Planning

involves designing the system architecture, putting the system intheright environment, setting aside enough resources, and planning for growth. You might also consider hiring an experienced professional as a consultant.

Do: Put a lot of
time and effort into designing the system architecture. Make sure
that management knows that groupware is more than an application.
It is a complex system that requires proper planning and resources.

Don’t: Don’t force
a groupware system into an environment that will not allow the system
to do its job. If you want users to really use the system, then give
it hearty, dedicated resources instead of pulling an old server out
of the closet, or making do with a server that is already taxed. If
you want users to share data, not just two-line messages, then make
sure the network infrastructure has enough bandwidth to support the
communication your organization wishes to benefit from.

Do: Start out with
dedicated servers that have plenty of disk space and plenty of memory
(specifics are recommended for individual systems from their manufacturers).
Some groupware systems separate administrative processes from messaging
processes to some extent. In the spirit of dedicating resources, it’s
a good idea to isolate the core administrative processes on a separate
server, away from the day-to-day message traffic. For example, Novell
GroupWise uses a “Domain”, which is a database that houses administrative
information about the rest of the system. Putting this database and
its MTA (Message Transfer Agent) on a dedicated server will reduce
the chances of corruption and will give you gates, or shut off valves
if you will, when you need to isolate a problem during troubleshooting.

Do: Plan for growth.
Your users will use this system more than you expect. They will quickly
learn that they can’t live without every feature and function, so
plan for it. Purchase more disk space than you think you need. Buy
a more sizable server than you think you need. Also, build in fail-safes.
Novell GroupWise allows to you to configure multiple agents to service
a single post office. Configure an extra agent to be activated in
times of emergency or unusually high traffic, and have the resources
to support it.

Do: Consider hiring
a consultant during the planning phase to help with the design of
the system. Do yourself (and your company) a favor and contract an
experienced professional to review your current environment, make
recommendations for changes, produce an architectural overview of
an ideal system (with guidelines to get your system there), and to
suggest an implementation schedule. Realistically, most IS departments
have the ability to perform the install and the roll-out to the end-users.
If you are wondering where to spend your money, put it into the design
rather than hired hands to push buttons during the implementation.
I can’t stress this enough: a poorly designed system will have bottlenecks,
will not run efficiently and will not give you the return on your
investment that a properly designed groupware system can deliver.

I can’t stress this enough:
a poorly designed system will have bottlenecks, will not run efficiently
and will not give you the return on your investment that a properly
designed groupware system can deliver.

Symantec recently contacted ?regarding its April 11th, 2001 analysis of pcAnywhere securities issues and pointed out several features we glossed over in our (albeit brief) discussion of pcAnywhere 10.0. To summarize Symantec’s claims and our responses:?

1. pcAnywhere 10.0 client-host traffic can be encrypted using internal pcAnywhere, symmetric, or public key encryption.

The encryption Symantec refers to prevents network monitors or “sniffers” from capturing a remote pcAnywhere session. But unless you select public key encryption, and then do not publish the key, it will not provide any additional protection from other pcAnywhere users. A login attempt will report the level of security being used.

2. pcAnywhere 10.0 requires that users password protect their pcAnywhere hosts. A “null” password is not accepted.

pcAnywhere 10.0 requires that users password protect new Callers, not new hosts. Password protection of the host is optional. And both levels of password protection can be defeated via the .CIF file “back door.”

3. Authentication options offered with pcAnywhere 10.0 include Active Directory, NDS, Novell Bindery, LDAP, FTP, HTTP, and NT Domain.

4. Random searches for pcAnywhere hosts can be prevented by going to Tools > Options > Host Communications and clicking the “Do not display host in TCP/IP search results” box.

This is an important feature for pcAnywhere users wishing to ensure their privacy over local area networks and the Internet.

5. pcAnywhere users can add a further level of security by limiting connections to within a specific subnet or even a specific TCP/IP address or host name.

This is perhaps the easiest-to-implement safety feature for both home/small business and corporate users. Go to Tools > Options > Host Communications. In the TCP/IP options box you can enter a list of valid connections. Callers from addresses other than those listed will be rejected, regardless of permissions and passwords.

6. If you use the pcAnywhere 10.0 Packager to create custom pcAnywhere hosts, “Integrity Checking” will check the installation every time pcAnywhere is launched for changes in the registry, pcAnywhere objects, executables and DLL’s. Integrity Checking prevents .CIF files from being copied into the pcAnywhere data directory and circumventing security settings.

“Integrity Checking” applies only to Packager-created hosts. Packager installation requires Windows NT or Windows 2000. Otherwise, pcAnywhere 10.0 does not distinguish between a CIF file generated by its own host and a .CIF file generated elsewhere. In fact, you can copy a foreign .CIF file to the \pcAnywhere directory while the host is running and the host will incorporate the new password and login “on the fly.” Subsequently (until and unless either the new Caller or the .CIF file is deleted), all new hosts will incorporate that .CIF file’s defined Caller.

This porous “back door” necessitates careful attention to all the other security measures pcAnywhere offers and incorporates.