Archive for June, 2009

Energy Management Conference in Long Beach

Friday, June 12th, 2009

Took a bit of time yesterday to run up to Long Beach and walk around the Energy Management Conference exhibit hall. I would have liked to attend the conference sessions, or perhaps speak at the conference, but I didn’t realize that I’d be around for it. Oh well, maybe next year.

Anyway, there were quite a few interesting concepts and ideas out there for not only monitoring power usage, but also for reducing power usage and power spending. Daylight tracking sunlights, ice based cooling systems (makes ice during the night with lower cost power, then uses the ice during the day instead of running A/C compressors), that sort of thing.

Also in attendance at the show where a few consultants who do power profiling of your business and buildings. I like the idea of that, and truthfully never really thought of doing it as a business (at least until yesterday) but being in the IT field, with a solid background in building systems, I think that Voodoo may start offering a service along those lines. Though I’d rather just do the work to fix the problems that other auditors find. And help people make better choices from the early stages of a project.

As usual though, the exhibitors that interested me the most where the control systems guys. Slowly but surely they are moving away from weird proprietary control schemes to straight IP based controls. I can’t wait until they all get to the point where IP is the control scheme, and you don’t need proprietary software to control the systems. They are so close to that now (at least some of them) that I’m excited for what I will see coming in the next year. I think that someone will finally get there. And as soon as they do I’m ready to start deploying it.

Though that does bring up the issue of security on converged networks. Something that we’ll get to shortly.

Posted in Uncategorized | Comments Off

Other peoples networks

Thursday, June 11th, 2009

Inspired by working onsite at a contract in Los Angeles this week.

I’ve worked on a lot of other peoples networks. And while it can be entertaining, it’s rarely fun. Usually you are expected to jump in and fix the random problem that they are having within minutes, which is never a reality (except in the case of very obvious things like the power cord being unplugged).

Thankfully I’m not dealing with that this week, though I am having some fun with trying to figure out why certain things have been done, and more importantly, why things haven’t been done.

For example, the company that I’m onsite at have 2 large internet connections, one each to different carriers. What you normally would do with that – and I’m sure that was the intention here – is apply for an Autonomous System (AS) number, apply for a bank of IP addresses from ARIN, then setup those two connections to be redundant to each other, both inbound and outbound, by advertising your AS number and IP address range over the Internet.

Simple, right?

Well, actually it’s not all that simple, but it’s a pretty straightforward thing to do. In fact it’s pretty much the default configuration for large networks connected to two or more ISP’s.

Well, things aren’t quite setup like that here. They have the big Internet connections. They have an AS number. And they qualified for and got a class C bank of IP addresses from ARIN. But then things sort of fell apart. They attempted to setup the dual homing, and their internet went down. So they rolled back off of that to having two separate internet connections with all of their inbound traffic coming in one, and all of their outbound traffic going out the other. There is some failover, but only for web browsing – if the connection goes down that their external servers are on, then they will have no ability for their customers to reach them over their secondary line.

So now I’ve mentioned this and been asked to fix it.

Which is where the fun really starts.

It’s really not that bad to make a change like this, just time consuming. You have to make a lot of phone calls, make some changes to the way that your routers are configured, add some translations into your firealls and then wait around until all that propagates across the Internet. Once your new IP addresses are available across the Internet, you now have to update the DNS entries for your servers. Then when that information propagates, you can go back and fix the translations on your firewall. And then stop using the ISP supplied IP addresses that you have been using up to this point.

That is a bit simplified, but it covers the basics. Like I said, it’s not complicated, just time consuming. But if something does go wrong it can be even more time consuming to fix.

I’m in the process of writing up the detailed plan of how I’m going to make the changes to get this running correctly. Hopefully all goes smoothly.

And hopefully when their normal network admin gets back from vacation he’s not too confused by what I’ve done……

Posted in Uncategorized | Comments Off

What’s on your network?

Friday, June 5th, 2009

I think that I’ve mentioned this before, but if I haven’t, here you go:

The team at Voodoo Networks, in addition to doing local office network and consulting work here in the Seattle area, also does a lot of work around the world designing and building out large networks. The reason that we are contacted about those networks isn’t due to our competence with smaller, computer centric networks, rather it has a lot to do with our expertise in building out networks that can handle not only computer data, but other systems as well. And handle them very well.

