Thursday, December 13, 2012

People helping people

One of my beliefs is that people like helping people. I know it's hard to believe that some times when you watch the news, or some one cuts you off on the highway but I still feel that way.

Sure the driver that cut you off may have not been helping you, but he or she could have been bringing a kidney to the hospital and needs to get there quickly, or maybe they are a volunteer rescue worker and forgot to put on their light. I don't know, but I still think just because they aren't helping you at that time, doesn't mean they aren't helping someone.

Why is this even remotely important? Well one of the main reasons social network and collaboration works is because people like helping people. Many times simply posting a question will yield dozens of results from knowledgeable people willing to share their advice.

Smart companies are already leveraging this by creating community groups. Many times this can help reduce support calls (and money spent answering those calls). Even more importantly it helps build more engaged and loyal customers.

Tools like's Chatter, Yammer, Sharepoint and a host of other free tools are available to help build these community frameworks. People are willing to help. It will take time to build a vibrant community but in the future this will be "table stakes" as customers become more used to working with social businesses. Those businesses that aren't social will decline as the innovators grow.

Friday, October 26, 2012

Asus Zenbook and Galaxy SIII

I recently upgraded my HTC evo 3d from Sprint to a GS3 from Verizon. The same week I upgraded my Dell E4300 to an Asus Zenbook Prime. After a few weeks here's my thoughts on them...

Samsung Galaxy S3

The GS3 is fast and Verizon coverage rocks. I get 4g coverage in Maine which I never would have expected I would see in 2013 let alone now. When it connects to 4G it is super fast. Even 3g speeds seem like much better coverage than Sprint. The display is awesome.

It stinks having to switch phones. I sort of assumed that since I used google play at least the apps I had downloaded would have magically showed up. They didn't and I spent the first day getting them all again and organizing the icons so I could find them. It was what I was used to but I was expecting better.

The display is great, but breaks super easy. I know it is supposed to be Gorilla Glass, but I think mine was Bunny Glass or something. Literally it slipped out of my hands and fell and cracked the glass. Entirely my fault but a 12-18" drop seems like it should not have ruined a $600 phone.

The even worse news is the repair is a $250 repair. I have insurance but it still is going to be $100 out of pocket. So far I've lived with it. I figure if I broke it in 2 weeks with normal use, I can't afford to repair it every time it breaks. I mean that's $50 a week.. It sure seems like a glass replacement is more like a $20 repair. If anyone knows any tricks I'd  love to hear them.

Lately my phone has been rebooting. Hopefully this won't be a regular occurrence

Asus Zenbook Prime

The zenbook is super fast. It's light and the display again is really good.

Unfortunately the display is too good. The resolution is so good that I can't see it. I really need to drop it down to something that makes every thing bigger, or admit I need progressive lenses. I'll probably do the resolution thing....

I hate the touch pad. It seems way to sensitive when I'm typing and frequently I look at the screen and find the cursor moved on me and I'm garbling paragraphs. So far it has happened twice in this post. That really pisses me off, but worse when I am trying to use the touch pad it doesn't seem sensitive enough. To be fair, I've never liked them and disabled it on my Dell too and used the pointing stick. The Zenbook doesn't have that so I need to use an external mouse which stinks when I'm in a lazyboy recliner....

I hate the face that I need to hit a function key to get page up or down to work as well as the volume. Speaking of volume the sound is much better than the Dell speakers were.

It's a super light laptop but the downfall is I need a dongle for the external VGA monitor and it doesn't have a DVD or ethernet port either. They shipped the machine with a USB ethernet port, but it was a 10/100Mbs connection. I always use wireless so not a big deal, but really 10/100????

I know I'm going to lose or forget the vga dongle. I haven't yet, but I will.

I miss the 3 power supplies I had with my Dell. I only have one with the Asus. I'll forget that one day and need to get another one. Not exactly an Asus issue, just annoys me. :)

Generally I love them both, but like anything it takes some getting used to. I'm still getting used to some things...

Sunday, October 14, 2012

Cars only have one spare tire - Be smart with redundancy

Technical folks often times are perfectionists, which means they want to build reliable, fault tolerant systems. This is a good thing, but you need to be wary of falling into the trap of overbuilding redundancy.

A wise man once reminded me that a car only has one spare tire. This came up because we were building out our disaster recovery site and the team thought it would be a good idea to have a clustered email environment, on new hardware of course, at the recovery site.

Don’t get me wrong clusters are always good, but they also cost more. Instead we decided to save the 25k that would have been used on the servers to fund a real test of our recovery plan. In hindsight it was a much better choice. A recovery site ideally is never used so why over spend on it.

We are actually debating on whether we should spend for the redundant servers we do for clusters. I mean if it’s part of a cluster already do we really need RAID drives and redundant power, or is the fact that it is already redundant good enough. The verdict is still out, and the cost to add RAID and a redundant power supply isn't that much when you only buy a few servers at a time, but for someone with a huge data center, like Google or Microsoft, the cost savings could be dramatic.

You should do the analysis on your environment and see where technology went just a little too far, and see if you can either reduce new purchases, or at least reuse some that you already made.

Wednesday, October 10, 2012

Social is more than a company account

There are a lot of companies that have a company facebook or linkedin page. Many have a corporate twitter account, or more than one. This is a good thing and those companies are likely doing good with their social presence.

The problem with this approach is it really doesn't scale that well. Imaging a company with 1000 employees. If they have one or two people focused on social media, that's good. They can probably build a few thousand followers, have regular blog posts and updates on their corporate pages.

If they spent that time and effort on training the 1000 employees on the proper use of social media, encouraged their employees to tweet, or post photos on pinterest or talk about work on their facebook pages or in their linkedin updates then instead of reaching a few thousand people, now you can reach a few hundred thousand people.

I recently had a linkedin update turn into a really good sales lead. The interesting thing was I am not the social media representative of my company. In fact I'm not in sales, or marketing. I do though update my linkedin connections with relevant updates from my company and one of those is what prompted the lead.

Now there are some risks which is why you need to train and educate people to avoid some of the "twitter disasters" that regularly make the media. You also need to have a great company culture and employee morale. Luckily we have both but if employees hate your company or aren't engaged then this is either not going to provide much value, or can cause brand damage.Though if you have unhappy employees you really need to fix that regardless of social media.

Leveraging the entire company to help market and brand your compay and products can really help increase awareness and revenue. It's not without risks, but all rewards come with risks.

