Table of contents of the article:
For most companies, managing an IT infrastructure is not their core competency. For this reason alone, companies often outsource this work to a specialized company.
Other benefits of outsourcing Linux support include:
As long as the deal is structured correctly, the costs will be known in advance and can be budgeted. By 'properly structured', I mean that the agreement should define a level of service rather than a number of hours or incidents.
Access to skills
Linux is a huge topic. It includes determining which RAID system to use, how to set up high availability clusters, which cloud infrastructure to use, which container system is appropriate, data encryption techniques - the list is huge. Nobody has a thorough understanding of all this.
Outsourcing to a company with a team of experts that designs, builds, and maintains Linux systems every day of the week means you have access to that experience.
Wide range of experience
Chances are that what you are trying to do - or something very similar - has already been done. A good outsourcing partner will be able to bring the experience of working with other clients into your situation, which will result in a faster and more robust solution.
A specialized IT company will already have the components needed to manage an IT infrastructure, including ticketing systems, monitoring, configuration management, backup, and so on. This means you don't need to provision and manage the infrastructure yourself.
They will also have developed proven processes and methodologies to enable them to support their customers effectively and efficiently.
A specialized IT company will invest in high-quality training for their staff.
The technology and associated best practices are constantly evolving. A professional IT company will keep up to date with what's current and make sure the solutions they manage are fit for purpose.
Perhaps most significantly, for a company that provides outsourced Linux support, this is their core business. If they're not good at it, they won't survive long.
How to choose a Linux support company
If you are looking for an outsourcing partner to design, implement or support your Linux systems, then by definition you are looking for a company that knows more about these things than you, so how do you choose who to work with?
Here are seven areas you should discuss with any potential partner.
1. Why them?
Most of the support companies out there can fix computer systems - if they couldn't, it wouldn't last long. So how do you go about choosing between them? You could start by simply asking them:
Why should I choose to do business with you over any other option available to me?
Those other options include:
- doing nothing
- hire someone specifically to manage your systems
- manage IT yourself
- using this company
- using one of their competitors.
If they can't be clear as to why you should choose to do business with them, you can't be clear in your choice either.
2. How do they manage security?
When you delegate the support of your IT infrastructure to another company, you are handing over the keys to at least part of your business.
Those who have the keys to your home have built trust with you, probably over a long period of time. Those who have the keys to your IT infrastructure also need to earn that trust.
Security is a big topic, but here is a list of questions to ask that will at least give you an idea of how seriously a company takes security:
- How do you manage access to your customers' servers?
What are you looking for: use of firewalls or VPNs to control access.
- How do you store passwords in your customers' systems?
What are you looking for: passwords stored in a secure and encrypted database. Ideally, the encryption will be AES256 compliant or higher. The password store must be backed up securely.
- Who has access to those passwords?
What are you looking for: the only staff who should have access to your server passwords should be the technical staff who will support it.
- When do you use two-factor authentication?
What are you looking for: that enforce two-factor authentication (“2FA”) for access to everything that should be secure. This includes their clients' servers. You can read more about 2FA in “Enhancing Security” here.
- What is your process for keeping systems up to date with respect to security updates?
What you are looking for: a systematic and verifiable way to keep systems up to date. Ideally, automated system monitoring will report all systems that need updates. It is important that yours
servers are up-to-date and secure, so this should be an integral part of the service, not a paid extra.
- How do you keep an audit trail of the work done?
What are you looking for: a configuration management system, code repository and ticket system that work in harmony to provide a robust audit trail. The best would be if they could show you a real audit trail.
- Are you certified according to ISO27001 the information security standard?
What are you looking for: simply a "yes", supported by their current certificate. The certification shows that their security policies and procedures have been externally verified and found to comply with the Standard.
3. What is their goal?
I know support companies that are good at supporting Linux.
I know support companies who are good at supporting Windows.
I don't know of any support companies that are good at supporting both.
If your business has chosen to run Linux servers, you want a support company that takes Linux seriously. You don't expect your GP to be an orthopedic surgery expert; likewise, you shouldn't expect an IT generalist to be able to provide the best Linux support.
