Networking 101: STP Root Bridge Placement

I created this video because I wanted to explain WHY root bridge placement is so important from a Spanning Tree(STP) perspective. There are lots of videos and information out there about STP, but I haven’t found one that actually explains why the location of the root bridge is important. Hopefully this is beneficial.

As a pre-requisite, you will need to be familiar with what STP is and how the root bridge is elected and a loop free path is created. The following videos do a pretty good job of explaining it:

STP Basics:

STP Root Bridge Path Selection:

I also included these links in the video description on YouTube.

Posted in learning, Networking101, switching | 7 Comments

People Who Ask Why

There are a lot of things I want to teach my kids, but at the same time, I find myself not wanting to for certain things. Let me explain.

For the first years of my children’s lives, they made very little decisions for themselves. They ate when we fed them. They slept when we told them. They bathed when we told them. They played when we let them. And on and on it goes. As they have grown, they make more of their own day to day decisions. At some point, they will leave my house. I will not be around to tell them what to do 24 hours a day. It will be up to them.

Most kids are naturally curious. My son, for example, is always asking me why he has to do things a certain way, or at a certain time. While some of those things are not up for discussion(ie bed time, brushing teeth, bathing), a lot of them are. I always tell my kids that there is generally a reason for everything I do. If I drive somewhere on a certain route or  require certain attire at church, there is a reason. I don’t mind explaining that reason. Sometimes the answer is acceptable, but other times, I am the most unjust father in the world in their eyes. Such is the burden of parenting!

As my kids age, the questions become more complex. Why is the sky blue? Why do airplanes fly if they are made out of metal? For many of those questions, I find myself telling them to figure it out. Of course, discretion is warranted. I don’t want my kids hitting up Google to find out about human reproduction as I fear the answers might be muddied with improper websites. 🙂

What I want is to nurture that curiosity trait. I want them to question why. Always! Even if the answer they get isn’t what they want to hear.

A few years ago, I wrote a post entitled Chasing the “Ah-ha!” Moments. It was about those times in our IT careers where we got a little bit of clarity on some technical matter. It becomes an addiction. You look for those things that you don’t understand as well as you should, and you run it down until you have it figured out. Someone can explain it to you, but I think there is more value when you discover it on your own. Variable length subnet masking was one of those things for me. When it finally clicked in my head, I was excited. Some people might think that is a relatively trivial thing, but for me it was huge.

A big part of what we do in IT is education. Whether it is another IT professional or an end user, we are constantly explaining why things work the way they do, or more commonly, why it broke. For the end user, just explaining why it broke is generally good enough. Sometimes they don’t even care as long as it is fixed.

For the fellow IT professional though, I recommend a different approach if possible. Don’t explain why. Have them research it and see if they can explain it to you. Don’t just give away answers. At some point, the hope is that they will stop asking for answers and find out for themselves. In some cases, that isn’t an option. If it is a simple question from a co-worker(ie Which TCP option is it that Riverbed Steelheads use to discover each other?), just answer it. Don’t be an idiot. Use discretion and never condescend. However, when the question is more complex and you have the luxury of time, let them figure it out, with you providing hints or clues as needed. It will serve them well in their careers.

The end goal is not to seem like a jerk that won’t help out co-workers. The goal is to teach them how to solve problems on their own. I hate calling vendors for support. I’ll do it after a certain amount of time has passed, and the amount of time I wait changes based on the situation, but I still hate it. I hate the not knowing. Hate it with a passion. I want the same for everyone else. If you don’t care, I probably won’t work well with you over the long run. If you do care about the “why”, we’ll probably get along just fine. 🙂

Posted in career, learning, training, troubleshooting | 2 Comments

My Lego Datacenter

I was invited to take part in a datacenter building contest from Juniper Networks recently. I don’t need to give you the full story behind myself and Legos. Let’s just say I have loved them for a long time. Both of my kids have multiple sets. How could I refuse such a contest? The 5 year old boy that occupies a significant portion of my brain still wishes he could sit at home all day and play video games and build complex structures with Legos. Oh, and the best part is that whoever wins, gets a donation to their favorite charity courtesy of Juniper!

And so it was that I was eagerly anticipating my Lego package from my buddy Ashton at Juniper. As luck would have it, I was out of town last week toiling away for my employer the day the Lego set arrived. My wife texted me that the package had arrived. In the course of the week, I became rather ill. Maybe it was the cold north Texas air, or maybe it was breathing 10 year old dust from the ancient wireless access points I was replacing. In any event, I was laid up over the weekend trying to recover. As this week wore on, I began to see designs from my competition. They were all good designs and I was still trying to recover from my illness. I knew I would have to pull something together at the last minute due to pressing matters at work keeping me from abusing my work at home privilege.

This evening, with a design concept in hand, I summoned all of my Lego datacenter powers and merged them with the leftover palm residue enshrined on various business cards from Juniper employees. I’m only about 80% recovered from my illness, so I may have been a bit grumpy when the final plan came together. Not Ivan Pepelnjak grumpy, but still grumpy. 🙂


It is hard to make out any old palm residue, but I assure you it is there. I felt design powers flow through me like The Force!

Behold, the Leguniper datacenter!

DC OverviewThe first thing you notice is the dark void around the datacenter. This is not by accident. What appears to be void is simply the light being overshadowed by the Cloud. This IS a cloud datacenter, and in the interest of fully displaying the power of the Cloud, I thought it would be good to show you, dear reader, what the Cloud looks like. Nobody else has shown this before, so you are in for a treat!

The Cloud























The Cloud in all of its glory!

Not what you expected? Well, reality is often different than what we picture in our minds. You’ll just have to take my word for it.

Touring the Leguniper Datacenter

First up, is the Security section. In this datacenter, security is a big deal. They ensure that nobody can do their job except for the external hackers. All of their equipment is kept behind locked doors, even within the datacenter, as they do not trust even the other employees. Notice the fierce determination in their eyes. They take their job seriously!

Security Waiting Line























The long line of employees who have committed various infractions never ends. They must come and present themselves before the security department to explain their Internet abuse or why they cannot choose a 328 character password properly. All must come and all must apologize profusely. In fact, I was so terrified when I took their photos, that hairs from my head fell onto the datacenter floor out of sheer terror!

Security WIPSYou aren’t going to get anything by this datacenter security team. If you think you can bring in an unauthorized wireless device, think again! They have a state of the art omnidirectional antenna on top of their security suite that is always scanning for rogue clients and access points. You WILL be caught, and when you are caught, you will stand in line with everyone else and explain your infraction. You have been warned.

What’s that? You want to see inside the security suite? Are you nuts? You are NOT authorized to do that! Well, since you are my guest, and I am the designer, perhaps I can make an exception. Hold on a second and let me see about getting that door opened.

