Skip to content

Scale Computing’s Marlena Fernandez Recognized for Second Consecutive Year on CRN’s 2021 Women of the Channel List and Channel Power 100 List

INDIANAPOLIS – May 10, 2021 – Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, announced today that CRN®, a brand of The Channel Company, has named Marlena Fernandez, vice president of marketing, to its 2021 Power 100 list, an elite subgroup of standout individuals selected from the annual CRN® Women of the Channel list, for the second consecutive year.

The women honored on this year’s list pushed forward with comprehensive business plans, marketing initiatives and other innovative ideas to support their partners and customers, helping them through the uncertainty brought on by the global COVID-19 pandemic. CRN celebrates these exceptional women for their leadership, dedication and channel advocacy.

The CRN editorial team chose the annual Power 100 honorees based on their contributions, expertise and dedication to supporting IT channel success. The Power 100 award recognizes a select group of incredible women who have gone above and beyond — inspiring their peers through their leadership and unwavering commitment to the success of their partners, customers and the entire IT channel.

Fernandez joined the Scale Computing team in 2019 and was the first executive to be named to the CRN Women of the Channel list and the Power 100 list. Over the past year, she helped shift the company’s focus to give Scale Computing’s partners a broader solutions portfolio to share with their end customers. Fernandez was instrumental in driving the company’s commitment to growing its business with the partner community and better enabling them to successfully meet their end users’ IT infrastructure needs. She also played a critical role in expanding Scale Computing’s partner base by nearly double, growing customers and revenue by 45% in 2020.

“Marlena is a key influential member of our executive team, bringing insights from her years of results-oriented global marketing experience to help Scale Computing reach its strategic goals,” said Dave Hallmen, chief revenue officer at Scale Computing. “Her continued commitment to growing our business through our award winning Scale Computing Partner Community and strong leadership makes Marlena very deserving of this recognition for the second consecutive year. For the remainder of 2021 she will help lead our continued focus on bringing edge computing and hyperconverged solutions to large enterprises, solution providers and select industry segments.”

“CRN’s 2021 Women of the Channel list acknowledges accomplished, influential women whose dedication, hard work, and leadership accelerate channel growth,” said Blaine Raddon, CEO of The Channel Company. “We are proud to honor them for their many accomplishments and look forward to their continued contributions to the IT channel.”

The 2021 Women of the Channel and Power 100 award will be featured in CRN Magazine on May 10th and online at www.CRN.com/WOTC.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

Colonial Pipeline Attack Spells Fuel Pipeline Shutdown and Highlights the Need for Increased OT Security

On May 8th, news broke that Colonial Pipeline, one of the largest fuel pipelines in the US, was forced to stop all operations due to falling victim to a ransomware attack. The attack on Colonial Pipeline, which supplies close to half of the oil and gas used on the East Coast, is just the latest example of why cybercriminals target the oil and gas sectors. 

Colonial Pipeline Struck by Ransomware

According to a report by The Wall Street Journal, Colonial Pipeline, the operator of the biggest gasoline pipeline in the United States was forced to shut down operations late May 7 following a ransomware attack. The cybercriminals threaten to roil energy markets and upend the supply of gas and diesel to the East Coast. 

Colonial Pipeline is a key passage for the eastern half of the United States.  It’s one of the main sources of gasoline, diesel and jet fuel for the East Coast with a capacity of close to 4 million barrels a day.  They published a statement Saturday saying they were victims of a ransomware attack that affected their corporate IT network.  This attack didn’t exploit their operational network that controls its pipelines and distributes fuel which is separate from the corporate network. Colonial Pipeline announced they did indeed shut down the pipelines as a precaution to prevent the attack from spreading.

Initial thoughts led many people in the security industry to believe that this was another attack by a foreign government. However, Bloomberg published a report on Saturday, May 8th that the attack appeared to be spearheaded by the ransomware group called DarkSide. Known for their “double-extortion” schemes, Darkside took nearly 100 gigabytes of data from Colonial’s network in just two hours on Thursday.

