Time for a fresh look at Disaster Recovery?

Insights and tips for small and mid-sized businesses
by Colin Beveridge, Principal Analyst, Freeform Dynamics

Not many people read IT Disaster Recovery plans for pleasure but these documents are often far more insightful than the organisation’s Annual Report. That’s because the quality and scope of the DR plan instantly reveals the company’s relative priorities, levels of resource investment and commitment to business continuity planning.

At the very least, a robust, up-to-date and proportionate IT disaster plan shows not only that somebody cares enough to try and keep the wheels of industry turning but has also put adequate measures in place to minimise the risks of unexpected IT failure.

Of course, the interpretation of ‘adequate measures’ will always vary from organisation to organisation, according to local needs and resources, because there is no cookie-cutter model (one size fits all) for disaster recovery.

Nevertheless some fundamental principles do apply, regardless of organisation size and scale, which means that Small and Mid-Sized Businesses (SMBs) face very similar DR challenges to those of their larger counterparts. Even the smallest SMB needs to take some steps to protect the integrity of its business systems when things go wrong.

A Freeform Dynamics study focused on organisations with between 50 and 1000 employees shows that SMBs generally care about IT disaster recovery and proactively establish DR measures, even if they don’t always describe them in such terms.

However, the research also highlights some gaps and shortfalls in disaster recovery capability, which respondents readily acknowledge. Having said this, only 20% of SMBs indicated that investing in DR improvements would be considered as high priority spending:

The chart above is one of a number from the aforementioned research which tell us that a good proportion of SMBs are well aware of their DR challenges but most can’t afford to throw money at the problem areas, particularly in a difficult economic climate.

But that shouldn’t stop them taking a fresh look at their disaster recovery plans, not only to see if there are any affordable opportunities for incremental improvements in key areas, but also to check that any previous plans remain properly aligned with their systems portfolio and infrastructure.

Chances are that some re-alignment may be necessary, particularly if business systems, IT infrastructure or services have been changed or introduced since the last DR review. It’s also vital to pay specific attention to any changes in business priorities, working practices (such as growth of remote/mobile working), service delivery models or service providers, because these will all directly affect the business continuity and disaster recovery requirements.

Likewise a previously suitable mix of DR tools, techniques and technologies might now benefit from a rethink. SMBs may find that the falling cost of storage, the mainstream readiness of virtualisation technology and the maturation of third-party hosting services (including Cloud) offer real benefits of cost and timeliness, in terms of better IT resilience and recovery, when compared with a ‘traditional’ DR approach, such as offsite tape backup and recovery.

Perhaps, though, the biggest challenge for a smaller business is in knowing what ‘effective’ DR and good business continuity planning looks like in practice. This is where awareness of what works well elsewhere can be invaluable.

In an attempt to flush out some of the ‘best practices’ for SMB disaster recovery, our analysis of the research sample divided the interview respondents into two groups: a) those with comprehensive/ good IT DR, and b) those with inadequate/ poor IT DR capabilities.

On comparison of the two groups we saw some significant differences, with seven specific characteristics, or behaviours, that appear to stand out as ‘enablers’ of better DR performance.

Some of these enablers, such as inclusive planning (i.e. ensuring that IT disaster recovery planning is fully co-ordinated with general business continuity plans for people and process) and the prioritisation/ funding of DR investments, are hardly surprising because they represent the fundamental points of entry to effective DR anyway.

However, other enablers identified in the research may be less obvious to an SMB hoping to improve IT disaster recovery capability. These include the use of alternative storage media and advanced DR solutions, such as Continuous Data Protection (CDP) which facilitates rollback or recovery to a particular point in time – extremely useful if a key data store has become compromised, or otherwise invalidated by application or user error.

For a full discussion of the effective DR enablers and more information on this topic, you can download the full research report here

(originally published on computing.co.uk)

RIM changes its leadership, but not its course

On January 23rd, 2012, Research in Motion (RIM) announced Thorsten Heins as President and CEO. Mike Lazaridis, former Co-Chair and Co-CEO becomes Vice Chair of the Board, and also Chair of the Board’s new Innovation Committee. Jim Balsillie remains a Director. Barbara Stymiest takes on the position of Independent Board Chair. Prem Watsa joins as a new Board Director. All with immediate effect. The complete press release can be found here: http://press.rim.com/release.jsp?id=5358

So what’s new, apart from the personnel moves summarized above? Based on the official press release and what was said during the company conference call, the answer is: not a lot.

