What-as-a-service?

Posted on By Mark Wilson

I’ve written previously about the “cloud stack” of -as-a-service models but I recently saw Microsoft’s Steve Plank (@plankytronixx) give a great description of the differences between on-premise,  infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).

Of course, this is a Microsoft view of the cloud computing landscape and I’ve had other discussions recently where people have argued the boundaries for IaaS or PaaS and confused things further by adding traditional web hosting services into the mix*.  Even so, I think the Microsoft description is a good starting point and it lines up well with the major cloud services offerings from competitors like Amazon and Google.

Not everyone will be familiar with this so I thought it was worth repeating Steve’s description here:

In an on-premise deployment, the owning organisation is responsible for (and has control over) the entire technology stack.

With infrastructure as a service, the cloud service provider manages the infrastructure elements: network, storage, servers and virtualisation. The consumer of the IaaS service will typically have some control over the configuration (e.g. creation of virtual networks, creating virtual machines and storage) but they are all managed by the cloud service provider.  The consumer does, however, still need to manage everything from the operating system upwards, including applying patches and other software updates.

Platform as a service includes the infrastructure elements, plus operating system, middleware and runtime elements. Consumers provide an application, configuration and data and the cloud service provider will run it, managing all of the IT operations including the creation and removal of resources. The consumer can determine when to scale the application up or out but is not concerned with how those instances are operated.

Software as a service provides a “full-stack” service, delivering application capabilities to the consumer, who only has to be concerned about their data.

Of course, each approach has its advantages and disadvantages:

  • IaaS allows for rapid migrations, as long as the infrastructure being moved to the cloud doesn’t rely on other components that surround it on-premise (even then, there may be opportunities to provide virtual networks and extend the on-premise infrastructure to the cloud). The downside is that many of the management issues persist as a large part of the stack is still managed by the consumer.
  • PaaS allows developers to concentrate on writing and packaging applications, creating a service model and leaving the underlying components to the cloud services provider. The main disadvantage is that the applications are written for a particular platform, so moving an application “between clouds” may require code modification.
  • SaaS can be advantageous because it allows for on-demand subscription-based application use; however consumers need to be sure that their data is not “locked in” and can be migrated to another service if required later.

Some organisations go further – for example, in the White Book of Cloud Adoption, Fujitsu wrote about Data as a Service (DaaS) and Business Process as a Service (BPaaS) – but IaaS, PaaS and SaaS are the commonly used models.  There are also many other considerations around data residency and other issues but they are outside the scope of this post. Hopefully though, it does go some way towards describing clear distinctions between the various -as-a-service models.

* Incidentally, I’d argue that traditional web hosting is not really a cloud service as the application delivery model is only part of the picture. If a web app is just running on a remote server it’s not really conforming with the broadly accepted NIST definition of cloud computing characteristics. There is a fine line though – and many hosting providers only need to make a few changes to their business model to start offering cloud services. I guess that would be an interesting discussion with the likes of Rackspace…

Sorting out my home backups

Posted on By Mark Wilson

After my parents-in-law’s recent burglary (and related data loss), I started to think more seriously about my household’s backups which are spread across a variety of USB drives, NAS units and cloud services (Dropbox, SkyDrive, Box.net, etc.).

My plan is to:

  1. Duplicate – hard drives fail. I know, because I’ve lost data that way – and RAID is no substitute for a proper backup (as I learned the hard way). If it doesn’t exist in (at least) two places, it doesn’t exist.
  2. Consolidate – bits and pieces on various drives is a nightmare – to know that it’s definitely backed up, I need to know it’s on the “big backup drive” (as well as in the primary source).
  3. Archive – both physically (media stored in a safe) and virtually (upload to the cloud). Be ready for some long uploads though, over an extended period (I only have ADSL 2 – no fibre here).

Steps 1 and 2 work hand in hand and, last weekend, I picked up a 3TB Seagate Backup Plus Desktop drive. I’m not using the bundled backup software that offers idiot-proof backups for both local and social media (Facebook, Flickr) data but installing the software on my MacBook includes Paragon NTFS for Mac, which means I can use this drive with Macs and PCs without reformatting (there is a Mac version too – although the only differences I can see from a comparison of Seagate’s data sheets for “normal” and Mac versions are: Firewire and USB 2.0 cables instead of USB 3.0; downloadable HFS+ driver for Windows instead of preloaded NTFS driver for Mac OS X; 3 year warranty instead of 2 years).