The attackers threatened Colonial Pipeline that if the ransom was not paid, they would leak all the stolen data to the internet, encrypt the data on the attackers’ computers and Colonial’s network would remain locked. It’s not clear how much money the cybercriminals are asking for and how the attackers exploited their network. One thing that is clear, is that this attack is a concrete example that cybercriminals are moving their attention to attacking industrial organizations regardless of size or sector.

Oil & Gas Industry is an Attractive Target 

Over the years, the oil and gas industry has steamrolled into becoming one of the most powerful and economical global industries as it is critical for global and national economies. This has created a major target on their back, as adversaries see these sectors as valuable targets to exploit Industrial Control Systems (ICS) vulnerabilities. In the past, operational technology (OT) needed in oil and gas operations was isolated and “air-gapped,” and today these operational technology networks are connecting more often to different IT infrastructures and to the internet which has created a new door for attacks. The convergence of OT and IT environments in the oil and gas operations has created an endless amount of vulnerabilities from both the IT and the OT environments. There are also emerging risks from Internet-of-Things (IoT) devices and ongoing and growing priorities centered on compliance.

As seen in recent attacks on gas and oil organizations such as Pemex and Colonial Pipeline, it is justifying how attackers have gained an interest in the industry from understanding the different behaviors to how to exploit the organizations. This has resulted in oil and gas organizations needing to protect against any method of cyberattacks to ensure the global economy and civilian safety is not affected due to an attack.

Protecting Oil and Gas Operations

While in the case of the Colonial Pipeline attack, the details of how the adversaries successfully exploited their corporate network are not public yet, it has brightened the light that now is the time for gas and oil organizations to implement a strong OT security strategy. 

Last month, the NSA released a report describing the importance of protecting industrial control systems (ICS) and operational technology (OT) from cyber attacks. In the report the NSA states, “Without direct action to harden OT networks and control systems against vulnerabilities introduced through IT and business network intrusions, OT system owners and operators will remain at indefensible levels of risk.”

Additionally, the NSA report expressed that organizations and operators need to protect critical operations. “While OT systems rarely require outside connectivity to properly function, they are frequently connected for convenience without proper consideration of the true risk and potential adverse business and mission consequences. Taking action now can help improve cybersecurity and ensure mission readiness.”

Before the NSA released this report of their recommendations, many oil and gas organizations have taken the right measures to secure their OT systems and networks.  Over the last seven years, SCADAfence has been working with many critical infrastructure organizations, including oil & gas operators to ensure their OT networks are safe. We provide them with full network visibility, accurate detection of any anomalous behavior and malicious activities – including anomalies that originate from ransomware attacks.

Oil Example diagram in app

The above diagram shows how SCADAfence helps organizations in the Oil & Gas and pipeline industries to have full visibility between their IT and OT networks. This lets them know where the attack vectors are located and they can identify all of the connections between these networks with pinpoint accuracy. This approach has helped hundreds of organizations to successfully mitigate any anomalous activities on their operational networks, which can later turn into a cyber attack.

In an Operational Technology World, Failing to Plan = Planning to Fail

Basic cybersecurity practices can help to prevent these attacks going forward. This includes getting visibility into the entire network, as it’s hard to protect what you cannot see. Additional security practices include network segmentation or even micro-segmentation if possible, and getting continuous network monitoring is even more crucial in preventing similar attacks going forward. 

Numerous oil & gas operators have already adopted continuous network monitoring and threat detection technologies to gain increased visibility into their OT networks and keep their critical infrastructure networks secure. 

With this holistic approach, of network monitoring, anomaly detection, remote access visibility, and compliance, many oil & gas organizations are already reducing 95% of their risk level of future attacks.

A key element of these solutions is that they are all agentless, not intrusive, and can perform superhuman tasks at a fraction of the cost of one human worker.

