Thank you for attending our healthcare security webinar! View our recording on our event page. Webinar

11/2
2017
Carl King

You Have a Monster Hiding in Storage

I’m sure I’ll step on a few toes with this entry, but it’ll paint a very clear picture you can relate to and give you something to reflect on when you think about your network device inventory.

As consultants, we move around between clients a fair amount and see a lot of new technology, but there’s always some network technologies and device platforms we see repeatedly. There’s a mix of well-done implementations, ones you’d rather just wipe clean and start over, and everything in between.

Network monitoring and management tools are one of them. They’ve become the Swiss army knife of applications as vendors try to compete in a marketplace where clients have high expectations for network management, monitoring, and reporting capabilities. This is also where it gets ugly. Setting it up properly and making it a project planning line item when you do network moves/adds/changes can become a career specialty.

Let’s talk about network device inventory. At support contract renewal time, this is something that usually bites you from behind, kind of like the neighbors’ seemingly friendly dog who wags his tail in front of you but isn’t so nice when you turn your back. Luckily, this doesn’t happen every year like your support contract renewal.

Network inventory is comparable to a handful of areas we deal with in our everyday lives:

  1. We have no idea what we have in our homes and what it’s worth to renew or replace. We defer to the insurance company to just throw an average figure out there and we take their word for it.
  2. We have a garage or basement junk pile we never get around to going through. It’s probably worth something to someone, but it’s going to stay in that pile until it’s worthless.
  3. We have countless things we’ve bought and never used, still in boxes. The need or idea seemed valid at the time, and it was a good deal, so we bought it — but everyday life priorities dictate otherwise.

Sound familiar?

So, let’s see how this compares to your network inventory.

Your network inventory has changed over the past few years; reflecting those changes in your network monitoring tools somehow escapes project planning. This latest round of changes included a new set of SNMP community strings, so together with the community string changes that went along with the network device upgrades over the last five years, you now have a fistful of community strings on your network devices. Some devices have even “fallen off the shelf and rolled under the sofa,” so to speak, so that device information isn’t visible anymore. Out of sight, out of mind. Since you’ve lost those from your active network device inventory, they got removed from the support contract because the contract list didn’t reconcile with your inventory reports. The flip side of this is that you have no accurate account of network devices so you just authorize the vendor (homeowners’ insurance company) to renew whatever is on the device list in your support contract, and you’re paying for support on network devices you can’t account for.

The stuff in your home changes pretty much the same way. You replaced the sleeper sofa and boom box sitting on the coffee table with a new leather sectional and a home theater system. When you look at the line items I referred to above, line item No. 1 starts to feed line item No. 2. The sofa and boom box went out to the garage or the basement. Meanwhile, the shelf full of $70 Xbox or PlayStation 2 games remain on the shelf in the living room when you could have taken them to Game Stop and traded them in five years ago — just like the top-of-rack datacenter switches you replaced in anticipation of them going end-of-support the year after they were retired.

So now we get to the good deals. Maybe they were two-for-one, you overestimated the build of materials, or the budget had to be depleted by the end of the year and the money needed to be spent. Line item three often feeds line item two as well. I’ve been in the position of going through a junk closet and discovering a long-forgotten new closet access switch still in the box. It could be either a nice surprise or a barn find.

You’ll typically find these things along with the juicer you bought for the detox program you never started, the coffee machine that requires a water line that never got installed, Christmas dinnerware you bought in April at a yard sale from someone who also forgot they had it, and those new wall sconces that just never made it out of the box because you meant to pick up wall anchors so you could hang them.

Accounting for things like this is something we do for our clients all the time, and it’s never quick or pretty, but as long as we know what we’re looking for, we can get you through it.

Additional challenges we run across are:

  • Multiple support contracts created by mid-year purchases that really need be collapsed into one contract renewable on the same timeline.
  • Network management platforms that don’t have the SNMP MIBs or device templates for all the devices on your network.
  • Custom pollers are needed for devices that for some reason don’t list the serial numbers in the inventory report.
  • Access lists restricting device management that haven’t been updated for changes in network segmentation.
  • Incorrectly configured management VRFs.
  • Network management not configured for centralized access control, or a partial implementation.
  • Confusing network device grouping, if at all.

Ask about our Craftsmen Assurance program. The inventory topic would be just one component of managing your network under Craftsmen Assurance — but an important one that would establish the foundation for providing you with the core Craftsmen Assurance services.

We can cover it all, network infrastructure, unified communication, virtualization, and more. We can’t help you with the garage clutter, though.

Carl King

Carl King

Engineer

Possessing a mix of experiences over the past 20 years ranging from desktop and server support, web CGI programming, project management, and routing and switching, Carl came to NetCraftsmen after a lengthy term at Prometric, where he was the Sr. Network Engineer for 11 years. He has developed high availability networks using DMVPN, BGP over MPLS, multi-homed multi-tier load-balanced Internet application hosting architectures, been a key player in defining operational technical procedures, enterprise IP addressing schemes, served as the key technical lead on many remote international network deployments, and primary engineering contact for company clients and vendors.

View more Posts

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.