Case Snapshots

See how GuideIT has helped companies achieve their business goals.


Slider
No post found
No post found
No post found
No post found
Leading Museum and Educational Institution Extends IT Services Relationship with GuideIT

August 2, 2018 – Plano, TX – GuideIT today announced that it signed a three-year contract extension to provide IT managed services to a leading museum and educational institution.

The museum engaged GuideIT three years ago for data center migration and IT support services.  Since then, the two organizations have worked together to introduce new cyber security and data preservation solutions, while advancing delivery support and optimizing IT support expense.

Chuck Lyles, CEO for GuideIT said, “We are proud of the accomplishments achieved over the past three years and look forward to continuing our partnership providing strategic IT solutions that meet the needs of the museum’s mission.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com.

Amazon EC2 Security Groups

In this installment of our Scalable Solutions series, we are going to be reviewing one of the core components of EC2, the security group.  We have found that our customers find that the elasticity provided by security groups allows them to build more resilient solutions and expand them as performance dictates it, with consistent security policies.

In case you missed our previous articles you may want to go back and review these great resources.

Week 1 – Amazon Route 53 Basics

Week 2 – AWS Certificate Manager

Week 3 – AWS Systems Manager Parameter Store

Week 4 – AWS Application Load Balancer

If you are just looking to learn more about AWS and you are in the North Dallas area we sponsor the AWS User Group of North Dallas at our offices in McKinney, TX.  You can find this group on meetup.com.

Security Group Basics

Security groups are essentially a virtual firewall inside of your instance that controls ingress and egress traffic.

  1. By default, a security group doesn’t have any ingress rules and therefore doesn’t allow any inbound traffic, but has a default egress rule which allows all outbound traffic.
  2. You cannot specify deny rules.  The lack of an allow rule triggers the implicit deny.
  3. Security group rules are stateful.  This means that traffic that is allowed by a rule will have it return traffic allowed as well.
  4. Security group rules can allow traffic from another security group, or even its own security group.

Of course, in addition to Security Groups we can also leverage Network ACL’s to provide another level of security and traffic filtering.

Multiple AWS resource types can have a security group associated with it, such as EC2, RDS, ELB, but essentially anything with an Elastic Network Interface will have a security group.

In this example, we will be creating an ELB with some backend web servers.  We are going to enable the entire internet to access TCP 443 on the ELB, but from the ELB to the web servers we are only going to allow TCP 80.  This is called SSL termination, where we aren’t going to manage any SSL configuration on the web servers themselves since it gets terminated at the load balancer.  This lets us conserve CPU cycles on the web tier.

Create Security Group for Load Balancer

Firstly we need to add a security group, this one will be applied to the ELB, and will allow HTTPS inbound from the internet.  It will also be used to identify the traffic from the load balancer to the webserver security group.

PS&gt; aws ec2 create-security-group --group-name &quot;external - squirrelbox traffic&quot; --description &quot;allows external access to squirrelbox load balancers&quot; --vpc-id vpc-bfa608c4<br />

{<br />

&quot;GroupId&quot;: &quot;sg-8b9d27c1&quot;<br />

}

We will need to use the GroupId elsewhere, so please reserve this.

Allow HTTPS from Anywhere

Next let's allow the HTTPS inbound from the internet.  Of course simply modify the command to accomplish specific protocols, ports and sources.

PS&gt; aws ec2 authorize-security-group-ingress --group-id sg-8b9d27c1 --protocol tcp --port 443 --cidr 0.0.0.0/0

At this point, we are ready to associate this security group with our ELB.  If you haven’t jumped ahead we should see gateway errors from the ELB if we try and hit the ELB.

Create Security Group for Web Servers

Next, let's add a security group which we will associate with our web server instances.

PS&gt; aws ec2 create-security-group --group-name &quot;internal - squirrelbox traffic&quot; --description &quot;allows load balancers access to squirrelbox servers&quot; --vpc-id vpc-bfa608c4<br />

{<br />

&quot;GroupId&quot;: &quot;sg-78a51f32&quot;<br />

}

Now we need to create some rules.

Allow HTTP from Load Balancer Security Group

Here we are going to enable the load balancer to reach the web nodes on port 80.

PS&gt; aws ec2 authorize-security-group-ingress --group-id sg-78a51f32 --protocol tcp --port 80 --source-group sg-8b9d27c1

Notice the –source-group parameter, we can use this instead of specifying a CIDR address.  Now at this point, if your ELB, Web Server, and DNS setups are completed (out of the scope of this article) then you should be able to see your website.

At Entasis we assist our customers in building elastic and resilient solutions with performance on-demand.  If you need help making your cloud initiative a reality we would love to help.

AWS Application Load Balancer

This week in our Scalable Solutions series we are going to be covering the Elastic Load Balancer (specifically the Application Load Balancer or v2). At Entasis we help our customers build elastic and resilient solutions with performance on-demand.  If you need help finalizing your design or implementing your vision please don’t hesitate to reach out to us at sales@entasistech.com. Also if you are just looking to learn more about AWS and you are in the North Dallas area we sponsor the AWS User Group of North Dallas at our offices in McKinney, TX.  You can find this on meetup.com.

If you did not catch our earlier articles please take a peek at what we have been up to in this series.

Week 1 – Amazon Route 53 Basics

Week 2 – AWS Certificate Manager

Week 3 – AWS Systems Manager Parameter Store

One of the most critical concepts in any scalable solution to understand is horizontal scaling.  Basically, when scaling a solution we have two directions that we can scale in. We can scale vertically which means we are going to take our one system and make it bigger or we can scale horizontally which means that we can add more machines to the existing solution to help share the load with the previous node.

So let's look at a simple web workload.  We are going to make the assumption for a second that this is a static website (read: no server-side components, and no database backend requirement).  This workload is literally the easiest workload to scale horizontally. This is because we just put the content on a new box, configure the webserver the same (read: automation) and then we add it to DNS and we move on.  Now when we “add” it to DNS this means that we actually create an extra DNS record of type “A” with the IP address of the new system. When we do this it actually gets handled as round-robin DNS or “poor man’s load balancing” which basically means if you have 2 nodes in a DNS record that the response will alternate between the two records, this is not bad for distributing load (and it keeps working as you add more nodes – say 50) so if you have 2 nodes then each node will get 1/2 of your workload, if you have 50 then each node will get 1/50 of your workload.  This, however, has a number of weaknesses.

Connection Distribution Versus Workload Distribution

Not all users are created equal, so in our simple example, you could have a user which generates 5kb of data transfer, and another one who generates 50kb of data transfer.  This is 10x the workload. Now if you end up by complete randomness with a good portion of your users being serviced on one node which are 10x users, then that node has the potential to provide a poor experience due to having a higher number of active users then the other node.  So while the connections get distributed with ultimate fairness – the workload does not.

Failover Capability

The largest weakness, in my opinion, is an inability to deal with failure scenarios.  So since connections are distributed (1/2 and 1/50 in our examples) if we lose just one node, this means that we will lose the ability to provide services to the connections which will still be distributed among all of the nodes (including the failed one).  This is because there is no concept of a health check in DNS in general. Route 53 actually has the concept of a failover record which fills this gap nicely for certain workloads. We will cover this in a later article.

Load Balancing

So enter load balancing.  This enables us to have more intelligent workload distribution.  Based on our workload we can determine how we want to distribute our traffic, Least Connection Count for example (this actually will monitor the state of existing connections, so instead of sending 1/2 of the connections it will send 1/2 of the Active Connections which keeps the current connections even across all nodes).  Of course, there are still users that are 10x users but this ensures that our users will be routed to the quietest node at that time. Now combine this with health checks and the load balancer can mark a workload as unhealthy and thus choose to no longer route traffic to it until it becomes healthy again. This sort of capability protects your end users from experiencing and outage due to a single node failure.

OK so now that we know the why let's create some resources.

Identify Our VPC, Subnet and Security Groups

This requires us to create resources in a network, so we need to know where we want that to be.  I am using a demo account and such I only have the default VPC’s and subnets. If you have custom VPCs and specific subnet placement requirements you will want to ensure you use the correct resource ids.  However, if you aren’t picky or if you can recognize them by the id, this command will save you some work. I am simplifying the output using Powershell if you are on bash those portions will not work, but you can manually parse the aws command yourself.

VPCs

PS&gt; (aws ec2 describe-vpcs --region us-east-1 | ConvertFrom-Json).Vpcs.VpcId<br />

vpc-bfa608c4

Subnets

PS&gt; (aws ec2 describe-subnets --region us-east-1  | ConvertFrom-Json).Subnets.SubnetId<br />

subnet-45b36c4a<br />

subnet-233dd569<br />

subnet-5d88ac00<br />

subnet-aa525fce<br />

subnet-ce0627e1<br />

subnet-ad742d92

Security Groups

PS&gt; (aws ec2 describe-security-groups --region us-east-1  | ConvertFrom-Json).SecurityGroups.GroupId<br />

sg-205f1956<br />

sg-49e21d03<br />

sg-d49732a2<br />

sg-8b9d27c1<br />

sg-78a51f32

So here is a list of the resources we will use.

vpc-bfa608c4

subnet-45b36c4a

subnet-233dd569

sg-8b9d27c1

sg-78a51f32

You will only see one of the security groups in the setup, the other one is applied to our ec2 nodes and it allows the traffic from the load balancers to the web servers running on ec2.

Create Load Balancer

In order to create the load balancer we will need the following information:

  1. The desired name of the load balancer
  2. At least two subnets (in the same VPC)
  3. The security groups which allow traffic inbound from the client, and also that allow the ELB to communicate with the actual servers.
  4. The region in which to create the resource (which of course must be the same as the subnets and security groups.

Here is the basic syntax of the command.

$ aws elbv2 create-load-balancer --name [ load-balancer-name ] --subnets [ subnet1 subnet2 ] --security-groups [ security-group1 security-group2 ]--region [ region ]

In our example, our workload is going to be a couple of EC2 instances that are running apache over HTTP on port 80.  This is going to be accessible via the internet at www.squirrelbox.io over HTTPS on port 443. When we have a configuration like this where the web tier itself doesn’t run SSL, but the load balancer does this is called SSL termination, basically we are terminating the LS at the load balancer to save CPU cycles on the web nodes themselves, reduce the management overhead of having SSL certificates on all of our web nodes, but this is with one big caveat, we must trust the network between the load balancer and the web nodes.  In AWS this is not a problem due to the VPC architecture. However, if you have different requirements you can also look at using dedicated tenancy for your VPC and instances.

PS&gt; aws elbv2 create-load-balancer --name squirrelbox-external --scheme internet-facing --ip-address-type ipv4 --subnets subnet-45b36c4a subnet-233dd569 --security-groups sg-8b9d27c1 --region us-east-1<br />

{<br />

&quot;LoadBalancers&quot;: [<br />

{<br />

&quot;IpAddressType&quot;: &quot;ipv4&quot;,<br />

&quot;VpcId&quot;: &quot;vpc-bfa608c4&quot;,<br />

&quot;LoadBalancerArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a&quot;,<br />

&quot;State&quot;: {<br />

&quot;Code&quot;: &quot;provisioning&quot;<br />

},<br />

&quot;DNSName&quot;: &quot;squirrelbox-external-1261228970.us-east-1.elb.amazonaws.com&quot;,<br />

&quot;SecurityGroups&quot;: [<br />

&quot;sg-8b9d27c1&quot;<br />

],<br />

&quot;LoadBalancerName&quot;: &quot;squirrelbox-external&quot;,<br />

&quot;CreatedTime&quot;: &quot;2018-07-21T16:29:24Z&quot;,<br />

&quot;Scheme&quot;: &quot;internet-facing&quot;,<br />

&quot;Type&quot;: &quot;application&quot;,<br />

&quot;CanonicalHostedZoneId&quot;: &quot;Z3XXXXXXXXXX7K&quot;,<br />

&quot;AvailabilityZones&quot;: [<br />

{<br />

&quot;SubnetId&quot;: &quot;subnet-233dd569&quot;,<br />

&quot;ZoneName&quot;: &quot;us-east-1a&quot;<br />

},<br />

{<br />

&quot;SubnetId&quot;: &quot;subnet-45b36c4a&quot;,<br />

&quot;ZoneName&quot;: &quot;us-east-1f&quot;<br />

}<br />

]<br />

}<br />

]<br />

}

Once we have created it we need to refer back to it, for example to check the state and ensure it is active, or perhaps to pull the ARN for a subsequent action.

PS&gt; (aws elbv2 describe-load-balancers --region us-east-1 | ConvertFrom-Json).LoadBalancers</p>

<p>IpAddressType : ipv4<br />

VpcId : vpc-bfa608c4<br />

LoadBalancerArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a<br />

State : @{Code=active}<br />

DNSName : squirrelbox-external-1261228970.us-east-1.elb.amazonaws.com<br />

SecurityGroups : {sg-8b9d27c1}<br />

LoadBalancerName : squirrelbox-external<br />

CreatedTime : 2018-07-21T16:29:24Z<br />

Scheme : internet-facing<br />

Type : application<br />

CanonicalHostedZoneId : Z3XXXXXXXXXX7K<br />

AvailabilityZones : {@{SubnetId=subnet-233dd569; ZoneName=us-east-1a}, @{SubnetId=subnet-45b36c4a; ZoneName=us-east-1f}}

I often find myself needing the ARN (we will use it a few more times in this article) so I like to find ways to shortcut that output.  This will return just the ARN on Powershell.

PS&gt; (aws elbv2 describe-load-balancers --region us-east-1 | ConvertFrom-Json).LoadBalancers.LoadBalancerArn<br />

arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a

Keep this ARN handy we will use it later.

Create Target Group

So now we have created a load balancer, well the next step is to create a target group, this is essentially the collection of backend services that will represent a single workload.  So in our simple example of a web server, we might have 4 back end ec2 instances that would-be members on port 80. However, it is also important to note that you can have different ports in the same target group.  This is especially helpful when it comes to containers.

Here is the basic syntax of the command.

$ aws elbv2 create-target-group --name [ target-group-name ] --protocol [ HTTP | HTTPS ] --port [ PORT ] --vpc-id [ vpc-id] --region [ region ]

Now when we create the target group we simply need a name, VPC, and the protocol and port combination.

PS&gt; aws elbv2 create-target-group --name squirrelbox-webnodes --protocol HTTP --port 80 --vpc-id vpc-bfa608c4 --region us-east-1<br />

{<br />

&quot;TargetGroups&quot;: [<br />

{<br />

&quot;HealthCheckPath&quot;: &quot;/&quot;,<br />

&quot;HealthCheckIntervalSeconds&quot;: 30,<br />

&quot;VpcId&quot;: &quot;vpc-bfa608c4&quot;,<br />

&quot;Protocol&quot;: &quot;HTTP&quot;,<br />

&quot;HealthCheckTimeoutSeconds&quot;: 5,<br />

&quot;TargetType&quot;: &quot;instance&quot;,<br />

&quot;HealthCheckProtocol&quot;: &quot;HTTP&quot;,<br />

&quot;UnhealthyThresholdCount&quot;: 2,<br />

&quot;HealthyThresholdCount&quot;: 5,<br />

&quot;TargetGroupArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot;,<br />

&quot;Matcher&quot;: {<br />

&quot;HttpCode&quot;: &quot;200&quot;<br />

},<br />

&quot;HealthCheckPort&quot;: &quot;traffic-port&quot;,<br />

&quot;Port&quot;: 80,<br />

&quot;TargetGroupName&quot;: &quot;squirrelbox-webnodes&quot;<br />

}<br />

]<br />

}

After creating it we might need to refer back to it to check the settings.

PS&gt; (aws elbv2 describe-target-groups --region us-east-1 | ConvertFrom-Json).TargetGroups</p>

<p>HealthCheckPath : /<br />

HealthCheckIntervalSeconds : 30<br />

VpcId : vpc-bfa608c4<br />

Protocol : HTTP<br />

HealthCheckTimeoutSeconds : 5<br />

TargetType : instance<br />

HealthCheckProtocol : HTTP<br />

LoadBalancerArns : {}<br />

UnhealthyThresholdCount : 2<br />

HealthyThresholdCount : 5<br />

TargetGroupArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd<br />

Matcher : @{HttpCode=200}<br />

HealthCheckPort : traffic-port<br />

Port : 80<br />

TargetGroupName : squirrelbox-webnodes

This will return just the ARN of the target group.

PS&gt; (aws elbv2 describe-target-groups --region us-east-1 | ConvertFrom-Json).TargetGroups.TargetGroupArn<br />

arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd

Keep this ARN handy we will use it later.

Create Listener

Next, we must create the listener, the listener does exactly that it listens for the customer traffic.  So this is going to declare the external protocols and associate a certificate (if appropriate) with the load balancer.

Here is the basic syntax of the command.

$ aws elbv2 create-listener --load-balancer-arn [ load-balancer-arn ] --protocol [ HTTP | HTTPS ] --port [ port-number ] --certificates &quot;CertificateArn=[ certificate-arn ]&quot; --default-actions &quot;Type=forward,TargetGroupArn=[ target-group-arn ] --region [ region ]

The listener will setup the external listening port on the load balancer, and associate a certificate as well as create a default rule referring to the target group we declare.

PS&gt; aws elbv2 create-listener --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:11223344556:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a --protocol HTTPS --port 443 --certificates CertificateArn=arn:aws:acm:us-east-1:310843369992:certificate/0e8046d4-3625-49ff-9fee-c1485e314dc7 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:310843369992:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd --region us-east-1<br />

{<br />

&quot;Listeners&quot;: [<br />

{<br />

&quot;Protocol&quot;: &quot;HTTPS&quot;,<br />

&quot;DefaultActions&quot;: [<br />

{<br />

&quot;TargetGroupArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot;,<br />

&quot;Type&quot;: &quot;forward&quot;<br />

}<br />

],<br />

&quot;SslPolicy&quot;: &quot;ELBSecurityPolicy-2016-08&quot;,<br />

&quot;Certificates&quot;: [<br />

{<br />

&quot;CertificateArn&quot;: &quot;arn:aws:acm:us-east-1:112233445566:certificate/0e8046d4-3625-49ff-9fee-c1485e314dc7&quot;<br />

}<br />

],<br />

&quot;LoadBalancerArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a&quot;,<br />

&quot;Port&quot;: 443,<br />

&quot;ListenerArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83&quot;<br />

}<br />

]<br />

}

Here we can check the listener’s configuration after its creation.

PS&gt; (aws elbv2 describe-listeners --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a --region us-east-1 | ConvertFrom-Json).Listeners</p>

<p>Protocol : HTTPS<br />

DefaultActions : {@{TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd; Type=forward}}<br />

SslPolicy : ELBSecurityPolicy-2016-08<br />

Certificates : {@{CertificateArn=arn:aws:acm:us-east-1:112233445566:certificate/0e8046d4-3625-49ff-9fee-c1485e314dc7}}<br />

LoadBalancerArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a<br />

Port : 443<br />

ListenerArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83

Of course we can also just display the ARN.

PS&gt; (aws elbv2 describe-listeners --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a --region us-east-1 | ConvertFrom-Json).Listeners.ListenerArn<br />

arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83

Keep this ARN handy we will use it later.

Create Rule

If you have complicated load balancing requirements (multi-tenant, api endpoints, etc) then rules will be your friend.  Anything that you want to route differently than the default will need its own rule and this will be how that traffic is controlled.

Here is the basic syntax of the command.

$ aws elbv2 create-rule --listener-arn [ listener-arn ] --conditions &quot;Field=[ path-pattern | host-header ],Values=[ /squirrelbox/* | www.squirrelbox.io ]&quot; --actions &quot;Type=forward,TargetGroupArn=[ target-group-arn ]&quot; --priority 1 --region [ region ]

Here we are going to set a host-header rule so that anything that comes in via the name www.squirrelbox.io will get routed to a specific target group.

PS&gt; aws elbv2 create-rule --listener-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83 --conditions &quot;Field=host-header,Values=www.squirrelbox.io&quot; --actions &quot;Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot; --priority 1 --region us-east-1<br />

{<br />

&quot;Rules&quot;: [<br />

{<br />

&quot;Priority&quot;: &quot;1&quot;,<br />

&quot;Conditions&quot;: [<br />

{<br />

&quot;Field&quot;: &quot;host-header&quot;,<br />

&quot;Values&quot;: [<br />

&quot;www.squirrelbox.io&quot;<br />

]<br />

}<br />

],<br />

&quot;RuleArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:listener-rule/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83/3303294d17235cd9&quot;,<br />

&quot;IsDefault&quot;: false,<br />

&quot;Actions&quot;: [<br />

{<br />

&quot;TargetGroupArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot;,<br />

&quot;Type&quot;: &quot;forward&quot;<br />

}<br />

]<br />

}<br />

]<br />

}

Let’s describe the rules we now have.

PS&gt; (aws elbv2 describe-rules --listener-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83 --profile entasisawsug | ConvertFrom-Json).Rules</p>

<p>Priority : 1<br />

Conditions : {@{Field=host-header; Values=System.Object[]}}<br />

RuleArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:listener-rule/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83/3303294d17235cd9<br />

IsDefault : False<br />

Actions : {@{TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd; Type=forward}}</p>

<p>Priority : default<br />

Conditions : {}<br />

RuleArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:listener-rule/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83/e8a9ec74d438b479<br />

IsDefault : True<br />

Actions : {@{TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd; Type=forward}}

 

Additional Certificates

If you have multiple hostnames on the same load balancers you will likely need to have multiple certificates associated with the listener so that it can use SNI to apply the correct cert.  Here is how you would add a second one.

Here is the basic syntax of the command.

PS&gt; aws elbv2 add-listener-certificates --listener-arn [ listener-arn ] --certificates CertificateArn=[ certificate-arn ] --region [ region ]

Here we will add a second certificate for another domain, this one is for www2.squirrelbox.io.

PS&gt; aws elbv2 add-listener-certificates --listener-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/8 62c694eafb01c83 --certificates CertificateArn=arn:aws:acm:us-east-1:112233445566:certificate/b9625a00-9b05-4d4f-81e3-5084d8f8bd59 --region us-east-1<br />

{<br />

&quot;Certificates&quot;: [<br />

{<br />

&quot;CertificateArn&quot;: &quot;arn:aws:acm:us-east-1:112233445566:certificate/b9625a00-9b05-4d4f-81e3-5084d8f8bd59&quot;,<br />

&quot;IsDefault&quot;: false<br />

}<br />

]<br />

}

So with all of these components this can enable us to horizontally scale our applications as we need to increase our capabilities.  This is one of the core components to a Scalable Solution. For additional learning I suggest you look into healthchecks and registering instances into a target group.  Of course you can also follow me on LinkedIn to be notified of our latest articles.

Regional Health System Engages GuideIT to Support Technological Transformation

July 19, 2018 — Plano, TX — GuideIT today announced that has been engaged to provide services in support of major technological transformation for a regional health system.

With many concurrent initiatives underway in support of its technology transformation goals, the health system engaged GuideIT to manage legacy applications support and execute a major server decommissioning program in support of a technology infrastructure modernization program.

“Executing major technology programs can stretch even the strongest of IT organizations,” said Chuck Lyles, CEO for GuideIT.  “Our success in meeting the requirements, budget and timelines on our prior engagements earned us the opportunity to continue supporting this important transformation.”

GuideIT provides the experience, proven processes and expertise necessary to successfully implement technological change.  Its result-focused approach to empowering business emphasizes delivering services that enable the creation of value, leveraging its broad expertise of technology executives and practitioners, and simplifying the complex while bringing the flexibility and creativity needed to succeed.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com.

AWS Systems Manager Parameter Store

At Entasis we help our customers understand and modify their technology stacks so that scaling is a function of cost not a function of technology.  However, when we look at scaling one of the largest problems is the consistency of an environment. When we are running 100 application nodes then the opportunity for one node to go sideways and start handling traffic differently is much higher than if we only have 2 application nodes.  So we work with our customers to help them abstract the configurations of their services from their code to enable their applications to auto-scale regardless of your hosting location. We are very familiar with public cloud, private cloud, multi-cloud and hybrid cloud. If you need help in this area please reach out to our team at sales@entasistech.com.

This article is part of our series on Scalable Solutions.  This article doesn’t require knowledge of the other articles however please check out our other articles – Amazon Route 53 Basics and AWS Certificate Manager.

Today we are going to look at one of the central components of AWS Systems Manager, and frankly, this is one of the easiest to implement.  The Parameter Store is a centralized location to store configuration data. This helps us to know how our applications are being configured across an entire fleet.  This allows us to avoid more brittle solutions such as file deployment, or shared file systems for configuration data. So let's dig in.

For the purposes of this article, we are going to use the CLI to handle all of our interactions with the Parameter Store.  Depending on your solution you will want to use the appropriate SDK to interact with the values in the parameter store. Additionally, you have the option of using another solution (there are a few out their or you can roll-your-own) that will load all of the values of the parameter store as environment variables, then the application can read its settings from the environment.

For details on Parameter Store: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html

Parameter Store Values

  • String – this is an unencrypted string.
  • StringList – this is an unencrypted list of strings.  This must be comma-separated with no spaces.
  • SecureString – this is an encrypted string.  This is encrypted with a KMS key if you use this your application is also going to need IAM permissions to use the defined key to decrypt items.

Recommendations:

  1. Always use SecureString, in my experience, it doesn’t add much complexity but it does provide the protection of having the data encrypted by default.  This provides additional protection in the case of “grey” data which isn’t definitely sensitive (credentials) but can be sensitive in the wrong hands (connection endpoints, ports, etc).
  2. Use isolated KMS keys for each application and/or environment.  If one application is compromised you don’t want it to be able to be used as a launch platform to other applications (imagine if you were able to pull down all configurations from all applications after compromising a single machine).
  3. Admin oversight is critical here you really need to look at what admins can do once you start solutioning for this, can your read-only admin decrypt the parameters in the parameter store for all of the different applications.  How do you secure this and ensure that there is no leakage.
  4. Credentials can be stored in Parameter Store if SecureString is the key used.  However, if you are using RDS (or other select AWS Services) Secrets Manager might be a better fit.  The line should be if Secrets Manager can rotate the credential then it is better to use Secrets Manager for that credential. Then you can use a shorter rotation window (database credentials rotated once a day as an example).  This limits the blast radius in the attempt of a compromise.
  5. Store all configurations in Parameter Store.  All of them. If you put anything in local configuration files then that opens you up for divergence.
  6. Use descriptions in your parameters.
  7. Also, don’t include Parameter Store calls in your workflow.  For example, if you have an API call that your workflow has to make then don’t perform a get-parameter for each invocation of that API.  Rather refresh the local values on service reload/refresh/restart, then log any problems and fail to start the service if necessary.

Writing a Parameter in the Parameter Store

This pattern will use the default key of alias/aws/ssm, you can use your own created key bypassing the –key option.  The output of these is simply the version number of the string created (always 1 if it is a new string).

$ aws ssm put-parameter --type [ String | StringList | SecureString ] --name [ name ] --value [ value ]

Now first we are going to create a parameter of the String type which is unencrypted.  We will call it “naked string” and it will have a value of “unencrypted string”.

PS&gt; aws ssm put-parameter --type String --name nakedstring --value unencryptedstring<br />

{<br />

&quot;Version&quot;: 1<br />

}

Next, we will create a parameter of the StringList type which is also unencrypted.  The big caveat with these are that your strings cannot contain any special punctuation as each string is separated by a comma.  If your string contains a comma you are better off using a String or SecureString and separating from a string into multiple strings with logic (or by having each string in their own parameter).  We will call this “nakedstringlist” and it will have a value of “unencryptedstring1,unencrpytedstring2”.

PS&gt; aws ssm put-parameter --type StringList --name nakedstringlist --value unencryptedstring1,unencryptedstring2<br />

{<br />

&quot;Version&quot;: 1<br />

}

Finally please forget the other two and just use this one.  This is an encrypted string (everyone say yay!) and it requires a little more work on the IAM side but the security it provides is definitely worth it, additionally, it also makes it a sane proposition to store credentials here.  We will call this “clothedstring” (since we are dressing it in encryption) and it will have a value of “encryptedstring”.

PS&gt; aws ssm put-parameter --type SecureString --name clothedstring --value encryptedstring<br />

{<br />

&quot;Version&quot;: 1<br />

}</p>

<p>&lt;strong&gt;Updating a Parameter in the Parameter Store&lt;/strong&gt;</p>

<p>Now no doubt at some point if you are using Parameter Store you will need to make a change to an existing parameter.  This is essentially the same process as above, we just need to tell it that we want it to overwrite the existing value.<br />

&lt;pre&gt;

 

$ aws ssm put-parameter --type [ String | StringList | SecureString ] --name [ name ]--value [ value ] --overwrite

This is simply going to update the parameter called "clothedstringlist" with the value of "updatedencryptedstring".

PS&gt; aws ssm put-parameter --type SecureString --name clothedstringlist --value updatedencryptedstring --overwrite<br />

{<br />

&quot;Version&quot;: 2<br />

}</p>

<p>Now we see the output of the version number indicating that this has been updated to a new version.</p>

<p>&lt;strong&gt;Reading a Parameter from Parameter Store&lt;/strong&gt;</p>

<p>So of course putting parameters in place is wonderful, however if we can't get them back then it is massively non-helpful.  So lets do that next.<br />

&lt;pre&gt;

 

$ aws ssm get-parameter --name [ name ]

Here we are going to retrieve our parameter called "nakedstring".

PS&gt; aws ssm get-parameter --name nakedstring<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;String&quot;,<br />

&quot;Name&quot;: &quot;nakedstring&quot;,<br />

&quot;Value&quot;: &quot;unencryptedstring&quot;<br />

}<br />

}

Next lets retrieve our parameter called "nakedstringlist".

PS&gt; aws ssm get-parameter --name nakedstringlist<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;StringList&quot;,<br />

&quot;Name&quot;: &quot;nakedstringlist&quot;,<br />

&quot;Value&quot;: &quot;unencryptedstring1,unencryptedstring2&quot;<br />

}<br />

}

Of course who can forget my personal favorite parameter called "clothedstring".

PS&gt; aws ssm get-parameter --name clothedstring<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 2,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;clothedstring&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAENa7JnNj6xxG+VDWrVw8JDAAAAdDByBgkqhkiG9w0BBwagZTBjAgEAMF4GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMOF4jFo0YR2cKU2xMAgEQgDFEmBYI8sWEIzSIJoLWU4xZBIMO/WNloQcIsVj7OPuk5VjqYxJJATyZYuUCgMeU3DUY&quot;<br />

}<br />

}

So of course if we retrieve an encrypted string then it must come back to us encrypted.  However that is not useful.

$ aws ssm get-parameter --name [ name ] --with-decryption

Lets pass it the option to also decrypt the parameter so we can use it.

PS&gt; aws ssm get-parameter --name clothedstring --with-decryption<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 2,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;clothedstring&quot;,<br />

&quot;Value&quot;: &quot;updatedencryptedstring&quot;<br />

}<br />

}

Now one other interesting thing to mention.  We have versioning on all of this, so lets say we want to go look at the previous version of the parameter.

PS&gt; aws ssm get-parameter --name clothedstring:1 --with-decryption<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;clothedstring&quot;,<br />

&quot;Value&quot;: &quot;encryptedstring&quot;<br />

}<br />

}

This versioning of course brings up an interesting point to ponder.  If we have a parameter that starts out as a String (unencrypted) with a value of "Password1234" and we then realize our mistake and update it to be a SecureString (encrypted) with the same value of "Password1234" our previous version is still stored in unencrypted form.  In this scenario I would encourage a few things...

  1. Change the password, not just because my example is a really bad password, but rather because it is now stored unencrypted in the cloud.
  2. If changing the password cannot be accomplished then a better approach would be to delete the parameter and recreate it as a new parameter that is encrypted.  This will enable you to make the changes in your app which have you so dependent on that password not changing.

Delete a Parameter from Parameter Store

So now to set ourselves up for the next phase of this article we are going to delete everything we created.

$ aws ssm delete-parameter --name [ name ]

Earlier we created and updated 3 different parameters called "nakedstring", "nakedstringlist" and "clothedstring" the delete-parameter does not actually return anything if it is successful so I am just going to give you them all at once since the explanation is not necessary.

PS&gt; aws ssm delete-parameter --name nakedstring<br />

PS&gt; aws ssm delete-parameter --name nakedstringlist<br />

PS&gt; aws ssm delete-parameter --name clothedstring

Now we no longer have those parameters.

Parameter Hierarchies

Parameters can be stored in a hierarchical fashion, doing so can make it easier to craft scalable IAM policies which will allow applications to only access their parameters and not other applications parameters.  For example /app1/param1, /app1/param2, /app2/param1, /app2/param2 we can create an IAM policy to allow read for /app2/* only and grant that policy to the role supporting app2, with a corresponding policy for /app1/*.

This helps us to secure our implementations from each other, however, it also makes it easier to code our applications to.  For example in the above non-hierarchical examples we would need to read a parameter for each and every configuration, now keeping in mind that these configurations can be anything from connection strings, to credentials, to memory settings, to whitelists, or anything in between it is not inconceivable for us to have 20 parameters per application.  Which means 20 calls, which means 20 delays (or opportunities for delays at least), when we utilize hierarchical parameters we can turn this into one call for all parameters at a given path. So the call can actually be something like /app1/* (or "give me all parameters having to do with app1").

We can further segment it by environment and tiers, so here is a rough example of a hierarchy for an application called "squirrelbox":

/squirrelbox/dev/database/readstring

writestring

/squirrelbox/dev/application/debug

maxmemory

/squirrelbox/dev/web/port

url

Creating our Squirrelbox Dev Environment

Let's create the parameters that I outlined above with some dummy data to demonstrate how this might work in practice.

PS&gt; aws ssm put-parameter --name &quot;/squirrelbox/dev/database/readstring&quot; --value &quot;ReadDatabaseConnectionString&quot; --type SecureString<br />

{<br />

&quot;Version&quot;: 1<br />

}<br />

PS&gt; aws ssm put-parameter --name &quot;/squirrelbox/dev/database/writestring&quot; --value&quot;WriteDatabaseConnectionString&quot; --type SecureString<br />

{<br />

&quot;Version&quot;: 1<br />

}<br />

PS&gt; aws ssm put-parameter --name &quot;/squirrelbox/dev/application/debug&quot; --value &quot;true&quot; --type SecureString<br />

{<br />

&quot;Version&quot;: 1<br />

}<br />

PS&gt; aws ssm put-parameter --name &quot;/squirrelbox/dev/application/maxmemory&quot; --value &quot;500M&quot; --type SecureString<br />

{<br />

&quot;Version&quot;: 1<br />

}<br />

PS&gt; aws ssm put-parameter --name &quot;/squirrelbox/dev/web/port&quot; --value &quot;8080&quot; --type SecureString<br />

{<br />

&quot;Version&quot;: 1<br />

}<br />

PS&gt; aws ssm put-parameter --name &quot;/squirrelbox/dev/web/url&quot; --value &quot;app.squirrelbox.io&quot; --type SecureString<br />

{<br />

&quot;Version&quot;: 1<br />

}

Now lets assume that we have three teams: DBA, APPDEV, and WEBDEV.  Now these teams are going to have different permissions for example perhaps the DBA's can read/write to the /squirrelbox/dev/database/* however they have no permissions elsewhere.  APPDEV's have read to /squirrelbox/dev/database/* and read/write to /squirrelbox/dev/application/* and no permissions elsewhere. WEBDEV's have read to /squirrelbox/dev/application/* (there would likely be a API endpoint parameter in there too that they would want to read) and they could read/write to /squirrelbox/dev/web/* with no permissions elsewhere.

 

Reading Parameters by Path from Parameter Store

Now let's take a look at a few different ways to collect our parameters by path.  This first example will only grab parameters that are under the path one level deep.

$ aws ssm get-parameters-by-path --path [ path ]

In our environment, this actually returns no parameters, since we have nested them deeper than that.

PS&gt; aws ssm get-parameters-by-path --path &quot;/squirrelbox/&quot;<br />

{<br />

&quot;Parameters&quot;: []<br />

}

If we add the recursive option this will give us all of them.

$ aws ssm get-parameters-by-path --path [ path ] --recursive

In an actual implementation IAM policies would determine what we see in the tree.

PS&gt; aws ssm get-parameters-by-path --path &quot;/squirrelbox/&quot; --recursive<br />

{<br />

&quot;Parameters&quot;: [<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/application/debug&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAHnlf92F7rVUYHWw+hiyd4WAAAAYjBgBgkqhkiG9w0BBwagUzBRAgEAMEwGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMe00Pz+/4yyVqtCUEAgEQgB82SyAFaxf2NC2m/RqOB4BI2Ug6+VsYX/sEmWovU7IZ&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/application/maxmemory&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAG7XidJjVTYL7xzz8sWxw3iAAAAYjBgBgkqhkiG9w0BBwagUzBRAgEAMEwGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMrt1iN9zqFLLwdzTyAgEQgB+fXMhRQJTgtMz5DDiQmjuN92xPAS9p4Ay0AEp78fmP&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/database/readstring&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAFAR2CpRSd7DJYMJs1+TD+bAAAAejB4BgkqhkiG9w0BBwagazBpAgEAMGQGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM9EZjxkJYZdRSPtHLAgEQgDdTEeHutrjQQH/S7cbTxjKF08XeIZPr+L5GtEuji9+njA/3subjWLJxlPTActjesYxmRrMAvmW5&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/database/writestring&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAGUJc6avKhbHFvdaYxTrALzAAAAezB5BgkqhkiG9w0BBwagbDBqAgEAMGUGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/gavBkD1mzK6jTfTAgEQgDipBXD5HiVn9ImrYhBm8fnJOpoULlpFcShWT0YkoTnYvRKbVgKt+UoJtXWqy0NVLKVbvvSxfTmn+w==&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/web/port&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAHuyyqfVhe0yTjYZn0sTcH3AAAAYjBgBgkqhkiG9w0BBwagUzBRAgEAMEwGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM1t2/dsd3Y3mbvUz3AgEQgB/ExDPrZ0Xc0gOT3I1DUOiK0Rny/WFi32DhYuo2otoC&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/web/url&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAH2X9/mCJqpdzelmbSV9DRfAAAAcDBuBgkqhkiG9w0BBwagYTBfAgEAMFoGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMOua5pSAK35Albf1jAgEQgC3tWc60afeByeKUQk20jBFwbLYzQ6GVzqtlVOhmLFNlU/6Tk6BUfjT0qQGj+30=&quot;<br />

}<br />

]<br />

}

So to see the unencrypted values we actually need to use the --with-decryption option like we did in our previous examples.

$ aws ssm get-parameters-by-path --path [ path ] --recursive --with-decryption

So lets take a look at what the DBA team would see.

PS&gt; aws ssm get-parameters-by-path --path &quot;/squirrelbox/dev/database/&quot; --recursive --with-decryption<br />

{<br />

&quot;Parameters&quot;: [<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/database/readstring&quot;,<br />

&quot;Value&quot;: &quot;ReadDatabaseConnectionString&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/database/writestring&quot;,<br />

&quot;Value&quot;: &quot;WriteDatabaseConnectionString&quot;<br />

}<br />

]<br />

}

The APPDEV team would see the following.

PS&gt; aws ssm get-parameters-by-path --path &quot;/squirrelbox/dev/application/&quot; --recursive --with-decryption<br />

{<br />

&quot;Parameters&quot;: [<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/application/debug&quot;,<br />

&quot;Value&quot;: &quot;true&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/application/maxmemory&quot;,<br />

&quot;Value&quot;: &quot;500M&quot;<br />

}<br />

]<br />

}

Finally the WEBDEV team would see the following.

PS&gt; aws ssm get-parameters-by-path --path &quot;/squirrelbox/dev/web/&quot; --recursive --with-decryption<br />

{<br />

&quot;Parameters&quot;: [<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/web/port&quot;,<br />

&quot;Value&quot;: &quot;8080&quot;<br />

},<br />

{<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;/squirrelbox/dev/web/url&quot;,<br />

&quot;Value&quot;: &quot;app.squirrelbox.io&quot;<br />

}<br />

]<br />

}

If you use the Parameter Store to store all of your configurations for your applications it enables you to have a very resilient system that stays consistent across many nodes.  In the event of configuration changes these changes can be deployed wide very quickly with a rolling restart of services to maintain up time.

If your organization needs help making your applications more elastic by nature, resilient in design, and performance on demand please send me an email sales@entasistech.com architecting scalable solutions is what we do.

Advocare and GuideIT Enter Strategic IT Relationship

July 12, 2018 — Marlton, NJ and Plano, TX — Advocare, LLC a leading multispecialty practice with nearly 600 providers across 181 locations, in New Jersey and Pennsylvania, representing pediatrics, adult primary care, and specialty practices and GuideIT, a market leader in redefining the delivery of information technology, today announced a strategic IT relationship focused on supporting a new Electronic Health Record implementation.

In support of its vision to deliver the highest quality and cost-effective care, Advocare launched a strategic IT transformation project in early 2017.  The objective is to implement a best-in-class Electronic Health Record and the supporting organizational transformation initiatives.

Guide IT was initially engaged to advise Advocare on its separation from its current IT provider and to support the procurement of a new Electronic Health Record system.  GuideIT’s services have expanded to lead this project for Advocare.

“We are committed to providing the highest quality healthcare to the communities we serve”, said Howard Orel, MD, President and CEO for Advocare.  “With technology playing an increasingly important role in patient care, our investment in technology is also an investment in our patients.  We are excited to have GuideIT as our strategic IT partner.  They inspire confidence by being results-oriented, exhibiting a straightforward approach, and demonstrating the expertise needed to make this technology transformation a success.”