Security Retinal Scan

I forgot about the retinal scan device at the door! It keeps out all unauthorized people. Let me bribe one of the security guards with a chance at dating the blond haired lady working at the NOC desk and see if he will let me in.

Security DoorSuccess! Now that the door is opened, let’s see what super secret stuff lies inside.

Security InteriorLooks like we have us a pair of Juniper SRX security devices. There are several other things in this room, but we aren’t too interested in them since they are mainly a bunch of appliances from other vendors that compile logs that nobody reads. Let’s get out of here before the security guard realizes I was lying about the date with the NOC lady. She’s really only interested in dating network engineers.

Servers and StorageHere we can see all the racks containing the servers and storage. It is forbidden territory for us network folks. An unknown virtual void of gigantic databases, multi-tiered applications, and various trickery designed to make everyone think it is always a network problem. The demarcation line between the network gear and the servers and storage has been set by the warnings of dragons. Proceed further at your own risk. Occasionally, one must enter into that territory. You see, there are some QFX 3500 and 3600 top of rack QFabric nodes in every rack indicated by the blue bricks. We don’t want to get caught up in the server and storage trickery, so we use a different color to know what is safe to touch.

Ladder Trays

We zoom in a little closer and we can see all the fiber and copper coming from the servers and storage extending into the super cool network racks. It is suspended in the air above all of the racks via nice and tidy ladder trays. No more diving under the raised floor and plunging your arms into a cabling mess to find that one new drop that was run. No, no, no. Everything is fully populated and extended into the network hardware so that it is only touched during install and IF there is a failure, there are redundant connections so that nothing goes down. Well, the network doesn’t go down. There’s no telling what is going on over there in virtual land.

QFabric Plus DroidNow we come to the part of the tour you have all been waiting for. Get your cameras ready. This is going to be good! Here we have our QFabric Interconnects and Directors. Why did I design it this way? I didn’t want to have to configure a bunch of top of rack switches independently. I figured I might as well make the datacenter one big logical switch. It gives me more free time to work on the stuff that really matters, like my video gaming skills. In addition to the QFabric piece, I also included some really nifty MX routers. From these, I am doing cool stuff like BGP peering. You know? Real protocols. Manly protocols. Oh, BGP is an application you say? Shut your mouth! I designed this datacenter. It is what I say it is! (I told you I was grumpy.)

If I actually need to physically touch any of this stuff, my droid takes care of it. I don’t want this pristine equipment polluted by human hands. I need typing skills that rival Mavis Beacon. Your CCNA does not impress me and will not grant you access to this hardware. Might I suggest a Juniper certification to win my favor and a shot at replacing the droid once maintenance expires on it?

Let’s go visit the network operations center(NOC) now.

NOC Front View

Here are all of our NOC technicians slaving away at maintaining all of this hardware. They are watching environmental systems, ensuring backups run, and constantly wrestling with application issues caused by imperfect code, written by imperfect humans, and executed by imperfect end users. It’s cool though. They are all very nice and friendly. Sometimes their manager gets riled up and fires one of them for making a mistake, but……wait a sec. Let’s make sure they are working since the manager appears to be berating an employee at the moment.

NOC Back View

Looks good! Wait a sec. Does that guy with the hat on have his password sitting on top of his monitor? Uh oh. Don’t tell security or his manager. I’ll wait until the tour is over to go talk to him. That way he’ll owe me a favor down the road. That manager is yelling pretty loud. Let’s go see what has him all frustrated!

Manager Front

Oh. I see what happened. The manager was busy counting out his quarterly bonus and somebody interrupted him. They want him to pick up his red phone and call the network guy to do some troubleshooting. If there is one rule in the datacenter, it is that you do not interrupt the manager when he is counting his bonus. Who in the world interrupted him?

Manager Back

That guy? He’s a DBA who kicked off an indexing job 5 minutes ago and wonders why his servers are running slow. This won’t end well for him.

Well, that’s about it for the tour. You are welcome to come hang out in the network engineering office. There isn’t too much going on. We mainly just sit around and wait for the phone to ring. Since our datacenter is one big gigantic switch, not much happens in the way of changes. Still want to check out the office? Okay. Here you go. I’ll just relax for a bit while you check things out.

Network TV

I’m just watching a little TV. Not much going on. Just drinking my coffee and lying down in my datacenter bed.

Network Bed

It is pretty comfortable here in the fun zone. I wait around for that red phone to ring. When it doesn’t ring, I like to catch up on all the latest TV shows and take naps.

Hope you enjoyed the tour. You can show yourselves out.

That’s A Wrap

This contest was pretty fun. Obviously this isn’t a super serious datacenter design. That isn’t to say that I wouldn’t use any of this equipment. I would. I also may have been a bit harsh on the non-network sections of the datacenter, but it was all in good fun. If I was in the business of designing datacenters, I certainly wouldn’t have that many people running around the building. However, you can bet that I would have racks and racks of servers, storage, security, and network gear. Thanks to Juniper Networks for the chance to participate in something out of the box like this! Good luck to all my competition. There were some pretty cool entries that I have seen so far. I’ll link to the ones I am aware of below, in the order I came across them:

Stephen FoskettDatacenter History: Through the Ages in Lego

Amy ArnoldYou built a data center, out of a DeLorean?!

Ivan PepelnjakLego Data Center

Tom HollingsworthBuilding A Lego Data Center Juniper Style

Robert NovakBuilding the Best Lego Datacenter for Juniper

Posted in contest, data center, humor, juniper | Comments Off on My Lego Datacenter

Appreciating Complexity

SoundBoardFor four years, I played the French Horn in school. I learned a fair amount about music. Mainly, I learned how difficult it was to write music. Not just writing it, but also performing it at a high level. Once I understood that, I gained a new appreciation for musicians. It doesn’t even matter whether I like their particular music or not. I can appreciate the skill required to create and perform music. I have a fair amount of albums by musicians that some people think are garbage. One of those is John Tesh. When I would ask why they didn’t like his music, it was usually because it was too soft or boring for them. If they were a sports fan, I might actually play them a song from John Tesh’s Victory album. It contains an assortment of songs that have been used in various professional sports broadcasts. They would hear it and say something like: “I know that song. They play it during NFL or NBA games.” Sometimes, their opinion might change a little because they can now associate him with something they enjoy, or something they understand like sports.

Music is something we are all familiar with. We can play a song and just enjoy it for what it is. When we understand what is involved in creating it at a much deeper level, we can enjoy it even more. We are no longer just listening to simple song. We’re picturing the musicians that have practiced over and over until they produce a perfect product.


The Problem

Apply this same concept to what we do in the IT world. There is an art form to taking hardware and software and making it perform at a high level. We poke and prod and tweak our infrastructure to squeeze every ounce of performance out of it. We work nights and weekends to ensure everything is running as it should when the users come back in to the office each morning. We’ll spend hours and days plowing through logs to find out why an application is running a few milliseconds slower than it should. We do all this, and yet plenty of times, the IT department is seen as a cost center. A black hole for money. The IT people are expensive, and the equipment they work on can sometimes cost more than most people’s homes.