Now when I explain that to people, I frequently end up repeating a list of that kinds of things that exist on what have traditionally been computer networks up to this point. I’ll start with computer related items then go from there:

  • Computers
  • Servers
  • Printers
  • Network Attached Storage
  • Voice over IP Telephone systems
  • Video over IP Conferencing systemsv
  • Video over IP Television
  • Video on Demand systems
  • Background music systems
  • Overhead paging systems
  • CCTV and camera control systems
  • Streaming Audio Systems
  • Home Entertainment Systems
  • Home Control Systems
  • Heating and Cooling Control systems
  • Power Generation Controllers
  • UPS Controllers
  • Temperature and Humidity sensors (internal)
  • Weather Stations (sensor systems for local weather monitoring)
  • Motion sensors
  • Occupancy Sensors
  • Lighting controls (residential & office)
  • Lighting controls (outdoor & common area)
  • Water control systems (fountains)
  • Water Flow Sensors (residential & commercial)
  • Parking space sensors
  • Parking control systems
  • Vehicle identification systems
  • Access control readers
  • Access control locks and barriers
  • Location Tracking Systems
  • RFID Systems
  • Fire and Life Safety systems (not always as these are heavily regulated)
  • Building automation systems
  • Theater control systems (not home – real auditorium / theaters)
  • Leak sensors
  • Air quality sensors

Off the top of my head, that’s pretty much what I remember right now. I may update it later if any more come to me, but this is a pretty decent list even if it’s not 100% complete.

So what does this have to do with IT consulting? Well, all of these systems are things that are either delivered, monitored, controlled or viewed over what used to be a data network. And they all have very different requirements for bandwidth, latency and redundancy. From a network design perspective, these are some of the things that we think about constantly when working on networks to make sure that we compensate in the network design for anything that may be added to the network at a later date.

Many times the people that we are working with are far more concerned about the end points of these networks – the computers, security cameras, the entertainment systems, etc. But while we understand that (the shiny bits are often the most fun and interesting) we really stress that the design of a network core that can handle the stresses placed upon it now and in the foreseeable future is the key to any successful implementation, and not worrying about exactly which shiny end point we are going be using.

One quick example. Recently we were working on a project in Dubai that was just beginning construction planning. The marketing people, the sales people and the guys that were going to run this huge complex where constantly asking about what TV we were selecting for the different types of units, what handheld controllers we wanted to use and what kinds of technology the eventual residents and tenants would have.

Well, given that we were over 3 years away from actually installing any of those end points, the constant struggle we faced was explaining that we could only give them ideas, but consumer technology in particular changes so quickly that guessing what we’d be deploying in 3+ years was impossible. Last I heard from them, they finally started to realize what we were talking about when Pioneer bowed out of the TV business while they were the leader in the high end market. But no matter what TV (or any other device they eventually select), they can rest assured that the core network design that we worked on for them would have withstood the test of time, because it was designed with the needs of the network in mind, not specific devices.

And that is the moral of the story. Don’t design, or let someone else design, your networks unless you are thinking long term. If you aren’t then you will be spending money again and again to keep your networks up, running and useful over the coming years.

Posted in network design, networks | Comments Off

What is a firewall?

Wednesday, June 3rd, 2009

There are lots of things that scare people about the Internet. Nigerian scammers, hackers, LOLCats. You know, the usual stuff.

While there is no perfect defense from any of those, especially the lolcats, implementing a firewall on your internet connection is a big step in the right direction.

A firewall is, in it’s most basic form, something that prevents network traffic from going to certain places. Think of it as a combination filtering and direction control system. Firewalls are available as software for a single computer, or as a combination hardware and software device for networks.

The most common firewall, at least for smaller companies, is a hardware based firewall that is built into your Internet router. It is generally setup to allow all traffic from the internal network (inside your company) out to the Internet, and block all traffic from the Internet that is trying to get into your companies network. It does this by watching where network traffic originates, makes a decision if it will allow that traffic to pass, and either lets it through or drops it. The firewall also keeps track of the traffic that it allows out, so that the return information can get back to the computer on the inside that requested it.