Chuck Lyles, CEO for GuideIT said, “Advocare has an inspiring vision for the strategic role technology can play in healthcare.  Our team is dedicated to the mission of healthcare providers.  We developed the clinical, technological and business expertise and supporting processes necessary to power initiatives like Advocare is undertaking.  We are excited to play a role in this important transformation of an already successful healthcare practice.”

About Advocare

Advocare, LLC (“Advocare”) is a physician-owned and physician governed multi-specialty medical group operating in New Jersey and the greater Philadelphia metropolitan region. Founded in 1998 as an alliance of 26 pediatricians in southern New Jersey, Advocare has grown to become widely recognized and highly respected as one of the region’s largest, independent, multi-specialty physician groups. With nearly 600 providers, Advocare serves approximately 590,000 patients at nearly 200 locations throughout New Jersey and Pennsylvania. Advocare physicians are regularly recognized among the region’s top doctors by New Jersey and Pennsylvania by both patients and consumer magazines.  https://www.advocaredoctors.com/

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

AWS Certificate Manager

Today we are going to take a look at another one of my favorite services.  AWS Certificate Manager. In this exploration we are going to be interacting with JSON which Powershell makes more difficult then it ought to.  So please keep in mind that if you are using the AWS CLI on bash or cygwin or similar your mileage will vary (especially where it comes to parsing and generating JSON).  Our goal is to be able to walk all the way through the certificate issuance process, including validation.

This process includes some changes to DNS so if you are using Route 53 please refer back to our previous article in this series on Scalable Solutions – Amazon Route 53 Basics.

Before we dive in lets talk about why AWS Certificate Manager.  The primary reason for ACM is that it allows us to no longer worry about certificate expiration, which is a huge benefit.  Now, this is a huge benefit which actually causes a significant downside at the same time. The biggest drawback to ACM is that we can only deploy these certs to AWS controlled resources which are exclusively managed by AWS, such as Elastic Load Balancers, Cloudfront Distributions, and API Gateways.  Since they control the infrastructure they can seamlessly issue and replace certificates as needed, thus no expiration headaches.

Requesting a Certificate

Now like any certificate infrastructure you will need to request a certificate.  Remember that when you are issuing certs you must account for all domain names that will be used when accessing the site or you will receive browser errors.

$ aws acm request-certificate --domain-name [ domain-name ] --validation-method [ EMAIL | DNS ] --subject-alternative-names [ domain-name1 domain-name2 ] --domain-validation-options DomainName=[ url ],ValidationDomain=[ domain ]

Here we are bringing up a new server named monkey.itfromallangles.com which will require a certificate to serve HTTPS traffic.  We don’t have any alternative names, also we have specified some domain-validation-options, these are only necessary for EMAIL based validation methods.

PS&gt; aws acm request-certificate --domain-name monkey.itfromallangles.com --validation-method DNS --domain-validation-options DomainName=monkey.itfromallangles.com,ValidationDomain=itfromallangles.com<br />

{<br />

&quot;CertificateArn&quot;: &quot;arn:aws:acm:us-east-1:112233445566:certificate/612c35e2-f8b5-49ac-8f20-246e851c0659&quot;<br />

}

Now pay attention to the certificate arn, this will be needed later.

Describing a Certificate

Now lets take a look at the certificate we created earlier.  Notice that the ValidationStatus is PENDING_VALIDATION and the element below that which indicates the ResourceRecord which the validation engine will be checking for.  You can manually create this in your DNS zone.

PS&gt; aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:112233445566:certificate/612c35e2-f8b5-49ac-8f20-246e851c0659<br />

{<br />

&quot;Certificate&quot;: {<br />

&quot;CertificateArn&quot;: &quot;arn:aws:acm:us-east-1:112233445566:certificate/612c35e2-f8b5-49ac-8f20-246e851c0659&quot;,<br />

&quot;Status&quot;: &quot;PENDING_VALIDATION&quot;,<br />

&quot;SubjectAlternativeNames&quot;: [<br />

&quot;monkey.itfromallangles.com&quot;<br />

],<br />

&quot;DomainName&quot;: &quot;monkey.itfromallangles.com&quot;,<br />

&quot;InUseBy&quot;: [],<br />

&quot;KeyUsages&quot;: [],<br />

&quot;DomainValidationOptions&quot;: [<br />

{<br />

&quot;ValidationStatus&quot;: &quot;PENDING_VALIDATION&quot;,<br />

&quot;ResourceRecord&quot;: {<br />

&quot;Type&quot;: &quot;CNAME&quot;,<br />

&quot;Name&quot;: &quot;_b10e7b9a64be4d8215455f6d73369fd4.monkey.itfromallangles.com.&quot;,<br />

&quot;Value&quot;: &quot;_faabe6071c86f5d4357ea668e9b0105b.acm-validations.aws.&quot;<br />

},<br />

&quot;ValidationMethod&quot;: &quot;DNS&quot;,<br />

&quot;DomainName&quot;: &quot;monkey.itfromallangles.com&quot;<br />

}<br />

],<br />

&quot;KeyAlgorithm&quot;: &quot;RSA-2048&quot;,<br />

&quot;SignatureAlgorithm&quot;: &quot;SHA256WITHRSA&quot;,<br />

&quot;Type&quot;: &quot;AMAZON_ISSUED&quot;,<br />

&quot;ExtendedKeyUsages&quot;: [],<br />

&quot;CreatedAt&quot;: 1530283403.0,<br />

&quot;Subject&quot;: &quot;CN=monkey.itfromallangles.com&quot;<br />

}<br />

}

 

Retrieve Validation Record Details from ACM

Here we are going to retrieve the record details for easier creation of the record.

PS&gt; $record = (aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:112233445566:certificate/612c35e2-f8b5-49ac-8f20-246e851c0659 | ConvertFrom-Json).Certificate.DomainValidationOptions.ResourceRecord

Lets take a look at what we have.

PS&gt; $record.name<br />

_b10e7b9a64be4d8215455f6d73369fd4.monkey.itfromallangles.com.<br />

PS&gt; $record.value<br />

_faabe6071c86f5d4357ea668e9b0105b.acm-validations.aws.<br />

PS&gt; $record.type<br />

CNAME

We will use these in the next section.

Build Change Set for Validation Record

Here we are going to create a temporary file in your TEMP directory that will create the record you need to see.

PS&gt; @{<br />

Changes = @(<br />

@{<br />

Action = 'UPSERT'<br />

ResourceRecordSet = @{<br />

Name = $record.Name<br />

Type = $record.Type<br />

TTL = 300<br />

ResourceRecords = @(<br />

@{<br />

Value = $record.Value<br />

}<br />

)<br />

}<br />

})<br />

} | ConvertTo-Json -Depth 5 -Compress | Out-File $env:TEMP\route53change.json -Encoding ASCII

This is really where Powershell does the opposite of shining, the hoops you have to jump through to make this JSON usable is ridiculous.

Create Change Resource Record Sets Request in Route 53

The command below takes the file that we have created and applies it against the hosted zone which matches itfromallangles.com

PS&gt; aws route53 change-resource-record-sets --hosted-zone-id ((aws route53 list-hosted-zones | ConvertFrom-Json).&quot;HostedZones&quot; | where { $_.Name -eq &quot;itfromallangles.com.&quot; }).Id --change-batch file://$env:TEMP\route53change.json<br />

{<br />

&quot;ChangeInfo&quot;: {<br />

&quot;Status&quot;: &quot;PENDING&quot;,<br />

&quot;SubmittedAt&quot;: &quot;2018-06-29T17:08:12.448Z&quot;,<br />

&quot;Id&quot;: &quot;/change/C1QOL63X6O24IZ&quot;<br />

}<br />

}

We will need the change id to check the status of the zone update.  As we can see above it is PENDING.

Check Change Status

This allows us to check the status of a given changeset.

PS&gt; aws route53 get-change --id C1QOL63X6O24IZ<br />

{<br />

&quot;ChangeInfo&quot;: {<br />

&quot;Status&quot;: &quot;INSYNC&quot;,<br />

&quot;SubmittedAt&quot;: &quot;2018-06-29T17:08:12.448Z&quot;,<br />

&quot;Id&quot;: &quot;/change/C1QOL63X6O24IZ&quot;<br />

}<br />

}

We are looking for it to say INSYNC.

Check Certificate Status

Now that we have DNS updated we can check the certificate’s validation status.

PS&gt; (aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:112233445566:certificate/612c35e2-f8b5-49ac-8f20-246e851c0659 | ConvertFrom-Json).Certificate.DomainValidationOptions.ValidationStatus<br />

PENDING_VALIDATION

Not yet, lets give it some more time.

PS&gt; (aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:112233445566:certificate/612c35e2-f8b5-49ac-8f20-246e851c0659 | ConvertFrom-Json).Certificate.DomainValidationOptions.ValidationStatus<br />

SUCCESS

SUCCESS that is what we were waiting for, this certificate can now be associated with our resources.

Amazon Route 53 Basics

This post will kick off a series on Scalable Solutions.  Entasis uses a strong architectural emphasis in our AWS Solutions Group to deliver solutions that are Elastic by nature, Resilient in design, with Performance on demand.  These are the three pillars of Scalable Solutions. In this series, we will be going through some of the architectural components and decisions which allow us to design and deliver all three of these pillars in our solutions.

Today we will be discussing interacting with Route 53 from a basic level.  Route 53 has many advanced components such as failover records, weighted records, geolocated records and aliases.  These will be covered in a later article.

Later in the series, we will also cover Amazon Certificate Manager, Elastic Load Balancer (application), and AWS System Manager (Parameter Store).

Whenever interacting with Route 53 records we are forced to use JSON to make changes, which can complicate the process if you are using the AWS CLI on Powershell as I am.  Your mileage will vary if you are using bash or cygwin to use the AWS CLI.

Check Change Status

Everything that we do in Route 53 gets submitted as a change that can then be monitored.  Though we haven’t actually covered any changes this is really the critical thing to understand, so we will cover it first, feel free to refer back to this as needed.

PS&gt; aws route53 get-change --id C2UR6HOGT6QLD8<br />

{<br />

&quot;ChangeInfo&quot;: {<br />

&quot;Status&quot;: &quot;INSYNC&quot;,<br />

&quot;SubmittedAt&quot;: &quot;2018-06-29T19:29:41.148Z&quot;,<br />

&quot;Id&quot;: &quot;/change/C2UR6HOGT6QLD8&quot;<br />

}<br />

}

The Status of INSYNC indicates that the change has been rolled out across the environment, PENDING indicates that the change is still being rolled out across the environment.

Create Hosted Zone

One of the basic functions of Route 53 is to create a hosted zone.  The one tricky component here is the caller-reference which is required, this just needs to be a unique string, here we are using Get-Date for a timestamp.

PS&gt; aws create-hosted-zone --name squirrelbox.io --caller-reference (Get-Date)<br />

{<br />

&quot;HostedZone&quot;: {<br />

&quot;ResourceRecordSetCount&quot;: 2,<br />

&quot;CallerReference&quot;: &quot;06/29/2018 14:23:54&quot;,<br />

&quot;Config&quot;: {<br />

&quot;PrivateZone&quot;: false<br />

},<br />

&quot;Id&quot;: &quot;/hostedzone/Z1XXXXXXXXXF2&quot;,<br />

&quot;Name&quot;: &quot;squirrelbox.io.&quot;<br />

},<br />

&quot;DelegationSet&quot;: {<br />

&quot;NameServers&quot;: [<br />

&quot;ns-1826.awsdns-36.co.uk&quot;,<br />

&quot;ns-714.awsdns-25.net&quot;,<br />

&quot;ns-1417.awsdns-49.org&quot;,<br />

&quot;ns-248.awsdns-31.com&quot;<br />

]<br />

},<br />

&quot;Location&quot;: &quot;https://route53.amazonaws.com/2013-04-01/hostedzone/Z1XXXXXXXXXF2&quot;,<br />

&quot;ChangeInfo&quot;: {<br />

&quot;Status&quot;: &quot;PENDING&quot;,<br />

&quot;SubmittedAt&quot;: &quot;2018-06-29T19:23:55.689Z&quot;,<br />

&quot;Id&quot;: &quot;/change/C30WD325YLHTWA&quot;<br />

}<br />

}

You can then check the status of the change created.

Get Hosted Zone ID with Zone Name

In order to interact with Route 53 we are going to need to have the zone id.  This snippet is a simple way to get the zone id based off of the domain name.

PS&gt; (aws route53 list-hosted-zones | ConvertFrom-Json).&quot;HostedZones&quot; | where { $_.Name -eq &quot;itfromallangles.com.&quot; }</p>

<p>ResourceRecordSetCount : 19<br />

CallerReference : B08E4F7D-A48E-7938-ADF0-1DCD08D96B9E<br />

Config : @{Comment=Zone Comments Here; PrivateZone=False}<br />

Id : /hostedzone/ZKXXXXXXXXX0S<br />

Name : itfromallangles.com.

Here we see the zone id, whenever you interact with a zone it is by zone id.  You will need to know how to get this id.

Get Hosted Zone Details with Zone Name

This command is really a shortcut demonstration of using a single command to pull the zone id based on the zone name and then use that inline in another command (in this case it is get-hosted-zone).

PS&gt; aws route53 get-hosted-zone --id ((aws route53 list-hosted-zones | ConvertFrom-Json).&quot;HostedZones&quot; | where { $_.Name -eq &quot;itfromallangles.com.&quot; }).Id<br />

{<br />

&quot;HostedZone&quot;: {<br />

&quot;ResourceRecordSetCount&quot;: 17,<br />

&quot;CallerReference&quot;: &quot;B08E4F7D-A48E-7938-ADF0-1DCD08D96B9E&quot;,<br />

&quot;Config&quot;: {<br />

&quot;Comment&quot;: &quot;Zone Comments Here&quot;,<br />

&quot;PrivateZone&quot;: false<br />

},<br />

&quot;Id&quot;: &quot;/hostedzone/ZKXXXXXXXXX0S&quot;,<br />

&quot;Name&quot;: &quot;itfromallangles.com.&quot;<br />

},<br />

&quot;DelegationSet&quot;: {<br />

&quot;NameServers&quot;: [<br />

&quot;ns-994.awsdns-60.net&quot;,<br />

&quot;ns-1380.awsdns-44.org&quot;,<br />

&quot;ns-325.awsdns-40.com&quot;,<br />

&quot;ns-1604.awsdns-08.co.uk&quot;<br />

]<br />

}<br />

}

Understand what we have done above and this will save you a ton of time on the CLI interacting with Route 53.

Delete Hosted Zone with Zone Name

Now let's delete a hosted zone.

PS&gt; aws route53 delete-hosted-zone --id ((aws route53 list-hosted-zones | ConvertFrom-Json).&quot;HostedZones&quot; | where { $_.Name -eq &quot;squirrelbox.io.&quot; }).Id { &quot;ChangeInfo&quot;: { &quot;Status&quot;: &quot;PENDING&quot;, &quot;SubmittedAt&quot;: &quot;2018-06-29T19:29:41.148Z&quot;, &quot;Id&quot;: &quot;/change/C2UR6HOGT6QLD8&quot; } }

You can then check the status of the change created.

Build Change Set for Validation Record

Now we are going to start updating or creating zones.

Here is where Powershell starts to make our lives difficult.  Powershell doesn’t directly interact with JSON so we have to build the JSON as a series of hash tables and arrays and then convert that into valid JSON.  To simplify this process I use a hash table to make editing it easier from change to change. Notice the name, I have found two scenarios which will work.  The first is monkey.itfromallangles.com (fully qualified, with no period), the second is monkey.itfromallangles.com. (fully qualified, with a period). If you try and do “monkey” then it will not work as it will see it as a fully qualified name of monkey. (with a period) which wouldn’t be a valid record in itfromallangles.com.

$record = @{ Name = 'monkey.itfromallangles.com.'; Value = '1.1.1.1'; Type = 'A' }

Now lets validate our hashtable.

$record</p>

<p>Name Value<br />

---- -----<br />

Type A<br />

Name monkey.itfromallangles.com.<br />

Value 1.1.1.1

Now lets look at the individual entries.

PS&gt; $record.Name<br />

monkey.itfromallangles.com.<br />

PS&gt; $record.Type<br />

A<br />

PS&gt; $record.Value<br />

1.1.1.1

Next we are going to populate the change set.  We are using the UPSERT action which is an INSERT or UPDATE if necessary.

PS&gt; @{<br />

Changes = @(<br />

@{<br />

Action = 'UPSERT'<br />

ResourceRecordSet = @{<br />

Name = $record.Name<br />

Type = $record.Type<br />

TTL = 300<br />

ResourceRecords = @(<br />

@{<br />

Value = $record.Value<br />

}<br />

)<br />

}<br />

})<br />

} | ConvertTo-Json -Depth 5 -Compress | Out-File $env:TEMP\route53change.json -Encoding ASCII

This will create a JSON file which we will use to change the record in the zone.

Create Change Resource Record Sets Request

Here we will lookup the zone id based off of the zone name.  Then request the change for that zone.

PS&gt; aws route53 change-resource-record-sets --hosted-zone-id ((aws route53 list-hosted-zones | ConvertFrom-Json).&quot;HostedZones&quot; | where { $_.Name -eq &quot;itfromallangles.com.&quot; }).Id --change-batch file://$env:TEMP\route53change.json<br />

{<br />

&quot;ChangeInfo&quot;: {<br />

&quot;Status&quot;: &quot;PENDING&quot;,<br />

&quot;SubmittedAt&quot;: &quot;2018-06-29T18:37:47.352Z&quot;,<br />

&quot;Id&quot;: &quot;/change/CR7IMAZ69UJEO&quot;<br />

}<br />

}

We now have a change id which we can use to monitor the status of the change roll out.

Conclusion

Route 53 is a very effective DNS product which allows you to build complex automation into your solutions, in a later article we will discuss some more complicated Route 53 operations such as domain registration, as well as the more complicated record sets such as failover, weighted and alias records.  Using these components properly in your architecture will add a significant amount of resiliency and self-healing to your deployments.

If you would like to talk about your specific use-case we would love to help.  Please email us at sales@entasistech.com.

Provider of Life and Supplemental Health Insurance Leverages GuideIT’s Consulting Services to Achieve Critical IT Objectives

June 7, 2018 — Plano, TX — GuideIT today announced that it has been engaged to provide consulting services for a provider of Life and Supplemental Health insurance.  The new contracts represent continuation of a three-year IT services relationship.

With its IT function undergoing significant change, GuideIT was engaged to provide project management oversight for critical projects, while its technology consultants will work with the provider to deploy and then enhance a new IT Service Management system, including deploying a self-service portal to enhance the end user experience.

“We look forward to continuing to contribute to an important IT transformation,” said Chuck Lyles, CEO for GuideIT.  “Implementing large-scale change requires both strategic and tactical expertise.  We are excited to bring both to a customer we have worked with for several years.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Global Travel and Leisure Business Extends and Expands Multi-Year Relationship with GuideIT

May 22, 2018 — Plano, TX — GuideIT today announced that it extended and expanded a multi-year consulting relationship with a global provider of travel services.

For three years, GuideIT has provided management and technology consulting services in support of the provider’s business transformation.  GuideIT’s management consultants have led the sourcing of key technology functions and architected a business management structure to support the customer engagement strategy, and provided program and project management leadership in the transition of functions.  Its technology consultants have engaged in IT infrastructure, cyber security, and data and voice network matters in support of its technology strategy.  The relationship is now extended into its fourth year.

“We are excited for the opportunity to continue contributing to the advancement of our customer’s business,” said Chuck Lyles, CEO for GuideIT.  “Our consulting offerings span from advisory to implementation, enabling us to contribute tangible and measurable results that enable the creation of value.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Biosciences Firm Fortifies Information Security Through GuideIT GITSecure

March 6, 2018 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced it has signed a new contract to provide endpoint security management services to a leading biosciences firm.

Having established a strategy to further strengthen its information security approach, GuideIT was engaged to provide consulting and ongoing operational services.  GuideIT will provide specialized technical expertise needed to implement the enhanced strategy.  GuideIT will also deploy its endpoint management solution, which:

  • Centralizes and automates endpoint cyber protection
  • Detects and corrects cyber threats through a proactive approach
  • Delivers and manages antivirus, antimalware protection, and endpoint encryption
  • Provides the visibility necessary to manage the endpoint environment, while establishing the mechanisms to manage software license compliance.

“Proactively addressing cyber threats has become a corporate imperative and integral part of any business strategy,” said Chuck Lyles, CEO for GuideIT.  “We bring a straightforward and configurable approach to fortifying a business from cyber threats.”

GITSecure, a blend of consulting and managed services, is designed for protecting data, systems and people from cyber threats through prevention, mitigation and remediation.  GuideIT’s approach is to mitigate security and compliance risks by deploying customizable essential and advanced strategies leveraging the right expertise and technology to combat growing cyber threats.  The scalability makes GITSecure an effective, cost-conscious solution for both large and small-to-midsize organizations.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Leading Eyecare Services Company to Realize Acquisition Consolidation Benefits Through GuideIT

February 27, 2018 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, today announced it has signed a new services agreement to support a wide range of information technology services spanning growth and consolidation initiatives for a leading provider of eye care services.

As one of the fastest growing providers of eye care services for ophthalmologic and optometric practices as well as ambulatory surgery centers, IT consolidation and standardization, cost optimization, and the rapid assimilation of acquired businesses are strategic enablers.  GuideIT will provide advisory and implementation-based consulting services that result in the consolidation, standardization, and integration of IT operations across the enterprise.  GuideIT will inventory all site locations to support the broader acquisition and integration initiatives.  To further support these growth objectives, GuideIT will rapidly establish a service desk to allow each of the field operations locations have access to IT support that creates an exceptional end-user experience.

“Building a dynamic, business-enabling IT function is essential to rapid and efficient growth,” said Chuck Lyles, CEO for GuideIT. “Working together, we established a joint vision for long-term success.  This vision, when combined with GuideIT’s healthcare experience, process expertise, and ability to rapidly mobilize resources to meet a customer’s need will result in the acceleration of tangible business value.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Intranets on the O365 and Azure Platforms

Introduction

As more organizations move to Microsoft’s Office 365 platform, new conversations are occurring around how to best leverage the investment beyond the messaging, file storage, and desktop productivity applications that comprise the core of the offering.  For example, organizations that might never have had an Intranet before are deploying new file sharing and collaboration team sites using that tired and true workhorse SharePoint.  But while SharePoint offers a nice foundation, many find their success with the platform is limited to what they can do via simple application configuration.

GuideIT was no different.  When we launched our company, our Intranet (“MyGuide”) was 100% SharePoint.  While the approach was sufficient for our early needs, we soon realized that we lacked the data integration and custom application development capabilities we’d come to expect from an Intranet.  We then faced a decision – build on what we have or switch to one of the many “intranet in a box” products on the market?  While many of these stand-alone offerings are robust, what we kept coming back to was why would we incur additional expense, and potentially a different security model for access, when we could leverage our existing investment and augment it with applications development expertise on an applications development platform that integrates seamlessly with Office 365.

Enter Azure

Azure offered us a “blank canvas” for application development and data integration.  For our new Intranet, the home page is a custom C# MVC application hosted in an Azure App Service with an Azure database.  Department content is still hosted in SharePoint so the top navigation links point to each department’s SharePoint site, but now we are no longer limited by the traditional SharePoint constraints on the rest of the page:

  • In the left column, the “Team Member Search” and “Team Member Spotlight” combine data from ExponentHR and Azure Active Directory.
  • In the right column, we built a custom news component that combines Yammer, our public news feed, and internal application warnings into a single list.

For security, we integrated with the Azure Active Directory.  This approach lets people use their same credentials to login to both MyGuide and SharePoint.  On top of Azure Active Directory, we created a reusable security module that lets the security for our custom applications be administered on one page.  With the custom application landing page in place and this custom security component, we had the foundation to begin adding more custom applications.

“Azure App Service” is Microsoft’s platform-as-a-service offering.  It gives us a place to host our web applications without having to support a virtual machine. The various App Service plans give different CPU and memory options like a regular VM offering.  The plans also have built-in options to increase your application’s up-time by automatically managing a web farm.  Your code is automatically deployed to the pool of servers.  Requests are then load balanced across the pool to compensate for both planned and unplanned downtime.

Results

Our approach yielded exactly the results we’d hoped:  A resource for our team members with ubiquitous access, custom developed applications, external data integration, and in selected instances the structure of SharePoint sites.  Let’s look at a few examples of custom developed applications and data integration we’ve deployed to our leaders and team members, ensuring contract compliance is a critical facet of

1.     Maintaining the trust of our customers.  While our day-to-day approach to customer relationships is usually “if you have to pull out the contract, you probably have a problem”, we can’t lose sight of those obligations either.  So rather than being tied to a spreadsheet, we built a custom application for our customer executives to enter their contractual deliverables and obligations – with due dates, frequency etc.  Far from being a simple repository, the application sends reminder emails to leaders as obligation due dates approach.  And should an obligation not be marked as complete in a timely fashion, the application sends escalation emails to business unit leaders, and eventually our CEO.  As you can imagine, a great motivator!  Aside from the benefit to our own business, one of our customers for whom we are building a similar intranet saw the application and immediately asked us to deploy something similar for them.

2.     Being in the services business it’s important for our leaders to have clear visibility into time tracking data.  Our cloud-based HR/Time Tracking system meets our data entry needs, but at times reporting and analytics is lacking.  We import the data nightly, and each leader has browser-based reporting and drill down by time-period, project, team member, cost center etc.

3.     Monitoring annual compliance training is another example of this integration at work.  Each night we import data from Skillsoft, our SaaS based training and development vendor.  For team members who have not yet completed their required annual training, they see a personalized message reminding them of their outstanding obligation.  Leaders see a similar message for those team members in their organization.  Rather than waiting for periodic compliance reports from HR, we’ve seen a notable increase in compliance with the deadline due in large part to the increased visibility this tool provides.

Other custom developed functionality we’ve deployed include:

  • A custom team member directory with photos and individual bios
  • Compliance with team member twice-annual performance counseling
  • A security module for point and click access to various data and applications across MyGuide
  • A monitoring status page for the twelve different data feeds coming in and out of MyGuide; Green is good and a red status indicates an exception with the error details
  • Import of company news and press releases from our external website
  • Yammer integration for internal social media

Conclusion

Intranets have been around for over 20 years now, so you might ask “what’s the big deal?”  For us the disruptive event that is driving this opportunity is the evolution of Office 365 from its early stages of moving Exchange to the cloud, to its recent and ongoing maturity as an ecosystem of collaboration, storage, and security.  Microsoft is clearly incented to continue to drive value for those who’ve chosen to invest in Office 365, and you see that in the ongoing maturity of the “product”.  As mentioned, the icing on the cake comes from the Azure “blank canvas” for application development and data integration.

The result is a powerful combination that organizations of almost any size, with the right internal applications development talent, or who choose the right partner, can benefit from.  We’ve found that you’re truly limited only by your own organizational imagination about how this solution can drive change and efficiency in your business.

At GuideIT we’re excited about helping our customers drive the same type of value from this solution that we’ve enjoyed.  We take what we’ve built, deploy it for our customers, and then the real fun begins with customer-specific customizations and new tools designed to meet their specific requirements.  Ongoing support requirements are nominal, leaving organizations in complete control of how much or how little they want to invest in future enhancements. If you like to hear more and see some examples first-hand, we’d love to hear from you!

About the Authors

Mark Johnsonis an IT services executive with more than 25 years of operations, sales and business development experience.  Through an engaging style, he builds sustainable and mutually beneficial services relationships that deliver results.  Mark leads both the commercial business unit for GuideIT and the company’s application development solution group.
David Longis a senior applications developer specializing in the Microsoft technology stack.  He recently earned the “Microsoft Certified Solutions Expert: Cloud Platform and Infrastructure” certification.

 

 

Legacy Texas Bank and GuideIT Sign Strategic IT Service Contract

Relationship Designed to Support the Bank’s Growth and Efficiency Objectives

February 6, 2018 – Plano, TX – LegacyTexas Bank and GuideIT, LLC today announced they have signed a five-year IT services contract.

With a focus on operational quality and efficiency, and in support of the bank’s growth initiatives, GuideIT will utilize its expertise, best-in-class processes and progressive technology management solutions to supplement the bank’s technology delivery platforms while providing responsive end-user support to the bank’s branch and corporate staff.  Select IT professionals from the LegacyTexas team joined GuideIT as a result of this agreement.

“We were searching for a partner to drive efficiency, scalability and quality while supporting our growth aspirations,” said Kevin J. Hanigan, President and CEO of LegacyTexas. “We chose GuideIT because of its fresh approach, track record of delivery, high standards of customer service and commitment to helping us achieve our business goals.  Our two Texas-based companies share a local commitment and an emphasis on excellence in the services we provide.”

“We are excited to be partnering with LegacyTexas to provide technology services that will support their growth and efficiency objectives,” said Chuck Lyles CEO for GuideIT. “We enable customers to focus on their core competencies by providing high-quality, scalable and efficient managed services.  We are committed to helping LegacyTexas achieve their business objectives and continue building upon their distinguished record of success.”

About LegacyTexas Bank

LegacyTexas Financial Group, Inc. (NASDAQ: LTXB) is the holding company for LegacyTexas Bank, a commercially oriented community bank based in Plano, Texas. LegacyTexas operates 44 banking offices in the DFW Metroplex and surrounding counties. For more information, visit www.LegacyTexas.com

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us www.guideit.com.

 

Media Contact

James Fuller

Phone: 214-613-0028

Email: James.Fuller@hkstrategies.com

Enabling Alternative Pricing Models for Services

Pricing mechanisms for IT services contracts evolve as the business environment, nature of the services, and the underlying technologies change.  Many times, the pricing for IT managed services arrangements follows the underlying cost driver.  Consequently, technology infrastructure services are priced, either explicitly or implicitly, based on the utilization of capacity and the team necessary to support the environment.  Customer care organizations are typically aligned to the quantity of contacts because of the correlation to the number of agents.  Capacity-based services utilize unit rates that factor hardware, software, telecommunications and support.  In a world of increasing technological complexity, can pricing models that align a service to the economics and objectives of customer’s business be accomplished in a mutually beneficial and risk balanced manner?  The answer is yes, but it requires careful planning and long-term alignment to ensure the pricing mechanism begins and remains effective for both parties.  This planning and alignment, while requiring more effort, however, does not have to be a barrier to agility.

There are many stories highlighting where two organizations entered into a services contract based on an alternative and innovative pricing mechanism and the outcome was quite different than expected.  While it appears that one organization wins and one loses when this happens, in common practice both organizations suffer because the most healthy, responsive and beneficial relationships are based on mutual effectiveness.  What are they key steps to moving away from consumption pricing and developing an effective alternative-pricing model?

  • Vision – there is a clear vision for how the IT organization fits into the business strategy, including how IT is affected by changes to strategy and the effect of business initiatives such as new systems.
  • Sourcing Approach – because of the disclosure and collaboration required in many instances to develop an effective, sustainable mechanism, alternative pricing models work best in a non-competitive sourcing and collaborative process.
  • Data Analysis & Modeling – most models are linear and align pricing to consumption.  With an alternative pricing model, there are multiple degrees of freedom, which can require greater modeling or statistical analysis of potential variance to ensure it works under multiple circumstances.
  • Structure – the pricing structure should not only detail the mechanism, but the process by which variances to the assumptions are handled.
  • Managed Evolution – businesses are dynamic and technology is ever changing so maintaining a mutually effective relationship based on trust is important to managing change.  Win-lose situations reduce agility, responsiveness and innovation, while win-win relationships enhance those factors.

Case in point; a rapidly growing company made fixed investments in information technology, but they were not realizing expected productivity gains as the business grew.  One of their objectives for engaging a service provider was to align their IT cost to revenue in a way that secured targeted efficiency levels over a reasonable span of business growth as their strategy was executed.  The vision was clear.  The sourcing method was collaborative and sole source; with a much more open book approach than the typical IT consumption-based managed services risk-shift approach.  The more components in the pricing chain, the more potential variance that must be considered to ensure mutual success.  Understanding key drivers of the business plan and its effect on IT operations was necessary to analyze the cost structure, model cost behavior, understand the correlation of cost to revenue and develop a pricing method.  While there was greater complexity than a normal consumption-based structure, the vision, disclosure and collaborative discussion allowed for the process to be completed in a short time frame.

Did it work?  The business continued to grow rapidly and IT as a percent of revenue decreased as expected.  Both parties were succeeding and happy.  They were working together on new initiatives.  That is when a change to strategy, the nature of which was unforeseen at the time the structure was crafted, created a potential imbalance.  One of the new forms of business growth, launched after the contract, had a significantly reduced IT need as compared to the base business, but carried greater core operating expense than the base business resulting in a potentially reduced incremental profitability for this growth.  This became clear when the next revenue level was triggered and the contract cost increased bringing the situation into absolute clarity.  This is where managed evolution and the trust and mutual effectiveness of the relationship were tested.  Using the process established at contract inception and working towards the mutual benefit of both parties, the two organizations worked together to find a specific solution to this matter and made the pricing adjustments necessary.  Had the potential for variance outside of the current state of the business not been considered and if a mutually effective relationship was not in place, the unforeseen consequences could have been costly.  In this case, the structural modifications occurred in a few weeks and the relationship continues to prosper.

Moving away from consumption-based pricing models and adopting alternative pricing models are realizable and without an extended, costly process.  The keys are a collaborative process, clarity into the business environment, and a mutually effective relationship that fosters trust.

About the Author

John Lyon is an IT services executive and consultant with more than 30 years of industry expertise spanning finance, operations and business development. With the ability to operate across strategic and tactical, conceptual and detailed matters, he has helped organizations to develop strategies and transformational programs, understand and shape key performance drivers and create sustainable business relationships.  John currently serves as the chief financial officer for GuideIT.

 

KLAS Recognizes GuideIT for Customer Satisfaction in “Partial Outsourcing” Market Segment

Thursday, January 11, 2018 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, was recognized by KLAS for its healthcare customer satisfaction and approach to building lasting relationships.  This is the first time GuideIT has been included as a preliminary data vendor on the KLAS website.

KLAS Research is a healthcare IT data and insights company providing the industry with accurate, honest and impartial research on the software and services used by providers and payers worldwide. KLAS puts forth significant effort to find the true story of what is happening with every vendor solution. Healthcare professionals are the engine that drives KLAS research by partnering with organizations to foster an atmosphere of transparency surrounding the state of healthcare, and highlight the services and solutions that are having an impact.

“We are excited to be recognized by KLAS and our customers for the results we produce and the manner in which we conduct business,” said Chuck Lyles, CEO for GuideIT. “We have built a team of healthcare experts and solutions that are helping our customers to achieve business objectives, realize reliable and cost-effective IT support, and improve cost and quality for healthcare organizations.”

GuideIT’s managed services are recognized for its combination of best-in-class technology, processes, and services, that reduce costs, minimize capital, enable technology-centric business results, and contribute to the improvement of patient care.

Lyles added, “At GuideIT, our mission is to redefine the nature of services relationships.  We are committed to partnering with customers to create measureable value; simplify the complex with straightforward approaches; and inspire confidence through the results we deliver, the expertise we demonstrate, and our team’s commitment to customers.”

For a complete view of vendor performance, visit www.klasresearch.com 

About KLAS

KLAS has been providing accurate, honest and impartial insights for the healthcare IT (HIT) industry since 1996. The KLAS mission is to improve the world’s healthcare by amplifying the voice of providers and payers. The scope of our research is constantly expanding to best fit market needs as technology becomes increasingly sophisticated. KLAS finds the hard-to-get HIT data by building strong relationships with our payer and provider friends in the industry. For additional information, visit www.klasresearch.com

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Contacts

For GuideIT:
John Lyon
Phone: (972) 543-0513
Email: john.lyon@guideit.com

For KLAS Research Information on IT Outsourcing Vendors:
Ryan Oliver, KLAS
Phone: (385) 312-8116
Email: ryan.oliver@klasresearch.com.

GuideIT Ranks Among Fastest Growing Private Companies

Tuesday, January 9, 2018 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, today announced that it has been named one of the fastest growing entrepreneurial companies for a second consecutive year in the SMU Cox Dallas 100™ awards.

The Dallas 100, co-founded by the Caruth Institute, recognizes the innovative spirit, determination and business acumen of area Dallas-area entrepreneurs.  The award focuses not only on growth, but an organization’s character and creditworthiness.

“We are excited and honored to be selected for the Dallas 100 for the second consecutive year,” said Chuck Lyles, CEO for GuideIT. “Delivering on our mission of helping customers to get the most out of technology, while redefining the services customer experience has resulted in trusted relationships and rapid growth over the past several years.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Ambulatory Healthcare Organizations Drive Clinical Environment Improvements Through GuideIT Clinical Service Desk Solutions

December 6, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced multiple contract signings for its clinical service desk practice to support ambulatory healthcare organizations.

Effective clinical service desks are essential to increasing EMR adoption and usage, improving the productivity of clinical care, implementing workflow improvements, and increasing clinician satisfaction.  Aligned to these objectives GuideIT utilizes a suite of solutions to help healthcare organizations through the clinical system lifecycle, including readiness, implementation, conversion, and go-live and ongoing support.  Its clinical service desk, which is staffed by experts with specialized EMR and ancillary system experience, as well as patient workflow and industry knowledge, provides cost-effective and scalable frontline support for clinicians and caregivers.

“A vital portion of any clinical systems environment is having the easily readily accessible expertise to help ensure expected clinician benefits are realized, ” said Chuck Lyles,” CEO for GuideIT. “Our clinical support solutions are focused on creating an environment that provides clinicians and caregivers more time to focus on patient care.”

The contract signings are in support of ambulatory services organizations undergoing initiatives to strengthen the clinical systems environment:

  • As follow-on to its clinical systems deployment support for an organization that provides physician practice services, GuideIT has been engaged to launch a leveraged, multi-practice service desk in support of eClinicalWorks.  With the objectives of ensuring an exceptional end user experience for the clinicians of its customers and facilitating productivity gains, GuideIT will work with the internal team to develop and implement training for the new system and then be the primary clinical support function.
  • In support of an eye care services practice with nationwide ophthalmologic and optometric practices and ambulatory surgery centers whose objectives are to utilize best-in-class technologies to help facilitate outstanding care, transform the IT function to make it more responsive efficient; and to prepare to support its acquisition plans, GuideIT will support a range of initiatives, including deploying a multi-tier technical and clinical service desk.  The clinical focus in on deploying a cost-effective support function that provides rapid support to clinicians in order to increase EMR usage, clinician productivity and the overall end user experience.

Lyles added, “GuideIT continues to demonstrate great agility in mobilizing teams to position customers to achieve business objectives.  These new contracts are representative of how our expertise and responsive style enable customers to rapidly move from concept to results achievement.  We continue to redefine the nature of IT services relationships.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Use Data From All Available Sources to Enhance Community Needs Assessment and Critical Access Hospital Performance

The U.S healthcare industry and the rural health community is experiencing profound changes in the areas of financing care and the delivery services. Rural and Critical Access hospitals face the most significant challenges to survival in the current reimbursement paradigm, as well as preparing for value-based contracts with payers and employer groups. One of the opportunities the Critical Access Hospital (CAH) has for managing this transition is using a comprehensive systems-based approach, including the tracking of a balanced set of strategic metrics both internally and externally with partners such as financing institutions and other healthcare providers. In the urban markets, the systems-based approach has been in production for many years to achieve clinical, operational and financial excellence but are typically out of reach for the CAH.

The CAH facilities traditionally behave as independent health care delivery islands and operated by either a for-profit management company or the local municipality, either of which may not be as informed about the environment the CAH must survive within or has the financial motives to aligned with the regulatory environment. Either way, a significant disruption is occurring within the CAH and rural market, and there seems to be less useful news every day that passes. Hospital closures and health plans at odds with these facilities seem to be top of every news story for this industry. While there is no one right answer, there is a set of opportunities that seem to be moving a few of these facilities in the right direction.

A couple of CAHs in far southwest Oklahoma have taken it upon themselves to begin to effect bold changes to save their facilities and provide better quality health care than some of their urban counterparts. The belief is that with a strong focus on building relationships with patients, partners and the community through transparency, better access and appropriate care these endangered facilities can flourish under a much-reduced fee for service or value-based payment structure. The first step is to use processes and technology typically reserved for the big urban health care systems to participate in public and private reporting programs on quality and customer experience. CAHs have had the advantage with customer satisfaction due to the nature of the “small-town” environment they operate. However, they must have the proof in empirical data to illustrate this in the market. This is where GuideIT and iVelociti have come together with other partners to bring a unique set of solutions specifically designed for the CAH environment to exceed performance through technology impacting cost, quality, and access to health care for their communities.

Many CAHs have focused on a single dimension of the “Digital Transformation” process taking place in healthcare today. Much of that focus has been on “Meaningful Use” requirements and the development of portals for patients the implementation of the electronic health record, as the sole way to reach out and engage the community. Unfortunately, this will not address the growing focus on population health management, and the decrease of traditional acute and swing bed patient volumes customarily seen as the financial stabilizer for these facilities.