Thorsten Heins stated that the top priorities for his first 100 days in office would be – in that order - improved marketing (with the appointment of a Chief Marketing Officer), and the strengthening of processes and execution.

He also made it abundantly clear that the emphasis for the new CMO (to be brought on board asap) was going to be very much on the consumer market, with a particular emphasis on making up lost ground in the US. By contrast, nothing was really said about RIM’s enterprise customer base, and how to shore it up in the face of increasing competition.

Those who were looking for a change in overall company or product strategy were disappointed. Thorsten very firmly stressed the company’s commitment to BB10 (described as not simply a new operating system, but a new platform) and PlayBook 2.0, and hailed the technical superiority of both. He also made it clear that RIM was not going to hive off any parts of the business, as having an integrated approach (hardware, software and services) is seen as a key competitive differentiator. Requests to license BB10 would be considered on a case-by-case basis, but hardware-only deals were firmly ruled out.

Improvements to resource planning and program management will no doubt be a positive move, if they lead to fewer product delays and more stable early releases of new software. And better marketing can’t do any harm, provided the product and service are right. But there is little sign as yet that RIM is bringing the developers round to its vision of the future.

In the near term, urgent action is needed to address the enterprise part of the business. Despite having lost market share in some countries, RIM still has a large number of enterprise customers. If it wants to retain these, the company must spell out very clearly the reasons why these customers should stay loyal. While RIM may still have the edge when it comes to certain corporate requirements, such as security and central management, the gap is closing, and RIM has to move fast.

The big questions remain: Is this management change too little, too late? And how much room to manoeuvre will Thorsten Heins really have, should he decide a change in strategy is required after all, with the shadow of Mike Lazaridis continuing to loom large?

New analyst at Freeform Dynamics

It is my great pleasure to announce that Colin Beveridge joined Freeform Dynamics a week ago as Principal Analyst. And he's off to a flying start, as you can see from his blog post below. To say that Colin brings a wealth of experience to the role is probably the understatement of the day, and we all look forward to working with him. Find out more by looking at his profile here.

Metadata: the Jumbo Data problem?

A chance conversation about Big Data led me to think about the importance of metadata to effective information exploitation.

Of course, we have long recognised that we create actionable business intelligence and information by attributing meaning and context to data.

We also know that recording our thought-process and rationale for creating information from data can provide valuable insight for future decision-making. That's why metadata is so important.

And yet descriptive and contextual metadata is too often the metaphorical elephant in the data center, because our systems and databases still tend to be heavily biased towards transactional data capture, consolidation and transformation.

This makes me wonder, do we put sufficient effort into metadata management, or is it a Jumbo problem that we put in the "too difficult" box?

Spreading iTunes beyond Apple equipment

This is a story of my experiences of using non-Apple equipment to expand my use of digital media stored in an iTunes library. How this library came to be is a long story, but back in the dark ages of digital media (late 90’s and into the early part of the naughties), I was holding out against moving to iTunes. I’d started building up my library in the 90’s and didn’t want to get locked into a particular vendor.

For a while it worked – Windows Media Player was pretty good at managing the library, while there was a range of hardware available to sync to. However, it all came to a head when Microsoft made changes to the workings of Media Player and hardware. This had the effect of removing support for syncing to many recent devices, rendering my Toshiba Gigabeat to the role of an expensive doorstop (in reality it found a second life as a very expensive USB hard disk drive with a screen).

In combination with the rapid drop in hard disk drive prices, this set me on a course to get a high quality media library in place and I moved to iTunes and the iPod and AirTunes to do this. I ripped my music library in Apple Lossless format to maintain full CD quality, while I created digital copies of my DVD and now Blu-Ray libraries to have available on the move and to protect the discs from the prying and very destructive hands of my small and very technology aware daughter.

Gradually, more iPods were acquired, and then iPhones, Apple TVs and iPads until eventually there was a sprawl. Things started to become a bit of a headache, as streaming content off one PC, and a notebook at that, left the Wi-Fi saturated. Content availability was quite patchy due to the limited ability to sync iTunes libraries (content, playlists, playcount, favourites etc) between different PCs and also devices.

