Web Browser Safety: Cookie Control in Firefox

I’m a huge fan of Firefox and use it as my main browser. I found myself reviewing my cookie settings recently and thought it might be worth documenting this for future reference and in case anyone finds it helpful.

The issue I’m concerned with here is the profusion of cookies for tracking, auto-complete forms, and so forth. Call me paranoid, but the potential for 3rd party cookies to be in collusion activities is something I’d prefer to avoid (try the Firefox Collusion Add-on if you’d like a picture of potential collusion interactions). If you’re a regular web user and don’t have any cookie controls in place then you might get a scare by looking in Tools > Options > Privacy > Show Cookies.

Many cookies are quite unnecessary – try switching to private browsing in Firefox to see how life would look if you deleted all your cookies. However, some cookies do make life a lot easier. At Oxford University a lot of websites are secured with Webauth and use “session” cookies to store information needed for single sign-on to work; cookies also help to make interactive websites work smoothly.

I use some Firefox settings that enable me to approve the helpful cookies – on a long-term basis – but filter out the advertising, tracking, and otherwise unnecessary stuff. Here’s how I set it up…

Step 1: Configure Firefox to ask your permission when a website wants to set/change a cookie

Open the privacy settings options at Tools > Options > Privacy and set the History and Cookie options highlighted in the screenshot below:

FF_Cookies-Privacy_Settings

Step 2: Clear out your old cookies

Still in the privacy settings dialog, click “Show Cookies” on the screen above, choose Remove All Cookies

FF_Cookies-Privacy_Cookies

Step 3: Work normally and selectively allow / deny cookies

Just go ahead and browse. When a website wants to set/change a cookie, Firefox will pop up a dialog like the one below. Roughly speaking, for sites you recognise and trust you want to tick the “Use my choice for all cookies from this site” and allow the operation, and for sites that look undesirable (e.g. ads.doubleclick.com) you’ll want to tick that box and deny the operation. For sites that you’re not sure about you could “Allow for session” which will clear the cookie out when you close Firefox.

FF_Cookies-Confirm_Cookie

Step 4: Check your cookies in a few weeks/months time and be amazed!

Obviously, in your first few hours you’ll find yourself allowing/denying a lot of cookies. This will die down as you build up a list of sites that you allow cookies for though. If you go back to your list of cookies (Step 2, above), then you should find that it is much shorter than before – and you’ll recognise nearly all of the sites on there.

You may have spotted a number of additional privacy options in the screenshots above. Personally, I normally set “Accept third-party cookies” to Never – but this can cause problems with some sites. You can find more information in the Mozilla support article Disable third-party cookies in Firefox to stop some types of tracking by advertisers. The tracking options at the top of that dialog can also help discourage some “nice” tracking sites from setting cookies or using other tracking mechanisms – but it’s a bit like the olden days of robots.txt files: you’re dependent on someone else honoring the preference you’ve expressed.

Advertisements

UCISA Support Services Conference 2013: Day Three

Day 3: Thursday 4th July

Thursday morning started with a pair of shorter plenaries looking at two recent service desk initiatives.

The first was a Bomgar deployment at UCA. Being distributed over five sites led UCA to feel that a remote support solution was an absolute must – this would also help with the Senior Officer who uses a Mac at home and needed assistance in setting it up with his printer – a familiar story! They had introduced Bomgar as a tool to fit this need, in order to drive up first-line-fix rates and reduce load on second-level / technical teams. Their previous tools were tied to particular platforms, and therefore the quality / level of service available depended on whether a user was running Windows, OS X, Linux, or something else. Bomgar were also part of the supplier exhibition, and were promoting their recently developed direct integration with the Cherwell service desk tool.