Step 3 is more involved. I did some analysis into a variety of cloud services a while ago and found that each one has pros/cons depending on whether you want to back up a single computer or multiple computers, limitations on storage, cost, etc. I didn’t get around to publishing that information but there is a site called Which Online Backup that might help (although I’m not sure how impartial it is – it’s certainly nothing to do with the Which? consumer information/campaign service).

My current thinking is that I’ll continue to use free services like Dropbox to backup and sync many of my commonly-used files (encrypting sensitive information using TrueCrypt) at the same time as creating a sensible archive strategy for long term storage of photographs, etc. That strategy is likely to include Amazon Glacier but, because of the way that the service works, I’ll need to think carefully about how I create my archives – Glacier is not intended for instant access, nor is it for file-level storage.

I’ll write some more as my archive strategy becomes reality but, in the meantime, the mass data copy for the duplicate and consolidate phases has begun, after which all other copies can be considered “uncontrolled”.

More retail banking security theatre

Posted on By Mark Wilson

Yesterday, I bought a new suit. Nothing remarkable there but I paid on my Lloyds TSB Duo Avios credit card. A card that I will shortly be cutting into little pieces because it’s useless to me if the bank declines transactions on an apparently random basis…

You see, I also wanted an extra pair of trousers and they were out of stock. The very helpful guy at John Lewis went through the online order process, I supplied my credit card details and all was good. Then we went to the till and paid for the suit jacket and first pair of trousers.

The £250 transaction for the suit went through OK but a short while later I was called by John Lewis to say that the £80 order for the trousers placed a few minutes earlier had been declined.  That seemed strange – especially as it was placed before the larger transaction (I’d expect the large one to be declined if there was some sort of anti-fraud flag triggered by a small purchase and then a large one) so we tried again. No joy. Declined by the bank. So I supplied some different card details and all was OK.

I was annoyed. I use multiple credit cards for good reasons but at least I had been able to use a different card even if that does mean that my personal and business transactions are mixed up. Fast forward to this morning and I was incensed.

Sunday morning, 10am: enjoying a rare lie-in whilst the kids are away; the phone rings – it might be my in-laws and it might be important, so I answer.

“This is an automated anti-fraud call from Lloyds TSB…” (or similar). I’m angry now, but I comply with the whole process as I think I might be charged twice for my trousers.  This process involved:

  • Confirming that I was (imagine robotic voice) “Mr Mark Wilson”. 1. Yes, that’s me.
  • Confirming my year of birth. Not exactly a secret, especially not to anyone who might answer my home phone.
  • Confirming my day and month of birth. Again, public information, and known to all in my household.
  • Listening to some details of some possibly fraudulent transactions: two declined for £80 and one approved for £250; both flagged as Internet purchases at John Lewis, a “grocery or supermarket” retailer. Not much help there as John Lewis is a department store (Waitrose is their supermarket brand) and clearly store transactions are incorrectly flagged as Internet purchases – which means the information is unreliable at best and confusing if it had been a different retailer with whom I was less familiar.
  • Confirming I had made those transactions. Tempting to say no but that would be fraudulent. I said 1 for yes, anyone in the house who answered my phone could have answered anything…
  • Supplying my mobile phone number for future anti-fraud calls (I probably didn’t supply it in the first place because I was concerned they would use it for marketing…). Well, at least my mobile is more immediate, and more secure than the home phone (only I use it).

Pure security theatre.

I can understand the banks wanting to reduce fraud – it costs them millions. But my account has a significantly larger credit limit than transactions I attempted in John Lewis yesterday and they could go a lot higher before declining transactions and inconveniencing me as a customer. I can see some patterns that might have flagged the anti-fraud systems but not the sense in declining the first and third transactions yet accepting the second (larger) one. It’s possible that John Lewis stored my card details and applied them after a short delay but, even so, I’d think it’s pretty common for people to make in-store transactions and place orders through the retailer’s online channel at or around the same time (in scenarios like the one I described).

