Infrastructure Management

'IS is a journey'

As a General Manager at Larsen & Toubro Infotech, Anantha Sayana, is responsible for mediating the transfer of services, expertise and knowledge between the L&T Group and L&T Infotech. Sayana tells Deepali Gupta about the systems that keep the IT infrastructure humming at one of India's largest companies

What are the factors which must be taken care of while formulating an organisation's IT strategy?

L&T Infotech's goal was to unify common IT services within the group. L&T's WAN, for example, is centralised and its services monitored. IT must be sensitive to business requirements and should be able to deliver the services needed of it.

Once the basic processes such as payroll and CRM are in place, what needs to be done to ensure a competitive advantage? If I get my invoice and trial balance on time it is not going to give me an edge over competition. So how do I get that advantage? If a majority of the procedural work is done on enterprise applications then the productivity is enhanced.

We have now reached the point where we need IT governance. IT governance relates to four issues: delivering value, aligning IT with business, risk management and performance feedback to units.

What are the ERP and upgrade policies of the L&T group?

The major businesses of L&T-the heavy equipment manufacturing, the engineering and construction business and the electrical business-function more or less independently. Despite this, we try to synergise the separate infrastructures and ensure that everyone complies with L&T's broad guidelines. The company predominantly uses SAP, but between L&T and its subsidiaries we are running 16 ERP systems.

The system depends upon the need of the unit. One unit uses Baan. The message when investing in ERP was that each business would pick the ERP that suited its requirements. Therefore the heavy engineering department, which has long business lead times is radically different from the electrical one. The heavy engineering plant manufactures a pressure vessel or a regenerator, a process that takes 18 months. After that, it may rarely do the same task again. For that kind of application, Baan is better suited than any other system.

Our upgrade policy for ERP is that having got into ERP, we stay current or as close to the current as possible. Newer features are available only on the current platform. So we time the upgrade in a convenient manner to work around annual and periodic closing. You can't do an upgrade without users being involved. For instance, four of our companies have already moved to the current upgrade of SAP.

Even if the upgrade is not required, the policy is to upgrade and to start exploring additional functionality after the upgrade. The policy helps us to move with current technology. Some functions that may not run smoothly in the ERP system are carried out in Excel and legacy systems. Such work is not available to the organisation, it lies on individual desktops, and is lost. The new versions usually deal with such glitches.

Every change means some amount of business process reengineering and that disturbs users. How do you ensure the optimal usage of the system?

We undertook an analysis exercise, where we went to every business and listed activities that should be done on the ERP system, and asked them to tell us which of the activities are done on ERP and which are kept outside the purview of the system. We also asked if there was something that ERP did not address? That gave us two indicators: first, whether or not there was some tweaking that could be done to address the issues, and secondly, we found units could learn from each other. A few strategic business units were doing certain work inside the ERP because they had figured a way to do it. So, we went to the other unit and asked them to learn from each other.

From the list we also arrived at an ERP business usage index, which we passed on to all the group companies. This index helped because it motivated and created competition between our companies on ERP usage levels.

Before we invest in any technology, we get a buy-in from users. Now there is no resistance to new technology and people want to adopt new and efficient ways of doing their jobs.

Enterprise Infrastructure Management (EIM) is an important part of optimisation, is it more about technology or processes?

It's a little bit of both. We use CA Unicenter and it measures all network parameters. It helps us identify problems, such as those connected to uptime and capacity utilisation. The tool aids in capacity planning. It also has agents that generate parameters such as hard-disk usage on the server, response times and so on. All the planning is done on this tool, because complex systems cannot be monitored manually.

Having said that, the tool itself needs to be implemented. You need to define processes, publish the information and decide on what you want to do with the information. We listed this in a manual that we have developed and is aligned to the IT Infrastructure Library (ITIL) framework. In security, we got L&T Infotech certified for BS7799. That was important for our international clients as well as the L&T group. Securing L&T Infotech was an important step in the process of securing the entire organisation. Standards hold merit because they define processes.

There appears to be a greater threat to security from the inside than the outside. How do you ensure information security (IS)?

We've said in a number of forums that IS is a journey. Earlier Internet access was restricted to a handful of users. Then we realised that everyone was a knowledge worker, and could benefit from Net access. Then the management needed remote access from outside the office.

To address internal threats we said that a firewall at the perimeter was enough. Now we have directory services so that the administrator can take complete control of the desktop. The rights to install an executable file is no longer with the user. We have to be on the lookout for technology that allows us the alternative to take away discretionary usage from users.

Thereafter, training is an integral part of security. Errors and slip-ups can be avoided by training people.

Deepali Gupta can be reached at deepali@networkmagazineindia.com