What Is Azure DevOps?

It is a DevOps platform by Microsoft also Azure DevOps is a software program by Microsoft which delivers endwise DevOps tool series for developing and deploying software.  It is also integrated with the greatest primary tools in the arcade and is a decent option for organizing a DevOps toolchain.

Features of Azure DevOps

Azure DevOps provides a variety of facilities covering the complete development life-cycle.  On the period of inscription these are features:

  • Azure Boards: agile planning, work item tracking, visualisation and reporting tool.
  • Azure Pipelines: a language, platform and cloud agnostic CI/CD platform with support for containers or Kubernetes.
  • Azure Repos: provides cloud-hosted private git repos.
  • Azure Artifacts: provides integrated package management with support for Maven, npm, Python and NuGet package feeds from public or private sources.
  • Azure Test Plans: provides an integrated planned and exploratory testing solution.
  • Azure DevOps can also be used to orchestrate third-party tools.

When was Azure DevOps First launched in the market?

Even though being launched in October 2018, Azure DevOps is not the fresh kid on the DevOps block.  Its extraction can be found all the way back to Visual Studio Team System which was launched in 2006. This is a developed product with a gorgeous feature-set that has above 80,000 internal operators at Microsoft.

What are the benefits of azure DevOps?

  • Reliability: software as a service offering, Azure DevOps is trustworthy, ascendable and worldwide available. It is also supported by an SLA of 99.9% uptime and by 24×7 care.
  • Access to the latest features: Azure DevOps operators get permission of access to new features every 3 weeks. Microsoft is apparent, have available the product roadmap and are dedicated to speedily iterating on the feature-set.
  • End of the upgrade cycle: For groups running on-premises CI/CD tooling, improvements are a consistent headache. By moving to a SaaS model, you no longer need to concern about fixing and improvement the tool chain.

What Is Uses of Azure DevOps

Azure DevOps delivers combined features that you can access through your web browser or IDE client. You can use one or more of the following individual services according to your business needs:

Azure Repos Offers Team Foundation Version Control (TFVC) or offers Git repositories for source control of your code.

Azure Pipelines offers to build and release facilities to support uninterrupted integration and delivery of your applications.

Azure Boards delivers a suite of agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods.

Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing.

Azure Artifacts Permits teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines

You can also use the following collaboration tools:

Customizable team dashboards with configurable widgets to share information, progress, and trends

Built-in wikis for sharing information

Configurable notifications

Azure DevOps supports adding extensions and integrating with other popular services, such as Campfire, Slack, Trello, UserVoice, and more, and developing your own custom extensions.

Azure DevOps Services supports integration with GitHub.com and GitHub Enterprise Server repositories. Azure DevOps Server supports integration with GitHub Enterprise Server repositories.


Azure DevOps is a type of DevOps culture powered by Microsoft. It is the second most used and ranked DevOps program after AWS. It does provide you reliability; the latest features; options for upgrade cycle etc. Our ScmGalaxy does also provide Microsoft azure courses with the best of experienced trainers. For Azure, training, and certification you can visit our website DevOpsSchool. We provide all types of training and certification courses regarding DevOps and Microsoft.

Tagged : / / / / / / /

What is Zabbix?

Today, applications have evolved from standalone to the client-server model and ultimately to the cloud-based elastic application. Application performance will directly have an effect on a business, symptom the revenue as client struggle to finish the method. It’s continually been troublesome to examine what’s occurring within the system.

And doing thus has become a necessary half. Having a decent watching tool can facilitate us to grasp the system standing and verify after they area unit behaving unremarkably and after they area unit behaving abnormally.

Once one thing goes wrong, the tool alerts quickly and so we are able to act on that and fix it while not touching customers. Zabbix may be a well-known tool to try to that for you.

What is Zabbix?

Zabbix is an open source application, and additionally a network observance tool. It offers observance of thousands of metrics collected from physical machines or virtual machines.

Zabbix work on a web-based management interface that is centralized through a info. Also visualization of your data is available in the form of graphs, screens, maps and overviews with the help of Zabbix.

With Zabbix it’s very much possible to collect virtually types of data from the network. Along with storing the data, visualization features are available (overviews, maps, graphs, screens, etc.), as well as very flexible ways of analysing the data for the purpose of alerting.

Benefits of Zabbix

 The main advantages of Zabbix square measure its complimentary platform, reliable options like Zabbix agent, notification and redress module, and easy-to-use and sturdy user interface. Here square measure a lot of details:

  • Money Saver

Zabbix gives businesses and individuals the freedom to utilize an open-source platform with source code that can be accessed for free and without vendor lock-in. The software also enables a seamless and fast set-up and configuration.

  • Zabbix Agent

Zabbix Agent is one amongst the platform’s noteworthy modules. It options infrastructure management capabilities and provides dependable tools for network observance that enables users to strategize their capability enlargement.

  • Notification & redress Module

This practicality allows an across-the-board communication flow and supports proactive notifications further as automatic actions. With this module, users will receive notifications.  Users will like better to receive it either via email, SMS, Jabber, and Ez Texting.

  • Robust and Easy-to-use user interface

Zabbix, with its easy-to-use Graphic programme (GUI), are often simply navigated even while not abundant technical information. The platform supports vivid mental image with huge-scale configuration functionalities. Users will have access and see a visible summary of the complete IT setting in various ways that like a widget-based dashboard, graphs, slideshows further as drill-down reports.

Why Choose Zabbix?

  • Open source– It is an open source application and also with free features.
  • All time Monitoring– It offers features that you can easily monitor servers, applications and any network devices and performance information
  • Enterprise Ready – Zabbix has been designed to scale from tiny environments to giant environments
  • Potential Planning – With the data collected by Zabbix, you can easily investigate your infrastructure and set up the capability consequently.

Zabbix Architecture

Zabbix is distributed observation tool with a central web interface. The easy design of Zabbix will be composed of 3 servers.

  • Web Server
  • RDBMS Server
  • Zabbix server

This setup is sweet enough to handle large environment successfully. It’s better to use the dedicated server for everyone in all these parts.

Zabbix uses client-server design Architecture and uses an agent within the servers that ought to be monitored. This agent gathers all required info and standing from the system and sends to Zabbix server. Zabbix version three and on top of support encrypted communication between server and shoppers.