I’ll make the most of the interest-free period until my next bill, pay in full (as always) and then I’ll be closing my account with Lloyds TSB. “Security” that stops me using my cards when I want to, and disturbs my privacy at home (with an automated call using publicly-available information!) is “security” I can do without…

Windows Azure IaaS pricing “gotcha”

Posted on By Mark Wilson

One of the concerns with moving more infrastructure services into a public cloud is cost. It’s all very well that the costs are low, and that the CapEx has switched to OpEx but it’s also good to be able to budget. Subscription-based charging models can make that difficult at times.

Over the last couple of weeks, I’ve been brushing up my knowledge of both Amazon’s and Microsoft‘s infrastructure as a service (IaaS) offerings and I found something that’s quite alarming. Not only is the Windows Azure IaaS offering less fully-featured than Amazon EC2 but, from a cursory glance, it could potentially cost a lot more because of the way that Microsoft charges for compute service provision.

Whereas Amazon only charging for the hours when a virtual machine is “powered on”, Microsoft charges for the fact that the virtual machine has been provisioned, regardless of whether it’s actually doing anything.  This sounded odd, so I asked a question of one of the evangelists at Microsoft UK, who used a rental car analogy to explain that when I have a virtual machine deployed in Azure I’ve still taken resources that can’t be allocated to someone else until I “undeploy” it (think of booking and returning the hire car). On the other hand though, Amazon only charges for the time I use the virtual machine (although I will of course have to pay for the storage that it is actually using), so the analogy is more one of a pool of shared cars.

[blackbirdpie url=”https://twitter.com/markwilsonit/statuses/263281380467802112″]

I tried to confirm this with Amazon Web Services (@awscloud) and Microsoft Windows Azure (@windowsazure) but have not received a response at the time of writing; however Dave Hood alerted me to a clause in the Windows Azure pricing details:

“Compute hours are charged whenever the Virtual Machine is deployed, irrespective of whether it is running or not.”

That could work out quite expensive for those who have spare virtual machines deployed, ready to fire up at a moment’s notice, but not normally in operation (e.g. in a disaster recovery failover scenario).

[Update 12:22]: Microsoft’s Windows Azure team have responded via Twitter to confirm that VMs are charged, even when not running:

[blackbirdpie url=”http://twitter.com/WindowsAzure/statuses/263783319899099136″]

Useful links: October 2012

Posted on By Mark Wilson

A list of items I’ve come across recently that I found potentially useful, interesting, or just plain funny:

  • Bike Hike – Web mapping tool, including ability to create and view .GPX files.
  • AutoHotkey – Scriptable desktop automation with hotkeys (via Garry Martin).
  • Parental control app – For iPhone, iPad and iPod Touch (via Bill Minton)
  • Jailbreak Stats – Handy tool for information about jailbreak compatibility with various releases of iOS and devices (see also this Lifehacker post)

Export to spreadsheet from SharePoint 2007 with Excel 2010

Posted on By Mark Wilson

I frequently have to export data from a SharePoint list to Excel but earlier today I found it no longer works since I’ve upgraded to Office 2010.  Our SharePoint infrastructure is based on SharePoint 2007 and each time I attempted to Export to Spreadsheet from the Actions menu on the Toolbar, Excel would hang.

Luckily, I found Gustaf Lindqvist’s post on synchronising data between Excel 2010 and a SharePoint 2007 list. He suggests installing the 2007 Office System Driver Data Connectivity Components (I wasn’t getting an error message to help me find the problem – just a “Not Responding” application and the “doughnut of death”.

It’s still a bit flaky – and I’m not sure I have the complete answer (in fact, I suspect there may even be issues with some of the views in SharePoint) – but at least I can export data now…

Tech.Days Online 2012: Day 1 (#TechDays2012)

Posted on By Mark Wilson

For the last couple of years, I’ve been concentrating on IT Strategy but I miss the hands-on technology.  I’ve kind of lost touch with what’s been happening in my former world of Microsoft infrastructure and don’t even get the chance to write about what’s coming up in new releases as the powers that be have decided my little blog is not on their RADAR (to be honest, I always suspected they had me mixed up with another Mark Wilson, who writes at Gizmodo!).

Anyway, I decided to dip into the pool again and see what Microsoft is up to in its latest releases, with two day-long virtual events under the Microsoft Tech.Days Online banner.

Presented by members of the UK evangelist team, Simon May (@simonster), Andrew Fryer (@DeepFat) and Steve Plank (@plankytronixx), day 1 focused on Windows Server and Azure, whilst day 2 will be about Windows 8 and System Center.