To become relevant again in the overall rural health care market, these essential health care providers must look to different ways to increase market share and engage the community in creating required outpatient services locally. GuideIT’s iVelociti working in concert with a reputable management company and their partners have started the process of creating transparency for two facilities in far southwest Oklahoma. By leveraging the facilities investment in electronic health records and revenue cycle systems the iVelociti integration and analytics platform as a service uses data from all available sources to provide community needs assessment and CAH and health system performance. What this illustrates for the CAH is a concise picture of the community’s healthcare needs and why community members often travel elsewhere for locally available services. The platform provides a real-time view of where patients are within the CAH’s health care delivery system and provides for meaningful management of that individuals care as it is occurring.

CAHs are overwhelmed by the wide variety of regulatory requirements on a state and local level and do not have the time or type of resources required to leverage this kind of comprehensive technology environment. This is where the iVelociti platform provides a turnkey ability to integrate information from existing and new data sources and turn it into a simple, usable format which is critical to effect change on the CAHs environment. The combination of integration and analytics as a service allows the staff and partners for these CAHs to focus on their day to day work while the platform brings the people, process, and technology to inform as part of the normal course of business without disruption. As clinical and business functions continue, the platform illustrates opportunities for improvement and creates alternative workflows that can be implemented as a normal course of change management processes.

Technology is not the entire answer for the CAH's current situation. However, two facilities in southwest Oklahoma are proving in real-time that the focused implementation of a common-sense integration and analytics platform as a service allows for these small facilities to illustrate how they are a better alternative to driving to the tertiary care centers sometimes hours away. Implementation of this type of performance excellence framework focuses on the goal of not only improving outcomes but illustrating them to all who may be impacted. Now more than ever, CAHs need to demonstrate their value provided to patients, their families, doctors and other partners in the community. It is the combination of a management team that recognizes the value of integrating all the constituencies that support these facilities and providing complete transparency through integration and analytics to these groups will shift the focus to measurable outcomes. It is no longer feasible for CAHs to use technology in the same passive manner as the traditional EMR and portal approach. With the recognition that quality and safety measures reported in this manner are not adequate to illustrate the care provided at CAHs, high performance and proactive technology approaches are no longer an option but critical to the facilities survival.

Authored By: Frank Avignone, Practice Leader, GuideIT

Largest Independent Insurance Brokers Expands Human Resources Support Needs Through GuideIT

September 19, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced that it has signed a multi-year contract with one of the world’s largest privately held, independent insurance brokers to expand its customer-facing Human Resources support operation.

With the objectives of increasing scalability and redundancy of its customer care operation in a predictable and cost-effective manner, GuideIT will operate a Human Resource Assistance Center that will work in conjunction with the existing in-house operation to provide the broker’s customers with bilingual support for health coverage, eligibility, and other associated benefit matters. GuideIT will provide a highly scalable customer support solution that will enable the broker to better meet customer support requirements during high demand and peak business hours as the company grows.

“Our customer support solution enables us to expand capacity to better meet customer support needs and includes an added layer of flexibility and scalability to help control costs,” said Mark Johnson. “By deploying this solution, GuideIT is helping the customer achieve their overall business objectives of increasing its support capacity while also improving business continuity.”

With GuideIT’s Service Desk solution, organizations enhance the user experience, increase operational quality and reporting, and achieve an optimized, scalable cost structure.  GuideIT provides end-user support services encompassing technology infrastructure, clinical applications, software product and business process support.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Provider of Healthcare Monitoring Solutions Engages GuideIT To Achieve Target IT Operating Environment

September 14, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced that it has signed a transformational managed services contract with a provider of healthcare monitoring solutions to enhance IT capabilities and support business growth.

Following an internal IT operations assessment that identified gaps to its growth-centric business objectives, GuideIT was engaged to provide strategic IT and operational IT leadership, develop and implement a strategic technology strategy, and implement a program management office that enables timely and on-budget project completion.  GuideIT will also support the applications environment with development and support services. A flexible resourcing model, which optimizes technology investment over the life of the relationship, will be deployed to create a cost-efficient operation.

“We are excited to provide an IT function that will support our customer’s growth, while implementing the tactical rigor necessary for success,” said Chuck Lyles, CEO for GuideIT.  “Our solutions will solve a new, cost-effective capability, built on expertise, process, and flexibility to establish an optimized path for achieving desired outcomes.”

With GuideIT managed services, organizations achieve operationally sound, secure, and cost-effective information technology operations through an agile and responsive approach designed to help businesses achieve their goals both today and as they evolve.  GuideIT managed services, which encompass technology infrastructure, applications and cyber security, combine industry expertise, best-in-class processes and its technology management platform to provide scalable support and innovation in an efficient manner.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Endpoint Security…I Should Have Known Better.

Imagine yourself jetting off to enjoy a milestone weekend with your son at college, navigating the joys of LaGuardia Airport, two shuttles to get to your rental car, and starting to relax as you enjoy a nice drive up the Hudson River Valley.  Finally arriving at your hotel and fired up for a great weekend, a feeling of panic comes over you as you realize that your backpack, with your PC, iPad, cars keys and other personal items did not make the trip north.

They say in an accident your life flashes before your eyes.  My first reaction when I realized I’d left my backpack on the rental car shuttle was a similar experience.  My emotions ran the gamut – from the inconvenience of replacing the devices, to the hassle of having to Uber home and then back to the airport to get the car, to an escalating dread as I mentally inventoried both the data and the security settings on the devices I’d lost.

Fortunately for me everything ended up fine.  The fine folks at National Car Rental pointed me to a lost items website and sure enough, among a surprisingly long list of lost and found items, there was a backpack turned in that day.  We drove back down and picked up the backpack, hit the reset button on the weekend, and enjoyed a great trip.

What did I take away from this incident?  Many were lessons I already knew, but had filed under “it won’t happen to me.”  Guess what?  It happened to me.  Suddenly, the drum beats around foundational data assurance concepts like encryption, password strength, back-ups and general security best practices went from “yeah, yeah I hear you” to “AB-SO-LUTE-LY!”

Many common-sense security configurations and precautions your users can execute themselves, either on their own or with a little guidance from IT.  But if you’re managing a portfolio of devices for your organization, or are concerned about the liability for sensitive or regulated data, do you really want to rely on a “trust me” model?  And an approach that if a device is lost or stolen you have limited visibility into exactly what that means for your customers and company?

For me, I typically don’t purchase the “extended warranty” on devices I purchase in my personal life.  It’s a form of insurance I choose to roll the dice on, especially given that the cost to replace is usually manageable for me.  But there’s nothing quite like an incident like this to drive home the point that the “insurance” offered through end-point security and mobile device management services is not a nice to have, but rather quite simply, a business requirement.  The risk to me in this incident was primarily personal; the risk in the enterprise is significantly higher, especially in cases where PII or PHI is involved.

GuideIT offers solutions around securing end-user compute and mobile device management.  We offer these services in an easy to understand, price-per-device, per-month, and the services integrate directly into either our managed services offerings or your own service management processes.

Late that night, prior to learning that the backpack had been turned in, I fretted over and over about how painful my Monday would be when we got back from our trip.  All I could say to my wife was “I knew better.”  As mentioned, it all worked out fine for me.  But when your moment of crisis arrives, and trust me it will, ask yourself:  will it be a mild inconvenience, or will you have to look your customer, leadership, or even a law enforcement official in the eye and say “the really sad thing is…we knew better…

Authored by: Mark Johnson, Vice President, Commercial for GuideIT

Medical Device Manufacturer Expands Management Consulting Arrangement with GuideIT

September 7, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced that it has extended a consulting arrangement with a leading medical device manufacturer following a successful Enterprise Assessment engagement.

With the objective of gaining a comprehensive assessment of its IT organization and reviewing the effectiveness of project initiatives, GuideIT was initially engaged to perform its diagnostic Enterprise Assessment.  The assessment provided an actionable determination of the IT organization’s strategic alignment, processes and methodologies, financial efficiency, operational functions, risks, governance and human capital.  GuideIT has now been engaged in an operational leadership role with the objectives of realigning the organization, implementing operational and process improvements, and facilitating the achievement of cost efficiency targets.

“GuideIT’s assessments have provided the insight needed to launch holistic, transformational IT programs, said Chuck Lyles, CEO for GuideIT.  “As a trusted advisor with the operational expertise necessary to deliver tangible improvements, we are well prepared to operationalize the findings and help this great organization achieve a well-aligned, efficient and highly effective IT function.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com.

Critical Access Network To Realize Efficient Continuum of Care Through GuideIT’s iVelociti

 

August 31, 2017 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, today announced that its iVelociti™ digital enablement platform will be used to facilitate an efficient continuum of care for a regional healthcare provider critical access network.

Critical Access Hospitals, which fall under a program established by the federal government in 1997, locally serve residents who otherwise could be a considerable distance from emergency medical care.  These hospitals and other regional healthcare organizations are joining forces to provide a local continuum of care typically only accessible through a larger, but remote health system. GuideIT’s digital iVelociti™ platform will enable connectivity between the electronic medical record systems of independent providers within the network to facilitate the efficient hand-off of patient care.  For a critical access hospital, this will enable it to provide a greater range of care to its constituents.  GuideIT will also deploy its digital laboratory solution to compress the timeframe for the lab order to results cycle.  With this solution, laboratory reports are provided in a digital format so they can easily integrated with the electronic medical record system and help physicians to rapidly identify potential health issues.

“We are excited to help healthcare providers redefine the use of IT to facilitate a better continuum of care,” said Chuck Lyles, CEO for GuideIT. “With iVelociti, we provide healthcare providers with a financially efficient path to digital success.”

GuideIT’s digital transformation solutions, consisting of data integration, visualization and analytics, and event-driven healthcare, help organizations to better understand and serve constituents, launch new business models, and optimize business processes. These results-oriented solutions enable proactive patient care, enhance the customer experience, transform legacy business processes to increase profitability, and extend the life of legacy applications by applying event processing and cutting-edge visualizations to critical, but disjointed information dispersed across many sources.  Through iVelociti™, a platform-as-a-service component of GuideIT's digital transformation solutions, customers realize accelerated business results in a cost effective, flexible and scalable manner.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

 

Top Three Benefits of Applying Automation to Healthcare

It is no surprise that three out of four healthcare CEOs cite overall cost reduction and efficiency as their top two financial priorities. With the healthcare industry continually looking to cut costs and waste and improve efficiency and throughput, automation of manual tasks is imperative for strategic performance improvement.

Automation is defined as the use of control systems and information technologies to reduce the need for human work in the production of goods and services. The introduction of the assembly line at Ford Motor Company in 1913 is often cited as one of the first forms of automation. With this innovation Ford achieved a dramatic reduction in the time to produce a car from 12 hours down to 1.5 hours!

Today, automation is a key asset to our every day lives, including ATMs, self-checkout at the grocery store, auto park assist in vehicles, and many more routine activities involving automated technology.

The heightened demand to reduce costs and eliminate waste in healthcare has brought the adoption of automation to the spotlight. With an exponential aging population, along with more people in the healthcare system, the market will require more care, and the influx of patient volumes cannot be managed with the current staffing levels. A shortage of this magnitude would be twice as large as any nursing shortage experienced in this country since the mid-1960s. The looming shortage demands efficiency and the elimination of redundant work and manual tasks.

Healthcare is an inflationary model, but it’s intensified by the fact that everyone wants to hire more bodies rather than think about how they can get a job done faster, more efficiently and most often more accurately through automated technology. The challenge in healthcare has always been captivating people and urging them to look at things innovatively by using technology.

This is no longer an option. Automation is now a “must have,” for any organization, in any industry, to thrive…especially healthcare. There are not enough providers to continuously monitor large patient populations for the model of care where clinical outcomes will set your organization apart from the unsuccessful.

Below are the three big benefits that are achieved by applying automation to healthcare:

1. Improved Quality and Consistency

Automation tools eliminate issues stemming from human error or fatigue, so they can help provide a consistency for healthcare providers and patients. Increased automation in the areas of medical records, order entry, and decision support appeared to result in an increase in patient outcomes, patient readmission rates and overall costs.

2. Reduced Waste

Lack of automation typically means the use of paper. The use of paper typically leads to a lot of waste, both literally and figuratively. In many situations, time is waste. For example, rather than wasting time playing phone tag with a discharged patient in the free minutes between hospital nursing duties, automation can help get nurses and patients connected more efficiently. Cost is another area where waste is very prevalent. As much as three-quarters of administrative costs go to deployment, monitoring, updating, and troubleshooting information technology. That’s because so many IT processes are manual, tedious, and error prone. Wouldn’t you prefer to spend your limited funding on strategic business initiatives that can propel your business forward? Automation services provide a platform for advancing your technology operations and overall business objectives.

3. Real-Time & Transparent Data

Technology used to automate processes delivers insight into data that can be used for performance improvement and operational optimization. Automated technology can collect data to generate real-time reports and provide true, immediate insights into the success or challenges of an organization, as well as provide an accurate snapshot of operational programs to measure the level of involvement needed to become even more efficient, more accurate and more helpful.

Areas to apply automation in your healthcare environment require a standardized, repeatable process and is the first thing to look for when thinking of automated technology. Bottom line…in a healthcare setting, put yourself in the patient’s shoes, and then ask yourself this question: Would you rather be a patient at a facility that operates on manual processes and paper, or would you rather be a patient at a facility that has implemented automated technology to remove possible human error and fatigue?

Authored by: Frank Avignone, Practice Leader, Healthcare for GuideIT

Provider of Long-Term Care and Aging Services Selects GuideIT to Strengthen IT User Experience for its Caregivers

August 17, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced it has signed a multi-year contract to provide a service desk solution for a pioneering provider of long-term care and services for the aging.

The service desk solution being deployed by GuideIT will enable the company to improve the IT support and tools it provides frontline caregivers, which is a strategic imperative for this company. The service desk is designed to reduce response times and increase overall caregiver satisfaction by enhancing the IT user experience.  The company made the decision to source its services desk so that its caregivers could focus on improving the everyday lives of the seniors under their care. GuideIT will become the primary interface to the user environment and the service level improvements will materialize through the consolidation of the support operation, deploying a new suite of tools, and by enhancing and standardizing the support processes used to resolve IT issues.  GuideIT will be leveraging its deep healthcare service support expertise to deploy a team that understands the unique environment, tools and demands being placed on frontline caregivers. The provider will also benefit from a scalable, optimized and predictable cost structure by moving to GuideIT’s service desk solution so that it can repurpose freed up resources on care delivery.

“We are pleased to provide an accelerated path to an improved end user experience and a standardized, cost-efficient operation,” said Chuck Lyles, CEO for GuideIT.  “By leveraging GuideIT, healthcare organizations can focus on patient care, while having the confidence that their IT objectives will be achieved.”

With GuideIT service desk solutions, organizations enhance the user experience, increase operational quality and reporting, and achieve an optimized, scalable cost structure through a centralized platform consisting of standardized tools, specialized expertise and 100% domestic delivery.  GuideIT provides end user services encompassing technology infrastructure, clinical applications and software product support.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Global Technology Firm Selects GuideIT to Achieve a Major Acquisition-Related Deployment Initiative

August 8, 2017 - Plano, TX -  GuideIT, a market leader in redefining the delivery of information technology, today announced that it has been awarded a post-merger integration project with a global technology firm to upgrade and standardize end user workstations.  This solution will enable a broader transformation and effective process for improved end-user satisfaction.

GuideIT, a major provider of integration services to all size of firms in the US, has agreed to assist in the rapid post-merger integration activities by migrating more than 8,000 devices to a standardized image and end-user solution.  Utilizing its large-scale deployment methodologies and rapid implementation capabilities, GuideIT will mobilize a team of specialists to complete the multi-location project by early 2018 in order to meet critical integration deadlines.

“Speed and scale are core to GuideIT’s capabilities to provide mission critical technology integration solutions in a fast-paced technology environment, said Chuck Lyles, CEO for GuideIT.  “We take great pride in providing a cost-effective, path for organizations to achieve an efficient and secure end user computing environment.”

GuideIT enables organizations to efficiently manage the technology complexities associated with acquisition and divestiture activity.  It has helped to facilitate a billion-dollar spin-off by sourcing a suite of IT services vendors, managed the multi-year transition of IT functions associated with a large-scale business transaction, and assisted organizations with IT synergy planning, end-state applications planning and due diligence preparation.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Global Business Services Joint Venture Achieves Strategic Cyber Security Objectives Through GuideIT Services

GuideIT, a market leader in redefining the delivery of information technology, today announced that it has completed a major initiative to design and implement a cyber security solution with a global business services provider.  This solution enables the customer to operate in a fault tolerant environment that protects against business-disrupting threats.

GuideIT, with its advancing Cyber-Security practice, has been working with this customer for more than three years on various transformation technology initiatives that requires standing-up an independent enterprise for its newly formed entity.  GuideIT, as part of its post-merger integration solutions, partnered with the customer to design and implement the necessary security solutions covering more than five processing centers, 15,000 users across six continents.

The end result was a world-class solution that included security information event management, intrusion detection, multiple layers of access management and authentication, data loss prevention and file integrity monitoring, data classification management, advanced end-point threat protection, antivirus protection and mobile device management.

Chuck Lyles, CEO for GuideIT said, “With the growing number of threats and increasing number of connected devices, cyber security has become an integral part of any business strategy.  We are proud to have played an important role in helping a dynamic, global organization achieve its strategic security objectives.”

In April, GuideIT launched GITSecure, its customizable “good, better, best” strategies leveraging the right expertise and technology to affordably combat growing cyber threats.  These strategies provide a cost-effective path to a more secure cyber environment for organizations large and small.

About GuideIT

While technology is critical for every business, it’s also complex and ever-changing, often making it difficult to manage as an asset. Because of this complexity, many business leaders find themselves in need of advisors they can trust...people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. Visit guideit.com.

 

GuideIT Launches Advisory Board

Business Leaders with Extensive Technology Services Backgrounds Provide Industry Perspectives Valued and Trusted by Customers

July 25, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced it has formally launched an Advisory Board of business leaders to support its industry-focused approach to providing information technology services.

The GuideIT Advisory Board will support and provide perspectives on business and technology trends and associated business strategies and solutions necessary for GuideIT to continue redefining the delivery of information technology.  The Advisory Board members include:

  • Joe Boyd, who will serve as Chairman of the GuideIT Advisory Board, has served in board-level roles over the past 15 years for entrepreneurial technology and services companies serving the healthcare industry.  Previously, he was key to establishing Perot Systems healthcare market approach and setting a foundation for its long-term growth.  Joe then served as Executive Vice President of Sales and Operations for Perot Systems North American business.
  • JR Thomas is a Co-Managing Partner of the Thomas Marshall Group, LLC, a healthcare advisory company.   He was the former Chief Executive Officer for Optum Physician Services, formerly MedSynergies, Inc.  Under his leadership, MedSynergies grew from a concept to more than 1,100 employees.  He began his business career in various corporate finance positions with predecessor banks of JPMorgan Chase.  He has been recognized nationally for his work in physician alignment and revenue cycle management.  He is a recipient of Ernst & Young's Entrepreneur of the Year Award for Healthcare.
  • Hays Lindsley is Managing Director for both Perot Holdings and PEPI Capital where he is responsible for private equity investments and serves on the board of directors for companies in a wide array of industries.  Operating in board oversight roles, Hays brings a unique perspective on the technology-centric business challenges that organizations face.
  • Anurag Jain is the Chairman of Access Healthcare, a provider of healthcare revenue cycle management solutions.  He has founded and grown three IT services businesses and led major IT services operations serving the healthcare and financial services industries.  Anurag serves on the board of the East West Institute which is a global think-and-do tank that devises innovative solutions to pressing security concerns and mobilizes networks of individuals, institutions and nations to implement these solutions.  He is a recipient of Ernst & Young's Entrepreneur of the Year Award for Technology and Technology Services.

“GuideIT is excited and honored that industry leaders are joining our newly formed Advisory Board,” said Chuck Lyles, CEO for GuideIT.  “Each advisor brings a wealth of knowledge, experience and perspective to ensure GuideIT remains at the forefront of innovation necessary to redefine the delivery of IT services.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Multi-specialty Medical Provider Accelerates Path to Enhanced Patient Care and Efficiency Objectives Through GuideIT Services

Major Medical Record Abstraction Project Completed To Exacting Quality Standards, On-Time and Under-Budget

GuideIT, a market leader in redefining the delivery of information technology, today announced that it has completed a major medical record abstraction project in support of a clinical-systems-oriented business initiative for a multi-specialty medical provider.

After growing to more than 1,200 primary care physicians and specialists and 300 medical care delivery sites, this leading multi-specialty medical provider undertook a clinical system consolidation initiative in order to achieve a single patient record, facilitate an effective continuum of care and realize cost efficiencies through the elimination of multiple legacy clinical systems.  Because of the number of disparate legacy systems to be consolidated, an automated conversion of more than 240 thousand patient records was not feasible resulting in medical abstraction being selected as the most effective conversion method.

Requiring an accelerated conversion process, GuideIT created a project approach, established a project management office and assembled a team of more than 65 specialists in approximately three weeks.  Upon project launch, GuideIT implemented a quality management program to ensure both the quality and productivity standards were met and that the customer received daily updates.  The project resulted in the conversion of more than 340 thousand medical records and achieved or exceeded all project objectives to enable the new clinical platform to become fully operational and the customer to achieve its enhanced patient care and efficiency objectives.

“Faced with time, quality and budget constraints, we mobilized our organization to position our customer for success,” said Chuck Lyles, CEO for GuideIT. “GuideIT is trusted to deliver results in the most demanding of business environments.  Our team consistently converts challenging business objectives into successes for our customers through an agile, flexible and results-oriented approach.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us.  www.guideit.com

 

Inspiring Service Desks to Work for You: Achieving Service Desk Standards

Seemingly, achieving Service Standards should be relatively easy, after all they are standards.  However, when you start looking at the various categories of what encompasses Service Desk standards (abandon rate, average speed to answer, first call resolution, staffing ratios, FTE utilization calculations …), it is quickly realized that achieving standards is not so standard.  It may seem a bit overwhelming, but breaking each category down and walking through 4 basic steps will aide in establishing your Service Desk standards:

Step 1 – Research and identify ranges

First, choose a category and get to researching seeking to determine how it applies to your environment and identify ranges to consider.  Your research should be dynamic, reaching out to peers and networks to determine what other organizations are doing, and how does your organization compare?  Get involved with service desk associations in your city, region, or nationally such as HDI (www.thinkhdi.com).  And read respected research (Garnter, Forrester, HDI….) for standards and ranges.  Use any and all channels you have to gather as many data points as possible.  Then analyze the data for your environment and identify ranges.  Keep in mind, ranges may vary depending on the industry it serves.  For example, if you are managing a claims processing call center, your manager to analyst ratio is most likely lower than if you are managing a tier 2 application service desk.  So talk to peers, get involved with similar service desk organizations and Google for respected research before establishing your standard and range.

Step 2 – Determine how to measure

Next, make sure you have the tools to measure the standard at the appropriate frequency.  Usually you can build a report or dashboard in an existing tool such as an IVR, contact center solution, ITSM solution… and review that data instantly or on a set frequency.  Some standards such as FTE utilization may need a spreadsheet with various inputs to calculate the overall utilization.  Either way, make sure you have a way to accurately measure the standard and then review at the appropriate times. Frequency in which you monitor may be instant, hourly, daily, weekly or monthly.  For example, if you are establishing an abandon rate, make sure you have the tools to track and measure continuously.  You do not want to get to the end of the month, week or even day to determine you needed to adjust your staffing schedules.  Whereas staffing ratios can be tracked on a weekly or monthly basis (depending on your business needs).

Step 3 – Set the standard and measure

Now that you have a way to track and measure your standard, determine where you want to start within the range you identified.  Consider where you and your organization fall in regards to starting at the aggressive, conservative or middle of the range.  For example, if your business requires a very fast average speed to answer then set that standard on the aggressive or fastest end of the range.  Now the standard is set, start measuring.

Step 4 – Refine the standard and go back to step 3

Your standard is set and you are measuring the results at the proper frequency.  Now you need to monitor the standard for the appropriate duration, possibly adjust to achieve the standard and perhaps even make changes to the standard.  Some standards may need to run for a few days or weeks to have enough data to analyze.  For example, the category of first call resolution would need enough data to determine where you may need additional training, knowledge articles, call routing etc. Whereas some standards need to be monitored instantly such as abandon rate to determine if you need a front-end message for an outage or if you have too many agents out of the queue.  So, monitor the standard for the appropriate duration, make the necessary adjustments and then continue refining for continuous improvement.

Make sure you utilize your organization and team’s expertise throughout the process.  Not only will the results be superior, but you will have the support and buy-in needed to deliver the standards.  Thus achieving service desk standards may not be so standard, but using a simple breakdown structure will help you establish, redefine and optimize your standards for better service delivery and satisfaction.

Summit Selects GuideIT as Trusted Advisor for Technology Services

Plano, TX – July 11, 2017 - GuideIT, a market leader in redefining the delivery of information technology services, and Summit, a privately held, national financial services firm, today announced a multi-year technology managed services relationship.

Through GuideIT Managed Services and GITSecure, Summit and Summit Consolidated Group companies will attain a secure, redundant and cost-effective technology infrastructure, enhanced applications, and IT leadership that support its business and growth strategy. Services provided by GuideIT include: infrastructure support, service desk, service management, cyber security, applications development and management, IT strategy and oversight, applications migration, end-user support, EDI, data lifecycle management, and business continuity services.

“As our business continues to grow and diversify, bringing in the expertise and resources necessary to enable our business strategy is a priority,” said Dale Young, Chairman and CEO of Summit. “Focusing on our desired business outcomes, GuideIT provided a cost-effective, scalable and secure path to achieving our technology vision. I’m excited about our future together.”

“We are delighted for the opportunity to assist Summit as they continue to grow and diversify,” said Chuck Lyles, CEO of GuideIT. “At GuideIT, our focus is on how technology can enable an organization’s business strategy and targeted outcomes.  It is exciting to see the linkage between our services and Summit’s continued success.”

GuideIT solutions for small-to-midsize businesses bring enterprise-class technology solutions to a broad set of organizations in an affordable, scalable and easy-to-access manner.  GuideIT has scaled its infrastructure, cybersecurity, applications and digital technologies so that smaller organizations may benefit from the business-transforming technologies typically only accessible to larger organizations.

About Summit

Summit, a subsidiary of Summit Consolidated Group, is a privately held, full-service financial services and executive consultation company with offices and affiliated partners coast to coast. Since 1988, Summit’s valued associates and far-reaching brokerage network have served more than 2,000 companies, organizations and individuals nationwide. Headquartered in Dallas, Summit’s national network of associates provides exceptional insights into every aspect of employee benefits management, risk management, wealth management, and retirement planning. Learn more at www.yoursummit.com.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Global Energy Provider Chooses GuideIT for Digital Transformation to Optimize Business Processes

June 27, 2017 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, today announced it has expanded its digital transformation relationship with a diversified global provider of energy services.

Through GuideIT digital transformation solutions, this global provider will increase the pace of business, while reducing its administrative cost by integrating information to multiple disparate systems, applying adaptive business rules, and providing impactful business visualizations.  The free-flowing integration of sales, financial and operating information will provide actionable, performance-enhancing insights into their business processes.  Cost efficiencies will be realized through the elimination of manual processes, reduced IT support requirements and the elimination of software.

“Today’s digital technologies provide a clear path to increased business performance,” said Chuck Lyles, CEO for GuideIT.  “At GuideIT, we are helping organizations to better serve their customers, launch new and innovative business models, and increase the pace of business through the more effective use of disparate and difficult to leverage information.”

GuideIT’s digital transformation solutions, consisting of data integration, visualization and analytics, helps organizations better understand and serve constituents, transform and modernize business operations, and optimize internal finance and inventory business processes. The GuideIT solution provides users with the data they need for proactive decision making that can help increase profitability and improve the overall consumer experience.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Plano Award Program Honors GuideIT as 2017 Winner

June 9, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, has been selected for the 2017 Best of Plano Award in the Business Services category by the Plano Award Program.


Each year, the Plano Award Program identifies companies that we believe have achieved exceptional marketing success in their local community and business category. These are local companies that enhance the positive image of small business through service to their customers and our community. These exceptional companies help make the Plano area a great place to live, work and play.

Various sources of information were gathered and analyzed to choose the winners in each category. The 2017 Plano Award Program focuses on quality, not quantity. Winners are determined based on the information gathered both internally by the Plano Award Program and data provided by third parties.

ABOUT PLANO AWARD PROGRAM

The Plano Award Program is an annual awards program honoring the achievements and accomplishments of local businesses throughout the Plano area. Recognition is given to those companies that have shown the ability to use their best practices and implemented programs to generate competitive advantages and long-term value.

The Plano Award Program was established to recognize the best of local businesses in our community. Our organization works exclusively with local business owners, trade groups, professional associations and other business advertising and marketing groups. Our mission is to recognize the small business community's contributions to the U.S. economy. www.onlineawarded.org

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Praxeo Health Engages GuideIT to Redefine Clinical Laboratory Business Processes and Optimize Quality Assurance

June 1, 2017 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, today announced a multi-year agreement with Praxeo Health to provide a digital transformation platform to redefine how clinical laboratories manage cost of goods and provide superior service and quality.

GuideIT’s digital transformation solutions, consisting of data integration, visualization and analytics, and event-driven healthcare, help organizations to better understand and serve constituents, launch new business models, and optimize business processes. These results-oriented solutions enable proactive patient care, enhance the customer experience, transform legacy business processes to increase profitability, and extend the life of legacy applications by applying event processing and cutting-edge visualizations to critical, but disjointed information dispersed across many sources.  Through iVelociti™, a platform-as-a-service component of GuideIT's digital transformation solutions, customers realize accelerated business results in a cost effective, flexible and scalable manner.

“We have already encountered significant demand for consulting, analytics, and online content to assist providers and employer groups with laboratory utilization management” said Jerry Duck, Chief Compliance Officer of Praxeo Health. “Much of this focus by payors may be driven by cost concerns, but we are also experiencing a huge focus on quality assurance as evidenced by the number of lab closures occurring in many markets today especially in DFW.”

Ron Manipol, CEO of Praxeo Health said “New technologies such as GuideIT’s iVelociti™ digital transformation platform will help us associate the need to document traceability, compliance, and chain of custody combined with comprehensive communication of the testing process and results with the ordering entity, patients, pharmacy, or retail clinics.” As Mr. Manipol went on to point out, “this will support better patient management by providing more precise intelligence into the lab process or a population’s health at a lower cost than in the traditional commercial laboratory process.”

“Like many other areas of healthcare, we see laboratory services experiencing a similar IT revolution”, said Chuck Lyles, CEO of GuideIT. Lyles added “we also see laboratory organizations that embrace emerging IT technologies, such as the iVelociti event processing and process management solution, experience an increase in efficiency, a reduction in errors, and an overall improvement of the quality in the delivery of health care services.”

ABOUT PRAXEO HEALTH

Praxeo Health, LLC is an innovative clinical laboratory providing high-quality, cost-effective testing solutions to physicians and patients. Through ongoing research, discovery and development of new methods to clinical testing, Praxeo Health is dedicated to early detection and intervention that results in ongoing cost savings for patients, providers and payers. www.praxeohealth.com.

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

The Rosetta “Block” Stone for Health Care Interoperability

Every few years or so the health information technology world seems to be obligated to pass through yet another fad or phase around the next disruptive or innovative approach to data access, analytics or interoperability. For those of you around my age, you may remember that concept called a "CHIN" or community health information network? This was followed by RHIOs, HIEs, and let's not forget the electronic medical/health record run over the past decade. HIMSS this year was its usual cavalcade of bright lights and rich dashboards, but there was something slightly different lurking against the back wall in the small booth section. There was a small company extolling the virtues of something called "Blockchain" technologies and how this platform was going to finally open healthcare information once and for all in a secure and governed manner.

Many of you reading this blog post probably have heard of Blockchain with all the media swirl around a product called "Bitcoin" which was the first open source cryptocurrency that supported a global peer-to-peer distributed ledger for financial transactions.

 

At its most basic level the Blockchain technology consists of three components; 1) a shared ledger of operations that occur on component two 2) a distributed network which is designed to support part three 3) the digital transaction. The Shared Ledger is simply a record of digital transactions. Members of a network have algorithms that run for verification and veracity of any transaction. If members of the network agree that the transaction is valid that transaction will be added to the shared ledger immediately. Once a transaction is added it becomes final and no member can change or tamper with the data within that transaction and subsequent place on the chain. The Distributed Network is simply a peer-to-peer network with each member of the network represented by a node on that network. Each member of any network stores an identical copy of the Blockchain and participates in the certification and validation of all transactions on their network. The Digital Transaction is the information stored in the Blockchain. The information within any transaction is defined by the network participants. Each transaction is digitally signed and encrypted to guarantee provenance and authenticity. Because each block has its cryptographic hash maintained by the block preceding it and blocks are added in a linear and chronological order the chain is virtually immutable without access to all previous blocks. Any attempts to break into a chain is ineffective without all blocks from the history of the chain from the inception of the network from all nodes ever participating.

The Healthcare Conundrum

There have been the usual protestations that Blockchain will be the answer for all access to the electronic medical records island of data and the provide the platform for access control to all PHI (Ekblaw, Azaria, Halamka, & Lippman, 2016). The MIT proof of concept (POC), used Blockchain architectures to manage authentication, confidentiality, and accountability in a modular design that leveraged the providers existing information systems architecture (Ekblaw, Azaria, Halamka, & Lippman, 2016). As part of this POC “miners” that are required to authenticate transactions were incentivized through access to aggregate data that today they do not have ready access such as researchers in the academic healthcare environment (Ekblaw, Azaria, Halamka, & Lippman, 2016). Other research not related to any production proof of concepts relays concerns about scalability and vendor neutrality (Linn & Koo, 2016). For a moment imagine either unilateral implementation of a Blockchain solution by EPIC or Cerner requiring base system purchase to achieve any level of interoperability and then any economic barriers to protect legacy application install base.

While many vendors will be sporting Blockchain solutions to solve all healthcare IT interoperability at the 2018 HIMSS conference, it is important to understand the realities of using Blockchain.  Like all the solutions proffered before the advent of Bitcoin as the “Rosetta Stone” a complete understanding of the challenges from a business and technical perspective should be considered. Blockchain has yet to address the real-world challenges of scalability, resolution of various levels of role-based security, privacy and business architecture to support the current construct as we know it today. None of these are insurmountable but need to be further explored on a larger scale POC.

Scalability has and always will be a concern when the need to aggregate various types of data in a comprehensive view of an individual’s medical record information across multiple sources. Any vendor who approaches the deployment of Blockchain from the vantage point that it will solve interoperability challenges probably should not be considered a viable partner. If, however, Blockchain is positioned as an inexpensive and capable access control mechanism for on-demand access to a subset of data required timely across a regional health care system this could fill a critical gap in communications. On demand lab results, radiology results, referral information or pre-authorizations might be areas of focus. Much like the “Record Locator Services” the Blockchain would serve as the index to an individual’s health record information no matter where the source resides (Linn & Koo, 2016). As part of the “map” t the patient's information, no health information but the data and metadata about the patient's record would be indexed and encrypted as a link to the information requested (Linn & Koo, 2016). This would require either a central data store or a tightly federated model of network communication to work effectively.

Instead of focusing on all the medical record information requirements perhaps a focus on a smaller but critical aspect of the health record the laboratory tests result. Leading market research firms have placed the percent of physician’s diagnosis based on lab results at 80% (Schmidt, 2017). Consider the new clinical laboratory receiving a new order on a patient never encountered by that lab. When a patient record was created by the Laboratory Information System (LIS) a digital signature could also be set up to verify results requests for that patient. Instead of the LIS having to support portals for results that have less than friendly search and integrate functions around those results the Blockchain could create the index for a particular test and result for that patient that could then be shared across the trusted network. The consumer could now safely be given the responsibility of who and when to share those results with as they navigate wellness all the way through chronic care. This is a bit of an oversimplification, but the use case is sound.

Conclusion

At the end of the day, Blockchain does hold some promise for being a large part of a solution that is still under construction. Companies like Ethereum, Brontech, GemOS, and HealthCombix are working secure communications and interoperability from many different angles. While this work is good for the industry, the hope is that Blockchain will not become the next big hit at HIMSS to see companies taking investment money and spinning up big booths at HIMSS next year only to be missing the following year after the hype cycle runs its course. Application of Blockchain will require ONC involvement and some market oversight to ensure that every technology vendor in the market can easily participate in the effort to create interoperability in a safe and secure manner. If this becomes another barrier to entry created by the larger HIT companies the only looser will be the patient and the small provider.

Works Cited

Ekblaw, A., Azaria, A., Halamka, J. D., & Lippman, A. (2016). A Case Study for Blockchain in Healthcare: “MedRec” prototype for electronic health records and medical research data. Open & Big Data Conference (pp. 1-11). Boston: IEEE.

Linn, L. A., & Koo, M. B. (2016). Blockchain for Health Data and Its Potential Use in Health IT and Health Care Related Research. HealthIT.gov. Washington DC: HealthIT.gov.

Schmidt, S. (2017, March 28). 12 Leading Companies in Clinical Laboratory Services. Retrieved May 28, 2017, from MarketResearch.com: http://blog.marketresearch.com/12-leading-companies-in-clinical-laboratory-services.

HITRUST Delivers New Level of Speed and Visibility to Customers with GuideIT’s Digital Transformation Platform

May 23, 2017 – Plano, TX – GuideIT, a market leader in redefining the delivery of information technology, announced today a partnership with HITRUST Alliance that will help speed HITRUST’s Digital Transformation in the creation of an assessment exchange to automate and streamline vendor risk management.

Building on GuideIT’s iVelociti™ platform, the new HITRUST Assessment Exchange will help organizations rapidly integrate valuable vendor risk assessment data locked in redundant silos, improve customer experience, and simplify the process of managing security and privacy risk assessments and compliance information from third-party vendors.

“This is a valuable step forward for customers, vendors and our organization,” said Daniel Nutkis, CEO of HITRUST. “Customers can now benefit from the speed and visibility of a secure collaborative environment for managing the demands of vendor risk management.”

The traditional vendor risk management process is a complex, fragmented, time consuming process.  It is no longer sustainable in-light-of the demands on most organizations that struggle to reduce risk and stay within their respective regulatory compliance. Additionally, consumer demand for better digital experiences has evolved from a “nice-to-have” to a requirement. Business partners, associates and vendors all want to seamlessly connect with information services in a transparent and easy to use environment at any time – wherever they are across multiple devices and platforms.

“We believe the healthcare industry has reached an inflection point where the demands of the regulatory environment require that organizations be able to effectively manage their third-party vendor risk in an integrated and automated environment,” said Chuck Lyles, CEO of GuideIT. Lyles added, “iVelociti™ through its business process automation and integration will ensure that comprehensive assessment information will be available for exchange in a digital format, consumable by the healthcare organization’s current risk management system, independent of vendor or technology.”

The HITRUST Assessment Exchange also provides customers with updates on progress and allows engagement when a vendor is not appropriately meeting their requirements, allowing the customer to focus on managing risk rather than the administrative process. The HITRUST Assessment Exchange is intended to integrate with, and not replace, an organization’s existing vendor risk management system.

For the vendor, it streamlines and simplifies the process, as most vendors do business with multiple organizations. Given the wide adoption and success of the HITRUST CSF Assessment and HITRUST CSF Assurance Program, already covering thousands of vendor assessments and thousands more in process, vendors are ensured they can truly achieve “assess once, report many” benefits, unlike other third-party assessment approaches and exchanges.

With HITRUST's ability to engage with a vendor on behalf of multiple organizations, it streamlines the communications and interactions for that vendor by reducing the number of organizations making similar requests and automating the process, making business engagements much more efficient.

About HITRUST

Founded in 2007, the HITRUST Alliance, a not for profit, was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST—in collaboration with public and private healthcare technology, privacy and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring consumer confidence in the organizations that create, store or exchange their information. HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection. For more information, visit www.hitrustalliance.net

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Organizations Achieve Cyber Security Objectives through GITSecure

Plano Texas – May 18, 2017 – GuideIT, a leader in redefining IT, is helping organizations, large and small, combat a growing environment of cyber threats.  These results are achieved across a broad set of industry based organizations.

GITSecure is a blend of consulting and managed services designed for protecting data, systems and people from cyber threats through prevention, mitigation and remediation.  GuideIT’s approach is to mitigate security and compliance risks by deploying customizable “good, better, best” strategies leveraging the right expertise and technology to affordably combat growing cyber threats.  The scalability makes GITSecure an effective solution for both large multi-national and small-to-midsize organizations.

“We are seeing great results supporting our customer’s security requirements reducing risk from cyber security weaknesses and threats,” said Chuck Lyles, president & CEO for GuideIT.  “We are committed to advancing our capabilities and execution to be a market leader in mitigating the ever-changing landscape our customers face.”

Through customer engagements, GuideIT has achieved the following results

:

·       Increased a global travel provider’s threat detection rates, strengthened information flow in support of cyber security processes, and provided employees with direct feedback on potential information leakage risks

·       Created a robust security environment for a provider of multi-specialty clinics and enhanced HIPAA compliance to remediate multiple potential vulnerabilities and secure intellectual property, including penetration testing and advanced threat detection

·       Enhanced a Healthcare payer’s end user device security layer through software roll-out implemented over several locations

·       Assisted a leading pediatric hospital to achieve a HITRUST 2 certification

Lyles added, “Our remediation and prevention solutions are being well received by customers solving compliance related needs.  Protecting our customers’ data is our highest priority.  GITSecure is achieving the results our customers expect”.

