Tag Archives: networking

HP Networking – an introduction part 1 – the company

Posted on by

Let’s start with HP. This post will be more about the history of HP Networking and where I see its advantages lie. Even though I will touch upon some of the important technologies HP offers with their switching portfolio, I won’t go into much depth until my next post.

First, a brief history (go to http://www.hp.com/networking for the full story). HP is one of the key founders of modern networking along with companies like Cisco, IBM, Intel and 3com. Despite this, for a long time they were more focused on technologies than products.

As we moved into the 2000s, the networking world was somewhat static. 3Com – arguably the biggest player in enterprise Ethernet in the 90s – has pulled out of every market outside of Asia; IBM – the champions of Token Ring – had given up its networking portfolio and Intel had pretty much given up on making switches in favor of just producing NICs (along with CPUs, etc.). This left Cisco as the only big player and they built a dominant position in the business market that rivaled Novell’s position with NOSs in the early 90s.

HP was producing switches in the early 1990s but they weren’t really a core product; they were so low on the totem pole that they actually had to have their own separate R&D location from the rest of the company and reported into the printing group. There were even rumors around 2000 that the division was going to be sold off.

Fortunately, that didn’t happen and HP realised in the early 2000s that the advent of demands for technologies like VoIP, large high-speed wireless deployments and secure, managed networks offered an opportunity to build market share. This was particularly relevant as Cisco has been dominant so long that they weren’t really being pressed to introduce innovations, improvements in technology or reductions in cost to the market. HP jumped in offering all three of these and quickly moved to the #2 position as a network vendor globally; a position they have held since 2003 (and have been #1 in 10GbE networking since 2009).

HP’s earliest successes came in the education space (predominantly secondary schools). Their introduction of what is still the industry’s best switch warranty across their entire range of products coupled with their existing brand recognition (vis-a-vis their File Servers, PCs and Printers) and much lower cost than Cisco made them instantly attractive and they gained market dominance in many countries within this vertical.

Their next three major product leaps greatly related to the demand for VoIP and came out at roughly the same time. The first was the release of their 2600 series switches which provided all the technology necessary to deliver a robust VoIP deployment (i.e. PoE, QoS, VLANs and routing) at less than half the cost of Cisco. The second was the release of the ProVision 4 series ASIC with their 3500 and 5400 series switches which delivered GbE PoE, 10GbE and most of the advanced networking features that larger organisations demanded (such as dynamic routing, advanced security, etc.) with both superior performance and less power consumption than Cisco again at a far lower price. The last was their joint authoring (with Mitel) of the LLDP-MED standard which freed all switch and IP PABX vendors from the need to use Cisco’s proprietary protocols (CDP, CDP2) for the dynamic management of IP handets (a critical need as any engineer in the VoIP industry will attest to).

These technologies, coupled with the the reliability and price of their product led HP to build strong market share in many verticals but they still lacked a product set necessary to push into many large Enterprises. These clients demanded more complex technologies from their switches (even if they rarely if ever employed them); technologies like BGP4 routing; the ability to establish GRE tunnels and policy-based routing amongst others. HP’s focus had been on delivering fundamental networking services that the entire market required rather than on more complex services that tended to only be in use within data centers or large campuses.

In the late 2000s, Cisco introduced their UCS series of File Servers which signified another major industry change. Up to this time, Cisco hadn’t really paid much attention to HP as a networking player as their #2 status still put them a great distance away from #1 (market share charts at the time needed two scales for Networking vendors: 1 for Cisco and one for everyone else as otherwise they would not fit together!). Up until that point, Cisco and HP were strong partners in the DC space with Cisco switches being embedded in HP Modular Server arrays for both Ethernet and Storage networking. Cisco’s release of Enterprise-grade File Servers targeted directly at the DC was seen as a direct attack against what was one of HPs most important markets.

HP responded by making an aggressive move into the Enterprise networking space: they acquired the market leader of the 90s – 3Com. Throughout the 2000s, 3Com has quietly built up a switching and routing portfolio to nearly rival Cisco’s along with a major Asian market dominance. Further, 3Com’s switches offered all the advanced technologies that HP needed to directly target Cisco’s core customer base and unlike Cisco – who had become complacent in their switching R&D due to their lack of effective competition in their core markets of Europe and North America – 3Com (like HP) had been aggressively developing newer and better technologies to offer their customers.

The 3Com acquisition gave HP not only a network switch portfolio to rival Cisco but arguably switches that are class-for-class better (both in features and performance) than what Cisco has on offer. Cisco’s reliance on their venerable Catalyst class of switches (which were excellent switches but are now very outdated) meant that they had to do the unthinkable and acquire another switching company (Nexus) in order to keep up. Even this acquisition wasn’t a resounding success as the Nexus switches still don’t have the feature set of either HPs or even their own Catalyst switches which is one of the reasons why the uptake of Nexus has been so poor and why Cisco is keeping the Catalyst line alive despite its 15 year old roots. At the same time, HP extended their Lifetime switch warranty to all but the highest-end modular 3Com switches and still maintains a list price-point that can be as much as 50% lower than Cisco.

Some specific advantages that I have encountered in the enterprise space:

The ability to deliver 10GbE campus-grade MPLS/VPLS on sub-$10k switches (immensely important in University or large research center environments. Cisco can only deliver MPLS on their routers (and for 10GbE, BIG routers); C6500 or N7000 chassis at many times the price.