Its proxies are used to monitor remote servers. It will collect performance and handiness knowledge behalf of Zabbix server and put it aside in a very buffer domestically and so send it to Zabbix server. In this fashion proxy servers can take on itself some of the load and offload the Zabbix servers.

Let us look into a number of the terminologies of Zabbix.

  • Frontend – net interface given Zabbix
  • Zabbix Server – Central server to gather the info and method it.
  • Zabbix agent – A method deployed on consumer servers to observe domestically
  • Host – A networked device that ought to be monitored
  • Host cluster – A logical cluster of hosts. It’s used once distribution access rights.
  • Template – a group of entities (items, triggers, applications, low-level discovery rules, graphs, screens, net scenarios) able to be applied to 1 or many hosts
  • Item – a knowledge that you simply wish to receive from a number
  • Trigger – it’s a logical expression that defines a threshold
  • Event – prevalence of one thing that deserves attention
  • Action – Predefined means of reacting to an occurrence.


Zabbix is an open source application, and additionally a network observance tool. With Zabbix it’s very much possible to collect virtually types of data from the network.

I Hope you like this particular blog on Zabbix.

If you want know more about Zabbix or are you planning to learn Zabbix, then I would suggest you DevOpsSchool, one the top institute for Zabbix Certified Specialist (ZCS) Training. We provide you the best instructors who are highly qualified professionals, have more than 10 years of working and teaching experience.  

Tagged : / / / / / /

Which is the best Ansible training institute in Hyderabad?

If you’re in IT, you must be heard about Ansible. CIO calls it the DevOps “darling” for software automation, in recent times Ansible has come from nowhere to be the No. 1 choice for software automation in many organizations. StackShare lists shows that more than 1,000 companies that use Ansible, including Intel, Evernote, and Hootsuite, and the Ansible. Also Apple and NASA have adopted it as well. So, what is Ansible, and why has it gained popularity so quickly?

What is Ansible?

Ansible is an open-source automation tool, or you can also called platform, used for IT tasks such as configuration management, application deployment, intraservice orchestration, and provisioning. Automation is crucial these days, with IT environments that are too complex and often need to scale too quickly for system administrators and developers to keep up if they had to do everything manually.

In other words, it frees up time and increases efficiency. And also it is rapidly rising to the top in the world of automation tools.

Let’s take a look on some of the features of Ansible

  • Configuration Management
  • Application Deployment
  • Orchestration
  • Security and Compliance
  • Cloud Provisioning

Now that we have seen what Ansible is, let us find out the various Benefits of Ansible.

Benefits of Ansible

  • Free: Ansible is an open-source tool.
  • Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks.
  • Powerful: Ansible lets you model even highly complex IT workflows.
  • Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
  • Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
  • Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.

Advantages of Using Ansible especially with Docker

Ansible does a great job of automating Docker and operationalizing the process of building and deploying containers. If you’re someone from a traditional IT system, for example, it can be hard to add container-tooling functionality. But Ansible removes the need to do processes manually.

There are four main advantages of using Ansible with Docker:

  • Portability/Flexibility
  • Auditability
  • Management of Entire Environments
  • Similar Syntax


As we discuss earlier using Ansible with Docker simplify your processes by allowing you to work with containers and to automate all that work, It’s no wonder the Ansible-Docker combination is so popular. And learning how to use Ansible with Docker won’t just benefit your organization, it also benefits you on your Payscale, according to Payscale, the average salary of a developer with Ansible skills is $110,000 per year, and some developers earn even more. According to Dice, Ansible is the highest-paying DevOps skill.

If you find this article helpful and you grab any informative knowledge about Ansible and if you also want to learn Ansible skill, then I would glad to suggest you the best online institute to learn and training of Ansible where they provide you the best trainer and guidance with experience of more than 10 years of this field.

Recommended institutes




I hope this Blog will be helpful for you!!!

Tagged : / / / / / / / / /

Why should I used Azure DevOps?

Azure DevOps is a modern DevOps tool of developing, planning, testing and deploying modern apps with optimized cycle to provide quality delivery of applications. Azure DevOps provides bunch of tool which can help you in track software building progress and also help you to take decision to deliver great software to the end users. Azure DevOps services are not dependent on cloud platform.

Azure DevOps includes the following services:

  • Azure Boards

It is a powerful agile tool for managing Kanban board, reporting, and product backlog. It also helps you to plan, track, and discuss work across the team.

It has components like work items, backlogs, Boards, queries, sprints details.

  • Azure Repos

Azure Repos service provides you unlimited cloud-hosted private Git repository for your project. This is a type of standard Git service and works use as distributed source controls. Azure Repos supports all Git clients and all IDEs.

  • Azure Pipelines

It is a cloud-hosted pipelines that helps you in for fast CI/CD that works with any language, platform, and cloud. It helps you with continuously changes Release by connecting to any source control like GitHub, this service can release changes continuously to any cloud. Azure Pipelines has components like build, release, library, task groups, and deployment groups.

  • Azure Test Plans

Azure Test Plans provides manual and exploratory testing tools. It also help you to do automated and manual testing.  XML files can be used for load testing as well.

  • Azure Artifacts

Azure Artifact service manages the dependencies used in source code. It can host and share package (like NPM, Nuget, and Maven) feeds from public and private sources. These artifacts simplify job building process.

Benefits of Azure DevOps

Azure DevOps allows their users to develop, deploy, and monitor code without opening multiple interfaces and you can also manage all of this from one view and bring ease to the customers.

Some of the main benefits are

  • Timely Access to New Features

Every three weeks, DevOps users receive access to new features. No need to scramble around and wonder what’s new. These are not to be confused with upgrades, and speaking.

  • No Upgrades to Worry About

Users need not worry about upgrading or patching up the toolchain because the Azure DevOps is a SaaS product. Companies that run on a CI/CD model no longer need to slow things down for the sake of upgrading.

  • Reliability

Azure DevOps is backed by 24 x7 support and a 99.9% SLA.

  • Flexibility

If your DevOps team doesn’t want or need the full suite of services, they can acquire them independently.

  • Platform-agnostic

DevOps is designed to run on any platform like Linux, macOS, and Windows or language for example Android, C/C++, Node.js, Python, and Java, PHP, Ruby, .Net, and iOS apps.

