lxndryng - a blog by a millennial with a job in IT

Jul 21, 2017

Weeknotes #1: An aide for a failing memory

As far as civil servants go, I'm probably in the bottom 10% as far as being able to recall things that I've actually done in my work, whether this be for my own benefit or when it comes to dealing with the arcanery of our performance mangement processes: I'm sick of the bar for my acheivements being 'look, [manager's name], I haven't killed anyone and no one's complaining about me, so I'm probably doing OK, right?' The movement around the production of weeknotes by people in government seems as good an excuse as any to start making these sorts of notes. Being the fiercely 'indie web' boy that I am, I have to host mine myself, of course.

Monday: "It's just a database"

Three years ago, I worked in HMRC's Application Architecture space, which meant that I dealt with our SAP estate a fair amount. SAP's products are big, expensive black boxes that handle numbers and spit out the department's accounts and while I do work for the tax authority, this isn't something that particularly gets my blood up. Moving to Infrastructure and Security was very well welcomed given my basement-dwelling proclivities towards IT-that-supports-IT: I love orchestration, I love automation and I love the software development lifecycle - colour me a deviant if it seems appropriate.

I still get pulled into discussions about infrastructure for SAP products on the estate as I'm still fairly close to that team, and Monday saw a day-long session of SAP extolling the virtues of their HANA platform, all the while reminding us "it's not just a database, it's a platform." The product roadmaps that SAP have for all of their systems means that our eventual adoption of HANA is inevitable, but I can't say I'm convinced by anything in their pitch other than "in-memory means faster." Given how long some of the reports take to generate from Business Objects, that will be nothing but a boon to us, but the other benefits that they try to tie to HANA (primarily much needed UX improvements) seem to just be coupled to push the adoption of HANA rather than real need.

That said, pulling away from a database schema that has its roots in the 1970s is probably a wonderful thing for them.

Tuesday: Monitoring

One of my core responsibilities is strategy for monitoring of live systems across HMRC - something that any organisation could probably do with doing better - but it does feel like I'm having the same conversations over and over again: we've identified toolsets that cover probably 90% of monitoring use cases, and we're working with our delivery partners to identify and address the remaining 10%, but the work feels stalled due to funding concerns. I guess this is just working in government.

The thing the galls me about this is that I'd be really excited about delivering this, if only we could just push ourselves to get there. It's important work that could have profound effects on how we work and how well we work.

Wednesday: Risk

We're also looking to do some innovative things in the risk and investigation space, providing HMRC with a platform (not just a database) for analysis of datasets of interest. Of course, this comes with some fairly stringent security requirements and operational concerns given that the organisation within the department that will be undertaking this work sits outside of our IT delivery function.

There had been some consternation about where this environment should sit and whether the services offered by our nascent Cloud Delivery Group would be appropriate for the use case at hand. Our 'corporate' infrastructure services (those operated by the Cloud Delivery Group) are little less flexible than those one could get with a credit card and your Cloud Provider of Choice, but they come with the benefit of inheritance of the security features we already have on the estate, whether that be the corporate anti-virus/anti-malware service, network security appliances or integration with corporate directory services. Visibility of spend is also a key concern in this space.

It was an incredibly productive conversation, in which (to all appearances, at least) I managed to assuage the concerns that the delivery guys had about using the service, addressing their primary concerns around the agility they'd have in delivery and the level of network isolation they could have while still having access to corporate services. It did also show that we might have some communication issues around how we're publicising the services that we offer from Cloud Delivery Group, so that's also something we can address in the future. The strength of the corporate yoke is something that I'm particularly concerned is being overstated: I for one want our delivery people to be able to do whatever it is that they need to do (within the bounds of reason, of course).

Thursday: Not-so Active Directory

We're big fans of Single Sign-On in HMRC, with the general diktat being "if it can use SSO, it should." In an organisation our size with our access control concerns, it makes sense: try managing 65,000 user accounts across multiple systems, you'd definitely be creating a cottage industry. We're trying to get an SSO solution working for our multi-cloud brokering system (which I can't name even though there's an event at which we're speaking in September, I believe...) and it's making visible some interesting issues we have with how we deal with identity - mainly how we can't identify from AD which business unit someone belongs to.

We came to a solution and it shouldn't be too messy, even if we're not automatically identifying which business unit a person belongs to automatically - but we can use our existing solution for role management, so I'll take that as a win.

This is probably my favourite bit of work at the moment, even if it's not what I said I wanted in last year.

Friday: Press F5 to Continue

I had a meeting with F5 to discuss how we'll be handling perimiter security for HMRC's new network design (see the YouTube link above for some more detail about this) and how it can be automated. I was asked how much I knew about F5's automation technologies and, without thinking or missing a beat, I answered "it costs money, so I know next to nothing about it." Room erupts; I'm told I "really am the posterboy for the new civil service." Cheers, I think? It was probably the comment combined with my now-standard fly kicks.

I sacrifice foot comfort for no supplier.

It was a genuinely interesting meeting and has given me some ideas for how we can safely delegate perimiter network security to a level that shouldn't impede development, particularly for our digital platform. All very exciting.

Media consumption

Music: Zola Jesus, The Jezabels, Godspeed You! Black Emperor

Books: From Third World to First - Lee Kuan Yew

Games: Mainly Street Fighter V, I'm still terrible at it.

Thought for the week

It's definitely just a fucking database.