Working with People with Issues

Recent events remind us that we all can be vulnerable in our schools and universities.  While external people are often the sources of violence in our environments, violence in the workplace, triggered by disgruntled and angry employees or former employees, is a real issue.  Perhaps we can share insights so we all can better protect ourselves.

I've worked with people who were struggling with problems.  In a few and rare situations, a couple folks moved beyond the usual anger and frustration that you can see in tense and stressful working environments.  These are "red flag" cases.  I'm not a psychologist or mental health professional, so I can only speak from personal observations.  Maybe if we all share observations, we can get smarter about how to handle situations and prevent harm to those around us.

What I've observed:

• Some people can get angry and frustrated easily, but generally, this is an emotional maturity issue that just requires mentoring.  When you talk through a situation with that individual, they hear what you are saying and they are able to see how their anger hurts themselves. 
• A few people seem to enter onto a path where they are unable to act in their own best interest. Their anger or reasoning of situations leads them to make decisions that are just not beneficial to themselves.  An individual may have angry outbursts in a management meeting, and when you approach that person to discuss the situation, the individual justifies the angry outburst and does not reflect on the situation.  And the individual may continue to demonstrate the same behavior, even though you've warned the person about the negative consequences from their behavior.  The individual may over-react to any perceived criticism.   Some people seem to just completely lose the ability to recognize that their actions are working against them.  A defensive and hostile attitude is demonstrated.  The individual is consistently belligerent when behavior is discussed.  
• One behavior that commonly emerges is ignoring or breaking rules and policies.  It may start small, like not parking in an assigned parking space or not following department procedures for reporting being out of the office.  Increasingly, the person does not feel the need to comply with basic rules, and when confronted, is unable to comply with rules in a way that is in the individual's best interest.
• Another typical behavior is isolation.  The individual will separate and not join groups for lunch or campus events.  The individual will not engage or will avoid typical office conversation, even simple stuff like "Did you watch the football game Sunday?".   You may note someone becoming invisible in the department. 
• One therapist I spoke with suggested that some people need to build up anger, almost to build up a head of steam, to make themselves feel important and to have a real presence.  They feel dis-empowered and invisible.  Demonstrating an angry outburst puts them at the center of all attention.  It gives them a sense of power, because they now control the conversation and the attention.
• A behavior labeled as grandiosity, a state of being delusional about one's importance, may be displayed.  The individual may appear overly boisterous about his job title, role, or decision-making authority.  Another behavior that can be inappropriately displayed is moral righteousness; the individual believes he or she is are totally right and others are not following the rules.  

When we find these situations on our campuses, we probably try to act specifically:  avoid confrontation, do not question, minimize the situation, and report it to Human Resources.  You may have a campus behavioral concerns committee, and that group should also be informed.  My personal experience is that when you see someone not able to act in their own best interest, and demonstrating outbursts timed to attract attention and get control of a space, you must confront the behavior immediately and consistently.  You should characterize this as "red flag" behavior.  Lack of confrontation further empowers the individual and over time, the situation worsens.  It does not get better on its own.

In summary, the red flag characteristics:

• Unexplained, ongoing anger that may appear as a quiet, seething edginess or loud, emotional outbursts.
• Inability to recognize and act upon a positive path that is in the individual's own best interest.
• Belligerence or silence when behavior is discussed. 
• Over-reaction to criticism.
• Overly defensive or hostile attitude, especially when confronted about unacceptable behavior.
• Deflects responsibility for unacceptable behavior to other rationales, moral righteousness, or actions from other people.  Accusatory behavior with co-workers. 
• Breaking rules, even just a series of small rules, and an unwillingness to discuss or correct the behavior.
• Changing work schedules without approval, disappearing, or working random hours.
• Isolation from co-workers and the campus community.
• Repetitively appearing anxious or confused.
• Behavior displayed as grandiosity.

If you encounter these behaviors, you must start keeping a journal noting the dates, times, attendees or witnesses, and a full description of the disruptive behavior or angry outburst.  Pay attention to the journal for patterns of similar incidents or increasing anger.  Monitor and retain technology messages and note any messages of concern in the journal. 

One challenge is that Human Resources or police (if contacted) will ask you if you or others have been threatened.  For most of us this is harder to answer than we might think outside of a specific event.  I've been in situations where I definitely felt threatened, even though no specific threat was articulated.  I've tried to use words such as intimidation and belligerence.  Sometimes the behavior might be described as harassment. 