This was followed by a review of the recent Service Desk Initiative (SDI) certification undertaken at the University of Leeds. They are a 14 FTE service desk, with distributed ITSS, handling around 80,000 calls each year. They had been trying to move from “catch and dispatch” or “break/fix” to a customer focussed model of working and were wanting an independent assessment of their operation. SDI was chosen for this. An initial 2-day assessment unpicked everything they did, and took a deep look at their documentation, processes, training, etc. The score wasn’t where Leeds had hoped, but this initial assessment is followed by a series of recommendations to help you acheive your target rating. After 6 months of hard work, Leeds made it through their certification assessment at their desired target level. This is the kind of work that a Service Desk Manager does, and it was hard. Leeds are now hoping to build on their score and go back for recertification at a higher level in future.

During the break I met with the head of the desktop PC team at Royal Holloway. They manage around 900 student PCs and a further 1200 staff machines – so a similar size of user base to Oxford and picking up similar deployment scenarios. Their organisation comprises 5 service desk staff and 5 desktop technicians, using WSUS/SCCM for management. Interestingly, student calls go to the service desk, and all staff calls go straight through to the technicians. The current push in this team is for collaboration tools – providing collaboration from the desktop using Microsoft Link and Yammer. This will be a move away from a plethora of self-selected tools currently in use.

The final session of the conference was a look at Social Media as a communication channel, and brought together many ideas that were raised in other talks. Six main types of SM were identified: blogs, networks (groups based on people’s affinities with each other), content communities (groups based on content type such as YouTube), bookmarking services, micro-blogging like Twitter, and wikis. Internal SM platforms – used for employees to communicate with each other – tend to get low take-up because these don’t build on existing networks / profiles / communities but require people to re-invest in a less established arena, often with little idea of the likely benefits. Working in SM requires us to think about “the 4 C’s”:

  1. Creation (of content) – what is relevant, existing, interesting?
  2. Context – how do people find our content (search engines, sharing, discovery)?
  3. Conversation – listening, interpreting, and responding to other SM publishers, and the reaction to our own content;
  4. Conversion – why are we doing this at all? We must have a goal, which will often be based on someone doing something (buy our product, solve a problem for themselves, find and use a new service, …)

There are lots of stories about SM faux-pas. Customer Service often features in SM scare stories. A video showing how to open a Kryptonite cycle lock using the cap of a bic biro stirred up a lot of chatter, and Kryptonite responded after about 10 days (with a refund/upgrade for customers) – however this incident is estimated to have cost them around $18m.

What is also important though is that the preferred SM platforms change rapidly. Even now, as businesses are getting to grips with blogging, Twitter, and Facebook, students coming up from school are using SnapChat and the Vine. In a few years these two will also be outmoded. Our approach needs to be to develop an overarching strategy that remains applicable as the platforms change, and recognise that flexibility can be powerful here.

The conference finished with a final chance to meet colleagues, and the starting of a journey round UK HEIs of a conference trophy, to be passed from person to person on a tour around the UK, and arriving back at next year’s conference with a series of photos of interesting things learned at each institution.

UCISA Support Services Conference 2013: Day Two

Day 2: Wednesday 3rd July

Breakfast, and time for the first meeting of the day, with colleagues from Plymouth and Liverpool John Moores. Do we have security training for all our staff (IT or otherwise)? At Oxford we have policies, a toolkit, lots of guidance, and some systems, but the only routine training with periodic “refreshers” is on DSE assessment and recruitment (although some security training is on the way as I type). The pattern seems good – initial training, followed by periodic updates (frequency as appropriate), via a self-service interface with some means of checking that the user has taken on board key aspects of the learning. At LJM all IT staff go through a similar programme for DPA, anti-bribery, and diversity training. Sounds like it has potential for Oxford, and the quid pro quo is that our ISBP toolkit is of interest to Plymouth and LJM.