In many organizations, every dollar has to be justified and each additional IT body required is debated and debated. Do you REALLY need that extra person? Can’t you just handle it with the current staff? Can we outsource that function? Is maintenance REALLY required on all of that hardware and software? Certainly the vendor can come down on the price. Certainly that reseller can charge less. $150 an hour seems rather expensive for a consultant to come in and perform a routine upgrade. Why can’t our own people do that? The list goes on and on.

I’m not telling you anything you don’t already know. The problem has always been a lack of understanding on the business side when it comes to technical things. Of course, there is something to be said for engineers who just want to buy the latest toy because it is new and shiny. They don’t do IT departments any favors. Throw in the vendors and resellers that oversell a solution under the guise of “future proofing” the network and you have an even bigger problem. These days, there seems to be a push for the technical folks to understand the business requirements. I can’t disagree with that push. While I still contend that I don’t need an MBA to understand how to make the business successful, I DO need to understand the direction the business wants to go in to make sure I propose and implement the right solutions at the right cost. Sometimes those solutions don’t involve buying more hardware or software. Sometimes those solutions require more bodies or simply refining processes or advocating standards.

In a perfect world, the business would understand the technology and the IT department would understand the business. We don’t live in a perfect world, so we have to work around imperfect humans and imperfect execution. Maybe there’s a different approach to take for one side of that equation. I propose that if the business can appreciate the complexity of IT, they will tolerate it a little more. I suppose that already happens in plenty of organizations, but I still run into quite a few where that isn’t the case. I also understand that we all get paid to perform a certain role. I shouldn’t fault the accounting department for not having a thorough understanding of all things IT, just like the accounting department shouldn’t expect the IT department to have a thorough understanding for all things finance.


If I Ruled The World

This may all be a pipe dream on my part, but if I were trying to build a better appreciation of all things IT within a business, I might do the following:

1. Be nice. – There are plenty of stereotypes regarding IT people, and one of them is that they talk down to their end users they support. If you plan on making a career out of IT, you have to accept the fact that when people call you with a problem, it is usually because something is broken. They aren’t calling to tell you how good a job you are doing. They are reaching out because something is preventing them from doing their job properly. The best thing you can do is hear them out and assure them that you will take care of it as quickly as possible. After all, you are there to support the business and not the other way around. Yes, there are some people that are never happy, but I have found that most people are reasonable as long as you take the time to explain what is involved in fixing the problem. Sometimes, the end users can help you fix their problem even faster by sidestepping corporate bureaucracy via their management chain. If they know you are genuinely trying to help them, they’ll do what they can to remove any barriers within their control. However, if you treat them like idiots, they might take pleasure in seeing you struggle through the various obstacles you come in contact with when working on their problem. Be nice. It can only help you in the long run. The more allies you build in the various departments, the better your chances of getting what you need to be successful in your job.

2. Explain as much as they will let you, but do it in small increments. – People are naturally curious. I always like to explain as much as they will let me. Using analogies and examples they can relate to will help them understand technology that much more. However, I also don’t try to bombard them with more information than they are able to absorb in that particular moment. Over time, they’ll understand more and more and will be even more helpful when they encounter another problem down the road. At least, that has been my experience. I’ve never had an interaction with an end user where I told them that they gave me too much information. Successful problem solving can often come down to one little piece of information that would have gone unsaid had you not pried it out of them. If they know more about technology, they can give you better information to solve their problem. I know next to nothing about cars. Anytime I need work done on a car, I always want to know what the problem was and how it was fixed. I’ll ask the mechanic numerous questions about it. If something similar happens again, I am able to give better information to the mechanic in the hopes that it will help them come up with a solution quicker, and thus cost me less to fix it.

3. Know your infrastructure. – You MUST know as much as you can about how the software and hardware you support works. You cannot be content with simply being a tactile engineer and just pointing and clicking your way through your job. Of course, this has to be tempered with the level of depth required for your position. In larger departments, there are usually senior people that you can ask for greater understanding. In smaller departments, there might not be anyone else. Leveraging consultants, social media, or everyone’s best friend Google, can help out tremendously in that regard. It isn’t acceptable to be content with not knowing. Find an answer.

4. Spend what you must, but no more. – Focus on needs and not wants. If you have to fight for every dollar you spend, make sure you are only buying what you need. If you have a room full of unboxed equipment that exceeds normal spare levels, there’s a problem. If you bought some fancy software package that you just had to have and ended up not using it, there’s a problem. If the business knows you are cognizant of how much money you spend on gear, you’ll have an easier time when you need extra funds for something that wasn’t budgeted for. If you are able to explain in great detail why you need that upgrade or net new purchase and tie it to the success of the business, you’ll have a lot more wins than losses. If you are allowed to spend money at will and with little oversight, at some point, someone will shut off the money and you’ll have a harder time in the future getting projects funded.

5. Consider “A day in the life of IT” programs. – This one is probably the most unrealistic point, but it still bears mentioning. One of my friends in high school had a father who was a career police officer. One night, I rode out with him on the night shift. He was a shift supervisor, so a fair amount of his time was spent directing various officers here and there. I learned a lot in one night about the various things a police officer does in the course of their shift. It was an eye opening experience. By simply observing what he did and asking questions for clarification, I learned to appreciate how difficult that job can be. It helped me to understand why some officers might seem annoyed when interacting with the various citizens of whatever jurisdiction they work in. I’m not saying cops can do no wrong, but I gained a little more insight into their thought process. I can understand their lack of trust with people they come into contact with. In short, it helped me see things from their point of view. While I am sleeping soundly in bed at night, they are dealing with things I very rarely experience, and they do that every shift. If you could get people outside of IT to just come hang out with a few engineers for a half day or so, they might gain a better appreciation for how much work is involved in keeping a network up and running. This, coupled with my first two points(Be nice and explain as much as they’ll let you), can go a long way in building better relationships with departments outside of IT. While I don’t expect the CEO of a large corporation to come hang out with IT for several hours in a day, it would be great if they did. Just make sure than when people do something like this, that you aren’t sitting around surfing the Internet and reinforcing stereotypes that all we do in IT is play on the Internet instead of fixing problems.

Closing Thoughts

There are no easy answers to narrowing the gap between IT and the business. I could put it all on management within IT(ie CIO, CTO) and say that it is their problem. Unfortunately, that doesn’t do anything to help the problem. Everyone in the IT department has to help the business understand that we are there to enable them, but that it comes with a price tag. Getting businesses to view IT as something other than a cost center can make things a lot better for that IT department in terms of funding and head count.