But it is important to remember that a threat may be non-verbal.  Did the individual stand up?  Stand over you?  Invade your sense of personal space?  Slam a door?  Punch a wall?  These actions can all make you feel threatened, even if no specific verbal threat was issued.  Since we work in technical fields, be aware of threats that may come to us via technical resources (email, social media sites, etc.).  These may contain veiled references to violence.  Campus public safety or police units should be informed of any threat.

Human Resources often wants to provide cooling off periods or time to mentor the employee.  I believe it is important to recognize the behaviors quickly, confront the behavior promptly, and to report it to Human Resources immediately.   We may need to insist on immediate involvement from Human Resources. We all need to be comfortable communicating the degree that we felt threatened by the situation, and whether we perceive the behavior as escalating over time.    Use your journal to keep other units informed.  Push for attention to the issue.

Some reading that may be useful:

FBI Report on Workplace Violence http://www.fbi.gov/stats-services/publications/workplace-violence

Resources for Preventing Workplace Violence and Bullying http://workplaceviolencenews.com/

Important legal issues and court cases http://www.sgrlaw.com/resources/trust_the_leaders/leaders_issues/ttl13/869/

Book:  The Gift of Fear by Gavin de Becker (Thanks, Craig Blaha, for the recommendation).  http://gavindebecker.com/resources/book/the_gift_of_fear/

I hope you have tactics and strategies that work at your institution that you can share.  

Finding the Path

I have two Samoyeds, dogs that are bred to be on the move.   As a result, Thomas and I are committed to hiking every weekend.  We've been to our selection of local parks and recreation areas enough to know the trails.  Trails are clear paths.  You know where you are going, you can see where you've been.

We can see a water slide and park platform around a pond from one of our regular trails.  We've never seen people there.  We decided last weekend to take a side-spur to see what this platform was all about.  Hiking there we found an abandoned camp.  We then decided to hike on parallel to our regular trail, figuring we'd eventually find a path back to the trail.  Instead we found ourselves in a pasture, with some cows in the not-too-far distance, who were very interested in us.  Taking a hard right-angle, we figured we'd get back to the trail, only to find a pasture fence.  After hiking around, we found a spot to go through the fence. 

Then we had to hike cross-country through the woods.  This involves pushing through the faded rose brambles and stepping over logs.   We had to maneuver around a low-lying swampy area.  There was no path; nothing was clear.   At a higher point we paused to look for signs of the trail and saw nothing.

We were never lost, really.  We knew we were in the recreation area, and we even knew what section.  We knew which direction we left our car, and we knew where the trail was located, sort of.  But the path was not clear.  We kept going and found the trail, but we only saw it when we were about 10 feet away.

We talked about the difference of hiking on the trail versus hiking cross-country.  We both felt a very different sense of orientation.  Even when we rejoined the trail in a familiar location, we both continued to feel a sense of disorientation.  Our perspectives had changed.  We've noticed this just walking through our neighborhood, which we do daily.  Even walking on the other side of the street, or reversing the direction that we walk along the same street, gives a perspective change.

I am one to let my mind wander back to work items (probably too much).  This experience made me think about my experiences with project management.  Early in my career I worked in places where we had very locked project management processes in place.  EDS had very strict rules for project management in the 1980s.  I also worked in places where KnowledgeWare was used.  Another methodology was proprietary to the Arthur Young accounting firm where I worked.  The path for managing a project was clear, and we stayed on the path. 

When I first came to Oakland University, I brought those project management paths with me and tried to use them in the university environment.  I stuck with it for over 5 years, and felt there were some positives.  For example, one positive is that before the project management communications standard, there was a feeling at the university that the central IT organization didn't do or accomplish much.  With public project lists and joint priority setting, each silo became aware of the projects completed for other areas of the organization, and as a result, central IT's value became more apparent.

However, the path locked us out of seeing different perspectives and different ways to solve problems.  It was too easy to get locked into a particular way of seeing things, without understanding the value of the locked step.  Right now I'm more likely to try to shake things up, to see things from different angles, and to value fresh perspectives.  I also want the organization to be more agile.  If the shortest path is cross-country, we need to be ready to try it.  This is another way to create space in the organization for innovation.  Finding steps off the common path help inspire us all.

Capacity for Innovation

Discussions with fellow professionals at the Educause conference are engaging.  I so appreciate all the opportunities to speak with fellow CIOs and IT leaders at this conference.  I find this a time to pause and think.  That ability to pause and think is increasingly rare on our campuses as we try to go faster, move with greater agility, and do more with dust.

