and executing the tests



The purpose of the testing approach and strategy document is to provide a reference at any time for resources working on tasks within the Testing process of Corporate Procurement and Application implementation. This document is the source for the testing requirements, strategy, approaches, direction, risks, benefits and assumptions. The document also covers the delivery of project and support services to assist the organization in the completion of the project. All members of the team should understand and follow the same testing strategy.

The requirements will have a continuing influence on the scope and content of the testing work throughout the project’s life; therefore, it is important that the list of requirements be as complete as possible and agreed on early during the project. The testing team will need to keep the requirements in mind throughout the project and help create testing that is compatible with them. Furthermore, if the testing requirements alter mid-project, the changes should be noted and disseminated in a timely manner.

The project manager uses this document to understand how the team plans to conduct the testing work and how the testing effort may impact the overall project.

Related documents

Future Process Model

Business Requirements

Business Requirements Mapping

Unit Test Scripts

System Test Scripts

Integration Test Scripts



The audience for this document includes project management team, track team leads, Corporate Global Support Application Specialists, P2P Supper Users and Business Subject Matter Experts.

Roles and Responsibilities

Test lead: The test lead will be responsible for overall management of the test effort responsible of the test lead include

Development Test Approach

Manage Test Effort

Manage Issues

Coordinate Internal / External Dependencies

Technical Support: The technical support group will be responsible for supporting the global test execution. Global support assumes appropriate and agreed to coverage during the test windows to ensure technical issues are resolved to allow the test execution to continue. Responsibilities include:

Define migration processes between unit, system and UAT stages

Support testing tools

Support test environments

Test Planning: The test planners will be responsible for the overall preparation of a structured, well documents test plan which will serve as the input to test execution. Responsibilities include:

Review and supplement test conditions

Define test cycles

Prioritize and map conditions to cycles

Create test scripts

Define test scripts

Define test data

Define expected results

Test execution: The test execution group will be responsible for executing all test cycles. Responsibilities include:

Execute test scripts

Verify test results

Document actual results

Identify problems

Re-execute test

Test Coordinator: The test Coordinator will manage the test issue reporting process. Responsibilities include:

Verifying test issues for




Assigned to Resources

Fit it coordinator: Fix it coordinator may be a role within the technical support team, as a point person for critical issues needing immediate resolution to continue. Responsibilities include:

Communicate issue resolution timeline and / or plan to resolve

Escalate “show stopper” issues to the project manager

Ensure appropriate resources assigned to issues

Comments Off on Testing Approach and Strategy

Sample SDLC Development Project Deliverables

Posted in Application (380) by Guest on the December 12th, 2010

Deliverables and Combined Processes


Project Roadmap Planning

Customer & Stakeholder requirements prioritization & signoff

Internal Services Catalog

Project Risks Identified

UI Models

List of Alternative Solutions

Selection of Best Solutions for further research

Hardware Solutions Demos

Financial Approval

Potential Solutions Modeled in Test Lab

 Initial Security Requirements Definition

Initial Project Plan & completion Estimate

Stakeholder and Management approval to move to Design/Elaboration Signoff


Finalized Customer Requirements

Solution Design Document

    Data models and interface specifications

    Development Guides and Standards

    Service Catalog

    UI Models

Final Solution Selection, budget and procurement

Update Project Roadmap View

Security Compliance Review

Test Plan (System and UAT) Draft

Deployment Plan, Draft

Training Plan, Draft

Project Plan and completion Estimate

Customer and Stakeholder approval to proceed to build Phase


Approved Validation/Test Plan

Configured Solution

Custom Coding

Formal Test Plans

Completed Configuration Testing

Completed Systems Testing

Completed Stress Testing

Completed UAT

Completed Solution Pilot

Update Project Plan

Finalized Design

Final Deployment Plan

Final Training Plan


Final & Comprehensive Release Plan

Successful Architecture Review

Trained End Users

Trained Administration & Support Groups

Successful Release Readiness Review


Deployed System

Successful PIR

Official Turnover to Production


Comments Off on Sample SDLC Development Project Deliverables

Questions for: Configuration Management and change control

Posted in Compliances (1300) by Guest on the December 12th, 2010
  • Does the configuration management plan address identification, status accounting and audit?          

  • Does the configuration management plan address the configuration of all system and configuration items?

  • Is the configuration management integrated into the structure of an organization?    

  • Is there version control of all configuration items?      

  • Is configuration management and version control consistent across the organization?           

  • Is there a formal process to initiate, authorize, implement and approve changes?       