The first plenary was from Druva, who have provided a “dropbox alternative that meets corporate data storage and security requirements” to the Economics Dept and Business School at Warwick. I spoke to Druva the day before, and the solution sounded interesting – compliance (policy) driven storage with refresh and commit to/from a local copy from multiple clients. The talk also had some interesting points – our users are shouting for “style”, “freedom”, “productivity”, and “convenience”, whilst our employers are demanding “managed risk”, “privacy”, “security” and “protection” – the ever present availability vs. security tension. Unfortunately the rest of the talk didn’t reassure me. “Druva is NOT a backup company” we were told, but then “…and we can deliver all of these core features because, at its heart, Druva is a backup company”. Later on “We configured it to use port 22 as we already had a hole in the firewall and didn’t want to open any more holes up for obvious security reasons”. As configured at Warwick, users can restore to any 12hr snapshot in the last two weeks, from any device (and there is a web interface for retrieval too). One other note, from Warwick’s Economics Dept, was that they had abandoned whole disk encryption due to (a) direct cost, (b) support and productivity cost through lost passwords, and (c) impact on imaging and desktop management.

Plenary 2, and Steven Beavis (Cherwell) talked about measuring customer satisfaction. His key point was that at the end of the day, that’s what it is all about. He suggested that customer satisfaction follows primarily from two areas – perception of value, and ease of access to desired services. Metrics should be balanced across four main areas: Productivity, Efficiency, Satisfaction, and (as a result) Satisfaction. Deriving metrics is a cycle – you set Goals, define Critical Success Factors that reflect acheivement of the Goal, set Key Performance Indicators to tell you when the CSFs are hit, record Metrics which can be used to derive KPIs, and generate feedback as a result, which then helps to set next year’s Goals. Users are increasingly requesting a focus on satisfaction – “I want it fixed, now” – rather than operational targets (we had 10,000 calls last month). Further, reports should be actionable – there is no point in reporting a figure unless it leads to actions for improvement.

This led into a lightning talk about surveying. Lots of people had anecdotal evidence of high levels of apathy – low response rates, mid-range scores, etc. A few success stories were related though. Noel Bruton’s “Random 5” – 5 callbacks per week to users who had tickets closed to gauge their satisfaction in 3 questions or so – this had worked well for one person. Another got a 30% response rate by sending all callers a “Less-than-one-minute” survey. The idea of an email with (two or) three HTML buttons – Poor, OK, Good – to all callers won some favour. One University IT department had sent staff out with bright t-shirts and a list of 12 (yes or no style) questions; these staff then took up post near doors to campus cafe’s etc and asked just one question of anyone walking through – of course most people gave up the answer before they realised that they were being surveyed, and a very high rate of data collection was acheived.

The morning closed with a talk from Edinburgh University about UniDesk. Edinburgh, St Andrews, and the University of Abertay had all been looking to buy new ITSM tools, and thought that doing this together would get better leverage. This led to thinking about sharing the cost of developing ITSM processes, and then the whole hog – a shared service desk. TOPdesk came in as a fourth partner, bringing their ITSM tool and commercial knowledge. From kick-off in June 2008 the whole thing was done in c. 30 months (Nov 2010).

The initial shared service had Incident Management and Request Fulfilment, and extension to incorporate Problem Management, Change & Release Management, and Configuration Management (or at least a CMDB) followed. Sheffield Hallam University have taken this up for their service desk.

UniDesk’s life had not been without lessons to be learned – and many of these seemed to be good advice for our own service desk project. Five things came though:

  1. Keep it simple – no customisations for the initial partnerships makes it easy to maintain, avoids politics, keeps costs down, and makes it much simpler when potential new partners come along. You need to decide not to overengineer it from the outset!
  2. This isn’t going to save the bank – although efficiencies may lead to small savings, these are not generally substantial, especially for the initial group who set it up.
  3. A simple business model is critical. UniDesk agreed a cost per annum, based on JISC bandings of instituation size – but then usage was unlimited (i.e. cost is absolutely defined for the service period ahead – “fill y’r boots!”).
  4. Trust is very important. Each insitution had to make compromises, adopt aspects of the others, give up customisations of their own. This can only be done successfully if you trust that everyone is in this for mutual benefit.
  5. You need to be rigorous in accounting for costs (e.g. staff time) in the shared service – as resources come from the partner organisations, but people will want to question how much the are being charged (the transparency aids building of trust).