Switches with both deep packet buffers and bi-directional flow-control for iSCSI deployments (Cisco inexplicably removed flow-control when they they went from the 3650 to the 3750).

A Virtual Switch technology (IRF) common to the entire 3Com portfolio which allows up to 9 stackable or 4 modular switches to be fully consolidated into a single array which both allows all networking features to seamlessly span the array (such as link aggregation, routing, ACLs, etc) and can survive an outage of up to (n-(n-1)) switches when a “fat tree” deployment is used for uplink/server connectivity (e.g. in a stack of 8 switches, 7 could fail and connectivity and function would still be maintained even though performance would be degraded).

I’m not writing off Cisco. They still have the best Enterprise routers around, and they are definitely working on improving their switch portfolio but as the market stands right now, anyone weighing up features, reliability and price without paying attention to “brand recognition” would find it very hard to choose Cisco over HP for just about any size switch deployment.

About these ads

Understanding Workplace Surveillance (or why you shouldn’t do that at work!)

Posted on by

The Sydney Morning Herald recently published an article about IT snooping people’s emails (http://www.smh.com.au/it-pro/business-it/email-snooping-it-admins-like-dracula-in-charge-of-the-blood-bank-20120413-1wxnu.html). Whilst I found this to be an interesting article, I don’t think they went far enough on the subject matter so I decided to expand on it a bit. I also think that the article was sponsored by Earthwave in order to sign people up to their services…:)

The focus on this article is thus Cyber-Surveillance.The immediate take away is don’t do anything on your work PCs that you consider personal or confidential.

When you started a job in almost any Australian workplace, you will almost certainly have signed some form of surveillance agreement which provides your employer the right to observe and audit your computer usage. This has been a requirement since Australia introduced some of the world’s most stringent privacy laws around 15 years ago. You will have signed the form because otherwise you wouldn’t have your job. That essentially means that you have granted your employer the rights to completely unrestricted surveillance of everything you do on their equipment. Everything. Every last thing.

Most people think that company surveillance is there to stop people from downloading Porn or copyrighted material but it goes much further than that. The main thing your employer is trying to prevent is “Data Leakage”. Data leakage refers to company data being transmitted away from the company without authorisation. This may include:

  • Emailing out company secrets
  • Copying company data on to removable media (USB drives, DVDs, etc.)
  • Transferring company data over The Internet
  • Installing unauthorised logging or surveillance software on one or more PCs

In order to this, they will monitor everything done on company equipment and there is nothing you can do that they can’t see. The following are the techniques that companies can (and probably will) use to to protect themselves from litigation or data loss:

  • End User Admission/Access Control
  • Proxy Log monitoring/reviewing
  • Random Email checks/keyword checks
  • Data Leak Protection
  • Direct Access
  • SSL Offload and Rewrite
  • Data Mining

Before I continue, I want to make it perfectly clear that I don’t think Australian employers are out to spy on their staff. Data leakage is a real problem for some companies; it’s not uncommon for someone trying to download the entire customer base and history before moving on to a competing company; and trade secrets are even more valuable. Browsing porn is not only wrong, it also opens up a company to sexual harassment lawsuits if someone else sees it and objects (that happened right at the start of my career and it cost a senior executive at one of Australia’s largest insurance companies his job, because he didn’t think the rules applied to him and liked his girly background). Finally, companies can be liable for illegal content being downloaded over their links or on to their equipment.

Let’s cover some of the different techniques that organisations use.

End User Admission/Access Control

EUA software is what has replaced traditional antivirus and is there to ensure that other techniques remain effective. Most security vendors offer software that allows the employer to ensure that staff don’t modify their PCs in any way. They introduce Antivirus, Firewall, Content Filtering and Data Leak Prevention (DLP) to the local PC. With correct configuration, the network will refuse the device access (or quarantine it) if the device’s EUA software is not up to date. EUA is more of a passive defense to ensure that other techniques remain effective.

Proxy Log monitoring/reviewing

In most organisations, absolutely all Internet activity is tracked and logged. Nothing you do on The Internet is secret and if you do something wrong, you will likely be caught. Logs are used with Data Mining techniques to discover patterns and wrong-doing.

Random Email checks/keyword checks

If you read the link at the top, you will know that IT has access to your Emails, beyond that – since the release of Microsoft Exchange 2010 – your team leader can be given the easy ability to search through all his team member’s emails. Nothing in Email is private, never ever send anything personal through work Email.

Data Leak Protection

DLP is a fairly new technique utilising both Firewalls and EUA to track and prevent sensitive information from leaving the company by using Data Mining and similar techniques. DLP will look for things like keywords, attachment sizes are other aspects to intercept and quarantine any suspect material before it leaves the company. DLP is extended through the use of EUA and Direct Access to ensure that it works at the workstation level as well as through the network and the servers.

Direct Access

Direct Access was introduced by Microsoft with Windows 7 to provide greater security and manageability to workstations. DA leverages tradition SSL (encrypted Internet access) to ensure that company devices can be monitored and managed whenever and wherever they are online. Before DA, people had to rely on cumbersome IPSec clients to connect through to the workplace and only used them when they needed them. DA does the same thing but it is embedded into the Operating System and is “always on”. This means that companies can enforce policies and surveillance whether the device is on-network or remote. It can be a pain to set up initially but it is one of the greatest innovations to system management in years.

