Update: FDCServers responds, saying a) yes, those pictures are of servers in our building; b) they are of our NOC and our repair center, and are not in production environment; c) they were taken by a competitor. Read the full response here.
I went to the FDC Datacenter around the end of October after my friend who has a colocated server there asked me to help bring it back online. Not a dedicated server, a colocated server. It had been down for roughly 10 hours, and FDC’s technicians had no idea what was wrong with it. The machine wouldn’t post, and the fdc techs insisted my friend (who lives several states away) would need to supply replacement hardware to get the machine to post. After talking to him for several hours, and assuming fdc’s techs themselves were right, my friend insisted that he would pay me to go to the datacenter and troubleshoot the issue.
So are cardboard cases standard operating procedure for colocation facilities? Have you seen your own data center hacks that trump these? Shouldn’t someone call the fire marshal? I’d love to hear your thoughts on these pressing questions at Michael@ITKnowledgeExchange.com: I’ll happily keep your information private if requested, and we’ve got a free T-Shirt for the best data center hack we come across.
Everybody knows how to figure out whether you need a Security Information and Event Management tool (SIEM) and also how to pick the right SIEM product for your organization. Extremely smart people with years of experience in the field spent years dealing with that exact problem (example). However, it sure seems like the right way – requirement-driven and use-case driven – is also the least popular way of picking and justifying SIEM deployments. Folks just want to do it wrong and make themselves suffer in the process while wasting money, generating annoyance and sparking intense hatred of SIEM vendors.
If doing it right is not a popular option since many organizations are hell-bent on doing it wrong, let’s try to determine “What is the least wrong way which will actually get used in real-life?”
First, let me refer to my classic deck on SIEM and log management “worst practices.” The first two practices are related to choosing a SIEM product and are shown below:
•WP1: Skip need determination step altogether – just buy something
–“My boss said that we need a correlation engine” (more about this mistake)
–“I know this guy who sells log management tools …”
•WP2: Define the need for SIEM in general
–“We need, you know, ‘do SIEM’ and stuff”
These situations are actually quite common and most unquestionably wrong; and many a SIEM project has been slaughtered as a result.
BTW, what partially inspired this post was a lot of Google queries for “which siem system is right for security in my company?” that landed on my blog. Think about this! Folks think that Google actually knows what SIEM is best for their organizations An additional inspiration was provided by a discussion I had with a colleague who said that many SIEM purchases also had a hidden “opportunity cost.” Namely, the money spent on a SIEM were thus not spent on something that could have contributed a lot more to risk reduction at this particular organizations. The final inspiration came from all the “MARS tossing” that is going on now; the organizations who acquired a SIEM product a few years ago and never managed to apply it to anything useful are now on the market for – you guessed it! – a new SIEM. These same folks then google for “SIEM justification” since they literally cannot say why they wasted $280,000 of perfectly good dollars…
In any case, what IS the least wrong way? How about this flow (drastic oversimplification alert!):
Do you really need a SIEM? Or do you want a SIEM? Figure this one out please….
If you need a SIEM to solve a particular problem, what would it cost (time, staff time, money) to solve it with SIEM and without SIEM? Which is cheaper, better, faster?
What problems won’t you solve due to engaging in a multi-month SIEM project? Is this acceptable?
Next, will a simpler – and cheaper!- log management tool do the trick?
Are existing SIEM solutions actually capable to solving that problem you have? At a cost you can afford to pay?
Will existing SIEM solutions work in your organizations: politically, culturally, geographically, etc?
Are you prepared to WORK (yes, w-o-r-k!) to make SIEM solve your problem? What exactly is your expectation, SOC-in-a-box, perchance?
Only here you can start planning the deployment, phased approach, log source integrations, correlation rules, dashboards, etc.
(we can call it an “almost right” approach)
And by all means, study vendor stuff on “how to choose a SIEM?” [some of it will in fact be written by the same party as this post ], but don’t take it as gospel. The above list should get you going at least.
Here are some example of “SIEM gone wild” from recent experience.