Edinburgh are also using the shared service desk for their Finance and Registry teams. They are getting on well with using the tool, but don’t have the ITIL knowledge to “get” the processes – especially the two-part closure (resolve first, then close with data cleansing).

Innovative Communications was the topic of conversation before lunch. Most people seemed to be focussing on how to engage with students (“lose the suit, grab a hoodie” was the key to success here). Ideas that broke out of the usual molds included:

  • Poster promenades – IT and Library advertising their wares in departments (cake made these events popular);
  • Open Days – a sort of IT conference for academics and researchers – a tour of the data centre had proven particularly alluring!
  • A roadshow, going round the University to show off new/exciting developments. Short talks were recorded and delivered by video to save key staff from spending loads of time on this;
  • The use of 90-second videos to showcase services and projects had been well received. Several Universities used video as a core part of their communications, and had their own YouTube channel;
  • One University had a robot at their freshers fair – you could ask the robot a question and somehow it would try to provide an answer.

Over lunch I met up with two Relationship Managers from Hull University. This is not part of the student welfare scheme, but the bit of IT that links out across the University to do Business Relationship Management (a bit like Internal Account Management). Their role is to speak to departments about current issues, wishlists, strategies, plans etc, arrange for specialist staff to be available for suitable discussions, and advise on new developments / IT strategy. All engagements / contacts are recorded and reviewed, and the information collected is made widely available across the IT department. `The role is tightly integrated with Communications – although Hull are yet to get staff for this. More than one person is needed for this, although with BRM activities spread over several staff, one person could coordinate several relationships. It was seen as key to success that relationships are trunked – i.e. one person oversees / handles relationships with a group of related customers. This helps to join up the customer needs, and fosters sharing / peer support. In terms of internal links and dependencies needed to deliver in this area, Relationship Management falls cleanly into the Customer Services area of IT, but depends a lot on Application and Web Development as these are the areas where most issues seem to crop up.

The afternoon kicked off with a discussion of Herriot Watts’ reorganisation and merger of IT and Libraries. One of their larger issues was a 10 minute walk between the library and the data centre, and several people who had merged library and IT help desks a few years ago are now separating these functions out again – it seems that students want library help from libraries and IT help from IT.

Next we heard from Dan Batchelor (University of Wolverhampton) who is the outgoing president(?) of the Student Union there. The union had been failing, and he led them to ditch the bar/club/table-footy culture and become a support body for students. Part of this saw them become “the Student Voice” in IT decision making, and they really did seem to have great engagement through formal and informal channels at both individual and organisational levels. This meant that strengths established in one year were not lost when the executive was re-elected for the next. His story was very persuasive and I, amongst others, plan to investigate the potential of our own unions (OUSU in Oxford’s case) to help link with students.

The last formal session of the day was a talk about surviving in changing and challenging times. Paul McGee was certainly an animated and engaging speaker, and many people will doubtless remember some of his sound bites: “The future does not belong to the strongest, but to those most able to adapt (Darwin)”, “Shut Up, Move On”, the receptionist whose name card read “Director of First Impressions”, and the fact that “change makes us uncomfortable”.

Thus ended the second day, giving way to the second evening, the conference dinner, the after dinner talks, and the discussions of service desk and managed desktop issues into the wee hours.

UCISA Support Services Conference 2013: Day One

This is the (now) annual UCISA SSC, attended by around 150 staff working in IT support from across UK HE. This year’s conference ran from Tuesday 2nd July – Thursday 4th July, at the John McIntyre Conference Centre, Edinburgh.

Day 1, Tuesday 2nd July:

Arrivals and registration led onto meeting up with colleagues (new and old) from other institutions. Common themes soon emerged, with discussion around service desk KPIs and metrics, questions around whether AV support is a service desk responsibility or something for a specialist team, and developments (mainly around the use of virtualisation) in desktop provision. Data security concerns also featured, but with the focus varying between confidentiality (e.g. in the case of lost / stolen laptops) and availability (e.g. in the case of device failure when the only copy was stored locally).