Tuesday, October 9, 2012

Common decency isn't as common as it should be

I remember when I was younger (some would say much younger - I wouldn't) I remember breaking my leg. Kids break their legs a lot that's not the story. At the time I was old enough to mow lawns to make money and had six or so that I would cut on a regular basis. To make sure I didn't lose the customers, my father filled in for me.

After the first week he came back in and sputtered " I don't know what you are charging those people, but you should double it. You know not one of them offered me so much as a glass of water?". I think his language may have been a tad more colorful, but you can get his meaning. He told me, "Anytime someone comes to your house to do work or visit, you at least offer them a drink of water. That's just common decency"

Now it may be the decent thing to do, but I wonder how common it is nowadays. 

I know when we have our new flooring installed next week at home, we'll have soda and snacks available to offer them. We usually will offer to make the workers a sandwich for lunch. I remember my father's lesson, water is the least you offer. Almost every time we do this for a crew working at our house, they are shocked and amazingly grateful that we treated them with what I would call basic kindness. I mean it's a sandwich, not prime rib and lobster tails...

We do the same thing when we hire employees or contractors. To me they are still part of the family and should be treated like the rest of the team, regardless of how they get paid. We invite all of the team, contractors, part time folks, co-ops etc to our department events. I know not everyone does that and it seems wrong. 

That basic kindness should be common decency, not extraordinary.

Thursday, September 27, 2012

Getting more value from IT

Most IT organization spend between 70 and 80% of their resources on keeping things running. Maintenance for servers, patching, network circuits, and solving problems fall under this. Unfortunately that means the amount of IT resources working on anything new is at best 30%. So out of every dollar you spend on IT you get 30% new value.

We have been able to reduce our IT operations costs to between 30 and 40%. I can't give you an exact number because, well, spending the time to accurately track every thing we do would change the numbers. Frankly figuring out if it is 33.8% of 37.4% isn't time well spend and too many departments measure too much and was resources on that instead of new value.

In fact that's my first tip. Stop measuring what doesn't matter. If at the end of the day you aren't going to do anything with the data, stop spending time measuring it.

The second tip is sort of related to the first one. If you can't remember or explain why you are doing something, stop doing it. This can be an outdated process, or a contract for a service that you have had for a long time. We used to have a contract with a data cleansing company. It was expensive, and when we asked, we realized no one used it. So we called in the vendor and asked why we should keep it.

The vendor went on to explain how clean data would save us money when we did postal mail campaigns. We never do mail campaigns and asked what other value they had. As it turned out, that was all they could come up with, so we cancelled the service. The only impact was we saved a few hundred thousand dollars of operating costs a year. No one said anything at all about the service going away because it was never used.

I know this goes against the outsourcing trend, but if it is a lot cheaper to do it yourself, hire someone really good, cross train someone else and bring it in house. A lot of companies buy all of their network services from one of the big telephone companies. The thought it, consolidating to one vendor gets you economies of scale and letting them manage it is one less headache.

While letting someone else deal with it is less headaches, we saved millions of dollars by switching from a managed network to one where we get the best local deals on Internet access we can and manage our own VPN network. We get great pricing, more flexibility, and slightly - very slightly - more headaches. If you hire the right people, the downside is minimal and the upside is huge.

Automate as much as you can. This may mean taking chances that the automation won't miss much. We used to run a management package that would let us deploy updates to our machines. We would test and test each one before we released it to the users to make sure there were no issues. We decided to stop doing that and trust the vendor that makes the software to test the fixes. It's been a year and we have had no issues and been able to refocus that time on other areas. There is a risk, but no guts no glory.

The last tip is that the safe bet isn't always the best bet. There used to be a saying "You don't get fired for buying IBM". Many CIO's still feel that way, though the company name may have changed. While that may be true, you also don't stand out being part of the crowd. If you want to be exceptional you need to take risks, which may mean not going with the same vendor everyone else goes with.

Tuesday, September 18, 2012

Five CIO tips

I just went to a CIO roundtable event in Boston. Every time I go to one of these I'm always reminded how similar our problems are. Some of these CIO's ran billion dollar companies, others were a few hundred people in a law office, but the problems are the same. Here are some of my tips to help my fellow CIO's and IT managers out.

1. Mingle.  I am a big fan in, gasp, eating lunch in the company cafeteria. Not because the food is that good, though luckily ours is, but because it gives people a chance to see you and get to know you. It's really hard to dislike someone you have had lunch with, well unless they really are a jerk, but hating "The man" seems pretty easy for most.

2. Do what's right for the company, not what's right for you. A lot of times I see CIO's protecting their turf, or pushing a pet project when it's good for them, even if it's nor the best thing for the company overall. Let's be honest, it's hard to say "You know maybe we can not replace that headcount, so we can spend more on marketing". We all get a little hung up on the size of our budgets or org charts, but as a senior executive your job is to do what's right for the company.

3. "Give credit, take blame". When your team does something great, as the leader, you automatically look good. If you then give credit to the team members, you almost get double the credit. The opposite is true with blame. If your team does something wrong, it reflects on you. By accepting the blame you do two things. You end the conversation and show the team that you have them covered. Now if someone does something truly wrong you do need to take action either through training or stronger action, but by not playing the blame game you help foster a culture that encourages people to try new things.

4. Sharing knowledge is key. It's important for senior members to share what they know, but many times people will try to hoard information to make sure that only they know something so they can't be fired. As a CIO you need to encourage people to share what they know so that the senior resources can be working on more senior tasks. Focus on highlighting this and make it part of your culture and your team will flourish

5. Information is power. 99% of the time if everyone has the same information we will come to the same conclusion. When we make mistakes is when not everyone has the same information. Perfect example, we had a remote office and the data circuit contract was up. Well there was a big price difference between 12 and 24 months, so I signed a 24 month contract. Unfortunately what I did not know was that the lease was up on the building in 6 months. Had I known that clearly I would not have signed a two year contract. Not knowing cost us money and frustration.

Monday, September 17, 2012

Attitude is key

I heard a story many years ago that I want to share...

A reporter was interviewing people to see what they though of their jobs. He interviewed one older man who was working as a bricklayer and asked about his work 

He said, "I have the best job ever. I get to build amazing buildings that have character. At the end of the day I get to step back and view my work and see the building make progress by my own hands. I love what I do"

Impressed the reporter walked around the corner and asked the other bricklayer about his job.