At this point, I thought it would be good to see just how easy it would be to be broaden out beyond iTunes and iDevices and look at how easily third party solutions could integrate and extend the experience. At about this time, I was approached by Western Digital to try out a few of their consumer storage, networking and media devices for feedback on how they worked. And so the two came together and the result on the whole was very positive, although there were a few gotchas.

This is not meant to be an in-depth review of total features or technical competence, but rather a laymans approach to how simple and easy it is to branch out beyond iTunes, and as such is my personal experience and observations of using the kit.

So to kick things off, here is a summary of the Western Digital home computing and media devices, and my top level view of how they rate (for more about them please read on):

• LiveWire data over power adapters – 8/10 (easy to setup but could be faster)
• MyPassport 500GB USB 3 hard disk drive 10/10 (small, quiet, fast)
• 1TB LiveHub Network Attached Storage box 7/10 (No USB or Wi-Fi)
• TV Live Hub with 1TB of internal storage 6/10 (No Wi-Fi, no lossless audio, large file transfers >4GB can be an issue)

Moving off Wi-Fi helped performance and predictability

Looking first at the LiveWire data plugs, these were extremely easy to set up. I literally plugged the first box into the switch port on the router, and then into the power socket. I then plugged the second box into a power socket in my study and the two connected seamlessly. The Mac in my study is the iTunes library and is responsible for streaming a lot of content. This used to hammer the Wi-Fi, as clients would be streaming via the Wi-Fi access point too. Shifting the streaming over the LiveWire devices has really helped alleviate the pressure. Streaming videos in particular are now much more reliable, particularly the hi-def ones, and it has also helped when we stream things like BBC iPlayer HD content where freezes are noticeably less.

The downsides is the plugs really have to go straight into the power socket and not an extension with surge protection, and the speed of connection is around 100Mb/s – which while still very good compared to 802.11n Wi-Fi is still slow for wired Ethernet these days. Fast file transfers of very large files still require copying to an external USB hard disk and using the good old sneakernet.

An added bonus was solving a longstanding Wi-Fi and BlueTooth conflict on my Mac. I had reverted to using a wired Mighty Mouse because heavy use of Wi-Fi would cause BlueTooth on my MacBook Pro to get jittery and as a result the BlueTooth Magic Mouse was unusable. Switching off Wi-Fi and using wired Ethernet over the LiveWire plugs solved that and means I am a happy camper again with a multi-touch mouse.

Fast, light and small – ideal to transfer large files

Which brings us to the My Passport USB 3 hard disk drive. Unfortunately I don’t have any new PCs with USB 3 ports to really push the drive, but using USB it transferred files at 35 to 40 MB/s which is comparable to my larger 3.5 inch USB 2.0 drives and a noticeable boost on my 2.5 inch portable drives which usually top out at around 25 MB/s.

Very small and very light, it ran cool and quiet and enabled large media file transfers to be done very quickly and easily. I’ve not doubt this drive could provide somewhat more performance when connected to a USB 3 interface, but it will be with the emergence of lower cost SSD drives that I expect USB 3 to really shine.

NAS boxes with Media Servers still have niggling troubles

I then set up the MyBookLive NAS box. This was very easy to do, with an intuitive graphical interface and an easy administration routine. Part of the attraction of the device was the ability to do Time Machine backups, which was the first thing I set up.

It was also the first thing I turned off a week or so later, as I couldn’t find a way to limit the size of the TimeMachine backups to a set limit for each machine. What I found was that with 3 Macs backing up constantly the disk was just filling up and not being all that useful as a general NAS storage box. With a single Mac without too much changing this would be useful, but in my case with lots of big files changing regularly across multiple machines, it was pushing it a bit.

As a file server, everything was pretty easy to set up, especially the ability to set up shared public directories that are accessible on the local network, as well as creating secure private shares for individual users. A peculiarity I had was a difficulty connecting by a Windows drive mapping to a secure share. Using the supplied SmartWare software enabled this, but it was a bit strange.

While performance is adequate, the unit did struggle as a shared file server. This is to be expected with a single disk setup, and although more advanced caching may help there is a limit as to what can be expected.

As a media server, things are generally pretty simple to set up and share, but there were some issues.