SSL Offload and Rewrite

This is one of the latest techniques used and possibly one of the most insidious. People think that when they go to encrypted websites (https://whatever.com) are secure and private. Whilst this is essentially true, it may not be true when you are on a work PC. SSL offloading is not new, it’s been used for years to scan incoming traffic for threats. Modern Firewalls (or IPS units, load-balancers, proxies or similar) are able to strip off encryption and scan for threats before data hits their servers. Recently, security experts realised that the reverse could be used to survey encrypted user traffic. This requires the insertion of a certificate into the “Trusted Root Store” of the users’ PCs but its existence allows the company to seamlessly and tracelessly survey any encrypted traffic that goes through that PC. This includes Internet Banking so if you have used online banking at work, you might want to change your passwords since your employer may know it was well (not to mention your balances and transactions). There are some questions about the ethics of using these techniques but the truth is that people that really want to do the wrong thing know enough to use encryption when they are stealing data.

Data Mining

Data Mining is actually the review process of all the data collected by other methods to determine malfeasance. Tools like Arcsight or Splunk can be used to collect data from hundreds of sources and collate them into usable information. The problem with surveillance is that there is too much information and important incidents can slip through the cracks. Data Mining uses forensic tools to determine when and how an incident has occured.

You’ve probably seen a theme here. The tools and techniques employed for surveillance all build on each other to ensure complete coverage and protection for organisations. In a properly secured organisation, virtually nothing can be done without the company either preventing it, knowing it or finding out about it. Your work infrastructure is there for work; smartphones and highspeed mobile links are cheap and easy to get. If you are going to something personal (whether it is as innocuous as Facebook or as private as Online banking), do it on your own equipment with your own data link. Use your work PC for work and your personal device for personal stuff.

Do your own research and understand your exposure and liabilities before you use your work equipment for personal items

VoIP over Wireless Networking – some things you need to know

Posted on by

Hi all,

I’ll get back to The Cloud soon, I have my next post mostly written but it’s a very complicated topic; and what’s not too hard to deliver as a presentation is proving far more difficult to put into a blog post. I’m going to start seeding these with diagrams soon, which should make things easier for me. For now, I’m going to write another post based again on a request – this time from the IT Manager of a major Sydney school (I’ll ask his permission before I publish his name) which is to explain how to get his VoIP working better over his Wireless network.

The short answer is that VoIP will never be ideal over WiFi (for the techies and purist out there, I know that it’s 802.11 networking and not WiFi but that’s what most people think of, and what most labels say). There are several reasons for this that I am going to cover in this post.

The main issue with VoIP over WiFi is that Wireless Networking (the 802.1<abgn> standard for the techies out there) is a half-duplex standard which means that a device can either transmit or receive at any given time (see http://en.wikipedia.org/wiki/Half-duplex#Half-duplex for a fuller explanation/definition). This provides a direct conflict with Voice conversations which tend to be bi-directional. The technology is kind of like trying to use a phone as a walky-talky where you have to hold the button down to talk and let go of it to listen. Wifi has sufficient bandwidth to cope with this somewhat, but it is far from an ideal medium (whereas all wired Ethernet networks other than the original 10Mbps are Full Duplex and hence better suited to Voice (even Wired networking has some issues with VoIP but that’s an easier topic I will cover in a future post).

Another issue is that the majority of Wireless telephony devices operate using legacy protocols that operate at very low data rates (as of 2009, commercial-grade 802.1g (54Mpbs) handsets were only starting to be introduced just as the 802.1n (up to 600Mbps) standard was approaching ratification). There are a few reasons for this. Firstly, VoIP needs very little bandwidth to operate. Most VoIP systems utilise SIP (Session Initiated Protocol) with G.711 as a streaming CODEC which consumes between 97-105Kbps depending on which VoIP vendor you are talking to. This is far less than the 1Mbps that the lowest level of 802.11b Wireless allows for an the rule for Wireless is that the lower the speed, the greater the range so WiFi phones tend to request/demand very low bandwidth from your Wireless Network. Far from being a good thing, this is a major problem as Wireless is a shared medium which means that bandwidth available (22MHz per channel) is all you get amongst everyone connected to that Access Point. That means that a WiFi phone connecting a 1Mbps consumes just as much of your Wireless Network as a laptop connected at 150Mbps with 802.11n. A Wireless Radio (NB: a Wireless Access Point can contain one or more radios; most APs contain only one radio although 2 or more radios in an AP is becoming more common) can only operate at a single channel or frequency at any given time. This means that most WiFi IP phone will not only starve your network of performance whilst they are connected, but they will also cause constant contention (since they are likely the only low-speed devices on the network).