He replied "This job stinks. All I do is carry these heavy bricks, put some mortar between them and stick another one on top. It's the most boring job ever. When the day is over, all I have to look forward to is another day of stacking bricks. This is the worst job ever".

Now of course the interesting thing is, both of them had the exact same job. The only difference is their perspective and attitude about what they do.

I feel I have the best job ever, I get to manage the network for a company that makes networking products. I get to deploy the latest technology and work with great people who are redefining how networks run. More often than not, the days fly by and when I finally get around to looking at the clock it is because it is dark out my window and I realize I worked late again.

Of course I can see how someone else could say this is the worst job ever too. I mean there is always another upgrade planned and 200 engineers that all know networking better than me telling me how to do it. For some that would be horrible.

When you think about your job is it the best job or the worst job. Many times the only difference is your thoughts on it.

Monday, September 3, 2012

Linking two google spreadsheets

I recently was looking for a way to get data from one Gdocs spreadsheet to another one. I had been puttering with it for a few minutes and was about to call it a night (it is 4AM after all) when I realized "Hey I should try searching for the answer".

Sure enough, a quick google search kicked up the magic command to do it.

It turns out there is an "ImportRange" command that does exactly that. In my case I wanted a particular cell, but obviously, it does ranges of cells too. 

=ImportRange("0AhaiWNG6sqLpdGkydGNyVDBKQUhCWmhWQklIdTB3ibm", "B72")

You will need the spreadsheet key, which you can get from the URL. The only other trick is the arguments needs to be in quotes, or you will get an error. You also need to have permission to view the spreadsheet.

The google docs help is really good. If you get stuck, give searching a shot. It shouldn't come as any surprise, it is google after all. Their search is pretty good. :)

Sunday, September 2, 2012

IM nightmares

Is it just me or are there way too many instant message clients out there?

I mean we used to have Microsoft OCS (Office Communication Server). It integrated with outlook and would update my presence when I was in a meeting or hadn't touched my computer in a while. That was good. I rarely had to update my presence since it was integrated so well.

Then we migrated to Google and added Google Talk. It has the same sort of integrations, so again I rarely have to update my presence. Neither integrated with the PBX though so unless I remembered to say I was "On the phone" no one ever knew. Of course half the time I am on my phone it's my cell phone anyway which the PBX doesn't know about so even if it was integrated with the phone system half the time it would be wrong.

Then facebook added chat, and salesforce chatter has chat. Neither of these seem to be integrated with anything so if I want them updated I need to remember to do it. I never remember to do that.

Now we are upgrading our PBX to a Siemens Openscape Voice with Unified Communications and that has chat too. They do integrate with my Google calendar, and the phone which is really nice. I can even get a UC client for my cell phone, which should mean my status gets updated when I'm on my cell phone. Very nice.

But that still leaves me with 4 other IM clients that don't get updated. What I really want, I think, is a "Presence service" that integrates all of these and all my IM clients can query to see what it is I am doing. Ideally that would link location (and speed) so it could tell if I was driving, or at least in a vehicle, and update my status appropriately. I could use something like bzzy to respond to my tweets if I was driving, or in a meeting.

If I am in an active chat session in a different client, my presence would show that too. It could tell if I was busy playing "Angry Birds" and let you know that too. It would have security groups so I could restrict how much detail I share. I wouldn't, for example, want to accidentally tweet out "Rich is having a colonoscopy now and will respond when he is done".

I  guess I'm OK with, or at least resigned to, the issue of multiple IM clients, I just wish I didn't have to update my status so often in so many places. Pretty soon I'll need to add an "Updating statuses" status...

Friday, August 31, 2012

Windows 8, server 2012 - Why bother?

For the first time in over a decade a new release of Microsoft software is coming out and I'm not an early adopter. In fact I probably won't even get it until I have to.

When Windows XP came out my company was the largest deployment of XP outside of Microsoft. In fact I still have the Windows XP shirt, signed by the team hanging in my office. We deployed Windows Vista before it was released and were one of the first to benefit from Windows 7. We followed the same trend with Office 2003, 2007 and 2010.

Why the change? A few reasons actually. First my account team changed. I'm a big believer that the account team makes or breaks a relationship. In this case breaks. We used to always know what was going on at Microsoft but our new team, who I've met but frankly would probably need to search my gmail to find their names again, just isn't that engaged. I had to about beg to learn about the Microsoft cloud and when we did they explained that the cloud versions would always be behind the installed version.

I used to know what cool features were coming and how they would help my company. Now all I know about windows 8 is that it has a new user interface that works with tablets.  Frankly my concerns with Windows 7 weren't about the interface. They were about the speed of the machine, how long it took to boot up and why it started fast and got so darn slow. Maybe there are some amazing new features in windows 8 but who knows.

I'm not sure what the new version of  office brings to the table, other than I can now use a cloud version, which looks just like the on premise version, and apparently the licensing doesn't rip you off as much.

So we switched to google. I understand their vision of 100% web, client independence and though their software isn't quite as polished as the MS versions, I think in a short time it will be. They also do a much better job of collaboration than MS does, as far as I can tell anyway not having seen the latest MS versions.

Now to be fair, we have a new Google representative as well, and frankly I haven't met them yet either. Hopefully they will be as engaged as our last AE was. She did a great job of explaining the Google vision and convincing us to go Google.

It's not all about the account team. I think Microsoft lost focus of what customers wanted and I think Google understands where the industry is going and is better positioned to get us there. Time will tell...

Tuesday, August 28, 2012

Verizon outage

If you happened to catch the news for Andover MA (or Lawrence) you may have seen an article about a mattress fire under a bridge in Lawrence. As it turns out there is a conduit above where this mattress was that contains a whole bunch of fiber and copper wire.

This fiber and copper is used by Verizon (and apparently Sprint, AT&T and a few others) and when it burnt up cell coverage, phones, FiOS and even 911 were impacted. 

I don't know how everyone else configured their phone system, but when we ordered our phone lines we requested and were sold a "protected sonet ring". While I'm not the worlds best optical network engineer, my understanding was that a single cable break, or failed component would not cause an outage. Hmmm  Since my phones went down, and cell phone towers seemed to go down and supposedly 911 stopped working I think either I'm incorrect in what we actually got, or protected sonet is a myth.

That annoys me actually...

The other thing that annoyed me was the lack of notification. I mean in today's environment I should have been able to go to their web site and seen outages. I couldn't. 