I had an interesting chat with Sheffield University’s Service Improvement Coordinator. At Sheffield they felt that ITIL’s Problem Management process only addressed part of a broader picture of (reactive and proactive) feedback on service quality. Their SIC role encompasses a set of responsibilities covering customer satisfaction and feedback, service reviews (including interviews), Incident patterns, and more. This role also overlaps with ITIL’s Business Relationship Management and Availability Management, but doesn’t have any resources or authority to make changes – this happens through influence on service strategy boards. Sheffield has c. 165 services in their Service Catalog.

Ian MacDonald (Co-operative Group IT at Manchester) presented a the subject of Assessing and Benchmarking to Drive Continuous Service Improvement. Some of the key points of this talk were:

  • Real value is derived when assessment and benchmarking is integrated into a strategic intent to continuously improve capabilities and deliver improved services;
  • It needs to be ongoing.

A Jack Welch quotation (“Face reality as it is, not as it was or how you wish it would be“) captured the idea that we might have the view that we’re doing a good job, but our users might have quite a different perception – we can’t get awat with just believing that we are “good” at what we do – we need to get some external references on this.

An interesting model was discussed, where Value for Money (seen by the user/customer) is generated through a combination of costs and value. Costs arise from the hardware, software, premises, and staff used to deliver services, whilst Value is derived from the products, services, people, and image that we offer. Importantly then, Value is perceived – and can be influenced, whereas Costs are tangible – and cannot be influenced (they are what they are).

In terms of understanding how we are doing then, there are some options. Self-assessment, available through several free structured questionnaires, can give us a score that can be compared against an industry norm. Certification provides independent assurance that a certain standard has been met or exceeded. Benchmarking enables measurement of the time, cost, and quality of our activities, which can then be compared against best practice or peer results (e.g. from the same industry sector) – this provides the best understanding around the costs of delivering IT. Finally, Awards are another way in which excellence can be recognised – and has a strong link back to the image aspect of Value.

The next plenary was a group discussion of support models in different HEIs. Although there was a lot of variation in the details, broadly speaking most people seemed to have a central IT function providing commodity services, and some form of devolved local/specialised IT function in departments / schools / colleges. Those who represented central IT took a general view that they wanted more centralisation, but few had found ways to overcome the objections (or rejection of the idea) by local IT. Oxford’s position of recognising distributed IT as a key asset, and wishing to strengthen the support interactions between local and central IT was fairly unique.

Our first business showcase of the conference was a joint presentation by Cherwell and the University of Wolverhampton. The UoW undertook a project to replace its service desk toolset. The project timeline was something like:

  • Early 2011: desire recognised, project kicked-off
  • Oct 2011: vendor demos
  • Dec 2011: PQQ responses and tender process
  • Mar 2012: 3 suppliers shortlisted, scenario-based proof-of-concept sessions with vendors (13 scenarios used, focussing on previous or predicted situations), vendors varied in approach and preparedness
  • Apr 2012: Order placed with Cherwell
  • Jul 2012: Implementation finalised, dual-systems run in parallel
  • Aug 2012: Go live

The talk looked at how the relationship developed between Cherwell and UoW, and touched on a number of lessons learned during the project. The key messages were that the full extent of project impact needs to be considered – training for all staff and key users, awareness of the change across the broader university, and not expecting perfection after a single run through.

Next we heard from Manchester Metropolitan University, who have been undergoing a programme of cultural change. This had some interesting overlap with Oxford’s central IT reorganisation. They had faced the question of “Are we there yet” – and decided that with organisational change you can rarely say “yes” as the endpoint is really hard to define or measure. They had used Myers-Briggs personality assessments, 360 degree feedback, changes in language (e.g. the area where infrastructure work is now called “the office” rather than “the bunker”), and they have introduced social events, recognitionschemes, and “Make A Difference (MAD) Day” where managers all reported on something acheived by their team in the last few months that had made a difference to someone or some part of the organisation.

