Teneo !!!

Aaron’s blog on Networking, and Enterprise Technology

Network Management: What is it?

What does it mean to manage a network?  In today’s world, network management is a marketing term used to target professionals aimed at network systems.  To me, its much like using “Cloud”…. you ask 10 people, and you’ll get 10 different answers.

I’m going to attempt my thoughts and opinions on what Network Management really means.

To some, “Network Management” is just having the ability to remotely administer switches and routers.  In that context, network management is localized to your ability to control a single entity.  Others may think it is only SNMP gets and traps.  This is what marketing has sold us.  But “Network Management”, to me, is so much more.

Network Management skills is the ability to analyze and identify metrics in such a way to answer questions like, “When do I need to upgrade my WAN links”, “Are my switches performing efficiently and below thresholds”, and “Are my QoS configs doing what they are supposed to be doing”.

Full “Network Management” should be able to identify the categories defined as FCAPS:

  • Fault Management – Identify and notify on faults and alarms.  Possibly even build automation systems to alleviate or resolve those faults.
  • Configuration Management – Maintain configurations.  Could be as simple as plain text configs, to the advanced Versioning and Workflow
  • Accounting – Tracking statistics for the possible billing or identifying usage of subsystems.
  • Performance Management – Track how well things are performing, whether it’s processing, memory, or link performance.
  • Security Management – This could be as simple as identifying and tracking logins, to advanced Intrusion Protection Systems.

Most systems that I’m aware of, usually cannot do them all from one application, and those that claim to, usually will sacrifice one to enhance the other.  There are certain advantages to having a single system managing all aspects of your network.  1 single repository and reporting system makes it easy to maintain and use.  It is up to you to identify which.

From what I can see, there is only one company that sponsors a “Network Management” certification.  SolarWinds, I’m told, has a good, well-rounded certification.  And while they claim that the majority of the certification is not based on their product, the name alone implies to employers of a ‘branded’ exam.  Cisco had a certification once, but expired it in 2005.  Still, it’s a good start, and am waiting on other vendors to create a more “standard” exam.  It will be necessary as we see this convergence into network protocols, and the management of those systems will be increasingly critical.

I read once, “You cannot manage, what you cannot see”.  Network management is not easy, but once you find the right systems to help you report and identify, it will certainly help.  Once you have the right metrics, and events to correlate on, you’ll find you have more answers than questions.  Now, when someone comes to you and say, “The network is slow”, you can now say with with an assured expression, “I know”.  🙂 🙂


Diagramming with OmniGraffle Pro 5: Useless Subgraphs

The subgraph function of OmniGraffle 5 Pro is shown here

The concept is brilliant but the implementation is useless.  Here is my use case:

I have generated LOTS of diagrams that become so large, it is cumbersome to navigate or view.  Zoom in, zoom out, pan, zoom in again……In the past, I’ve gotten around that by making different pages, and setting actions on certain objects to “go to” a different page.  Like drilling down.  For example, I choose an object that abstracts a detail.  I place that detail on another page, and choose the abstracted object action to “jump to” that page.  This goes for both Visio as well as OmniGraffle.

The subgraph function would be a way to “drill-down” in the same document and abstract it quickly and easily.  Giving a high-level overview, but expanding/drilling-down when asked.

Well, some caveats to using subgraphs:

1).  It does not keep alignment with other neighboring objects.  When collapsed, it aligns to the upper-right corner of the original object group it created.  Perfect if you are making an abstract diagram (doubtful)

2).  When aligning correctly of a collapsed subgraph (fixing caveat #1), when you expand, you overlap neighboring objects.  It’s a double-edged sword.  A catch 22.  A lose-lose situation.  <insert favorite negative idiom here/>

3).  There is no easy way to expand/collapse a subgraph without pulling up a context menu.  A keyboard shortcut key could be handy here.  I got around it by placing the following action on the subgraph.  Works great, when you are in ‘edit’ mode.  But when using the new Presentation Mode of OmniGraffle Pro 5, it fails miserably.  I think it’s because “Presentation Mode” is not built to understand AppleScript, and therefore, cannot read the properties.

if collapsed of self = false then
   set collapsed of self to true
   set collapsed of self to false

My thoughts?  This “feature” is more a nuiscance than a convenience.  This was probably the decision of a Development Manager that put this in to fill the road-map, and chose to “add to it” in future releases.

I was stoked to hear about this feature, and utter disappointment followed.  Back to my “go to” jumps.

My System Engineer’s toolkit for Mac

As Mac’s become more and more prevalent in today’s enterprise, more and more engineers are using Mac’s as their primary workstation.  While many of us use VMWare’s Fusion to run Windows for those apps that require it, this post is to identify programs I use on an almost daily basis, running natively on Mac OSX.

1). Wireshark – Okay.  This is pretty obvious.  No engineer’s toolkit is complete without a packet analyzer.

2).  TFTP Server – If you have a large network, you probably already have a dedicated TFTP Server storing all your images.  But, in smaller networks, or if you plan doing any “remote” work, it’s handy to have something local.