  • Cloud-agnostic

Azure DevOps works with AWS and GCP.

Why we use Azure DevOps?

There has been a lot of buzz lately about Azure DevOps and you may be wondering– why we use Azure DevOps?

Here are some of the reasons to consider Azure DevOps:

Azure DevOps is a feature-rich platform. The flexibility of supported languages, platforms and cloud vendors make it a viable option for a huge range of organisations.  However, if you’re currently running an on-premises Team Foundation Server moving to Azure DevOps would be a natural upgrade for you.

Azure DevOps is not focussed at organisations that are end-to-end Microsoft or Windows. Azure DevOps provides a platform that is:

  • Flexible

You don’t have to go ‘all in’ on Azure DevOps. It is possible to adopt each of the services independently and integrate them with your existing tool chain, most popular tools are supported.

  • Platform agnostic

Designed to work with any platform (Linux, MacOS and Windows) or language (including Node.js, Python, Java, PHP, Ruby, and C/C++, .NET, Android and iOS apps) Azure DevOps is not just aimed at organizations building and shipping.

  • Cloud Agnostic

Continuous delivery is supported to AWS and GCP as well as to Azure.

How long it take to Lean Azure DevOps?

If you have prior experience in software, programming, scripting, Linux, and Automation then you can learn DevOps basics such as CI/CD pipeline and its tools in one month.

If you have prior experience of software, programming, and scripting but not familiar with Linux, and Automation then you have to learn Linux and Automation first before learning DevOps basics such as CI/CD pipeline and its tools in 2-3 months.

 If you have prior experience of computer and software background but no experience in programming, scripting, Linux, and Automation then programming and scripting take two months, one month for OS and automation fundamentals, and one month for learning DevOps basics such as CI/CD pipeline and its tools. Overall, 4-5 months.

Roles and Responsibilities

DevOps Engineer works with developers and the IT team to oversee the code releases. Many-times developers who get interested in deployment and network operations or sysadmins who have a passion for scripting and coding and move into the development side where they can improve the planning of test and deployment.

Roles of Azure DevOps Engineer

  • Implementing Continuous Feedback.
  • Implementing Application Infrastructure.
  • Implementing DevOps Development Processes.
  • Implementing Dependency Management.
  • Implementing Continuous Integration.
  • Implementing Continuous Delivery.

Career opportunity as an Azure DevOps Engineer?

Azure DevOps Engineer is someone who has an understanding of the Software Development Lifecycle and if familiar with various automation tools for developing digital pipelines (CI/ CD pipelines).

Azure DevOps Engineers are responsible for defining and implementing a robust, scalable, pragmatic and realistic cloud solution that works for our clients. Design and implement cloud solutions which are secure, scalable, resilient, monitored, auditable and cost optimized.

So what are the options in front of you when you complete your Certification as an Azure DevOps Engineer?

Here are a few job roles that you can fill:

  • Cloud Engineer
  • DevOps
  • Cloud Specialist
  • High Availability
  • MEAN
  • Shell Scripting
  • Big Data
  • Windows Admiration

Salary of an Azure DevOps Engineer

More than 500 top Fortune companies as well as start-ups or small businesses that need an Azure DevOps Engineer who is certified and are ready to offer a lucrative Azure DevOps Engineer. So, don’t worry about the job prospect or salary aspect when it comes to being a certified Azure DevOps Engineer, just focus on upscaling your real-time expertise when you wish to be a part of any of these renowned organizations and get to work with your dream company with the salary you wished for. 

As an Azure DevOps engineer, the national average salary is $103,314.

  • The DevOps engineer based on 3 years of experience can expect $7,927 per annum.
  • The salary for the aforementioned experience ranges from $3,329 – $18,886.
  • Also, the Azure DevOps engineer salary is also dependent on experience such as Entry level, Intermediate, Senior ranging from $79,000 – $134,000.
  • Furthermore, Azure DevOps engineer salary also depends on the certification obtained through training platforms such as JanBask Training.

Now let us have a look at a range of salaries across the globe.

  • The Azure DevOps Engineer Salary in the United Kingdom on average is £82,472 per year or £29.18 per hour. 
  • The Azure DevOps Engineer Salary in the US on average is $136,500 per year or $70 per hour. 
  • The Azure DevOps Engineer Salary in India on average is ₹ 2,100,000 per year or ₹ 1,077 per hour.
  • The Azure DevOps Engineer Salary in Australia starts from an average of $130,000 per year or $66.67 per hour. 
  • The Azure DevOps Engineer Salary in Canada on average is $120,938 per year or $62.02 per hour.


In this Article, we all discussed on point of a career in Azure DevOps. We provided you the enough information about the salaries what you can expect to earn in different job roles with skills We also discussed the options that you can choose as a skilled DevOps professional depending on your interests. If you are curious to learn about Azure DevOps, and make a good career with this skill then I would suggest you please check out DevOpsschool.com for more information.

Tagged : / / / / / / / / / / /

What is DevOps and How its Different from AWS DevOps?


Guys, today in this blog you will learn in detail about DevOps and AWS DevOps, so let’s know what is DevOps and AWS DevOps. DevOps is a term of the two words ‘development’ and ‘operations’. DevOps is not a technology, it is a combination of cultural, practices, and tools that increases an organization’s ability to deliver applications and services. As we know, AWS DevOps provides application developer teams with the means to efficiently implement continuous integration and continuous delivery (CI/CD). This enables them to securely store and version application source code, while automatically building, testing, and eventually deploying the application to either on-premises environments or to AWS.

What is DevOps?

DevOps is a software development methodology where the Development team & Operations teamwork as together. After adopting DevOps, it helps to increase the speed of an organization to deliver applications and services. And it can be defined as the alignment of development and IT operations with better communication and collaboration. And those who are DevOps engineers use many tools for the development & operations processes so that our life becomes easy. These popular DevOps tools are- Docker, Git, SVN, Maven, Jenkins, Selenium, Kubernetes, Puppet, Chef, SaltStack, Nagios, Splunk, etc.

Here are the some Benefits of DevOps:-

  • DevOps ideology encourages a completely new way of thinking and decision-making.
  • DevOps certified professionals are among the highest-paid in the IT industry.
  • The market demand is increasing rapidly with its increased implementation worldwide.
  • It ideology promotes increased collaboration and communication between the operation and development teams.
  • You learn to work in a team consisting of cross-functional team members—QA, developers, operation engineers, and business analysts.