What do you think? Is this just a bunch of unrealistic babble? Or, do you think that giving people a greater understanding of the complexities of IT will help?

Posted in career, efficiency | 9 Comments

Another Controller-less Wi-Fi Solution

AirTight-LogoI was looking over the list of vendors that are presenting at the upcoming Wireless Field Day 5 and decided to do a little more research on a few of them. I’m familiar with Metageek, Aerohive, Fluke, and Xirrus. Motorola is somewhat familiar since I work for a Brocade reseller, and Brocade rebrands the Motorola wireless product as their own. WildPackets I know as a performance monitoring company via their OmniPeek product. Which brings me to the remaining 2 companies. 7Signal and AirTight Networks.

I’ve looked at the 7Signal product and really like what they are doing in the performance monitoring space. It’s probably not for everyone, due to what some people have told me in terms of its cost, but I think there is a place for it. I’m really interested to see their presentation and what the WFD5 delegates will ask or comment on during their presentation. Unfortunately, I will be out of town working during the week of WFD5, so I won’t get to see the presentation streamed live since I will be full engaged throughout the day with my regular job.

That brings me to the final vendor and I am really bummed out that I won’t get to see their presentation streamed live. My first thoughts of AirTight Networks were that they were a decent security play in the wireless space, but not too much more. I must have been living under a rock the past year, because AirTight Networks is so much more than that.

Another Controllerless Wi-Fi Vendor

I’ve had a good relationship with Aerohive over the past few years. In addition to seeing them present at Wireless Field Day 1 and Wireless Field Day 2, my company also sells their product. I’ve done several Aerohive installs and even use their AP’s for my home network. I’m very happy with their controller-less based approach to Wi-Fi and my biggest issue seems to be ensuring we get to pitch it to a potential customer before another reseller gets in and beats us to it. For those of you in the value-added reseller(VAR) space, you know that deal registration is everything and it is very often first come, first serve.

There’s also Meraki, who is pretty close to being controller-less as well. Looking back, I think Cisco made a wise decision in purchasing them. It allows them to compete even more in the mid-market and I find that people who need switches, firewalls, and access points in a bunch of different locations are pleased with the Meraki solution.

Now, there’s a third option in the space. It’s been there for almost a year, but I haven’t really noticed it until now. AirTight Networks is no longer a security play. They have controller-less access points as well. While it might be easy to dismiss them as no big deal, I think it is worth considering what they are doing different than other wireless vendors.

Wireless LAN Architecture Overview

For those of you not well versed in basic wireless LAN(WLAN) architectures, here’s a brief overview.

There are three basic “planes” of traffic when it comes to wired and wireless traffic. They are management, control, and data.

The management plane is simply traffic that is involved with the management of the devices. SNMP, SSH, Telnet, HTTP, and other protocols are what are used to manage the actual devices. In a network using WLAN controllers, this management plane traffic occurs between the controllers and a management station, which could either be a dedicated monitoring box, or whatever local machine you are using to interact with the controllers in order to configure or monitor the wireless environment.

The control plane is used for traffic that handles how data plane traffic moves from device to device. On the wired side, this would be things like routing protocols. It can also include communications between multiple WLAN controllers for the purposes of roaming. I’m simplifying this greatly, but for the purposes of this discussion, that should be sufficient.

The data plane traffic is the actual traffic sent between wireless access points or controllers and the end stations themselves. For example, when you access a web site via your wireless tablet, the data from the web server to your tablet is considered data plane traffic.

In addition to the three planes of traffic, there are three basic models of how WLAN networks are built these days. I’m purposely avoiding the concept of “mesh” networks, be they indoor or outdoor, because that will just muddy the waters here. It uses the same kind of traffic, but the logical flow looks a bit different depending on the setup. I also did not mention the standard autonomous AP implementation that most vendors support due to the lack of any control plane like functions between groups of autonomous AP’s.

First, we have the central switching model. As you can see in the picture below, there are one or more WLAN controllers. All three planes of traffic flow through the controller. The AP’s take their orders from the controller for most operations. There are some minor things that the AP’s themselves do, but the overwhelming majority of operations occur on the WLAN controllers.

WLAN Mode - Centralized
Next, we have the distributed or local switching model. The WLAN controllers still handle management and control plane operations, but the actual data plane is terminated locally on the switch. This is especially useful at remote locations where the WLAN controller is located back in a data center somewhere. To avoid sending the data traffic across a WAN link, you can switch it locally instead. Imagine printing something from a wireless device at a remote office. Instead of sending that print job across the WAN link to a controller, and then back across the WAN link to the printer, you can dump off that data traffic on the local network at the remote site and save some bandwidth. Multiply that by hundreds or thousands of similar operations and you can see why local switching is a good feature. Although features vary from vendor to vendor, most of these local switching models can still support clients if the WAN link goes down. Often, there are some features lost when that happens, but as time progresses, these features lost are dwindling.

WLAN Mode - Distributed
Finally, there is the controller-less approach. All control, data, and management plane operations are handled by the AP’s themselves. The AP’s are able to talk to each other via cooperative protocols and handle all operations that a WLAN controller would normally take care of.

WLAN Mode - Controllerless
Now that we have covered basic WLAN architecture, I need to mention a few things before discussing AirTight Networks:

1. I have never used their wireless access points.
2. I have not seen anything other than a demo of their access point setup off their website.
3. I am taking all I know about them from their product sheets and website, which could possibly lead to incorrect assumptions on my part.
4. Some of the things mentioned below don’t apply to all AP models, but the capability is there, so it bears mentioning.

What Makes Them Different?

A few things differentiate them from the other Wi-Fi vendors. The big thing I see is their concept of software-defined radios. Now I know that the greater IT industry is overrun with “software defined” everything right now, but their use of the term actually means something that is relatively easy to understand.

With AirTight’s software defined radios, a few things can happen. First, their AP’s have internal antennas as well as external antenna connections. This means you don’t have to have separate AP models depending on the coverage pattern needed. With a simple flip of a software based switch, the AP can use external antennas vs internal ones. This is a big deal as it gives you a little more flexibility with your design choices. This is especially helpful if you didn’t get to perform a full site survey with RF measurements and just had to guess with regards to AP placement. We don’t live in a perfect world where site surveys are always able to be done properly. This is especially relevant in the mid-market and smaller customers where cost is king.

A second feature of the software-defined radio is that you can program it to work in either 2.4GHz or 5GHz or run in monitor/WIPS(Wireless Intrusion Prevention System) mode. You can mix and match all you want. If you want an AP to run 2.4GHz for clients and have the other radio operate as a WIPS sensor, you can do it. If you would prefer the AP run 2.4GHz for clients on one radio and 5GHz on the other for clients, you can do that as well. The key is flexibility. AirTight mentions on their website, that the ability to run one radio to serve clients and the other to function as a WIPS sensor is an industry first. I know that the Cisco 3600 series AP can run with a separate monitoring module(WSSI) to handle WIPS functionality, so we may be splitting hairs here with that claim since it requires another component to make it work in a similar fashion as the AirTight AP does.