Getting the bad news out the way first, accessing the iTunes server proved a bit problematic. The embedded ID3 information in the iTunes files got misread and so finding the artist was a headache as it was giving the composer. Then iTunes itself would not play the tracks themselves. They were listed, but when double clicked would not play, and yet the same files copied to the TV Live Hub iTunes Server would play in iTunes.

The other issue is that the iTunes server is not capable of streaming to the newer Apple devices that depend on Home Sharing being set up, such as the Apple TV 2. For me this would make a world of difference, as I would no longer have to run iTunes constantly on one of the Macs to feed the Apple TV local content.

It was a different story with the Twonky media server and Windows Media Player on my PCs – the tracks, artists and albums were listed properly, even bringing in the embedded album art and the tracks could be played without problem provided it was converted from Apple Lossless format to iTunes+ format.

The content could even be seen by my networked Sony Blu-Ray drive, although it doesn’t seem to like music ripped even in iTunes+ format (256kb/s variable bit rate) which is what my “converted” lower quality mirror library is ripped at.

At the end of it all, I ended up removing the media content from the NAS drive and hosting it on the TV Live Hub, both to free up space and because the TV Live Hub is the natural place for the media to sit, rather than having to stream from NAS to media player all the time.

There were two limitations that I would like to see addressed. The first is the lack of a high speed USB 2 or 3 port for fast loading of files and content, and the other is the omission of Wi-Fi, resulting in having to place the router and NAS device close together. I was hoping to put the NAS device in an inconspicuous place, which I could do by getting more LiveWire plugs but it would be good to have the option at least.

TV Live Hub has good capabilities, but needs broader media format support.

The TV Live Hub was straightforward to set up, although it did require about 3 sequential firmware updates to get everything fully up to date.

As a music library, setting everything up was a doddle. I must admit though, I was rather surprised that the player could not handle the Apple Lossless format. The player will import the lossless files happily, but is not able to play them. I solved the issue by just converting my main library to iTunes+ quality - but that did take 4 days to complete and is not all that convenient to have to do.

I copied my iTunes+ version of the library to a USB HDD, and then connected it to the TV Live Hub and it did the rest (although I ended up arranging the folders neatly for ease of folder browsing). The interface for choosing music is straightforward and logical. However, it does require the TV to be on to browse for music. Providing a remote application to select what to play from a browser or phone would be a good step here.

When it comes to video, things are a bit more complicated to get up and going. For smaller files such as rips of DVDs, it is easy enough to copy the files to a USB key or HDD and have them import simply. Or you can copy them across the network in a short period.

However, when playing HD content such as MKV versions of Blu-Ray discs which are 10’s of gigabytes in size, copying them to a FAT drive is not possible as they are too big. exFAT can handle file sizes this big, but the TV Live Hub does not yet support this very useful media format. The reason it’s so useful is that it is supported on Windows and Mac, and so is pretty universal.

Instead I found myself having to copy from Mac to exFAT USB HDD, then go to a Windows PC and copy again to an NTFS USB HDD to copy the content. Or else copy the file over the network, but 35GB files take the best part of a day to copy even over the LiveWire. The leftfield option may be to also support, even if read-only, Apple’s HPFS file system for easy copying.

Playback of HD format files is clear and good. When streaming there was a tendency for stuttering, but this was helped by moving the streaming server onto the LiveWire data plugs to free up some Wi-Fi capacity. I did have issues, however, playing a number of standard definition DVD rips from Handbrake which were set to the original Apple TV format.

On the usability front, things are pretty clear. The remote is sensible if somewhat odd shaped and could do with a little more tactility. What stands out is a lack of volume control over HDMI when used with a PC monitor that has no easy way to change the volume without touching buttons on the monitor. This is not a problem with a TV with remote volume control although it does require using two separate remotes.

It is nice to have integration with the iPhone, where a WD app allows photos and videos to upload directly to the TV Live Hub. This works seamlessly and is in use often more convenient than connecting the iPhone to iPhoto and importing them there first. The only issue I had was a rotation problem on videos, where depending on the orientation of the phone when recording the video had a tendency to play upside down as it did not recognise the orientation setting in the file data.

Again, the lack of Wi-Fi, particularly in a media player that will likely have to live in a very specific location in living rooms or bedrooms / kitchens etc, is a major omission in this device, and one that should be easy to rectify in future versions or else this should be bundled with LiveWire plugs to enable use in rooms without data ports.