The final event of the day was a series of 3 PechaKucha (20×20) talks. In one (John Grannan, Leeds) looked their OneIT Transformation Programme – another organisational change! He described the goal of this using a phrase that would be persuasive anywhere: “Showing users that IT is something they want, not something they have to fight with”. One of their focusses has been on Service Definition – providing a clear list for users so they know what is available, who it is provided by, and how/where to get it. They are using ITIL and CSIP, but have hit the issue that in terms of process maturity models, the business needs to match IT in order that the “more mature” conversations can take place. The final session was given by Peter Tinson (UCISA) on the subject of Leadership. He made several interesting points: (1) everyone working in IT is a leader – which we can only do well if we are respected (for doing a good job), professional, understanding of the business’ needs, and advocates for IT. He noted that decision making is often based only marginally (2%) on fact, and heavily (98%) on opinion, which is based on perceptions, interpretations, beliefs, and aspirations.If we take the time to listen to our stakeholders, talk to them in terms they understand, and are consistent in our message, then we will become valued and trusted partners.

How to Manage the IT Support Desk

Last week I went on a 2-day UCISA workshop / course led by Noel Bruton looking at various topics associated with managing an IT support desk. The event had been recommended by colleagues and relates very closely to the work we are doing in IT Services to establish a consolidated service desk.

Reorganisation:- We were a group of 16 delegates, representing 14 HEIs including St Andrew’s, Huddersfield, Queens College Dublin, St John’s York, and Queen Mary’s London. Interestingly the majority of us had recently been though or were in the middle of some sort of reorganisation, either across IT as a whole or just for the service desk. One of those most radical transformations was the pending breakdown of a team of 33 field engineers to put 12 of them on the 1L help desk and lose 10 of them to save costs while preserving overall service levels. If only we had a similar army to work with here!

Help Desk FTE:- By way of introduction we each provided approximate figures for the number of 1L and 2L (desktop support) staff, and the size of our user base (staff/students counted separately). Ratios of support staff to users varied considerably, but Oxford clearly has one of the largest supported user bases combined with a rather unclear idea of help desk FTE given the devolved nature of IT support. The University of the Arts (London) has 8FTE 1L analysts plus a manager and 33 FTE field (2L) engineers serving 25,000 students. They noted that as they are split over 6 colleges and 16 sites these numbers need to be higher than elsewhere, however they plan to reduce the 2L contingent to 12FTE by expanding the 1L team and training them up.

ITIL isn’t IT Service Management:- Somehow we got talking about ITIL. Noel has a particular view on this. There is very little in ITIL that can’t be applied to other service disciplines, so it’s not really specific to IT. Service is the smile you get when provided with a cup of coffee in a hotel – you wanted the product but you got something intangible along with it; ITIL doesn’t talk about “service” in this sense, but rather about “services”. Finally, management is about the effective combination of people, process, and technology, but ITIL only talks about process so it can’t be management in any meaningful sense.

Very few people seem to have quite such strong anti-ITIL feelings – I suspect that in his consultancy role Noel has come across people who have engaged him to fix their service desk…which is fully ITIL compatible but clueless when it comes to dealing with actual IT users and issues.

A Brief Summary of Everything Help Desk:- Next we took a whirlwind tour of the help desk, directed largely by following up on particular problems or experiences within our own areas.

Some basic statistics: users typically make 11 – 50 calls to the help desk each year with a typical volume for a university being 16 calls a year; an average 1L analyst can handle 30-40 calls a day; a typical 2L resolver will resolve 5 – 8 issues per day.

It is absolutely critical that all calls are logged. This provides not only for measuring and reporting on current call volumes and performance, but also for identifying potential improvements such as call types that could be processed faster if an automated diagnostic tool was available.