More information can be found on the GuideIT website, within the Solutions menu.

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

Do Not be as Strong as your Weakest User. BE STRONGER.

You pick up the paper or watch the news and it has become an all too common occurrence.  What used to surprise us is now sadly routine – breaches of cyber security.  In the early days, these breaches were usually just an annoyance – most simply focused on defacing public facing websites.  Plug the vulnerability, re-upload your homepage, and you were back in business.  Almost seems quaint, now doesn’t it?  Today the stakes are much higher, both from a commercial standpoint and from an international security standpoint as well.

While much of the preventive focus for cyber-security justifiably falls on IT, the role of each and every user is critical as well.  From password security, awareness of social engineering threats, and prudent behavior when it comes to attachments and web-browsing, many enterprises are only as strong as their weakest user.  One of GuideIT’s managed services customers places significant emphasis on the importance of user awareness in their overall cyber-security program, and recently completed a Phishing exercise I thought worth sharing.

To establish a baseline from which to measure the results of an upcoming training program focused on Phishing, every employee was sent an outside email informing them that their email storage quota had been exceeded, and directing them to click an enclosed link to address the issue.  The organization’s Information Security policy dictated that they forward suspicious emails to the GuideIT Service Desk, who would either confirm/deny the authenticity of the email, or open a ticket to the customer’s Security Team for review.

So how’d they do?

·         90 people clicked the link - they failed the test outright.

·         50 people forwarded the note to the Service Desk AFTER clicking on the link, many asking, “Hey the link didn’t work; how can I get more storage??” They also failed the test.

·         40 people forwarded the email to the Service Desk without clicking the link, and identified the email as a potential Phishing attempt – BRAVO!

Obviously no harm came of this exercise. But had the threat been real, the outcome might have been different.  The lesson?  First it’s worth emphasizing that this particular customer has an active IT Security Program using both internal dedicated IT resources, and the assistance of an outside Security vendor to audit and support their efforts.  Yet the majority of people who received the Phishing attempt “took the bait”.  With this particular customer, the next time a user fails a Phishing attempt they will be directed to a mandatory online training module to raise their awareness on the risks of Phishing – a great motivator huh?

The lesson to me is that even with strong internal programs to raise cyber awareness, your work is never done.  And if you don’t have programs in place like this customer, give serious thought to how your organization would perform if put under the same microscope.

Stay tuned; this customer plans additional testing over the course of the year to gauge the effectiveness of their training efforts.  I’ll be sure to provide an update when they do.

Published by: Mark Johnson, Vice President/Business Unit Leader, Commercial, GuideIT

 

Growing Post-Acute Care Organization Partners with GuideIT to Help Redefine IT Environment

May 9, 2017 – Plano, TX - GuideIT, a market leader in redefining the delivery of information technology, today announced it has signed a partnership agreement with Senior Care Centers, a post-acute health and rehabilitation organization with more than 100 locations spanning across Texas and Louisiana that provide skilled nursing, assisted living and memory care services.

Senior Care Centers selected GuideIT to design and implement an enterprise-wide, best-in-class ITIL (Information Technology Infrastructure Technology) Service Desk solution to enhance workflow functionality, achieve targeted operating improvements, and deliver significant cost reductions. The positive business impact reaches throughout clinical, financial, operational and regulatory compliance disciplines.

“Our operational goal is to provide improved services to our caregivers in the field who focus on patient and resident care. Our IT team needed the reporting and analytics and to illustrate overall business improvement across the company.  Our transition and operational plan has already yielded significant improvement,” said John Ragsdale, CIO at Senior Care.

“We had a positive working relationship with John from prior engagements at previous companies. So it was great to hear from him as he explored how he could improve the efficiency and level of support for his current service desk solution,” said Chuck Lyles, CEO at GuideIT. Lyles added, “We look forward to working with John and this premier organization to deliver tangible results while continuing to grow in our relationship.”

GuideIT has created a unique story and formidable performance record in redefining service desk support services including design, implementation, and best practice management. Customers report back results including: better end-user satisfaction, reduced cost, more transparency, and measurable improvement in overall business performance.

ABOUT SENIOR CARE CENTERS

Senior Care Centers believes every patient and resident should be treated with the dignity and respect they deserve while receiving the clinical care that meets their needs. We are committed to providing patients with compassionate care throughout their stay. With over 100 locations across Texas and Louisiana, Senior Care Centers offers a range of skilled nursing services including: short-term rehabilitation, long-term care, assisted living and independent living. The heart of nursing care is here. http://seniorcarecentersltc.com

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

TOP SECRET: Passwords are Like Toothbrushes

Passwords are a perennial security topic. They are half the combination to unlocking everything from our gadgets, social media to your bank account. Why do we resist longer, more complex passwords when that is the most effective way to thwart password hackers?

Many of us have corporate accounts. Some of those are forced to use long, complex, non-repeating passwords. That makes us security professionals happy, but usually does not do the same for everyone else (especially our Moms).  What are the reactions to multi-factor authentication (a second set of security questions or a device on your phone or lanyard that has a new number every minute)? Biometrics? So many of our phones and other gadgets have access to resources, and have a <ahem> handy feature to remember passwords. Yet many of us do not even enable a password, or even a PIN to access those devices.

Several years ago, I heard someone say “Passwords are like toothbrushes. Never share them and change them every few months.” How old is your toothbrush? Your passwords? (I won’t ask if you’ve shared either.) How good is your cybersecurity hygiene? Sadly, more than half of security pros rarely change their social network passwords. 20% percent have never changed them. In other news, social media passwords provide easy route into corporate networks. This ‘security fatigue’ is likely more prevalent in security pros. We are not leading by example.

There’s an app for that! Instead of downloading the latest angry candy game, why not fetch a password app? Several good apps exist to store and manage passwords. Many of those are free. I recently moved my passwords into a new app. My previous one was 20 years old and contained 583 records. It feels refreshing to have my passwords protected by updated encryption. Like that fresh feeling after brushing my teeth. Of course, password apps are not the silver bullet to password issues. They have their own challenges – such as being targets for hacking (although there are no known exploits but that can change in five minutes), or with some password apps, the ability to access your passwords from every device you use.

Choosing better passwords may be more practical for most of us. Weak passwords sacrifice security for convenience. Passwords that are longer, more complex, not re-used across multiple sites EVER, and of course, changed periodically, are a foundation of security. Enabling multi-factor authentication when available is always recommended.

In honor of World Password Day, which is tomorrow, May 4th, let’s all join forces and take the time to freshen our passwords. It will make the world a safer place.

 

Published by: Jon Lee, Security Director, GuideIT

The IT Crossroads for Medium-sized Enterprises

Growth is a wonderful thing.  Growth brings new markets, new opportunities, and rewards for stakeholders in the business.  But with all the excitement growth brings, there’s a reason that you often hear the term “growing pains” creeping into conversations, public or private, among leaders in vibrant medium-sized businesses.

One part of the business that often experiences these growing pains is the information technology (IT) organization.  Businesses that thrive find themselves waking up one morning at a crossroads of sorts.  An IT support model that served them well in the past suddenly becomes at a minimum a source of frustration, and worst case a strategic liability to ongoing operations.  Reaching that crossroad requires action, with typically two clear courses of action.  But before discussing options for navigating this crossroad, let’s take a moment and revisit how you probably got here.

Introducing our Hero

Many IT shops start with “the IT guy”.  In some cases, it’s an existing employee that wears multiple hats; in others, this person is the first IT hire an organization makes.  By necessity, he or she is an IT generalist, capable of tackling the variety of IT challenges facing his internal and external customers.  At some point the needs of the organization begin to stretch the team.  What happens next?  Approval is given to hire another IT employee, often a junior professional to assist our hero.  For some period, all is good.  Our hero gets a short breather, maybe even gets an uninterrupted vacation because there’s someone else to help pick up the slack.  Time marches on, the business continues to grow and two drivers of IT delivery feed on each other:  business demands on IT increase, and over time the IT adds personnel to handle the load.  Sound familiar?

The Coming Storm

For some period, this model works just fine, and the IT team does a laudable job of serving the business.  Eventually however, clouds often begin to form on the horizon.  Like clouds themselves, they can take on many forms.

New leaders join the company and compare the current IT support model to companies they’ve previously worked in of a similar size.  Often they find it lacking.

Other leaders may begin to realize that you’ve increased your IT spend in a manner not tied to an enterprise IT strategy, instead to an evolving state of predominantly reactive behavior.  The return on that investment just doesn’t seem to be there.

End users in the company begin to experience frustration with IT as their support requests seem to languish or go into the proverbial black hole.

People start asking questions about how the business can make best use of newer technologies, and are left uneasy with the answers they receive.

You start to see more and more funding requests consultants and vendors to take on projects the IT staff can’t handle.

Sticking to our weather analogy, these types of clouds make for overcast days, nothing too concerning.  But there are more ominous clouds that invariably follow, clouds that turn an overcast day into an angry storm.  Storm clouds in IT typically form when the needs of the enterprise finally over-whelm the patch-work approach to staffing, strategy and investment that served the business acceptably in years past.  Cracks in a dam that finally break is another apt analogy.

A lack of maturity in IT security leads to a ransomware, malware or worse yet a breach of confidential information.

Application and network outages become more frequent.

The enterprise experiences a substantial hardware or data closet failure, only to find that mission-critical systems and data cannot be recovered in line with expected recovery objectives, if at all.

Pockets of “shadow IT” emerge as confidence in IT lags and business units pursue their own solutions.

As the pressure builds, a key IT team member resigns, and since many IT organizations of your size rarely have the time to invest in proper documentation, years of institutional knowledge walks out the door.

At this point the IT organization has either lost the confidence of the company’s business leaders, or are precariously close to doing so.  Some organizations are fortunate to learn this lesson without a visible public event; some sadly are not as fortunate.  The unexpected transformation from cloudy day to storm is a shame because these are typically great people, the business simply outgrew the IT delivery model that worked just fine a few years back.  Our hero “the IT guy” that served the organization admirably, now struggles to lead a team whose mission has grown in complexity.

Reaching the Crossroad - Brighter Days Ahead

Change is never easy, and few organizational changes come with as much angst and emotion as moving to a different IT support model.  But like it or not, change is required if you’re to avoid future storms.  While there are several ways to tackle this challenge, in its simplest form, that choice comes down to either making additional investment into the largely reactive and inefficient IT delivery model in place today, or considering a partner to deliver some or all those services.  Taking the former approach is an aspirin of sorts, the pain goes away for a while, but is likely to return.  The latter, if you choose wisely, gives you an opportunity to take what is not a core competency of your business, and entrust it to a carefully selected partner whose core competency is in fact IT Services.  A partner with the tools, expertise, methodologies, and leadership that the complexity of today’s technology landscape demands.  Couple that expertise with a passionate desire to serve and you can expect sunny days ahead.  Want the good news?  Because of the inefficiencies inherent in the model you may be operating under today, you might be pleasantly surprised at the affordability of engaging a partner compared to what you’re spending on IT today.  If you’ve got clouds on your horizon, or want to avoid them in the first place, we’d love to visit with you.  GuideIT.  IT Redefined.

Published by: Mark Johnson, Vice President/Business Unit Leader, Commercial, GuideIT

 

 

GuideIT Launches GITSecure

Proven Customer Results in Cyber Security Serve As Springboard To Formalize Solution Suite

Plano Texas – April 20, 2017 – GuideIT, a leader in redefining the delivery of information technology, today announced the formal release of its cyber security suite of solutions, branded GITSecure. GITSecure, a blend of consulting and managed services, is designed for protecting data, systems and people from cyber threats through prevention, mitigation and remediation.

“The majority of executive leaders are already expanding their approach to cyber security,” said Chuck Lyles, CEO of GuideIT. “Since our founding, companies large and small have relied on us to achieve their cyber security objectives. GITSecure provides a fresh balance in affordability and depth to help current and future customers achieve a more secure cyber envrionment.”

The approach is to mitigate security and compliance risks by deploying customizable “good, better, best” strategies leveraging the right expertise and technology to affordably combat growing cyber threats. Through GITSecure, GuideIT customers have already realized protection against intrusions, malware and data loss, achieved security certifications, and implemented data life-cycle management solutions.

Lyles added, “cyber security is not just an IT priority. It’s a strategic imperative. It is no longer optional to have the appropriate solutions to manage these environments.  GITSecure is a path to combating the cyber threats that are a part of everyday business.  These affordable, best-in-class solutions are making great strides with customers.”

More information can be found on the GuideIT website, within the Solutions menu.

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever-changing, often making it difficult to manage as an asset. Because of this complexity, many business leaders find themselves in need of advisors they can trust...people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. Visit guideit.com.

 

Media Contact

Peter Snell

214.810.6207

psnell@illumeture.com

National Financial Services Company Experiences $5 Million Annual Savings Through Technology Optimization Project Led By GuideIT

Plano, TX – April 6, 2017 - GuideIT, a market leader in redefining the delivery of information technology, today announced the completion of a successful two-year project leading a complete technology optimization, from an aging legacy architecture to an efficient, scalable environment for a national financial services company.

The company faced some difficult challenges with their legacy IT environment that, if left unchanged, would threaten enterprise-wide operations. Those challenges included poor visibility into their outsourced IT environment and internal limitations in resource bandwidth and experience to execute a separation of IT services.

The primary objective of this engagement was to solve those difficulties with a best practice IT environment to achieve long term reliability, operational efficiency, cost reduction, and cost avoidance with respect to technology-related compliance requirements fueled by regulatory oversight. Key project milestones included the separation of IT service and data centers from an incumbent service provider, implementation of Office 365, and implementation of security operations.

Engaging GuideIT led to tangible results including building a global IT support and engineering services team supporting greater than 12,000 users, prioritizing and migrating more than 125 applications across 500+ servers, and $5 million in annual cost savings. Also, they are now a few simple steps from eliminating millions in regulatory compliance costs.

“This engagement was a business-enabling initiative that met strategic, operational and financial objectives,” said Mark Johnson, Vice President, Commercial, for GuideIT.  “As a results-oriented organization, we’ve helped financial services organizations, large and small, achieve their technology-oriented business objectives."

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com

 

Media Contact
Peter Snell
psnell@illumeture.com
214.810.6207

 

 

 

 

The Value of ACO’s Sharing IT Services

If you are a provider or payer of healthcare services, have you ever asked yourself if it is more advantageous for your organization to move towards outsourcing or shared services? And, which is better adapted to handle the shift from volume-based payments to value-based purchasing? Maybe so…but most likely not.

As you know, the American healthcare system is currently in the midst of a dramatic reorganization. Today, as providers across the country are gaining experience with new approaches on the renewed focus of a “shared services model,” we have new reasons to believe that we can reduce unnecessary healthcare costs while maintaining and improving quality and access through the practice of sharing IT services.

“Shared services is taking the benefits of a large health care system and sharing those efficiencies and best practices with other organizations. It’s putting competition aside and creating partnerships to provide high-quality care that is more affordable, which may also lead to opportunities to work even more closely together in the future.”
–Curt Shaw, Vice President of Finance and Shared Services, Novant Health

In the traditional fee-for-service model, providers bill and are paid for services rendered, and the payer takes on the full risk of the costs of care. Value-based contracts and programs are establishing a different paradigm for the relationship between healthcare providers and whoever is paying for healthcare services. For instance, under value-based contracts, the provider bears some degree of accountability for a patient’s total cost of care. Under these arrangements, providers must manage costs, report on quality metrics, and achieve improved outcomes. In exchange, providers receive some portion of their compensation under an alternative arrangement.

Many healthcare professionals debate whether these accountable care approaches will be successful in reducing healthcare costs. The most common area of concern is about whether providers have access to the health information technology infrastructure needed to support the more complex business information systems. This includes business intelligence, analytics, and database and systems management tools, which indicates that large investments are continuing to be made in the technology infrastructure needed to compete in this new paradigm.

The truth of the matter is, when it comes to having access to healthcare information technology, valuable insights to analytics and your database and systems is a game-changer. Measurement of health outcomes, for providers and patients, is a core capability for accountable care organizations. The readiness of providers to adopt the health IT “shared services model” is critical for spreading knowledge, measuring results and increasing profitability.

Enhanced efforts and support is also needed from government to advance the success of ACO’s through effective health IT strategies around shared services. At both federal and state levels, governments must balance appropriate incentives that help to spur innovation in the use of health IT.

Adoption of new health technology models will not drive the transition to value-based payment alone—the success of the delivery of new “shared services” models will ultimately rely on providers and patients working together to achieve better health outcomes through a more efficient, patient- centric delivery system. Yet evolving technology solutions, driven by increasingly robust stakeholder demand, will continue to be a crucial element for realizing and achieving this vision.

Population Health Management Firm Gains Path to IT Modernization and Greater Efficiency

GuideIT announced the completion of an enterprise assessment roadmap for a Population Health management company focused on technology modernization, applications enhancement, and greater efficiency through automation.

The company achieved a path for aligning technology to the business strategy within context of relevant risk and tactical capabilities. GuideIT was chosen because of its experience in helping organizations optimize technology in its 360-degree enterprise assessment, a model centered on calibrating desired outcomes to available resources and tools.

“Our customer now has an executable roadmap for supporting their business priorities with optimized technology objectives,” said Jeff Smith, Vice President, Healthcare for GuideIT, “The enterprise assessment enables a holistic perspective for identifying the root causes behind technology pain points, while ensuring the IT environment is a business-building asset." 

This is the second initiative the two companies have collaborated on during the past six months. GuideIT is currently engaged in project management efforts as well.

ABOUT GUIDEIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us.

GuideIT Ranks 9th in the 2016 SMU Dallas 100

Annual Entrepreneurship Awards Honor the Region’s Fastest-Growing Private Companies

Plano, TX —December 6, 2016 — GuideIT, a company focused on optimizing technology investments in applications and infrastructure for mid market healthcare companies, today announced it has been ranked #9 among the 100 fastest-growing privately held companies in Dallas by Southern Methodist University’s Cox School of Business in the 26th Annual Dallas 100 Awards.

This is the first year GuideIT has been recognized in the Dallas 100 program, which was co-founded by SMU Cox and the Caruth Institute for Entrepreneurship to honor the “unsung heroes of our economy”: the entrepreneurs who build businesses and create jobs, but often go unrecognized. GuideIT earned the honor for exceptional growth, its system of values and meeting other criteria.

“We are honored to be recognized as part of this prestigious program. We must tip our hat to our customers who have really made it possible to even be considered.”

“We are honored to be recognized as part of this prestigious program. We must tip our hat to our customers who have really made it possible to even be considered. They have entrusted us with tremendous responsibility in optimizing, often managing their technology assets to better enable their business priorities,” said GuideIT CEO Chuck Lyles.

GuideIT team members attended a celebration dinner event Tuesday, November 28th at the Omni Dallas Hotel. Additionally, Chuck Lyles was interviewed in a featured story published by the Dallas Business Journal. Read it here: https://www.bizjournals.com/dallas/news/2016/12/01/guideit-dallas-100.amp.html

About GuideIT

While technology is critical for every business, it’s also complex and ever-changing, often making it difficult to manage as an asset. Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us.

Media Contact

Peter Snell
psnell@illumeture.com
214.810.6207

A Truly Integrated Approach to Health Information Processing Could Provide a ~500% ROI

If you are like me and you read something like this first thing in the morning you would probably choke on your coffee forcing back the laughter! However, the digital transformation in health care is taking place today, and the pace of change is quickening. More and more location-based data in population health is being leveraged, mobility is being employed as a physician economic behavior modification tool to support shared savings, pay for performance and risk contracts, and lastly sensor data is making its debut! This digital transformation is an incredible shift for a market that has historically focused a good portion of its financial and human resources on the traditional implementation of electronic health records and health information exchanges to support meaningful use. This new effort to digitally transform healthcare is going to require new business models, architecture shifts and most difficult of all a cultural shift away from the traditional information technology mindset.

No matter if the ROI in a new integration strategy is 500% or 75% the justification for healthcare to move away from traditional models of doing it yourself interfacing to integration as a service makes more sense now than any other time in history. The need to integrate more trading partners such as physicians and post-acute care networks, reduce the number of FTE's working on integration, eradicate application downtime due to interface needs and, improve performance and cost over legacy middleware solutions are all large contributors to the ROI on a platform service solution for integration. This type of integration need does not support the single dimensional legacy interface technologies or the project based approaches to delivering integration performance. Health care has to embrace smart built, intelligence based, consumer quality, rapid innovations that completely redefine how providers, payers and consumers of medical care communicate. This permanently changes the integration landscape from point to point communications to the real inclusion of all functions required creating one pane of glass for all integration services on one platform as a service offering.

At a minimum, this single pane of glass for integration should consist of service and micro-service API layer, machine learning and in-memory associative data construct, natural language processing, business process management, event management, rules for stateful and stateless models, and a visualization layer for streaming, static and, mashup analytics. So this description begs the question as to why you need all this technology to interface two applications? The answer would be simple; you don't. But that is not what we are suggesting either. The key to true interoperability in health care is less about moving data from one container to another and more about doing stuff with data as soon as it becomes available versus waiting for a traditional database to acquire, prepare and, transform the data for a retrospective view. The importance of this is analogous to flying a commercial airliner on air traffic controller and weather information that is minutes’ old! I don’t know about you, but at 18,000 feet in the middle of summer flying through stormy weather while trying to land at Newark International Airport in New Jersey, I want that pilot to have up to the Nanosecond information with the intelligence added to provide only the information that the pilot needs to help land that aircraft safely! The pilot does not need the weather for JFK and LaGuardia just the information for Newark so adding that intelligence around information processing is critical to landing the plane. So why are patient care and the business of running a medical organization any less important? Lives are at stake, any mistake can be devastating, and it requires the aggregation and presentation of information from a myriad of sources in one easy to use a single pane of glass for the pilot to perform his/her job safely which is no different from a physician or care provider.

So how can the claim be made that a competent interoperability strategy can provide a ~500% return on investment? It is not trivial but relatively straight forward. It does, however, require health care enterprises of all sizes to change their perspective on integration and move away from in-house solutions over time to an integration as a service model. This is counterintuitive to the usual thought process that occurs in any size healthcare enterprise but a shift that is none the less critical to reducing IT spend and rationalizing application portfolios to right size the information assets the organization in question maintains. For the healthcare enterprise to re-balance the cycle of innovation to meet the demands of a consumer grade, intelligence driven, risk bearing, and agile business, this is no longer a question of "IF" but how fast can we get there! To attain any level of hard dollar ROI in healthcare, we have to start thinking about integration as a way to optimize and innovate our environment leveraging existing investments in EHR and population health tools and completely automating creative integration processes.

Focusing our integration efforts on creating reusable assets that provide a single pane of glass “interface” to the internal and external information sources required to operate the healthcare enterprise is the first step. Moving away from traditional interface techniques over time to simple Micro-Service based components that can be easily assembled to reduce the overall development lifecycle and go to market exponentially faster than conventional methods. Redirect current IT resources toward innovative solution versus commodity based interface work. Reduce linear processing associated with traditional interface environments which will reduce hardware costs over time. Decouple integration logic from applications creating a lighter more agile integration leveraging cloud and intelligent devices to propagate information immediately where and when it is needed for a particular purpose. As healthcare enterprises continue to add new tools to their IT architectures and depend more and more on cloud-based solutions with mobility as part of the equation, it becomes critical to achieving real interoperability as efficiently between distributed information sources.

So how does this answer the ridiculous ROI claim? Simple! The healthcare enterprise can integrate more information sources and applications faster with the intelligence built in to deliver fast and relevant data with fewer human resources and reuse those integration services over and over in the future. This speeds the time to integration, reduces required staff, drives higher productivity, reduces downtime, reduces hardware and software costs versus traditional methods. The ROI period is dependent on the individual organization and the aggressiveness with which they convert their current portfolio of integration point and applications. If the enterprise chooses to outsource this function including infrastructure to a cloud-based vendor the time to return on investment can be compressed dramatically. The methodology to measure the actual return and benefit should be documented and set forth with either cloud or on premise approaches and has to be benchmarked against current performance.

Steps should include savings from the reduction of:

  • Staff
  • Hardware
  • Maintenance
  • Support

And improvements in:

  • Productivity
  • Revenue
  • Shift from maintenance to innovation
  • Shift from CAPEX to OPEX

Based on this focus the estimated payback should be targeted for 36 months again depending on the size and complexity of the enterprise.

ROI calculations should be targeted for the following measures:

  • Net present value based on three-year investment based on the original sum with a 10-15% return to account for missed opportunity cost. This provides support for the cost of capital and internal rate of performance.
  • “Information Downtime” is the number of hours/days that critical information for application features and functions to operate is unavailable multiplied by the number of users/clinicians affected.
  • Productivity loss calculated as salary burden multiplied by application unavailable and or information downtime
  • Revenue opportunity loss is the information downtime multiplied by the average revenue per hour
  • Revenue loss/opportunity is defined as the data downtime impact on the end user's productivity/impairment

Calculations of user productivity and lost revenue opportunity are somewhat subjective so every enterprise should choose a reasonable fraction of the number derived in the ROI exercise to apply to their final savings estimate. Also, ROI should be calculated starting the first full month after implementation of the new integration architecture.

The pressure on the healthcare enterprise large or small to use ever increasingly complex clinical and business applications is only going to increase. With that comes the need to integrate efficiently the myriad of data sources required to support the trade and clinical processes for which those technologies are purchased. As healthcare enterprises become more and more dependent on these applications to support at risk models of contracting and care the achievement of interoperability in an expedient and efficient manner is outpacing the ability for organizations to survive in a do it yourself model. Add to this the desire and need to engage through a mobile channel, have self-service analytics and appropriate business and clinical alerts and the reasonable approach to the required interoperability is to partner with a reputable cloud vendor who can remove this burden entirely.

Healthcare Organizations Achieve Business Objectives with GuideIT Applications Services

Plano Texas - November 1, 2016: GuideIT, a market leader in healthcare technology solutions, is experiencing rapid growth in applications services centered on the market imperatives of improving quality and reducing cost.

GuideIT has invested in talent and tools focused on application technology for a growing community of healthcare customers. The GuideIT applications team has already executed on multiple projects. Applications revenue has expanded to 9% of total revenue and is expected to approach 15% by year-end.

“Customers have achieved substantial business results with our applications solutions. These results tell great stories that other prospective customers can relate to,” said Chuck Lyles, President and CEO of GuideIT. “Our customers have grown to trust in us from both a tactical and strategic perspective with their application-related needs. That’s why we are experiencing demand and growth in applications.”

The applications services suite includes development, integration, analytics, and data visualization. Blending deep experience in healthcare technology with focused investments, GuideIT is focused on two healthcare market segments. One segment is represented by providers of care including not-for-profit health systems, regional hospitals, physician groups, and Accountable Care Organizations (ACOs). The other segment is represented by companies serving providers of care and their patients such as payers, and healthcare products and services companies.

Recent results include improvement in readmission rates and length of stay through real time, event driven insights for health systems and ACOs, the reduction of cost in clinical support through application support services for a not-for-profit health system, and better consumer engagement with the completion of an application development platform for a healthcare services organization.

Lyles added, “We are firmly committed to building solutions that address key market imperatives. After years of significant IT investment across the industry, a foundation has been set to leverage the incredible amount of data being captured. GuideIT is playing a pivotal role in providers achieving better care at a lower cost.”

About GuideIT

While technology is critical for every business, it’s also complex and ever-changing, often making it difficult to manage as an asset. Because of this complexity, many business leaders find themselves in need of advisors they can trust...people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us.

Media Contact

Peter Snell
peter.snell@guideit.com
214.810.6207

What You Don’t Know About Your Data Can Cost You

Do not give your data to a healthcare IT vendor just to be handed back your information with a beautiful wrapper.

The idea of semantic integration sits at the intersection of traditional interface technologies and the confluence of some technological trends now shaking the healthcare IT the world, including the cloud, the Internet of Things, big data, data lakes, analytics and mobile interaction. The key strategies for healthcare improvement and value-based contracting all rely heavily on the competent and accurate high-speed integration of disparate information from all types of sources. However, simple integration and patient information matching is not the entire story when you consider all of the requirements to deliver quality and reduce costs moving to an at-risk environment. It is more about creating a dynamic structural and semantic homogeneity among the myriad of sources of patient information and delivering to the point of care and or any interaction with a patient clear, concise picture of that individual’s status. To achieve this panacea, it requires a very simple event model (SEM) approach integrated to a clinical event model (CEM) supported by ontologies that can mitigate the challenges of semantic and syntactic incongruities healthcare information technology professionals, and clinicians face every day.

In recent posts I detailed how using machine learning to build semantic models for matching patient data from disparate systems is far and away superior to traditional methods that rely on deterministic and probabilistic algorithms in database systems. Once that data is matched and the "DNA" of that match is stored for future reference if the target organization desires to store the raw data for analysis and population health exploits we take a step back by approaching that persistence using traditional hierarchical data models. Instead of data models, the use of formal descriptions of terms within the data and the relationships those have within provided a more ontological approach to overcoming the challenges of storing semantically correct information about a person, patient, physician, etc. This idea sounds like a foreign concept for healthcare professionals, but it is more prevalent than you may recognize. Let’s simplify the concept a bit as we explore this promising approach to data persistence and use.

Consider the manner in which we classify items in our everyday lives according to their use or domain. A card to a network engineer means something totally different than a technology sales person. The network engineer considers the term “card” and associates that as a network interface card and the technology salesperson thinks of a card regarding a business card for a prospect. However, when we apply a “Domain Ontology” to the word “card” the definition of the concept becomes associated with a particular "world." Granular meaning is then applied from the domain to create an associative model that allows for additional concepts like network cable, router, and server to be freely associated with the concept of a card in the IT domain. In healthcare, we have many domains, especially from the clinical perspective. Consider for a moment the concept of “Shunt” and what that concept means to a general surgeon versus a neurosurgeon. While both may operate on a child to place a VP Shunt the anatomy and definition of the successful outcome will be same and different at the same time. The neurosurgeons will operate on the patient's cranium to place the shunt and the general surgeon will operate on the patient's abdomen to place the distal end of the shunt. Both will share the "concept" of success as draining of the CSF fluid from the brain to the abdomen. The neurosurgeon, however, has different concepts of the success of the procedure being the relief of fluid pressure on the brain and the general surgeon may have concepts on a successful placement of the distal end of the shunt in the patient abdomen. This is perhaps an over-simplification, but this example represents well thecomplexities of merged domains which have created many of the silos and information rationalization challenges on aggregating information sources to support population health and big data analytics in healthcare.

The persistence of information from many sources has to be a learning process that is close to 100% automated in the creation of ontologies, including the extraction of a domain's terms and logic from the information source. Today much of the data warehouse and big data efforts in healthcare are bound by manually, extremely labor-intensive and, time-consuming efforts to build data models with hierarchical structures all of which are quite possibly unnecessary. Information extraction and mining methods should automatically link ontologies to documents, data, sources e.g. in a context using an extendable conceptual data modeling language. Today this is frequently done in the field of engineering where concepts, domains, and context are equally if not more complex than healthcare. By creating the domain, specific knowledge extracted from the data sources this automatically provides the semantic modeling of the different data as a byproduct of the methodologies in this area of data persistence disciplines. Using this type of discipline is intended to express "facts," "answers" and or "statements" about the domains and the data consumed in an easy, natural language and understandable format. For example, in the preceding healthcare example, the complete, unambiguous consumption of clinical processes data and information, business processes data and information, resource consumption, to build a performance view of quality metrics, financial performance, and contractual viability in an extremely IT system-diverse environment is possible in this discipline. Once in the learning data model, the learned concepts can be easily presented in an interpretable and language independent fashion such as SQL or OWL (The Web Ontology Language). In less than half the time it would take to use traditional techniques of data modeling and hierarchical structure creation.

Semantic integration of heterogeneous information is a time-consuming effort that is overcomplicated by the massive application portfolios of healthcare delivery systems and is proving to be the rate limiting factor in advancing the volume to value shift in the market. By leveraging the way that humans associate information coupled with the event models and the automated ontological data persistence approach the complexity and cost of the big data challenge become manageable. Reducing the technical expertise to query the information stored in this model increases the access to more information, closer to real-time with an infinite number of correlations unobtainable in the older traditional approaches. There is a large body of research and successful projects in healthcare to support the movement of technology away from traditional models to a high velocity, semantic integration strategy with an associative based data persistence layer as outlined here in this blog post. The ability to rapidly explore patterns in both streaming and persisted data using the same methodology for both allows for the expedited discovery of patterns within the data that provide for proactive, personalized delivery of care at a significantly lower cost.

 

Don’t Be Fooled by The Promise of Analytics

Matching patient data is less about moving data from one database to another and more about light weight technologies that do not require duplication of data. Most technology vendor organizations, new or mature seem to lead with flashy dashboards and promises of integration through the use of a duplicative database. While many of these solutions can play an integral part in the overall architecture strategy for any size healthcare organization, it is important to start out with a core information processing strategy as the base building block for all other applications the enterprise will need for population health or any other endeavor.

I recently spent some time with a large healthcare enterprise that boasted over eighty different population health and analytics tools across their enterprise. That’s not to say that one product could meet the requirements that drove this application portfolio nightmare but the sheer science of numbers dictates that for some 3 million patients the system was caring for, they more than likely did not require 80 different software tools to manage their patients. Now imagine the patient record matching across those systems! As part of the exercise to rationalize patient identification across an enterprise,  new market entrants are using terms such as Machine Learning, Data Lakes, and Automation which are all good terms for healthcare CIO’s to learn, but that doesn’t really mean anything when all you need to do is match claims data to membership files to EMR data.

When considering moving data to yet another platform to solve the same problem that several other systems were purchased to resolve, it becomes obvious that what did not work before, is not going to change and suddenly solve the problem. Resolving patient identities across structured, unstructured, and transaction data should not require the creation of another database! As far as machine learning and advanced data matching algorithms are concerned, these are good as long as you are not outsourcing to a company that boasts hundreds of data scientist who will manage this for you.

The truth of the matter is when it comes to combining information the way value-based healthcare is dictating, one product is not going to resolve your data challenges. In order to economically survive without overburdening an already stressed IT budget or adding yet another layer to the information architecture, a different approach should be considered. Instead of brute force matching data or duplicating data into a data warehouse, the new health care model needs an answer for real-time and retrospective information services. Patient identities should be matched on the fly at 99% level or above even if some of the data is sourced from a PDF or Excel Spread Sheet. The analytics should not be just canned KPI’s and views only, but a mix of analysis tools to serve the casual business user and the advanced data analyst.

iVelociti leverages a component driven architecture that allows the healthcare enterprise to focus on solving the problems they need to focus on the capability of growth into all areas of their business and clinical needs. Instead of focusing on ACO measures, HEDIS or at-risk contract metrics, iVelociti focuses on both clinical and financial metrics that can differ intra and extra enterprise. Implementation to utilization is weeks, not months or even years, and does not encumber already constrained IT resources. Different from traditional database focused solutions iVelociti uses computers to match patient information from any source up to a 99% level consistently, the same way the human brain works to match or associate information. Because the system uses computer processing to “stack” the power of computer processing, millions of records per second can be matched to various data sources.

That is only part of the process, what happens to the newly enriched and matched data?

This is where iVelociti changes the game! The platform provides all the components needed for true business process management and workflow above the application layer, allowing the business to easily define, implement, analyze and change workflow without IT or a single line of computer code or database scripting. This interacts with the event processing capabilities of the platform and empowers healthcare organizations to identify meaningful workflow patterns andreal-time workflow changes. Add to this an integration layer used every day by 9 out of the top ten global banking systems, four out of the top five global airlines and over 500 health care enterprises around the United States.

The iVelociti difference focuses on integration, rules and workflow, event processing and visualizations. As you would expect, the visualizations are best in class. Designed with pre-configured dashboards and KPIs for all your traditional measures and metrics the iVelociti capabilities also provide more advanced features. Imagine being able to publish complex analysis and performance tracking for your ACO or Clinically Integrated Network customized to your needs. Campaigns and chase strategies are all supported and can be published to your secure personal web environment, integrated into an existing environment or applications as well as mobile environments as needed.

For more information, please contact, Frank Avignone at Frank.Avignone@guideit.com or visit www.guideit.com/i-velociti.

Rapidly Growing Investment Management Firm to Enhance Technology Infrastructure Through GuideIT Managed Services

Plano, TX – October 13, 2016 – GuideIT today announced that it has signed a three-year contract with a rapidly growing investment management company to deploy and operate a secure technology infrastructure.

With safeguarding sensitive information a major priority, GuideIT will design and implement an enterprise-wide network and security infrastructure, while deploying a complementary end user solution.

“Our solutions are designed to address critical customer priorities,” said Mark Johnson, Vice President, Managed Services for GuideIT.  “With our background in financial services and leveraging our nimble and flexible approach, we are able to bring enterprise-class solutions to businesses of all sizes.”

About GuideIT

While technology is critical for every business, it’s also complex and ever-changing, often making it difficult to manage as an asset. Because of this complexity, many business leaders find themselves in need of advisors they can trust...people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us.

Media Contact

Peter Snell
peter.snell@guideit.com
214.810.6207

The Largest Threat to Patient Safety is Not Medical Errors, it’s the Patient Record

Earlier this week a Wall Street Journal article cited a recent ECRI Institute study which analyzed 7,613 cases of patient identity errors which highlighted the challenges of patient identification across today’s health care organizations.  The review discovered that 13% of identification occurred during registration.  Despite the widespread adoption of electronic medical record (EMR) systems, new integration techniques, and innovative technical advances to avoid medical errors, problems of record matching continue to be a major challenge for healthcare organizations.  This issue is exasperated by the multitude of systems involved in a patient’s continuum of care.

There are plenty of solutions in the market that have had varying levels of success. The standard of accuracy is often measured subjectively driven by the vendors of the various EMR applications.  Solutions ranging from Enterprise Master Patient Indexes to advanced mathematical, computational models such as probabilistic and deterministic exist for the IT leadership of any given health care organization to choose.  Having worked in healthcare IT for more than 30 years, I can say that I am no data scientist and do not have an advanced degree in statistical mechanics, does your staff?

The fact remains that in this new era of healthcare, IT organizations have to change, and you are being challenged more and more to solve problems that you depended on your vendors of the core systems you purchased to address.  Today the CIO and CTO have to be as concerned about mismatched medical records, medical errors and privacy breaches stemming from those records as much as in-house counsel or the Chief Medical Officer.  For a moment let's forget the different studies that claim as high as 13% to 17% of mismatched records in the current dialogue and answer the question.  "Can you continue to run your healthcare organization with the increased complexity of electronic systems perpetuating the mismatched data across an organization that will soon have not only EMR data and Claims data but Genomic data to deal with?”

A rhetorical question shamelessly offered so, this author can talk about an alternative approach to addressing this growing issue. The answer? To address the challenge of competently integrating data across sources from systems complex as electronic medical records, population health, claim systems and analytics you need more than just technology, you are going to need a good partner.

“Healthcare IT departments of all sizes are stretched to their limits supporting the numerous complex electronic systems.  None of these products work well unless there is a source of truth (SoT) that works for the enterprise, not for a specific vendor.  This SoT must make record matches in the 99.99% range across all data sources over time and not duplicate data in yet another data store that IT has to support and maintain.  The solution should be light weight and not require a long drawn out implementation including strenuous mapping exercises and significant hardware commitments or new data center instances.  This solution must perform on real-time data with sub-second responses across all data source as patients engage the health system.  Lastly and most important this solution has to clean, match and maintain all legacy data at a cost that provides economic value.

Introducing GuideIT’s “iVelociti”, the most advanced integration solution with a unified record match that in real-time aggregates a single patient view from diverse sources of information.  This is a complete integration technology that provides an interoperability platform including a record by record monitoring, management, and support by real technicians right here in the United States.  iVelociti uses the same technology employed by California scientists and researchers to access the world’s largest research-ready Biobank, one of the most comprehensive sources of genetic information.  iVelociti has been implemented at one of the largest health systems in the country and has proven this technology can match sources of information ranging from any health plan files, HL-7 and EMR data to a single view in real-time and then remembers that patient's "Data DNA" for future matching without having to store the records or duplicate data.  What is a patient’s Data DNA?  Much like a patients Genome data from different sources contains unique patterns that differentiate one individual from another.  iVelociti recognizes these discrete patterns and catalogs them including what source the data came from and commits it to memory.  This unique approach allows the iVelociti platform to recognize information from existing integration points and new data from systems that have never been connected before and match information in real-time at rates exceeding 99%.”

The solution is a combination of technologies from one of the world's most comprehensive integration platforms and healthcare.  iVelociti is a turnkey service that offers, not only highly efficient data matching, but service based integration, data management, real-time event processing and the support and monitoring to remove the burden from your IT department.  If your healthcare enterprise or software development organization is looking for a solution to match different data in real-time, integrate systems across a complex IT environment and have peace of mind that seasoned IT professionals are managing and maintaining the platform for pennies per record, iVelociti is the solution for your organization.

For more information, please contact, Frank Avignone at Frank.Avignone@guideit.com or visit www.guideit.com/i-velociti.

Information Security Advocacy Organization Improves Customer Experience Using App Solution Engineered by GuideIT

Plano, TX – September 22, 2016 – A company advocating for Information Security best practices desired to upgrade their customer portal and related applications. After considering internal and external options, they selected GuideIT to engineer a replacement of integrated applications.