A good start with minor niggles

Overall the experience has been a good one – both of broadening my view beyond the iTunes experience and of having an alternative way of organising my media that does not rely on either Apple or Microsoft. The downsides have been that the capabilities do not yet match an enthusiast’s expectations, although they would suit many casual users’ needs.

Not supporting Apple Lossless for me is an issue, and could be overcome by building in support or allowing seamless conversion to another lossless format. I don’t really want to have a library at lower quality, not have the headache of maintaining and synchronising a second library. Even building in an automatic converter to iTunes+ would be a good step forward.

Time to get serious about managing security

Do you know what’s running in your network?

In this time of ever increasing security threats and hacking attacks, a recent meeting I was at brought home the old adage “If you can’t manage it, you can’t secure it.” I was talking to a major web services company that provides large scale hosting (no prizes for guessing who). Because of what they do, security naturally plays a massive role in their service architecture.

A large part of the success of their security implementation comes down to a combination of knowing what to protect and how to protect it. Knowing what to protect comes naturally, because they have to bill customers for resources or services used. As a result they know - to a very high degree - what is running on their infrastructure at any point in time, and can also flag up when unauthorised or suspicious services attempt to run.

When it comes to the how of protecting applications and services, they have invested in developing security policies and frameworks – based around standards such as PCI DSS, ISO 27001 or HIPAA - that are regularly – and independently - assessed and audited.

This type of investment in management and security is natural for service providers because it is core to what they do (although some do this far better than others). Yet when it comes to internal IT, our research shows that security and management are often areas that are a struggle.

A recent survey indicated that a large proportion of companies never have their security capability independently assessed, and even fewer undergo external auditing. Our on-going research into systems and service management continues to highlight that effective service and asset management – the foundations of good IT practice - are the preserve of the few rather than the domain of the many.

When it comes to improving the situation, one option of course could be to start to move applications into the Cloud. But for many, this is not really a viable strategy in the short or even medium term. This means that any improvements needs to made to internal IT policies, processes and tooling.

Lessons can be learned from how the service providers approach security and management in service delivery to improve the situation internally. If we consider this at the fundamental level, this is really the right way to secure and run IT. This means that getting serious about investing in management. Too often management is neglected and the fallout is dealt with as an IT operations overhead. But with the changing and ever more serious threat landscape good management it is no longer an IT option, it is a business necessity.

Originally published on Computing.co.uk

Operating System Selection

Open Source and Proprietary – The Decision Criteria

The selection of operating systems was once one of the major decisions IT managers had to face when considering their options for service delivery, be it for servers or desktop systems. Until a decade or so ago, such choices were limited to choosing one from a range of proprietary operating systems supplied by vendors. But the last ten years have witnessed a new option take hold in the form of open source operating systems. What drives the selection process when choosing between open source software and operating systems supplied by a vendor?

When deliberating whether to use open source operating systems software or that supplied by a commercial ISV the factors influencing the decision-making process are, essentially, the same as they have always been. Some eight or nine characteristics form the major items to be taken into account, including license models and costs, application support, skills availability, operational support options, performance requirements and risk analysis. Of these, three or four tend to dominate the selection processes. When looking at PC solutions it is also important to remember that the user’s experience of the solutions and their comfort can be major selection factors.

At the top of the selection process when picking between operating systems, there is one factor which has absolute importance. Does the application run on the OS or will someone have to port it over to a new platform? After all, no one runs an operating system because they want to run the OS for its own sake. It is there to anchor an application, database or some other service and make it available to users.

When open source operating systems first came to prominence, few commercial business applications were supported on the platforms available, thereby severely limiting some choices. Today, this has changed with many commercial ISVs now more than happy to support operation of their software on major open source platforms, frequently in addition to Windows, Unix or another of the major server operating systems. Unless the application does not support a particular OS this factor alone may not be a major selection bifurcation point between an open source and commercial operating system.

If the application under consideration is compatible with both open source and proprietary operating systems, other factors come into play. Amongst these, though our research indicates them rarely to be the most conclusive elements, are the matters of licensing model and costs. For commercial ISVs, everyone understands that there are license fees to be paid, potentially with associated support and maintenance / software upgrade charges to be accounted for.