Our next issue is frequency contention. Wireless Networks run at divisions of either the 2.4GHz  or 5GHz spectra. Virtually every VoIP phone (and most other WiFi devices) use 2.4GhZ. There are three main reasons for this: Range, Price and Power. Lower frequency signals carry further than higher frequencies (which is why mobile phones tend to operate at as low as 850MHz since Cellular towers are kind of expensive) which makes 2.4GHz far less expensive to deploy (less radios/access points needed) than 5GHz. In order to achieve any decent range, 5GHz devices need to consume a lot more power which can take a rough toll on a WiFi Phone (or Laptop)’s battery. There are two big problems with the 2.4GHz spectrum. Firstly, the allowed spectrum goes only from 2.401 to 2.483MHz (Japan allows a bit more). Since Wifi consumes 22MHz per channel, that means that there are only 3 non-overlapping channels in the 2.4GHz band (or only 1 non-overlapping channel if you use 802.11n which consumes twice the bandwidth)! In other words, if you are running 802.11b Wireless phones, the maximum data rate you can provide to any given area is only 33Mbps (11Mbps x 3 channels) or actually half that once Wireless overheads are taken into account. That’s the bad news, here’s the worse news: since 2.4GHz is an unregulated band, anyone can use it and everyone does. Microwave ovens, baby monitors, cordless phones, cordless computer mice, wireless headphones and dozens of other devices all gleefully use this area of the spectrum and there’s nothing you can do about it. I once did a Wireless Survey at a University where the PIR sensors that turned the lights on in the lecture theaters were operating (and absolutely blasting) at 2.450GHz, completely locking out a big chunk of their Wireless just so someone doesn’t have to flick a light switch when they walk into the room. It doesn’t matter where you go, you will always get frequency contention with 2.4GHz. The 5GHz band is far less utilised but for reasons mentioned above is less suitable

Now we move on to the biggest bugbear of all VoIP (not just Wireless) which is Quality of Service. Nothing you run on your network demands more “real time” bandwidth than voice. Voice quality can be horribly distorted if any packet loss, delay or jitter is present on your network and that’s particularly bad news for WiFi (which is a slow, shared, contended media as described above). To deal with these issues, VoIP traffic needs to be granted absolute precedence on your Wireless network over any other type of traffic or it will be very poor. This is one of the reasons that VoIP over Wireless tends to starve your network’s performance (as described above). Until around 2007 (when the WME extensions to 802.11e were released) there was no standards-based method of providing QoS for Wifi which made deployments very problematic. One company – Spectralink – released a method of providing QoS for Voice over WiFi called SVP (Spectralink Voice Protocol) which depended on a dedicated appliance to govern the traffic in conjunction with compatible access points which many vendors (including Cisco, HP, Motorola, Proxim, etc.) subscribed to. Whilst Spectralink worked reasonably well, it was expensive, difficult to configure and allowed only the most basic (and easily hacked) encryption to be used on the network. With the release of standards for Wireless Media Extensions (or WMM for Wireless MultiMedia as its more commonly referred to), SVP became obsolete but many AP vendors still support it as there are still many older SVP-based IP handsets in use (mainly due to their high cost of replacement).

Those are the main issues with VoIP over WiFi, there are others but those are enough for you to see that it can be a challenging solution to deploy.

I’m sure that by now the gist of this post must seem to be don’t deploy VoIP over WiFi but nothing can be further from the truth. This technology is very useful and can be successfully deployed if the right strategies are used.

Before I get into how to do it right, I’m going to digress into the single biggest issue I encounter with not just VoIP over WiFi but Wireless Networking in general: More is better. I’m going use use bold, underline, italics and caps for the following: NEVER EVER BELIEVE SOMEONE THAT TELLS YOU THAT YOU CAN OVERCOME YOUR WIRELESS ISSUES BY FLOODING YOUR SITE WITH ACCESS POINTS OR RADIOS!!!

I use so much emphasis because I encounter this so often and it is upsetting to see organisations being ripped off by forcing them to buy needless amounts of equipment and spend huge amounts of money (it’s not just the APs, it’s the cabling and the data ports they consume along with their licensing and management that really costs money) with the result being an environment that’s worse than they started with. Yes, worse! As detailed above, there is very limited spectra available for use and the more APs you have in any given area, the more that spectrum gets carved up and the less efficient the overall network becomes. This is a particularly big problem for VoIP over WiFi since people tend to be moving when they are on the phone; not only does a site “flooded” with APs tend to cause the phone to “radio-hop” (i.e. jump from radio to radio or AP to AP) excessively, the results of that hopping can cause havoc on the rest of the network (also as detailed above). Each WiFi phone will be like a little ghost roaming around the premises causing all sorts of issues wherever it goes. It doesn’t even need to have a call active since the phone (like any other Wireless device) is always “on” the network (how else could it receive a call?) unless it is switched off. If you aren’t sure if you have too many radios or APs, download a program like Netstumbler (http://www.netstumbler.com/) and run it at several locations around your site. If you see full coverage of the three non-overlapping channels (i.e. 1,6 and 11) from 3 distinct radios and maybe a small amount of signal in those ranges from other radios then you probably have the right number of devices. If you see the same channels being strongly presented by multiple devices then you have a problem.

What can you do about it?

OK, enough with the doom and gloom. Let’s move on to steps you can take to ensure decent VoIP over WiFi coverage. These are only rough guidelines to help you; doing this right really needs a trained Wireless Networking professional with the right tools and knowledge but a lot of people claiming to be that really don’t know what they are doing so see if they are following these steps and if not, you might want to consider how qualified they really are.

