Analysis of Barclay’s Hardware Systems
Reason for choosing organisation
A couple of businesses were considered for the report. Both had a suitable IT system that was an integral part of their day to day operations and was suitable to investigate. Ultimately, Barclay’s IS team was chosen because they were far more accessible.
Data collection is a planned approach to acquire information from a source or sources to form a clear understanding of a particular area of interest (Davies, 2007). Various methods can be employed to collect data such as questionnaires, interviews, observation, and group discussion (Denscombe, 2013).
The primary method of data collection was through a face to face interview. A questionnaire was developed to find out about the architecture and infrastructure of the company’s computer systems. The responses were then written down as they were given (Appendix).
Hardware and Operating Systems
Everyone in the office has a ThinkPad t410 or a similar spec laptop. These will either run Windows 7 or Windows 10 depending on what the person needs. It’s worth noting that site uses hot desks with employees plugging in their laptop at any available workstation.
Several Windows servers of various specs are used. These are built to the specification required of the application/function to be hosted on them.
Mainframes using z/OS (MVS – Multiple Virtual Storage)
VM’s with RHEL5/6/7 (Red Hat Enterprise Linux)
Hpnsk, by hp (tandem)
Legacy servers with AIX
Software
The employee’s laptops all have Microsoft software management, Microsoft Exchange for email, Atlassian Jira, and Cisco Jabber for VoIP. Both laptops also use NAS (Network-attached storage) for most their storage. A lot of the other software depends on the OS that the laptop runs. Windows 7 laptops use Microsoft Office 2010 and have the ability to install bespoke software with local admin access (special permissions have to be given for this). By contrast, the Windows 10 laptops use Office 365, a software package accessed through Microsoft’s cloud service, and are only allowed to use thin clients, a client that relies on the cloud for its computational processes.
Network facilities
split into several domains, depending on security requirements. DMZ (Demilitarized Zone) for connecting to third parties. Mqipt, certification.
Security Measures
There are a wide range of security measures in place at Barclay’s. In terms of physical security, all access on site requires swipe cards with access only being given when necessary. In addition to this, tailgating someone is a dismissible offence for both parties involved.
For virtual security, the estate has several measures in place. They have an external and an internal firewall (the DMZ is between these two firewalls). Any admin rights need Identity and Verification checks to be allowed. Service accounts (non-login accounts with personal access controlled via PowerBroker) allows for the user to perform certain admin tasks without needing root access, essentially reducing abuse of privilege.
In terms of redundancy, Barclay’s has a few different levels of this depending on how critical it is to the business. For the lowest tier, they use offsite backup servers to ensure that data is not lost in the event of a disaster (i.e. flood, fire, theft). For important services that need to be kept online, they can use active-active. This hosts the service in two distinct geographical locations with load balancing between them. If one of the hosts were to close for any reason, the load would pass onto the 2nd host.
Not all software is capable of this active load balancing, for these instances active-passive is used. This is similar to active-active but without the load balancing; instead, if the active instance closes, the passive instance takes over.
Hardware and software implementation
Barclay’s thoroughly reviews and tests any new hardware or software before it is implemented to try and find out what effect it will have on the estate. This extends to new versions and patches of software already in use. Every new resource must be suitable for the task, and it must be compliant with the businesses regulations. The disruption is causes should be within business expectations, for example, a critical patch would be implemented regardless of how disruptive it is; by contrast, a less important patch would be scheduled to create a minimal impact.
Some software (particularly open-source) have features of the program modified or removed before it is introduced into the business. After this, it is packaged and distributed according to the businesses patching schedule.
Legal and Ethical requirements
As a bank, Barclay’s handles incredibly sensitive data and must adhere to the law regarding it.
According to the Data Protection Act (1998), anyone using data must follow ‘data protection principles’.
They must make sure the information is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- accurate
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
There is the legal obligation of “duty of care” that must be adhered to when dealing with customer’s data, therefore its of extreme importance that the rules and regulations are followed with absolute compliance. This is because if the business is found to be not following them, it can result in up to 5 years in prison. In addition to this, it will hurt the businesses reputation lowering trust that customers place in them. As for ethical requirements, there’s no specific drawn up rules however there were specific areas within the businesses where ethics do come into play for example keeping customer’s information up-to-date and accurate, respecting their privacy and finally of course ensuring it’s protected. There are also ethics for the workers for example using the systems in a responsible way, making sure computers and software is kept to a particular standard and finally keeping system procedures etc. documented so workers can know how to use them to full potential.
Finally, where software is obtained and used on a ‘fair usage’ policy this is something always kept too.
Effect of emerging technologies
Barclay’s IS team has very much embraced cloud technology and integrated it into a great deal of their systems. All the employee’s laptops use NAS and many use the cloud for other applications. This has the effect of reducing costs in terms of processing power and memory. It has also allowed for many employees to work from home, something which they do regularly.
Open source software is software with its source code made available to the public, in most cases people can study and modify the software. The adoption of open source is something many large businesses are currently going through. The key effect of open source, from a business perspective, is that it is far cheaper than traditional proprietary software, but it does have other effects. It is much easier and quicker to obtain and implement OSS than proprietary.
Some older applications are currently unable to work with open source and cloud technology. These applications will likely have to be rewritten to be used in the future.
Lenovo ThinkPad T410 Specification:
- Screen: 14.1-inch WXGA+ (1440 x 900) LED Backlit (Matte finish)
- Operating System: Windows 7 Professional (64bit)
- Processor: Intel Core i5-540M (2.53GHz, 3MB Cache)
- Memory: 4GB DDR3 RAM (2GB + 2GB)
- Storage: 320GB Seagate 7400.4 HDD (7200rpm)
- Optical Drive: DVD+/-RW
- Wireless: Intel 6200 802.11AGN, Bluetooth, Gobi 2000 WWAN
- Graphics: NVIDIA NVS 3100M with 256MB DDR3
- Power: 94Wh 9-cell, 90W 20V AC adapter
- Dimensions: 13.13 x 9.41 x 1.09-1.26?
- Weight: 5lbs 9.3oz