If your organization is looking into securing their industrial networks, download our case study with a fortune 100 Oil & Gas Industry Leader to learn how SCADAfence provides complete visibility in their OT networks and provides real-time threat detection of any malicious activities.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

阻斷勒索!端點控管讓 EDR 反應更直覺快速

要防範勒索軟體,需要注意三大重點:

  1. 事前阻斷:儘量讓資安問題不要發生。
  2. 平時備份:確保備資料的可用性。
  3. 防止擴散:萬一不幸發生勒索時,要馬上進行止災,防止問題的擴散。

一般來說, 我們就是在前兩項之間不停的循環操作;當問題發生時,進行止災防擴,最後,再將備份的資料,進行有效的還原。

 

事前阻斷

要如何進行事前阻斷呢?推薦使用應用程式控管,阻止未經授權的程序執行,經由精品資安部驗証常見的勒索軟體,都可以有效被阻擋。其中也驗證了勒索軟體大名鼎鼎的勒索軟體,例如:去年 12 月的 DoppelPaymer,對某公司的墨西哥廠勒索 10 億,而另一個 REvil 家族在上個月,竊取蘋果電腦的設計圖,讓某廠因為洩密被勒索 14 億。

我們常說:預防勝於治療,你可以把應用程式控管,想像成隨身戴的口罩,因為口罩是一種非常簡單又有效的預防機制,可以阻斷病毒入侵的管道。

應用程式控管使用全新的白名單技術,用來阻斷惡意程式的運行,也是一種非常早期的預防機制。白名單技術和以往大家熟知的黑名單技術不同,理論上,我們可以使用黑名單,來限制惡意程式的執行;但問題是全世界的程式實在太多了,而且必須事先知道那些程式是惡意的,所以實際上黑名單的設計,本身就是一個後知後覺的機制,無法有效應變惡意程式快速增長的問題。

應用程式控管威力強大,就像是一個雙面刃,不只傷人,也可能妨害自己。如果使用不當,會造成正常的工作軟體無法使用的窘境。所以一定要撘配應用程式白名單的彈性管理,才能有效管理應用程式,不會對自己業務執行人造成妨礙。

應用程式白名單的彈性管理包含下面多種的功能:

  1. 清查:由使用者或管理者發動取得電腦中的應用程式作為白名單
  2. 觀察模式:蒐集使用者執行的程式並列管
  3. 使用者自決:自行新增白名單或停止應用程式控管
  4. 繼承:動態信任應用程式所帶起的子程式
  5. 父行程:防止使用合法的應用程式做為攻擊工具
  6. 自適性:比對應用程式簽章的簽署人,部份字串相同即放行;如:使用 *Microsoft*
  7. 記錄:完整的應用程式執行記錄,可加入為白名單

應用程式控管,可以透過管理良好的白名單,控管任何程式或文件衍伸的執行動作,讓惡意程式在啟動過程中,關鍵的執行點被應用程式控管阻擋,進而達到事前預防的目標。

 

平時備份

面對勒索軟體,備份仍是必要的減災方案,我們推薦使用X-FORT的安全備份功能。

我們瞭解,使用者常常會忘了備份,安全備份定期將資料備份到本機,或是遠端的File Server,在備份的過程中,使用者幾乎沒有感覺,仍可處理日常工作。

FAC(資料夾防護)協助使用者建立安全的工作目錄,限定特定程式,才可以存取此安全的工作目錄,如果惡意程式要存取此安全工作目錄,會被阻擋。

 再把FAC的功能套用在備份的資料夾,形成防護網,確保備份資料的安全性。即使是整個硬碟被勒索軟體破壞,經由 FAC保護的資料仍可保持完好。

 

防止擴散

我們推薦使用EDR ( Endpoint Detection and Response ) 方案,讓問題發生時,可以由端點主動反應防堵,避免災害擴大。

部份的 IT 人員,面臨資安事件,常受限於人力,僅在大問題發生時,才能進行處理。而 EDR 方案,不同於傳統的被動式處理,減輕了 IT 人員的工作負擔,允許在特定的資安事件下,依照自己公司的特色,自動進行一連串的反應。