The phrase that caught my attention today was from Lev Gonick of Case Western Reserve University.  He spoke about reorganizing to create capacity for innovation.  I thought about the characteristics of that innovation.  It is time to think in one sense.  Innovation needs time to play and time to experiment.  It includes access to tools and techniques to facilitate innovation.  It needs time to experiment, make mistakes, and find solutions and resolutions to both the mistakes and the paths that led to the mistakes.

Innovation doesn't happen alone, in my view.  To be really effective, we need to create a community, a group with availability to think creatively together.  There's a synergy and a flow that gets created when a group has the capacity interact.

I am giving thought to how I can create capacity for innovation in my organization.

Conference Center Network Services

After spending much of last week scrambling to support creation of open wireless network "conference" services in the new campus golf clubhouse, I recognize that traditional campus networking and conference networking are different animals.  I'm learning the conference stuff; needs to be second nature in planning.  A couple folks asked me to comment more, so here's another opportunity to think this through.

Our campus has a limited access network.  All the clients connecting to the campus network are known.  We have limited public access in the library, but patrons must provide an identity and register.  We have limited public access in the student center, but again, participants have to register for an event hosted in the center.  We do not provide open, unauthenticated, public access.  This is due to several requirements for identification, such as limiting access to a limited resource to those actually paying for the resource or having some connection with the university (like students).  We also have determined how we want to respond to DMCA complaints and other legal documents requiring that we identify who is on the network.

When I go to our golf center, there are three constituent groups requesting wireless network access:

• University employees conducting university business activities.
• Event guests who are visiting for a defined event hosted under the terms of a contract.
• Pass-through guests, those dropping in for a round of golf and staying for a visit to the clubhouse.

There are differences in the requirements.  The differences may be characterized by roaming, service level agreements, accessed content, access density, and authentication, among other items.

University employees want to use the wireless network to access university services.  Access is protected by authentication and authorized use of services.  We try to make that network more secure by make sure that that devices are properly updated with anti-virus services and operating system patches.  This is a closed and controlled environment.

Event guests are represented by an event organizer.  The event organizer consolidates requirements into a statement of work associated with an agreement.  The agreement will provide for a certain level of guaranteed access with a service level agreement;  specifics are provided in the contract.  We are hosting a state PGA event, for example, and they have specific requirements for network provisioning.  When we hosted the national Republican presidential debate event last fall, the Republican organization planning the debate had very specific requirements.  This technical requirements are covered in the event hosting agreement.  When we sign agreements, we have to fulfill the services described in those agreements.  We may need to segregate a service for an event, with a separate SSID and password (like the Educause conference).  There can be a login storm at the start of the event or during schedule breaks. 

Pass-through guests expect network access without authentication.  We may just present a basic terms of service splash screen, and limit the network operation to general port 80 traffic.  These folks are generally checking communications channels (email and social media).  Their access typically does not roam.  There's no formal service level agreement.  They may congregate in specific areas, so there needs to be higher density of access points in some places (like food service areas).  We have determined we do not need to know who is on the network.

On the main campus, our students, faculty and staff access the network through a centralized authentication service.  We need to know who is on the network.  Students and faculty tend to login once and roam the campus.   The area they roam tends to be larger than those attending an event.   There isn't a single event organizer with whom we work to meet requirements.  We decide the services in central IT and deliver those services broadly.  We do see the same density issues in food service areas, but there's no service level defined in a contract.  We try to meet service expectations, not contractual terms.

That's probably a start of what I've learned, but I would appreciate questions and comments about what I've missed.






  

Policies and Procedures

As a CIO, I've been writing policies, guidelines, and procedures for a long time.  My technical background did not prepare me to write these kinds of documents.  I suppose my general education and business background did provide some preparation.  I worked in a law firm many years ago and had to write guidelines for staff members that satisfied the partners (who had a high writing standard).  I have a Master's in Public Administration and we covered many similar topics in that program.  Still, I've never really studied "writing information technology policy."  For a while I've been thinking we need a uniform policy and compliance guideline, but I'm not sure who could write it.


Several years ago, Rodney Petersen wrote a useful article for Educause Review:  

“A Framework for IT Policy Development” (http://www.educause.edu/ero/article/framework-it-policy-development). Another useful piece from the Educause is by M. Peter Adler: "A Unified Approach to Information Security Compliance"  http://www.educause.edu/ero/article/unified-approach-information-security-compliance.