  • Does the process describe who can initiate, authorize, implement and approve changes?       

  • Does the change control procedure require a risk analysis assessment about the impact of the change?         

  • Does the risk management procedure require to identify all risks as a result of change with likelihood and severity of problems?    

  • Does the risk management procedure require to identify means of mitigating risk or means of recovery should the risk actually become reality?           

  • Are the lists with all potential risks for network components, such switches, routers etc         

  • Does the change request form include information on the current state of the device?          

  • Does the change request form request information on priority?           

  • Does the change request form include the intent of the change’?        

  • Does the change control procedure require to evaluate the impact of the change on other network devices?

  • Are there recommendations with examples for the amount of testing after changes of network component?

  • Does the change approval form include a statement on the validation status of the networked system?       

  • Is there a procedure for emergency changes?   

  • Is there a system to track changes?       

  • Does the change control procedure include the requirement to ‘freeze’ the configuration before the change is made such that the system can go back to this configuration in case the change causes problems?                

  • Does the change control procedure require a formal documented evidence that the entire system works ‘as intended’?         

  • Does the change control procedure require to update user manuals, if necessary?      

  • Does the change control procedure require to update network drawings, if necessary?          

  • Are status reports being generated to identify status of requests?       

  • Do status reports show sufficient granularity, e.., %complete?            

  • Are all changes reviewed in weekly meetings of administrators?        

  • Does the organization have a formal group that is responsible for configuration management audits?           

  • Is there an audit schedule?       

  • Do audit include network diagrams?

  • Ongoing maintenance and control

  • Have these tasks been considered as part of on-going control?

  • Are there an infrastructure and procedures for problem reporting and resolution?

  • Is there a network configuration change management in place?

  • Are there procedures for regular network access checks

  • Are software upgrades implemented by all users in similar time frames?

  • After a change, are there tests to check the impact of change on other network components/systems

  • Are there regular back-ups?

  • Is there a risk assessment for the frequency of back-ups?

  • Are back-up and retrieval procedures validated?

  • Is there a contingency plan in case one of one or more network components fail?

  • Is there a contingency plan in case of fire or flood?

  • Are there instructions in case of malfunction of network components and system (e.g., who should be informed)?

  • Is there documented evidence on data integrity after recovery from a failures (disasters)?

  • If there are redundant components or systems, have they been validated?

  • Is there a training and user administration strategy for new users?

  • Are there procedures for regular review of network drawings?

  • Are there procedures for regular review of authorized user lists?

  • Is there annual review of security procedures and logs?


Comments Off on Questions for: Configuration Management and change control

Evolve to support

Posted in Business (600) by Guest on the December 11th, 2010

The protection of privacy is one of the most important issues surrounding the Internet today. Today, priority must be placed on protection of new applications, current system infrastructure and data integrity in addition to the implementation of privacy practices.

New reports on unauthorized access, interruption of service, privacy invasion and denial of service, have heightened public awareness of the vulnerability of electronic data on the Internet.

As the Internet evolves, and more and more data is interchanged, security measures will have to become more stringent to ensure public privacy and data integrity.

With the amount of information available on the Internet today, choosing best practices to provide privacy and protect data is a daunting task for e-services agencies and businesses alike.

Well as, the knowledge and expertise to select and implement the appropriate security plan for a particular e-commerce solution.

When combined, the tools and knowledge create a formidable wall against breaches of privacy and security through either inadvertent or malicious attacks.

E-commerce sites use several different types of security, often simultaneously, to secure transactions and data on their sites. For example 95% use firewalls, 85% use password authentication and 85% use Secure Socket Layer (SSL) encryption.

The extent and amount of personal data collected is not completely known and understood today.

The public wants to know what is being done with the information that they provide. They also want to have a choice to decline from entering a web site if they privacy policies do not coincide with their own beliefs.

The Government and Private Corporations have an obligation to is employees and customers:

  • To protect and maintain the privacy of the information it collects.

  • Set the expectation that transaction data will be secure from unauthorized users.

  • Make sure that each transaction is authentic.

  • Assure customers that the information represented on the web is accurate, timely and genuine representation of the e-services entity.

Enforcing aggressive policies, paying constant attention and using technology wisely ensure that all these obligations are met.