In one case, a company called a consultant and said that they needed assistance with SIEM implementation. He asks: do you have business requirements defined? No. Do you have a product selected? No. But you want to implement already? Yes. *painful pause*
In another case, a company picked a SIEM that was [supposedly] the easiest to deploy. While undoubtfully an important criteria, wouldn’t an enlightened reader of my blog agree that this requirement comes a close SECOND right after the “Will it solve my security problem?!!!” This particular organization just focused on ease of deployment… and FAIL didn’t have to wait too long
BTW, lately I’ve been puzzled about the whole concept of “co-managed SIEM” (subject of one of the future blog posts). I think it is gaining popularity (example) for that very reason mentioned in this post: folks don’t want to figure that stuff out, the want the crack team of mercenaries to parachute in, deploy and operationalize a SIEM for them – and then continue running it for some time…or forever. I was told that sometimes it is cheaper than signing up for an MSSP – and you retain more control while learning from the experts on how to do it. But more on this in the future post.
Finally, just have to mention it: I am available for SIEM and log management consulting projects.
IT organizations that virtualize Microsoft SQL Server may have to rethink their strategy with the upcoming SQL Server 2008 R2, which dramatically increases the price of running virtualized instances of the database in some configurations.
But whereas Enterprise Edition used to offer unlimited virtualization rights if all of the processors in the system were licensed, Enterprise Edition for R2 only supports up to four virtual instances. To gain unlimited virtualization rights, customers will need to purchase the new Datacenter Edition, which costs twice as much as Enterprise Edition: $54,990 per processor (without Software Assurance), compared to $27,495.
Scott Cochran, network engineer at a large life insurance company in Baltimore, Md., said his company’s plans to virtualize SQL Server Enterprise Edition were probably “off the table.”
“We were having a hard time getting management to sign off on two processors at the old pricing,” Cochran said.
Microsoft responded that the changes will affect only “a very few customers,” but Brent Ozar, a noted SQL Server professional and avid blogger, called the license update “an ugly change for shops who use virtualization,” recommending SQL Server administrators buy now if they can avoid the potential licensing headaches and costs later on.
Too many desktop virtualization platform options, deployment choices and licensing paths might stimmying desktop virtualization. As CIO’s Kevin Fogarty reports:
Desktop virtualization now comes in so many varieties that even vendors confuse terms referring to the flavors.
Market leader Citrix Systems, now working hard to expand virtual desktops into roles that the company hasn’t traditionally filled, rolled out a version of its Xen Desktop solution last fall that allowed customers to choose any of six major delivery methods.
Competitor VMware is close behind, followed by Microsoft and a host of add-on vendors and open-source integrators offering similar approaches, bolstered from the other end of the client-hardware spectrum by thin- or zero-client virtualization products such as Pano Logic or NComputing.
Add to that the potential to stream apps to end users from external SaaS providers, access all or part of a virtual desktop from the cloud via platform-as-a-service, nestle a secure VM within an otherwise insecure personally owned iPad, smartphone or other gadget—and the choice gets very complicated, according to Chris Wolf, infrastructure and virtualization analyst at The Burton Group.
And while the rush into virtualized desktop and device OS’s isn’t fully on yet (some of Fogarty’s aforementioned combinations aren’t even available or projected to be available), desktop virtualization was gathering its fair share of buzz at Interop, the somewhat stodgy IT conference geared towards networking professionals I headed out to last week. The conference even had a whole track day devoted to desktop virtualization. Just sample the topic list and you can tell this is a serious technology:
Methodology for evaluating your user requirements and determining which technologies and combined approaches are best suited for your users’ needs
A deeper understanding of the various approaches and architectures of the different desktop virtualization and application virtualization and streaming technologies
An independent look at the top desktop and application virtualization solutions
For the final segment in this series, let’s turn our attention away from systems and technology and focus on Operational Excellence. How does one take all this advanced technology and effectively and efficiently respond to all the user and business demands that accompany this brave, new borderless world? After all, even the richest and “rightest” technology solution will fall short of expectations if it is not bolstered by 1) a proven set of best practices, 2) a strong support structure, and 3) an accurate and complete view of network costs and value.
Let’s examine each of these key operational components.
Best Practices and Borderless Networks
In today’s connected world, business systems and processes are built to take advantage of the network. And just as business systems and processes are unique to individual customers, so too are their networks. Special network service requirements can be dictated by customer business model… or industry pressures… or geographic location… and on and on.