This SANS chart is good, but you have to interpret it for policies:  http://www.sans.org/whatworks/applicable_sections.php.

This week I attended the Educause Campus IT Policy Workshop, led by Greg Jackson, Educause Vice President, Policy, Jarret Cummings, Educause Policy Specialist, and Kent Wada, Director, Strategic IT Policy and Chief Privacy Officer, UCLA.  This was truly a workshop, with strong presentations followed by case studies and discussion.  Links and materials to useful references were provided.  The event was a positive learning experience, even for someone who has been writing policy for a while.

As a result, I came back and reviewed our university policy template again.  Our university policies are posted here:  http://www.oakland.edu/policies.  Our information technology policies exist within the university framework, but I isolate them on our web site for presentation with other procedures and guidelines:  http://www.oakland.edu/uts/policies.    

I'm in the process of updating a half dozen policies to incorporate feedback from the external PCI auditor.  I am trying to organize my "policy thinking" and I am going to try to bring some consistency to the documentation. The PCI auditor had recommended that we separate all PCI elements into one PCI policy, but after the workshop, I am more convinced that the separate policies that are IT-centric still makes more sense, particularly for a university.  Too many components for regulatory compliance overlap.  It doesn't seem to make sense, for example, to have separate policies for FERPA, HIPAA, and PII data, when it all comes down to information and data security.  I also want to create policies that are not obstacles to what the university is trying to accomplish.

Once a policy is developed, our review and approval process is described here:  http://www.oakland.edu/uts/policies#governance  It is quite of bit of work to shepherd a new policy or a policy update through the process, but it is worthwhile. You hear different perspectives and sometimes you realize the policy needs to be worded differently.  Shepherding a policy also presents an opportunity to get support for the policy, particularly when the subject matter is difficult.

To help organize my thinking, I've created a checklist, posted here:  Policy Checklist

Anybody want to talk Policy?  

Changing Software Support Model

The changing role of the CIO and the central IT organization is certainly a hot topic at the moment.  One item I have spoken about is the changing software model.  I do believe we are moving away from the traditional IT requirements-based approach that worked (and probably still works) well for software development, to a model based on consumerization.  Our constituents fall in love and buy software.

A few years ago I participated with Educause in writing about reviewing software and managing alternative sourcing at Oakland University.  We marveled in that we looked at over 25 pieces of software in a year, and most were not coming through traditional project methods.  We had to review our purchasing process.  This past year the university community looked at over 325 pieces of software, that we know about.  We've done pretty well at making sure we are part of the purchasing process so that we avoid redundant purchases and software installations and support aren't unexpectedly dropped in our laps.  Some software applications are installed on campus, and some solutions are hosted.  Some are desktop installs, some are server installs, and now we have the App family.

Nevertheless, there is an emerging issue about software support.  Obviously, my staff of 33 IT professionals cannot be experts on supporting over 300 pieces of software.  The university cannot hire a system administrator or application support specialist for each piece of software.  Our traditional support expectations do not scale with that volume of purchases. We can't even be the sole-vendor contact. Yet I had an uncomfortable situation last week where a senior staff member told me that calling a vendor for support was "not a lean process."

In discussions with my staff, we've identified about a dozen key software systems that we've installed where we only offer hardware and operating system support.  There may be a disconnect between the services we offer and the expectations of our community.

I'm trying to put together tiers of support for software, something like:

• Outsourced.  Contacts go directly from client to vendor.  Central IT gets involved for contract review and assists with resolution in technical disputes.
• Campus install in datacenter with full support.
• Campus install in datacenter with some support.
• Campus install in datacenter with only operating system and hardware support.
• Departmental server install.
• Local device install.

As I'm looking at this, there is a developing support matrix.  In addition to location and local support resources, we also have to look at server, storage, operating system, web server applications, identity access management, database management applications, code management architectures, security applications, backup services, and the actual software application.  Server and storage architectures are a lot more complicated to manage with the virtualized environments we now install.

In some cases our central IT operation provides and supports the entire list.  The closest is our ERP implementation, even though we do push using the vendor support options (including mailing lists and online community) before contacting us.  In other cases, we split the work with another unit; for example, for Moodle, we provide the server, storage, operating system, identity access management connection, security applications, and backup services.  Our E-Learning operations does the rest.  We jointly work on tuning.

In other cases, particularly for research, we are hosting hardware and really not doing much else.