So, what did I learn?  Far too much for a single blog post, but here are the highlights from day 1…

Windows Server 2012

Windows Server 2012 looks to be a significant step forward from 2008 R2. The full list of what’s new is extensive but the main focus is on Microsoft’s “next generation” file server, management, virtualisation and networking:

  • “Next generation” file server. Ignore the next generation part – after all, it’s just marketing speak to make a file server sound interesting (some of us remember the early battles between Novell NetWare and Windows NT!) – but there are some significant improvements in Windows Server’s file capabilities.
  • When it comes to management:
    • Windows can be used to manage non-Windows environments and vice versa.  The details were pretty sketchy in yesterday’s event, but apparently Microsoft now understands that we all run heterogeneous environments!
    • Automation continues to be at the heart of the management story, with both DISM and PowerShell.
    • There’s a new version of PowerShell (v3), which promises to be more intuitive as as result of the Integrated Scripting Environment with IntelliSense as well as adding robust sessions that persist across connection dropouts and even reboots, together with simple creation of parallel workflows.  The good news (although you wouldn’t know it from yesterday’s session) is that PowerShell 3 is also available for Windows 7 and Server 2008 (SP2 or later).
    • Remote management is enabled by default.
    • Server Core is still there, but MinShell is another attempt to reduce the attack surface of Windows Server, providing GUI management tools, without a GUI, as described by Mitch Garvis.
  • Virtual machine mobility provides new scenarios for migrating resources around the entreprise:
    • Using shared storage with live migration now supporting VMs on non-clustered hosts (just on an SMB share).
    • By live migrating storage between hosts, moving the virtual disks attached to a running virtual machines from one location to another.
    • With shared-nothing live migration.
    • Using new Hyper-V replica functionality to replicate virtual machines between sites, e.g in a disaster recovery scenario.
    • There’s also a new VHDX format for larger virtual disks, released as an open specification.
  • Enhanced networking:
    • Windows Server now has built-in NIC teaming (load balancing/failover, or LBFO), described by Don Stanwyck in Yegal Edery’s post.
    • Network virtualisation allows the creation of a multi-tenant virtual network environment on top of the existing infrastructure, decoupling network and server configuration.

Windows Server 2012 is already available but an evaluation edition is also available as an ISO or a VHD.

Windows Azure

Windows Azure has been around for a while, but back in my days as an MVP (and when running the Windows Server User Group with Mark Parris), I struggled to get someone at Microsoft to talk about it from an IT Pro perspective (lots of developer stuff, but nothing for the infrastructure guys). That changed when Steve Plank spent an entire afternoon on the topic today.

In summary:

  • Windows Azure has always provided PaaS but it now has IaaS capabilities (although they don’t sound to be as mature as Amazon’s offerings, they might better suit some organisations).
  • When deploying to the cloud, the datacentre or affinity group is selected. Azure services are available in eight datacentres around the world, with 4 in the US, 2 in Europe and 2 in Asia.
  • Applications are deployed to Azure using an XML service model.
  • Virtual machines in Azure differ from the cloud platform services in that they still require management (patching, etc.) at the operating system level.  They may be deployed using a REST API, scripted (e.g. using PowerShell), or created inside a management portal.
  • Virtual hard disks may be uploaded to Azure (they are converted to BLOB storage), or new virtual machines created from a library and it’s possible to capture virtual machines that are not running as images for future deployment.  Virtual machine images may also be copied from the cloud for on-premise deployment.
  • If two virtual machines are connected inside Azure, both are on the  same network, which means they can connect to the same load balancer.
  • Virtual networks may be used to connect on premise networks to Windows Azure, or completely standalone Azure networks can be created (e.g. with their own DNS, Active Directory, etc.)
  • When using a virtual network inside Azure, there is no DHCP but DIPs (dynamic IPs) are provided and the operating system must be configured to use DHCP. Each service has a single IP address to connect to the Internet, with port forwarding used to access multiple hosts.
  • Inside Azure, operating system disks are cached (for performance) but data disks are not (for integrity). Consequently, when installing data-driven operating systems (such as Active Directory), make sure the database is on a data drive.
  • Applications on Azure may be federated with on-premise infrastructure (e.g. Active Directory). Alternatively, a new service is currently in developer preview called the Windows Azure Active Directory. This differs significantly from the normal Active Directory role in Windows Server (which may also be deployed to a virtual machine on Azure) in that: it has a REST API (the Graph API), not an LDAP one; it does not use Kerberos; and it is accessed as an endpoint – i.e. individual instances are not exposed. Windows Azure Active Directory is related to the Office 365 Directory (indeed, logging on to the Windows Azure Active Directory preview shows me my Office 365 details).  Single sign on with Windows Azure Active Directory is described in detail in a post by Vittorio Bertocci.
  • Microsoft provides service level agreements for Azure availability, not for performance. These are based around fault domains and update domains.