Other Stuff

In addition to controller-less Wi-Fi and integration of their well known WIPS capability, AirTight is also providing useful data for retailers through its Wi-Fi analytics engine. This seems to be similar to what Cisco is doing with their MSE appliance. This service is designed to provide a bit more intelligence around what customers do when inside retail stores and increase the chance of making the sale via coupon pushes, etc.

Social media has been incorporated into their captive web portals as well. Imagine being able to gain guest Wi-Fi access using your Facebook, Twitter, Google+, or LinkedIn account to login. It goes beyond that though. The goal is to get you to opt-in to marketing communication from whoever is providing the guest wireless or just allow you to advertise for them once you have logged in with the various social media platforms. I foresee this as someone logging in with Facebook and being pestered to “like” the particular store or to use Twitter to tweet out your location or some other marketing message.

Mobile device management is available as well. They have agents for Windows XP, Windows Vista, Windows 7, Windows 8, iOS 4 and up, and Adroid 2.2(Froyo) and up. Pretty much everything except for people using MacBooks and BlackBerry devices. Not sure if my often ridiculed Windows phone falls within the Windows 8 realm. Probably not.

With the mobile agent, there are a variety of things that can be done. Here are a few of them:

1) Control which wireless networks can be accessed. For example, if you don’t want a device to access a non-secure or low security Wi-Fi connection, that can be enforced. Think WEP or open authentication networks.
2) Location based behavior enforcement. For example, the device might have different controls based on whether it is connected at a corporate site vs a home network.

3) Lock down interface usage on a device. For example, if you don’t want someone to connect to the corporate network and run a mobile hotspot at the same time, you can prevent that.
4) BYOD on-boarding allows the end user of the device to download and install the mobile agent as well as detect devices without an approved mobile agent and block them from accessing the network.

Finally, each AP has a built-in firewall and supports QoS.

In the interest of post length, I left out a number of things that I learned from their website. Feel free to dig in here:


I found a GSA pricing list courtesy of Google, and see that the MSRP on the C60 dual-radio, 3×3:3 AP is $895 USD. That’s pretty cheap for list price. One year maintenance for that AP is listed at $161 USD MSRP. Not sure if those prices are accurate or not, but the price list is from May of 2013, so I suspect it is. However, there appear to be several options regarding the cost of an AirTight Networks Wi-Fi solution. They list three models:


I am going to assume that if there is a full OPEX model, that I can essentially lease the hardware on an annual or monthly basis. I’ve seen this in an APM vendor(AppNeta) recently, and thought it was a pretty cool idea. There might be more to it, but I suspect that will get explained during their Wireless Field Day 5 presentation.

Closing Thoughts

If the hardware is decent and can perform well under load, I would say that Aerohive has a problem on their hands. AirTight seems like it could be a pretty attractive player in this controller-less space. The interface looks clean in the same way that Meraki’s does. The AP’s seem to be able to do things that other competitors cannot, but again, I have no idea how they perform under load. Might be great. Might be poor. The security piece that they are so well known for is baked into their AP’s. Mobile device management isn’t farmed off to a third party vendor or cobbled together from an acquisition(that I know of).

If you’ve made it this far, I saved the best part for last. Their product demo on their website was what really got me interested. I can’t exactly embed the video on my site, so just click on the link here and then click on the “AirTight Wi-Fi – Quick Installation Video in the middle of the screen.

I don’t know what the future holds for AirTight Networks Wi-Fi. So far it looks promising. They just landed $10 million USD in series D financing, so apparently this thing has legs. I will be VERY interested to see what all the Wireless Field Day 5 delegates think and say when AirTight Networks presents on August 8th out in California. I’ll have to catch the Twitter chatter and videos a few days afterwards since I will be heads down on a project, but my guess is there will be lots of interest around this.

What do you think? I’d be interested to hear your comments or feedback on AirTight Networks. Even better if you are an existing reseller or end user of the product.

Posted in airtight networks, wireless | 3 Comments

One Man’s Opinion On VAR Life

Back in October of 2012, I had a very lengthy video chat with Mark McClure, who is a freelance white paper and case study writer based out of Japan. He wanted to get my opinion on content marketing and how it relates to the VAR world, but using video format instead of just trading e-mails. We worked out a time we could both be available to sync up and out of that, he was able to create 18 short videos of our conversation.

While the overall purpose of the talk was around content marketing, it dealt with a lot of general VAR topics as well. Here is a link to Mark’s post covering these videos, and I am also linking to each of these videos as well on this page. Please excuse the occasional gaps in audio. We were several thousand miles away from each other, and the Internet doesn’t always give you a reliable stream when separated by that kind of distance. Mark was kind enough to post transcripts of these videos on his site.

If you watch all the videos, and yes, there are 18 of them, you might hear some things you disagree with. You might also nod your head in agreement as well. In any event, I ended up watching a few of these videos tonight, and realized I never posted these on my blog.

Maybe there are some value in them if you live the VAR life, want to work for a VAR, or just want to hear one man’s opinion. This was a no fee chat, so I am not promoting these videos for any sort of monetary gain either.

The Videos

In the interest of giving proper credit, I should point out that the video descriptions are from Mark. Each video link will take you to his website where the transcripts are available in case any of the audio is not clear. I should also point out that I did enough talking to where my mouth was pretty dry, hence the various lip licking.

You’ll also hear him reference the post I wrote that led to this video chat. You can find that here: The Burden of Pre-Sales.

Video 01: Introduction (2m 5s)
This video explains what’s covered and introduces ‘content marketing’ in an IT Sales context

Video 02: Matthew Norwood Introduction (0m 26s)
Pre-Sales IT Engineer, Matthew Norwood, says hello.

Video 03: About Content Marketing (0m 53s)
An IT Sales Engineer’s definition of b2b content marketing.

Video 04: Buyer Personas (1m 22s)
How do ‘Buyer Personas’ in the IT VAR workspace?

Video 05: Prospect Education (4m 31s)
Are prospects and customer more educated in today’s Internet-enabled world than in the days of faxes and dead tree marketing?

Video 06: White Papers (1m 49s)
Matthew mentions the white papers he finds useful as a (technical) pre-Sales IT engineer.

Video 07: Case Studies (3m 29s)
How are case studies (aka ‘customer success stories’) of interest to IT VARs?

Video 08: Printed Versus Digital (2m 14s)
Why prospects rarely ask for or print out IT data sheets in a digital world?

Video 09: B2B Technology Conferences (2m 24s)
Tech conferences and lead generation – do they go together?

Video 10: The Pre-Sales IT VAR Experience (5m 58s)
Would you want to buy anything from someone who knows nothing about the product they’re selling, and even less about competitors’ products?

