lxndryng - a blog by a millennial with a job in IT

Aug 11, 2017

Weeknotes #2: Consistency

I came into this with the intention of being consistent with producing something weekly, but there has been a number of extenuating circumstances around actually doing this: between interviewing for promotion and planning a wedding, it's been rough so far as actually having the mental capacity to remember to do, well, anything goes.

Maybe I'm just scared of commitment.

Monday: Managing myself

I'm terrible at doing my timesheets: part of this is wilful disobedience purely because I've been told that I *must do them without ever been told of the benefit that me wasting half an hour allocating time to projects could possibly have; the other part is simply me forgetting about the process-oriented parts of my job.

I do do my timesheets often enough to have a favourite time code, though: the incomparable "managing myself." Monday was definitely a "managing myself" day, trying to get all of the paperwork I've been delaying around changing my name at work and changes to my pension that I haven't had time or been able to get done. Not exciting, but necessary.

Tuesday: Investigation

One of my larger pieces of work at the moment is helping our compliance investigation division to define a flexible cloud environment that meets some fairly stringent legislative requirements around handling data, as well as this data potentially harmful materials, be they malware or in the realms of indecent or illegal content.

Only a small challenge, then. Certainly an interesting one.

Designing this in a greenfield environment, I certainly would agree with the approach that had been defined by the contractors employed to get this work going: their approach was dairly elegant, with isolation being provided by the use of dedicated VPCs in AWS; a key management service that wasn't reliant on KMS; and a development environment for data scientists that would prove incredibly flexible. We don't live in an ideal world, though: we have a model for the extension of our datacentres into the cloud that means that certain aspects of this design are, by necessity, delegated to another body in the department.

A day of whiteboarding later (I really should buy my own whiteboard markers - I've never been able to pick one up in a room and have it write well), a lot of explanations around why we designed the cloud networking the way we did; why we chose a vendor-agnostic strategy for any PaaS deployments; why complete control of the network environment couldn't be held by the project; why we mandate the technical controls that we do and we came to a compromise position that we believe will work, with work starting next week to spike this.

These sorts of results are what I really enjoy about my job: it's rare that contractors have any respect for permanent civil servants when it comes to anything technical (and our management doesn't help that - but that's really a subject to be discussed over a few drinks and not somewhere I could held to account for what I say), but having such a constructive conversation is wonderful.

Wednesday: "How do you know what's up or down?"

Partially on leave, partially trying to sell a customer on a monitoring solution for a large and complex distributed service, Wednesday was a bit of a wash.

The monitoring solution I'm trying to define for this service is premised on a few core tenets:

  1. Don't give a large vendor any money, please
  2. Take a modular approach so we can more easily move with the times as certain components become outmoded
  3. Don't use Oracle Enterprise Manager if you can help it
  4. Rely on guages, counters and log data rather than runtime instrumentation to get the required data

I concede fairly frequently that I inhabit a position in my job that is somewhat divorced from the reality of delivery: I sit in my ivory tower and declare what, from a corporate point of view, is and isn't acceptable. I welcome input from anyone willing to talk to me, but I have decision-making responsibilities wider than any one project or programme, which means that I don't necessarily have to worry about the first-adopter penalties associated with potentially corporate-wide services or cost of initial development. The programme are fairly resistant to any approach that isn't 'throw money at the problem, make it go away', but I think we've made some progress insomuch as they've at least agreed to do a technical spike for the stack (Sensu, InfluxDB, ELK for anyone interested).

This programme, however, is very much the opposite of my Tuesday conversation as far as the contractors go: there's a far more bullish, borderline xenophobic attitude to anything that is considered 'outside' of programme delivery. That certainly is a pattern of behaviour that concerns me: I'm all for camaraderie, but that sort of negative cohesion always worries me.

Thursday: An overdue team meeting

I'm lucky to work within the calibre of team that I work in: everyone is supportive of everyone else and we're generally left to do our own work and follow our own passions where time allows. We're in the process or revising how we make our work product (solution designs, technology catalogues, deployment patterns, best practice) available outside of our team and more widely across the department, and the technology catalogue application I've developed seems to have gone down well across our trial users and has cut down on a lot of low-value communication. I feel like we're at the vanguard with this sort of stuff as far as the the wider group's work goes, so that's certainly a good feeling.

Friday: Bringing MIS to the 21st Century

A fairly slow day, but I think I may have designed something to replace an ageing operational monitoring platform with something a lot cheaper and a lot more responsive. Hopefully, this will replace my party piece in interviews of 'I delivered a project ahead of time and below cost in a government department once, who else has done that?' Time will tell.

Media consumption

Music: Russian Red, Chelsea Wolfe, Sarah Fimm

Games: DOTA2, Guilty Gear Xrd Revelator, Battle Bakraid

Thought for the week

Repeating myself gets results eventually: it's recognising cultural differences between Telford and Southend that will speed that up in future. We're a weird organisation.