例如:A公司可以設定,當使用者連到特定國家的 IP 時,自動通知 IT、通知當事人主管,而B公司的控管更嚴格,在相同情形下,還會將此使用者的本機斷網、控管USB、甚至進一步啟動檔案操作記錄,收集使用者的操作歷程。

傳統的資安工具,其規則制定操作,限制了 IT 人員的管理彈性,而EDR 的優點之一,在於可讓 IT 人員因地制宜,在公司的授權範圍下,組合新的資安政策。EDR 的優點之二,在這些政策設定後,即可在特定事件發生時,會自動反應調整政策。不但節省大量人力,以及降低人為操作的疏失。

 

結論

應用程式控管、FAC、EDR 等功能,遠不止對應勒索軟體,也可以用來對應惡意程式、病毒程式,或是防止使用者執行未經授權程式等。X-FORT也提供其他的控管,如SVS安全碟(檔案加密)、控管外接儲存裝置、停用Office巨集、記錄cmd/PowerShell等功能,搭配使用更能全面性防禦勒索軟體 

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

關於精品科技
精品科技(FineArt Technology) 成立於1989年,由交大實驗室中,一群志同道合的學長學弟所組合而成的團隊,為一家專業的軟體研發公司。從國內第一套中文桌上排版系統開始,到投入手寫辨識領域,憑藉著程式最小、速度最快、辨識最準等優異特性,獲得許多國際大廠的合作與肯定。歷經二十個寒暑,精品科技所推出的產品,無不廣受客戶好評。

8 Tips to Protect Your Password

We are already in the month of May, and you know what we celebrate on the first Thursday of this month, rigtht? That’s correct, it is World Password Day. Celebrated since 2013, this day reminds us of adequate cyber awareness and the importance of password protection in all environments, whether professional or personal. It is not for nothing that passwords are called digital identities.

Our life has been linked more and more to the online world. Not only in relation to work, but also to learning, fun – our and our children’s, even physical activity, and much has been accomplished in digital environments, especially considering the covid-19 pandemic. And in these new times, when a large number of people perform activities remotely from devices without the proper cyber protection mechanisms, it is important to redouble the care with passwords and other sensitive data. Thus, we explain the importance of passwords and their adequate protection for users and organizations in this article.

The combination of user and password has been used as a basic defense mechanism for computer systems since the beginning of their implementation, preventing unauthorized access to data stored on systems and devices. Despite the creation of authentication mechanisms without a password, such as biometrics or one-time passwords (OTP), the combination of user and password is still widely used to access systems and devices. This is because such combination is easy and inexpensive to implement.

In a digital transformation scenario, the multiplication of systems, devices, and their respective credentials is a perfect scenario for malicious attackers to collect passwords and, thus, access data improperly. After all, remembering a password is much easier than the dozens (or even hundreds) of services that require some kind of authentication. It is estimated that the number of passwords per user is between 70 and 100.

According to Cybersecurity Ventures, the world ended 2020 with 300 billion passwords to protect. And the trend shows this number will increase dramatically. Email accounts (personal and professional), banking services, corporate systems, devices, and applications are some examples that require authentication through passwords. And with the increase in the number of data leaks, it is easy to find compromised credentials on forums on the dark web being sold for pennies.

And yes, we know that it is not easy to manage so many passwords. Even the most tech-savvy can struggle to manage and protect credentials in so many different environments. In times of personal data protection legislation, such as LGPD and GDPR, ensuring the protection of such data has become more than a security requirement – it is a business must.

Despite all the risks associated with their use, many users and companies use passwords that are easy to guess, such as numbers or sequential letters (123456 or abcdef). SolarWinds itself, the victim of a serious attack on its supply chain, was using the password solarwinds123 in its infrastructure. Certainly, your email password or mine is stronger than the one used by this American technology company.