At a business level, Cisco functions as a strategic partner. Industry experts advise customers on networking norms and trends. This advice can target a specific vertical industry such as health care or government. Or it can take aim at horizontal business functions such as remote collaboration or customer care. And Cisco backs up this advice with networking solutions that get you up and running quickly. Examples include, PCI for Retail, Medical-Grade Network 2.0 for health care, and Citizen Connect for governments.
At a technical level, Cisco provides IT and network staff with expert analysis, proven designs, certified training, and technology management best practices. Cisco’s Design Zone and the Cisco Security Center serve as two prime sources of in-depth technical guidance. Cisco makes sure you do networking right… from the start. Here, the breadth and depth of technical guidance offered to customers is unmatched in the industry.
In addition, Cisco also leads by example. Cisco IT has long been recognized as a leader in supporting the networked organization. Our internal expertise and experience is passed on to customers, enabling them to learn from our successes – and yes, our mistakes. Cisco is also recognized for its leadership in Green IT practices. Teleworking, remote collaboration, and resource virtualization are all of strong influence within Cisco. And for those customers looking to take advantage of developing cloud services, Cisco is an active provider (WebEx Collaboration Cloud) and partner with cloud service providers.
Cisco works hard to make sure you do networking right. As my father was always fond of saying, “Do it right. Do it once.”
Support Services and Borderless Networks
The strength of network support services, whether you’re looking at your own internal offerings or those of your technology providers, is a prime determinant of networking success. From design to deployment to operations to innovation, how well you support your business and your end users determines how successful you are in networking. This is not to say that technology or solutions or products don’t matter. They do. What this says is that support service excellence leads you to use the right solutions and then use them most effectively and efficiently.
Cisco offers a wide range of services options. This allows customers to best balance their support requirements with their support budget. Cisco’s enhanced Limited Lifetime Warranty (LLW) reduces maintenance costs, while still providing solid support. Above and beyond LLW, Cisco offers a wide range of services options — from basic (e.g., Smart Foundation) to premium (e.g., SMARTnet and Smart Care) to advanced (e.g., Security Assessment and UC Migration). Cisco will even co-manage your network through our Remote Management Service (RMS).
Customers are provided further flexibility through Cisco direct and on-line service capabilities. Both Cisco’s Technical Assistance Centers and web-based support are award-winning. No one supports networks like Cisco.
In order to optimize support for Borderless Networks, Cisco also offers a single service contract that covers the core technologies within the Borderless Network Architecture – routing, switching, security, and mobility. For example, Cisco’s Network Optimization Service encompasses all four of these core technologies, allowing Cisco to optimize your Borderless Network as one single business system.
Whatever your preference in service levels or service delivery methods, you can rest assured that, with Cisco, you’re receiving the best support available in the industry.No other vendor comes close to offering 5 global TACs and over 1,500 support engineers dedicated to network support. Additionally, as you look to staff your own IT organization, the more than one million Cisco-certified network technicians represents a huge source of talent from which to draw. Combined, Cisco’s resources and your resources ensure that your network and your organization overall is provided the best possible service and the best possible service levels.
Cost Savings and Borderless Networks
Operating expenses typically account for 75-80% of the networking budget. It makes sense then that operational efficiency drives the greatest network-related cost savings. That doesn’t mean that capital expenses should be ignored. You must save wherever you can. Beyond network-related CapEx and OpEx, you should also be mindful of costs that can be directly influenced by the network. For example, downtime results in lower productivity, customer dissatisfaction, and lost revenue. Underutilized resources result in over-spending on systems and support.
Networking devices that support multiple services (e.g., connectivity, security, voice, mobility…) eliminate the need for specialized devices and reduce network complexity. Service intelligence and modular designs also extend the service life of equipment, protecting your investment over time. The result: CapEx and OpEx savings.
Cisco further reduces OpEx through such key capabilities as zero-touch service activation and management automation. For example, Cisco’s ISR allows remote provisioning of integrated services. Cisco’s Embedded Event Manager (EEM) automates common tasks and problem handling.
Cisco’s industry-leading high availability features help avoid scheduled and unscheduled downtime. For example, Cisco’s ISSU allow software updates while the device remains in service. Cisco’s CleanAir technology assures the integrity of your wireless network environment. On the security side, industry-leading products and practices ensure your network is protected from forced downtime or slowdowns. These same security solutions also help you avoid productivity losses when users are remote or mobile. For example, Cisco Virtual Office (CVO) provides for full protection and productivity for teleworkers.