3).  IP Calculator – Yes, those that have certifications, can do this in their head, or at the very least, write down a matrix that helps them remember.  For those of us that just don’t have the time, or would like “confirmation”, cheat and use your own calculator.

4).  Chicken of the VNC – Yeah, it looks like a can of tuna.  Kinda kitschig to me, but it works.  Gives you a bookmark console for different VNC Servers.  Mostly used to access X Servers on Linux/Unix, but handy if you don’t have console access to other servers.

5).  Remote Desktop Connection – Pretty self-explanatory.  Gives you remote access to any Windows 2000/2003/2008 servers or workstations.  Full-feature including printer mappings, drive mappings, display settings, etc.

6).  MIB Browser – an indispensable tool, if you do alot of SNMP gets or traps.  Use this to browse vendor’s MIB Files to identify traps, and OID’s.

7).  Screen – This isn’t really a seperate application.  It’s built-in to the shell of Mac.  But I had to list it, as it gives you serial console access into network devices such as Foundries, Junipers, and Cisco’s (probably others, but that’s what I’ve used thus far).  Just plug in a USB-to-Serial adapter that is either a Keyspan or Prolific-based.  Others probably work, but, again, this is what I’ve used.

8).  JellyfiSSH – This is my all-time favorite.  For those that love PuTTY, you will never go back.  JellyfiSSH, is just like PuTTY for Mac.  It gives you full bookmarks to all your devices.  The bonus, is that you can organize your bookmarks into groups.  For example, I have groups called “Firewalls”, “Linux”, “Routers”, etc.  I have already spent LOTS of time ‘tweaking’ my terminal in Mac.  I just tell JellyfiSSH to use my terminal settings, and viola!  It also gives you a handy way to backup/restore your bookmarks, whereas in PuTTY, you have to grab the registry keys.

9).  FileMerge – This comes with the XCode app as a seperate install from your OSX DVD.  Useful when comparing two similar files like network configs or other system files.  Those that use RANCID may already have subversion or CVS doing their compares.


10).  OmniGraffle – I completely forgot about diagramming.  You’ve gotta be able to document your work for troubleshooting, training, or general brainstorming!  OmniGraffle just rocks.  It may take some getting used to, if you are familiar with Visio.  But, after using it for awhile, I’ve found I can diagram faster.  Who knew?

That’s it for my Engineer’s toolkit.  I didn’t include your ‘basic” apps that are built-in, like traceroute, ping, netstat, etc.  I have a host of other apps that I love, but I’ll save that for another day.

Does anyone want to list their favorite Mac Apps that aren’t already listed here?  The public would love to know, as do I.

Being that this is probably my last post of the year, “Happy New Year!!”.  Be safe, and enjoy the coming of “new starts”, “freshness”, or just all-around “good times”!

The general rules of networking.

I’m not sure why, but I got this crazy idea in my head to start coming up with “Rules of Enterprise Networking”. I say, ‘crazy’ because there is NO WAY you can list it all! So, why do this?

Lately, I’ve been seeing two kinds of articles. One is for the beginner. The other is for the advanced. The audience of these sets of articles are for those that want to start taking the lead in building solutions, or managing networks, but already know the technologies.

I hope it will be useful!

Enterprise Network Rule 1: Always Plan for Problems

In a perfect world, everything works as expected, and will continue to work indefinItely. Obviously, this just doesn’t exist, and we have to plan ahead for this.

Unfortunately, there is not a guide on what to plan for. The possibilities are just too great to list in a single publication. Most of the time, the failure has to happen at least once to you, before you plan to recover from it next time.

This is where experience comes into play, as text book readings only tell you what works, and usually not what fails. The best you can do is to play failure scenarios in your head, and how you would solve them.

For example, if a router fails, and you are not in the office, how will you access? If VPN fails? You may have a really expensive network management system sending you email notifications. What if it’s the email server that’s down? How will you know?

Your best attack, is to build redundancy into the plan from the start. That will give you time to resolve the issue while the operations still operate normally. But, if redundancy isn’t an option (costs are to high, or not available), then you’ll need to plan on how to access and resolve.

When building new solutions, make sure you have a DR (Disaster Recovery) plan in your documentation before it goes into production. Try to list all the scenarios and how you will resolve them.

For those that think dial-up is dead, think again. Sometimes, dial-up is the only way to access something OOB (Out Of Band). I have numerous sites that I dial-up to the router, if we lose the primary link. Other larger companies may have multiple links to different carriers, but even then, that may prove useless if a construction crew cuts all your local loops.

Redundancy is just like insurance. How much insurance do you need? Some, might be overkill, until you need it. You just have to find the balance between costs and the risks involved, should you be down for any length of time.

Again, nothing is ever perfect. Buying value-named equipment, which is certainly more stable than generic or cheaper brands, will never guarantee 100% uptime. And even if the equipment IS stable, you always have to plan for the human component.

Good Luck!