These firewalls also give you the ability to allow traffic from the Internet to come in to your network. Why would you want to do that? Well, if your email server is in your office, or you webserver is, then you’d need to tell the firewall to allow appropriate traffic from the Internet in to those servers. If you aren’t sure if you need to do that, or are sure you do, but don’t feel comfortable doing so, please contact a professional to do the work for you. It’s pretty straightforward, and shouldn’t take long at all in a small office setting.

Firewalls are also available as software for your computer. Both Windows and OS X have built in firewalls that can be used to allow traffic from your network to get to your computer, or can be used to stop your computer from communicating with the network.

There are also 3rd Party software packages from companies like McAffee or Symantec that you can install on your computer. Be aware of the issues that can come up if install one of these pacakages on your computer and it’s also running the native Windows firewall – lots of very weird issues can come from having both of them active at the same time.

A firewall won’t protect you from bad decisions made online, like sending your bank account info to Nigeria, or browsing LOL Cats, but it will definitely help to prevent unauthorized access into your network from the Internet. And given how secure even very small, low cost firewalls can be, there is no reason that you shouldn’t have one between your systems and the Internet.

Posted in Uncategorized | Comments Off

Network Cable Management

Tuesday, June 2nd, 2009

A constant issue for everyone who has anything to do with the IT world is management of wire. There are thousands of images out there of the nightmare that server room or network closet wiring can become.

Here are a couple of my favorites:

Now the first one is entertaining because anyone who has worked in a large datacenter has thought about doing just that. Especially when it’s 3 o’clock in the morning and you don’t feel like routing any more cables.

On the other hand, the second image is one that most people who’ve been in a small business IT closet are familiar with. It’s a small rack, holding a switch and a patch panel (that’s the plate with all of the jacks in it for plugging in network cables – the other end of the cables on the back of the patch panel end up in the walls or floor or at desks out in the work area), with some really messy cable connections between them.

Both of these images show extremely bad cable management, just on different scales. But they both suffer from the same problems. Difficulty in determining which cable goes where. Poor bend radius for the network cables that can cause network issues. Weight of the cable being supported in full by the connector. And so on.

Cable management isn’t on most peoples minds when they think about IT, but good cable management can reduce costs, troubleshooting time and network issues. So it’s something that we take seriously.

Over the past 15 years I’ve worked with untold numbers of networks, starting with Coax, going on to Token Ring and FDDI, and now working with Cat 6 Ethernet and Fiber. And over the same amount of time I’ve used almost every cable management platform on the market. And while most of them look very nice for a while, they tend to degrade into a mess, usually because they are designed to hide the mess, not control it.

Which brings us to a recommendation, and an example of what we currently are using (and will likely use for a long time to come) – Neat-Patch.

About 7 years ago, when I was in the process of starting up a division of a Fortune 1000 company that deployed wired and wireless infrastructure around the US, I happened upon Neat-Patch. They were kind enough to come down and give us a demonstration of the product in one of our closets and quite frankly we were all blown away. While I’m not sure that the division started using them (I left that organization and went back into my full time IT position) I have used them since on several occasions and the product never fails to amaze me.

Designed to actually manage your network patch cables, rather than just hide the mess, the Neat-Patch system truly does make it easier to add, change and remove network drops. It also reduces troubleshooting time and headaches, and because of the engineering in the product keeps the network cables running running to specifications.

Here is a quick shot of the Neat-Patch solution in action:

That image shows the full network wiring layout for 96 computers. Pretty isn’t it?

Overall it’s a great product, and one that I’d like to see everyone using. On the other hand, if everyone was using it, then it could reduce the amount of troubleshooting business that we get, but I still think that it would be worth it.

Update: I understand that Neat-Patch is prepping for a product video showing management around a Cisco 6509 Switch. Having managed dozens of those beasts, and their nasty idea of cable management, I can’t wait to see their video.

Posted in closet, datacenter, wiring | Comments Off