What is AWS?

AWS stands for Amazon Web Services, It is a cloud infrastructure, is an extensive, emerging cloud platform offered by Amazon that contains a combination of IaaS, PaaS, and SaaS offerings. Also, AWS can provide organizational tools including database storage, computing power, and content delivery services. It can be used to store crucial data.

The below image gives you an idea about AWS certifications

Benefits after Grab AWS Certification:-

  • AWS certified professional is someone who can manage servers provided by amazon.
  • It is cloud storage is quite useful for organizations and it’s easily accessible too.
  • Design and deploy dynamic, scalable, highly available, and reliable cloud applications.
  • It is enables businesses to scale and grow with database storage, content delivery, compute power and other tools.

AWS Certified Developer Roles and Responsibilities:-

  1. Skills in write, correct and debug application code modules
  2. Knowledge of software development lifecycle for AWS cloud
  3. Ability to develop, deploy & debug AWS cloud applications
  4. Knowledge of software development lifecycle for AWS cloud
  5. Understanding of serverless applications and ability to write code for these applications.

What is AWS DevOps?

AWS DevOps is Amazon’s answer to implementing the DevOps philosophy using its cloud platform and dedicated tools and services. provides application developer teams with the means to efficiently implement continuous integration and continuous delivery (CI/CD). This enables them to securely store and version application source code, while automatically building, testing, and eventually deploying the application to either on-premises environments or to AWS.

Benefits of AWS DevOps:-

  • Develop, improve, and thoroughly document operational practices and procedures.
  • Develop and implement instrumentation for monitoring the health and availability of services including fault detection, alerting, triage, and recovery.
  • Work in conjunction with IT, engineering, and business groups to understand functionality, scalability, performance, security, and integration requirements.
  • Build solutions to problems that interrupt availability, performance, and stability in our systems, services, and products at scale.

Difference Between DevOps and AWS DevOps:-

DevOps is a software development methodology where the Development team & Operations team work as a together. After adopting DevOps, it helps to increase the speed of an organization to deliver applications and services. And it can be defined as the alignment of development and IT operations with better communication and collaboration. AWS DevOps is Amazon’s answer to implementing the DevOps philosophy using its cloud platform and dedicated tools and services. provides application developer teams with the means to efficiently implement continuous integration and continuous delivery (CI/CD).

DevOps Fundamental to Advanced Tutorial for Beginners

If you want to learn DevOps | Cloud and Containers Free Videos and Tutorials then Join scmGalaxy YouTube Channel

I hope this post will be very helpful for you!

Thank You

Tagged : / / / / / / /

Advantage of Online Training at scmGalaxy | DevOps Training Online | Build and Release Training


Convenient and Easy
The Internet provides online training participants with easy and convenient access. Open an Internet browser and employees are up and running quickly.
Less “What should be done”, More “How to do”!
All the classed conducted by scmGalaxy is 100% live and lab oriented and practical in nature and less descriptive.
Online training is immediate, cost effective and easily affordable. scmGalaxy online training can be up to 80% cheaper than instructor-led courses. Using online training, no need to setup hardware and software in training room, occupying costly infrastructures for days. Also saves multiple co-ordination between training co-ordinators, IT team, Security team etc
Rich Training Materials and Learning resources
We provide the rich training material content which included slides, Step-by-Step procedures documents, Instructions Manual, Training Videos, Training Audio etc. With all the software tools available including slideshow and screen capture software that can record computer activity, participants can learn how to use a specific software or program.
Avoid Limitation of the Training / Conference room
Usually each Training / Conference room has firewall set by organization which limit the access to browsing the internet, download the tools/software policies and infrastructures. scmGalaxy all the training is being conducted in Cloud environment along with the virtual machine which avoid the delay or multiple un-necessary co-ordinations of many teams in any organization.
Useful for Offline Learning
scmGalaxy classes is being offered live and each session can be recorded giving participants secure access to the class to learn at their own pace offline. Employees to learn at their own pace and maintain control of learning “where, when and how” with unlimited access 24/7.
Delivery over the Internet enables e-Learning to begin with just a few mouse clicks and immediate which avoids lots of follow-up, planning, co-ordinations and scheduling. Ultimately, it saves time and cost.
By providing a captivating interactive environment with dynamic content, scmGalaxy not only effectively keeps people up-to-date, but interested as well such as cloud computing, web resources, online tools and techniques.
Flexible Logistics
After location, time is the greatest limitation on learning. That goes for both the instructors and the students, each of whom has to be both available and in alignment with the other for face-to-face instruction. By removing that requirement, everyone involved can participate at a time, and for a duration, that suits his or her schedules and from anywhere around the globe.
Immediate Results and Feedbacks
scmGalaxy does provide the online Quiz, Assignment & Projects to evaluate the Results and Feedbacks about the training.
Sourcing the Best Trainer in the specific domain
Most of the qualified trainer is not available due to location constraint for classroom training, travel time and personal issues. Many classroom training is booked at least a month n advance for qualified training. scmGalaxy source the best trainer online it trainer saves their time in terms of travels and can plan in their own time.
Tagged : / / / / / / / / / / / / /

Static vs dynamic code analysis: Advantages and Disadvantages


What are the advantages and limitations of static and dynamic software code analysis? Maj. Michael Kleffman of the Air Force’s Application Software Assurance Center of Excellence spelled it out.

Static code analysis advantages:

  1. It can find weaknesses in the code at the exact location.
  2. It can be conducted by trained software assurance developers who fully understand the code.
  3. It allows a quicker turn around for fixes.
  4. It is relatively fast if automated tools are used.
  5. Automated tools can scan the entire code base.
  6. Automated tools can provide mitigation recommendations, reducing the research time.
  7. It permits weaknesses to be found earlier in the development life cycle, reducing the cost to fix.

Static code analysis limitations:

  1. It is time consuming if conducted manually.
  2. Automated tools do not support all programming languages.
  3. Automated tools produce false positives and false negatives.
  4. There are not enough trained personnel to thoroughly conduct static code analysis.
  5. Automated tools can provide a false sense of security that everything is being addressed.
  6. Automated tools only as good as the rules they are using to scan with.
  7. It does not find vulnerabilities introduced in the runtime environment.