So, on this World Password Day, here are some tips that should be considered by users to keep their data protected:

  1. Use long and complex passwords. This prevents hackers from using techniques to guess them. However, just using complex passwords may not be enough to protect them from hackers.
  2. Many devices are configured with default passwords. Change them immediately.
  3. Avoid reusing your passwords on different accounts. Also, constantly check if you have already been the victim of a data leak through senhasegura Hunter. If so, change your passwords immediately.
  4. Configure your passwords to be changed frequently. The ideal is at least every 3 months.
  5. Do not write down, store in an easily accessible place, or share your passwords with others, thus avoiding unauthorized access.
  6. Consider password management solutions, or even privileged access management (PAM), to manage the use of systems and devices.
  7. Use Multiple-Factor Authentication (MFA) mechanisms to add a layer of security to your accounts.
  8. Set up means of retrieving access, such as including phone numbers or emails.

Passwords are one of the oldest security mechanisms in the computing world and are also one of the main attackvectors by hackers. And in the “new normal” era, with increasing threats resulting from the covid-19 pandemic, it is vital that users be alert and properly protect their digital identities. In this way, we can avoid cyberattacks that can cause considerable damage not only to people, but also to companies. And on this World Password Day, remember: security starts with you!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Engineering and development in Pandora FMS

Pandora FMS started as a totally personal open source project back in 2004. I wasn’t even a professional programmer, I was doing Unix security consulting. In fact, I chose PHP but Pandora FMS was my first application with PHP, I knew some things about ASP and my favorite programming language had been C.

A project with a single programmer and no professional users of his software yet is very different from a project with several dozen programmers and hundreds of clients using the software in critical environments. The evolution that Pandora FMS has undergone from 2004 to 2021 is a real case of steady improvement in software engineering.

Fortunately, I did not pay much attention to that subject of the degree, because most of the things that work and that I have learned with practice do not come in a book, nor are they explained at the university, because each software project and each team of people is very different. It may sound cliché, but it is the truth, and it is better to accept it and avoid formulas, because building a solid software product that can grow over time is not trivial at all.

In this article, I am going to talk about our experience, our evolution over time, but above all, about how our engineering processes work today. I have always believed that the most important part of open source is transparency, and that this should apply to everything, not only to software but also to processes and knowledge in general.

Version control system

It is an essential part of any software project. Today the ubiquitous GIT is everywhere (by the way, not everyone knows that Git is the work of Linus Torvalds, original author of the Linux kernel). A version control system helps, in short, a group of developers work without overlapping their jobs.

When the Pandora FMS project started, I was working without version control, because there were no other people. When some people began to collaborate on it, we realized that a simple shared directory was not worth it, because we were overlapping the code and, yes, making backups to save old versions was not a very efficient method.

The first version control system we used was CVS, which we have been using for eight years or more. Around 2008, we started using SVN (Subversion) another slightly more efficient system and it wasn’t until 2013 when we started using GIT and opened our official repository on Github.

Ingeniería-y-desarrollo-en-Pandora-FMS

Pandora FMS public repository on Github

Since Pandora FMS has an open source version and an Enterprise version -with proprietary code and commercial licenses- we have two GIT projects, one public on GitHub and the other private, which we manage with GitLab. The GitHub version is in sync with our private copy on GitLab at our offices. Some partners who collaborate with us in developing have access to this private repository, and through an extension of our support application (Integria IMS) we share all development planning tickets by releases with some of our partners, so that they can see in real time, the development planning based on “releases” and all the details of each ticket.

Ingeniería-y-desarrollo-en-Pandora-FMS

GitLab ticket view in Integria IMS/em>

Ingeniería-y-desarrollo-en-Pandora-FMS

Release ticket view

Development methodology used in Pandora FMS

At Pandora FMS, we have been using our own methodology from the beginning, although we have borrowed many ideas from agile methodologies, especially from SCRUM. From a life cycle point of view, we use an adaptation of the Rolling Release methodology

These are some important definitions when defining how we work, some of them come from Scrum, others from other methodologies.

Objectives of Pandora FMS work methodology

The objectives involve not only the development members, but also QA, the documentation team and part of the marketing team:

    • Maximum visualization: The entire team must see the same information, and it must flow from bottom to top and from top to bottom. By sharing objectives we will be able to do a more effective job.
    • What is not seen does not exist, which implies that all information relevant to the project must be reflected in the management, implemented with Gitlab. What is not seen does not exist, and what does not exist will not be taken into account for any purpose. Strictly following this methodology will allow everyone to be very aware of the planning:

-Strict deadline compliance.

