Hindsight On The Y2K Fallacy
Attention Year 2000 project managers: What you don’t know about desktop applications and hardware could wreak havoc on your business. IT managers focused on year 2000 bugs in legacy mainframe systems are overlooking a critical area where minefields are lurking in everyday applications such as spreadsheets and data files created by end users.
However, new tools from companies including WRQ Inc., Migratec Inc., Viasoft Inc. and Network Associates Inc. promise to inventory, assess and, in some cases, fix the date fields in desktop systems. Still, companies are not shifting serious resources to desktop year 2000 projects fast enough, according to industry experts, who say this area is more difficult to manage and maintain than mainframes. And if desktop data is not tested and fixed in time, any files that interact with compliant host systems could become contaminated and cause major business applications to fail. Financial macros created in spreadsheets with two-digit date fields, for example, will compute incorrect figures for pricing derivatives and stock options, if they are not fixed, observers say.
Whereas central IT controls the mainframe, business units generally maintain their own desktops, and people in these areas often are not very educated about the year 2000 problem, says Stephanie Moore, a senior analyst at Giga Information Group, in Stamford, Conn.
“Now, central IT is saying, ‘Uh-oh, what about those desktops, which access core IT systems?’ If they’re not compliant or fixed, they can contaminate mainframes and Unix-based systems that have been fixed already,” she explains.
With some mainframe projects starting to wrap up, a handful of IT managers are beginning to eye the desktop. Moore says she’s not certain how many organizations are paying attention to the issue, but among her own clients, there is surprisingly high awareness of compliance at the desktop level. Moore says 70 percent of project managers are now in the throes of trying to come up with a strategy for managing desktops. The problem, she says, is there is not a lot of inventory information available on desktop files, since they are created by individual users.
“That’s a big deal, and there’s very little cooperation between end users and IT folks,” she says. Inventorying is very difficult, as is creating awareness, especially when there are thousands of desktop users who need to be educated, Moore adds.
The desktop has become a target issue for Plesant Park, year 2000 project office manager at Western Resources Inc., given the number of potential items the bug could impact. Park says his group’s biggest challenge is identifying bugs in 2,500 of 10,000 items (including applications, data files, spreadsheets and PCs) that they have determined are mission-critical to the Topeka, Kan., company, which provides energy and monitored security services.
While Western Resources’ three mainframe Y2K conversion projects were fairly straightforward — the 4.5 million lines of code were easily identified and converted — desktops have more areas to examine, Park explains.
When he took over the year 2000 project at Western Resources, Park knew it would be necessary to check the many in-house systems that interfaced with the mainframes, such as financial systems, one of which computes files and pays an ad valorem (includes property franchise and value-added) tax. To help, he purchased OnMark 2000 Assess from Viasoft, a tool that identifies date fields and files with year 2000 date implications and can look for 60 to 70 different types of date formats. Western Resources has some 200 data files alone, such as payroll accounts, that are moved around the company or to external vendors and must stay coordinated between the recipient and sender, Park says.
“You can’t assume that all data files produced with a compliant application have compliant data in them — it is an unsafe assumption,” says Park. Data files created by end users and stored in databases must be checked as closely as the applications used to build them, he emphasizes.
Western Resources has about 50 applications it needs to track, but probably thousands of data files that were created using them. “If I have 100 people using a database program like Microsoft [Corp.’s] Access, how many times do I have to determine if it’s compliant? Once. But if each of those people using that database program creates 10 databases, I have to check 1,000 data files,” Park says.
OnMark 2000 Assess will do the assessment by scanning the files to see if there are any dates that will cause trouble — it does not do remediation work to repair the bugs, he says.
“So application software is not as big a concern as the resulting files produced by that software,” including databases and spreadsheets, where there is tremendous potential for problems, Park says. “If you don’t find those, we all know what the results could be.”
The tool was rolled out in March, and 17 Western Resources project managers are now tracking items by device, piece of software or data file, Park says. He anticipates the project will be concluded by the end of the year.