Groups vs Teams:- It’s obvious that a team is more than just a group of individuals, but what is the crux of that difference? Each member of a team has a specific skillset and follows an agreed protocol to receive a workload, execute their part of the process, and then transfer the workload on to the next person in the team via an agreed protocol in order to deliver the outcome. Each team player adds value and is responsible for delivery of their activities, even though they actually perform the activities alone.

Mazlow, Demming, McGregor:- No management course would be complete without name dropping and a few potted theories of how people work. One discussion ran off into an unusual corner though – whether the top layer of Mazlow’s hierarchy of needs (“self-actualisation”) is truly applicable to everyone. The common definition for this highest level of motivation is realising one’s full potential, self-fulfillment, and peak experience. However, some of us felt that this is a somewhat self-centred pinnacle, and that an alternative exists at this level – an outward purpose whereby the individual is motivated to lose their self in order to benefit a community or other “whole”. We were probably going off on a tangent owing to misunderstanding Mazlow though, as explained in Chad’s sideways thoughts.

Don’t Ask for Permission:- There was a teacher called Lesley who was good at teaching. Lesley set up a business selling teaching. Things went well and there was too much work so Lesley hired a couple of people: Sam to handle the administration and buildings, and Vic to teach into a growing specialist market. Over time the business continued to grow and Sam had to take on a facilities manager (Alex) and an IT person (Chris). In time of course, Chris needed a Windows sysadmin and a network admin. And so on.

The point is that Lesley was a generalist who recruited two specialists who were better at specific parts of the business than she was. In turn, each manager took on specialists to help get their job done better as things grew. Each manager wrote job descriptions that must have been incomplete because they were for a more specialised position that their own.

On this basis (a) don’t ask for permission – your manager hired you because you have the specialist skills that they don’t have, and they expect to trust you and rely on you to come up with the answers (if they could do it then you wouldn’t have been taken on), and (b) hierarchy is an illusion – the relationship between a manager and their staff is one of generalisation vs specialisation.

Demand and Supply in the Support Desk:- We looked at some simple but effective ways of tabulating data to assess support demand (how many calls for which services at various times of day – done using tallies in a table of services vs time of day) and supply (skills matrix – levels of competence in each service area for each member of help desk staff).

As a stand alone item, the skills matrix enables a rapid assessment of which services are well supported, which are short of backup or capacity, which staff are your “gurus”, and which staff are yet to realise their potential through additional training.

By combining these charts it is possible to derive optimal staff rotas for the help desk, ensuring that sufficient qualified staff are on duty just in time for the demand peaks.

First line, second line, end of line:- At this stage we had talked quite a bit about our teams, how things work, and where problems are perceived. We had referred to first line support (1L), second line support (2L), and third line support (3L). Noel stopped us to think about this for a minute.

Support, incident resolution, help desk is all about getting the user back to work within the current operational parameters of the systems involved. Any more than this and you’d raise a change request (ITIL was back in fashion by this point).

So, a call comes in to the help desk. It is picked up and logged. At this stage the help desk analyst either fixes it there and then (First Contact Resolution), or escalates it to a team better placed to resolve it. An escalated call must be picked up by another team who either fix it and contact the user, or re-escalate it to a team better placed to resolve it. This next team picks up an escalated call and either fixes it or re-escalates to another team, and so on.

We have two functions here. One function receives a call from the user and either fixes or escalates – this is the 1L function. The other function receives an escalated call and either fixes or re-escalates – this is the 2L function. There is no other function – there is no such thing as third line support. Of course, re-escalation in the 2L function may involve progressively more “technical” teams operating at successively lower levels in the infrastructure, but they are all carrying out the same function, and any implied hierarchy here is mere technocracy.

Noel suggested one modification to this – a triage team who work alongside 1L to take recognised and well understood problems that would tie up a 1L person for too long. This means that your 1L staff can provide “hot” transfer of calls that they know can be resolved without involving 2L and get to the next incoming calls.