-Advance planning without last minute modifications.

-Clearer information and in due time.

-Elimination of work peaks and etc.

  • Integrity,, with an increasingly large and complex project, it is imperative to keep integrity during development. All code must follow standards..

 

Ticket

The ticket is the minimum work unit. There is a single person responsible for its completion and it is planned to be carried out in a milestone (version release).

A ticket is the way in which the development work is broken down, so a big feature will be made up by different tickets, on which ideally several people can work.

The ticket must contain a functional or description of the requirements, which can include diagrams, specifications, interface diagrams (mockup), test sets, examples, etc. In some cases it may even contain the analysis and design of the whole solution.

A completed ticket must perform as specified in the functional document (ticket) and the changes that have been made to these specifications must be reflected in the ticket.

The functional is key so that QA can validate a ticket or not. QA will have to reopen a ticket if it does not meet any of the functional aspects.

Members and working groups

Product Owner (PO)

The PO defines where Pandora FMS has to go, in contact with customers, support and
the “real” market situation, providing technical and functional guidelines but without getting involved in development as such.

Product Committee

Group of people who will meet permanently with the PO to agree where the product is going to, trying to ensure that all PO decisions are collegiate. It is made up of the leader of each Development, QA, Support, Projects and Documentation team.

Development Manager (DM)

The DM will manage the entire development cycle: define milestones, priorities, manage
individually all members and make operational decisions. The DM reports exclusively to PO and is the leader of the development team.

Development Team

They are in charge of the development of large features and product improvements, complete code refactoring, change development (small features), bug fixes and product maintenance improvements.

QA Team

They verify that each development atomic unit works as defined in the
specifications. They will also create and maintain an ecosystem of automated testing for both backend and user experience.

Support Team

They are the ones who deal directly with the client solving issues. Their experience with the product’s day-to-day means that their opinions must be taken into account, that is why they are part of the product committee.

Project team

They implement it on the end customer and are the ones closest to the customer, since they are often there before the project exists, and they usually offer ideas and all kinds of features in hand, for all purposes they are the “speaker” of the commercial department, therefore they are part of the product committee.

Training and Documentation Team

Responsible for training and the product’s documentation. They coordinate with the marketing team and the translation team.

Remote working

All team members (development, QA, documentation) telework freely. In fact, developers from Europe, Asia and America participate in Pandora FMS, and within Spain they are distributed throughout the national territory. We are a 100% distributed and decentralized company, although with traditional hierarchies.

In order to telework, we need each member to take responsibility for their work, be autonomous and commit to planning. Teleworking entails minimizing the need for oral communication and physical personal meeting, replacing them not with teleconferences, but with a precise use of the tools of the development process.

Development watch-keeping

A developer on the team is especially devoted to solving incidences involving code, in permanent connection with the support team (from 8 am to 8 pm, CEST). This allows not only to have maximum agility when solving a problem on a client, but also code changes are integrated into the code repository in an organized way.

Ticket creation and classification process

Any member of the company (including salespeople) can create a ticket in GitLab. This includes customers and partners, although in their case there is a prior filter by the support team and the sales team respectively.

The more detailed the ticket, the more unequivocal the development will be. Add images, gifs, animations and all the necessary clarifications. As well as the way to access the environment where the problem has been found or the contact persons. A developer will never contact a customer directly. If there is the need to interact with them, it will be done through the support or project team.

Nobody, except for the DM or PO, can change a ticket milestone. On creation, the ticket will not have an assigned milestone or assigned user. The task of defining which release a ticket belongs to is the responsibility of PO and DM exclusively.

When a ticket is finished and the developer thinks it should be reviewed by a colleague, they mention it in the merge request through @xxxxx. The review must be nominal. This review is independent of the code review carried out by the department manager.