Comments Off on Evolve to support

Basic Oracle Hardening

Posted in Application (380) by Guest on the December 11th, 2010

 Disable install and demo accounts:

  1. Disallow default user/password 
  2. PUBLIC has execute System privilege 
  3. PUBLIC has execute Object privilege 
  4. PUBLIC has execute UTL_FILE privilege 
  5. PUBLIC has execute UTL_SMTP privilege 
  6. PUBLIC has execute UTL_HTTP privilege 
  7. PUBLIC has execute UTL_TCP privilege
  8. PUBLIC has execute DBMS_RANDOM
  9. Password complexity
  10. Restrict number of failed login attempts
  11. Authentication protocol fallback
  12. Connect and Resource grants


Comments Off on Basic Oracle Hardening

Datacenter – Application Lifecycle Considerations

Posted in Application (380) by Guest on the December 10th, 2010

Service Monitoring

• Availability
• Logging
• Auditing
• Performance Metrics
• Debugging & Tracing
• Synthetic Transactions

Exception Management

• Error Trapping
• Root Cause Analysis
• Notification Services

Version Management

• Data Contracts
• Message & Operation Contracts
• Endpoints (Addresses)
• Policies
• Internal Dependencies
• Claims
• Service Retirement
• Dependency Analysis

Service Delivery

• Methodology
• Standardized Service Delivery Lifecycles

Policy and Security Considerations

• Identity Store 
• Authentication & Authorization
• Exchange Policy and Contracts
• Secure Internet Perimeter
• Usage Control & Metering
• Transport Security
• Load Balancing
• Geo Clustering
• Web Services Interoperability

Service Level Agreements

• Quality
• Billing
• Configuration Management

Service Directory

• Awareness & Discovery
• Publish Process
• Subscription
• Service Owner Contact Information
• Documentation

Comments Off on Datacenter – Application Lifecycle Considerations

Sample Excel – DC Build Checklist

Posted in Sample - IT Spreadsheets - PowerPoints (251) by Guest on the December 9th, 2010
Comments Off on Sample Excel – DC Build Checklist

Sample Excel – Secure Red Hat Enterprise Linux 5 – NSA guideline

Posted in O S (375),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the December 9th, 2010
Comments Off on Sample Excel – Secure Red Hat Enterprise Linux 5 – NSA guideline

Visio Sample – Direct Access File System (DAFS)

Posted in Visio Samples - Stencils (457) by Guest on the December 8th, 2010

Free Visio Sample Direct Access File System Document download

Sample – Visio DAFs Client Server drawing.


Comments Off on Visio Sample – Direct Access File System (DAFS)

Apache Webserver Diagnostics

Posted in Application (380),Web Services (250) by Guest on the December 7th, 2010

Couple Options / utilities can help with debugging transient problems:
   o Curl
   o Dtrace 

Check the error_log when Apache misbehaves
$ kill -SIGSEGV `pgrep httpd | tail -1`
$ tail -100 error_log 

   · Versatile command line utility that can be used to debug web-based problems
   · Curl contains several advanced options to print protocol headers and connection errors
    · Invaluable utility for locating misbehaving servers and applications
$ curl -v –user-agent “CURL DEBUG (`date`)” -H “X-foo: yikes”

   · Dynamic tracing facility introduced in Solaris
   · Can dynamically instrument applications and the Solaris kernel down to the instruction level
   · Utilizes 30k+ probes distributed throughout the Solaris kernel
   · Designed to be used on production systems
   · No overhead when probes aren’t enabled

Dtrace script organization
   · Dtrace scripts contain one or more probes, an optional predicate, and an optional action to perform (the default action is trace()):
/ predicate /

Dtrace example #1
   · Viewing system calls by Apache process
$ dtrace -n ‘syscall:::entry
/execname == “httpd”/
@calls[probefunc] = count();

Dtrace example #2
   · Watching Logical Apache I/O operations syscall::write:entry
/ execname == “httpd” /
printf(“Apache wrote (%s) to fd %d (%sn”, probefunc, arg0,
/ execname == “httpd” /
printf(“Apache read (%s) from fd %d (%s)n”, probefunc, arg0,


Comments Off on Apache Webserver Diagnostics

Sample Excel – Secure Red Hat Enterprise Linux 5 – NSA guideline

Posted in O S (375) by Guest on the December 7th, 2010
Comments Off on Sample Excel – Secure Red Hat Enterprise Linux 5 – NSA guideline

Internet Service Provider (ISP) Communication / Constraints

Posted in Projects (400) by Guest on the December 7th, 2010


  ISP Communication / Constraints    



Gov’t Owned:




Remote Location






Mobile Data Svc





















































M America

Domincan Rebublic









M America

El Salvador









M America










M America










 n=”center”>M America










M America










S America










S America










S America










S America










S America










S America










S Asia










S Asia

East India









S Asia

South India









SE Asia

East Indonesia









SE Asia










SE Asia










SE Asia











Burkina Faso



















Comments Off on Internet Service Provider (ISP) Communication / Constraints

Sample Word – VPN Configuration Documents

Posted in Security (1500) by Guest on the December 6th, 2010
Comments Off on Sample Word – VPN Configuration Documents

Why did we start this blog?