The issue we see emerging is when a software package starts locally, in a department, and gains adoption.  We then need some sort of escalation and approval process to move the software to a support model.  A few years ago we looked at this from a server support model, with levels described on our web site.  We really need to rethink this for tiers of software support, and the governance model that moves a software solution to a higher tier of support.  This needs to be logical and rational.  We need to include the staffing needed to provide support in the evaluation.  That piece is really missing, as we've been resourced constrained so long.  

We can't keep adding solutions to the VM architecture without analyzing the impact on staff resources, and we haven't fully identified the impact on staff.  We can respond to a new server request with agility in the VM environment.  When we do so, we need to be clear that it doesn't mean we can answer questions about the software internals or how the application really works.  As we get a more and more complex virtual environment with expanded storage and complex disaster recovery scenarios, we need systems engineers and storage architects, but these additional staff will still not be able to answer the questions about how the application really works.  Then we get a community disconnect;  we got additional technical staff, but the client support expectations may still not be met.  We aren't there yet, but we seem to see new challenges for communications, particularly communications needed to justify additional resources.

Our path is not yet clear, but we are thinking about it.

Who needs the web?

http://www.nytimes.com/2012/04/11/technology/instagram-deal-is-billion-dollar-move-toward-cellphone-from-pc.html?_r=1&nl=todaysheadlines&emc=edit_th_20120411 

The timing of this article connected to my thinking about future projects on our enterprise systems team and allocating resources from that team to the wide variety of identified projects.  I had lunch yesterday with the Director for Enterprise Systems, Lori Tirpak, and two team members who worked on mobility projects for the last year.

The team has finished a strong set of projects this past year. Projects included improved messaging to students about advising and progress to degree.  Also, the team upgraded the portal architecture to the uPortal platform that is mobile-ready.  Finally, the group completed and launched the first OU App in the Apple store.  We spent time talking about projects for the coming year, and we talked about when we might no longer support the portal and instead totally focus our resources (a team of 8 people) on mobile initiatives.  Obviously, something like a transcript isn't going to translate well to a smartphone.  But many services will transfer to mobile devices.

The phrases that caught my eye in this article:
“For decades, the center of computing has been the desktop, and software was modeled after the experience of using a typewriter,” said Georg Petschnigg, a former Microsoft employee who is one of the creators of Paper, a new sketchbook app for the iPad. “But technology is now more intimate and pervasive than that. We have it with us all the time, and we have to reimagine innovative new interfaces and experiences around that.”


"Who needs the Web?"


It reminds me of the era when we kept our old mainframe databases running, due to the cost of transitioning those databases to new platforms.  Instead, we dropped the mainframe screen interfaces and replaces the user interfaces with new designs and platforms.


So we can keep those huge ERP databases or learning management systems behind the scenes.
Then focus on small service bites that are important in the moment and that can be provided by mobile devices.  That has to be the priority.  Using the points in the article, put your resources into mobile from the start, rather than starting with the web and redesigning for mobile.
Any left over resources - and that isn't much on our team - updates the web experience.  That is quite a shift in thinking.  


This really has us thinking about project priority for the next year.

Academic Records and the Changing Education Model

I think, increasingly, what we will be buying from individual college and universities, is the credential, not the full learning experience that we associate with traditional college.  How we store records supporting the credential, and put those records together to indicate evidence of learning, may change in the not too distant future.

Imagine a space where you, as an individual, take some courses from MIT or Stanford, online, open and free.  You build your knowledge for knowledge sake.  There are two reasons we pursue knowledge:

• personal growth
• obtaining meaningful work that pays a salary that meets our lifestyle expectations

The open course-ware model works perfectly for personal growth.  But how does an employer know that you've assembled a body of knowledge that leads to you being a talented individual that is knowledgeable, capable, and hire-able?  Right now, degrees provide that university tattoo of knowledge.

Today, each university owns the academic records that make up that tattoo.  The student has to meet the requirements of that university to obtain the tattoo.

What if the world was different:
Each student owned their academic records, rather than the educational institution owning the records.
Students might hire a company that is an "academic records repository" or "academic records bank".
Some records in the repository are graded; some are not.
Some records may be combined to present a "Badge" of learning.  A Google search on the two words "learning" and "badge" show this growing concept.
Some records, graded and accredited, may be assembled into a traditional degree.
The student assembles a personal tattoo that is not defined by a university, but by the student.