Dynamic code analysis advantages:

  1. It identifies vulnerabilities in a runtime environment.
  2. Automated tools provide flexibility on what to scan for.
  3. It allows for analysis of applications in which you do not have access to the actual code.
  4. It identifies vulnerabilities that might have been false negatives in the static code analysis.
  5. It permits you to validate static code analysis findings.
  6. It can be conducted against any application.

Dynamic code analysis limitations:

  1. Automated tools provide a false sense of security that everything is being addressed.
  2. Automated tools produce false positives and false negatives.
  3. Automated tools are only as good as the rules they are using to scan with.
  4. There are not enough trained personnel to thoroughly conduct dynamic code analysis [as with static analysis].
  5. It is more difficult to trace the vulnerability back to the exact location in the code, taking longer to fix the problem.
Tagged : / / / / / / / / / / / / / / /

What is Information Technology Infrastructure Library (ITIL) ? – Complete Guide



The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for managing Information Technology (IT) services (ITSM), IT development and IT operations.


ITIL stresses service quality and focuses on how IT services can be efficiently and cost-effectively provided and supported. In the ITIL framework, the business units within an organization who commission and pay for IT services (e.g. Human Resources, Accounting), are considered to be “customers” of IT services. The IT organization is considered to be a service provider for the customers.

It primarily focuses on what processes are needed to ensure high quality IT services; however, ITIL does not provide specific, detailed descriptions about how the processes should be implemented, as they will be different in each organization. In other words, ITIL tells an organization what to do, not how to do it.

The ITIL framework is typically implemented in stages, with additional processes added in a continuous service improvement program.

Organizations can benefit in several important ways from ITIL:

· IT services become more customer-focused

· The quality and cost of IT services are better managed

· The IT organization develops a clearer structure and becomes more efficient

· IT changes are easier to manage

· There is a uniform frame of reference for internal communication about IT

· IT procedures are standardized and integrated

· Demonstrable and auditable performance measurements are defined


ITIL is a series of books that outline a comprehensive and consistent set of process-based best practices for IT Service Management, promoting the ultimate achievement of IT Service Management goals. IT Service Management (ITSM) is the process of managing IT services to effectively and efficiently meet the needs of the customer.


In 2001, version 2 of ITIL was released. The Service Support and Service Delivery books were redeveloped into more concise usable volumes and consequently became the core focus of ITIL. Over the following few years it became, by far, the most widely used IT service management best practice approach in the world.

In May 2007 version 3 of ITIL was published. This adopted more of a lifecycle approach to service management, with greater emphasis on IT business integration.

Where ITIL V2 outlined what should be done to improve processes, ITIL V3 explains clearly how you should go about doing it.

ITIL V2 Explained

The Service Management section of ITIL V2 consists of eleven disciplines and is divided into two sections as follows:

Service Support:

• Configuration Management

• Service Desk

• Incident Management

• Problem Management

• Change Management

• Release Management

Service Delivery:

• Availability Management

• IT Services Continuity Management

• Capacity Management

• Financial Management

• Service Level Management

Here are the details of Service support components.

1. Configuration Management


• Providing information on the IT infrastructure

o To all other processes

o IT Management

• Enabling control of the infrastructure by monitoring and maintaining information


o All the resources needed to deliver services

o Configuration Item (CI) status and history

o Configuration Item relationships


• Identification and naming

• Management information

• Verification

• Control

• Status Accounting

Asset: Component of a business process like people, accommodation, computer systems,

paper records, fax machines, etc.

Configuration Management Database: A database, which contains all relevant details of

each Configuration Item (CI) and details of the important relationships between CIs.

A Configuration Item (CI):

• Is needed to deliver a service

• Is uniquely identifiable

• Is subject to change

• Can be managed

A Configuration Item (CI) has:

• a Category

• Relationships

• Attributes

• a Status

Variant: A Configuration Item (CI) that has the same basic functionality as another

Configuration Item (CI) but is different in some small way (ex: has more memory)

Baseline: A snapshot of the state of a Configuration Item and any component or related

Configuration Items, frozen in time for a particular purpose (such as the ability to return a

service to a trusted state if a change goes wrong)

Configuration Management supports all other processes!

Scope vs. Detail

Relationships – Common Types:

• Is a component of

• Is a copy of

• Relates to

• Relates with

• Is used by

2. Service Desk


• To be the primary point of call for all:

o Calls

o Questions

o Requests

o Complaints

o Remarks

• To restore the service as quickly as possible

• To manage the incident life-cycle (coordinating resolution)

• To support business activities

• To generate reports, to communicate and to promote

Different Desks

• Call Center: Handling large call volumes of telephone-based transactions.

• Help Desk: To manage, coordinate, and resolve Incidents as quickly as possible.

• Service Desk: Allowing business processes to be integrated into the Service

Management infrastructure. It not only handles Incidents, Problems and questions,

but also provides an interface for other activities.

Service Desk Essentials:

• Single point of contact / Restore service ASAP

• Tasks: Customer Interface, Business Support, Incident Control & Management


• Concentrates on incident lifecycle management

• Incident: Unexpected disruption to agreed service

• Priority determined by business impact and urgency

• Correct assessment of priorities enables the deployment of manpower and other

resources to be in the best interests of the customer

• Escalation and referral

3. Incident Management


• To restore normal service as quickly as possible

• Minimize the adverse impact on business operations

• Ensuring that the best possible levels of service quality and availability are

maintained according to SLAs.

Incident: Any event which is not part of the standard operation of a service and which

causes or may cause an interruption to or a reduction in the quality of that service.

Work-Around: Method of avoiding an Incident or Problem.

Service Request: Every Incident not being a failure in the IT Infrastructure.

Problem: The unknown root cause of one or more incidents.

Known Error: A condition that exists after the successful diagnosis of the root cause of a

problem when it is confirmed that a CI (Configuration Item) is at fault.

Impact on the business + Urgency / Effect upon business deadlines = Priority

Category: Classification of a group of Incidents (Application, Hardware, etc.)

Escalation (Vertical Escalation): escalates up the management chain.

Referral (Horizontal Escalation): escalates to a different knowledge group. Routing.