Do a Wireless Survey. Whether you are planning a new deployment or are having issue with your existing environment, a proper Wireless Survey is a must to work out optimal radio placement and potential blackspots. Top of the line survey tools (like “AirMagnet”) can run to over $10k but they will provide very exacting information regarding what you need to do to get your Wireless Network deployed right. Note that a Wireless Survey of a large campus can take a week or longer so expect this to be a fairly expensive exercise but if you have a lot of problems, or if you can afford it, it is worth it when done properly.

A follow-on to a Wireless Survey is investing in decent Wireless Management tools for your environment. Most major vendors offer pretty decent self-branded tools that will allow you to easily prepare “heat maps” of your Wireless Network as well as to detect “rogue” devices (i.e. APs that don’t belong to you but are transmitting in your space) as well as blackspots (where there is no coverage), hotspots (where there is heavy congestion) or areas where there is too much congestion. These same tools can often also help you “tune” your network (see below). If your vendor doesn’t offer the right tools or you are running a multi-vendor environment (more on this below as well), there are excellent 3rd party solutions (like Aeroscout http://www.aeroscout.com/) you can use.

Tune your Wireless Network properly. I made strong mention of the issues of too many APs above, but how many is too many? The answer is based on the amount of channel overlap you have. A lot of environments (most notably secondary and tertiary schools, where every student has a Wireless laptop or similar) really do need a lot of coverage. It is not uncommon to even see two radios per classroom in some schools and this is fine, as long as they are tuned right. Avoid the temptation to turn the gain right up on the antennas. If anything – in high-density environments – you need to turn them right down in order to make sure their coverage is as localised as possible. Some vendors’ APs are “self-tuning” but my experience is that this is usually less effective than taking the time to set the antennas properly and lock them that way. Use the tools I mention above to do this and review it at least once a year (or whenever there is a problem, or the Wireless Network is being expanded).

Move high-bandwidth devices to the 5GHz band only. These days, most laptop and tablet vendors offer 5GHz WiFi in all but their cheapest models. Not only is the 5GHz band less cluttered, it also has many more channels to use for overlapping coverage. The number of channels differs by country (due to local regulations) but Australia – which is where I live and allows an average number of channels – has 21 non-overlapping 20MHz channels (or 10 for 802.11n). This firstly allows you to deploy far more APs/Radios than 2.4GHz (which allows you to provide far more data) but will also pull most of your contentious data off that spectrum leaving far more available for Voice. The only devices that should be on your 2.4GHz network should be Smartphones (which still mostly use 2.4GHz due to power constraints) and VoIP WiFi phones. This may mean investing in 5GHz dongles for some legacy laptops but these can be obtained for under $50 each. This will also mean getting rid of any 2.4GHz wireless printers (or print servers) you may have deployed. Given how much data is consumed by printing, these are likely causing issues anyway!

Consider reserving a channel just for VoIP. This is a fairly draconian but effective measure for maximum VoIP over WiFi performance. Choose one of the three non-overlapping 2.4GHz channels and use it exclusively for VoIP, allowing data devices to use only the other two channels. This will guarantee that your VoIP usually has decent bandwidth available (subject to interference from non WiFi devices as detailed above; use the cleanest of the three channels for VoIP). If the previous strategy is employed, this will only reduce the amount of data available to Smartphone devices.

Go with a single-vendor, managed WiFi solution. Wireless Networks come in two general flavors: un-managed and managed. Un-managed networks are where each Access Point is configured (and runs) individually. Managed networks use a central controller to administer and propagate policies to all the APs. Managed networks allow technologies like fast-roaming (i.e. quick handover from one AP to another during times of movement or congestion) and Layer 3 roaming (roaming between different network subnets) as well as better overall network management and congestion mitigation. But…

Avoid “Captive-Portal”-based managed WiFi solutions. There are two ways that managed Wireless Networks function. One way (and still the most common) is to tunnel all the traffic from the AP through the controller before sending it to its ultimate destination. The other way is for the AP to receive policy from the controller but to send the traffic is receives directly to its destination. The former solution is a major reason for poor VoIP over WiFi since the controller itself becomes a major bottleneck point. If you already have a Captive-Portal System…

Consider a dedicated Wireless Network just for VoIP. This isn’t as expensive as it may seem. Remember that the lower the data rate, the greater the range. Whereas 11Mbps 802.11b has a nominal transmission range of around 30m (indoors with typical walls), 1Mbps 802.11b has a range of around 90m! This means you can deploy far fewer APs to attain the same coverage for VoIP as you ordinarily would need to use for data. Further, performance could be greatly optimised since not only could you reserve a channel for VoIP, you could also lock the data-rate of the AP to match that of phones. This should be a last resort but if VoIP over WiFi is really important to your organisation it may be the only solution.

 

There you have it, my view of what issues you can expect to encounter with VoIP over WiFi and some of the ways you can deal with them. I must again stress that this is an area where good expert assistance will make all the difference to a successful deployment.

I would like to make one final note, and this is more around security than performance. Remember that many WiFi handsets only support very basic WiFi encryption which is very easy to hack so make sure that you isolate your “Voice” network from everything else using appropriate security policies on your APs, switches and routers/firewalls. If you consider the confidentiality of your VoIP traffic to be important then make sure that you invest in devices that support strong encryption (such as WPA2) if you don’t want people listening in on your conversations.