4. How will they help you reduce your costs?
IT is not an end in itself, but rather a means to an end. Your IT outsourcing company should understand why your IT systems are in place and what they can achieve.
If there's a better or cheaper way to accomplish the same thing, even if it involves fewer supported servers, they should tell you. Why would an IT support company tell you how to save money with them? Because they should be a partner, not just an expense item.
Every problem that affects the service costs you money. A good IT support company will be proactive, solving potential problems before purchasing, that impact your business.
This is our philosophy:
We believe that if you need to notify your IT support company of a server problem, it has already failed.
You may ask:
- How fast do you fix problems?
- Describe how to prevent problems from occurring.
- How many support incidents are included in my contract per month?
- If they monitor servers, ask:
- Can I have access to that monitoring?
- How many metrics are monitored on a typical server?
If you have a problem, it must be easy to talk to someone who can really help you.
You've heard "We're experiencing higher than normal call volume" enough times before.
5. What qualifications do their staff have?
Historically, there has sometimes been a gap in the IT sector between technical qualifications possessed and demonstrated technical competence. With this in mind, some Linux qualifications have been designed to be more stringent.
The key qualifications in the Linux world (in no particular order) are:
- Red Hat Certified Engineer (RHCE)
The RHCE exam requires the candidate to configure a Linux (Red Hat) system in various ways. This is a non multiple choice written test; it is practical and practical.
Verdict: a very high standard.
- Debian Developer (DD)
This title is achieved not by passing an exam but through a peer-managed process for managing and maintaining Debian packages and a deep understanding of the Debian philosophy.
Verdict: a very high standard.
- Linux Professional Institute (LPI)
These Linux distribution independent written exams are administered by the non-profit Canadian Linux Professional Institute. There are many levels of certification.
Verdict: A useful guide, but probably not as profound as the RHCE and DD.
Keep in mind that qualifications expire after a certain amount of time, so be sure to inquire about current qualifications.
6. Can you visit their offices?
Most IT support companies will have no problems with your visit to their offices and it is a valuable thing to do. As discussed above, you are potentially handing over the keys to at least part of your business, so visiting their offices is a reasonable step in the due diligence process.
When you visit, what are you looking for? Here is a short list to get you started:
- Are they professional in dealing with you and each other?
- How are they handling security with a stranger (you) in their midst?
- What is the culture of the office? What's on the desks and walls?
- Would you like to work there?
- Are the answers given to your previous questions reflected in what you see in the offices?
- Are the staff smart, professional and polite?
If their company's website lists the IT support team, there's no harm in Googleing what kind of people they are.
7. What does the contract include?
A professional IT support organization will insist that both parties sign a contract. This is not legal advice, but I believe the contract should include:
- Any minimum term and the required notice period. Neither should be excessive - you should be with them because you want to, not because you have to.
- The days and hours of coverage.
- A confidentiality clause. They are likely to have full access to all of your data, so this is essential.
- A Service Level Agreement: defines the response you are entitled to for a given severity of the problem, but keep in mind that "response" is not the same as "resolution". This can also vary at different times of the day.
- What additional costs are not covered by the contract? Check for installation of security updates, operating system upgrades, user requests, additions / changes / deletions to supported services and any limits on the number of Incidents.
You shouldn't expect to have to test the contract in court, but having a contract ensures that both parties have a clear understanding of what will be provided at what cost.
A good outsourced IT company can be a true business partner, able to help not only with day-to-day support, but also with the other elements of building and managing a Linux solution.
The seven areas discussed above will help identify the companies with which a partnership is most likely to be successful. If you end up with a squad of more than one, there are two final considerations that can help you choose:
- You like?
It may not be scientific, but you are unlikely to have a successful business relationship with people you don't like.
- What are their existing customers saying?
Any reputable IT company will gladly provide references, and many people are more candid on the phone than in writing, so call a few.
In addition to their general opinion, ask them what they would like to know when they signed the support contract. Ask them about the level of service, the professionalism, the partnership. How fast is the phone answered? How fast are the issues resolved? How is the availability of their server? Would they recommend their support company to others?
Arrange a no-obligation call and let's discuss what you want to achieve with Linux.