Incident Life-Cycle

• Accept Service Event, Register and Consult the CMDB

• Classification

• Solve

• Closure

Reporting is VERY important.

• Daily reviews of individual Incident and Problem status against service levels

• Weekly management reviews

• Monthly management reviews

• Proactive service reports

4. Problem Management


• Stabilizing IT services through:

o Minimizing the consequences of incidents

o Removal of the root causes of incidents

o Prevention of incidents and problems

o Prevent recurrence of Incidents related to errors

• Improving productive use of resources


• Problem Control

• Error Control (including raising RfCs – Request for Change)

• Proactive Prevention

• Identifying Trends

• Management Information

• Posit Implementation Review (PIR)

Goal is to get from reactive or proactive. Stop problems from occurring / recurring.


• Incident details

• Configuration details

• Defined work-arounds


• Known Errors

• Requests for Change

• Updated Problem Records including work-arounds and/or solutions

• Response to Incident Management from Matching Management Information

Problem Control

• Identification

• Classification

• Assign Resources

• Investigation and Diagnosis

• Establish Known Error

Error Control

• Error Identification and Recording

• Error Assessment

• Recording Error / Resolution (Send out RfC)

• Error Closure

Known Error: An Incident or Problem for which the root cause is known and for which a

temporary Work-around or a permanent alternative has been identified.

Proactive Problem Management:

• Trend Analysis

• Targeting Support Action

• Providing Information to the Organization

Known Errors resulting from Development should be made known to the Helpdesk.

Reporting is also key for Problem Management.

5. Change Management

Objective: To implement approved changes efficiently, cost-effectively and with minimal

risk to the existing and to the new IT infrastructure. Only approved changes made, risk

and cost minimized.

Change Management Tasks:

• Filtering Changes

• Managing Change Process

• Managing Changes

• Chairing CAB and CAB/EC

• Review and Closure

• Management Information


• Requests for Change (RfC)


• Forward Schedule of Changes (FSC)


• Forward Schedule of Changes (FSC)

• Requests for Change (RFC)

• CAB minutes and actions

• Change management reports

Impact of change:

• Category 1

o Little impact on current services. The Change Manager is entitled to

authorize this RfC.

• Category 2

o Clear impact on services. The RfC must be discussed in the Change

Advisory Board. The Change Manager requests advice on authorization

and planning.

• Category 3

o Significant impact on the services and the business. Considerable

manpower and/or resources needed. The RfC will have to be submitted to

the board level (CAB/EC – Change Advisory Board / Executive


Priority Setting:

• Urgent

o Change necessary now (otherwise severe business impact)

• High

o Change needed as soon as possible (potentially damaging)

• Medium

o Change will solve irritating errors or missing functionality (can be


• Low

o Change leads to minor improvements

A change backout plan must always be possible.

Change management always ends with a review of the change.

Change: The addition, modification, or removal of approved, supported or baselined

hardware, network, software, application, environment, system, desktop build or

associated documentation.

Request for Change: Form or screen, used to record details of a request for a change to

any CI within an infrastructure or to procedures and items associated with the


Forward Schedule of Changes (FSC): Schedule that contains details of all the Changes

approved for implementation and their proposed implementation dates.

Change Management Process

1. Request for a Change

2. Registration and Classification

3. Monitoring and Planning

4. Approve

5. Build & Test

6. Authorize Implementation

7. Implementation

8. Evaluate

6. Release Management


• Safeguard all software and related items

• Ensure that only tested / correct version of authorized software are in use

• Ensure that only tested / correct version of authorized hardware are in use

• Right software, right time, right place

• Right hardware, right time, right place


• Define the release policies

• Control of the Definitive Software Library (DSL)

• Control of the Definitive Hardware Storage (DHS)

• Distribute Software and Associated CIs

• Carry out S/W audits (using CMDB)

• Manage the software releases

• Oversee build of the software releases

Releases are done under the control of Change Management.

DSL : Definitive Software Library. Reliable versions of software in a single logical

location. However, software may be physically stored at different locations.

Release Policy:

• Release Unit

• Full / Package / Delta Releases

• Numbering

• Frequency

• Emergency Change

Version Control:

• Development

• Testing

• Live

• Archive


• Software Control and Distribution (operational)

• Change Management (control)

• Configuration Management (control and administration)

Only process which creates its own policy.

Here are the details of Service Delivery components.

1. Availability Management


• To predict, plan for and manage the availability of services by ensuring that:

o All services are underpinned by sufficient, reliable and properly

maintained CIs

o Where CIs are not supported internally there are appropriate contractual

agreements with third party suppliers

o Changes are proposed to prevent future loss of service availability

• Only then can IT organizations be certain of delivering the levels of availability

agreed with customers in SLAs.

Aspects of Availability:

• Reliability

• Maintainability: Maintenance you do yourself, as a company

• Resilience: Redundancy

• Serviceability: Maintenance done by someone else

Availability Information is stored in an Availability Database (ADB). This information is

used to create the Availability Plan. SLAs provide an input to this process.

Unavailability Lifecycle

MTTR: Mean Time to Repair (Downtime) – Time period that elapses between the

detection of an Incident and it’s Restoration. Includes: Incident, Detection, Diagnosis,

Repair, Recovery, Restoration.

MTBF: Mean Time Between Failures (Uptime) – Time period that elapses between

Restoration and a new Incident.

MTBSI: Mean Time Between System Incidents – Time period that elapses between two

incidents. MTTR + MTBF.

“An IT service is not available to a customer if the functions that customer requires at

that particular location cannot be used although the agreed conditions under which the IT

service is supplied are being met”

Simplistic Availability Calculation:

Agreed Service Hours – Downtime 100

—————————————— X —-

Agreed Service Hours 1

2. IT Service Continuity Management

Why plan?

• Increases Business dependency on IT

• Reduced cost and time of recovery

• Cost to customer relationship

• Survival

Many businesses fail within a year of suffering a major IT disaster.