I should be able to follow them on twitter and get updates. I couldn't, though I did get a response asking me to send them a direct message but by then I was on the ride home so I don't know what this would have done. They did respond fairly quickly when asked, but didn't seem very proactive.

I should have been able to open a ticket and get regular updates. No such luck. I did get updates but they were pretty few and far between. The local newspaper sent out a tweet last night around 4PM saying "next press release from Verizon will be 10AM" 16 hours later...

The lines did come back up and everything is good, but I need to give Verizon a D for support with  redundancy that didn't seem to work and not having timely updates. Hopefully either I'm just not using the support tools properly and there is a web page, twitter handle or phone number I don't know, or they will get better.

Sunday, August 26, 2012

Social Selling works.

In a typical week I get around 75 phone calls. On average I answer less then 10% of them. Close to half, it seems are from either "unknown caller", or "blocked called". I refuse to answer those out of principle Even the ones that do come in with a number. many times I am not at my desk, in my office but busy talking to someone else, or otherwise not in the mood to listen to a sales pitch.

I don't get a lot of regular mail though when I do, I usually open it and the throw it away. Email, luckily mostly gets caught at the mail filter, the rest I usually hit the archive button on. I don't have an admin, but if I did I would see even less of these sales pitches.

The funny thing is, and maybe it's because it is still new, when I get someone trying to connect on linkedin, or a direct message on twitter, even though I know they are likely trying to sell me something, I accept and respond to it. 

Even better is when someone emails me with something relevant. For example I got an email last week that started with "Hi Rich. I read your blog and loved the post about..." Now maybe I'm vain or egotistical, I've been called a lot of things but never either of those. In most cases though the fact that they have now emotionally connected with me means I want to help them. It doesn't mean I'm going to buy from them, or use their services, but it does mean I want them to do well.

I wrote a blog post about just such a company They are called Incxo. Typically I wouldn't take time to meet with a recruiting agency.  I'm not hiring and if I was, we have an in-house team that we normally use. If I need to go outside of the company I'd use my network first and only then one of the regular firms I've used in the past. 

In this case though I took 30 minutes, which quickly turned into 90 minutes, learned about what they do differently and even talked about them to other people. The big difference, besides the fact that what they are doing is super interesting, is they engaged in a way that made me feel like they were listening. We connected, even before we met in person. 

Frankly if they had called and left me a voice mail, I would have ignored them, Social, especially when you really engage, works.

Wednesday, August 22, 2012

Clearly HVAC contractors are not Enterprise 2.0 yet..

I'm trying to get a price to replace some heating baseboard in my house in Maine. Heat's important in Maine. I sort of expected I would call three people, ask for a price and decide. I assumed a week or so. I mean it's literally to replace 32' of forced hot water baseboard from slant fin.

So I looked on google, found two new companies and my local furnace guy and asked them to come over and look at what I needed.

The first guy came in two days. He was the owner, very knowledgeable and helpful. We also talked about installing central air conditioning and upgrading some of the heat too. He left some brochures for us to look at. After five days I called and reminded him I was waiting for a quote. I got a total price, but no real break down so had a few questions. We traded a few emails to clarify some things. I think I understand what I am getting but will need a more detailed breakdown before I sign anything. I'm assuming at some point I will get a design that we can work through showing where the ducts will go, where units get placed outside and inside etc.

The second guy came out the next day. It's been a week and I still don't have a quote though I've called twice. He did bring some literature that explained what the products look like and I was able to review the manufacturers web site. This company actually has no website. The only way I found them was google and yelp kicked out a phone number for me to call.

The local guy that we normally used, answered the phone, but needed to "go to town" to get a price. Clearly not an example of enterprise 2.0. In fact Mayberry from "The Andy Griffith show" comes to mind. Town is literally the next town over, about 10 miles. I've driven further than that for a burrito. It's not like he has to drive to California to see it. I'm not sure why he can't call for a price.

As an exercise I googled "slantfin baseboard price" and in 5 minutes worked up a price ($511 or $645 depending on model) for the materials from I think the labor is about 1 hour to drain the system, 2 hours to remove the existing baseboard, 2 hours to install the new one and 1 hour to test and refill. So 6 hours of labor with 2 guys is probably  $780 ($65 an hour I'm guessing). In my head this is less than $1500. The first guy quoted $1600, so we are close. I'm guessing he gets better pricing on parts, and is faster than me so he can sharpen his pencil a bit.

Now maybe I'm spoiled with some of the high tech companies I work with. Maybe I'm impatient with most responses in a few minutes, or hours. Maybe I just have high expectations, but so far I'm not real impressed with the HVAC vendors I've been dealing with. Clearly not social media aware or ready for Enterprise 2.0....

Tuesday, August 21, 2012

Opensim and datacenter management

Somewhere I followed a link to something cool called opensim. It lets you build a 3d world and populate it with other people or objects. In my usual geeky way I tried to imagine how I could use this in my day to day job running IT infrastructure.

I think this is probably more cool than useful, but imagine if you could see in 3d what your data center looked like. All of the servers in the right spot in the racks. You could look at the lights on the switches and see if they were connected to something. You could see the servers and power them off if you wanted to. You could walk to the back of the cabinet and see where they were plugged in and that the circuits weren't using too much power.

How cool would that be, especially for a remote data center? Pretty cool right?

Even better though would be if you could do the opposite. See we can do a lot of this now, if we kept our documentation up to date, and we do a really good job of that. We can see the switch ports, check our documentation to see what plug the power supply is plugged into and even use SNMP to verify the amount of amps being used on the circuit.

The problem is most people don't keep there "cross patch information" files accurately. Most people don't record where they connect power cords, and most people don't track where the servers are racked in the cabinet. What we really want is to be able to do the opposite. We want to be able to walk through the data center and record and update our documents with how things really are connected. Now for power cables this is probably not too hard. Recording the "U location" in the cabinets is probably possible too.

Recording the Ethernet or fiber cables is probably impossible using video though. There are too many in the bundle to be able to tell which one is plugged into what, plus sometimes the cables run from the front to the back of the cabinet and we would lose track of the cable on the camera.

Luckily though our Enterasys switches use something called "Node alias" which records MAC addresses heard on a port, DNS information or DHCP information. While the video recording is not yet possible, figuring out what LAN cable goes where is available today. I think this is an Enterasys only feature, though I'd love to hear if other switch vendors can do the same thing.

Sunday, August 19, 2012

Working from home hurts your career?