A Windows Azure pricing calculator is available, as is a 90-day free trial.

Photograph of Steve Plank taken from the TechNet UK Facebook page.

Searching for the right Windows Twitter client

Posted on By Mark Wilson

Last week, my company-owned PC was rebuilt after a hard disk failure. Whilst my IT department got me back to a point where I had all of the standard apps installed, there are many others that I use that are not part of the standard build. Some of these are company sanctioned (e.g. I use Office 2010 rather than the company standard of 2007, as well as Cisco WebEx productivity tools and CUCILync softphone); others are not “official” but are an important part of my workflow (e.g. Google Chrome browser). One of the apps in this second category is a Twitter client.

In the past, I’ve tended to use TweetDeck. Unfortunately, after Twitter bought TweetDeck, they wrecked it. In common with many other people, I’ve been running the old, unsupported, Adobe AIR version of the app but I really didn’t want to have to install more Adobe middleware on my PC (it’s bad enough having Adobe Reader and various browser plugins for Flash, etc.).

I started to look around for alternatives but it seems that Windows client apps for Twitter are a bit thin on the ground (unlike for mobile operating systems, where they are two-a-penny).

  • There’s MetroTwit but it only has single account support, unless I pay for the professional version, and I’m not sure how long it will be before Twitter kills off client apps (paid or otherwise) as part of it’s apparent desire to self-destruct (I’ve since been told that it’s possible to run multiple instances of MetroTwit).
  • Some people recommend Seesmic, but they have been swallowed up by Hootsuite.
  • Hootsuite is another option, but I’m not paying a tenner a month. The free version would probably serve my needs but it only seems to have apps for mobile platforms – and I really do want a desktop app, not another tab to be lost in the melee in Chrome.

So, TweetDeck it is, Adobe Air or not.  It’s still a decent app, if a little resource hungry, and it integrates with my Bitly.Pro account for custom URL shortening. If you are looking to track down “old” (yellow) TweetDeck because hate the new (blue) version, then there are a couple of posts that might help from David Amador and Jon Choo.

Fibre to the community; business hubs; and killing the commute

Posted on By Mark Wilson

Our country desperately needs investment in infrastructure yet we can’t afford it, either politically, financially, or environmentally. At the same time, driven by rising house prices and other considerations, people are living ever further from their workplace, with consequential impacts on family life and local communities. So what can we do to redress the balance?

In a word: localisation.

Or, in a few more words: stay at home; cut down travel; and rebuild communities.

For years now, we’ve been hearing (usually from companies selling tools to enable remote working) that teleworking is the future. It is, or at least working remotely for part of the time can be (people still need human contact) but we’re constrained by our communications infrastructure.

Super fast broadband services are typically only available in metropolitan areas, with fibre to the home (FTTH) or even fibre to the cabinet (FTTC) a distant dream for rural communities, even those that are a relatively short distance from major cities.

So why not create business hubs in our small towns and villages – office space for people to work, without having to travel for miles, taking up space on a train or a road, and polluting our environment?

Local councils (for example) can provide infrastructure – such as desks and Internet access (a connection to one central point may be more cost effective than wiring up every home) – and employees from a variety of companies have the benefit of a space to network, to share ideas, to work, without the need to travel long distances or the isolation and poor communications links (or family interruptions) encountered at home.

The location might be a library, a community centre, a coffee shop, the village pub (which desperately needs to diversify in order to survive) – all that’s really needed is a decent Internet connection, some desks, maybe meeting rooms and basic facilities.