Posted in Business (600) by Guest on the December 6th, 2010

Because in our years of IT experience we found that consulting companies think they have all the answers. The truth is they don’t even know all of the questions for most organizations to start and complete projects successfully.  

At a time when useful content is disappearing off the internet we wanted do just the opposite. You found us because you were looking for information in an effort to fast track your projects or simplify your job. Since 2007 we have tried to provide the best most relevant information we can on the subjects in this blog and on our website: 

This site has over 1000 downloadable files and dozens of information articles and weblinks.

Always verify the accuracy, completeness of the information on this site before you use it.


About the format and layout of this site:

This site is built from a template blog style sheet from we thank you for your many positive comments on the format. We wanted to keep it simple and void of distractions.

Comments Off on Why did we start this blog?

Generic Enterprise Workflow Requirements – Matrix

Posted in Projects (400) by Guest on the December 6th, 2010


Integrate with single sign-on solution roles as currently used


Generic  Enterprise Workflow Requirements – Matrix


Employee review

Online Availability


Workflow Core      
Manage and support various Event types      
Create, Update or Delete a token X   X
Status Changes X X X
Approval Activities X X X
eSignatures (statements of certification, recognition of review or receipt, etc) X X  
Legal statements of acceptance of contract   X  
Batch Process X    
Handle Triggers      
Scheduled X X X
Time based intervals X X X
Manually launched X    
Launch another workflow and or be launched by another workflow X   X
Routing Options      
Parallel paths X    
Conditional X X X
Ad-Hoc   X X
Business Rules      
High Level of Complexity X   X
Ability to specify business rules at the token type, ORG, Role, User, metadata element, time period (or any combination of above rules) etc. X   X
Control over views of workflow elements      X
Allow for ad-hoc modifications to business rules with defined security access X    
Ability to add business rules for a new token types or ORG/Role/User etc without code changes X    
Ability to define escalation route(s), triggers or events for a specific token type or attribute. X X  
Messages could be sent via email, RSS feed, digest of many messages, text message, or other means X X X
Automatically notify individuals of tasks that they must perform.  X X Xd>
Automatically notify the creator of the token when task completion or outcome occurs  X   X
Support time based triggered notification. X X X
Record when system messages are sent and retain copies of sent messages. X X X
Fetch data (any/all data sources) and include it in a notification message. X X X
Audit & History Tracking      
When a token is passed through the workflow each status and activity change should allow for user comments. X X  
Record the ID of the person or system who performs any activity in the system, as well as when and where the activity takes place (within what application or what portal, etc).  X X X
Display a record of all the statuses a token goes through, and date the token changes status. X X X
Maintain and display a snapshot or version of th token at key routing points within the workflow.  X    
Audit and history trail should include notification information   X X
Presentation Layer      
Different portals for the different defined roles     X
Option for publishing or read-only views to public     X
End-user applications may require their own separate presentation layer within their application.   X  
Information about the state of each token in the workflow is easily accessible. X X X
List of tokens and their metadata that allow for sorting and filtering. X X X
Profile of users or roles to allow for view definitions. X X X
Graphical representation of workflow process and progress.     X
Provide color-coding options for activities, status and flow as required for escalation and critical paths, etc.   X  
Allow for control of notification preferences through the presentation layer (rather than through the workflow configuration).    X  
Expose audit and history trail of the token  X X X
Document Management      
Versioning and source control of the all tokens and their associated attachments. X X X
Attachments of various file types, supplements, etc. X   X
Support configurable retention, encryption, confidentiality and document/file destruction X   X
Security      Integrate with single sign-on solution roles as currently used. 


Comments Off on Generic Enterprise Workflow Requirements – Matrix

Sample Data Rights Management Matrix

Posted in Information Rights Management (100) by Guest on the December 6th, 2010
A Sample protection matrix specifies the operations that are allowable on objects by a process executing in a domain
Sharepoint access
Database Access
Acccess (RW)
Acccess (RW)
Acccess (RW)
Acccess (RO)

Comments Off on Sample Data Rights Management Matrix
Next Page »