Resource savings extend beyond the network through key virtualization (e.g., VLANs, DMVPN) and sustainability (e.g., EnergyWise, CVO) services. Here, reductions in IT systems, energy use, and facilities requirements drive savings across both IT and the business.
Cisco EnergyWise also serves as a prime example of how the role of the network is expanding to drive value beyond traditional IT enablement. Today, operating as energy management software on Catalyst switches and Cisco Integrated Services Routers (ISR), Cisco EnergyWise along with its Orchestrator management console and PC client software, measures, monitors, and controls power demands of a variety of networked devices (e.g., IP phones, WLAN APs, PCs, and servers). Cisco’s complementary Network Building Mediator enables heightened control over the power demands and energy costs relating to the facilities infrastructure – e.g., lighting controls and HVAC systems. In the future, Cisco EnergyWise and Mediator integration combined with technology partnerships will further consolidate energy controls across the network, providing you with complete control over your organization’s energy consumption and costs.
Last, but certainly not least, Cisco provides for direct cost savings on equipment and maintenance through a number of key programs. Product bundles reduce the cost of purchasing commonly grouped networking systems and components. Cisco Capital Finance provides flexible leasing options when customers are looking to balance CapEx and OpEx and adapt their networks as new demands arise. Trade-in allowances reduce network refresh costs – and support sustainable electronic waste initiatives and directives. And, as mentioned above, Cisco’s enhanced Limited Lifetime Warranty further reduces the cost of the Cisco solution.
As you see, doing Borderless Networks right involves far more than picking the brightest technology, the best solution, or the cheapest product. It is as much technique as it is technology. Are you doing networking right? Are your suppliers and service providers doing right by you? Think you’ll do this once? Or will it take you multiple tries to get it right? Remember… Do it right. Do it once.
I hope you enjoyed this series on Borderless Networks. Let us know what you think. And as always… let us know what you — and your network — need.
This week at Interop and beyond, the battle lines between Cisco’s and HP’s networking divisions were clearly drawn in black and white, and the future promises a long-drawn war between the former partners to win the hearts, minds and wallets of networking professionals.
IT pundits and partners said the message was clear: You are either HP or Cisco now, not both, particularly if you want to sell networking equipment. The was all precipitated by Cisco’s bold move into the server market and HP’s recently finalized 3Com acquisition. While the companies had been particularly complementary previously, they now were very much overlapping in product lines, which means a major restructuring in what kinds of deals can be made.
The heat has spilled over onto the Interop show floors: This year, likely due to acquiring 3Com and any Interop reservations they had, HP had not one but two giant show floor presences, one of which was right next to Cisco. I actually sat amidst a posse of HP executives during the keynotes, who not-so-quietly whispered “Bullshit” during the presentation by Cisco’s Brett D. Galloway. Let’s blame it on the Vegas mentality, but it seemed like the group was two slides away from throwing tomatoes.
I spoke with Nick Lippis, of Lippis Report fame, for his take on the situation and he said that HP faces some big challenges entering Cisco’s turf, but they also have some large advantages regarding strong existing channel and supply chain partnerships that span their networking, server and printer lines, which can translate into a lower acquisition cost and the ability to corral fence sitters into their camp whether they want to or not.
“It’s going to be very difficult for a channel partner to support both Cisco and HP,” he said. But with Cisco retaining a large market margin – about $40 billion to HP’s $5 billion, according to Lippis – and a strong technical edge, the two companies will have very different messages to bring to the market.
Let’s now turn our attention to Technology Leadership within the network infrastructure itself. In this always-on ever-connected borderless world, leadership in networking is a critical success factor for all organizations. And no longer is the network judged as a tactical IT-serving utility. Now, it is judged even more critically as a strategic business resource.
Key questions to ask include… How does the network best deliver rich and consistent services? How does the network best protect connected resources and users? And finally, how does the network best adapt to new business demands and absorb new technology advancements? Let’s answer each of these three key questions now.
The Network Best Delivers via a Systems Approach.
The network is a critical business system, with many components required to work as one.