“The previous technology had aged to the point where the customer experience was in decline and the back-end management of the portal was overly burdensome,” said Frank Avignone, Practice Leader for GuideIT. “Demand grows quickly, pushing technology to adapt or be replaced. It happens in every business. Fortunately, our customer recognized the situation for what it was and committed to making the right investment for their customers.”

The GuideIT application development team first performed a business priority assessment and a technology gap analysis. Secondly, they engaged in designing custom applications focused on meeting the business priorities, the top of which would be a better customer experience.

A unique element to this project was the designed flexibility inherent in the new application solution. “We designed the new applications to be scalable and flexible to ensure a better long-term solution for a company with demands that project to increase exponentially,” said Avignone. “That’s the difference between building software and creating a solution. Not only do their customers have a better experience today, the company is now prepared to ensure the same for the long future ahead.”

With the new application solution live, the organization selected to extend and expand it’s relationship with GuideIT in key areas of infrastructure technology and service. This additional work is an effort to accelerate the proactive preparation for future technology demands aligning technology to the broader business priorities.

 

About GuideIT

While technology is critical for every business, it’s also complex and ever-changing, often making it difficult to manage as an asset. Because of this complexity, many business leaders find themselves in need of advisors they can trust...people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us.

 

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

Oil and Gas Data Company Reaps Big Gains in Critical IT Infrastructure Measures

Plano, Texas – August 18, 2016 – GuideIT announced today the completion of a major long-term project focused on stabilizing IT infrastructure and implementing best practices for a leading oil and gas data company.

Utilizing its proprietary offering gAssess, GuideIT was initially engaged to assess the customer’s IT infrastructure and team and make recommendations. The data company had no formal IT strategy, nor could it demonstrate a clear line of support for the business needs of the organization. IT employee turnover was high, critical projects suffered multiple delays, and the impact reached all the way to their customers.

Following the assessment, GuideIT was tasked with implementing a remediation program that included new leadership and a metrics-driven strategy supporting business priorities. The results included a reduction in IT employee turnover exceeding 75% to zero across approximately 12 months, a 65% reduction in system outages, and the completion of multiple critical projects that had previously be stalled. Additionally, GuideIT delivered critical best practice programs including a Disaster Recovery Plan.

“There is a lot to be excited about with the results the customer achieved by the end of this project,” said Deana Eiland, Transformation Leader for GuideIT. “They are now positioned to better serve their customers through an IT infrastructure and support team focused on the business priorities.”

 

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

 

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

 

Chemical Engineering Firm Hires GuideIT to Open a Path to Interoperability, Better Visibility to Data

Plano, TX - August 3, 2016 - GuideIT today announced that it has signed a contract to provide application consulting services utilizing its IREV information interoperability approach. Businesses using IREV unlock information in disparate systems and are able to apply business rules to achieve information-based outcomes.

With a redesign in its IT architecture and the roll-out of an integration platform, the chemical engineering firm will have the opportunity to reduce cost by rationalizing applications and increasing inter-application data flow.  GuideIT will also build a series of operational and sales visualizations to support the customer’s business objectives.

“Challenges with interoperability across technologies often stall and sometimes prevent the achievement of critical business objectives”, said Frank Avignone, Senior Director for IT Interoperability & Analytics. “Those challenges can now be overcome with a strong set of offerings based upon integration, rules and workflow, event processing and visualizations. We are pleased to have the opportunity to deliver on recommendations identified during our technology assessment.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

Pediatric Hospital to Benefit From GuideIT Demand-Flexible Infrastructure Services

Plano, TX - June 9, 2016 - GuideIT today announced that it has entered into an agreement to provide end user infrastructure services for a prestigious pediatric hospital.

The varying nature of business initiatives and project requirements create a demand for quickly scalable infrastructure support resources. This pediatric hospital can now upgrade its end user devices to enable a new applications environment and respond to variable help desk requirements. This was made possible by using the GuideIT Flexsource approach.

“Given their project initiatives, our customer needed help to bridge a resource intensive time period,” said Jeff Smith, Vice President, Central Region, for GuideIT. “Our flexibility and rapid response approach is helping them to effectively respond to the resource requirements of change."

 

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

GuideIT Expands Relationship With a Leading Emergency Care Solution Provider

Plano, Texas – May 25, 2016 – GuideIT today announced it has won a new contract to provide customer-facing applications customer care services for a leading provider of emergency care technology solutions.

This is the fifth engagement the two companies have undertaken together. Beginning with an enterprise technology assessment that provided a holistic view of the company’s IT function and identified several critical business objectives, the two companies have worked together to reduce the IT operations cost, while increasing quality and reducing exposure points.

“We are honored to have the opportunity to serve this great customer in an expanded way,” said Jeff Smith, Vice President for GuideIT. “Our drive to deliver measurable customer results combined with our flexible approach enables customers to implement change at the pace and using the methods they are most comfortable with. This was critical to our customer being comfortable implementing the scale of change necessary to achieve their IT objectives.”

 

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

 

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

Leader in Emergency Care Solutions Taps GuideIT Achieving Immediate Savings and Scalability in IT

Plano, Texas – May 12, 2016 – GuideIT announced today an agreement that reduced IT spend approximately 28% annually in the management of IT operations for a leading provider of emergency care solutions. Additionally, customer satisfaction scores have already improved while risk has been mitigated through multiple technology upgrades.

GuideIT was initially engaged to perform a gAssess for the company, a service in which every aspect of an IT department is assessed and, as applicable, a remediation roadmap is delivered. Upon completion of the gAssess, the company's executive leadership team chose GuideIT to execute on the roadmap. That roadmap began with project work, a customized gAssure solution (focusing on data backup), and eventually a complete sourcing of IT management and operations to GuideIT.

“Optimization of technology, from a practical perspective, can mean different things to different people. Yet in most cases, it comes down to helping people align their teams and technology to the business strategy,” said Jeff Smith, Vice President, Central for GuideIT. “It’s been an honor to share in that journey with this team. We look forward to continued service and support of our customer’s growth.”

 

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

 

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

GuideIT Delivers gAssure for Data-intensive Professional Services Firm

Plano, Texas – May 5, 2016 - GuideIT announced today delivery of a gAssure solution for a data-intensive professional services firm. Leveraging gAssure, the customer gains robust automated backup capabilities mitigating risks associated with catastrophic loss of data. gAssure addresses and automates the standard failure points experienced with data backup, helps ensure compliance with Recovery Time Objectives and Recovery Point Objectives, while the data resides on the most cost-effective platform.

gAssure is available on encrypted and unencrypted platforms across three deployment models: monthly subscription service, hosted dedicated solution, or as a bundled purchase.

“Data protection, reliability, and recovery continues to be a top priority among CIO’s today,” said Mark Johnson, Vice President, Managed Services for GuideIT.  “Our gAssure solution addresses common data backup failure points by integrating best in class components that can be deployed in a manner that best suits the customer.  We are so confident in the solution that we use it to meet our own service level objectives in a variety of our managed services customer engagements.”

In the past six months, GuideIT has reached agreement and delivered on gAssure solutions valued at approximately $3 million in revenue within the financial services, healthcare, and education industries.

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, the company helps customers align IT operations in meeting their strategic business needs, better govern and manage the cost of IT, and effectively navigate change in technology. Learn more at GuideIT.com.

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

StratiFi Health Scales for Growth And Enhanced Services for Independent Physician Practices in Agreement with GuideIT

Plano, Texas – April 28, 2016 – StratiFi Health announced today a multi-year, multi-million dollar agreement with GuideIT for managed services. StratiFi Health, provider of strategic, financial, operational and IT services for independent physician practices, entered into the agreement to accelerate the scalability of its IT footprint and services.

 

Dr. Christopher Crow, CEO of StratiFi Health said, “This is an exciting step in our journey to scale in meeting the needs of the independent physicians we serve. GuideIT has a proven model for enabling more depth and quality in IT at scale, a critical asset for physicians. Leaning on StratiFi Health for their IT needs, independent physicians can achieve sharper focus on patients and the communities they serve.”

"StratiFi Health is a unique organization full of great people," shared Chuck Lyles, CEO of GuideIT. "Substantial growth is driving demand for scalability in their internal technology infrastructure and the technology support services they provide to their physician customers. We are honored to not only support the needs of independent physicians today, but to work together to enable future trends in healthcare IT."

 

About StratiFi Health

Created by physicians, for physicians. Independent practices are a key contributor to the overall health and wellness of a community. The data shows that when sustainable practices grow, so do our communities. Helping people live longer, healthier lives is what physicians do. Helping physicians grow stronger, more sustainable practices is what we do. Working together to achieve this goal is why we do it...to improve patient care and ultimately help our communities thrive. Learn more at StratiFiHealth.com.

 

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, the company helps customers align IT operations in meeting their strategic business needs, better govern and manage the cost of IT, and effectively navigate change in technology. Learn more at GuideIT.com.

 

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

Major Health System Leverages GuideIT for Critical Application Rationalization and Migration Plan

Plano, TX – April 7, 2016 - GuideIT today announced that it has delivered an application rationalization and migration plan to a major health system.

On a tight timeline due to customer needs, GuideIT identified hundreds of active applications, including those with duplicate functionality, the underlying architecture, and the infrastructure each was using.  A mapping exercise, which showed the resident platforms and networks; as well as the interfaces between applications was created.  The customer has the inventory to proceed with its application rationalization and migration plans.

“Our rapid response model produced results in a timely manner that positions our customer to launch an important IT initiative.” said Jeff Smith, Vice President, Central Region for GuideIT.  “By distinguishing ourselves in the way we respond and serve customers, we are entrusted to enable their critical business initiatives.”


ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.


MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

Financial Services Company Leverages GuideIT to Gain IT Operational Awareness Through Enterprise Assessment

Plano, TX – March 30, 2016 - GuideIT today announced the delivery of an enterprise assessment consulting solution focused on IT operations for a financial services company.

The organization’s leadership team seeks to better understand the current state of their IT investments as part of their strategic work. GuideIT’s gAssess delivers an evaluation of technology, strategy, people, operations, results, and the interdependent relationship between these elements. The information is then used to provide insights to risks, opportunities, and return on investment.

The results of the assessment included the identification of gaps and inefficiencies in the company’s delivery model. Also highlighted were weaknesses and single points of failure within the network infrastructure.

“It can be difficult to allow a third party to come in and take a hard look at their IT environment,” said Jeff Smith, Vice President, Central Region for GuideIT. “In the end, every CEO and CFO wants to know if their IT investments truly align with the broader business mission. We appreciate the opportunity to be allowed inside and help them achieve alignment.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

GuideIT Welcomes Bobby Barajas as Chief Revenue Officer

Barajas brings 20+ years of successful business development and relationship management experience to GuideIT

Plano, Texas (March 17, 2016) - GuideIT, a Perot company, and provider of technology optimization services, today announced the addition of Bobby Barajas as Chief Revenue Officer. Barajas has a proven track record of effectively managing sales teams and growing revenue.

Barajas brings over 20 years of successful business development and relationship management experience to GuideIT. He has held leadership roles at several healthcare technology focused companies where he demonstrated time and again his ability to grow revenue and lead teams of people.

“Building and fostering relationships, both internally among my team and with external partners and customers, is my passion,” commented Barajas. “I’m excited to join GuideIT where customer satisfaction through mutual trust and respect is so highly valued.”

Prior to joining GuideIT, Barajas served as Vice President of Sales and Marketing at Loopback Analytics where he was responsible for the execution of the company's national client development, marketing and account management functions. While at Loopback Analytics, Barajas also managed the company's relationship with the nation’s largest retail pharmacy organization, as well other key clients.

Barajas also served as Southern Director of Business Development for Zotec Partners and Executive Vice President of Sales at Xactimed, Inc. While at Xactimed, he led the creation and development of Xactimed’s national sales organization.

“We couldn’t be happier to welcome Bobby to our team,” added Chuck Lyles, CEO of GuideIT. “He embodies our company values and has a proven track record of leadership and success. One of our taglines is ‘We help companies lead.’ Seems to me like we couldn’t have found a better fit.”

Barajas is a north Texas native and holds a bachelor’s degree in Business Management and Industrial Relations from the University of North Texas in Denton.

 

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, the company helps customers align IT operations in meeting their strategic business needs, better govern and manage the cost of IT, and effectively navigate change in technology. Learn more at GuideIT.com.

 

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

In the News: New company heading to Wichita Falls is expected to add 91 new jobs

KAUZ-TV: Newschannel 6 Now | Wichita Falls, TX

WICHITA FALLS, TX - (KAUZ) - A new business is heading to Wichita Falls with promises to create and retain 91 new jobs. Tuesday, Wichita Falls City Councilors approved an incentive package worth $463,000 to help bring GuideIT to the city.

Read the full story

GuideIT – A Perot Company – To Open Technology Center in Wichita Falls, Texas

Plano, Texas (March 1st, 2016) - GuideIT, a Perot company, and provider of technology optimization services, today announced the opening of a technology center in Wichita Falls, Texas.

Opening in April 2016, the center will initially be used to provide customer service support and IT operations services. Long-term plans include other information technology and healthcare-specific positions requiring individuals with clinical education and experience.  As part of its expansion to Wichita Falls, GuideIT anticipates creating US-based jobs where roles have traditionally been outsourced to non-domestic locations.

“Increasingly, we are seeing customers who are excited about the opportunity to move their IT operations to a cost-effective, high-quality location in the United States,” said Chuck Lyles, president and CEO for GuideIT.  “Wichita Falls is an ideal city because of its workforce, close proximity to DFW, the university and the military base."

Launched in 2013, GuideIT is the third in a lineage of Perot IT services companies.  Its focus is on technology optimization. The market demand has enabled substantial revenue growth over the past two years. The new center in Wichita Falls is the second real estate expansion in the past six months.  Late in 2015, GuideIT secured a 17,000 square foot location for its corporate headquarters in Plano, Texas.

“After I introduced Ken Hill to the Chamber staff last April, they went to work to bring GuideIT to Wichita Falls," said Mayor Glenn Barham. "Hoping the company would locate an operation here, we are very pleased to announce that they chose Wichita Falls for this new, high-tech service center. GuideIT will be located in our reinvigorated downtown.  With excellent wages and benefits, the company will have a $12 million economic impact on our area.”

“Wichita Falls has made us feel welcome,” said Lyles. “We look forward to being a part of this great community.”

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, the company helps customers align IT operations in meeting their strategic business needs, better govern and manage the cost of IT, and effectively navigate change in technology. Learn more at GuideIT.com.

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

GuideIT Extends Server Management Contract

Plano, Texas – January 15, 2016 – GuideIT today announced that is has extended its contract to provide server management services with an academic medical center.

GuideIT was initially engaged to assess and recommend changes to their server environment. Following the assessment, GuideIT was tasked with implementing the remediation program, which significantly reduced the occurrence and impact of outages. GuideIT has provided operational support since implementing the remediation program.

“We are excited our customer elected to extend our engagement for a sixth time,” said Ron Hill, Vice President of the East Region for GuideIT. “We are grateful for the trust they place in GuideIT every day."

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

GuideIT Enables E-Commerce Provider To Better Manage Its IT Infrastructure

Plano, Texas – January 7, 2016 – GuideIT announced today a multi-year agreement to provide an IT Service Management (ITSM) solution to a leading e-commerce bookstore.   Under the multi-year arrangement, GuideIT will implement and then operate an ITSM and performance reporting solution that will help the customer to realize quality and efficiency gains by better managing their IT infrastructure operations.

“We look forward to helping our customer realize a return on their IT investment through a comprehensive ITSM model," said Jeff Smith, Vice President for GuideIT. “It’s always an honor when a company entrusts us with such an important piece of their business. We look forward to continued support of our customer’s growth.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

 

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

Linux: Replace Disk in MD

On my lab machines, I use a pair of physical disks, configured in a RAID 1 with MD, with LVM on top of that.  This gives me a lot of flexibility with full redundancy. However recently I had a failure of a drive.

Identify the Failure

Here is what MD was telling me after I identified and removed the drive from the chassis to send it off for an RMA, notice how each device only has one member (md0 has sda1, md1 has sda2), this does not make a good RAID 1.  But this is easily resolved.

# cat /proc/mdstat<br />

Personalities : [raid1]<br />

md0 : active raid1 sda1[0]<br />

524224 blocks super 1.0 [2/1] [U_]</p>

<p>md1 : active raid1 sda2[0]<br />

976105280 blocks super 1.1 [2/1] [U_]<br />

bitmap: 3/8 pages [12KB], 65536KB chunk</p>

<p>unused devices: &lt;none&gt;

Install the New Drive

Once we install the new drive we will see a bare drive, in my case it is /dev/sdb.  However it is important to note that we do not have a matching partition table on both drives.

# fdisk -l | more</p>

<p>Disk /dev/sda: 1000.2 GB, 1000204886016 bytes<br />

255 heads, 63 sectors/track, 121601 cylinders<br />

Units = cylinders of 16065 * 512 = 8225280 bytes<br />

Sector size (logical/physical): 512 bytes / 4096 bytes<br />

I/O size (minimum/optimal): 4096 bytes / 4096 bytes<br />

Disk identifier: 0x000750ce</p>

<p>Device Boot Start End Blocks Id System<br />

/dev/sda1 * 1 66 524288 fd Linux raid autodetect<br />

Partition 1 does not end on cylinder boundary.<br />

/dev/sda2 66 121602 976236544 fd Linux raid autodetect</p>

<p>Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes<br />

255 heads, 63 sectors/track, 121601 cylinders<br />

Units = cylinders of 16065 * 512 = 8225280 bytes<br />

Sector size (logical/physical): 512 bytes / 4096 bytes<br />

I/O size (minimum/optimal): 4096 bytes / 4096 bytes<br />

Disk identifier: 0x00000000

Copy the Partition Table

We can use sfdisk to copy the partition table from /dev/sda to /dev/sdb.

# sfdisk -d /dev/sda | sfdisk /dev/sdb<br />

Checking that no-one is using this disk right now ...<br />

OK</p>

<p>Disk /dev/sdb: 121601 cylinders, 255 heads, 63 sectors/track<br />

/dev/sdb: unrecognized partition table type<br />

Old situation:<br />

No partitions found<br />

New situation:<br />

Units = sectors of 512 bytes, counting from 0</p>

<p>Device Boot Start End #sectors Id System<br />

/dev/sdb1 * 2048 1050623 1048576 fd Linux raid autodetect<br />

/dev/sdb2 1050624 1953523711 1952473088 fd Linux raid autodetect<br />

/dev/sdb3 0 - 0 0 Empty<br />

/dev/sdb4 0 - 0 0 Empty<br />

Warning: partition 1 does not end at a cylinder boundary</p>

<p>sfdisk: I don't like these partitions - nothing changed.<br />

(If you really want this, use the --force option.)

Notice this actually gave us an error, sfdisk doesn’t like my partitions, because they are not properly aligned.  We can use the –force option to override that and write it out anyways.

# sfdisk -d /dev/sda | sfdisk /dev/sdb --force<br />

Checking that no-one is using this disk right now ...<br />

OK</p>

<p>Disk /dev/sdb: 121601 cylinders, 255 heads, 63 sectors/track<br />

/dev/sdb: unrecognized partition table type<br />

Old situation:<br />

No partitions found<br />

New situation:<br />

Units = sectors of 512 bytes, counting from 0</p>

<p>Device Boot Start End #sectors Id System<br />

/dev/sdb1 * 2048 1050623 1048576 fd Linux raid autodetect<br />

/dev/sdb2 1050624 1953523711 1952473088 fd Linux raid autodetect<br />

/dev/sdb3 0 - 0 0 Empty<br />

/dev/sdb4 0 - 0 0 Empty<br />

Warning: partition 1 does not end at a cylinder boundary<br />

Successfully wrote the new partition table</p>

<p>Re-reading the partition table ...</p>

<p>If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)<br />

to zero the first 512 bytes: dd if=/dev/zero of=/dev/foo7 bs=512 count=1<br />

(See fdisk(8).)

Now lets see if that one took.  Our fdisk output should match now for /dev/sda and /dev/sdb.

# fdisk -l | more</p>

<p>Disk /dev/sda: 1000.2 GB, 1000204886016 bytes<br />

255 heads, 63 sectors/track, 121601 cylinders<br />

Units = cylinders of 16065 * 512 = 8225280 bytes<br />

Sector size (logical/physical): 512 bytes / 4096 bytes<br />

I/O size (minimum/optimal): 4096 bytes / 4096 bytes<br />

Disk identifier: 0x000750ce</p>

<p>Device Boot Start End Blocks Id System<br />

/dev/sda1 * 1 66 524288 fd Linux raid autodetect<br />

Partition 1 does not end on cylinder boundary.<br />

/dev/sda2 66 121602 976236544 fd Linux raid autodetect</p>

<p>Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes<br />

255 heads, 63 sectors/track, 121601 cylinders<br />

Units = cylinders of 16065 * 512 = 8225280 bytes<br />

Sector size (logical/physical): 512 bytes / 4096 bytes<br />

I/O size (minimum/optimal): 4096 bytes / 4096 bytes<br />

Disk identifier: 0x00000000</p>

<p>Device Boot Start End Blocks Id System<br />

/dev/sdb1 * 1 66 524288 fd Linux raid autodetect<br />

Partition 1 does not end on cylinder boundary.<br />

/dev/sdb2 66 121602 976236544 fd Linux raid autodetect

Add the New Partitions to the MD Devices

Now we just need to add the partitions from the new drive to the correct md devices and allow md to rebuild the arrays.

# mdadm --manage /dev/md0 --add /dev/sdb1<br />

mdadm: added /dev/sdb1<br />

# mdadm --manage /dev/md1 --add /dev/sdb2<br />

mdadm: added /dev/sdb2

Monitor Rebuild

Now we can see the progress of the rebuild.  Notice we now have two partitions in each md device.  It shows the rebuild, percentage complete, time to complete, and speed.

# cat /proc/mdstat<br />

Personalities : [raid1]<br />

md0 : active raid1 sdb1[2] sda1[0]<br />

524224 blocks super 1.0 [2/2] [UU]</p>

<p>md1 : active raid1 sdb2[2] sda2[0]<br />

976105280 blocks super 1.1 [2/1] [U_]<br />

[&gt;....................] recovery = 0.1% (1551488/976105280) finish=94.2min speed=172387K/sec<br />

bitmap: 3/8 pages [12KB], 65536KB chunk</p>

<p>unused devices: &lt;none&gt;

Here is another one a little further along.

# cat /proc/mdstat<br />

Personalities : [raid1]<br />

md0 : active raid1 sdb1[2] sda1[0]<br />

524224 blocks super 1.0 [2/2] [UU]</p>

<p>md1 : active raid1 sdb2[2] sda2[0]<br />

976105280 blocks super 1.1 [2/1] [U_]<br />

[=====&gt;...............] recovery = 27.5% (268450496/976105280) finish=64.0min speed=184204K/sec<br />

bitmap: 2/8 pages [8KB], 65536KB chunk</p>

<p>unused devices: &lt;none&gt;

And finally this is what it looks like when it is completed.

# cat /proc/mdstat<br />

Personalities : [raid1]<br />

md0 : active raid1 sdb1[2] sda1[0]<br />

524224 blocks super 1.0 [2/2] [UU]</p>

<p>md1 : active raid1 sdb2[2] sda2[0]<br />

976105280 blocks super 1.1 [2/2] [UU]<br />

bitmap: 0/8 pages [0KB], 65536KB chunk</p>

<p>unused devices: &lt;none&gt;

Your 80’s Mix Playlist For Team Building

GUEST AUTHORED BY JOHN RAGSDALE, CIO @ STRATIFI HEALTH AND CATALYST HEALTH NETWORK.

New teams are formed every day… music bands, sports teams, school and church groups, military troops and units, business teams, organizations and companies. Having been a member of hundreds of teams, I’ve noticed that many teams start in the reactive Danger Zone* by ‘doing things’, ‘tackling issues’, ‘solving problems’, and ‘completing tasks’ without taking critical and important proactive planning steps. From myPerspective, It’s a Mistake*.  While these first steps may solve issues in the short-term, the probability of long-term team success is low with this approach. These may sound familiar…unhappy and unengaged team members…low productivity and commitment… frustration…Bad Medicine* team members bringing down the rest of the team…leaders forcing team members to accomplish tasks. No one wants these on their teams! We ALL want successful teams. But…how do we create ‘High Performing Teams’? This post, the third of a mini-series dubbed myPerspective, provides some insight for this.

First of all, this proactive team building approach requires commitment and repetition. You can’t be Too Shy* with this.  The concepts, steps, and terminology should be repeated like the chorus of Mickey*…in weekly leadership, one-to-one, and staff meetings, discussed in every day verbal and written communications, posted on walls and bulletin boards, emphasized in staff recognition programs, ‘woven’ into team and staff goals and annual reviews, with leaders, staff, contractors, and vendors.  Encourage and inspire creativity around this with your team and You Can Do Magic* with your team! So…This Is It*; myPerspective on how to build a ‘High Performing Team’.

PURPOSE! Why form the team? What is the team name? Do we have a ‘slogan’?  What is the vision of the team?  Do we have special common ‘values’?  Does this align with other teams, parent organizations, etc.? Who are the team leaders?  Answer these critical questions WITH the team’s involvement to drive team member engagement, motivation, commitment and productivity! Keep it Fresh* and create a team symbol or icon.  Develop a mission statement.  Define the team scope, products, or functions.  DON’T skip this step!

TEAM STRUCTURE! Who’s on first? What’s on Second? What resources do we need?  Do we have the resources and skills?  Do we need to promote from within or hire resources?  Permanent resources or contractors?  How do we divide the team to accomplish the scope?  What are the job titles, roles and job descriptions?  Who will focus on projects, day-to-day operations, and ongoing support?  Consider immediate needs, but Lay It Down*; a foundation for the future. Yes, more questions to answer, but REMEMBER! be sure to leverage the team’s creativity for these.

STRATEGY/GOALS/PROJECTS! What is the 2-3 year strategic plan? Consider the following: People, Process, Information, and Technology/Tools.  Then, once a 2 to 3 year plan is in place, what does the first year look like?  Define 3-5 goals for year one?  Any key performance indicators (KPIs) or metrics? What initiatives or projects are required to accomplish these goals?  Define the purpose and specific outcomes of these.  What is required for day-to-day operations and ongoing support?  Great questions to ponder… BUT…Don’t forget to ensure these align with your Purpose AND Pour Some Sugar On..* your team to inspire innovation!

COMMUNICATION and DEVELOPMENT!How will we communicate? Leaders to team? Team to Leaders? Leaders to Leaders? With 3rdparties, vendors, consultants, clients, customers, etc. How will we conduct effective meetings?  What tools will we use? Processes to follow? How will we develop our staff, learn new skills, grow? Don’t Stop Believin*!  Keep your team engaged with this and your team will be Thunderstruck* with excitement!

EXECUTE! Now with a ‘Totally Awesome’Purpose, a Hit Me With Your Best Shot*Team Structure, Walk This Way*Strategy/Goals/Projects, and a People are People*Communication and Developmentplan, go and build your team to perform at the highest level possible.

Thanks for reading. Please share your ideas, thoughts, and examples in the comments. Also check back in two weeks as we tackle another topic in the next installment ofmyPerspective.

Twitter:@JohnOnIT

LinkedIn:https://www.linkedin.com/in/johnonit

*Credits:

1.Danger Zone, Kenny Loggins, 1986

2.It’s a Mistake, Men at Work, 1983

3.Bad Medicine, Bon Jovi, 1988

4.Too Shy,Kajagoogoo, 1983

5.Mickey,Tony Basil, 1982

6.You Can Do Magic,America, 1982

7.This Is It,Kenny Loggins, 1979 (close enough)

8.Fresh,Kool & the Gang, 1985

9.Lay It Down, Ratt, 1985

10.Pour Some Sugar On Me,Def Leppard, 1987

11.Don’t Stop Believin,Journey, 1981

12.Thunderstruck, AC/DC, 1990 (close enough)

13.Hit Me With Your Best Shot, Pat Benatar, 1980

14.Walk This Way, Run DMC, 1986 (Aerosmith, 1975-original)

15.People are People, Depeche Mode, 1984

Building and Losing Leaders: Embrace It!

GUEST AUTHORED BY JOHN RAGSDALE, CIO @ STRATIFI HEALTH AND CATALYST HEALTH NETWORK.

This post is the second of a mini-series dubbed myPerspective.

As a leader in the technology industry for the last 21 years, I have led many different teams, ranging in size from 2 to 300.  Yes, there are MANY factors to consider when leading teams. In fact, there are countless books written on this.  These factors include: the organization, industry, location, team size, leadership styles, culture, etc.  However, one particular leadership factor that is ‘near and dear to my heart’ is: Building, developing and maintaining a strong leadership team.  One of my top priorities has always been to:

  1. ensure that each of my direct reports are solid ‘A’ Players,
  2. build a mentoring and coaching relationship with each,
  3. provide direction, tools, and support so they can perform at the ‘top of their game’. Without this, a leader will not be successful in the long run.

From myPerspective, I keep two things in mind when developing ‘A’ players into leaders: company performance/success AND his/her personal career.  It’s amazing how this leads to great employee engagement and morale! How do you do this, though?  Well, if you mix the company purpose, strategy, goals, and initiatives (insert your favorite terminology here) with the ‘A’ player’s personal goals and development, then you have what I call a perfect ‘Gumbo’ (fabulous Louisiana dish with lots of ingredients mixed to perfection) or ‘win/win’ situation.  Earlier this year my company developed a new technology service/product that will require onsite client implementations.  As we were reviewing the resource requirements, one of my ‘A’ players noted he was interested in developing implementation and leadership skills.  I was about to look for an Implementation Lead outside of the organization, but instead I was able to align our company’s goals with this ‘A’ player’s personal career. Booyah!

However, what happens when one of your ‘A’ player leaders decides to leave? If you build, develop and maintain ‘A’ players this will absolutely happen to you. I recently experienced a relevant story.  Picture this…entrepreneurial company ($3M) building their technology services and products from scratch…hired a CIO to lead two help desk technicians…no money to recruit experienced IT talent…CIO had to mentor, coach and promote from within.  Thankfully, the existing staff was intelligent, ambitious, willing to listen and ‘go the extra mile’, and quick to learn. After 18 months, IT services grew 200% and the IT FTEs grew from 3 to 15.  In the process, the two original technicians had been trained and groomed to be Managers.  Wow!  From Help Desk Technician to Manager in 18 months!  That’s tremendous career development and advancement.  It was a ‘Win/Win’ for everyone.  BUT…Yes, there is a but…Unfortunately the IT recruiting market was hot, and one of the Managers ‘tested the waters’, getting an offer he could not refuse. He submitted his resignation to the CIO with a ‘Thanks for all your help, but I’ve found a better deal’.  The CIO had many initial thoughts…anger, frustration that he had spent so much time developing the Manager and now he will be using these skills to help another organization, quickly replace him, make sure others do not leave with him, transition his responsibilities to others before he leaves, etc.

In the midst of these thoughts, however, other thoughts surfaced…recognize the ‘A’ player that is leaving in both one-on-one and team settings (accomplishments, efforts, dedication, his career growth example, etc.), do not ‘burn the bridge’ but leave the future open to opportunities (maybe he comes back someday, maybe he refers someone to us, maybe his company becomes a client, etc.), offer continued mentorship (lunches, after hours discussions, etc.), and whatever you do…keep the relationship because ‘Relationships Matter’.  Wow!  That’s powerful from myPerspective.  The CIO epitomized these thoughts into a ‘going away’ poem from which I’ll share an excerpt below:

Ian is Leavin’ a Legacy

Yes, Ian is leavin’ Company I.

At first, I asked myself why?

But then I could see.

He’s got a great chance to provide more for his family.

While Ian is leaving physically,

We will always remember his legacy.

So here are a few lines of rhyme,

That will hopefully stand the test of time.

Ian is the originator of Group Flash, you see.

F starts the acronym, meaning Fast / Friendly.

L is the second letter, that we’ve all heard,

Which is the ‘Link to’ the rest of the word.

Attentive is for ‘A’, the middle letter,

What a great choice!  I can’t think of anything better.

Systematic and Secure, two words with an ‘S’,

Are critical technology adjectives that describe us best.

To round out the acronym, there is an H at the end.

Helpful Service which links to our IT vision.

What a great nickname (Group Flash) we have.

All thanks to Ian who now has a better half.

He hired a few, and fired a few that probably made him want to scream.

He also helped successfully start the Outsourced Support team.

He solved more than enough IT outages for us,

And helped design a more efficient help desk process.

So Ian is Leavin’ a Legacy.

We will really miss him, you see.

However, we are not burning bridges and sending him out to sea,

Because we will absolutely stay one big family.

Ian, use your God-given talents in your next position,

And be sure to stay true to your personal and now married vision.

Let’s stay in touch and collaborate often,

Until our path’s cross once again.

Building, developing, and maintaining a strong leadership team is critical to a leader’s and team’s success, yet the risk of losing ‘A’ players is inevitable. So, what is myPerspective? Follow the advice of this CIO and keep the relationships because ‘Relationships Matter’.

Thanks for reading. Please share your ideas, thoughts, and examples in the comments. Also check back in two weeks as we tackle another leadership topic in the next installment of myPerspective.

Connect with me @ Twitter | LinkedIn

 

Failure…Part of Any Technology Experience: How to Lead Through It

Guest Authored by John Ragsdale, CIO @ StratiFi Health and Catalyst Health Network.

This post, the first of a mini-series dubbed myPerspective, is about leading through technology failure.

We are all heavily dependent on technology, especially in the workplace. I work in healthcare, and technology is the epicenter of the transformation of the industry. Electronic Medical Record (EMR) and Practice Management (PM) systems are critical to Physicians, Medical Assistants, and Patients in the day-to-day delivery of healthcare.  When these systems fail to meet user expectations (i.e. system slowness, crashing, errors/bugs, outages, etc.), physician practices and other healthcare organizations immediately become less efficient and productive. Quality of care can suffer. Patient experiences become negative and satisfaction suffers. As a result, Physicians, medical staff, and patients all get VERY frustrated, even angry when technology does not meet expectations. And it's completely justifiable to feel frustrated. But what we do with the energy fueling that frustration...well, let's dig a little deeper into that.

Too often, ‘drama’ ensues. some leaders and staff members move quickly into ‘victim’ mode (note: ‘drama’ and ‘victim’, are described in The Empowerment Dynamic TED methodology). Unfortunately, complaining, blame, and other forms of negative reactionary behavior often rule the day. They solve nothing and actually contribute to the problem. Additionally, when leaders choose to become ‘victims’, staff members see that, often emulating their leader’s ‘victim’ behavior. Before you know it, every one has an active role as part of the problem.

Believe it or not, I have actually experienced people quitting jobs over this kind of thing. Wow! All of this because technology is not meeting expectations. Let's face it, we've all been there, some where, at some point. Technology 'drama' isn't reserved just for the workplace. Oh no. It occurs at home, at church...wherever technology exists. And the ‘victim’ mentality is always lurking in the shadows of technology failure.

myPerspective...it doesn't have to be that way. First, let's level set on the some facts and expectations. Technology will fail at some point...and then again at another point, and then again, and yet again. Yes, we in the technology industry strive to make technology more and more predictable through redundancy, proactive maintenance and monitoring, but failure is part of the technology experience. The constant and more frequent change and evolution of technology fuel the probability of failure. Take for example the iPhone.  What a marvelous package of technology it represents.  Yet have you ever been to an Apple Store that isn't packed with customers experiencing at least a handful of issues? In fact, its nearly impossible to schedule a same-day Genius Bar appointment.

Given that failure in technology is part of the technology experience, accept it as a part of life. When something goes wrong, pause in an effort to avoid the 'drama'. We must CHOOSE our response wisely by taking a creative, problem-solving approach...especially those of us who lead. As highlighted in The Empowerment Dynamic, leaders choose to become 'creators' when technology fails. Below are a few suggestions on how to do this (feel free to be a 'creator' and add your ideas to the comments):

  • BE PREPARED...Develop, test, and practice creative solutions, work-arounds, and communication plans with your teams and departments in preparation and expectation of future technology failures.  Then, when failure occurs, the organization is prepared and knows what to do…as opposed to the opposite which creates a lot of ‘drama’.
  • MAINTAIN PERSPECTIVE...When failure occurs, and it will, rise above the situation and be a leader.  Know that people are watching. Whether you are a leader by role or by choice, positive behavior is the best choice for you and every one involved. That doesn't mean we don't acknowledge the issues. We do acknowledge them and prepare our minds and hearts for solutions.
  • COMMUNICATE, COMMUNICATE, COMMUNICATE...Ensure timely and appropriate communication among all stakeholders (end users, leadership, technology team, consultants, etc.) explaining the situation, status, timelines, ETA, and resolution. Provide visible support and encouragement (verbal, written, physical, etc.) before, during and after the situation to the technical resources working to solve the problem(s). Remember that they are your most valuable resource in solving the problem. Make sure technical terms are not a barrier to communicating. Translate such terms into terms understandable by non-technical people.
  • ENSURE ACCOUNTABILITY...Appropriately hold your technology resources accountable for system performance/management.  Make sure the technology team consistently learns from failures and implements systems, tools, processes, etc. to prevent similar issues in the future.

It's tough, but I believe we can all do it. Choose to avoid ‘drama’ and being a 'victim'. Instead choose to be a 'creator'! Thanks for reading. Please share your ideas for being a 'creator' and problem solver in the comments. Also check back in two weeks as we tackle another leadership topic in the next installment of myPerspective.

Twitter:@JohnOnIT

LinkedIn: https://www.linkedin.com/in/johnonit

A Taste of Disaster was Enough for Me

AUTHORED BY MARK JOHNSON, VICE PRESIDENT, MANAGED SERVICES @ GUIDEIT

In the IT services business when we think about Disaster Recovery (DR) it’s almost always in the context of business infrastructure and applications – for obvious reasons.  But recently I experienced one of the strangest coincidences concerning a form of DR that it is definitely time again to add to the GuideIT blog.

It started with my drive home and right in the middle of a chat with my wife the cell service cuts out.  Dropped calls are not unusual of course, but this was a full outage.  Annoying yes, but concerning?  Not really.  Then I arrive home and there’s no cable, no phone, no internet.  Again, not all that usual, but paired with the cell outage it soon dawned on me that we were cut off from communicating with the outside world.  That’s literally the first time that’s ever happened to us in the internet/cell phone age.  Turns out there was a major regional carrier outage, one that even affected the ATMs in the area.  No big deal all in all, grab a book and relax right?  But it does make one think…

The next day rolls around and I’m scrolling through my Twitter feed and start to see angry Tweets directed at my bank/auto insurer.  Now this particular institution is truly renowned for their IT organization, frequently earning accolades for their innovation, processes, leadership etc.  But something was clearly amiss.  People were Tweeting that they could not access their funds – no cash from ATMs, no ability to use their debit card.  Issues ranging from the serious, like people in pharmacies waiting on prescriptions but couldn’t pay, to stranded travelers, to the entertaining - most notably a college football fan who raged over and over on Twitter “I just want my Papa Johns!” The institution in question handled the event poorly from a social media aspect in my opinion.  Aside from not communicating nearly enough, they blamed the incident on a “system upgrade” that took longer than expected, which we all know simply can’t happen in a production banking environment, with some members calling them out on it.  Whether that’s the real reason, who knows?  I’ve yet to receive any form of member communication that this event even happened, why, and what they’re doing to ensure it never happens again.

But this isn’t about a terribly embarrassing system outage.  For me it was that in the space of 24 hours I realized I am way too reliant on electronic communications with no family disaster plan, and that I am tied to a single financial institution, with no ready access to cash.  I’ll be addressing both of these.  And then there is the business aspect of these “series of unfortunate events”.  We often assume that in a disaster recovery scenario we simply have to execute our DR plan, restore connectivity and data and things will be back to some semblance of normal.  These two incidents drove home for me something we know intuitively but often don’t emphasize - that we simply can’t stop at DR.  Rather, that we have to put real thought and real effort into true Business Continuity (BC) as well, something that is often glossed over in many respects.

In a strange way that I can’t quite put my finger on, disaster recovery without real business continuity seems an awful lot like that college football fan holding a working cell phone who simply wants his Papa Johns.

Food Products Company Hires GuideIT to Gain Insights with gAssess

Plano, TX - September 25, 2015 - GuideIT today announced that it signed a contract to provide an enterprise technology assessment to a major foods products company using its proprietary gAssess methodology.

With gAssess, GuideIT uses a 360 degree approach to evaluate technology drivers, strategy, people, operations, results, and the interdependent relationship between these factors to provide customers with insights to risks, opportunities, and return on investment.  Under this contract, GuideIT will support the newly appointed CIO and analyze all infrastructure towers, critical applications and the organization’s contingency planning approach.  The output will help the newly appointed CIO to establish their go-forward technology initiatives.

“This assessment will provide a clear path to help our customer develop a technology roadmap of initiatives,” said Jeff Smith, Vice President, Central Region for GuideIT.  “With our proven methodology and strong team, we are well prepared to provide customers an actionable 360 degree view into their IT organization.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

Bash: Dynamic Volume Group Mounter

This is similar, but an enhanced version of my custom_mount.sh previously published here: Bash: Automatically Mount File Systems on Volume Group if Present. This previous version was just a simple init script.  This updated version is designed for newer Linux distributions that use Systemd instead of Init.

The Code

The majority of the work is done by dvgmounter.sh.  It will check if the Volume Group is present, if it is it will parse the /etc/fstab file looking for entries that are marked noauto, then it will test if that file system is already mounted, if it is not it will mount it.