New Blog Layout/Design

Just now got around to reading some great blogs that I follow, after who knows how long! There seemed to be a pattern on many of them….. they cleaned up their blogs.

Then it occurred to me, that MY blog was way to cluttered with very little useful information, distracting from the focus of the site.

Does anyone really use posting calendar’s anymore? I mean, there are really two ways to read a blog… from the site/RSS feed, or from a web search. I doubt many click on the days to see what you were doing.

Also, the “Archives” where you get to choose the day/week/month and/or year of posts. Again, similar to the calendar. It may be used, but much less than what I thought.

Other data like “Linked In” or profile pics, are better in an “About Me” page, instead of forcing it on someone at their first visit.

So, i cleaned up to what is hopefully more useful information. Hope you like it! Let me know if this blog is missing something you are used to seeing on other blogs.

EMC Luns and vmWare: Best Practices?

Okay, so I’m at a cross-roads right now using iSCSI LUNs with vmWare vSphere.  I have 4 vmWare hosts participating in a cluster.  Among all the benefits of introducing a SAN to a virtual environment, one is intriguing.  “To be able to copy a LUN as another LUN, and attach a vmWare instance to it.  Why?  Testing with production data, such as migrations, upgrades, changes, etc”.  While I know I can do vmWare snapshots, that is using a live server, and not a dedicated instance running in parallel.

With that in mind, I have 2 ways to slice up storage:

1).  Create one large LUN and store lots of virtual machines on it.  This would be like, a 500GB or 1TB LUN.

  • Advantage: 1 LUN to map to each vmWare host, for vMotion
  • Advantage: Less Administrative work.  Lower LUN to virtual instance creation ratio.
  • Disdavantage:  LUN Snapshots for testing won’t work.  It is not efficient to snap a 500GB LUN to test 1 virtual instance that only has 50GB of data on it.

2).  Create individual LUN’s, for each virtual machine instance.

  • Advantage:  Easy to copy that single LUN to another for testing in an isolated environment using production data.
  • Disadvantage:  High administrative overhead, slicing LUNs for each new vmWare instance
  • Disadvantage:  Have to create each LUN on each vCenter host participating in vMotion

From the looks of things, it sounds like there are more advantages to creating larger LUN’s for multiple vmWare Instances than single LUNs.  What is your general practice?

HP Field Tech Day

I’m totally disappointed! I just received an invite to my first Tech Field Day in sunny California at HP’s campus. It will be focused on the new Procurves, what they are doing with 3com, and the HP Labs.

I had to decline as we are just finishing up moving 2 data centers that previous weekend.

I’m totally bummed! I was really excited!

Why am I a Mac lover?

I am such an avid Apple lover. I’m not exactly sure when this happened, but it did. I would suspect it would be when Apple moved to OSX. That was during a time when I was getting interested in the Unix/Linux circa 1997-1998. I had installed my first FreeBSD and Redhat installations.

Now, Apple has the creativeness GUI with a hardened *nix backend? Oh, gimme some of that!

So, I got my first Apple and started playing. The shell (aka Terminal) was initially my main program (outside iTunes of course), since, at that time there really wasn’t much in the application space to be useful.

Now, fast forward to present day. Apple truly has been quite innovative. First with the iPod. Then, they setup an advanced touch screen with the iPod touch. Well, why not make it a phone? Done….. The iPhone was released. Then the feather-weight Macbook Air. Mind blowing!

Now, let’s add a suite of applications called iLife. Photos, movies, music.

Wait! Mac is now running Intel? Dual-core baby! Then the amazing iPad with it’s enormous screen real estate. What’s next?

I just love their innovation and creativity. Their products are fun to use, and therefore, more productive in the workplace.

I’ve replaced Visio with Omnigraffle and hyperterminal with Screen/Terminal. I still have Microsoft Office, Cisco VPN, and Lotus Notes. Anything else that I cant run, I can use Fusion or Parallels to run the Windows version.

Mac totally rocks! But don’t get a big head, Apple, and turn into the next Microsoft.

Why do I choose complexity?

I have always loved complex systems.  Not because they make me feel smart, or because I just want to be the only one who knows how to do it.  But, because it opens up options for me.

For example, when I was deciding on a phone system 3 years ago, it boiled down to “Shortel” and “Cisco”.  One of Shortel’s selling points was that it takes 2 minutes to setup a new user.   Well, that’s true…. setting up a new user/phone/call center agent can take up to 10 minutes for someone not familiar with the interface on Cisco.

So, why did I choose Cisco?  Because it was more expensive and more complicated?  Not really.  I chose Cisco, because while it does take me longer to setup a user, that means I have more options in the setup process that I can work with later.  More flexibility means more solutions when presented with challenges.

I recently heard this motto on a podcast from PacketPushers, that said, “I love complexity, because it gives me options”.  I feel that is so true.

Maybe that’s why I choose Unix over Windows, Domino over Exchange, Plone over Sharepoint, and Cisco over Shoretel.  The more flexibility I have, the better the solutions I can give, when challenged by the business to do something extra-ordinary.