Wednesday, October 31, 2018

SSO Migration in 10 (+3) weeks ... People matters!

I have a long time SSO customer who came back to me after 6 months "ditching" us. Well, the actual fact was a new VP came in and we did get along well. Anyway, he couldn't deliver after 6 long months and he was out of the game. The old VP called me immediately after she was reassigned  with the SSO infrastructure.

I'm very familiar with their environment and even though there is a lot of customization, I promised the whole migration will only take 10 weeks. Yes, a major jump in software version. A lot of code rewrites. A lot of Java code decompilation as the software has gone closed-source. It was real fun!

I brought in my best team. And we are going live this coming Sunday! (Ok, customer requested to delay go-live for another 3 weeks as there is 1 site that customer would not want to migrate to the new platform. Thus communication with their end-customers is required to shut down that site.)

Last mile and we are talking about Cut-Over Plan yesterday.

I joined in the discussion. Towards the end of the discussion, customer looked at me and asked me if I have any comment. My only request was: "Give me the same set of people who had performed the dry-run weeks before."

It is going to be a real long night this Sunday and a lot of eyes are on the whole team. I told the manager of the application teams not to assign people based on availability (you know, as this is a midnight job, the seniors will always find excuses not to be involved), but based on experience and capability. Don't give someone who has no idea what is going on.

People matters!

Thursday, June 7, 2018

One Identity Cloud Access Manager - STS Windows Service

In One Identity Cloud Access Manager deployment, there is a STS host and Proxy host. The proxy host acts as the reverse proxy to protected applications, as well as serving as the Login Page.

On the Proxy host, if you ever need to restart the service, a quick search for One Identity Cloud Access Manager Proxy does the job. Fairly easy to locate.

On the STS host, if you need to restart the service, you are not in luck. It took me a while initially. I just could not locate any service that starts with "One Identity ...".

To do so, search for "Redistributable Secure Token Server" instead.

Weird and inconsistent naming convention indeed!


Wednesday, June 6, 2018

One Identity Cloud Access Manager - Notifications

I found a good feature in One Identity Cloud Access Manager today - Reminder to turn off detailed message logging.

So I was debugging something yesterday and totally forgotten to turn off detailed message logging. I was at admin console a while ago and I saw a new notification on the top right of the dashboard.

Being curious, I took a look and was reminded to turn off detailed message logging as "Keeping detailed message logging turned on impacts performance".

Not a hard feature to implement. But I seldom see this in other products. Good reminder to my team which is currently busy with their little product development.


Tuesday, June 5, 2018

One Identity Cloud Access Manager - Database Snapshot

Cloud Access Manager provides a utility feature for customers to download a snapshot of the CAM database. 

This could be helpful for raising a support ticket. Other products have similar feature to capture a snapshot of the current configuration. However, none is as convenient as this.

Pretty good!


Saturday, June 2, 2018

Accredited Consultant

ForgeRock Access Management Accredited Consultant

ForgeRock sent me this yesterday. Nice gesture. I take.

Just few weeks ago, I was told by one of my consultant (btw, he is ForgeRock Identity Management Accredited Consultant) that a young punk from another company boasted to him that he is ForgeRock Access Management certified.

Nothing to be great of. Uncle me accredited keeping a low profile here.

When you are capable, you just dig in and work harder. You don't need to show off. Customers have bright eyes.


Thursday, May 24, 2018

Magic Quadrant for Full Life Cycle API Management (2018)

The latest magic quadrant for Full Life Cycle API Management has been released a month ago. I just received a mailer from CA. 

Well done, CA Technologies remains in the Leaders quadrant. Not sure why Google (Apigee) is so high up, as we don't see much competition from them in this region. As long as you are totally cloud-based in this region, especially Singapore, you're basically out of the game. I'm saying if you are looking for large customers. The game is still very much on-premise.

Interestingly, Tyk has made it to the Niche Players quadrant. That's real hard work for a new player who has been in this market for less than 5 years. Really impressive! Kudo to the Tyk team!


Tuesday, May 22, 2018

What API is not about and about?

My team has been covering a potential customer for a while with regard to a API Gateway deployment. POC done. Presentation done. Then a competitor came in to disrupt ... it's common. Singapore is a saturated market. There are finite number of customers to chase after. If customers don't come to you and you hear that they are looking at a product from your competitor, you quickly go in to disrupt the market. 

If you are the product principal and you have the time and energy and you have a willing partner, then you will do this sort of things. I'm someone that is not too keen to do this. The pie is always big enough for everyone, that's my view. If you go in to disrupt the market, you're usually going into a price war. It's not about product superiority anymore. More importantly, the quality of the consultants are not considered.  

This is a vicious cycle. Nothing good will come out of it. Customers think they are getting a good deal. I say they are mostly blind. Partners/Vendors are not stupid either. If a partner bids with a superbly low price, you think the partner will give you his best consultants? You pay peanuts, you get monkeys. As simple as that. 

Anyway, I went in to make my last presentation. I only showed 2 slides. 

API is really not about Secure File Transfer, Security, Throttling and Message Queues. These are given. If a gateway has no such features, they will never get a chance into the board room in customers' place. 

Honestly, 80-90% of the API products out there in the market have similar features. All are equally good. Why? For most customers (80%), they only use a subset of features (20%). I can confidently say most API products meet the requirements of most customers. 

API is really about People - Customer & Vendor. 

I know that the competitor is partnering with a SI that does mostly systems related work - PAM, Secured File Transfer. 

In our experience, these type of people are only used 20% of the total time spent in a typical API projects. They are utilized during the Build phase and the Maintenance/Patching phase. In Build phase especially, my own experience told me that my API Consultants are of no use here. They simply do not understand networking, firewall, zoning, routing, high-availability, scaling, hardening, vulnerability assessment, security scanning. This is where a trained Systems Consultant is useful. They will be able to work with the Network Security team from the Customers' sides effectively. 

But as soon as the Build phase is over, the Systems Consultants become totally "useless". This is where API Consultants come in. They are there to help Customers with "Discover, Simplify, Transform, Add Values". In short, to provide API Design services. This usually takes up 80% of the total time spent in typical API projects.

API is all about proper thought process. It's not a simple "Oh, let's create a new API and map it 1-to-1 with your backend service". An intern will do! Why spend so much money?