[sourcecode language=”bash” gutter=”true” collapse=”true” firstline=”1″ title=”Expand Dynamic Volume Group Mounter – dvgmounter.sh”]#!/bin/bash

# description: Will automatically mount a removable device if present.

#

#: Script Name : dvgmounter.sh

#: Version : 1.0.4.1

#: Author : Matthew Mattoon – http://blog.allanglesit.com

#: Date Created : August 15, 2012

#: Date Updated : September 14, 2015

#: Description : Automount Removable Logical Volumes Script.

#: Examples : dvgmounter.sh ACTION VGNAME

#: : dvgmounter.sh start data_vg

vgtest=$2

vgs=`vgs | grep $vgtest`

start() {

if [ -n "$vgs" ]; then

echo "Logical Volume Group: $vgtest present."

mounts=`cat /etc/fstab | grep $vgtest | grep noauto | tr ‘\t’ ‘ ‘ | tr -s ‘ ‘ | cut -d " " -f 2`

for mount in $mounts

do

if [ -z "`mount | grep $mount`" ]; then

echo "Mounting $mount file system…"

mount $mount

else

echo "File system $mount is already mounted…"

fi

done

else

echo "Logical Volume Group: $vgtest not present."

exit 1

fi

}

stop() {

if [ -n "$vgs" ]; then

echo "Logical Volume Group: $vgtest present."

mounts=`cat /etc/fstab | grep $vgtest | grep noauto | tr ‘\t’ ‘ ‘ | tr -s ‘ ‘ | cut -d " " -f 2`

for mount in $mounts

do

if [ -n "`mount | grep $mount`" ]; then

echo "Unmounting $mount file system…"

umount $mount

else

echo "File system $mount is already unmounted…"

fi

done

else

echo "Logical Volume Group: $vgtest not present."

exit 1

fi

}

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

stop

sleep 2

start

;;

*)

echo "Usage: $0 start|stop|restart"

exit 1

esac[/sourcecode]

Here is what I have for LVM.

# vgs<br />

VG #PV #LV #SN Attr VSize VFree<br />

laptop_vg 1 4 0 wz--n- 237.98g 26.44g<br />

data_vg 1 4 0 wz--n- 298.09g 18.09g<br />

# lvs<br />

LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert<br />

home laptop_vg -wi-ao---- 97.66g<br />

localvm_lv laptop_vg -wi-ao---- 60.00g<br />

root laptop_vg -wi-ao---- 50.00g<br />

swap laptop_vg -wi-ao---- 3.89g<br />

disk_lv data_vg -wi-ao---- 60.00g<br />

downloads_lv data_vg -wi-ao---- 50.00g<br />

iso_lv data_vg -wi-ao---- 20.00g<br />

movies_lv data_vg -wi-ao---- 150.00g

Here is the snipped contents of my /etc/fstab.

# cat /etc/fstab<br />

...<br />

/dev/mapper/data_vg-iso_lv /vbox/iso ext4 noauto 1 2<br />

/dev/mapper/data_vg-disk_lv /vbox/disk ext4 noauto 1 2<br />

/dev/mapper/data_vg-movies_lv /home/matthew/movies ext4 noauto 1 2<br />

/dev/mapper/data_vg-downloads_lv /home/matthew/Downloads ext4 noauto 1 2<br />

...

Creating the Service

We just need to put some details into a service file, since this particular script is a one time run then we need to tell Systemd that this is a “oneshot” and that we want it to “RemainAfterExit” so that it doesn’t put the service into a failed state when it completes its work and stops running.

# cat /lib/systemd/system/dvgmount.service<br />

[Unit]<br />

Description=Dynamic Volume Group Mounter</p>

<p>[Service]<br />

Type=oneshot<br />

ExecStart=/opt/dvgmounter/dvgmounter.sh start data_vg<br />

ExecStop=/opt/dvgmounter/dvgmounter.sh stop data_vg<br />

RemainAfterExit=yes</p>

<p>[Install]<br />

WantedBy=multi-user.target

Then we need to link that service file into Systemd’s configuration, so that it can transact with it.

# pwd<br />

/etc/systemd/system<br />

# ln -s /lib/systemd/system/dvgmount.service

Whenever you make changes to services you will need to reload the daemons into Systemd.

# systemctl daemon-reload

Then starting the service is simple enough.

# systemctl start dvgmount.service

Lets check status and make sure that this worked properly before making the changes permanent.

# systemctl status dvgmount.service<br />

  • dvgmount.service - Dynamic Volume Group Mounter<br />

Loaded: loaded (/lib/systemd/system/dvgmount.service; enabled; vendor preset: disabled)<br />

Active: active (exited) since Mon 2015-09-14 15:50:57 CDT; 10min ago<br />

Main PID: 24178 (code=exited, status=0/SUCCESS)<br />

CGroup: /system.slice/dvgmount.service</p>

<p>Sep 14 15:50:57 laptop systemd[1]: Starting Dynamic Volume Group Mounter...<br />

Sep 14 15:50:57 laptop dvgmounter.sh[24178]: Logical Volume Group: mattoondata_vg present.<br />

Sep 14 15:50:57 laptop dvgmounter.sh[24178]: Mounting /vbox/iso file system...<br />

Sep 14 15:50:57 laptop dvgmounter.sh[24178]: Mounting /vbox/disk file system...<br />

Sep 14 15:50:57 laptop dvgmounter.sh[24178]: Mounting /home/matthew/movies file system...<br />

Sep 14 15:50:57 laptop dvgmounter.sh[24178]: Mounting /home/matthew/Downloads file system...<br />

Sep 14 15:50:57 laptop systemd[1]: Started Dynamic Volume Group Mounter.

Finally lets tell Systemd that this should be evaluated as part of its system startup.  This will make the changes permanent.

# systemctl enable dvgmount.service<br />

Created symlink from /etc/systemd/system/multi-user.target.wants/dvgmount.service to /usr/lib/systemd/system/dvgmount.service.

That does it.  This should solve this one for some time!

Fedora 20: Use PPTP VPN

I have had this one in the queue for a while (I don’t even run of Fedora 20 anymore).  This one will be short and sweet because there really isn’t a bunch of discussion that needs to go into it.

By default Fedora 20 will block outbound PPTP VPN connections.

# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT<br />

# firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT

Reload the rules.

# firewall-cmd --reload

Tech Company for Legal Industry Achieves Roadmap to Align IT with Business Strategy

Plano, Texas – September 15, 2015 – GuideIT announced today the completion of a project focused on creating a roadmap to align IT to the business strategy for a tech company providing solutions to the legal industry.

The new Chief Technology Officer needed independent support to create a path for reducing IT costs, more consistent use of ITIL practices across the organization, and enablement for competing in emerging market segments.

Utilizing its proprietary offering gAssess, GuideIT assessed the IT infrastructure and team resources. The deliverables included both a conclusions report and a roadmap. The roadmap provided a clear path for leveraging the right technology and people to do more with less.

“The new CTO and his team are now fully prepared to support the business priorities,” said Deana Eiland, Transformation Leader for GuideIT. “It was an honor for our team to play a role in their effort to grow and expand into new markets.”

About GuideIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

Media Contact

Peter Snell
214.810.6207
peter.snell@guideit.com

Why Do We Rely On Our Gut Feeling

AUTHORED BY GUY WOLF, TRANSFORMATION EXECUTIVE @GUIDEIT

Last week we talked about ways to "follow your gut" when making an important decision about outsourcing a significant portion of IT services.  Why is it that even as our ability to objectively evaluate vendor bids for outsourcing has improved, we rely as much if not more on our gut feelings than we do on hard, objective data?

We have noticed over the years that the difference between proposals has narrowed on all the objective measures in outsourcing– the service levels, pricing, staff levels, vendor capabilities, etc. (If you haven’t seen it yet, Esteban Herrera of Information Systems Group has a very insightful post about the relative importance of evaluating people vs. the more well-known objective measures.)  It can be frustrating to companies trying to differentiate and have a “clear choice.” There is still the hope that a decision matrix can be built that will settle their decision – and give them credibility in recommending to a board of directors.  Sadly (especially for math-types), it yields a result that is less than conclusive.  Three reasons tend to stand out in why this would be:

1.       Consolidation among the vendors: with the normal maturing of this market, this has been inevitable, so it’s not surprising that we’re seeing fewer and larger players as the only ones who can make money at this work with the shrinking margins available.

2.       The borders are porous – people move from provider to provider, bringing skills and experience with them.  It’s natural that this would be reflected in how the providers deliver and market their services.

3.       Marketplace methods have standardized. On both the individual deal perspective as well as the marketplace over time, the evaluators (buyers and the consultants they hire) set the rules for how to make the evaluations.  Vendors adjust bids to what works within the rules set by the evaluators.

As a result, when it comes time to make a decision among two or three potential vendors to provide these services, the objective weighted criteria often don’t make it an easy one.  There’s so little room between the vendors that only using objective measures makes the decision a toss-up, and you can get the feeling that even after all that evaluation work, it’s not clear which way to go.  Why didn’t we just flip a coin?

First, don’t lose heart that the evaluation effort was wasted.  You’re actually at the point you want to be and have probably separated much of the wheat from the chaff – a small number of potential providers who really can do the nuts and bolts of what you need done.  But beyond this, what’s needed is some very hard criteria around potential vendors’ people and culture – ways to evaluate their capabilities and potential that allow prospective customer leaders to understand and weigh the various elements of their gut feel about the people.  We’ll address that in our next post.

Zimbra 8.6: Bayesian Poisoning

Let me start by saying that this problem is not unique to Zimbra and it certainly isn’t unique the version 8.6, however, I was using Zimbra 8.6 when I ran into this problem, so this is how I fixed it.

What is Bayesian Poisoning?

One of the core tenants of spam filtering using Bayesian probability to increase or decrease a particular messages score based on the likelihood it is spam.  This is done by compiling a database, often called the Bayes DB, which contains tokens resulting from the Bayesian filtering, these tokens are keywords and combinations that will either push up or down the probability that a given message is spam.  So Bayesian Poisoning is when that DB is intentionally populated with invalid references which result in either more spam being marked as not spam or more legitimate mails being marked as spam.

https://en.wikipedia.org/wiki/Bayesian_poisoning

My Situation

Below you will see the version of Zimbra that I was running on at the time of the incident, though looking back over the situation I have been dealing with this problem to varying degrees as far back as 7.0.1 or so.

$ zmcontrol -v<br />

Release 8.6.0_GA_1153.RHEL6_64_20141215151155 RHEL6_64 FOSS edition.

I originally was looking for clues as to the message origination, with my initial suspect being that I had a misconfiguration in my secondary MX, which was allowing spammers to flood through that then be granted the trust that that particular box had (that might have been the root of my poisoning, but I haven’t confirmed that yet).  But I didn’t find the real problem until I started looking at the X-Spam-Status header, specifically the tests section.

Analysis of Message Headers

Below is a sample section of the headers, prior to fixing the problem.

X-Spam-Flag: NO<br />

X-Spam-Score: -0.383<br />

X-Spam-Level:<br />

X-Spam-Status: No, score=-0.383 tagged_above=-10 required=5<br />

tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001,<br />

HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RDNS_NONE=0.793,<br />

SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]<br />

autolearn=no autolearn_force=no

Lets break down each component here.

The X-Spam-Flag is pretty self-explanatory, the spam filters have determined this message is not spam (it is ham) and as such it will be processed with the usual gusto of the email subsystems.

X-Spam-Flag: NO

The X-Spam-Score is the sum of all of the test results ran against this message.  This determines if it is flagged as spam. Obviously this is a negative number, the higher the number the greater the chance it is actual spam.

X-Spam-Score: -0.383

The X-Spam-Level is simply a graphical representation of the score, in our case a negative number, doesn’t include any representation, if we had a score of 1.5 then it would be represented by “*” with the 1 asterisk being equivalent to the whole number in 1.5 or “1” conversely a score of 7.2 would have a level of “*******”.  Negative numbers are less than 1, therefore, they are represented by 0 asterisks

X-Spam-Level:

The X-Spam-Status is where all the magic happens.  Here we have the “required” which is the numerical score which will result in the message being tagged as spam, and of more value is the actual tests that were run and how that affected the score.  This is where the problem is. BAYES_00 is where the real problem is, this one test has a value of -1.9 which is huge, but that score is actually correct, because the “00” means that there is virtually no chance (0-1%) that this message is spam, and obviously all of your legitimate messages fall into this category as well, so we can’t just tinker with that score.  There is additionally a BAYES_05, BAYES_20, BAYES_40, BAYES_50, BAYES_60, BAYES_80, BAYES_95, and BAYES_99 which correspond to the top percentages that they serve. So the core of this problem is that we have a spam filter that thinks beyond a doubt that actual spam has no chance of being spam.

X-Spam-Status: No, score=-0.383 tagged_above=-10 required=5<br />

tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001,<br />

HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RDNS_NONE=0.793,<br />

SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]<br />

autolearn=no autolearn_force=no

Another interesting item of note.  In my environment I noticed that 90-95% of all of the spam I analyzed included HTML_FONT_LOW_CONTRAST, however, the score for that was 0.001.  This particular test looks at the formatting of the message and looks for the background and text colors being close enough that they are difficult to read with the naked eye (often in my environment it was a white background with an off-white or light light gray text).  So in addition to fixing the Bayesian DB poisoning, I also adjusted the score for this to reduce the likelihood that these messages get through the filter. With all of these tests that came back increasing the spam score, they were not able to overcome the Bayesian DB poisoning.

Resolving Bayesian DB Poisoning

Bad news is that there is no way to “fix” Bayes DB poisoning.  Basically everything that the Bayes DB knows is wrong, so the proper fix is to start with a fresh DB and re-train it.

Below you will see the location of the Bayes DB.

[zimbra@mail:~]$ pwd<br />

/opt/zimbra<br />

[zimbra@mail:~]$ cd .spamassassin/<br />

[zimbra@mail:~/.spamassassin]$ ls -lh<br />

total 4.4M<br />

-rw-------. 1 zimbra zimbra 332K Sep 8 09:47 bayes_seen<br />

-rw-------. 1 zimbra zimbra 4.7M Sep 8 09:47 bayes_toks

Now to remove it we must stop the Zimbra services, I suspect stopping the amavis might be enough, but to be safe I just did the entire Zimbra service.

[root@mail:~]# service zimbra stop

Then simply remove both the bayes_seen and bayes_toks files.

[zimbra@mail:~/.spamassassin]# rm bayes_*

Once the files are gone, we can restart zimbra.

[root@mail:~]# service zimbra start

Let's look at those files again, and let's see the file size difference.  This was after some time and training, they might not show up immediately.

[zimbra@mail:~]$ cd .spamassassin/<br />

[zimbra@mail:~/.spamassassin]$ ls -lh<br />

total 288K<br />

-rw-------. 1 zimbra zimbra 12K Sep 8 20:25 bayes_seen<br />

-rw-------. 1 zimbra zimbra 332K Sep 8 22:00 bayes_toks

Training Zimbra

Training Zimbra is pretty simple, use the Mark as Spam button in the webmail application.  Of course, it takes some time, because you need to wait for actual spam to come across in order to train based on it.  To speed up the process and actually see the progress I like to manually run zmtrainsa to learn based off of the messages marked as spam, this will show me how effective that learning was across the whole system.

[zimbra@mail:~]$ zmtrainsa<br />

20150912120115 Starting spam/ham extraction from system accounts.<br />

[] INFO: Total messages processed: 1<br />

[] INFO: Total messages processed: 0<br />

20150912120119 Finished extracting spam/ham from system accounts.<br />

20150912120119 Starting spamassassin training.<br />

Learned tokens from 1 message(s) (1 message(s) examined)<br />

Learned tokens from 0 message(s) (0 message(s) examined)<br />

bayes: synced databases from journal in 1 seconds: 3129 unique entries (3910 total entries)<br />

20150912120124 Finished spamassassin training.

Above we see that it processed the 1 message that I marked as spam, and that from that message it was able to learn tokens.  This means that this was a good learn and it should increase the effectiveness of your spam filter. It seemed like the first 4 hours I was getting almost no spam, and then were was a burst for the next 12-16 hours where it seemed like perhaps I had been poisoned again already (that was frustrating) but I just kept on training, and by the end of the second day my spam volume had dropped and approx 80-90% of the messages were being tagged and placed into the Junk folder.

To give you an idea of load so that you can extrapolate your expected timings based on my experiences, most days my system receives 3,000-4,000 messages a day with once a week bursts of up to 18,000 messages a day.

Customizing SpamAssassin Rules

This procedure is different for previous versions, please do your homework if you are not on Zimbra 8.6.

We need to add the following to sauser.cf.  This should only be done after an extensive analysis of your spam otherwise at best it will not have any effect.  You might need to create sauser.cf if you haven’t previously customized other rules.

[zimbra@mail:~/data/spamassassin/localrules]$ more sauser.cf<br />

ifplugin Mail::SpamAssassin::Plugin::HTMLEval<br />

# &lt;gen:mutable&gt;<br />

# DEFAULT - score HTML_FONT_LOW_CONTRAST 0.713 0.001 0.786 0.001<br />

score HTML_FONT_LOW_CONTRAST 1.5 1.5 1.5 1.5<br />

# &lt;/gen:mutable&gt;<br />

endif

You can use this to modify other rules as you see fit as well.

https://wiki.apache.org/spamassassin/Rules/

Conclusion

So 4 days into this no complaints.  I still have spam that gets through, but that is the design it is a small number, and they are not BAYES_00 in other words the filter knows they are probably spam and would rather I take a look at it to confirm it rather than get overzealous.  I am still using the adjusted HTML_FONT_LOW_CONTRAST rule, even though it shoots the scores through the roof with the Bayesian filter actually doing its job.

Here is a header from a message that it lets through.  The important thing here is that the absence of the BAYES_00 score, it is instead replaced by BAYES_20, which only discounts the spam score by 0.001 so it is unsure about the message and it has a largely neutral effect.

X-Spam-Flag: NO<br />

X-Spam-Score: 1.935<br />

X-Spam-Level: *<br />

X-Spam-Status: No, score=1.935 tagged_above=-10 required=5<br />

tests=[BAYES_20=-0.001, DATE_IN_FUTURE_06_12=1.947,<br />

SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01,<br />

URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no

Here is a header from a message that it caught and tagged.  Of course this one also has an absence of the BAYES_00, replaced by BAYES_80 indicating that the Bayesian DB has some good information in it.

X-Spam-Flag: YES<br />

X-Spam-Score: 8.74<br />

X-Spam-Level: ********<br />

X-Spam-Status: Yes, score=8.74 tagged_above=-10 required=5<br />

tests=[AC_HTML_NONSENSE_TAGS=1.999, BAYES_80=2, HTML_MESSAGE=0.001,<br />

SPF_PASS=-0.001, STYLE_GIBBERISH=3.499, T_RP_MATCHES_RCVD=-0.01,<br />

UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_JP_SURBL=1.25]<br />

autolearn=no autolearn_force=no

So the bottom line is that if you are dealing with an overwhelming amount of spam in your inbox then this warrants some investigation and hopefully this will help you to sort through that problem a little quicker than it took me.

How To “Follow Your Gut”

AUTHORED BY GUY WOLF, TRANSFORMATION EXECUTIVE @ GUIDEIT

Early in my career, a manager told me how he made important decisions.  “I always follow my gut.  In fact, I’ve put on so much weight in this job, that my gut sticks out and I literally have to follow it wherever I go!”  Kidding aside, he did stand out among leaders as being able to cut through the fog of data – some missing, some conflicting, and some just plain wrong – to guide his team along a path that was not always the obvious conclusion. 

In leading one company through an outsourcing decision, we arrived at a point where the investigation had been completed.  Two organizations were deemed qualified, capable and willing to work with us to take on a large service obligation to support the client company.  This would have meant significant savings and access to resources for the client and significant revenue and favorable marketing publicity for the service provider.  After negotiating the contracts, a key leader at the customer told us his gut was telling him not to do this deal.  What happened next made the difference in maintaining a cohesive team that would continue to work with both vendors in other ongoing relationships. 

There are at least two paths leaders follow when making this “gut calls.”  One I would call the “trust me” path.  It’s fast.  It gets to the “right” decision very often, and it avoids the hard work of forging a consensus among people with different preferences of outcomes.  When done well, it can lead to a sense of awe and glory for the leader.  “Brilliant, if a bit abrasive,” others may say of this leader.

But we ignore our sixth sense at our peril.  “Gut Feel” or “Intuition” is the stuff we know, even though we don’t know how we know it.  Or in psychology terms:  "rapid cognition or condensed reasoning that takes advantage of the brain's built-in shortcuts." (Psychology Today, 21-Aug-13 https://www.psychologytoday.com/articles/200704/gut-almighty It is no less valid than other types of formal analysis. But because it is hard to demonstrate, it is frequently kept hidden.

The other path, and the one this leader chose, was to engage an impartial advisor to help document the pros and cons of multiple courses of action – some of it in spreadsheets, some in narrative.  And he brought together the people who spent so much time and effort in the selection process to weigh in on the topic.  It was an investment of several hours, and under a tight deadline.  But allowing the entire team to engage in bringing these other factors to light meant arriving at the decision that preserved the outstanding working relationships they had built together within the client organization, as well as with the finalist vendors who continue to support this client in other ways. 

We would like to hear from you how you use your “gut feelings” in your decision making.

Why Do IT Outsourcing Contract Negotiations Take Longer Than Expected?

AUTHORED BY GUY WOLF, TRANSFORMATION EXECUTIVE @ GUIDEIT

“We made the decision six weeks ago to go with the preferred vendor.  Why is it taking so long to finalize the contract with them?” a CIO asked us recently.

Why, indeed?  We had performed the due diligence one would expect on a deal of this size, including the data center visit, the customer site visits and reference calls, and much more, yet after 7 weeks of late night meetings, we were still apart on the final contract and losing valuable time and leadership focus – not to mention the good will between the parties.  And yet we still could not nail down an agreement.

Want to make this process go smoother for you when you are at that point? Here are some areas that will help you avoid the gap between decision and execution:

1.       Match the contract to the proposal.  A couple ways to go here: either start the Vendor’s paper or the Customer’s.  If using the vendors “boilerplate” it may be a time saver, or a time sink.  If the boilerplate contract is much different from the proposal that is being delivered, then there is needless wasted time in trying to “shoe-horn” something that doesn’t fit.   If the Customer has a standard sourcing contract (less common, but not unusual these days), it may save significant time finalizing the legal and security details.

2.       Minimize (hard to eliminate) late-breaking requirements.  In spite of your best efforts to research all the requirements and include them in the RFP, and validate them during due diligence, there is often a new requirement that comes up during negotiations that had not been provided to the vendor before.  Will there be a requirement to integrate IT Service Management tools?  A new set of security requirements that did not get entered into the RFP?  A higher limit of liability or consequential damages clause?  It’s possible to overcome some of this by getting people to commit to their requirements earlier in the process, but doubtful that will be 100% successful, as people get more focused on those things that they believe are imminent and likely.

3.       Focus on the big gaps.  Not all issues are created equal, and if there’s going to be an agreement, there are going to be some issues that are harder and more important to agree to than small ones.  Avoid the trap of claiming to make progress by knocking out the small issues versus resolving the ones that are true show stoppers.

4.       Know your objectives and positions and engage as partners, rather than adversaries.  You’re going to spend a lot of time together and require an open, trusting relationship.  It’s a good idea to start that way, and share with one another what the showstoppers truly are.  This will help you avoid negotiating as if it’s a competitive sport, and both partners will wind up with a deal they can benefit from.

Not an exhaustive list, but organizations (vendors and customers) who employ these techniques reach win-win agreements – or decide not to engage – sooner, and in a more positive relationship. We would like to hear what has worked (or not worked) for you.

What Defines A Good Leader?

AUTHORED BY CHUCK LYLES, CHIEF EXECUTIVE OFFICER @ GUIDEIT

A good leader is always striving toward bettering themselves as an individual and approaching every task with an attitude of servitude. The only way you are going to know what your team needs from you in order to be more successful is to listen to them. Successful teams perform much better when they know they have confidence that you chose the right team to get the job done.

 


 Listening, possessing confidence, and respect for, and in, your team are only a few traits that make up a great leader.  But leaders must also work toward bettering themselves as individuals if they want their team to listen, respect, and have confidence in them.  It works both ways.  Leaders must not only make a call to action to their team for these qualities, but they must make a call to action for themselves which requires lifelong tuning.

1.      Accountability

Extraordinary leaders take responsibility for everyone's performance, including their own. They follow up on all outstanding issues, check in on employees, and monitor the effectiveness of company policies and procedures. When problems arise, they identify them quickly, seek solutions, and get things back on track.

2.      Honesty

Strong leaders treat people the way they want to be treated. They are extremely ethical and believe that honesty, effort, and reliability form the foundation of success. They embody these values so overtly that no employee doubts their integrity for a minute. They share information openly and avoid spin control.

3.      Coaching

The best leaders guide employees through challenges, always on the lookout for solutions to foster the long-term success of the organization. Rather than making things personal when they encounter problems, or assigning blame to individuals, leaders look for constructive solutions and focus on moving forward.

4.      Awareness

A great leader conducts themselves in a way that sets them apart from their employees--not in a manner that suggests they are better than others, but in a way that permits them to retain an objective perspective on everything that's going on in their organization.

5.      Decisiveness

All leaders must make tough decisions.  It goes with the job. Extraordinary leaders must possess a high level of independence and execute difficult and timely decisions made in the best interests of the entire organization. Many decisions require a firmness, authority, and finality, but an extraordinary leader also knows when not to act unilaterally but instead foster collaborative decision-making.

Human dignity, personal responsibility, and humility should always be at the forefront of a good leaders thoughts and executions, and it takes daily conditioning and effort.

The most dangerous leadership myth is that leaders are born-that there is a genetic factor to leadership. That’s nonsense; in fact, the opposite is true. Leaders are made rather than born. —Warren Bennis


Leader Achievement: Advancing People Forward

AUTHORED BY JEFF SMITH, VICE PRESIDENT OF SALES @ GUIDEIT

I have always been fascinated by the different leadership styles I have witnessed and have worked for in my 35 years in the IT field.  It is my belief that a leader, good or bad, has a direct impact on the achievements and accomplishments of those who work for them. I also believe that one’s leadership style is not something that is taught, rather is inherent in their overall personality.

 



If someone in their everyday life is known as a caring, giving person, they will tend to lead with a style that emphasizes caring more about individual and team achievements than their own personal achievement. If someone in their everyday life is more self-centered, caring more about themselves rather than others, they will tend to focus on trying to advance their own career off the work of their subordinates, and spending the majority of their time managing UP versus managing across.

When I became a leader over an IT Business Development team in my early 30’s, I felt a calling to lead with the same personality and purpose that I believe I have in my everyday life.   I felt a responsibility to help others learn and grow, to have direct communications with them, to take responsibility, and truly wanted to contribute to the success of each individual, the team and a bigger purpose.  Our overall goal was to find, close and sign new business, which we did well.  But for me, signing business never yielded the same reward as watching the development of the team and individual team members, getting compliments about a team member, or having associates from other teams say that they would love to be part of Our Team.  And there was nothing better than having a newly signed customer tell you what they saw in us over the competition was a better team of people and a team that they wanted to partner with.

When you become a leader, it’s my belief that your greatest achievements come from the opportunities you provide team members for personal growth, from the recognition of your team members for their dedication and their hard work, and most importantly when you know and feel they embrace you and trust you as their leader.

So if you are a leader constantly ask yourself, how you can best lead them, serve them, support them and engage with them. When you are thinking of these things I believe you have achieved being a great leader.


Integrity – An Internal Compass

AUTHORED BY MARK JOHNSON, VICE PRESIDENT, MANAGED SERVICES @ GUIDEI

Not long ago the call went out for a volunteer to write the next installment of our series of GuideIT Values blog entries.  With the topic being “integrity” I quickly said “I’ll take that one”, thinking to myself “hey that’s an easy one to knock out.”  Well, as it turns out, not so much.

As I put fingers to keys I started with the predictable list of “challenges to integrity” but soon had to ask myself, how do you write about integrity in a way that doesn’t come across as either sanctimonious or overly simplistic?  And further, how do you translate a critical foundation of character into mere words?


At GuideIT our Founders adopted this approach in an attempt to express what integrity means to us:  “We will hold each other to unquestionable standards of honesty and ethics, in words and actions, and operate with transparency.”

Helpful, but still what does that mean?  If integrity in business meant simply being honest, it’s not a terribly high bar to clear, though isn’t it sad how some don’t?  No, too often we’re faced with opportunities to “pass or fail” an integrity test in far less visible ways, or ways in which there’s not necessarily a clear cut “right” answer.  That’s where the “unquestionable” part comes in.  The standard is clear, the measure remains harder to quantify.  But let’s face it – we all know it when we see it.  So do our fellow team members, and so do our customers.

Can you teach integrity?  I’d say yes and no.  Without question you can use day to day opportunities (and challenges) in business to guide your team members towards what it means to operate in the center of the ethical playing field, whether leading by example yourself, or providing specific guidance about your expectations for ethical behavior as situations arise.  So yes, you can absolutely teach integrity, but only to a point.

No matter how hard you work to establish an environment conducive to both earning and maintaining trust, inherently there is still an element of character that has to come from within, one that if missing will never consistently meet the expectation to operate with “unquestionable standards of honesty.”  To me, that internal compass is called having a conscience, emboldened with the courage to choose the harder right, rather than the easier wrong, even when the decision or the results may not be popular.  There are lots of people who know the right thing to do; at GuideIT we look for the ones actually willing to do it, and hold everyone, including our leaders, to that same standard.

At GuideIT our motto is “Do Technology Right.”  As I reflected on what I initially thought was a simple marketing slogan, my “ah-ha moment” was when I realized it also provides a straight forward approach to operating with integrity.  “Do Technology Right”, absolutely.  But how about, simply do what’s right.

I guess it wasn’t all that hard after all.

How Do You Build A Team That Works?

AUTHORED BY DEANA EILAND, VICE PRESIDENT OF DELIVERY @ GUIDEIT

Teamwork...

Teams are a fundamental part of our work and personal lives.  But, creating a team is not the same as creating a team that works.  Just as joining a team is not the same as performing as a team member.  Very simply, teams do not work without teamwork. Active, collaborative teamwork towards a common goal makes all the difference.

 

How do you build a team that works?

  • Be Aware of How You Work – Know your strengths and weaknesses, hold yourself accountable, course-correct and modify your approach if needed to ensure you are leading from a position of strength.
  • Get to Know the Rest of the Team – Invest the time to know your team’s individual strengths and weaknesses, how they are wired and what motivates them to excel beyond what is expected.
  • Clearly Define Roles & Responsibilities – Each of your team member’s responsibilities should be interconnected and dependent on one another.  Unique strengths and differences can convert into a powerful united force when aligned properly.
  • Be Proactive with Feedback  - Feedback is a two-way street and is key to staying on track and course correcting when needed.
  • Acknowledge and Reward – People love recognition and appreciate respect.  Take the time to give your team the accolades they have earned and deserve.
  • Always Celebrate Success! – In today’s fast-paced world, people often don’t take the time to take a step back and truly appreciate what it took to cross the finish line.  Don’t ignore it.  Your team’s accomplishment was likely with some sacrifice by team members.  Celebrating their success and overall impact of the achievement is critical.

"The way a team plays as a whole determines its success. You may have the greatest bunch of individual stars in the world, but if they don't play together, the club won't be worth a dime."

-Babe Ruth

Individual Accountability, Part of A Whole

AUTHORED BY JOHN LYON, CHIEF OF FINANCE @ GUIDEIT

The reality of organizational life is never black and white.  More often than not, accountability is muddled and people are not fully aware of the direct connection between their efforts and results.  We tend to keep ourselves from being productive simply by not holding ourselves accountable for our actions.  It is of utmost importance to first hold yourself accountable for your own obligations, commitments, and actions before participating in a team environment.

Accountability is about improvement.  Improve oneself, and the team will respectively improve. Tom Price nails it when he said, "One person's embarrassment is another person's accountability."  We are all in a leadership role, as all team members are responsible for contributing to the success of the organization.  As leaders, without accountability, an organization would cease to exist.  You not only betray yourself by not owning up to your responsibilities, but your team as well.

The major leagues would never send a player on the field who has consistently missed mandatory practices, for obvious reasons; such an action would diminish the collective hard work of the other team members, and scores would decline rapidly.  The same goes for any type of team. There must be rules and adherence. A pattern toward advancing success.  And that pattern begins with the individual.

It is up to me and no one else to make sure I am doing what I know I should be doing. When someone has to hold me accountable, because I failed to do what I should have done, I have a serious conversation with myself. My belief is that no one should have to hold me accountable for my actions, responsibilities and goals. While I appreciate others helping me get better, I am the one that must hold myself to a high standard.

I am convinced if you want to advance your life personally or professionally, you must hold yourself accountable for your actions, responsibilities, and goals.  Think about it. Commitment is a choice and a decision that should be made responsibly. Why should it be someone else’s job to make sure you are doing the things that you know you should be doing?

Cyber Security Awareness

AUTHORED BY MARK JOHNSON, VICE PRESIDENT OF MANAGED SERVICES @ GUIDEIT

You pick up the paper or watch the news and it has become an all too common occurrence.  What used to surprise us is now sadly routine – breaches of cyber security.  In the early days these breaches were usually just an annoyance – most simply focused on defacing public facing websites.  Plug the vulnerability, re-upload your homepage, and you were back in business.  Almost seems quaint now doesn’t it?  Today the stakes are much higher, both from a commercial standpoint and from an international security standpoint as well.

While much of the preventive focus for cyber-security justifiably falls on IT, the role of each and every user is critical as well.  From password security, awareness of social engineering threats, and prudent behavior when it comes to attachments and web-browsing, many enterprises are only as strong as their weakest user.  One of GuideIT’s managed services customers places significant emphasis on the importance of user awareness in their overall cyber-security program, and recently completed a Phishing exercise I thought worth sharing.

To establish a baseline from which to measure the results of an upcoming training program focused on Phishing, every employee was sent an outside email informing them that their email storage quota had been exceeded, and directing them to click an enclosed link to address the issue.  The organization’s Information Security policy dictated that they forward suspicious emails to the GuideIT Service Desk, who would either confirm/deny the authenticity of the email, or open a ticket to the customer’s Security Team for review.  So how’d they do?

·         90 people clicked the link - they failed the test outright.

·         50 people forwarded the note to the Service Desk AFTER clicking on the link, many asking, “Hey the link didn’t work; how can I get more storage??”  They also failed the test.

·         40 people forwarded the email to the Service Desk without clicking the link, and identified the email as a potential Phishing attempt – BRAVO!

Obviously no harm came of this exercise. But had the threat been real, the outcome might have been different.  The lesson?  First it’s worth emphasizing that this particular customer has an active IT Security Program using both internal dedicated IT resources, and the assistance of an outside Security vendor to audit and support their efforts.  Yet the majority of people who received the Phishing attempt “took the bait”.  With this particular customer, the next time a user fails a Phishing attempt they will be directed to a mandatory online training module to raise their awareness on the risks of Phishing – a great motivator huh?

The lesson to me is that even with strong internal programs to raise cyber awareness, your work is never done.  And if you don’t have programs in place like this customer, give serious thought to how your organization would perform if put under the same microscope.

Stay tuned; this customer plans additional testing over the course of the year to gauge the effectiveness of their training efforts.  I’ll be sure to provide an update when they do.

Adaptability. Essential to Success

AUTHORED BY JOHN LYON, CHIEF OF FINANCE @ GUIDEIT

A common trait of reaping success is adaptability.  A multitude of challenging, unfamiliar situations inevitably occur throughout life. Both an individual and an organization must be open and adaptable to change when working through these types of situations to experience success.  To effectively serve our customers with the right solutions, we at GuideIT must have the ability to adapt as individuals, and respectively, as a team. Challenge and change are inevitable for our customers, therefore working with the flow of change is essential and crucial in assessing and helping them solve complex issues.

Adaptability in optimizing technology means designing the business with a framework that allows for change unique to our particular customers’ needs.  This is why adaptability is one of our core values at GuideIT. We demonstrate the flexibility and agility needed to succeed in a world of complexity, ambiguity and change. Each and every one of my peers is adaptable, flexible, and collectively as a team we are able to evaluate obstacles and produce creative adaptable solutions to support the business objectives of our customers.

So with that in mind, here are some tips in personally embracing and helping to cultivate a culture of adaptability:

1.       Embrace spontaneity.  Carpe diem.

2.       Remain calm when unexpected change occurs. Very few things are forever.

3.       Find someone you admire with high adaptability and learn from them.

“There can be no life without change, and to be afraid of what is different or unfamiliar is to be afraid of life.”
― Theodore Roosevelt

Encouraging Maximum Potential

AUTHORED BY TIM MORRIS, VICE PRESIDENT, BUSINESS DEVELOPMENT @ GUIDEIT

Maximizing the greatest potential of an organization calls for an environment that fosters courage and encourages educated risks. Fostering and maintaining such an environment takes special care and attention.  However, an organization who's environment appreciates, nourishes, and respects courageous attempts will surely reap some truly amazing benefits:

  • distinctive separation from industry growth expectations and standards
  • more empowered team members
  • the best possible services and/or solutions not only suggested, but actually delivered to and realized by clients.

I recall an incident from my childhood when my father told me we were going to “paint the house”.  I was not quite six years of age at the time.  We lived in a small pier and beam house with asbestos shingles for siding.  I noticed, in the garage, paint my dad purchased. I decided to surprise my dad by helping out, and began painting the house myself.  I took the initiative to open the paint, and paint an entire side of the house.  Well, my father came out and saw me painting the siding, but his intentions were to only paint the trim instead of the entire side of the house.  However, I was not scolded nor punished for my actions, regardless of the misunderstanding and miscommunication. And regardless of the unintended outcome (clearly not a positive one), because of his gentle reaction, I was not discouraged.  That lesson taught me to always continue to try new things, and catapulted me at many times in my life into experiencing more than my peers.

Operating within existing guidelines and comfort zones is like playing in a sandbox; sustainable positive outcomes are predictable and a business can thrive and achieve consistent results within industry standards. But only with courage to be creative, and courage to take risks, is it possible to expand the sandbox and drive results that create milestones and surpass the industry standards. Indeed, each and every act of courage will not result in a positive outcome, but a leader's stoic reaction to failure is what continually fosters and enables courage in others. And it is through creativity, risk taking, and courage that opportunities open for major breakthrough changes.

Who Do YOU Trust?

AUTHORED BY WENDY DURRE, CUSTOMER EXECUTIVE @ GUIDEIT

Trust: Why is it that we use this word so often?  It is because we place great value on trust.  Trust is not a technique or a request, it is an emotional state.  To trust means to be vulnerable and accepting without evidence.  Trust is a feeling.

Think back on your experiences....How did you learn to trust?   Was it through positive or negative experiences?  Regardless of how you answered this question you undoubtedly learned to trust.

This life lesson applies in our work life just as it does our personal life.  Trust is a valued commodity that we may not consciously think about on a daily basis.  We have trust relationships with our employers, customers, sales people, peers and many others.

 

These relationships are formed based upon many factors, however several stand out:

  • Reliability
  • Perception of Confidence
  • Intentions
  • Unguarded Two Way Communication

When I experience the above in my everyday relationship with someone, I consider that to be a successful trust relationship.   They are my trusted advisor.  I strive to build these types of relationships with my customers each and every day one interaction at a time through honest open communication.   I would love to hear how your build and nurture your trust relationships.  How do you build trust?

Major Healthcare Payer Realizes Data Center Goals With GuideIT

Plano, TX – June 23, 2016 - GuideIT today announced that it completed the latest in a series of major technology infrastructure transformative initiatives for a major healthcare payer.

Working as an extension of the customer team, GuideIT served as the project lead for the decommissioning and consolidation of three major data centers. GuideIT worked across multiple vendors to assess, inventory and develop a consolidation plan, while designing the power system for the new receiving facility. GuideIT then executed the plan, enabling substantial cost savings and efficiency.

Having our team embraced as an integrated member of the customer is a great honor,” said Ron Hill, Vice President, East Region for GuideIT. “We have worked side-by-side with our customer to help them realize these important technology objectives.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

GuideIT to Provide Application Engineering Services for Healthcare Information Security Company

Plano, TX - June 23, 2015 – GuideIT today announced it has signed a contract to provide application services for a prominent healthcare information security company.

After working with the customer to develop requirements, GuideIT will perform discovery, create a work plan, and develop and deploy application components that will help the customer to achieve important customer care objectives.

“Our customer is at the leading edge of healthcare security and privacy,” said Frank Avignone, Senior Director of IT Interoperability and Analytics. “We are excited to deploy our healthcare applications expertise to help this outstanding organization.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

Chuck Lyles and GuideIT Featured as Power Player in Dallas Business Journal Article

Perspective On A Story Authored By Danielle Abril of the Dallas Business Journal

Recently GuideIT CEO Chuck Lyles was interviewed by Danielle Abril for the Dallas Business Journal's POWER PLAYERS feature. Tripling in size since Lyles took over a little more than a year ago, Danielle asked Chuck about his first year leading GuideIT and his plans moving forward. Here are some of the highlights from the article:

When asked what GuideIT is currently working on, Chuck replied, "We’ve been fortunate to really bring forward a few breakthrough ideas in the hospital marketplace. There’s been a lot of information that has gone from a piece of paper to a computer system. But once it’s in the computer system, how does a caregiver use that info to better make more meaningful diagnoses for patients or give them better information to treat patients? Our services really look at how we would improve the data and provide analytical outcomes of that data to make better decisions."