Extensible systems and integrated services combine to multiply the value of the Borderless Network. Cisco’s wide-ranging portfolio allows freedom of choice for the customer. Designed-in hardware assists and a wide range of network and service modules ensure that the network delivers not only rich services, but also provides consistent performance when services are turned on. The Cisco Integrated Services Router (ISR), with its extensive services capabilities, serves as a prime example here. Embedded hardware assists for voice, video, and security processing heighten ISR service capabilities and service quality.
Consistent services and common components also enable cost savings and operational efficiency. Cisco IOS provides a common software base across routing and switching systems. Common sparing and component reuse protects your investment as you expand and enhance your network. The Cisco ASR and ISR serve as good examples here. By design, the ASR makes use of SPAs already in use in customer networks. The recently announced ISR G2 makes use of network and service modules designed for the original Cisco ISR series.
The systems approach also delivers operational efficiency. Management expertise, policies, and practices can be applied across the network. Routine tasks and problem handling can be automated via such key features as Command Line Interface (CLI) scripts, Embedded Event Manager (EEM), and Generic On-Line Diagnostics (GOLD). Further consolidation and control is enabled through centralized management facilities such as CiscoWorks LAN Management System (LMS) and Cisco Wireless Control System (WCS).
Sun said it right in the 80s, “The network is the system.” We couldn’t agree more.
The Network Best Protects via Integrated Security.
Secure access to the network and networked resources is certainly a key area of concern for our customers. Security threats come from every direction – and are ever-changing. Protecting the network – no matter the angle of attack – is a must for every organization in this day and age. In many industries, it is even a regulatory requirement.
Given that threats appear in many forms and along many fronts, it is vital that security mechanisms provide blanket coverage for your network and networked resources. Do you lock all your doors when you leave for vacation? Or just some of them? Blanket coverage requires that security services be in operation across the network infrastructure at all appropriate points of potential attack.
And while these mechanisms must provide for maximum protection, they must also minimize their impact on network service levels. Protection should not sacrifice performance. And performance should not sacrifice protection. Here, Cisco’s systems approach outlined above bears fruit via integrated security services. Networking platforms that are optimized to run security services allow you to “turn on” security without driving down network service levels.
To further ease the impact of security across the network, central policies and consistent management interfaces allow the network operator to enforce security without having to commit to micro-managing security functions and secured users and resources. Here, the key is to balance effective security enforcement with efficient security administration. The goal: Provide full protection for your network and full productivity for your support staff.
Cisco TrustSec serves as a good example of an effective and efficient security service at work across the Borderless Network. TrustSec dynamically assigns access and services for users and devices and ensures that endpoint devices are authorized and healthy via consistent, network-wide security policy enforcement. TrustSec also helps address compliance requirements by providing access control to sensitive and valuable information and assets, collecting user activity and history data, as well as providing end-to-end monitoring and reporting capabilities.
Beyond TrustSec, Cisco further strengthens your security stance across many critical – and vulnerable — fronts. For example, Cisco AnyConnect extends access security to mobile users and their device of choice. The Cisco Virtual Office provides a complete teleworker solution, enabling full productivity and protection for the remote worker. Other security solutions target such key requirements as threat defense, data loss prevention, and PCI compliance.
When securing your network, it is also vital to remember that success is as much determined by solid processes as it is by strong products. Cisco’s unmatched portfolio of security support services run the gamut – from assessment to deployment to optimization to ongoing remote operations. In addition, Cisco also provides for proven secure network designs via Cisco’s Design Zone for Security, a wealth of security guidance and resources via Cisco Security Center, and rapid reaction to threats via PSIRT Advisories.
In this connected age, you must provide the most freedom and greatest flexibility for your users. While at the same time, you must exercise absolute control over connected resources – and all who wish to use and abuse these resources.
The Network Best Adapts via Continual Innovation.
In today’s world, continual network innovation is vital to achieving IT and business goals.
Cisco spends $5B+ in annual R&D on the network. Worldwide, 30 major labs and 20,000 engineers are dedicated to network technology and product development. We are a networking company. It is what we do. This focused and unmatched level of investment keeps us in front of not only our competitors, but more importantly, our customers looking to always do more with their network.