Business Impact Analysis:

Risk Analysis:

• Value of Assets

• Threats

• Vulnerabilities

Risk Management:

• Countermeasures

• Planning for potential disasters

• Managing a disaster

Risk Analysis: Based on the CCTA Computer Risk Analysis and Management

Methodology (CRAMM)


1. Do nothing

2. Manual workarounds

3. Reciprocal arrangements

4. Gradual Recovery (cold standby)

5. Intermediate Recovery (warm standby)

6. Immediate Recovery (hot standby)

Cold start = accommodation. Environmental controls; power and communications

Hot start = cold start + computing equipment and software

7 Sections of the Plan:

1. Administration

2. The IT Infrastructure

3. IT Infrastructure management & Operating procedures

4. Personnel

5. Security

6. Contingency site

7. Return to normal

Test and Review:

• Initially then every 6 to 12 months and after each disaster

• Test it under realistic circumstances

• Move / protect any live services first

• Review and change the plan

• All changes made via the CAB – Change Advisory Board

Contingency Plan:

• Assists in fast, controlled recovery

• Must be given wide but controlled access

• Contents (incl. Admin, Infrastructure, People, Return to normal)

• Options (incl. Cold & Hot Start)

• Must be tested regularly – without impacting the live service

3. Capacity Management


To determine the right, cost justifiable, capacity of IT resources such that the Service

Levels agreed with the business are achieved at the right time.


• Demand Management

o Business Capacity Management

• Workload Management

o Service Capacity Management

• Resource Management

o Resource Capacity Management

While doing the above, also need to do:

• Performance Management

o Internal and External Financial Data

o Usage Data

o SLM Data / Response Times

CDB – Capacity Data Base – Contains all Metrics, etc. Used to create a Capacity

Management Plan. Performance Management Data populates the CDB.


• From Customer Demands to Resources

• Demand Management

• Workload Management

• Performance Management

• Capacity Planning

• Defining Thresholds and Monitoring

Application Sizing: To estimate the resource requirements to support a proposed

application change to ensure that it meets its required service levels.


• Trend Analysis

• Analytical Modeling

• Simulation Modeling

• Baseline Models

• Used to Answer the “What If… “ questions

• Data for Modeling comes from the CDB

4. Financial Management


To provide information about and control over the costs of delivering IT services that

support customers business needs.

Costing is a must!

Input cost units recommended by ITIL:

• Equipment Cost Units (ECU)

• Organization Cost Units (OCU)

• Transfer Cost Units (TCU)

• Accommodation Cost Units (ACU)

• Software Cost Units (SCU)

Equipment = hardware

Organization = staff

Transfer = costs which IT incurs acting as an agent for the customer, they do not appear

as a cost against the IT department’s budget

Accommodation = buildings

Software = software

Different Cost Types:

• Fixed – unaffected by the level of usage

• Variable – varying according to the level of usage

• Direct – usage specific to one service

• Indirect or Overhead – usage not specific to one service

• Capital – not diminished by usage

• Revenue or running – diminish with usage

Charging Objectives:

• Recover from customers the full costs of the IT services provided

• Ensure that customers are aware of the costs they impose on IT

• Ensure that providers have an incentive to deliver and agreed quality and quantity

of economic and effective services

Charging and Pricing Options:


• No Charging – IT treated as support center

• Notional Charging – IT treated as cost center

• Actual Charging


• Recover of Costs – IT treated as a service center

• Cost Price Plus – IT treated as a profit center

• Market Prices – IT treated as a profit center

Support and Cost centers used “soft charging” in which no money changes hands; service and profit centers use “hard costing” in which money is transferred between bank


Profit centers focus on the value of the IT service to the customer

Good Financial Management minimizes the risks in decision making

Three Main Processes:

Budgeting: The process of predicting and controlling the spending of money within the

enterprise and consists of periodic negotiation cycle to set budgets (usually annual) and

the day-to-day monitoring of the current budgets. Key influence on strategic and tactical


IT Accounting: The set of processes that enable the IT organization to fully account for

the way its money is spent (particularly the ability to identify costs by customer, by

service, by activity).

Charging: The set of processes required to bill a customer for the services applied to

them. To achieve this requires sound IT Accounting, to a level of detail determined by

the requirements of the analysis, billing, and reporting procedures.

5. Service Level Management

Balance between the Demand for IT services and the Supply of IT services by knowing

the requirements of the business and knowing the capabilities of IT.


• Business-like relationship between customer and supplier

• Improved specification and understanding of service requirements

• Greater flexibility and responsiveness in service provision

• Balance customer demands and cost of services provision

• Measurable service levels

• Quality improvement (continuous review)

• Objective conflict resolution


• Service Catalog

• Service Level Requirements

• Service Level Agreement

• Operational Level Agreements (OLA) and Contracts

• Service Specsheet

• Service Quality Plan

• Monitor, Review and Report

• Service Improvement Programs

• Customer Relationship Management

Minimum Requirements for an Agreement:

• Period

• Service Description

• Throughput

• Availability

• Response Times

• Signature

Other Possible Clauses:

• Contingency arrangements

• Review procedures

• Change procedures

• Support services

• Customer responsibilities

• Housekeeping

• Inputs and Outputs

• Changes

Ideally contracts are based on targets in the SLA

SLAs must be monitored regularly and reviewed regularly

• Monitor to see if service is being delivered to specification

• Review to see if service specification is still appropriate

Overview of the ITIL v3 library

Five volumes comprise the ITIL v3, published in May 2007:

1. ITIL Service Strategy

2. ITIL Service Design

3. ITIL Service Transition

4. ITIL Service Operation

5. ITIL Continual Service Improvement

Service Strategy

As the center and origin point of the ITIL Service Lifecycle, the ITIL Service Strategy volume provides guidance on clarification and prioritization of service-provider investments in services. More generally, Service Strategy focuses on helping IT organizations improve and develop over the long term. In both cases, Service Strategy relies largely upon a market-driven approach. Key topics covered include service value definition, business-case development, service assets, market analysis, and service provider types. List of covered processes:

  • Service Portfolio Management
  • Demand Management
  • IT Financial Management
  • Supplier Management

Service Design

The ITIL Service Design volume provides good-practice guidance on the design of IT services, processes, and other aspects of the service management effort. Significantly, design within ITIL is understood to encompass all elements relevant to technology service delivery, rather than focusing solely on design of the technology itself. As such, Service Design addresses how a planned service solution interacts with the larger business and technical environments, service management systems required to support the service, processes which interact with the service, technology, and architecture required to support the service, and the supply chain required to support the planned service. Within ITIL v2, design work for an IT service is aggregated into a single Service Design Package (SDP). Service Design Packages, along with other information about services, are managed within the service catalogs. List of covered processes:

  • Service Catalogue Management
  • Service Level Management
  • Risk Management
  • Capacity Management
  • Availability Management
  • IT Service Continuity Management
  • Information Security Management
  • Compliance Management
  • IT Architecture Management
  • Supplier Management

Service Transition

Service transition, as described by the ITIL Service Transition volume, relates to the delivery of services required by a business into live/operational use, and often encompasses the “project” side of IT rather than “BAU”. This area also covers topics such as managing changes to the “BAU” environment.