Danielle then went on to ask Chuck about his main goal.  "My goal is to really attract the best talent in the marketplace to come join the company and have them have aspirational career goals to drive better results. You can’t quantify results in terms of revenue or profit. It’s more about adding value for the customer."

When asked how he manages his team Chuck pointed out that he has always believed in hiring better people, empowering them, making them accountable and getting out of their way. He never asks them to do something that he is not willing to do himself. He believes in always being transparent and not being afraid to be vulnerable. In doing so, Chuck believes that it makes for an open, candid environment where the team can work together toward mutual success.

Chuck credits the ability to recruit top IT talent to the values central to the culture of GuideIT, a model carried from the Perot family's great tradition of creating successful companies.  With many former EDS and Perot Systems employees excited to return to this model of business, it is an attractive place for team members to create a career.

To learn more about Chuck, his past, and his vision for the future of GuideIT, you can read the article by Danielle on the Dallas Business Journal's website. Click here.

Perspective written by Peter Snell, VP Marketing @ GuideIT

The “Cloud”: Data Warehousing in 2015 (Part 2)

AUTHORED BY DONALD C. GILLETTE, PH.D., DATA CONSULTANT @ GUIDEIT

This week we will explore, in my opinion the best BI product currently on the market; Redshift by Amazon Web Services (AWS).

Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes. It uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients. Data load speed scales linearly with cluster size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce, Amazon Kinesis or any SSH-enabled host.

Redshift’s data warehouse architecture allows the user to automate most of the common administrative tasks associated with provisioning, configuring and monitoring a cloud data warehouse. Backups to Amazon S3 are continuous, incremental and automatic. Restores are fast! You are able to start querying in minutes while your data is spooled down in the background. Enabling disaster recovery across regions takes just a few clicks.

Security is built-in. Redshift enables you to encrypt data at rest and in transit (using hardware-accelerated AES-256 and SSL) isolate your clusters using Amazon VPC, and even manage your keys using hardware security modules (HSMs). All API calls, connection attempts, queries and changes to the cluster are logged and auditable.

Redshift uses a variety of innovations to obtain the highest query performance on datasets ranging in size from a hundred gigabytes to a petabyte or more. It uses columnar storage, data compression, and zone maps to reduce the amount of I/O needed to perform queries. It has a massively parallel processing (MPP) data warehouse architecture. Parallelizing and distributing SQL operations, it takes advantage of all available resources. The underlying hardware is designed for high performance data processing, using local attached storage to maximize throughput between the CPUs and drives, and a 10GigE mesh network to maximize throughput between nodes.

With just a few clicks of the AWS Management Console or a simple API call, you can easily change the number or type of nodes in your cloud data warehouse as your performance or capacity needs change. Amazon Redshift enables you to start with as little as a single 160GB DW2 Large node and scale up all the way to a petabyte or more of compressed user data using 16TB DW1 8XLarge nodes.

While resizing, it places your existing cluster into read-only mode, provisions a new cluster of your chosen size, and then copies data from your old cluster to your new one in parallel. You can continue running queries against your old cluster while the new one is being provisioned. Once your data has been copied to your new cluster, Redshift will automatically redirect queries to your new cluster and remove the old cluster.

Redshift allows you to choose On-Demand pricing with no up-front costs or long-term commitments, paying only for the resources you provisions. You can obtain significantly discounted rates with Reserved Instance pricing. With affordable pricing that provides options, you’re able to pick the best scenario to meet your needs.

Stay tuned for part  3 next week. In the meantime, what's your view on Redshift or other tools? Any challenges or projects you want to discuss?

The “Cloud”: Data Warehousing in 2015 (Part 1)

AUTHORED BY DONALD C. GILLETTE, PH.D., DATA CONSULTANT @ GUIDEIT

Let’s take a look this week at the benefits of external hosting of our data warehouse.

With prices so affordable from well-known providers like Amazon (AWS), Microsoft (Azure), and Google, there is no business reason to host a data warehouse internally. All three refer to this process by using the phrase “Cloud Computing”.  No offense to the soft and hardware marketing professionals reading this post, but I really think the noun/verb combination “Cloud Computing” is an overloaded phrase. Data warehousing is an object-oriented programming term, and the two cannot be compared.  Not to date myself, but thirty years ago we had a process called “time sharing services”.  This too was available from various vendors.  These services allowed us to run several types of statistical simulations/business analytics.  Cloud Computing is nothing more than what we did thirty years ago, yet on a much larger scale.

Data in a data warehouse is managed in a columnar format based on some kind of key, (unique or non-unique).  This enables analysis to be done in de-normalized rows created from a fact table.  In the world of mainframe days this was called an inverted list.  Today the cost of doing this exact same thing is geometrically lower.

Google, AWS and Azure all offer similar partners providing SAAS in the same variety of business categories, however each has its area of specialization. All leverage their extensive data networks and processing capacities on a worldwide scale.  Years ago I worked at a co-location center in Dallas that was attached to a major telecom provider.  I was installing hardware in a rack one Friday and noticed a large cage and racks being installed next to our location.  Returning the following Monday I found roughly 5,000 servers placed in that new rack space, all humming away.  It was Google installing a regional center for web searching capacity.  I thought that was an enormous economy of scale in 2006. Imagine what it is in 2015!

Google has the edge in web metrics.  Any metric about a web site or usage, user, business, demographic or anything else imaginable about a web site; Google has it remembered.  Not only remembered, but codified and classified as well.    The only drawback from my perspective is that their tools don’t seem user friendly.  Google also has a unique “what if analysis” for digital marketing which neither of the others seem to address.

AWS has created Redshift.  This first-rate product has an excellent architecture built to obtain extremely high query performance on datasets.  These datasets can range from a few hundred gigabytes to a petabyte or more. It uses columnar storage, data compression, and zone maps to reduce the amount of I/O needed to perform queries.  It also uses parallel processing in its data warehouse architecture, parallelizing and distributing SQL operations to take advantage of all available resources.  Costs are minimal, changing frequently depending upon the competition, but pricing is very affordable.  AWS also competes well in the SAAS market and functions parallel to those options provided by the others.

Azure is the newest participant in the threesome of data warehouse providers. Not only are they becoming competitive in the market, they are the logical choice if you are a Microsoft shop.   One large transition issue Microsoft data warehouse shops usually face is in changing from SQL 2008 R2 to SQL 2012 or 2014. Another consideration is that Azure pricing and configuration is somewhat confusing and their customer service tools may add to the confusion.

All of these services are more than capable of solving a data-warehousing requirement.  It’s just a matter of which one meets the needs of your business. In the following weeks I’ll guide you through implementation of a data warehouse in each of the above vendors and provide specific examples and output.

Patients Demand Technology

AUTHORED BY WENDY DURRE, CUSTOMER EXECUTIVE @ GUIDEIT

What would you think if you walked into a physician’s office and they actually wrote down your appointment in an old-fashioned paper appointment book? Recently my mother called me to say she left a physician’s office because of this very thing.  Although she is in her 70’s and not necessarily tech savvy, it made her uneasy and less confident in that practice.  Why???  If they were using antiquated business practices, how would that effect her patient care and the way they treated her medical issue?

As a person who works in the technology field, I am accustomed to helping providers implement and optimize technology.  Today’s customer (patient) has a different set of expectations; even those of just 10 years ago.   You don’t have to grow-up using video games to understand that technology is an integral part of the medical field and patient experience.

Recently a study was performed where 97% of the patients surveyed approved of their physician using technology (including desktop and mobile devices) in the exam room.  And, 58% felt that it positively impacts their overall experience, especially when used to educate and explain.  What I find ironic is that technology abounds and always has in the healthcare world; however we often hear that physicians/clinicians etc., are reluctant to adopt new technology despite the fact that their patients welcome it.

While change is never comfortable, it is definitely necessary.  I predict physicians who choose not to adopt this new tech-savvy avenue will see a dramatic decline in the number of patients they see in their practice.   But, as long as technology doesn’t take away from the interpersonal communication they have with their patients, it will be an asset.  Not only will it improve their physician/patient experience, but their business practices as well.

Now what to do with all of that data?

Make it a great day!

Healthcare Payer Taps GuideIT for Managed Services

Plano, TX - May 7, 2015 – GuideIT today announced it has signed a multi-year managed services agreement to provide infrastructure operations services for a healthcare payer.

Leveraging its IT operations center in Plano, TX, GuideIT will monitor the customer’s networks, servers, virtual machine, storage environments, and batch job operations. GuideIT will also provide service desk support.  All services will be provided using the ITIL methodology and GuideIT’s toolset.

“We appreciate the trust our customer places in us,” said Ron Hill, Vice President, East Region for GuideIT. “Starting with short-term projects to help bridge staffing needs, our relationship has evolved to where we are supporting the strategic business initiatives of our customers.”

ABOUT GUIDEIT

As a provider of technology optimization services, we believe doing technology right is the difference between leaders and the rest. We help companies lead. Through a collaborative and easy-to-do-business-with approach, GuideIT helps customers align IT to the business strategy, better govern the value of IT, and effectively navigate change. Learn more at GuideIT.com.

MEDIA CONTACT

Peter Snell
214.810.6207
peter.snell@guideit.com

The Touchy-Feely Side of IT

AUTHORED BY WENDY DURRE, CUSTOMER EXECUTIVE @ Guideit

What do you think when you hear the “touchy-feely” side of IT?  Am I referring to a new, softer keyboard, something that works completely in Emoji’s?  Try again!  Believe it or not, TECHNOLOGY impacts our life not only in a practical way, but in an emotional way.

What I’m saying is **YOU** have an impact on others and the world as an IT professional. If you have a career in IT, whether it be a Service Desk Agent, Project Manager, Developer, Marketer, or Executive Leader, you have experienced the touchy-feely side of IT...and you may not even realize it.

Have you ever thought about how your work impacts others? And how do you feel about your work?  According to a recent study, only 39% of employees believe that the meaningfulness (contribution of their job to society as a whole) of their job is important to overall job satisfaction.  61% are passionate about their work, and 71% say they frequently put all their effort into their work. The takeaway here is that employees who find their work meaningful and fulfilling are more likely to be engaged and do their work well.

Here’s an example.  Does your work assist in the creation of IT jobs or increase employment opportunities in the IT space? Your impact may look something like this: You hire a candidate. That candidate has a family.  That family lives in a home purchased through a realtor who helped them find the best location close to work.  That candidate also works with a team within the company.  That team services the needs of their customer.  That team works on maintaining the new EMR application adopted by a medical practice treating and assessing ER patients.  We are definitely beyond keyboard, servers, and code.

By digging deeper and evaluating what our job is, we are able to understand that not only are we maintaining systems, we are impacting lives.  Every day as a result of your work, you impact hundreds of people.   It may seem like your job is a small part of a big process, but to those on the receiving end of your efforts, it is huge!

I challenge you this week to see the scope of your impact on others through your job. I’d love to hear how it changes the way you see yourself in your company and community. So please leave your comments below and make it a great day!

Lyles Speaks At IdeaWF, Shares David vs Goliath Triumph As Perspective For Entrepreneurs

Perspective On A Story Authored By John Ingle Of The Times Record News, Wichita Falls, Texas

Participants in the 2015 IdeaWF have an opportunity to create their own David and Goliath story in pursuing their entrepreneurial dreams and ideas according to Chuck Lyles, CEO of Plano based start-up GuideIT. Or as John Ingle from the Times Record News, Wichita Falls, Texas reported Lyles sharing, "We're living the dream, and maybe, just maybe we'll catch lightning in a bottle again. And maybe we can make a difference again."

In his article John highlighted Lyles' perspective on company culture and a pair of stories about his experience working in Perot built technology companies. Lyles shared the attributes of an H. Ross Perot company to include listening to customers, serving employees, operating with integrity, leading by example, and taking risk.

One of Chuck's stories John spotlights in the article focuses on a a real David and Goliath story from Chuck's time at EDS competing against IBM for a government contract. IBM had hundreds of people working on seven common areas of focus. On those same seven areas, EDS had seven teams of two people. EDS won the contract because they prepared to win all seven. In contrast, IBM prepared to win four. John quotes Lyles saying, “my point is as you begin to grow your business, will you deploy a 7-0 strategy, or will you deploy a 4-3?” He noted that the success was because of the culture Perot created; a culture that carried over to Perot Systems as well.

John closed the article with a compelling theme linking Lyles' latest adventure with the Perot family as an opportunity to again catch lightning in a bottle. Last year, Ross Perot Jr. came calling and lured him back to this new venture with GuideIT. The company tripled in size last year.

Perspective written by Peter Snell, VP Marketing @ GuideIT

Your Data: No Matter What You Do, It’s Your Most Valuable Asset…MINING DATA (2 of 2)

AUTHORED BY DONALD C. GILLETTE, PH.D., DATA CONSULTANT @ GUIDEIT

Last week we discussed data mining.  I shared a query using census data; discussing how data mining is of great value in creating Business Intelligence and driving new business.  Today we will explore some great sites for data mining and how to do it.
We begin with one of the largest web service suppliers, Amazon. Amazon maintains the largest collection of remote computing services...unless you ask Google or Microsoft. All provide cloud computing, big data services and mass storage. They also provide API access to large data mining sites. For example, Amazon provides access to many data sets including the following...

  • Climate Data
  • Genome Data
  • Material Safety Data Sheets
  • Petroleum Public Data Set

Let’s explore a scenario where you work for a Health Insurance company and do Business Analytics. Your Marketing Department asks for your assistance in getting information to price a policy for a company that refines oil and gas. The prospective client provides the Marketing Department with the following information:

  • List of all locations, with employee demographics (age, gender, etc)
  • List of all chemicals used by location
  • List of all products refined at each location
  • Several other relavent pieces of data

Where do you start?  Using your Amazon account, create a repository for the relevant information.  Then, take each data set, and apply it to the project.  For example:

  • Climate Data:  Based on past experience in the Insurance market, I know that weather effects health depending on climate.  The first query I build will create a cube that includes all the facts related to the climate in that location and it’s surrounding areas.
  • Genome Data:  My next cube will explore demographics specifically around gender and age.  By knowing the averages of diseases (Cancer, Heart Disease etc), this can help determine the risks involved in insuring this group.
  • Material Safety Data Sheets & Petroleum Public Data Set:  Combined, I can create a cube that lists the products refined and the chemicals used, as well as any known carcinogens.
  • Additional Options:  For this example, FICO scores are important.  This effects cost and is pretty much a non-negotiable in making quote decisions.

By continuing these steps and combining cubes, I’m able to discover a more complete perspective.  Now when meeting with the Marketing Department, they have a widespread analysis that allows them to determine the most cost effective and comprehensive way to insure this client.  It sounds complicated, and it is.  But, it’s one of the most vital and largest responsibilities of Business Intelligence.

How does your organization use data mining to solve business challenges?

No post found
No post found
Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Healthcare Management Organization Realizes Cloud Cost Savings with GuideIT

GuideIT was engaged for this project as our customer was experiencing cost inefficiencies with their current server which caused them to have less flexibility and control over their solution. GuideIT recommended moving the customer from their current provider, and moving it into AWS EC2 and AWS SE. Through this solution, the customer will realize a reduction in cost, and greater durability and recoverability.

Healthcare Collaboration Provider Achieves Cloud Resiliency & Cost Savings with GuideIT

A leading healthcare collaboration provider was seeking to improve the costs and resiliency of their cloud environment. GuideIT leveraged the latest tools and techniques available to deliver higher availability, durability, and recoverability in their cloud environment. The customer was able to transition to an OpEx model and achieve a 15% decrease in ongoing monthly cloud spend.

Application Development of Core Software Product

GuideIT provides comprehensive Application Development and Modernization services to a global risk and compliance leader through consulting, development, and hybrid agile/waterfall methodologies to implement a continuous delivery strategy and position the organization for the future.

The Customer

A leading, privately-held information security company maintains one of the most widely adopted certifiable risk and compliance management frameworks for safeguarding sensitive regulated data.

The company’s flagship go-to-market product is a software application utilized by customers to assess and maintain compliance with various regulatory regimes such as ISO/IEC 27000-series and HIPAA.

The Challenge

The company was seeking to significantly redesign its core SaaS-based risk management platform to make it easier and more cost-effective for subscribers to manage information risk and meet international, federal and state regulations concerning privacy and security.

The original application was based on an outdated third-party platform and was not optimized for performance or scalability. The company also had a strategic goal to maintain complete ownership of the intellectual property making up the application and to deliver the product as a cloud-based Software-as-a-Service platform. Furthermore, the company desired a robust, modernized user interface in line with industry best practices for interface design and user experience.

The existing security solution was NOT:

» Based on modern technologies
» Scalable for cloud-based delivery
» Optimized for performance
» Utilizing UX/UI best practices

GuideIT Application Development Services provide end-to-end solutions for modernization, management, and development of software tailored to specific business needs. Leveraging top industry talent, GuideIT Application Services teams develop, deploy, and maintain best-of-breed software solutions while leveraging modern development frameworks for continuous delivery such as DevOps, Agile, and hybrid models.

The Solution

GuideIT developed a plan to modernize the application and address the shortcomings of an aging architecture while also implementing a comprehensive strategy for ongoing development. The modernized application would be based on the latest cloud-based technology stack to allow fluid scaling to meet demand. Leveraging skilled User Interface and Experience designers, the application would benefit from a refreshed look and feel, based on a material design framework. Finally, the data and application architecture would be re-engineered from the ground up to provide a robust and responsive experience to end users who carry with them the expectation of world-class performance.

Solution Benefits

» Continuous development approach
» Secure code validation
» Increased user satisfaction
» Collaborative development partnership
» Modernized user interface & experience
» Scalable application architecture
» Increased product revenues
» Enhanced application performance

Why GuideIT

DISCOVER > DESIGN > DEVELOP > DEPLOY

GuideIT understands the needs of organizations to not only pursue the benefits of cutting edge approaches but also maintain support for late-cycle technologies that still form the basis of many critical business services. Customers benefit from industry-best talent and a disciplined yet flexible development life cycle approach which incorporates the principles of DevOps, Agile, Waterfall, and other management frameworks paired with a consultative, strategic approach.

GuideIT developed a comprehensive plan to redesign and modernize the core application product utilizing best-of-breed technologies and methodologies. Levering industry best practices and a hybrid agile/waterfall development framework, GuideIT assessed the requirements and selected the best-suited architecture and approach, created a plan to address strategic goals, and engaged within a continuous delivery methodology.

The Implementation

1. REQUIREMENTS– Upon initiation of the project, GuideIT performed a comprehensive requirements gathering exercise to document existing functionality and map new feature requests and requirements for the application. We consulted with the customer who had developed an extensive product scope based on their business needs. GuideIT then adapted the requirements into an initial development plan.
2. DEVELOPMENT– With the development plan in place, GuideIT worked with the customer to prioritize the efforts into sprints, which enabled completion of a minimum viable product version that would then be enhanced through continuous development and integration methodologies incorporating an agile approach.
3.DEPLOYMENT– Within a continuous deployment framework, GuideIT maintains up to six environments to advance new features and enhancements in coordination with the customer product managers and in alignment with the product road map for development, QA testing, UAT, and deployment.

The Results

The GuideIT Application Services teams partnered with the customer for the development of the new application. The customer was seeking to counteract declining user satisfaction and subscribers resulting from outdated features, architectures, and experience. Since implementation of the new application with improved interface and features, the customer has expand their subscriber base by more than 95% in a 20-month period resulting in higher revenue.

As the core go to market offering, ongoing development of the application was crucial to maintaining relevance by offering customers new and updated features. GuideIT implemented a continuous development framework, modernizing the approach and allowing more responsiveness to the customer’s ongoing product goals.

Leveraging a cloud application architecture with modern techniques, overall improvements were made in performance, scalability, compatibility, and interface, resulting in higher user satisfaction.

Centrally-Managed Networking Solution

A Regional healthcare Provider was seeking to decrease labor operating costs and improve how the organization handled ongoing management and maintenance. GuideIT designed a networking approach custom-tailored to the customer's needs and implemented a lower-cost, cloud-managed network across over 200 care centers and 800 devices. The solution reduced IT strain and related expenses by 35% through centralized management while maintaining high availability metrics across the network.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Covid-19 Vaccine Hub Solution: Contact Center as a Service

A large regional healthcare organization wanted to provide vaccination hub services to their community of over 200,000 members. Recognizing that they lacked the infrastructure nor the resources to support this initiative, they reached out to GuideIT to provide a solution.  In less than 30 days, the infrastructure was in place and the GuideIT Vaccination call center resources were performing patient screening, scheduling, and demand management functions for the provider.

Healthcare Collaboration Provider Achieves Resiliency & Cost Savings with AWS

Customer Profile

Our customer is a healthcare communications solutions provider specialized in nurse call systems, enterprise reporting & analytics tools, and industry-leading software applications for caregivers and clinical staff.

The Challenge

Our customer was experiencing resource constraints and delays in implementation with their current data center provider. The architecture was not making best use of available technologies and best practices leading to lack of resiliency and higher, uncontrolled costs.

The Solution

GuideIT recommended & architected an optimized solution for the customer in AWS. Through this optimized architecture, the customer will realize a reduced cost, and higher availability, durability, and recoverability.

AWS Services

  • AWS FSx for Windows
  • AWS Systems Manager Session Manager
  • AWS Systems Manager Patching
  • AWS Backup
  • AWS Certificate Manager
  • Amazon EC2
  • Elastic Load Balancing
  • Amazon EBS
  • Amazon CloudWatch
  • Microsoft Remote Desktop Services Gateway
  • Active Directory Application Integration

Metrics for Success

  • Introduce cost savings with new AWS solution
  • Provide for better scalability
  • Transition to Op-Ex cost model
  • Achieve targeted timeline for migration

The Result

  • Achieved 15% operational savings
  • Implemented Solution well within target in under 3 months
  • Delivered solution within budgetary requirements
  • Obtained greater than 50% faster deployment of new capabilities

The Integration Architecture

  • Managed highly available Windows File Services
  • Single Sign-on Active Directory Integration for Jira, Confluence, & Nexus
  • Secured International Access for key business applications
  • Managed Patching for fleets of servers
  • Secured and logged administrative access to protected system

The Sultion Architecture

Accelerating Business Outcomes

A diversified global provider of energy services had established a strong set of analytics to run its business, but the flow of information was slow, and the cost associated with manual reporting was excessive.

We developed and implemented a data integration strategy and deployed 22 real time business performance indicator dashboards, effectively eliminating a costly data warehouse solution and supporting a real-time, anytime, anyplace working environment.

Retail Campus Overhauls Email Security

A large campus retail environment serving over one million guests annually was facing security challenges with the rise of email-based attacks. Large email volume paired with a non-technical staff created a heightened risk of security breaches.

GuideIT implemented a Managed Email Security Solution that scans all inbound traffic to identify and isolate spam and malware, threatening URLs and attachments, while also reducing the threat of imposter and spoofed email addresses.

GuideIT Managed Email Security initially scanned over 83,000 emails protecting the organization from nearly 20 different malware threats and over 50 phishing attempts. 27,000 links were scanned and protected, resulting in 70,000 clean messages delivered during the initial deployment.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Healthcare Management Organization Realizes Cloud Cost Savings with GuideIT

GuideIT was engaged for this project as our customer was experiencing cost inefficiencies with their current server which caused them to have less flexibility and control over their solution. GuideIT recommended moving the customer from their current provider, and moving it into AWS EC2 and AWS SE. Through this solution, the customer will realize a reduction in cost, and greater durability and recoverability.

Healthcare Collaboration Provider Achieves Cloud Resiliency & Cost Savings with GuideIT

A leading healthcare collaboration provider was seeking to improve the costs and resiliency of their cloud environment. GuideIT leveraged the latest tools and techniques available to deliver higher availability, durability, and recoverability in their cloud environment. The customer was able to transition to an OpEx model and achieve a 15% decrease in ongoing monthly cloud spend.

Application Development of Core Software Product

GuideIT provides comprehensive Application Development and Modernization services to a global risk and compliance leader through consulting, development, and hybrid agile/waterfall methodologies to implement a continuous delivery strategy and position the organization for the future.

The Customer

A leading, privately-held information security company maintains one of the most widely adopted certifiable risk and compliance management frameworks for safeguarding sensitive regulated data.

The company’s flagship go-to-market product is a software application utilized by customers to assess and maintain compliance with various regulatory regimes such as ISO/IEC 27000-series and HIPAA.

The Challenge

The company was seeking to significantly redesign its core SaaS-based risk management platform to make it easier and more cost-effective for subscribers to manage information risk and meet international, federal and state regulations concerning privacy and security.

The original application was based on an outdated third-party platform and was not optimized for performance or scalability. The company also had a strategic goal to maintain complete ownership of the intellectual property making up the application and to deliver the product as a cloud-based Software-as-a-Service platform. Furthermore, the company desired a robust, modernized user interface in line with industry best practices for interface design and user experience.

The existing security solution was NOT:

» Based on modern technologies
» Scalable for cloud-based delivery
» Optimized for performance
» Utilizing UX/UI best practices

GuideIT Application Development Services provide end-to-end solutions for modernization, management, and development of software tailored to specific business needs. Leveraging top industry talent, GuideIT Application Services teams develop, deploy, and maintain best-of-breed software solutions while leveraging modern development frameworks for continuous delivery such as DevOps, Agile, and hybrid models.

The Solution

GuideIT developed a plan to modernize the application and address the shortcomings of an aging architecture while also implementing a comprehensive strategy for ongoing development. The modernized application would be based on the latest cloud-based technology stack to allow fluid scaling to meet demand. Leveraging skilled User Interface and Experience designers, the application would benefit from a refreshed look and feel, based on a material design framework. Finally, the data and application architecture would be re-engineered from the ground up to provide a robust and responsive experience to end users who carry with them the expectation of world-class performance.

Solution Benefits

» Continuous development approach
» Secure code validation
» Increased user satisfaction
» Collaborative development partnership
» Modernized user interface & experience
» Scalable application architecture
» Increased product revenues
» Enhanced application performance

Why GuideIT

DISCOVER > DESIGN > DEVELOP > DEPLOY

GuideIT understands the needs of organizations to not only pursue the benefits of cutting edge approaches but also maintain support for late-cycle technologies that still form the basis of many critical business services. Customers benefit from industry-best talent and a disciplined yet flexible development life cycle approach which incorporates the principles of DevOps, Agile, Waterfall, and other management frameworks paired with a consultative, strategic approach.

GuideIT developed a comprehensive plan to redesign and modernize the core application product utilizing best-of-breed technologies and methodologies. Levering industry best practices and a hybrid agile/waterfall development framework, GuideIT assessed the requirements and selected the best-suited architecture and approach, created a plan to address strategic goals, and engaged within a continuous delivery methodology.

The Implementation

1. REQUIREMENTS– Upon initiation of the project, GuideIT performed a comprehensive requirements gathering exercise to document existing functionality and map new feature requests and requirements for the application. We consulted with the customer who had developed an extensive product scope based on their business needs. GuideIT then adapted the requirements into an initial development plan.
2. DEVELOPMENT– With the development plan in place, GuideIT worked with the customer to prioritize the efforts into sprints, which enabled completion of a minimum viable product version that would then be enhanced through continuous development and integration methodologies incorporating an agile approach.
3.DEPLOYMENT– Within a continuous deployment framework, GuideIT maintains up to six environments to advance new features and enhancements in coordination with the customer product managers and in alignment with the product road map for development, QA testing, UAT, and deployment.

The Results

The GuideIT Application Services teams partnered with the customer for the development of the new application. The customer was seeking to counteract declining user satisfaction and subscribers resulting from outdated features, architectures, and experience. Since implementation of the new application with improved interface and features, the customer has expand their subscriber base by more than 95% in a 20-month period resulting in higher revenue.

As the core go to market offering, ongoing development of the application was crucial to maintaining relevance by offering customers new and updated features. GuideIT implemented a continuous development framework, modernizing the approach and allowing more responsiveness to the customer’s ongoing product goals.

Leveraging a cloud application architecture with modern techniques, overall improvements were made in performance, scalability, compatibility, and interface, resulting in higher user satisfaction.

Centrally-Managed Networking Solution

A Regional healthcare Provider was seeking to decrease labor operating costs and improve how the organization handled ongoing management and maintenance. GuideIT designed a networking approach custom-tailored to the customer's needs and implemented a lower-cost, cloud-managed network across over 200 care centers and 800 devices. The solution reduced IT strain and related expenses by 35% through centralized management while maintaining high availability metrics across the network.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Covid-19 Vaccine Hub Solution: Contact Center as a Service

A large regional healthcare organization wanted to provide vaccination hub services to their community of over 200,000 members. Recognizing that they lacked the infrastructure nor the resources to support this initiative, they reached out to GuideIT to provide a solution.  In less than 30 days, the infrastructure was in place and the GuideIT Vaccination call center resources were performing patient screening, scheduling, and demand management functions for the provider.

Healthcare Collaboration Provider Achieves Resiliency & Cost Savings with AWS

Customer Profile

Our customer is a healthcare communications solutions provider specialized in nurse call systems, enterprise reporting & analytics tools, and industry-leading software applications for caregivers and clinical staff.

The Challenge

Our customer was experiencing resource constraints and delays in implementation with their current data center provider. The architecture was not making best use of available technologies and best practices leading to lack of resiliency and higher, uncontrolled costs.

The Solution

GuideIT recommended & architected an optimized solution for the customer in AWS. Through this optimized architecture, the customer will realize a reduced cost, and higher availability, durability, and recoverability.

AWS Services

  • AWS FSx for Windows
  • AWS Systems Manager Session Manager
  • AWS Systems Manager Patching
  • AWS Backup
  • AWS Certificate Manager
  • Amazon EC2
  • Elastic Load Balancing
  • Amazon EBS
  • Amazon CloudWatch
  • Microsoft Remote Desktop Services Gateway
  • Active Directory Application Integration

Metrics for Success

  • Introduce cost savings with new AWS solution
  • Provide for better scalability
  • Transition to Op-Ex cost model
  • Achieve targeted timeline for migration

The Result

  • Achieved 15% operational savings
  • Implemented Solution well within target in under 3 months
  • Delivered solution within budgetary requirements
  • Obtained greater than 50% faster deployment of new capabilities

The Integration Architecture

  • Managed highly available Windows File Services
  • Single Sign-on Active Directory Integration for Jira, Confluence, & Nexus
  • Secured International Access for key business applications
  • Managed Patching for fleets of servers
  • Secured and logged administrative access to protected system

The Sultion Architecture

Accelerating Business Outcomes

A diversified global provider of energy services had established a strong set of analytics to run its business, but the flow of information was slow, and the cost associated with manual reporting was excessive.

We developed and implemented a data integration strategy and deployed 22 real time business performance indicator dashboards, effectively eliminating a costly data warehouse solution and supporting a real-time, anytime, anyplace working environment.

Retail Campus Overhauls Email Security

A large campus retail environment serving over one million guests annually was facing security challenges with the rise of email-based attacks. Large email volume paired with a non-technical staff created a heightened risk of security breaches.

GuideIT implemented a Managed Email Security Solution that scans all inbound traffic to identify and isolate spam and malware, threatening URLs and attachments, while also reducing the threat of imposter and spoofed email addresses.

GuideIT Managed Email Security initially scanned over 83,000 emails protecting the organization from nearly 20 different malware threats and over 50 phishing attempts. 27,000 links were scanned and protected, resulting in 70,000 clean messages delivered during the initial deployment.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Healthcare Management Organization Realizes Cloud Cost Savings with GuideIT

GuideIT was engaged for this project as our customer was experiencing cost inefficiencies with their current server which caused them to have less flexibility and control over their solution. GuideIT recommended moving the customer from their current provider, and moving it into AWS EC2 and AWS SE. Through this solution, the customer will realize a reduction in cost, and greater durability and recoverability.

Healthcare Collaboration Provider Achieves Cloud Resiliency & Cost Savings with GuideIT

A leading healthcare collaboration provider was seeking to improve the costs and resiliency of their cloud environment. GuideIT leveraged the latest tools and techniques available to deliver higher availability, durability, and recoverability in their cloud environment. The customer was able to transition to an OpEx model and achieve a 15% decrease in ongoing monthly cloud spend.

Application Development of Core Software Product

GuideIT provides comprehensive Application Development and Modernization services to a global risk and compliance leader through consulting, development, and hybrid agile/waterfall methodologies to implement a continuous delivery strategy and position the organization for the future.

The Customer

A leading, privately-held information security company maintains one of the most widely adopted certifiable risk and compliance management frameworks for safeguarding sensitive regulated data.

The company’s flagship go-to-market product is a software application utilized by customers to assess and maintain compliance with various regulatory regimes such as ISO/IEC 27000-series and HIPAA.

The Challenge

The company was seeking to significantly redesign its core SaaS-based risk management platform to make it easier and more cost-effective for subscribers to manage information risk and meet international, federal and state regulations concerning privacy and security.

The original application was based on an outdated third-party platform and was not optimized for performance or scalability. The company also had a strategic goal to maintain complete ownership of the intellectual property making up the application and to deliver the product as a cloud-based Software-as-a-Service platform. Furthermore, the company desired a robust, modernized user interface in line with industry best practices for interface design and user experience.

The existing security solution was NOT:

» Based on modern technologies
» Scalable for cloud-based delivery
» Optimized for performance
» Utilizing UX/UI best practices

GuideIT Application Development Services provide end-to-end solutions for modernization, management, and development of software tailored to specific business needs. Leveraging top industry talent, GuideIT Application Services teams develop, deploy, and maintain best-of-breed software solutions while leveraging modern development frameworks for continuous delivery such as DevOps, Agile, and hybrid models.

The Solution

GuideIT developed a plan to modernize the application and address the shortcomings of an aging architecture while also implementing a comprehensive strategy for ongoing development. The modernized application would be based on the latest cloud-based technology stack to allow fluid scaling to meet demand. Leveraging skilled User Interface and Experience designers, the application would benefit from a refreshed look and feel, based on a material design framework. Finally, the data and application architecture would be re-engineered from the ground up to provide a robust and responsive experience to end users who carry with them the expectation of world-class performance.

Solution Benefits

» Continuous development approach
» Secure code validation
» Increased user satisfaction
» Collaborative development partnership
» Modernized user interface & experience
» Scalable application architecture
» Increased product revenues
» Enhanced application performance

Why GuideIT

DISCOVER > DESIGN > DEVELOP > DEPLOY

GuideIT understands the needs of organizations to not only pursue the benefits of cutting edge approaches but also maintain support for late-cycle technologies that still form the basis of many critical business services. Customers benefit from industry-best talent and a disciplined yet flexible development life cycle approach which incorporates the principles of DevOps, Agile, Waterfall, and other management frameworks paired with a consultative, strategic approach.

GuideIT developed a comprehensive plan to redesign and modernize the core application product utilizing best-of-breed technologies and methodologies. Levering industry best practices and a hybrid agile/waterfall development framework, GuideIT assessed the requirements and selected the best-suited architecture and approach, created a plan to address strategic goals, and engaged within a continuous delivery methodology.

The Implementation

1. REQUIREMENTS– Upon initiation of the project, GuideIT performed a comprehensive requirements gathering exercise to document existing functionality and map new feature requests and requirements for the application. We consulted with the customer who had developed an extensive product scope based on their business needs. GuideIT then adapted the requirements into an initial development plan.
2. DEVELOPMENT– With the development plan in place, GuideIT worked with the customer to prioritize the efforts into sprints, which enabled completion of a minimum viable product version that would then be enhanced through continuous development and integration methodologies incorporating an agile approach.
3.DEPLOYMENT– Within a continuous deployment framework, GuideIT maintains up to six environments to advance new features and enhancements in coordination with the customer product managers and in alignment with the product road map for development, QA testing, UAT, and deployment.

The Results

The GuideIT Application Services teams partnered with the customer for the development of the new application. The customer was seeking to counteract declining user satisfaction and subscribers resulting from outdated features, architectures, and experience. Since implementation of the new application with improved interface and features, the customer has expand their subscriber base by more than 95% in a 20-month period resulting in higher revenue.

As the core go to market offering, ongoing development of the application was crucial to maintaining relevance by offering customers new and updated features. GuideIT implemented a continuous development framework, modernizing the approach and allowing more responsiveness to the customer’s ongoing product goals.

Leveraging a cloud application architecture with modern techniques, overall improvements were made in performance, scalability, compatibility, and interface, resulting in higher user satisfaction.

Centrally-Managed Networking Solution

A Regional healthcare Provider was seeking to decrease labor operating costs and improve how the organization handled ongoing management and maintenance. GuideIT designed a networking approach custom-tailored to the customer's needs and implemented a lower-cost, cloud-managed network across over 200 care centers and 800 devices. The solution reduced IT strain and related expenses by 35% through centralized management while maintaining high availability metrics across the network.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Covid-19 Vaccine Hub Solution: Contact Center as a Service

A large regional healthcare organization wanted to provide vaccination hub services to their community of over 200,000 members. Recognizing that they lacked the infrastructure nor the resources to support this initiative, they reached out to GuideIT to provide a solution.  In less than 30 days, the infrastructure was in place and the GuideIT Vaccination call center resources were performing patient screening, scheduling, and demand management functions for the provider.

Healthcare Collaboration Provider Achieves Resiliency & Cost Savings with AWS

Customer Profile

Our customer is a healthcare communications solutions provider specialized in nurse call systems, enterprise reporting & analytics tools, and industry-leading software applications for caregivers and clinical staff.

The Challenge

Our customer was experiencing resource constraints and delays in implementation with their current data center provider. The architecture was not making best use of available technologies and best practices leading to lack of resiliency and higher, uncontrolled costs.

The Solution

GuideIT recommended & architected an optimized solution for the customer in AWS. Through this optimized architecture, the customer will realize a reduced cost, and higher availability, durability, and recoverability.

AWS Services

  • AWS FSx for Windows
  • AWS Systems Manager Session Manager
  • AWS Systems Manager Patching
  • AWS Backup
  • AWS Certificate Manager
  • Amazon EC2
  • Elastic Load Balancing
  • Amazon EBS
  • Amazon CloudWatch
  • Microsoft Remote Desktop Services Gateway
  • Active Directory Application Integration

Metrics for Success

  • Introduce cost savings with new AWS solution
  • Provide for better scalability
  • Transition to Op-Ex cost model
  • Achieve targeted timeline for migration

The Result

  • Achieved 15% operational savings
  • Implemented Solution well within target in under 3 months
  • Delivered solution within budgetary requirements
  • Obtained greater than 50% faster deployment of new capabilities

The Integration Architecture

  • Managed highly available Windows File Services
  • Single Sign-on Active Directory Integration for Jira, Confluence, & Nexus
  • Secured International Access for key business applications
  • Managed Patching for fleets of servers
  • Secured and logged administrative access to protected system

The Sultion Architecture

Accelerating Business Outcomes

A diversified global provider of energy services had established a strong set of analytics to run its business, but the flow of information was slow, and the cost associated with manual reporting was excessive.

We developed and implemented a data integration strategy and deployed 22 real time business performance indicator dashboards, effectively eliminating a costly data warehouse solution and supporting a real-time, anytime, anyplace working environment.

Retail Campus Overhauls Email Security

A large campus retail environment serving over one million guests annually was facing security challenges with the rise of email-based attacks. Large email volume paired with a non-technical staff created a heightened risk of security breaches.

GuideIT implemented a Managed Email Security Solution that scans all inbound traffic to identify and isolate spam and malware, threatening URLs and attachments, while also reducing the threat of imposter and spoofed email addresses.

GuideIT Managed Email Security initially scanned over 83,000 emails protecting the organization from nearly 20 different malware threats and over 50 phishing attempts. 27,000 links were scanned and protected, resulting in 70,000 clean messages delivered during the initial deployment.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Healthcare Management Organization Realizes Cloud Cost Savings with GuideIT

GuideIT was engaged for this project as our customer was experiencing cost inefficiencies with their current server which caused them to have less flexibility and control over their solution. GuideIT recommended moving the customer from their current provider, and moving it into AWS EC2 and AWS SE. Through this solution, the customer will realize a reduction in cost, and greater durability and recoverability.

Healthcare Collaboration Provider Achieves Cloud Resiliency & Cost Savings with GuideIT

A leading healthcare collaboration provider was seeking to improve the costs and resiliency of their cloud environment. GuideIT leveraged the latest tools and techniques available to deliver higher availability, durability, and recoverability in their cloud environment. The customer was able to transition to an OpEx model and achieve a 15% decrease in ongoing monthly cloud spend.

Application Development of Core Software Product

GuideIT provides comprehensive Application Development and Modernization services to a global risk and compliance leader through consulting, development, and hybrid agile/waterfall methodologies to implement a continuous delivery strategy and position the organization for the future.

The Customer

A leading, privately-held information security company maintains one of the most widely adopted certifiable risk and compliance management frameworks for safeguarding sensitive regulated data.

The company’s flagship go-to-market product is a software application utilized by customers to assess and maintain compliance with various regulatory regimes such as ISO/IEC 27000-series and HIPAA.

The Challenge

The company was seeking to significantly redesign its core SaaS-based risk management platform to make it easier and more cost-effective for subscribers to manage information risk and meet international, federal and state regulations concerning privacy and security.

The original application was based on an outdated third-party platform and was not optimized for performance or scalability. The company also had a strategic goal to maintain complete ownership of the intellectual property making up the application and to deliver the product as a cloud-based Software-as-a-Service platform. Furthermore, the company desired a robust, modernized user interface in line with industry best practices for interface design and user experience.