According to Forbes working remote, too often, can cause you to get worse performance reviews. While I don't like to think this is true, it probably is.

Think about it this way. Much of our communication is hallway discussions. While we do have meetings, most of what we talk about is outside of those formal times. This means if you are remote, likely you are missing out on that piece. This will probably make you feel disconnected. Plus it's hard to build relationships without a less formal setting than a meeting.

How can we solve this though? I mean it's not possible for everyone to be in the same location.

Tools like Google hangouts, chatter and other informal communications can help. The trick is to use them informally or all the time. For example, can you setup a permanent hangout between two development centers? This way as people walk by they casually communicate.

Chatter, if used for casual purposes, can also help build relationships. Letting people talk about music they like, restaurants they like or vacation plans can help people discover shared likes.

Will this help performance reviews? I don't know, but it seems like it should. Thoughts?

Friday, August 17, 2012

Scary security story

In case you missed the latest malware threat called Shamoon go check it out. 

It's scary only because it deletes all of your stuff, but it's apparently pretty directed so probably won't be as bad as it could be. That's not actually what this post is about...

We started talking about this threat though and one of my admins shared this story...

Yesterday I got a call from someone who said they were monitoring my computer for me and thought that I might have "malicious software on my computer that is 1000 times worse than a virus."  I thought I would play along so I asked them what I should do, and they then walked me through opening up the event viewer and looking for errors.  They asked if I had any warning or errors in the system log, and when I told them that I did they said "Oh No!  You have been hit.  Each warning/error means that thousands of files on my 'application hard drive' have been affected"  They then tried to get me to grant them access to my computer through so they could fix it.    That is when I told them that  I was on to them and hung up.  The scary thing is that they called me on my work cell phone number.

OK rule of thumb, people aren't just monitoring your machine and going to help you for free. If they are monitoring your machine, you are more likely to get arrested than a free malware cleaning. Just saying...

Usually attacks aren't this specific and it has to take a lot of time to be this targetted. Anyone else seen this?

Another company to watch - incxo

I was going to wait and save this post for a rainy day, but after talking to these guys I have to share right away. What they are doing is pretty cool. Think crowd-sourced recruiting...

First go check them out..

At first I was a little confused on what they did. Are they a platform for recruiters and jobseekers to work together? Well they are more like a traditional search firm with really cool technology. If you have openings, you can't just post them on their site, like say linkedin jobs. But if you are a recruiter with a stellar candidate you could recommend them.

I got to meet two of their founders, Matt Corbett is their CEO and Anne Haley who is a principal there. They had some cool facts, which I won't be able to remember all of them but the most interesting one was referred candidates are three times more likely to do well than other candidates. They consider "doing well" to mean at least 2 years at the company with at least one promotion. Yeah I'd say that is doing well....

They essentially pay you to recommend someone. If they get hired, you get paid. There are some details, like how long your recommendation lasts, what if more than one recommends etc, but that's the heart of it. If you feel funny profiting from helping someone get a job, you can donate the money to charity.

In fact that's what most good recruiters do. They find good candidates and bring them to the client who then pays them for picking through the hundreds of resumes that aren't good and doing a lot of the work. Good recruiters will also ask, "Do you know anyone that could be a good fit?" Usually then they call that person and if they are a good fit, keep the money. Some recruiters will give you a finders fee, but usually you get good will from the person you recommended and a thank you. Sometimes you don't even get the "Thank you".

So it's a cool model. I think it makes a lot of sense. I don't get paid to tell you that, but you can bet I'll recommend you if you are a good fit for one of their openings.

Thursday, August 16, 2012

The problems with BYOD

I recently posted a blog post on the Enterasys blog  talking about the 8 types of BYOD.  Essentially BYOD is made up of 3 attributes that related to LAN connection, Management and Data. It can range from essentially the same technical problems we have today with corporate managed devices on our networks and connecting to our data, to someone's "personal" iphone.

Each of these situations brings up a different problem and solution set required. In summary though it works out like this.

1. If it is on your network, you can control it with firewalls, network policy and SIEM tools.
2. If it is managed by you, then you can use MDM to protect yourself.
3. If it is accessing your data then authentication, like Okta, with automatic provision and de-provision can help.

The corollary to these are.
1. If it's not on your network, traditional network tools won't help. In other words a hardware appliance on my network has zero control over my 3g connected Android device.
2. If you can't manage the device, you can't control the device.
3. If it's not your data the best you can do is have a policy and react accordingly.

There is no protection from someone using their iphone, on their 4g data plan connecting to their facebook. The best you can do is watch and react appropriately.

Wednesday, August 15, 2012

A few cool companies to watch

Every now and then I come across a really cool company that I like to share. This week there are two that I think are pretty innovative.

I shared a few when I went to Cloudslam12, one of them shopforcloud, got bought already and is now called, so someone else thought they were good too.

This week we started testing hotlink. They take vcenter, which is how almost everyone manages Vmware environments  build a shim and can then manage any hypervisor. In our lab we have Vcenter managing ESX and hyperV. We can migrate virtual machines between the two.They also support Citrix and Redhat's VM environments and I'm sure will be adding more. HINT: Look for a super cool announcement at vmworld.... Oh and Enterasys Data Center Manager works with all of them.

I started using Waze. It's a social traffic tool. Think of google maps traffic layer mixed with real time "friends" updates. It lets you tell the people behind you what is going on. I think it is really helpful, though the traffic maps don't seem to be as robust as I'd like. I think its' because it is still new and not enough people are on it. Watch this get better as more people start using it.

What cool companies did you come across that you want to share? Comments are always welcome.

Tuesday, August 14, 2012

The new Klout score

OK I'll admit to a certain vanity when it comes to my social media scores. I mean I don't want to be like the marketing VP that has never heard of Klout, so I check it on occasion. And yes that occasion may be pretty close to once a day.

I have to admit, I like the new scoring system. Now the funny thing is what I did that post, I have jokingly explained why I felt my Klout score should be higher and said I thought it should be a mid-50. With the new scoring, it's at 57.

I like 57. It's way better than the 46 I was stuck on. Now looking at it, I think I should be mid-60 instead. I mean they don't look at my blogger account, and let's face it these pearls of wisdom have to be worth half a dozen +k's. Plus, in case you don't know, I also post on and and each of those should be a few more.

Yeah I think mid or high 60's would be good. Ideally even a 68 just so I can beat @valaafshar. Not that I'm competitive in any way...