Understanding your Customers, and Bringing Understanding to your Customers

Posted on by

Kudos to James Vickery http://jamesvickery.com.au for inspiring this post.

My readers will have certainly picked up by now that I am an IT consultant. It’s what I do, and it’s who I am. Over the last 19 years I have been:

  • A Security Specialist
  • A Messaging Specialist
  • A Server Specialist
  • A Database Specialist
  • A Standard Operating Environment Specialist
  • A Wide Area Networking Specialist
  • A Local Area Networking Specialist
  • A Storage and Backup Specialist
  • A Unified Communications Specialist
  • A Firewall Specialist
  • A Voice Specialist
  • etc.

No I don’t carry an encyclopaedia of IT in my brain and I hate it when I get introduced as “The Master” or “The Guru”. That’s not me; there are people far better than me in every field that I’ve listed above (and many more). What I really consider myself to be is a Customer Specialist. My real role and strength is getting to know and understand my clients and their ICT goals and – perhaps more important – bringing them understanding of how they can achieve those goals. This post is all about that, and it’s probably what I am most passionate about in my industry because I think it’s something that is done far too rarely which is why there are so many fundamental disconnects between “ICT” and “The Rest of the Business World” even today, despite the fact that ICT is fundamental to the success of virtually every business in the world larger than the local sandwich shop.

I’m going to go through some principles that I apply when I meet new customers, and how I work to develop my relationship with them. This is what I do every time I am in front of a client (or for that matter, a colleague since to me colleagues are just clients of another sort; the difference being that we are each other’s clients trying to work together).

BE OBSERVANT

Use your senses; not just your eyes but your ears and even your nose. If at all possible, meet your clients (particularly for the first time) at their offices. You would be amazed at what you can pick up through some basic observation even before they come out to greet you. Some examples:

What is their building like? If it’s in a good location and is well kept then they are probably paying a premium rent, and are the sort of client willing to spend good money for good service. If it’s in a bad part of town or badly looked after, then they might be the sort of organisation that tries to economise on “inconsequentials”. The latter is always a bit of a warning sign for me.

What is their reception area like? I can sometimes make my best judgements about a client solely from their reception area. This is the “first impression area” of any business; and is what their clients see when they walk in. How they present themselves here speaks loudly about how they conduct business. Is the area clean and well set out? Does the receptionist greet and deal with you professionally and courteously? A receptionist that treats you coldly because you aren’t a “customer” might well set the tone for how you can be expected to be treated once you go in. A receptionist who is overly chatty might indicate a general lack of professionalism. Look at the reception desk. First impressions again. Is there a modern PC and good equipment neatly set out or is there a 3rd generation clone that’s been handed down over the years? Are their current newspapers available to read or magazines older than the ones at your Doctor’s surgery? The information you get from this first impression will help you to gauge the mood and tone of the meeting.

When you walk in, what do you observe? Is the office area cheerful? Cluttered? Overly-neat? Don’t eavesdrop but do listen for the tone of any conversations that happen to be going on. Do people sound nervous? Relaxed? Tense? What does the place smell like? This might sound silly but if you smell any type of food other than coffee or tea, this might indicate that this is the sort of place where they expect to eat lunch at their desks whilst they work. Again, this will help set your expectations.

What’s the meeting room like? To my mind, the single most important tool in any meeting is the Whiteboard. Is there one? (If there isn’t I always ask if one can be brought in; I feel hamstrung without this necessary tool). Is it nice and large? Is there a good supply of markers? Is there a decent projector available? Have they put water on the table or – if this is to be a long meeting – juices and snacks; and taken coffee orders? Even before you start, by observing the conditions in which you will have to meet them, you can better tailor your presentation to the client’s business’ attitudes.

The point of being observant goes on throughout the meeting, you always have to watch your client and look for both verbal and non-verbal clues that you aren’t winning them over. This leads to the next point:

 

BE FLEXIBLE

The difference between a consultant and a salesperson is that the former is expected to know what they are talking about whereas the latter is mainly there to spruik a product or service. This means that if you see that what you are presenting isn’t holding their interest, be fully prepared to shift gears or even entire directions mid-presentation. This is why I believe that the Whiteboard is the consultant’s greatest friend whilst PowerPoint is their greatest enemy. The former allows everything up to any given point to be erased so you can start afresh whilst the latter forces you to follow a path that may be the completely wrong direction to what your client’s expectations are. I may well put together a PowerPoint presentation but not until I am deep within a paid engagement where the client and I have established strong mutual understanding and trust. Until that point, I do everything possible face-to-face using collaborative whiteboard sessions so that we can build that relationship. Flexibility also means not being afraid to go beyond your own field of expertise. If you go in to discuss networks and a storage issue comes up, don’t be afraid to take this on board; just be sure not to claim expertise in an area where you only have passing knowledge. Being caught out not knowing something is a way that a weakness can be turned into a strength by committing to the client to bring an appropriate subject matter expert to the next meeting. This shows not only the flexibility to branch the solution out wherever it needs to go but also the strength of character to be willing to admit a lack of expertise in a subject. This leads to the next point:

BE AWARE OF ASSOCIATED FIELDS

No-one can know everything about everything; that’s axiomatic. What is also axiomatic is that you need to build the strongest possible expertise is your own field. What is more subtle – and often rarer – is the need to build at least passing knowledge of fields associated to your own. I so often encounter so-called experts who are completely focussed on their own field with nearly complete (and obstinate) ignorance of any other area of technology. I find this to not only be a completely obnoxious trait but also one which shows that their own expertise is seriously lacking. No ICT system exists in a vacuum. What good is a DBA that doesn’t understand how different storage arrays will affect database performance? What good is a VoIP specialist that doesn’t understand the concepts of network QoS or VLANs? You don’t need to be an expert but you still need to maintain rudimentary knowledge of fields that link with yours. I mentioned earlier in this post that at a certain level, I treat colleagues like clients and I meant it. For example: in my current role, I have no consulting responsibility for anything around Servers and Storage. This doesn’t stop me from routine chatting to our Server and Storage specialists, occasionally attending their tech meetings and reading their papers. This also certainly doesn’t stop me from keeping my eyes and ears open when theypresent to clients. I certainly can’t learn everything they know but if I can pick up on the high points and key-words, I can listen for them at my own meetings and recognise an opportunity to introduce them into a client. You can’t know everything but you should try to know everything you can. This leads to the next point:

LEARN TO UNDERSTAND YOUR CLIENT

This next part is so critical that I will put it in bold italics: Your client knows their own business far better than you do! The reason I emphasise this point is this probably the single biggest mistake I encounter in our industry; primarily amongst newcomers to the industry who still haven’t learned that being an IT genius that doesn’t make them a genius in all fields (I call this young doctor’s syndrome). Before you visit a client, take the time to visit their website and look them up in a search engine. Learn all you can about them so that you can understand or recognise key points when they are made within the meeting. If you try and tell the customer how to run their business, you will fairly quickly get a sore backside from doors that hit you on the way out of the building. The client knows their business and you know your technology. It is your job to help make your business assist their business. This leads to the next point:

YOUR CLIENT PROBABLY DOESN’T UNDERSTAND YOU

We are now moving to the second part of this article heading. If the client knew all about the services you are there to offer, they wouldn’t need you in the first place. You should obviously have a wealth of knowledge around your subject but your ability to communicate this knowledge is far more important to your client. This is why top scientists are rarely asked to present directly to their sponsors; their work is just too technical for the people who pay them to understand it. It instead needs to be “filtered” a few times, converting it from “techno-babble” back into “human”. As a consultant, you don’t have this luxury of filtering; you are the filter. This is the most important thing that you do; you achieve technical solutions to business problems. This is the key to your role and what differentiates the “consultant” from the “technical specialist”. Your job is primarily business, not technical. If you don’t understand the client’s business needs you have no chance of putting together a decent technical solution for them. If you can’t address the technical solution to the specific business needs that you have learned then you have little chance of getting them to understand why you are proposing to do whatever it is you are suggesting. This leads to the next point:

YOUR TECHNICAL TEAM PROBABLY DOESN’T UNDERSTAND YOUR CLIENT

Just as your client is more focussed on their business then they are on the technology that facilitates it, your technical team is usually focussed on the technology and doesn’t know (or often doesn’t care) about the relevant business environment. Your job now is the clearly translate the business needs into something the technical people can work with. For example:

  • Customer: I want need our phone system to cover our 50 offices all around the country
  • You to customer: I suggest need to first ensure you have a private network between all your sites that can ensure you voice quality doesn’t get degraded between sites during high traffic periods
  • You to technical staff: The client needs an L2 MPLS network with DCSP QoS handoff to ensure VoIP quality

The last two are the exact same statement, just put in ways that the relevant parties will best understand them.

You need to become a Babel Fish (from Hitchhiker’s Guide to the Galaxy; props to Tess Collins from Apple for coining the phrase for me) where your just is to act a real-time interpreter between the relevant parties.

 

Customer Service (which after all is what this all boils down to) is both an art and a science. You can’t learn to recognise all the nuances of a customer’s attitude (art) but you can learn to look for them and recognise the most obvious signs (science). This is a topic that could fill a whole book but I hope these points I have presented might help you in your business relationships.

 

Does Cisco hate the environment?

Posted on by

Hi all,

I’m a bit tired tonight so I thought I would re-post something I wrote last year against someone else’s BLOG in relation to Cisco’s newly announced UPoE technology, capable of delivering up to 60w of power per Ethernet port. The original post is at: http://www.linkedin.com/groupItem?view=&gid=122304&type=member&item=63909236&qid=abbb7112-8825-4ef2-bb71-6cfcba117d27&trk=group_items_see_more-0-b-ttl.

I kind of wonder if Cisco has something against Green IT. This is an example of yet another technology being released by them that makes me think that Greenpeace should camp outside their office. Whilst HP (and others) is working on releasing more efficient equipment (such as the MSM46x WAPs, which are – AFAIK – the only dual-n radio APs capable of being run on standard PoE), they seem to be focusing on the ability to pump more power across the wire or keeping hopelessly inefficient equipment in service.

The 3750x switch is probably the only 1RU switch around that can use dual-1Kw+ PSUs; I don’t think even most File Servers require that much juice. Maybe if an environment just happens to have a shedload of PTZ cameras within a 100m radius of the switch this might make sense but otherwise…?