The existing security solution was NOT:

» Based on modern technologies
» Scalable for cloud-based delivery
» Optimized for performance
» Utilizing UX/UI best practices

GuideIT Application Development Services provide end-to-end solutions for modernization, management, and development of software tailored to specific business needs. Leveraging top industry talent, GuideIT Application Services teams develop, deploy, and maintain best-of-breed software solutions while leveraging modern development frameworks for continuous delivery such as DevOps, Agile, and hybrid models.

The Solution

GuideIT developed a plan to modernize the application and address the shortcomings of an aging architecture while also implementing a comprehensive strategy for ongoing development. The modernized application would be based on the latest cloud-based technology stack to allow fluid scaling to meet demand. Leveraging skilled User Interface and Experience designers, the application would benefit from a refreshed look and feel, based on a material design framework. Finally, the data and application architecture would be re-engineered from the ground up to provide a robust and responsive experience to end users who carry with them the expectation of world-class performance.

Solution Benefits

» Continuous development approach
» Secure code validation
» Increased user satisfaction
» Collaborative development partnership
» Modernized user interface & experience
» Scalable application architecture
» Increased product revenues
» Enhanced application performance

Why GuideIT

DISCOVER > DESIGN > DEVELOP > DEPLOY

GuideIT understands the needs of organizations to not only pursue the benefits of cutting edge approaches but also maintain support for late-cycle technologies that still form the basis of many critical business services. Customers benefit from industry-best talent and a disciplined yet flexible development life cycle approach which incorporates the principles of DevOps, Agile, Waterfall, and other management frameworks paired with a consultative, strategic approach.

GuideIT developed a comprehensive plan to redesign and modernize the core application product utilizing best-of-breed technologies and methodologies. Levering industry best practices and a hybrid agile/waterfall development framework, GuideIT assessed the requirements and selected the best-suited architecture and approach, created a plan to address strategic goals, and engaged within a continuous delivery methodology.

The Implementation

1. REQUIREMENTS– Upon initiation of the project, GuideIT performed a comprehensive requirements gathering exercise to document existing functionality and map new feature requests and requirements for the application. We consulted with the customer who had developed an extensive product scope based on their business needs. GuideIT then adapted the requirements into an initial development plan.
2. DEVELOPMENT– With the development plan in place, GuideIT worked with the customer to prioritize the efforts into sprints, which enabled completion of a minimum viable product version that would then be enhanced through continuous development and integration methodologies incorporating an agile approach.
3.DEPLOYMENT– Within a continuous deployment framework, GuideIT maintains up to six environments to advance new features and enhancements in coordination with the customer product managers and in alignment with the product road map for development, QA testing, UAT, and deployment.

The Results

The GuideIT Application Services teams partnered with the customer for the development of the new application. The customer was seeking to counteract declining user satisfaction and subscribers resulting from outdated features, architectures, and experience. Since implementation of the new application with improved interface and features, the customer has expand their subscriber base by more than 95% in a 20-month period resulting in higher revenue.

As the core go to market offering, ongoing development of the application was crucial to maintaining relevance by offering customers new and updated features. GuideIT implemented a continuous development framework, modernizing the approach and allowing more responsiveness to the customer’s ongoing product goals.

Leveraging a cloud application architecture with modern techniques, overall improvements were made in performance, scalability, compatibility, and interface, resulting in higher user satisfaction.

Centrally-Managed Networking Solution

A Regional healthcare Provider was seeking to decrease labor operating costs and improve how the organization handled ongoing management and maintenance. GuideIT designed a networking approach custom-tailored to the customer's needs and implemented a lower-cost, cloud-managed network across over 200 care centers and 800 devices. The solution reduced IT strain and related expenses by 35% through centralized management while maintaining high availability metrics across the network.

Telecom Services Cost Optimization

A National Full-Service Benefits provider partnered with GuideIT to reduce costs and improve quality of their telecom services. GuideIT designed a solution to transition the company away from expensive MPLS through implementation of SDWAN and taking advantage of lower costs circuits. The plan reduced their monthly telecom spend by 50% while also improving the performance and resiliency of the network.

Covid-19 Vaccine Hub Solution: Contact Center as a Service

A large regional healthcare organization wanted to provide vaccination hub services to their community of over 200,000 members. Recognizing that they lacked the infrastructure nor the resources to support this initiative, they reached out to GuideIT to provide a solution.  In less than 30 days, the infrastructure was in place and the GuideIT Vaccination call center resources were performing patient screening, scheduling, and demand management functions for the provider.

Healthcare Collaboration Provider Achieves Resiliency & Cost Savings with AWS

Customer Profile

Our customer is a healthcare communications solutions provider specialized in nurse call systems, enterprise reporting & analytics tools, and industry-leading software applications for caregivers and clinical staff.

The Challenge

Our customer was experiencing resource constraints and delays in implementation with their current data center provider. The architecture was not making best use of available technologies and best practices leading to lack of resiliency and higher, uncontrolled costs.

The Solution

GuideIT recommended & architected an optimized solution for the customer in AWS. Through this optimized architecture, the customer will realize a reduced cost, and higher availability, durability, and recoverability.

AWS Services

  • AWS FSx for Windows
  • AWS Systems Manager Session Manager
  • AWS Systems Manager Patching
  • AWS Backup
  • AWS Certificate Manager
  • Amazon EC2
  • Elastic Load Balancing
  • Amazon EBS
  • Amazon CloudWatch
  • Microsoft Remote Desktop Services Gateway
  • Active Directory Application Integration

Metrics for Success

  • Introduce cost savings with new AWS solution
  • Provide for better scalability
  • Transition to Op-Ex cost model
  • Achieve targeted timeline for migration

The Result

  • Achieved 15% operational savings
  • Implemented Solution well within target in under 3 months
  • Delivered solution within budgetary requirements
  • Obtained greater than 50% faster deployment of new capabilities

The Integration Architecture

  • Managed highly available Windows File Services
  • Single Sign-on Active Directory Integration for Jira, Confluence, & Nexus
  • Secured International Access for key business applications
  • Managed Patching for fleets of servers
  • Secured and logged administrative access to protected system

The Sultion Architecture

Accelerating Business Outcomes

A diversified global provider of energy services had established a strong set of analytics to run its business, but the flow of information was slow, and the cost associated with manual reporting was excessive.

We developed and implemented a data integration strategy and deployed 22 real time business performance indicator dashboards, effectively eliminating a costly data warehouse solution and supporting a real-time, anytime, anyplace working environment.

Retail Campus Overhauls Email Security

A large campus retail environment serving over one million guests annually was facing security challenges with the rise of email-based attacks. Large email volume paired with a non-technical staff created a heightened risk of security breaches.

GuideIT implemented a Managed Email Security Solution that scans all inbound traffic to identify and isolate spam and malware, threatening URLs and attachments, while also reducing the threat of imposter and spoofed email addresses.

GuideIT Managed Email Security initially scanned over 83,000 emails protecting the organization from nearly 20 different malware threats and over 50 phishing attempts. 27,000 links were scanned and protected, resulting in 70,000 clean messages delivered during the initial deployment.

Leading Museum and Educational Institution Extends IT Services Relationship with GuideIT

August 2, 2018 – Plano, TX – GuideIT today announced that it signed a three-year contract extension to provide IT managed services to a leading museum and educational institution.

The museum engaged GuideIT three years ago for data center migration and IT support services.  Since then, the two organizations have worked together to introduce new cyber security and data preservation solutions, while advancing delivery support and optimizing IT support expense.

Chuck Lyles, CEO for GuideIT said, “We are proud of the accomplishments achieved over the past three years and look forward to continuing our partnership providing strategic IT solutions that meet the needs of the museum’s mission.”

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com.

Amazon EC2 Security Groups

In this installment of our Scalable Solutions series, we are going to be reviewing one of the core components of EC2, the security group.  We have found that our customers find that the elasticity provided by security groups allows them to build more resilient solutions and expand them as performance dictates it, with consistent security policies.

In case you missed our previous articles you may want to go back and review these great resources.

Week 1 – Amazon Route 53 Basics

Week 2 – AWS Certificate Manager

Week 3 – AWS Systems Manager Parameter Store

Week 4 – AWS Application Load Balancer

If you are just looking to learn more about AWS and you are in the North Dallas area we sponsor the AWS User Group of North Dallas at our offices in McKinney, TX.  You can find this group on meetup.com.

Security Group Basics

Security groups are essentially a virtual firewall inside of your instance that controls ingress and egress traffic.

  1. By default, a security group doesn’t have any ingress rules and therefore doesn’t allow any inbound traffic, but has a default egress rule which allows all outbound traffic.
  2. You cannot specify deny rules.  The lack of an allow rule triggers the implicit deny.
  3. Security group rules are stateful.  This means that traffic that is allowed by a rule will have it return traffic allowed as well.
  4. Security group rules can allow traffic from another security group, or even its own security group.

Of course, in addition to Security Groups we can also leverage Network ACL’s to provide another level of security and traffic filtering.

Multiple AWS resource types can have a security group associated with it, such as EC2, RDS, ELB, but essentially anything with an Elastic Network Interface will have a security group.

In this example, we will be creating an ELB with some backend web servers.  We are going to enable the entire internet to access TCP 443 on the ELB, but from the ELB to the web servers we are only going to allow TCP 80.  This is called SSL termination, where we aren’t going to manage any SSL configuration on the web servers themselves since it gets terminated at the load balancer.  This lets us conserve CPU cycles on the web tier.

Create Security Group for Load Balancer

Firstly we need to add a security group, this one will be applied to the ELB, and will allow HTTPS inbound from the internet.  It will also be used to identify the traffic from the load balancer to the webserver security group.

PS&gt; aws ec2 create-security-group --group-name &quot;external - squirrelbox traffic&quot; --description &quot;allows external access to squirrelbox load balancers&quot; --vpc-id vpc-bfa608c4<br />

{<br />

&quot;GroupId&quot;: &quot;sg-8b9d27c1&quot;<br />

}

We will need to use the GroupId elsewhere, so please reserve this.

Allow HTTPS from Anywhere

Next let's allow the HTTPS inbound from the internet.  Of course simply modify the command to accomplish specific protocols, ports and sources.

PS&gt; aws ec2 authorize-security-group-ingress --group-id sg-8b9d27c1 --protocol tcp --port 443 --cidr 0.0.0.0/0

At this point, we are ready to associate this security group with our ELB.  If you haven’t jumped ahead we should see gateway errors from the ELB if we try and hit the ELB.

Create Security Group for Web Servers

Next, let's add a security group which we will associate with our web server instances.

PS&gt; aws ec2 create-security-group --group-name &quot;internal - squirrelbox traffic&quot; --description &quot;allows load balancers access to squirrelbox servers&quot; --vpc-id vpc-bfa608c4<br />

{<br />

&quot;GroupId&quot;: &quot;sg-78a51f32&quot;<br />

}

Now we need to create some rules.

Allow HTTP from Load Balancer Security Group

Here we are going to enable the load balancer to reach the web nodes on port 80.

PS&gt; aws ec2 authorize-security-group-ingress --group-id sg-78a51f32 --protocol tcp --port 80 --source-group sg-8b9d27c1

Notice the –source-group parameter, we can use this instead of specifying a CIDR address.  Now at this point, if your ELB, Web Server, and DNS setups are completed (out of the scope of this article) then you should be able to see your website.

At Entasis we assist our customers in building elastic and resilient solutions with performance on-demand.  If you need help making your cloud initiative a reality we would love to help.

AWS Application Load Balancer

This week in our Scalable Solutions series we are going to be covering the Elastic Load Balancer (specifically the Application Load Balancer or v2). At Entasis we help our customers build elastic and resilient solutions with performance on-demand.  If you need help finalizing your design or implementing your vision please don’t hesitate to reach out to us at sales@entasistech.com. Also if you are just looking to learn more about AWS and you are in the North Dallas area we sponsor the AWS User Group of North Dallas at our offices in McKinney, TX.  You can find this on meetup.com.

If you did not catch our earlier articles please take a peek at what we have been up to in this series.

Week 1 – Amazon Route 53 Basics

Week 2 – AWS Certificate Manager

Week 3 – AWS Systems Manager Parameter Store

One of the most critical concepts in any scalable solution to understand is horizontal scaling.  Basically, when scaling a solution we have two directions that we can scale in. We can scale vertically which means we are going to take our one system and make it bigger or we can scale horizontally which means that we can add more machines to the existing solution to help share the load with the previous node.

So let's look at a simple web workload.  We are going to make the assumption for a second that this is a static website (read: no server-side components, and no database backend requirement).  This workload is literally the easiest workload to scale horizontally. This is because we just put the content on a new box, configure the webserver the same (read: automation) and then we add it to DNS and we move on.  Now when we “add” it to DNS this means that we actually create an extra DNS record of type “A” with the IP address of the new system. When we do this it actually gets handled as round-robin DNS or “poor man’s load balancing” which basically means if you have 2 nodes in a DNS record that the response will alternate between the two records, this is not bad for distributing load (and it keeps working as you add more nodes – say 50) so if you have 2 nodes then each node will get 1/2 of your workload, if you have 50 then each node will get 1/50 of your workload.  This, however, has a number of weaknesses.

Connection Distribution Versus Workload Distribution

Not all users are created equal, so in our simple example, you could have a user which generates 5kb of data transfer, and another one who generates 50kb of data transfer.  This is 10x the workload. Now if you end up by complete randomness with a good portion of your users being serviced on one node which are 10x users, then that node has the potential to provide a poor experience due to having a higher number of active users then the other node.  So while the connections get distributed with ultimate fairness – the workload does not.

Failover Capability

The largest weakness, in my opinion, is an inability to deal with failure scenarios.  So since connections are distributed (1/2 and 1/50 in our examples) if we lose just one node, this means that we will lose the ability to provide services to the connections which will still be distributed among all of the nodes (including the failed one).  This is because there is no concept of a health check in DNS in general. Route 53 actually has the concept of a failover record which fills this gap nicely for certain workloads. We will cover this in a later article.

Load Balancing

So enter load balancing.  This enables us to have more intelligent workload distribution.  Based on our workload we can determine how we want to distribute our traffic, Least Connection Count for example (this actually will monitor the state of existing connections, so instead of sending 1/2 of the connections it will send 1/2 of the Active Connections which keeps the current connections even across all nodes).  Of course, there are still users that are 10x users but this ensures that our users will be routed to the quietest node at that time. Now combine this with health checks and the load balancer can mark a workload as unhealthy and thus choose to no longer route traffic to it until it becomes healthy again. This sort of capability protects your end users from experiencing and outage due to a single node failure.

OK so now that we know the why let's create some resources.

Identify Our VPC, Subnet and Security Groups

This requires us to create resources in a network, so we need to know where we want that to be.  I am using a demo account and such I only have the default VPC’s and subnets. If you have custom VPCs and specific subnet placement requirements you will want to ensure you use the correct resource ids.  However, if you aren’t picky or if you can recognize them by the id, this command will save you some work. I am simplifying the output using Powershell if you are on bash those portions will not work, but you can manually parse the aws command yourself.

VPCs

PS&gt; (aws ec2 describe-vpcs --region us-east-1 | ConvertFrom-Json).Vpcs.VpcId<br />

vpc-bfa608c4

Subnets

PS&gt; (aws ec2 describe-subnets --region us-east-1  | ConvertFrom-Json).Subnets.SubnetId<br />

subnet-45b36c4a<br />

subnet-233dd569<br />

subnet-5d88ac00<br />

subnet-aa525fce<br />

subnet-ce0627e1<br />

subnet-ad742d92

Security Groups

PS&gt; (aws ec2 describe-security-groups --region us-east-1  | ConvertFrom-Json).SecurityGroups.GroupId<br />

sg-205f1956<br />

sg-49e21d03<br />

sg-d49732a2<br />

sg-8b9d27c1<br />

sg-78a51f32

So here is a list of the resources we will use.

vpc-bfa608c4

subnet-45b36c4a

subnet-233dd569

sg-8b9d27c1

sg-78a51f32

You will only see one of the security groups in the setup, the other one is applied to our ec2 nodes and it allows the traffic from the load balancers to the web servers running on ec2.

Create Load Balancer

In order to create the load balancer we will need the following information:

  1. The desired name of the load balancer
  2. At least two subnets (in the same VPC)
  3. The security groups which allow traffic inbound from the client, and also that allow the ELB to communicate with the actual servers.
  4. The region in which to create the resource (which of course must be the same as the subnets and security groups.

Here is the basic syntax of the command.

$ aws elbv2 create-load-balancer --name [ load-balancer-name ] --subnets [ subnet1 subnet2 ] --security-groups [ security-group1 security-group2 ]--region [ region ]

In our example, our workload is going to be a couple of EC2 instances that are running apache over HTTP on port 80.  This is going to be accessible via the internet at www.squirrelbox.io over HTTPS on port 443. When we have a configuration like this where the web tier itself doesn’t run SSL, but the load balancer does this is called SSL termination, basically we are terminating the LS at the load balancer to save CPU cycles on the web nodes themselves, reduce the management overhead of having SSL certificates on all of our web nodes, but this is with one big caveat, we must trust the network between the load balancer and the web nodes.  In AWS this is not a problem due to the VPC architecture. However, if you have different requirements you can also look at using dedicated tenancy for your VPC and instances.

PS&gt; aws elbv2 create-load-balancer --name squirrelbox-external --scheme internet-facing --ip-address-type ipv4 --subnets subnet-45b36c4a subnet-233dd569 --security-groups sg-8b9d27c1 --region us-east-1<br />

{<br />

&quot;LoadBalancers&quot;: [<br />

{<br />

&quot;IpAddressType&quot;: &quot;ipv4&quot;,<br />

&quot;VpcId&quot;: &quot;vpc-bfa608c4&quot;,<br />

&quot;LoadBalancerArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a&quot;,<br />

&quot;State&quot;: {<br />

&quot;Code&quot;: &quot;provisioning&quot;<br />

},<br />

&quot;DNSName&quot;: &quot;squirrelbox-external-1261228970.us-east-1.elb.amazonaws.com&quot;,<br />

&quot;SecurityGroups&quot;: [<br />

&quot;sg-8b9d27c1&quot;<br />

],<br />

&quot;LoadBalancerName&quot;: &quot;squirrelbox-external&quot;,<br />

&quot;CreatedTime&quot;: &quot;2018-07-21T16:29:24Z&quot;,<br />

&quot;Scheme&quot;: &quot;internet-facing&quot;,<br />

&quot;Type&quot;: &quot;application&quot;,<br />

&quot;CanonicalHostedZoneId&quot;: &quot;Z3XXXXXXXXXX7K&quot;,<br />

&quot;AvailabilityZones&quot;: [<br />

{<br />

&quot;SubnetId&quot;: &quot;subnet-233dd569&quot;,<br />

&quot;ZoneName&quot;: &quot;us-east-1a&quot;<br />

},<br />

{<br />

&quot;SubnetId&quot;: &quot;subnet-45b36c4a&quot;,<br />

&quot;ZoneName&quot;: &quot;us-east-1f&quot;<br />

}<br />

]<br />

}<br />

]<br />

}

Once we have created it we need to refer back to it, for example to check the state and ensure it is active, or perhaps to pull the ARN for a subsequent action.

PS&gt; (aws elbv2 describe-load-balancers --region us-east-1 | ConvertFrom-Json).LoadBalancers</p>

<p>IpAddressType : ipv4<br />

VpcId : vpc-bfa608c4<br />

LoadBalancerArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a<br />

State : @{Code=active}<br />

DNSName : squirrelbox-external-1261228970.us-east-1.elb.amazonaws.com<br />

SecurityGroups : {sg-8b9d27c1}<br />

LoadBalancerName : squirrelbox-external<br />

CreatedTime : 2018-07-21T16:29:24Z<br />

Scheme : internet-facing<br />

Type : application<br />

CanonicalHostedZoneId : Z3XXXXXXXXXX7K<br />

AvailabilityZones : {@{SubnetId=subnet-233dd569; ZoneName=us-east-1a}, @{SubnetId=subnet-45b36c4a; ZoneName=us-east-1f}}

I often find myself needing the ARN (we will use it a few more times in this article) so I like to find ways to shortcut that output.  This will return just the ARN on Powershell.

PS&gt; (aws elbv2 describe-load-balancers --region us-east-1 | ConvertFrom-Json).LoadBalancers.LoadBalancerArn<br />

arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a

Keep this ARN handy we will use it later.

Create Target Group

So now we have created a load balancer, well the next step is to create a target group, this is essentially the collection of backend services that will represent a single workload.  So in our simple example of a web server, we might have 4 back end ec2 instances that would-be members on port 80. However, it is also important to note that you can have different ports in the same target group.  This is especially helpful when it comes to containers.

Here is the basic syntax of the command.

$ aws elbv2 create-target-group --name [ target-group-name ] --protocol [ HTTP | HTTPS ] --port [ PORT ] --vpc-id [ vpc-id] --region [ region ]

Now when we create the target group we simply need a name, VPC, and the protocol and port combination.

PS&gt; aws elbv2 create-target-group --name squirrelbox-webnodes --protocol HTTP --port 80 --vpc-id vpc-bfa608c4 --region us-east-1<br />

{<br />

&quot;TargetGroups&quot;: [<br />

{<br />

&quot;HealthCheckPath&quot;: &quot;/&quot;,<br />

&quot;HealthCheckIntervalSeconds&quot;: 30,<br />

&quot;VpcId&quot;: &quot;vpc-bfa608c4&quot;,<br />

&quot;Protocol&quot;: &quot;HTTP&quot;,<br />

&quot;HealthCheckTimeoutSeconds&quot;: 5,<br />

&quot;TargetType&quot;: &quot;instance&quot;,<br />

&quot;HealthCheckProtocol&quot;: &quot;HTTP&quot;,<br />

&quot;UnhealthyThresholdCount&quot;: 2,<br />

&quot;HealthyThresholdCount&quot;: 5,<br />

&quot;TargetGroupArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot;,<br />

&quot;Matcher&quot;: {<br />

&quot;HttpCode&quot;: &quot;200&quot;<br />

},<br />

&quot;HealthCheckPort&quot;: &quot;traffic-port&quot;,<br />

&quot;Port&quot;: 80,<br />

&quot;TargetGroupName&quot;: &quot;squirrelbox-webnodes&quot;<br />

}<br />

]<br />

}

After creating it we might need to refer back to it to check the settings.

PS&gt; (aws elbv2 describe-target-groups --region us-east-1 | ConvertFrom-Json).TargetGroups</p>

<p>HealthCheckPath : /<br />

HealthCheckIntervalSeconds : 30<br />

VpcId : vpc-bfa608c4<br />

Protocol : HTTP<br />

HealthCheckTimeoutSeconds : 5<br />

TargetType : instance<br />

HealthCheckProtocol : HTTP<br />

LoadBalancerArns : {}<br />

UnhealthyThresholdCount : 2<br />

HealthyThresholdCount : 5<br />

TargetGroupArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd<br />

Matcher : @{HttpCode=200}<br />

HealthCheckPort : traffic-port<br />

Port : 80<br />

TargetGroupName : squirrelbox-webnodes

This will return just the ARN of the target group.

PS&gt; (aws elbv2 describe-target-groups --region us-east-1 | ConvertFrom-Json).TargetGroups.TargetGroupArn<br />

arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd

Keep this ARN handy we will use it later.

Create Listener

Next, we must create the listener, the listener does exactly that it listens for the customer traffic.  So this is going to declare the external protocols and associate a certificate (if appropriate) with the load balancer.

Here is the basic syntax of the command.

$ aws elbv2 create-listener --load-balancer-arn [ load-balancer-arn ] --protocol [ HTTP | HTTPS ] --port [ port-number ] --certificates &quot;CertificateArn=[ certificate-arn ]&quot; --default-actions &quot;Type=forward,TargetGroupArn=[ target-group-arn ] --region [ region ]

The listener will setup the external listening port on the load balancer, and associate a certificate as well as create a default rule referring to the target group we declare.

PS&gt; aws elbv2 create-listener --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:11223344556:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a --protocol HTTPS --port 443 --certificates CertificateArn=arn:aws:acm:us-east-1:310843369992:certificate/0e8046d4-3625-49ff-9fee-c1485e314dc7 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:310843369992:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd --region us-east-1<br />

{<br />

&quot;Listeners&quot;: [<br />

{<br />

&quot;Protocol&quot;: &quot;HTTPS&quot;,<br />

&quot;DefaultActions&quot;: [<br />

{<br />

&quot;TargetGroupArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot;,<br />

&quot;Type&quot;: &quot;forward&quot;<br />

}<br />

],<br />

&quot;SslPolicy&quot;: &quot;ELBSecurityPolicy-2016-08&quot;,<br />

&quot;Certificates&quot;: [<br />

{<br />

&quot;CertificateArn&quot;: &quot;arn:aws:acm:us-east-1:112233445566:certificate/0e8046d4-3625-49ff-9fee-c1485e314dc7&quot;<br />

}<br />

],<br />

&quot;LoadBalancerArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a&quot;,<br />

&quot;Port&quot;: 443,<br />

&quot;ListenerArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83&quot;<br />

}<br />

]<br />

}

Here we can check the listener’s configuration after its creation.

PS&gt; (aws elbv2 describe-listeners --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a --region us-east-1 | ConvertFrom-Json).Listeners</p>

<p>Protocol : HTTPS<br />

DefaultActions : {@{TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd; Type=forward}}<br />

SslPolicy : ELBSecurityPolicy-2016-08<br />

Certificates : {@{CertificateArn=arn:aws:acm:us-east-1:112233445566:certificate/0e8046d4-3625-49ff-9fee-c1485e314dc7}}<br />

LoadBalancerArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a<br />

Port : 443<br />

ListenerArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83

Of course we can also just display the ARN.

PS&gt; (aws elbv2 describe-listeners --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:loadbalancer/app/squirrelbox-external/df9f9a3bb1f5007a --region us-east-1 | ConvertFrom-Json).Listeners.ListenerArn<br />

arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83

Keep this ARN handy we will use it later.

Create Rule

If you have complicated load balancing requirements (multi-tenant, api endpoints, etc) then rules will be your friend.  Anything that you want to route differently than the default will need its own rule and this will be how that traffic is controlled.

Here is the basic syntax of the command.

$ aws elbv2 create-rule --listener-arn [ listener-arn ] --conditions &quot;Field=[ path-pattern | host-header ],Values=[ /squirrelbox/* | www.squirrelbox.io ]&quot; --actions &quot;Type=forward,TargetGroupArn=[ target-group-arn ]&quot; --priority 1 --region [ region ]

Here we are going to set a host-header rule so that anything that comes in via the name www.squirrelbox.io will get routed to a specific target group.

PS&gt; aws elbv2 create-rule --listener-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83 --conditions &quot;Field=host-header,Values=www.squirrelbox.io&quot; --actions &quot;Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot; --priority 1 --region us-east-1<br />

{<br />

&quot;Rules&quot;: [<br />

{<br />

&quot;Priority&quot;: &quot;1&quot;,<br />

&quot;Conditions&quot;: [<br />

{<br />

&quot;Field&quot;: &quot;host-header&quot;,<br />

&quot;Values&quot;: [<br />

&quot;www.squirrelbox.io&quot;<br />

]<br />

}<br />

],<br />

&quot;RuleArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:listener-rule/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83/3303294d17235cd9&quot;,<br />

&quot;IsDefault&quot;: false,<br />

&quot;Actions&quot;: [<br />

{<br />

&quot;TargetGroupArn&quot;: &quot;arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd&quot;,<br />

&quot;Type&quot;: &quot;forward&quot;<br />

}<br />

]<br />

}<br />

]<br />

}

Let’s describe the rules we now have.

PS&gt; (aws elbv2 describe-rules --listener-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83 --profile entasisawsug | ConvertFrom-Json).Rules</p>

<p>Priority : 1<br />

Conditions : {@{Field=host-header; Values=System.Object[]}}<br />

RuleArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:listener-rule/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83/3303294d17235cd9<br />

IsDefault : False<br />

Actions : {@{TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd; Type=forward}}</p>

<p>Priority : default<br />

Conditions : {}<br />

RuleArn : arn:aws:elasticloadbalancing:us-east-1:112233445566:listener-rule/app/squirrelbox-external/df9f9a3bb1f5007a/862c694eafb01c83/e8a9ec74d438b479<br />

IsDefault : True<br />

Actions : {@{TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:112233445566:targetgroup/squirrelbox-webnodes/2ad2df8c47d5a0fd; Type=forward}}

 

Additional Certificates

If you have multiple hostnames on the same load balancers you will likely need to have multiple certificates associated with the listener so that it can use SNI to apply the correct cert.  Here is how you would add a second one.

Here is the basic syntax of the command.

PS&gt; aws elbv2 add-listener-certificates --listener-arn [ listener-arn ] --certificates CertificateArn=[ certificate-arn ] --region [ region ]

Here we will add a second certificate for another domain, this one is for www2.squirrelbox.io.

PS&gt; aws elbv2 add-listener-certificates --listener-arn arn:aws:elasticloadbalancing:us-east-1:112233445566:listener/app/squirrelbox-external/df9f9a3bb1f5007a/8 62c694eafb01c83 --certificates CertificateArn=arn:aws:acm:us-east-1:112233445566:certificate/b9625a00-9b05-4d4f-81e3-5084d8f8bd59 --region us-east-1<br />

{<br />

&quot;Certificates&quot;: [<br />

{<br />

&quot;CertificateArn&quot;: &quot;arn:aws:acm:us-east-1:112233445566:certificate/b9625a00-9b05-4d4f-81e3-5084d8f8bd59&quot;,<br />

&quot;IsDefault&quot;: false<br />

}<br />

]<br />

}

So with all of these components this can enable us to horizontally scale our applications as we need to increase our capabilities.  This is one of the core components to a Scalable Solution. For additional learning I suggest you look into healthchecks and registering instances into a target group.  Of course you can also follow me on LinkedIn to be notified of our latest articles.

Regional Health System Engages GuideIT to Support Technological Transformation

July 19, 2018 — Plano, TX — GuideIT today announced that has been engaged to provide services in support of major technological transformation for a regional health system.

With many concurrent initiatives underway in support of its technology transformation goals, the health system engaged GuideIT to manage legacy applications support and execute a major server decommissioning program in support of a technology infrastructure modernization program.

“Executing major technology programs can stretch even the strongest of IT organizations,” said Chuck Lyles, CEO for GuideIT.  “Our success in meeting the requirements, budget and timelines on our prior engagements earned us the opportunity to continue supporting this important transformation.”

GuideIT provides the experience, proven processes and expertise necessary to successfully implement technological change.  Its result-focused approach to empowering business emphasizes delivering services that enable the creation of value, leveraging its broad expertise of technology executives and practitioners, and simplifying the complex while bringing the flexibility and creativity needed to succeed.

About GuideIT

While technology is critical for every business, it’s also complex and ever changing, often making it difficult to manage.  Because of this complexity, many business leaders find themselves in need of advisors they can trust... people who can guide them through getting the most out of technology, relative to their business priorities and the results they seek. That’s why people put their trust in us. www.guideit.com.

AWS Systems Manager Parameter Store

At Entasis we help our customers understand and modify their technology stacks so that scaling is a function of cost not a function of technology.  However, when we look at scaling one of the largest problems is the consistency of an environment. When we are running 100 application nodes then the opportunity for one node to go sideways and start handling traffic differently is much higher than if we only have 2 application nodes.  So we work with our customers to help them abstract the configurations of their services from their code to enable their applications to auto-scale regardless of your hosting location. We are very familiar with public cloud, private cloud, multi-cloud and hybrid cloud. If you need help in this area please reach out to our team at sales@entasistech.com.

This article is part of our series on Scalable Solutions.  This article doesn’t require knowledge of the other articles however please check out our other articles – Amazon Route 53 Basics and AWS Certificate Manager.

Today we are going to look at one of the central components of AWS Systems Manager, and frankly, this is one of the easiest to implement.  The Parameter Store is a centralized location to store configuration data. This helps us to know how our applications are being configured across an entire fleet.  This allows us to avoid more brittle solutions such as file deployment, or shared file systems for configuration data. So let's dig in.

For the purposes of this article, we are going to use the CLI to handle all of our interactions with the Parameter Store.  Depending on your solution you will want to use the appropriate SDK to interact with the values in the parameter store. Additionally, you have the option of using another solution (there are a few out their or you can roll-your-own) that will load all of the values of the parameter store as environment variables, then the application can read its settings from the environment.

For details on Parameter Store: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html

Parameter Store Values

  • String – this is an unencrypted string.
  • StringList – this is an unencrypted list of strings.  This must be comma-separated with no spaces.
  • SecureString – this is an encrypted string.  This is encrypted with a KMS key if you use this your application is also going to need IAM permissions to use the defined key to decrypt items.

Recommendations:

  1. Always use SecureString, in my experience, it doesn’t add much complexity but it does provide the protection of having the data encrypted by default.  This provides additional protection in the case of “grey” data which isn’t definitely sensitive (credentials) but can be sensitive in the wrong hands (connection endpoints, ports, etc).
  2. Use isolated KMS keys for each application and/or environment.  If one application is compromised you don’t want it to be able to be used as a launch platform to other applications (imagine if you were able to pull down all configurations from all applications after compromising a single machine).
  3. Admin oversight is critical here you really need to look at what admins can do once you start solutioning for this, can your read-only admin decrypt the parameters in the parameter store for all of the different applications.  How do you secure this and ensure that there is no leakage.
  4. Credentials can be stored in Parameter Store if SecureString is the key used.  However, if you are using RDS (or other select AWS Services) Secrets Manager might be a better fit.  The line should be if Secrets Manager can rotate the credential then it is better to use Secrets Manager for that credential. Then you can use a shorter rotation window (database credentials rotated once a day as an example).  This limits the blast radius in the attempt of a compromise.
  5. Store all configurations in Parameter Store.  All of them. If you put anything in local configuration files then that opens you up for divergence.
  6. Use descriptions in your parameters.
  7. Also, don’t include Parameter Store calls in your workflow.  For example, if you have an API call that your workflow has to make then don’t perform a get-parameter for each invocation of that API.  Rather refresh the local values on service reload/refresh/restart, then log any problems and fail to start the service if necessary.

Writing a Parameter in the Parameter Store

This pattern will use the default key of alias/aws/ssm, you can use your own created key bypassing the –key option.  The output of these is simply the version number of the string created (always 1 if it is a new string).

$ aws ssm put-parameter --type [ String | StringList | SecureString ] --name [ name ] --value [ value ]

Now first we are going to create a parameter of the String type which is unencrypted.  We will call it “naked string” and it will have a value of “unencrypted string”.

PS&gt; aws ssm put-parameter --type String --name nakedstring --value unencryptedstring<br />

{<br />

&quot;Version&quot;: 1<br />

}

Next, we will create a parameter of the StringList type which is also unencrypted.  The big caveat with these are that your strings cannot contain any special punctuation as each string is separated by a comma.  If your string contains a comma you are better off using a String or SecureString and separating from a string into multiple strings with logic (or by having each string in their own parameter).  We will call this “nakedstringlist” and it will have a value of “unencryptedstring1,unencrpytedstring2”.

PS&gt; aws ssm put-parameter --type StringList --name nakedstringlist --value unencryptedstring1,unencryptedstring2<br />

{<br />

&quot;Version&quot;: 1<br />

}

Finally please forget the other two and just use this one.  This is an encrypted string (everyone say yay!) and it requires a little more work on the IAM side but the security it provides is definitely worth it, additionally, it also makes it a sane proposition to store credentials here.  We will call this “clothedstring” (since we are dressing it in encryption) and it will have a value of “encryptedstring”.

PS&gt; aws ssm put-parameter --type SecureString --name clothedstring --value encryptedstring<br />

{<br />

&quot;Version&quot;: 1<br />

}</p>

<p>&lt;strong&gt;Updating a Parameter in the Parameter Store&lt;/strong&gt;</p>

<p>Now no doubt at some point if you are using Parameter Store you will need to make a change to an existing parameter.  This is essentially the same process as above, we just need to tell it that we want it to overwrite the existing value.<br />

&lt;pre&gt;

 

$ aws ssm put-parameter --type [ String | StringList | SecureString ] --name [ name ]--value [ value ] --overwrite

This is simply going to update the parameter called "clothedstringlist" with the value of "updatedencryptedstring".

PS&gt; aws ssm put-parameter --type SecureString --name clothedstringlist --value updatedencryptedstring --overwrite<br />

{<br />

&quot;Version&quot;: 2<br />

}</p>

<p>Now we see the output of the version number indicating that this has been updated to a new version.</p>

<p>&lt;strong&gt;Reading a Parameter from Parameter Store&lt;/strong&gt;</p>

<p>So of course putting parameters in place is wonderful, however if we can't get them back then it is massively non-helpful.  So lets do that next.<br />

&lt;pre&gt;

 

$ aws ssm get-parameter --name [ name ]

Here we are going to retrieve our parameter called "nakedstring".

PS&gt; aws ssm get-parameter --name nakedstring<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;String&quot;,<br />

&quot;Name&quot;: &quot;nakedstring&quot;,<br />

&quot;Value&quot;: &quot;unencryptedstring&quot;<br />

}<br />

}

Next lets retrieve our parameter called "nakedstringlist".

PS&gt; aws ssm get-parameter --name nakedstringlist<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;StringList&quot;,<br />

&quot;Name&quot;: &quot;nakedstringlist&quot;,<br />

&quot;Value&quot;: &quot;unencryptedstring1,unencryptedstring2&quot;<br />

}<br />

}

Of course who can forget my personal favorite parameter called "clothedstring".

PS&gt; aws ssm get-parameter --name clothedstring<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 2,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;clothedstring&quot;,<br />

&quot;Value&quot;: &quot;AQICAHhVdKbFht5ReQADBixWDt1CeIfSYZwDVCmC9QqTnFypxAENa7JnNj6xxG+VDWrVw8JDAAAAdDByBgkqhkiG9w0BBwagZTBjAgEAMF4GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMOF4jFo0YR2cKU2xMAgEQgDFEmBYI8sWEIzSIJoLWU4xZBIMO/WNloQcIsVj7OPuk5VjqYxJJATyZYuUCgMeU3DUY&quot;<br />

}<br />

}

So of course if we retrieve an encrypted string then it must come back to us encrypted.  However that is not useful.

$ aws ssm get-parameter --name [ name ] --with-decryption

Lets pass it the option to also decrypt the parameter so we can use it.

PS&gt; aws ssm get-parameter --name clothedstring --with-decryption<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 2,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;clothedstring&quot;,<br />

&quot;Value&quot;: &quot;updatedencryptedstring&quot;<br />

}<br />

}

Now one other interesting thing to mention.  We have versioning on all of this, so lets say we want to go look at the previous version of the parameter.

PS&gt; aws ssm get-parameter --name clothedstring:1 --with-decryption<br />

{<br />

&quot;Parameter&quot;: {<br />

&quot;Version&quot;: 1,<br />

&quot;Type&quot;: &quot;SecureString&quot;,<br />

&quot;Name&quot;: &quot;clothedstring&quot;,<br />

&quot;Value&quot;: &quot;encryptedstring&quot;<br />

}<br />

}

This versioning of course brings up an interesting point to ponder.  If we have a parameter that starts out as a String (unencrypted) with a value of "Password1234" and we then realize our mistake and update it to be a SecureString (encrypted) with the same value of "Password1234" our previous version is still stored in unencrypted form.  In this scenario I would encourage a few things...

  1. Change the password, not just because my example is a really bad password, but rather because it is now stored unencrypted in the cloud.
  2. If changing the password cannot be accomplished then a better approach would be to delete the parameter and recreate it as a new parameter that is encrypted.  This will enable you to make the changes in your app which have you so dependent on that password not changing.

Delete a Parameter from Parameter Store

So now to set ourselves up for the next phase of this article we are going to delete everything we created.

$ aws ssm delete-parameter --name [ name ]

Earlier we created and updated 3 different parameters called "nakedstring", "nakedstringlist" and "clothedstring" the delete-parameter does not actually return anything if it is successful so I am just going to give you them all at once since the explanation is not necessary.

PS&gt; aws ssm delete-parameter --name nakedstring<br />

PS&gt; aws ssm delete-parameter --name nakedstringlist<br />

PS&gt; aws ssm delete-parameter --name clothedstring

Now we no longer have those parameters.

Parameter Hierarchies

Parameters can be stored in a hierarchical fashion, doing so can make it easier to craft scalable IAM policies which will allow applications to only access their parameters and not other applications parameters.  For example /app1/param1, /app1/param2, /app2/param1, /app2/param2 we can create an IAM policy to allow read for /app2/* only and grant that policy to the role supporting app2, with a corresponding policy for /app1/*.

This helps us to secure our implementations from each other, however, it also makes it easier to code our applications to.  For example in the above non-hierarchical examples we would need to read a parameter for each and every configuration, now keeping in mind that these configurations can be anything from connection strings, to credentials, to memory settings, to whitelists, or anything in between it is not inconceivable for us to have 20 parameters per application.  Which means 20 calls, which means 20 delays (or opportunities for delays at least), when we utilize hierarchical parameters we can turn this into one call for all parameters at a given path. So the call can actually be something like /app1/* (or "give me all parameters having to do with app1").

We can further segment it by environment and tiers, so here is a rough example of a hierarchy for an application called "squirrelbox":

/squirrelbox/dev/database/readstring