Wednesday, August 1, 2012

A good customer service story

I know my last post was about poor customer service, so I thought I'd share a good story of how to engage with customers. 

We have been taking our dogs and cats to a local vet for 15 years. We almost always use the same vet even though they have 3 that work at this clinic. He is great, super friendly and the animals love him too. I'm not sure how much we have spent with this clinic over the last 15 years. In the last few years our dogs have gotten old and sicker. I know the monthly medicine costs for "Princess" costs more than my car payment. In summary we are a pretty lucrative client.

Unfortunately our vet is leaving and moving to Florida. While we do know the other vets and all of the staff, the new full time vet that is taking over is from a different clinic. We've never met him, even though he is a part owner. I'm sure he is good and capable, but that doesn't exactly offset the 15 year relationship we had with the previosu full time vet either. 

But they did something smart. They had a "welcoming party" for the new vet and we were invited, which was great, though we missed it. I'm hoping that on the first visit they will schedule some extra time for us to get to know him. It seems like a great way to reach out to customers and let them know their business is important and see what they are doing well. 

Anytime there is a reason to talk to customers, especially at an executive level, is a great time to differentiate yourself. Don't pass up the chance to be amazing.

Monday, July 30, 2012

Two customer service stories that make me cringe a little

I usually let the experts like Shep Hyken, Vala Afshar, Mike Lylte or some of the other amazing folks on the #cxo tweet chat talk about customer service and customer experience, but in the last 24 hours two examples came up that I thought I'd share.

First let's start with a data provider/Telco sales story. We recently signed a two year contract for our new facility in Salem NH. We are in the process of the fiber buildout and things are progressing nicely. Our sales team is great and we are making great headway. 

Whoops but a few weeks in, our account executive changes. I'll admit this feels a little like the old "bait and switch" game and leaves a bit of a bad taste in my mouth. I asked for my usual contract clauses, including "If the account team changes, I can leave with no penalties in 90 days". I didn't get that one though.

That's not the story though, but helps to set the stage. So our new AE is scheduled to come in and meet with us today. Yesterday he cancelled saying an internal meeting came up. Really? An internal meeting trumps a customer meeting? Now maybe it's a really important internal meeting but that sort of implies that I'm not a very important customer.

At Enterasys I can honestly say "There is nothing more important than our customer". We live by this. I've been late for meetings with the CEO because I was talking to a customer. In fact "customer meetings" is about the only excuse that is accepted for missing some of our meetings. 

I get that things come up, but if customer service is important, I mean really important, it seems like customers would come first. I guess that's why we have a net promotor score of 81.

My second story is in the same sort of group. Not really bad, but still leaves me feeling less than important. We are switching antivirus vendors. Our current one dropped the ball on some pretty big problems, though in their defense after a few months they did agree to do anything they could to help. Unfortunately it was a day after we told them we were leaving, so I take that somewhat with a grain of salt. 

Anyway we are on a short timeframe and had largely decided to go with ESET. If you want to know why we chose them, hit me up. We have some relationships with another vendor and as a favor agreed to give them a shot, even though we need to decide in 4 days. 

We setup a call with the local account team and as we are talking through our environment it turns out to be a little bigger than they thought. Apparently they have a different team that handles accounts over 1500 nodes, and we were over that. So the account executive says "Oh I'll need to get someone else to cover this, I only handle accounts up to 1499 nodes". 

Uhm OK, so we need to decide in four days and you want to bring in a new team and lose a day? To be fair they have been very supportive and are really working to convince us they are the right choice. They haven't dropped the ball but again it just feels wrong that they are that strict about who gets what account that they wanted to change midstream. I mean what would have happened if we started with 1490 nodes and then hired 10 new people? Would I really have to start a new relationship with a different team because I hired one too many?

Friday, July 27, 2012

Social Media IronMan

My sister just completed her first ironman. If you aren't familiar with an ironman, it consists of three incredibly physical events, a 2.4 mile swim, a 112 mile bike ride and a 26.2 mile run.

I thought it would be good to do a Social Media Ironman competition which involves 2 blog posts, 112 tweets and 26 comments on other blog posts (or Facebook, youtube, G+ posts etc). I had to round down since a .4 blog post or .2 comments aren't really useful.

Using hootsuite, or buffer for the 112 tweets is illegal, as is writing the posts ahead of time. The idea is for this level of content to be created in one day, not created over a week and sent out in one day.

What do you think? Anyone interested?

Wednesday, July 25, 2012

IT Outsourcing - the trend is reversing.

I just saw this great article on Information Week.

In it Jim Ditmore talks about why companies are starting to realize outsourcing isn't a silver bullet and shares some times he reversed an outsourcing deal. I really like this article. I think he does a great job of hitting the nail on the head. I'm paraphrasing a bit with the next line

Outsource only what you don''t have scale, cost advantages, competence or capacity and what is not part of what makes you special

I've actually been involved in two outsourcing due diligence discussions and analysis almost 8-10 years ago. One as the project lead. Both times we didn't do it. The first time was all of IT. Application development was going to go to one company and Operations to another. While the companies were "partnered on the engagement" I can't imagine there wouldn't have been finger pointing. We, at the last minute, passed on it.

The second engagement was for IT Operations only. Supposedly the vendor could save us 20-30% of our costs and at the time we were a public company and very concerned about the "revenue per headcount" metric. 

Apparently somewhere, someone external to the company decided that even though our costs were in line and we were profitable, we had too many people. Personally I always think focusing on a single metric at the cost of profit seems silly, I wasn't involved enough in that discussion to understand the entire decision. I firmly believe "If we all have the same information, the answer is obvious". I didn't have all the information. 

Anyway, we looked at the entire scope of the project, our costs, growth projections and after six months at our final presentation, determine that the costs were going to go up 20%. I still remember the vendor saying to me "Rich, we think the problem is you don't understand your true costs", to which I replied "No I think your problem is I do understand my true costs and they are about 20% less than yours".

As it turns out Jim says exactly that. In a mediocre company, outsourcing is likely to save you 30% or more. If you are well run it should be about the same, and if you are world class you are probably 20-40% less. I guess we fall into world class, cool.

Now I do think outsourcing can work, but the contract needs to be very clear, with measurable metrics and review of those metrics. Also the vendor needs to be very closely aligned with your business goals. 

Let me say that again. BUSINESS GOALS. This doesn't mean an SLA around uptime. That's not a business goal. I mean more like "We will pay you our current costs -X% and a bonus if we meet our revenue, EBITDA and profit goals". Then they have some interest in really making sure your company does well. 