What is the role of the university in this environment?  The university may offer some courses for credit and some as open (like Stanford is doing now).  The student may obtain the knowledge in either path.  One path, the credit path, achieves a higher standard of knowledge certification (i.e., grades).  So what the university is really providing is knowledge certification, not just a diploma that represents completion. 

What if I, as a student, can build knowledge from several sources, some certified, others open, and record that with the third-party academic records bank that is independent of any particular university?  The records bank doesn't certify, but provides the transcript of all the work, instead of the university transcript.  The university credit transcript would feed into the academic records bank, as well as open course work, technical certifications and whatever.  The employer would request knowledge verification from the academic records bank, not any one university.

The "Big Blue Button" idea of medical records could apply to student records.  But if institutions could send directly to the academic records bank, what would be the point of the "Big Blue Button"?  Perhaps to make a record withdraw to send to a potential employer.

We are now sending all academic records to the State of Michigan for storage in a state-wide database.  Perhaps certifications and other learning mechanisms could feed into that database.  So perhaps, down the road, the state will provide the academic records bank.

What does this do to the academic records we store on campus?  Is there any reason to keep years and years of campus history if we can store the records in a single centralized bank?

There is potential for a shift in where and how we store student academic history.

Storage

Steve Glowacki, Director Systems Engineering at OU, and I have had several interesting conversations since the holiday break.   Steve ended up doing trouble-shooting and problem resolution (with his team) over the break.    I thought I would interview Steve for this blog post.  This follows on to my earlier impacts post, as we talk about data and content, and the need to store ever-larger files.  Nothing is ever deleted, it seems.  What is back-up and disaster planning in this growing data environment?  We had a discussion about problems and tactics.

Steve, can you describe some of the challenges experienced over the break?
We noticed that the back-up amounts had basically quadrupled started just before the holiday.  We went from approximately 500GB differential per night to usually slightly more than 2TB per night.

Did you find out the source and stop it?
Finding the source wasn't terribly difficult but we couldn't stop it.  It was valid stuff to back-up.  There were a lot of changes going on.   Over the break, we allocated an additional 3 TB of storage to back-ups, which was everything that remained within the architecture, and added 10 additional LT04 tapes, which the system promptly consumed.  We placed an emergency order for 20 additional tapes while still on break.

What next steps did you take when you returned?
We started reviewing how to consolidate tape utilization for optimized tape utilization.  As tapes are written to, the tape is consumed or full.   Then as data ages off, portions of the tape are freed, but the physical tape is still consumed.  Out of 130+ tapes, a good portion have low percentage physical utilization.

What we are looking for now is a process or procedure that will consolidate the data in use, distributed across several tapes, to a single highly utilized tape.

The other thing we are looking at is migrating to a new complete new architecture for backups, restoration, disaster recovery and data de-duplication.

What are you looking at?
The architecture is based on VMWare / NetApp, so the backup environment needs to work very closely with that architecture.


So, a minute ago, you said you were trying to review something and said:

"In some obscure way you log into this thing and control backups, restorations, bare metal restores, or tape archiving....  The tech team is having discussions about how this all works."

Tell me more.

What I found funny was that it took two university engineers and a vendor sales engineer three days to find the compatibility list for tape libraries.  It is complicated.

What makes it complicated?

Tape is becoming very limited use.  

What should we be doing?

Remote site de-duplicated replication is one option.  The remote site may be here or the cloud.  Remote site is likely phase two.  Phase one is implementing solutions to work with the VMWare / NetApp architecture.  Phase two is the remote site capabilities.  The reason we are breaking it into two pieces is timing and procurement process.  De-duplication and how that is done technically is extremely important to consider.  

So several purchases have been made over the past couple days.

We purchased another shelf of high speed disks.  This will allow us to optimize server performance and through-put.  Looking at the total input/output per second across the two types of shelves we have, and made a decision to improve performance by going with smaller, faster disks for specific services.  For example, we have a virtual server which may have enhanced performance by being located on faster disks while the connected storage may be on slower disks.

A lot of analysis about what to put where...

It's an ongoing thing.  

And your second purchase?

Several software options driven by recent requests.  One request was video streaming, so one of the options is for turning on native shares for CIFS.   Another software request was for NFS, to allow for UNIX-based mounts.  This has the potential to additionally augment throughput.  Another is SnapVault, but it is just for swarming snapshots, and that takes us back to where we started this conversation.

Is your head spinning?

A bit.  It's my job, though.  A lot of conversations will be needed with the Network team too.