Video 11: HP and Content Marketing (7m 00s)
Discussing Hewlett Packard, content marketing, and the joys of design guides

Video 12: IT VARs and Content Marketing (2m 26s)
Corporate blogs, social media outreach, content marketing strategy – all the buzz words and more!

Video 13: Social Media (6m 17s)
Social media meets busy VAR staffers. And why is Twitter so useful?

Video 14: Social Media Censorship (4m 32s)
If your company’s blocking social media, watch this video.

Video 15: Millennials (3m 17s)
Are Millennials the generation pushing BYOD in the workplace?

Video 16: Corporate Blogging (2m 45s)
Why do so many corporate blogs bore visitors?

Video 17: Personal Brand Marketing (8m 57s)
Building a ‘personal platform’ online intentionally, or as a welcome by-product of connecting and sharing.

Video 18: B2B Video Case Studies (8m 57s)
Is video as a tool that can help get a tech vendor’s message across?

Closing Thoughts

What do you think? Anything you disagreed with? Do videos like these help any? I’m sure Mark would love to hear feedback from you as well.

Posted in career | Comments Off on One Man’s Opinion On VAR Life

Smarter Backups

VeeamLogoI had the pleasure of seeing a presentation from Veeam as part of Tech Field Day 9 in Austin,TX back in June. Since I primarily work in the route/switch/wireless world, backups are not something I normally deal with except when it comes to off site replication. Even then, it is generally in the context of ensuring they don’t consume the entire WAN link going to a DR or backup site. I was vaguely familiar with Veeam since my employer resells their solution.

Backups Made Interesting For A Network Geek

The presentation began and they mentioned something in their version 7 software that caught my attention. They have built WAN optimization into version 7. Most of us in the networking world are familiar with WAN optimization as a technology. If you are not, I made this video a while back that explains it in the general sense:

Now that we understand WAN optimization as a technology, let’s see what makes Veeam’s implementation unique. First, this is an organic build of WAN optimization on their part. In other words, they didn’t license the technology from another vendor. They built it themselves. Second, while general WAN optimization involves some sort of data deduplication, it happens with no insight into what is coming. Granted, you could seed certain files across the WAN link if you know that data is going to be needed regularly, but typically that isn’t the case.

With Veeam, they are able to see what is coming and gain some additional efficiency in the data transfers themselves. Imagine that you have several days or weeks worth of backups managed by Veeam at your DR or backup site. As you backup more data across the WAN, there is a good chance that some of it might be duplicates of things that already exist at the remote site. Instead of simply relying on the limited WAN optimization cache from another vendor’s solution that may involve other data in addition to backup data from Veeam, they are able to use the Veeam backup repository to seed that cache on both ends of the connection. Initially, you will have “cold transfers” that you cannot get around. However, once you have a decent backup repository built up on both ends, the efficiency of the backups themselves increase.

Veeam WANOp

As another one of my fellow delegates Justin Warren points out in the Veeam presentation video linked below, this is the ideal use case for WAN optimization technology.

Here is the video of the presentation from Anton Gostev, Vice President of Product Management at Veeam. There are also comments from Rick Vanover and Doug Hazelman, who are Veeam folks as well.

Closing Thoughts

WAN Optimization as a technology is a hack designed to overcome the problems and limitations with protocols like TCP and other applications that weren’t necessarily designed with WAN links in mind. I am happy to see a vendor like Veeam incorporate a technology like this to make replication of backups happen quicker. You can check out all the new features of Veeam version 7 at their website here.

Disclaimer: My travel, lodging, and meals were covered by Veeam and other vendors as part of my participation in Tech Field Day 9. I was not asked to write anything about them. My standard disclaimer is found here.

Posted in veeam, WAN Optimization | 2 Comments

Vendors Are Listening

There isn’t a day that goes by where someone on Twitter isn’t complaining about some vendor. I do it myself. Sometimes it seems as if we are all shouting about the same thing and nothing is ever done about it. While the smaller vendors tend to be open to honest feedback, you wonder if the larger ones even care.

Let me frame the discussion. Back in April I was upset, again, at having to jump through hoops to get Cisco TAC to open a support case on a piece of hardware that was covered under a maintenance contract, but which I was not entitled to. For those that don’t know, even if a particular piece of equipment is covered, you cannot open support cases if that particular contract is not associated with your user profile.

For your average corporate end user, this isn’t as much of a problem as it is for those of us who work for Cisco partners and deal with a variety of clients. There are plenty of instances in which I happen to be lending a hand with a client that my company did not sell the Cisco SmartNet maintenance contract to. Some other reseller did, so my account is not entitled to that particular contract. In order to fix that, the customer has to authorize the attachment of the contract to my profile with Cisco. Then, I can open up support cases on any of the hardware covered under that contract. The problem with that approach is that I don’t always have the luxury of waiting for that process to work itself out. Consider a network outage that crops up and the client expects my company to drive the issue with Cisco TAC. While the outage is ongoing, I am having to plead with Cisco to get my account authorized to simply open the case. This is something that tends to happen on a fairly regular basis. Thus, the following tweet was spawned:



Not long after that, I was contacted via Twitter by Cisco. They wanted to forward my contact information to someone within Cisco that worked in the SmartNet arena. I provided my info and a phone call was setup.

I was able to talk to someone who manages SmartNet and explain my issues. I mentioned the following:

1. Why do I need entitlement on my profile to open a support case on a device that is covered by an active maintenance contract? Other vendors do not have this restriction. Once a serial number is provided to the vendor and support coverage is verified, the case is opened. No questions asked. As a Cisco partner/reseller, I am in and out of accounts that I may not have done much work for in the past. It is frustrating for the customer as well as for the partner since support cannot be rendered until the administrative access piece is worked out. This causes delays during outages that cost companies money.

2. Why is it so hard for end customers to determine what devices are covered and when that support contract expires? SmartNet renewals are always a painful process. It is even worse when multiple resellers are used to purchase hardware and software from Cisco. Other vendors provide this information to customers with relative ease. By being able to quickly identify support status, the renewal process is a lot less painful and support can be continued with a lot fewer delays. If the customer happens to use the Smart Care service, they can get this information via a web portal. There is a hardware appliance on their local network that goes out and discovers their Cisco devices and is able to provide them with a report showing coverage levels and expiration dates. This service isn’t meant for large customers though.

I was able to have an open and frank discussion with someone at Cisco regarding these 2 issues. Some possible solutions were suggested by Cisco about how to deal with these problems. I also mentioned to them that I understood that a company as large as Cisco cannot just make changes to the entire program as quickly as a smaller vendor that only serves a fraction of the customers that Cisco does.