The same cannot be said of open source operating systems, where in some minds the perception exists that “open source” equates to “free of charge”. In point of fact, many of the major distributors of open source software in general, and of operating systems in particular, struggle to explain the terms of the use of the solutions they make available to customers. The confusion becomes particularly acute when the Linux distributors, such as Red Hat, SuSE etc., supply the base software for no fee but offer support subscription services to help organisations keep the operating system functioning effectively and to provide assistance when problems are encountered.

Given that open source software is, by its very nature, readily available to inspection and modification (from the perspective of a source coder), with active communities working to develop, enhance and resolve problems when they arise, it is theoretically possible for IT staff within the business to fix any problems they encounter without paid services from the supplier. But few organisations have the skilled staff available in house to resolve problems, at least to do so within the very short time frames on which service problems must now routinely be resolved, never mind having the capabilities to test them. Furthermore, support and maintenance of platform software per se is generally considered to be a distraction in a mainstream IT environment where resources are already stretched.

This is where the vendors of open source operating systems offer support contracts. In truth, simply from a risk perspective, few organisations would consider using software to deliver mainstream business services without having some form of external support contract in place unless they are extremely confident in their own capabilities to resolve, rapidly, any problems encountered. And here’s the rub, because once you sign such a contract, for open source software, you will often find yourself as constrained as you are with commercial solutions. In some cases, for example, you may be required to pay a subscription for all instances of the software used in your organisation, whether you want support for them or not.

On the matter of “cost”, it should also be recognised that whilst the acquisition and support costs, when all terms and conditions are understood, may be straightforward to calculate, over the lifetime of such systems, it is likely that it will be the management overheads that account for the majority of the Total Cost of Ownership. With this in mind, it is therefore important to understand just how well the management and administration tools the organisation has available can handle the operating systems under consideration. Whilst many management frameworks are now able to integrate, at least to some degree, with open source operating systems, the exact capabilities must be examined to ensure that additional costs for acquiring administration facilities do not arise unexpectedly.

As with commercial operating systems, the contracts for open source operating systems must therefore be read with care and diligence, potentially backed up by engaging professional advice to ensure the terms and conditions of support and business usage are understood. The subject of license costs differentiating between open source and commercial software may not be quite as simple as can be assumed.

Of even greater importance is to ensure that the skills the IT management team has available match the needs of the chosen platform, and/or any cross training or recruitment requirements are taken into account. In many organisations, the familiarity with open source software, especially Linux, is now reaching similar levels to that for the longer established commercial operating systems, but this is not the case everywhere, especially amongst smaller organisations. Also, skills to handle advanced capability such as fault tolerance and clustering should not be overlooked where relevant.

In the end, all of this may be academic, though, as open source software is so often chosen on the basis of unqualified perception or even personal interest and/or preference. Assuming you are making an objective decision, however, we hope our discussion has been of use to highlight that choosing between the options is seldom straightforward, and requires careful consideration.

Originally published on computing.co.uk

RSA hack demonstrates need for proactive security and multi-layer protection

The recent news that RSA Security suffered a security attack and breach that resulted in the theft of sensitive and confidential Intellectual Property relating to SecurID should be a cause of concern for many.

The good thing is that RSA Security had agressive security measures in place that detected the attack and allowed it to take proactive steps to limit the scope of the attack and to quickly identify what had been accessed and stolen.

The downside is that the source code to the technology behind a good proportion of multi-factor authentication solutions is now most likely available for inspection to aid the creation of cracks or subversions. We can only hope that the information was limited in scope, and that RSA has been thorough in developing the code in a Secure Development Lifecycle approach that will limit the attack surface and potential vulnerabilities.

The event once again raises the issue of how to tackle security, and in particular the protection of the core information assets of a company. We've written on this is the past, particularly on the need to protect data across the company, and not just on devices such as laptops, tablets or smart phones. There is a prevailing mindset that because servers are located within a secure environment such as an access controlled data centre, the data on them is also secure and access can be controlled by security policy such as Access Control Lists.



The reality is that this only works for employees, and particularly those employees who follow policy. Protecting data on servers needs more than this, and encrypting the data is a proven method for doing this. If crackers do gain access to the bits and bytes, making sense of it is rather more difficult. Coming back to the RSA attack, it is somewhat ironic that a company that started out as the leader in encryption has itself fallen foul of having the stolen data potentially able to be exploited because it was unencrypted.