Who Speaks to the User?:- When a call has been escalated to 2L, and they have found a fix, who gets back to the user with the good news? Or alternatively, suppose that 2L have taken the call but need more diagnostics – who contacts the user to request further details?

There are only two options here, and both have their supporters.

Option 1 (call-back) says that it’s the 1L staff who are trained in customer service skills and are therefore best placed to speak to the user. 2L must therefore send their information or requests back to 1L who will then pass it on to the user. The trouble with this is that it incurs delays in the response as it moves between support lines, and can suffer from “chinese whispers”-style losses on the way.

Option 2 (call-through) says that the most efficient thing is for 2L to get straight back to the user and speak directly. This certainly cuts out various delays and risks, but requires 2L teams throughout the organisation to be willing and able to use “customer service skills”, especially those around customer language and empathy. A strong focus on getting users back to work can help this to work.

Service Desk Economics:- Finally we explored the financial impact of a service desk. A simple scenario was developed, based on an (observed) average of 16calls/user/year in an organisation of 1500 users, paying £18k to a 1L analyst and £25k to a 2L analyst.

In the first run we adopted a “classic” model of having a basic 1L capability who could deal with 25% of calls without escalation, and a busy 2L team who average 5 calls resolved each day. 16*1500=24,000calls/year, or around 100calls/day, requiring 3 * 1L analysts to take the calls (based on typical 1L processing rates), of which 75 will be escalated to 2L where 15 analysts are required to process the day’s workload. The total annual cost works out at £429k and the average resolution time is 71mins.

In the second model we imagined training our 1L staff up to resolve 50% of calls without resolution, and focussing our 2L staff on incident resolution so that each of them resolves and average of 8.3 calls per day. This time we still require 3 * 1L analyst, but only 50 calls are put through to 2L where we now only need 6 analysts to get through a day’s work. The total annual cost works out at £204k and the average resolution time is now just 38mins.

So we saved £225k/year and improved resolution times by nearly 50%. Now we can afford to pay our 1L staff £25k and keep training them…

(Much of the content from this workshop is contained in a set of slides published by Noel from an earlier rendition entitled The Future of the HelpDesk).

Easier Software Updates for Windows

It’s one of those fun weekly chores – going through all the software installed on your Windows PC and checking online for updates, downloading them to a USB stick (the bigger ones at least), and then going round each PC in turn to install them. We’ve got 4 PCs to update, and that can’t be uncommon in a modern household.

In the Linux world things are much easier – on Debian you’ll normally get away with running “apt-get update && apt-get upgrade”. If you’re really lazy you’ll configure unattended-upgrades and be done with it.

Windows is a different beast though. You’re on your own. Sure you’ve got Windows / Microsoft Update, Adobe Updaters, Java Auto-update, Apple Software Update, and lots of other tools to help, but how do you remember which updaters you’ve run on which systems? Also, when you (re-)install a machine how do you get all the right packages installed up-front?

Enter WPKG (wpkg.org). This handy tool allows you to wrap any software installer with some XML-based metadata that specifies which PCs on your network need which packages, how to install / upgrade / remove software from a PC using the distributed installer (MSI, EXE, whatever), and version information to enable auto-updating.

To get started you can just download the WPKG server package and unzip it to a network drive (on your home server, right). This sets up a folder structure into which you can add your software installers and the XML data. You’ll need to write three XML files to get going:

  • hosts.xml specifies which hosts should get which software bundles (“profiles”)
  • profiles.xml specifies the software packages comprising each profile
  • packages.xml – or more typically packages/*.xml – specifies how each software package should be managed, with install / upgrade / remove commands, the installer file location, current version number, conditions for installation, architecture/system dependent aspects, and pre- and post- installation commands

Now you can run the wpkg.js script to update your system. There is a handy client package that will install a service to update your system at each login, and you can configure periodic checks using Scheduled Tasks.

Combine that with subscribing to the announce maillists for your main software packages and life is much easier – in most cases you just download the new installers, update the version numbers in packages/*.xml and make the coffee. All your machines will update themselves next time they get used.