List of processes:

  • Service Asset and Configuration Management
  • Service Validation and Testing
  • Evaluation
  • Release Management
  • Change Management
  • Knowledge Management

Service Operation

Best practice for achieving the delivery of agreed levels of services both to end-users and the customers (where “customers” refer to those individuals who pay for the service and negotiate the SLAs). Service operation, as described in the ITIL Service Operation volume, is the part of the lifecycle where the services and value is actually directly delivered. Also the monitoring of problems and balance between service reliability and cost etc are considered. The functions include technical management, application management, operations management and Service Desk as well as, responsibilities for staff engaging in Service Operation.

List of processes:

  • Event Management
  • Incident Management
  • Problem Management
  • Request Fulfillment
  • Access Management

Continual Service Improvement (CSI)

Aligning and realigning IT services to changing business needs (because standstill implies decline).

Continual Service Improvement, defined in the ITIL Continual Service Improvement volume, aims to align and realign IT Services to changing business needs by identifying and implementing improvements to the IT services that support the Business Processes. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured.

CSI needs to be treated just like any other service practice. There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned, and activities identified to be successful. CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting.

List of processes:

  • Service Level Management
  • Service Measurement and Reporting
  • Continual Service Improvement


Tagged : / / / / / / / / / / / / / / /

SCM Benefits the Organization in Four Major Ways – SCM Process Benefits


SCM benefits an organization in four areas: control, management, cost savings, and quality. These four benefits are mapped to an organization’s overall goals and objectives when the decisions are made to bring a SCM tool in-house. The features of a SCM tool further support these benefits.
SCM Benefits the Organization in Four Major Ways

Control in SCM provides the ability to review, approve, and incorporate changes into a configuration item. There must be one controlling SCM tool so that there is only one set of training, license management, installation, and user procedures. All project personnel use the tool. Inherent in the tool is a standardized, measurable process for change. Integrity maintenance of CIs is enforced throughout the product life cycle. The tool permits only controlled change to the baseline CIs, and all changes are tracked.

Management in SCM is concerned with the automation of identifying and guiding configuration items through their life cycle to final assembly as part of product and delivery. Identification of CIs through a unique naming convention allows version, release, update, and full change tracking. Baselining of CIs with the ability to produce product deltas from the baseline satisfies requirement and schedule changes along with product family support. Rapid reviews and audits of CIs are accomplished through the analysis of historic information collected. Project status reporting is accomplished in a clear and consistent format based on SCM collected information on all CIs under configuration management.

Cost Savings
Cost savings are realized across the entire product development life cycle with SCM. Maintaining product integrity through defined, tracked, and audited CIs provides a managed bill of materials for the product released to customers. Cost savings scale with SCM use and application across applications. This scaling is dependent on the depth of control needed for each application product release tree. Deep combinations for product families can be analyzed for risk exposure and cost savings directly impacted by the amount of configuration management applied. Side effects are reduced through controlled change by understanding the impact on all versions and releases. Accurate and repeatable release control is produced in a repeatable fashion over entire product families for all customers and users.

Software development is a people-intensive activity, and quality must be considered at every person-to-tool interface. Ensuring a high-quality work environment must address the process of building software products in an automated fashion. This must include tracking CIs to the tools that produced them and the clients that ultimately receive the product. Measuring the end product to ensure high quality is done through tracking the changes made to a product throughout its life cycle. Repeatable management and change control in a documented and measured fashion allows accurate estimation of future efforts. Quality is an ongoing process. The lessons learned in one product must be transferred to new, related products and entire product families.

Tagged : / / / / / / / / / / / / / / /

Benefits of CVSNT, What are the advantages of CVSNT over CVS ?


Advantages of CVSNT over CVS

Supports authentication via Microsoft Active Directory or SSH (windows only) YES NO
Set enforced protocols allow server to lock out clients connecting over insecure protocols or using insecure/inefficient options. YES NO
Easily remove protocols (without recompile) YES NO
Branch ACLs can be used to restrict access YES NO
LockServer provides file level locking YES NO
More sophisticated / extra triggers available e.g. postcommit. Triggers also available via COM/DLL/.so interfaces YES NO
Supports Unicode files with additional keyword expansion switches YES NO
Efficient storage of binary files using binary deltas YES NO
Extended modules functionality using the modules2 file YES NO
Advanced Reserved Edits and checked commits (supercedes exclusive locking concept) YES NO
Server-side default options (cvsrc) YES NO
CVSROOT/config scripts etc. YES YES
Repository browsing via cvs ls command YES YES
Pluggable server-side diff programs YES NO
Supports Unicode files with additional keyword expansion switches YES NO
Server-side default options (cvsrc) YES NO
UTF-8 (Unicode) Server. YES NO
Multi Lingual filenames suport. YES NO
Rendevous Support YES NO
Binary availability for Windows, Mac OS X, Linux, Solaris, HPUX YES YES
Client support for IBM iSeries (AS/400) OS/400 YES NO
Windows Server
Supports encrypted authentication via SSL (all platforms) YES NO
Configurable with Windows Control Panel YES NO
Compatible with NTFS ACL’s for using permissions based on Windows username or group. YES NO
Triggers also available via COM and DLL interfaces YES NO
Cshdump handler YES NO
Native file access YES NO
Native MSI Installer YES NO
Smart Merge using MergePoint YES NO
Supports Unicode files with additional keyword expansion switches YES NO
“Import-and-go” by optionally turning freshly imported trees into a new sandbox automatically. No more need to purge and do a fresh checkout first YES NO
Version OSX resource fork extensions keyword expansion switches YES NO

Source: Related Website & http://www.cvsnt.org

Tagged : / / / / / / / / / / / / / /