General ticket workflow

  • The ticket is assigned to a programmer by the DM. If it does not have a ticket assigned, the ticket will be auto-assigned. (See below the terms that regulate this system).
  • The developer must understand/solve any questions that may arise after reading the functional document, if necessary, check with the DM or the author of the ticket. This must be done before starting to develop. Once read, you must, in order:
  1. Evaluate (by assigning labels) its complexity and size, reaching a prior consensus with the DM.
  2. Develop the feature following the ticket specifications
  3. Document everything developed in the same ticket or, if required, in a new documentation ticket. This ticket must relate to the “parent” ticket by ticket #ID.
  4. The developer must test its functionality at least in:
    -standard docker development environment
    -docker development environment with data.
  • When it is deemed complete, it will be tagged ~ QA Pending and placed in the hands of QA.
  • For each FEATURE ticket, there will be a reference person, generally from projects, support or even the PO itself. This person will be the one who will define part of the functional (together with the DM and PO), but above all, this person will be the reference person for the developer to ask any details during development, and most importantly, should see the development progress, step by step, so that it is validated.
  • Any change to the functional will be reflected by the reference person in the ticket as comments, without altering the original functional.
  • If there is a child documentation ticket, QA will validate the ticket using the documentation generated by the reference person, NOT by the functional of the ticket, validating the documentation and the feature at the same time.

Release planning

When creating a ticket, the milestone must be empty (not assigned) like the user. The only ones that can classify a ticket are: DM and PO.

A series of milestones have been defined to support the ticket classification process, some of them, those dated (releases), can be seen as milestones, while the rest should be seen as simple ticket containers.

  • (Not allocated): It is the absence of milestones in a ticket. For all intents and purposes, this ticket “does not exist yet.” The DM and PO will validate each and every one of these tickets to see if they make sense in the product roadmap. No developer should take any of these tickets.
  • Feature backlog: Tickets that will be made at some indeterminate time in the future that sooner or later will have to be addressed. No developer should take any of these tickets.
  • Low priority bugs: Reported bugs with no priority assigned yet by PO/DM. No developer should take any of these tickets.
  • STAGE: Tickets proposed by each department for planning in a product release. At each planning meeting, these tickets will be discussed, and moved to other milestones. At the end of the cycle start meeting, this milestone should be empty. The DM is the one who has the final decision as to which STAGE tickets are assigned to a certain release and which are not, relying on the product committee if necessary. No developer should take any of these tickets.
  • XXX: Release XXX. Milestone that groups a series of tickets that will be released on a certain date. A milestone has a deadline associated with it. In the case of RRR releases, this date could change, in the case of LTS not.
  1. The development of the tickets associated with a release must be finished 5 days before the scheduled day for the release. Tickets not completed before that date will be delayed to the next release and the delay will have to be justified to the DM.
  2. There are two types of release milestones:
    -LTS: in April and November. They are 6 months apart.
    -Regular Releases (RRR): There will be 2 to 4 regular releases between LTS releases.
  • A developer with no assigned tasks for a release, as long as there are no pending assignment tickets in the release milestones for the developer’s team, can take one of the unassigned tickets from:
    -The closest release, based on date.
    -Second closest release, based on date.

CICD

Pandora FMS developers integrate the code of their branches in a central repository several times a day, causing a series of automatic tests to be executed whose objective is to detect faults as soon as possible and improve the quality of the product.

These tests run dynamically in a series of executors or “runners”, some of them specific, for certain architectures (e.g., ARM), that execute static code analyzers, unit tests, and activate containers to carry out integration tests in a real installation of the application.

The generation of Pandora FMS packages is completely automated. Packages are generated every night from the development branch for manual testing. They can also be generated on demand by any developer or member of the QA or support teams, from any branch through the GitLab web interface.

When a release is made from the stable branch, in addition to package generation, a series of steps are executed that deploy them to Ártica’s internal package server, to SourceForge, to Ártica’s customer support environment, and that, likewise, update the Debian, SUSE and CentOS repositories along with the official Docker images.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×