At the other end of the spectrum, take their recent release of the Sup-2T for the 6500 series in order to prolong its use. The 6500 was a great switch and still is a quality device; unfortunately it was never designed with power efficiency in mind.

There are many other examples…10GbE over copper on Cisco requires > 10w per link on Cisco (vs. 4w X2 or <1w SFP+) and yet they push it as an “advantage” over other vendors. HP didn’t release this technology until they could get the power consumption down to at least X2 levels.

I don’t set out to “bash” Cisco myself; I’ve worked with their kit most of my career and they really are the foundation of modern networking. Unfortunately, their complacency for nearly the last decade has put them perpetually into “catch up” mode lately, and they seem more intent on releasing poorly thought out solutions with great marketing spin then in actually engineering fundamentally better products. Other than their routers, I’ve been very disappointed in what Cisco has delivered for nearly the last decade.

In with the Old out with the New

Posted on by

I’m sure that I’m not the first person to cover this topic but I thought I’d add my bit.

One thing that amazes me is the cycle of technology that goes on. The old cliche of “put the old dress in the closet and 20 years from now it will be back in fashion” seems to pretty much apply equally with IT. I think it was seeing those “reto-handsets” they are offering everywhere for the IPhones that got me thinking. Let’s take a few examples..

The first “real” laptop computers (from about 1989/90 or so) came out with specs more or less similar to a conventional desktop with screens between 14-15 inches. The in the late 90s, there was a rage of “Micro Notebooks”. I had an IBM x240 which was about 8 or 9 inches wide, and I was given an original Toshiba Libretto (Pentium 166) as a keepsake from a friend a few years back (still the smallest production notebook I’ve even seen and it still works perfectly). They were popular for a while but quickly became stale as people realised they didn’t have the horsepower to do any real work on and had crummy battery life. So we moved to the “ultra portables” – with the Toshiba leading the way again with the Portege – which were slightly bigger, had much more grunt and better battery life, and a much bigger pricetag. Execs and graphic designers had them but the majority went back to notebooks with specs more or less similar to a conventional desktop and screens between 15-15.4 inches.

Along comes 2007/8 and suddenly everyone needs a “Netbook” (i.e. Micro Notebook). They can’t build them fast enough and every vendor jumps on the bandwagon. In Australia, the government gave away literally tens of thousands of them to high-school students as part of their “Digitial Education Revolution” funding program…only to realise that they didn’t have the horsepower to do any real work and had crummy battery life (this was particularly depressing for students as they tend to be power users and finding out that you can’t edit photos or videos on your brand new notebook was not a good thing). This buzz this year is for “ultra portable” which are slightly bigger, have much more grunt and a much bigger pricetag. Sound familiar?

About 15 years ago, Microsoft brought out a product called Windows CE (sometimes horribly abbreviated to WinCE) designed specifically for portable computing devices, often employing touch-screens. At around the same time, Apple brought out their Newton portable touch-screen computing device. There was a brief flurry of interest and activity with many vendors (most notably HP) bringing Windows CE devices to market and many die-hard Apple fans swearing by their Newton. Eventually, Steve Jobs killed off the Newton when he took back the reigns of Apple and set about transforming the company whilst Windows CE is still around but used mostly for devices like Thin Clients. About 18 months ago, Apple released a device called the “IPad”, and once again we are off and running with touch-screen computing devices (AKA Tablets).

Finally (for this article) there’s cloud computing. 25+ years ago pretty much all business computing was centralised. Big Data Centers housed monster computers that consumed so much electricity and produced so much heat that they needed dedicated power distribution and cooling separate from other buildings around them. Everyone connected to them via relatively slow data links, which didn’t matter too much since they did all the work centrally. Then we got the PC which placed a reasonable fraction of that processing power directly on to the business user’s desktop allowing them to work discretely without having to share the central computer with 100s of other people; followed shortly thereafter a slightly more powerful PC that was called a “File Server” which further allowed businesses to localise their data and processing all the way down to the branch and individual user level. The Information Sprawl was thus born and the amount of data and information gathered and collected (and dispersed) started growing exponentially as more and more devices were purchased and deployed until the business reached a state where virtually no organisation could even come close to accounting for where all their data is actually located. Around 1998, a company called VMWare popped up, promoting technology that allowed companies to carve up their existing File Servers into multiple “virtual file servers”. They called this technology a “Hypervisor” (they didn’t invent it, but they were certainly the first company to make it work). At the same time, a company called Citrix was starting to gain decent acceptance of their “Winframe” or “Metframe” product which allowed businesses to carve up their existing File Server into multiple “virtual desktops” that users remotely accessed in order to gain access to company applications and data. Both these technologies developed a reasonable following but were limited to use by very large organisations since even though they didn’t need much network bandwidth to operate (i.e. the capacity of the link sitting between where the user and file servers were located), they needed more than most home users, small or even medium businesses had available (i.e. generally dial-up links). The we finally got the last main piece of the puzzle which was the wide availability of high-speed, low cost data links to almost everywhere in the world. So now businesses are moving all their data and processing into Big Data Centres which has monstrous arrays of computers that comsume so much electricity and produce so much hear that they need dedicated power distribution and cooling separate from the other buildings around them.

What’s next on the technology cycle?