Evidence of this effort can be seen along two critical fronts – network standards and network service intelligence. Cisco has been at the forefront of driving the advancement and adoption of industry standards. Standards pioneered by Cisco read like a Who’s Who in networking technologies. Fast Ethernet, Power over Ethernet, SIP, CAPWAP, and MPLS… just to name a few. (See white paper.)
Cisco is also at the forefront of driving intelligent networks. Security, mobility, application networking, voice, video, network automation, and now even energy management all extend the capabilities and business impact of the network. These intelligent services are core to the Borderless Network Architecture. And they are core to the innovation that Cisco delivers to the network and to customers.
Witness the future unfolding within our IPv6 capabilities or our strong 802.11n portfolio. Witness the sustainability gains offered by Cisco EnergyWise and Cisco Virtual Office. Customers are saving money and promoting sustainable business practices by controlling their energy consumption and making the best use of their facilities. With Borderless Networks, everything is possible.
Is your organization leading or lagging in networking? Is your network ready for anything? Or afraid of everything? Does your network allow your organization to jump at or shrink from new opportunities? Let us know where your network stands.
I snuck over to the Interop NOC today and surreptitiously took some pictures of all the shiny monitoring tools on display, but it was all for naught. No, my camera wasn’t confiscated. Splunk, which provided the most interesting visualizations, went ahead and posted a live streaming video of NOC activity, embedded here:
When I spoke with Lenny Heymann, general manager of Interop, he was very conservative in predicting event turnout, saying Interop 2010 was “going to be a little smaller than last year’s” conference. Maybe he was just being modest, because once the crowds swelled in, the show was plenty busy.
Several analysts, journalists and attendees all told me that numbers seemed as high or higher than last year’s Interop (I didn’t attend), but press relations for the show said final numbers would not be available until after they closed up shop, sensibly enough. They would, however, part with one statistic: Paid conference attendance was up 30% over last year, which would (as best I can tell) put conference attendance at around 1,900 people. Keep in mind, conference attendance is a fraction of total attendance since a lot of people just browse the show floor or are exhibiting at the show themselves.
According to the EEIAC (an independent event attendance auditor), last year’s event saw a total of 1,478 conference attendees (not including who just visited the expo floor, which is free), which just over half the previous year’s attendance at 2,846 (Source PDF ).
Cisco’s been on an acquisition tear throughout most of the recession (See the complete list), but the seeds of today’s CleanAir announcement date back to 2006, when Cisco announced a partnership with a little known company called Cognio, which had only begun shipping their breed of Wi-Fi management software the spring before.
But that was just the start to what would turn into a beautiful friendship. The next year, Cisco was so happy with the results it announced it would go on to acquire Cognio, with Cisco’s Brett Galloway saying:
“Wireless spectrum is a strategic asset for our customers, and its management is key to the robust delivery of mobility applications,” Galloway said. “Cognio’s innovation in spectrum intelligence will help ensure Cisco continues to differentiate our ability to deliver our customers rich and dependable end-user mobility experiences.”
Yankee Group senior vice president Zeus Kerravala said that acquisition was part of the turning point for Cisco to move from “selling wireless stuff” to becoming a true mobility vendor.
As an aside, Brett Galloway was the Cisco executive who made today’s CleanAir announcement, too. While digging around, we also had a Cisco representative offer the following statement regarding what makes CleanAir better than standalone offerings, like Airmagnet or Cisco’s own Spectrum Expert:
While spectrum intelligence can be acquired in the form of tools like Spectrum Expert which are useful in the pre-deployment phase, the best solution is to have spectrum intelligence technology integrated directly with the infrastructure. The fully integrated Cisco CleanAir solution provides powerful features that are not available in Spectrum Expert such as 24/7 proactive monitoring of interference, spectrum security and performance alerts, remote management, and interference device location. And perhaps most importantly, integrated spectrum intelligence enables a new breed of RRM, which is able to understand and intelligently mitigate the impacts of interference.
There you have it: The long, relatively un-sordid backstory behind Cisco’s latest wireless defense mechanism. I’m meeting with Cisco again Thursday, so feel free to e-mail or tweet any unanswered questions you might have to me in the meantime.
There's a lot of IT news and analysis out there. The IT Watch Blog has what matters to you, including breaking announcements, insider tips and unbiased opinions from the people who matter most: Real IT professionals.