Meanwhile, instead of spending our money in the coffee shops of London (or wherever), local businesses stand to benefit from increased trade (fewer commuters means more people in the town). Local Post Offices may become economically viable again, shops get new trade and new businesses spring up to serve the community that was previously commuting to the city.

Cross-pollination in the workplace (conversations at the hub) may lead to new relationships, partnerships with other companies and generally improved collaboration.

Families benefit too – with parents working closer to home, there’s time to see their children (instead of saying goodnight over the phone on a long commute after another late night in the office); and, generally, there’s an improvement in social well being and community involvement.

The benefits to the community and to society at large are potentially huge, but it needs someone (which is why I suggest local government, although central government support may be required) to kick-start the initiative.

If foundations like Mozilla can create Mozilla Spaces in our cities, why can’t we create spaces in our small towns and villages? Spaces to network. Spaces to work. Spaces to collaborate. Spaces to invigorate. To invigorate individuals and to rebuild our communities.

It all seems so logical, so what have I missed?

The “desktop” is an outdated concept

Posted on By Mark Wilson

In terms of productivity, yesterday was a write-off – and it looks like today will be too. My company-supplied notebook PC is unusable and I need to get it fixed.

Understandably, a loss of service for one user is not allocated the highest priority and at least a desktop services technician can see me when I make it into the office this morning, for which I’m very grateful.

I hope he has a stock of hard disks though, as I’m not convinced that a simple PC rebuild will be enough – this machine, despite having 4GB of memory and a reasonably-capable Core 2 Duo processor, has been getting slower and slower to the point that, yesterday, it took 15 minutes to send an email and after a restart it wouldn’t even get past the Starting Windows screen. The hard disk light is almost never off, and the diagnostics I’ve run suggest that the disk is about to fail completely.

I did, thankfully, manage to get Windows running in Safe Mode, and managed to copy off the files I’ve updated in the few days since my last backup, but with data transfer rates of around 40 KB per second, across Gigabit Ethernet (security restrictions preventing access to USB disks), something was not right…

So, it’s a PC, these things go wrong from time to time, get over it, right? Yes, I will. It looks like I have my data and I’ll be up and running again in a day or so. But at what cost?

2 to 3 days of my time has a not insignificant price and, with a modern IT infrastructure, I could have been working on another device over that period. Unfortunately, I live in a world where mandatory full-disc encryption inhibits recovery tools, where VPN access is required for internal websites and applications, and where emailing documents to my personal account and working on an alternative device is a breach of security.

Some people would suggest a hosted desktop as an answer. After all, with that, I could just log in from another device and get on with my work. But that’s just applying old-world thinking in a new way.

First up is the VPN. What? HTTPS access to key applications ought to be the norm these days – and it is, inside the firewall. Time to open that up to other locations, surely? Thank goodness I had ActiveSync access to email from my phone (which is a step in the right direction and I should be grateful for small mercies).

Then there’s the full-disc encryption. Firstly, it’s a third party product (for complex reasons involving Microsoft licensing and the need to support a dual Windows XP and Windows 7 estate) but really, surely an encrypted volume (Trucrypt-style) would suffice? Then I could swap out the disc and, providing I can supply the necessary details to access the encrypted data, use it on whatever device I like…

Which leads me to devices. Working for an OEM does present some challenges when it comes to implementing BYOD policies (it doesn’t look good if your staff choose another vendor’s kit) but, if the data is secured, rather than the device, I should be able to use anything I like to access it when things go wrong.

I know the guys who create our standard builds, and I know the effort that goes into creating a standardised PC estate that works for all, even when half the users are technical and want to break things. But the cost of supporting a plethora of devices is tiny compared to the cost of lost productivity, particularly if the support is limited to application and data access, making any device or operating system issues an end-user concern.

In a bring your own device (BYOD) world, I would have bought a new disk (probably an SSD) and been up and running in a few hours. Instead, I’m looking at two or three days total loss of productivity, plus travel costs to see a desktop support technician. Now who thinks BYOD will cause more chaos?

Of course, BYOD is no panacea. I’d suggest that many of the answers to my issues may be found in architecting an IT estate (and supporting processes) where application access is not dependant upon the device or operating system – and that takes time, money and effort. But one thing’s for sure: thinking about “the desktop” (hosted or otherwise) is an outdated concept in 2012.

How does your organisation handle IT for its mobile knowledge workers?