Jul 21, 2017

Weeknotes #1: An aide for a failing memory

As far as civil servants go, I'm probably in the bottom 10% as far as being able to recall things that I've actually done in my work, whether this be for my own benefit or when it comes to dealing with the arcanery of our performance mangement processes: I'm sick of the bar for my acheivements being 'look, [manager's name], I haven't killed anyone and no one's complaining about me, so I'm probably doing OK, right?' The movement around the production of weeknotes by people in government seems as good an excuse as any to start making these sorts of notes. Being the fiercely 'indie web' boy that I am, I have to host mine myself, of course.

Monday: "It's just a database"

Three years ago, I worked in HMRC's Application Architecture space, which meant that I dealt with our SAP estate a fair amount. SAP's products are big, expensive black boxes that handle numbers and spit out the department's accounts and while I do work for the tax authority, this isn't something that particularly gets my blood up. Moving to Infrastructure and Security was very well welcomed given my basement-dwelling proclivities towards IT-that-supports-IT: I love orchestration, I love automation and I love the software development lifecycle - colour me a deviant if it seems appropriate.

I still get pulled into discussions about infrastructure for SAP products on the estate as I'm still fairly close to that team, and Monday saw a day-long session of SAP extolling the virtues of their HANA platform, all the while reminding us "it's not just a database, it's a platform." The product roadmaps that SAP have for all of their systems means that our eventual adoption of HANA is inevitable, but I can't say I'm convinced by anything in their pitch other than "in-memory means faster." Given how long some of the reports take to generate from Business Objects, that will be nothing but a boon to us, but the other benefits that they try to tie to HANA (primarily much needed UX improvements) seem to just be coupled to push the adoption of HANA rather than real need.

That said, pulling away from a database schema that has its roots in the 1970s is probably a wonderful thing for them.

Tuesday: Monitoring

One of my core responsibilities is strategy for monitoring of live systems across HMRC - something that any organisation could probably do with doing better - but it does feel like I'm having the same conversations over and over again: we've identified toolsets that cover probably 90% of monitoring use cases, and we're working with our delivery partners to identify and address the remaining 10%, but the work feels stalled due to funding concerns. I guess this is just working in government.

The thing the galls me about this is that I'd be really excited about delivering this, if only we could just push ourselves to get there. It's important work that could have profound effects on how we work and how well we work.

Wednesday: Risk

We're also looking to do some innovative things in the risk and investigation space, providing HMRC with a platform (not just a database) for analysis of datasets of interest. Of course, this comes with some fairly stringent security requirements and operational concerns given that the organisation within the department that will be undertaking this work sits outside of our IT delivery function.

There had been some consternation about where this environment should sit and whether the services offered by our nascent Cloud Delivery Group would be appropriate for the use case at hand. Our 'corporate' infrastructure services (those operated by the Cloud Delivery Group) are little less flexible than those one could get with a credit card and your Cloud Provider of Choice, but they come with the benefit of inheritance of the security features we already have on the estate, whether that be the corporate anti-virus/anti-malware service, network security appliances or integration with corporate directory services. Visibility of spend is also a key concern in this space.

It was an incredibly productive conversation, in which (to all appearances, at least) I managed to assuage the concerns that the delivery guys had about using the service, addressing their primary concerns around the agility they'd have in delivery and the level of network isolation they could have while still having access to corporate services. It did also show that we might have some communication issues around how we're publicising the services that we offer from Cloud Delivery Group, so that's also something we can address in the future. The strength of the corporate yoke is something that I'm particularly concerned is being overstated: I for one want our delivery people to be able to do whatever it is that they need to do (within the bounds of reason, of course).

Thursday: Not-so Active Directory

We're big fans of Single Sign-On in HMRC, with the general diktat being "if it can use SSO, it should." In an organisation our size with our access control concerns, it makes sense: try managing 65,000 user accounts across multiple systems, you'd definitely be creating a cottage industry. We're trying to get an SSO solution working for our multi-cloud brokering system (which I can't name even though there's an event at which we're speaking in September, I believe...) and it's making visible some interesting issues we have with how we deal with identity - mainly how we can't identify from AD which business unit someone belongs to.

We came to a solution and it shouldn't be too messy, even if we're not automatically identifying which business unit a person belongs to automatically - but we can use our existing solution for role management, so I'll take that as a win.

This is probably my favourite bit of work at the moment, even if it's not what I said I wanted in last year.

Friday: Press F5 to Continue

I had a meeting with F5 to discuss how we'll be handling perimiter security for HMRC's new network design (see the YouTube link above for some more detail about this) and how it can be automated. I was asked how much I knew about F5's automation technologies and, without thinking or missing a beat, I answered "it costs money, so I know next to nothing about it." Room erupts; I'm told I "really am the posterboy for the new civil service." Cheers, I think? It was probably the comment combined with my now-standard fly kicks.

I sacrifice foot comfort for no supplier.

It was a genuinely interesting meeting and has given me some ideas for how we can safely delegate perimiter network security to a level that shouldn't impede development, particularly for our digital platform. All very exciting.

Media consumption

Music: Zola Jesus, The Jezabels, Godspeed You! Black Emperor

Books: From Third World to First - Lee Kuan Yew

Games: Mainly Street Fighter V, I'm still terrible at it.

Thought for the week

It's definitely just a fucking database.