I don’t know if or when these issues will be solved. I can tell you that after having that phone call, I have a lot more hope that they will be fixed sometime in the future. It is important to acknowledge that vendors like Cisco are listening. They could have very easily ignored my complaint and I thank them for taking the time to at least hear my concerns and look at ways to fix the issues.

Closing Thoughts

Social media has given the average person a voice that didn’t really exist in years past. If you complain about something, whether tactful or not(I was probably a bit negative with my tweet.), and the vendor engages you, take the time to talk with them. You never know what can happen.

Have you experienced similar results as a result of voicing a concern with a vendor? Let me know in the comments. I’d love to hear about it and see who is and who isn’t trying to make things better for you.

Posted in cisco, vendors | 1 Comment

This Job Isn’t For Everyone

The longer I spend on the value added reseller(VAR) side of the house, the more I realize this job isn’t for everyone. If you stop and think about it, it can be downright depressing at times due to the following reasons:

1. Your schedule is dictated by the clients. This very rarely will align with your own plans of how your week should go. They’re paying for engineering services and that means you have to meet their timelines and their outage windows. Sometimes that is late at night in the middle of the week. Sometimes that means working on the weekend. Most people in IT are used to some odd hours. It’s kind of hard to make changes to a network when the users are on it. However, when you have to work for multiple clients, your schedule can very easily be consumed by late nights and weekends.

2. Travel can be exhausting. Planes, cars, hotel rooms, and lots of meals in restaurants. Quite often, you’re eating alone and skimming e-mail or processing an implementation plan in your head while you consume the same bland food you have eaten at a dozen or so other locations.

3. You very rarely get to focus 100% on something. There are always other projects in the mix. Whether it is a pre-sales deliverable(The very large VARs separate the pre and post sales aspect.), or just a client that you need to follow up with on a past or future project, you always have to juggle multiple clients.

4. You manage clients and vendors. Sometimes the two are in sync and this isn’t a problem, but often, the client has certain expectations, and the vendor has a different set of expectations.

5. Everybody is in sales. I’m an engineer. I am not a sales person. However, plenty of times a client will ask about a particular product or vendor that has nothing to do with the project I am currently working with them on. I need to be familiar with all the vendors we sell for and be able to at least get the ball rolling when asked about those things. You’d be surprised how much extra business can come about just by listening to what the client is asking and getting the right people from your company involved. That’s where the “value” in value added reseller comes into play.

6. You can’t avoid the politics. As much as I would rather not get involved in corporate and vendor politics, it is unavoidable. My cardinal rule, to quote Patrick Swayze from Road House, is to “be nice”. I’m human, so I have my days when I am grumpy or curt with answers, but generally try to be accommodating when it comes to working well with others. I have friends at most of the other local VARs and vendors, and friendships come before any logo I wear on my shirt. There are tactful ways to disagree with competition without having to trash them. I also try not to pick sides when it comes to the politics within a corporate environment. I’m there to perform a specific function and not get involved with their own internal issues. There are times when the local IT staff at the company you are working with don’t want you there. Maybe they feel threatened by your presence, or maybe they happen to be more capable than you and feel like you are a waste of money. I can assure you that I have no desire to take some person’s corporate IT job at all. That’s not what I am there for. I am also very aware that I am often not the smartest person in the room. Plenty of times, I am there just to work on a project that the internal IT staff doesn’t have the manpower to get done. I’ve mentioned to people numerous times that they’ll probably never see me again after the project is done. I find that helps to break the ice with them once they realize I have no interest in working them out of a job.

7. Sometimes you don’t know the answer. There are times when you ride in on your horse and save the day. There are also times when you get pulled into a problem or project and you get in over your head. As long as you are willing to say “I don’t know”, it tends to work out for the best. Having an internal group of good engineers that you can bounce ideas off of or ask questions, is a great thing to have. I leverage my co-workers plenty of times. I also leverage the vendors since they tend to know far more about their products than I do.

8. You won’t win every deal. Sometimes you spend hours and days putting solutions together and the sale doesn’t happen. That’s life. You can’t win them all. I like interesting projects. There are quite a few of them in the past few years that I was really excited about, but we just didn’t get the business from the client on that deal.

9. You have to keep track of your time. On the engineering side, my company doesn’t get paid if I am sitting at home playing video games. They make money when I am doing billable work. I have to keep track of how much work I have done for various clients and report that in a timely manner. If I don’t, we can’t bill for it. If we can’t bill for it, or the billing is delayed because I failed to keep track of my time, that’s revenue that cannot be accounted for.

10. You have no network of your own. That sounds weird, but if you have spent any time on the corporate side, you have a network of your own to work on. You get familiar with it. You know where all the bodies are buried, so to speak. You become attached to it. At least, I did when I was on the corporate side of the house. I don’t have a network of my own working for a VAR. Also, because you have no network of your own, what a client chooses to do on theirs really isn’t your concern. You can give advice, but understand that a lot of times, you just have to bite your tongue and do what they ask, even if you don’t agree.

Enough Negativity
I’m laying out the negatives, because I think anyone who is considering working for a VAR needs to go into it with their eyes wide open. Let me tell you the positives, because I think they outweigh the negatives.

1. You get to see some cool stuff. I’ve been in plenty of environments where I thought the people there were lucky to have that job. Whether it is the type of work they do as a company, or just the sheer amount of hardware they get to work on, I am often amazed at the type of work companies are doing and the type of equipment they are using to get it done. I love to come home and tell my kids that I got to work with a company whose name they recognize or with some system that did something really neat. Factories, trucking companies, hospitals, entertainment venues, schools, etc. All of them have interesting things going on, and for a little while, I get to experience that. I’ve also traveled a fair amount to places that I probably wouldn’t go to in another job. There are some exceptions with corporate and vendor gigs, but as a whole, you’ll see more as a reseller.

2. Experience. Any IT job is going to give you experience. On the VAR side, you’ll get to see it from a whole different perspective. How often do you swap your core switches or upgrade your wireless network in a corporate environment? We do it all the time on the VAR side. That means you’ll get to see a lot of installations and upgrades over the course of a few years that someone in a corporate environment might only see a few times in their career. You’ll get a lot more “scars” faster. You’ll also learn what works and what doesn’t because of those “scars”.

3. Freedom. I don’t sit in a cubicle. I work from home when I can. On any given day, I might go to a handful of different places and meet with a bunch of different people. There are times when I am on site with a client for a week or a month and sit in a cubicle to perform work, but that is not the norm. I don’t have to fight rush hour traffic regularly either. I can get more accomplished in a t-shirt and shorts with some VPN credentials working out of my home office than if I were to fight traffic for 2 or more hours a day getting to and from an office.

4. Networking. You meet lots of people. Lots of them. For all the people that are active in social media on Twitter, LinkedIn, Facebook, etc, there are many more who aren’t. The only way you meet those people is to go see them at their place of work. I get to do that regularly. While I always try to evangelize when it comes to the awesome technical resource that is Twitter, not everyone wants to do that. There are plenty of smart people you will never meet unless you happen to work at the same company with them. Being able to work with a lot of different companies allows me to do just that.