If you haven't read his article, take the few minutes and read it. He has some great examples. It's definitely worth the time.

Thursday, July 19, 2012

NEVMUG Disaster Recovery session

I'm sitting in a presentation from Mike Laverick  and listening to him talk about Site Recovery Manager. He brought up a great point about building this all from scratch. He does a much better job... He has a cool british accent. I can't compete with that.

"Imagine you have an employee, "Mike" Mike built all of our automated DR scripts. Since you are the new hire that replaced Mike, can you look at this 6000 line script and see why it didn't work last night? And twelve hours later you are scratching your head going "Why is this variable added to itself and then added to 5?" No one wants that.

Even worse is when Mike is still there and very vocal about how smart he is and everyone in the business loves him and thinks he is really smart. You look at the code and realize his 6000 line script isn't very good and you could rewrite it in 500 lines of code. Then you realize Mike is an ass...."

Funny but stories we have probably all lived...

NEVMUG Summer Slam

I'm super excited to be at the NEVMUG summer slam today in Freeport Maine. It's a great place to be in the summer, and it's not 100 degrees like last year. Plus the dinner after the event is great. Some people have accused me of coming to this every year just for the free lobster. I cannot tell a lie, i like lobster and that doesn't hurt but that's not the only reason to come to this event.

It's the biggest IT event in this area. Generally 1200-1400 people come to this event to learn more about virtualization. The great thing though is it really is a user driven event. Though many of the speakers are from vmware, most of the presentations seem to start with "Hey this is me speaking as me, not representing VMware" I think that makes a big difference. Clearly they all believe in vmware or they wouldn't be there but it's good that they get to share their personal views as well.

Its also a great event to meet friends and reconnect, and to network with new people. For example I've got to see Royce Stegman from Brocade who I haven't seen since the last event. My friends from Actifio who have been coming since they started as a company 3 years ago, and I got to meet @nikwik613 in person. We've been following each other on twitter for a while and it was great to put a name to a face or twitter handle I guess. Of course Tim Antonowicz @timantz from Mosaic is here. Matt Stoller who I worked with 10 years ago is presenting and I'll make sure to catch up with him today too. Veeam and I have presented at other conferences and it is always great to see them. Broadleaf, Focus Technology and Dell are regulars as well.

Somewhere around here is the #nerdherd. They are the most social group at these vmug events. We've talked on twitter for a long time but actually never met. Meeting  in person with these guys is on my list as well.

It's a little weird to not be speaking this year. The last 3 years I've either been on a user panel, breakout session or part of the keynote. The good thing is I have more time to tweet and blog and share what I've learned. So far the big takeway is how much I miss these events and wish we had them more often.

Tuesday, June 26, 2012

More hiring thoughts and stories

It's funny when I tweeted about how I wanted candidates with a social footprint a subset of the comments jumped to "that's discrimination" and sort of missed the intent of my post. Now I'm not an attorney and don't even play one on TV but I'm confident that I'm not going to get sued for it.

But it did get me thinking about some of the people I've hired through the years, that turned out to be great hires, but that I almost missed out on.

The first one was a guy named Russ. He was somehow related to the town manager, who was my day to day boss at the time. Technically I reported to the Board of Selectmen but that was more on paper than in practice. Anyway he was highly recommended by the town manager so I interviewed him. He had a library science major, not computer science. Of course being much younger then my first thought was "Great he can alphabetize really quick."

He was very articulate, smart and though not trained in computers, understood them. But I was nervous about his relationship with my manager. "What if I do something and he runs to my boss every time we disagree?" was the thought running through my head... I ended up coming to the conclusion that I didn't care. If I can't defend my decision and be comfortable it is the right one it was an issue. So I hired him and he was one of the best hires I ever made. Last I knew he was in Atlanta running a consulting company and doing very well.

The second one was more recent. I had an opening for a co-op/intern/part time helpdesk role. I asked some of my peers if they knew anyone and a good friend suggested someone he knew that worked at Starbucks. He talked to her everyday and it turns out she was looking to get into IT and had just started her senior year. No experience but great customer service skills, likable and culturally a good fit.

Now somehow between HR, her and me we got the times mixed and she missed her interview completely. Absolute no show. Normally I would have passed and not giving it a second thought, I mean I probably had 100 resumes for this one role, but since she had a personal reference and my friend was confident she would be a good fit I went against my initial judgement and rescheduled.

As it turns out I didn't hire her. The reason is 5 minutes into the interview I realized she would be a much better fit for a web developer position we had so I grabbed the manager of web development and had him talk to her and he hired her.

So the point of my long winded story is this. Personal references are super important. I would put social networking second  because it gives the hiring manager more insight into you as a person and your technical skills. If you want to compete on just your resume, go for it. You can get jobs this way, just like you can become a millionaire playing the lottery. The odds are probably closer than you want to think.

IMHO of course....

Friday, June 22, 2012

Why IT needs a social footprint

So I tweeted yesterday about a candidate that I interviewed, but she had no social footprint that I could find. I was a little (very little actually) surprised at the amount of "What are you crazy" tweets I got back, basically saying IT doesn't need to be social they need to be technical. In fact it morphed into a good thread on G+

Now 140 characters is a little hard to explain so I figured I would elaborate a bit more.

Enterasys is a very social, collaborative, company with a focus on teamwork, transparency and knowledge sharing.  Now I know a lot of companies say this, but for us we really do it. Our Chief Customer Officer was just in Forbes magazine talking about it, Our CIO, who was just recognized as one of Boston's most innovative CIO's had been pushing social for years and we even build social into our products.

One of our key requirements in IT is what we call "IT Rocks". At it's simplest it is the one metric we use to measure how we are doing. If anyone in our company gets asked about IT, we want to hear "IT Rocks".  ROCKS also stands for

Respectful - I want them to be able to respectfully discuss different opinions.

Open - I want people that will openly share success and failures so we all learn from it.

Collaborative - I want people that engage and work with others, not just in IT but in the rest of the company, and the rest of the world.

Knowledgeable  - Clearly they need to have the knowledge to do the job

Social - This doesn't just mean they can retweet, but I want people that can interact with other people and be comfortable engaging with others.

When we look for people we want them to have these qualities. We have a support model in our IT department where we visit in person when possible, even if we can remotely fix something. The idea is, If people know IT they generally like IT. If people like IT they support IT and life is much better. 