The tool has identified a small number of applications built in-house or purchased as noncompliant, he says. Some off-the-shelf systems will be replaced, and in-house systems are, for the most part, being fixed.
Desktop software and data files are not the only things that need to be examined — hardware also contains embedded chips with date fields. Western Resources is using OnMark 2000 Assess to test the BIOS on PCs, but other hardware, such as plant control equipment, will need to be tested manually, Park says.
Nevertheless, the tool is saving significant time identifying date-sensitive areas. “Our estimate is the tool will do in a half hour on a PC what would take a person probably two to three days to do manually,” Park says.
The desktop is also a critical area of concern at Montell Polyolefins Co., given its extensive rollout of an enterprise resource planning system to the desktop. The Wilmington, Del., manufacturer of plastic resins is implementing all components of SAP AG’s R/3: human resources, fixed assets, project system, financial, sales and distribution, maintenance, and manufacturing. R/3 is replacing internally developed legacy systems that resided on IBM mainframes and Hewlett-Packard Co. 3000s, which were found to be noncompliant, says Tom Ciamaricone, manager of the year 2000 project. The R/3 components run on an HP-UX operating system with an Informix Systems Inc. database.
“All of our interaction with these [R/3] systems is through the desktops, so if there’s a point of noncompliance … it could impact our ability to utilize the mission-critical systems,” Ciamaricone explains.
In April, Montell Polyolefins began using Express 2000 from WRQ Inc. The Windows 95-based tool scans all desktops on the network to discover, prioritize and control all software applications with dates that could be impacted by the millennium change. Express 2000 will alert Ciamaricone’s group if a user puts an unsanctioned application on a desktop, such as something downloaded from the Internet, or it can lock out specific applications.
As at Western Resources, Montell Polyolefins’ officials are concerned about hardware. Ciamaricone identifies three compatibility tests on the BIOS chip in a PC: if the chip will accommodate the rollover from Dec. 31, 1999, to Jan 1, 2000; if the PC will retain the year 2000 date when it is rebooted and not revert to the IBM PC birth date of 1980; and if the PC will handle the leap year date in 2000.
Montell Polyolefins is using mostly Compaq Computer Corp. Deskpro Excel 5100s and Deskpro 40000s for its 2,000 users.
There are other hardware aspects as well. Ciamaricone says officials are performing year 2000 compliance checks on every physical or logical device plugged into a wall outlet or that has an LED or LCD display. This includes instruments, modems and all network components that are date-aware. “There are many devices that have an embedded chip, which people typically do not consider during the normal course of the day,” he says. “So just as you’re testing the application for year 2000 compliance, you have to test the access point that got you there and the network that carries the data.”
Express 2000 does not do remediation, and any fixes in software files must be done individually by the estimated 200 users running applications that could impact the business, he says.
Company officials have scheduled desktop testing to begin in the third quarter. Ciamaricone expects it will take two months to do compliance work once the information has been gathered and analyzed for prioritization. He plans to complete all desktop work by the end of the year. Express 2000 “allows you to target applications most frequently used by your employees, and with this year 2000 project, you have to target your greatest risk first,” he says. “At the desktop, we don’t know where our greatest risk is until we gather information.”
The project includes validating the integrity of all hardware and software at all six of Montell Polyolefins’ manufacturing sites and three research and technology centers. This includes ensuring compliance within all aspects of the supply chain — all inventory at the warehouses moving through various distribution centers, he says.
Montell Polyolefins officials are also checking with all third-party vendors whose systems handle health care, pension, payroll and 401(k) contributions. “We have to do our due diligence to make sure they’re addressing compliance to our satisfaction,” Ciamaricone says. Checks are being done through a combination of surveys and face-to-face discussions.
Ciamaricone expects to conclude systems integration testing between the manufacturing and business systems and testing of the network (all switches, routers and hubs) by April 1999.
Officials like Ciamaricone and Park say the time to start taking stock of desktop compatibility is now. Says Ciamaricone, “Our ability to use our core manufacturing and business systems is only as good as the network reliability and desktop computer compliance.”