5. Industry perspective. Working with vendors as a reseller is a bit different than on the corporate side. It’s just a different relationship. I would say it is a more open and honest relationship. It’s not that the vendors are out there lying to customers. It’s just that they shield you from a lot of the sales-type discussions that go on. It is fascinating to me to listen to vendors and VARs strategize on how to make the sale. For the record, my experience has not been one of “salespeople are liars and looking to trick you into buying something”. From the VAR perspective, it’s quite the opposite. If you burn a client to make a sale, it will probably be your last one with them. Plus, clients talk to each other. Bad news travels fast.

Closing Thoughts

Like I said in the title, this job isn’t for everyone. Some people have spent time in the VAR space and didn’t like it. Others have made a career out of being on the VAR side and won’t ever do anything else because they would miss it too much. If you like variety and a good challenge, it just might be a good career move for you. It can also be a good launching pad into the vendor space. It’s a good middle ground between the corporate side and the vendor side.

For a lot of people, they like the continuity and stability of a corporate job. There is absolutely nothing wrong with that. Nothing at all. For others, they prefer working for a vendor. That’s a different set of challenges, and since I have never worked for a vendor, I wouldn’t be able to speak in an educated manner about that side of the house. Whatever your preference, as long as you are aware of the pros and cons, you can make the best decision for you. If you have thought about making the leap over to a VAR, make sure you talk to several different people who live in that world and ask for honest feedback before taking the plunge. It can be very rewarding career-wise. I definitely don’t regret it. I’m happy to have a conversation in person(location permitting) or via phone, e-mail, Twitter, etc or can point you to some other people that do this kind of work for a different perspective.

I also want to point out that a few of my Internet friends have started an IT career focused site here: that has some REALLY good content.

For some additional VAR reading, see the following posts:

Posted in career | 10 Comments


ShelfIf you hang around various IT departments long enough, you are bound to run into “shelfware“. That’s the term used to describe software that is purchased, but is either never used, or used for a brief period and then forgotten. Ask yourself this. Why would a company spend money on software and never use it? The answer can vary, but in my experience, it generally happens because the IT staff is too busy to give it the proper attention it needs.

Let’s face it. Your average corporate IT staff is overworked and understaffed. There is always more work than there are bodies to cover the workload. In my opinion, that’s the main reason so many IT people move between companies on a fairly regular basis. Burnout.

Then, there’s the problem of finding qualified people to perform the work. Maybe it is due to companies not wanting to invest in training their people or maybe demand is greater than the supply of talent out there.

One of the major pain points I have noticed in the past several years has been visibility within the network and the systems and applications that run on it. This is not as big a problem in larger environments where the IT staff and budgets are at a decent level. In the small and medium environments, visibility tends to be poor.

Why Is Visibility Needed?

Networks are infinitely more complex these days. I remember when I first got involved with IT in the mid-90’s. Everything was simplified when compared to today. An application was typically tied to a couple of servers and all the end users had some local piece of software installed that interfaced with these servers. Web services were in their infancy.

Fast forward to 2013. Web based applications dominate most of the environments I do work in. These applications are typically multi-tiered where a web server talks to application servers, and those application servers talk to a bunch of database servers. Load balancers are sending client requests to servers based on any number of factors. Complexity always seems to be going up and never down.

If you get into an environment with limited visibility into the network and applications, it isn’t a pretty sight when things stop working. Conference calls and meetings are spun up and everyone scurries about checking their various areas of responsibility to try and find the culprit.

APM To The Rescue!

Application Performance Management has become essential for so many networks out there in recent years. It isn’t enough to know if all your servers are up and running. The days of pinging a box and marking it as good are over. Often times, there are numerous things that have to be checked on each server, be it web, application, or database, just to determine whether or not it is healthy and can serve clients. The APM systems out there that give you insight into the problem cause can be equally as complex as the application you are trying to monitor.

Let’s say that you run a simplified APM system like ExtraHop, which I wrote about here, that doesn’t require software agents on servers and uses packet captures to determine application health. You still have to have someone who can look at the data it presents and interpret that correctly to solve the problem.

Maybe your company has someone or a group who has the sole task of managing the various monitoring systems. I was in one of those environments several years ago, and that person was a very valuable resource. What if you don’t have that person or persons dedicated to watching monitoring systems? What then? That’s where software tends to end up as shelfware. It’s running. It’s watching various things, but generally only gets looked at when there is a problem. When there is a problem, hopefully you have someone on the IT staff that knows enough about your applications to make an intelligent guess as to what the problem is. If you don’t, there is an alternative.

Introducing Atlas Services

While at the Interop Las Vegas show in May of this year, I spent some time talking with ExtraHop about their Atlas service. I work for an ExtraHop reseller and wanted to learn more about this particular offering.

In an effort to take some of the difficulty out of APM, ExtraHop offers a managed service called Atlas. The concept is pretty simple. You drop in one or more ExtraHop appliances(physical or virtual), feed it the appropriate network data and they take care of the rest. In a non-Atlas deployment, you have the same appliances(all commodity Dell hardware for the physical boxes), but are left to your own to configure it and interpret the data.

With Atlas, engineers at ExtraHop review the data they capture from your network and build reports showing you where actual problems are. The longer they perform this service for customers, the more data they have to make even better recommendations as to how your network or systems should be configured. I liken this to security vendors that get data from their customer base and use it to create better signatures or methods to prevent exploits from bypassing their hardware and software. At some point, ExtraHop might be able to automate this process because they have seen a particular issue show up thousands or millions of times.

Here is a sample report from Atlas:

The link to the actual report is here.

What’s The Value?

There are a few things I can think of where a managed APM service like this helps.

First, you don’t necessarily have to employ an APM dedicated resource. They can use their expertise to provide you a level of knowledge and service as if you had someone who solely focused on APM on staff. This moves you closer to being proactive as opposed to reactive.

Second, it frees up your overworked IT staff to focus on other things. A lot of times when I am doing work for a client in a consultant capacity, it isn’t because I am more capable than the in house IT staff. It is because they have too much to do and just need to offload some work to a third party.

Closing Thoughts

APM is not easy. Implementation can be difficult and being able to get the maximum value out of the product tends to be a challenge without a dedicated resource tending to it. The Atlas service from ExtraHop is an attempt to take the headache out of APM. Their product is already easy to use without the Atlas Service:

Shelfware as a whole is probably not going to go away. However, with an offering like Atlas from ExtraHop, there is no need for your APM solution to not give you as much value as it can and end up collecting dust.

You can check out more about ExtraHop at

Posted in extrahop, monitoring, network management | Comments Off on Shelfware