We want people who collaborate and don't try to hoard knowledge. If only one person knows how to do something, I want them to share it so we all get better as a team. 

Can people be a great fit without having a linkedin profile, or tweeting or blogging. Sure, probably. There are other ways to be social than online. Not all creativity needs to be shared via twitter, in fact we many times will not share something because we are working on a patent filing before openly discussing it. 

Will I miss out on some good candidates by requiring social? Yup. But I'm not looking for good candidates, I want the top 1%. If I get one great candidate I'm OK missing out on 10 good ones.

Thursday, June 14, 2012

Compliance and cloud

Many times when I mention we are a "Cloud first" shop people ask if we are worried about security. The answer is no.

If security is not the first question, than it is about compliance. Actually I'll admit, I was a little nervous about compliance but not anymore.

We had our kick off call with out audit company (one of the big 3, 5, ?) and one of our key financial reporting systems changed from an old in house system to a nice shiny new cloud vendor. During our call we discussed any changes and I was sure that there would be a lot of discussion around this new system.

There wasn't.

They asked if the cloud vendor was SAS70 certified (which is actually now superseded by SSAE16). I said yes and they said "Well as long as they have that and it covers the controls we are testing, that's all we need".  Well and that they would want to see our project documentation and testing, but that's normal for any new system.

So if you are worried about compliance the best advice is get to the cloud sooner rather than later. Then compliance becomes someone else's concern.

Monday, June 4, 2012

Cloudslam 12

I just got back from a conference in San Francisco called Cloudslam12. It was my first time to the bay area and the first time I got to speak about how we chose cloud providers so pretty exciting.

Since it was my first time to San Francisco I wasn't sure what to expect. I was surprised by a few things. The first was that it was colder in California than Maine. Apparently if I had gone inland 10 miles it was a lot warmer, but in the Bay Area it was low 60s versus the low 70s I left in Maine. Somehow that seemed wrong.

I got to spend a few hours at Fisherman's Wharf which I'm told is a requirement for tourists to that area. It was nice and I have to admit they make excellent clam chowder. I feel bad admitting that....

The conference had quite a few vendors that I probably should have, but hadn't heard about. There were companies like orangescape and durgacloud that act sort of like a middleman between your code and cloud providers, so you can write once and run in Amazon EC2, Google Apps or Microsoft Azure. Unfortunately no one seems to take native apps and makes it easy to transport them. Interesting enough Orangescape will let you take Lotus Domino apps to Google apps.

There were actually a few companies that do cloud based log file management. One called Sumologic that gave out squishy sumo wrestlers. Another called loggly. The log files I deal with aren't that big that I need to send them to the cloud for analysis but interesting nonetheless.

Most of the conference was around PAAS or IAAS but one SAAS vendor integrates google mail with I was pretty excited thinking I found a neat tool before my peers, only to find out not only did they know about Cirrus Insight, but we were actively testing it.

I even got to talk to a few grad students working on an appliance that lets you bring google apps environment into the enterprise. So if you are paranoid about cloud, but want to leverage some of the 500k applications written in the google marketplace, you can. Or more accurately will be able to. They are still in school but talking to VC firms to kick off this summer.

There were actually a lot of discussions like that, in fact over lunch I think we collectively had 3 new start-up ideas. I got to meet Jeff Nessen who is the CEO of Progentus  They make tools that allow a sales department to create service statements of work documents in minutes, instead of hours or days. They also make other SAAS tools that make it easier to sell.  He had a great talk on helping your sales team sell cloud.

We had Google talk about Google apps for the enterprise. Intel talked about what they see for trends in cloud service providers.

I was truly amazed at the vibe there though. Getting to hear about companies that were going to start, sharing ideas on new companies we want to see, (I'd love to see an app that takes a video and cloudtags it based on the audio to help it easier to find videos) and just the brainstorming that goes on when you get a bunch of smart people around the table (and they don't mind me sitting there listening. :) )

All in all a great trip and amazing experience.

Sunday, June 3, 2012

The power of collaborative network management

When we created ISAAC last year we knew it had potential to be a game changing technology. No one before had combined social, cloud and mobile in with network management and we were right. We just didn't know how right.

The first few months we talked about how easy it was to localize to different languages using aliases. Suddenly there was a network management tool that worked in 80 native languages and could be customized to use vertical specific terminology.

We talked about how it allowed better work and life balance by letting network managers remediate issues via any mobile device, and from any location. For example if you are at dinner and a user is having a network problem, no more did you have to go to your car, boot up your laptop, connect to the cell network, fire up VPN and then start figuring out who was using the bandwidth in Tokyo. You could do it from the dinner table on your iphone.

Soon we realized it was a great way to customize the network management framework and allow users to create alarms, notifications, actions and new commands. Life was great but even with all this I think we missed the most important pieces.

Earlier this year we realized that by using salesforce chatter we could automatically create new tickets based on alerts and, for example, have a power supply already on the way to get fixed and waiting for us in the morning. In fact we had this happen the other day.

We also learned that our support team could perform remote diagnostics and troubleshooting without needing to have a VPN or remote control software In fact multiple support engineers could work using the deep collaboration toolset chatter gives us. to make sure that we aren't duplicating efforts, and best leveraging the expertise in our entire organization.

Even better we were recording our troubleshooting steps so junior engineers could learn and leverage the experience of the entire team. This reduced training time and organically grew our knowledgebase. Plus we were recording our steps so reviewing the order of changes was easy.

Now we are taking this even a step further by using the power of crowdsourcing, or as I like to call it Cloudsourcing. We can connect a community of customers together and they can share commands, knowledge and expertise with each other and with Enterasys engineers.

We are already seeing huge benefits to some of our pilot customers and to us. We can create new functionality in near realtime and with an iterative design approach to make sure that we are building things, not just for the customers, but with the customers.

Imagine a vendor that develops new functionality to support it's customers needs in real time, collaboratively with everyone that can use it. It ensures that what is built is useful and implemented and takes the best ideas and creates them with almost unlimited resources.

Now stop imagining it and start using it. That future is here today at Enterasys with Isaac,and it's just the start of the new generation of network management, brought about by the power of collaborative network management.

Friday, May 25, 2012

The problem with management tools

Management tools, whether they are for network, systems, nuclear power plants, or anything really, are really hard to get right. It's not that they can't report on errors, they can do that. In fact they can report on so many errors that you end up chasing so many errors you don't get to spend time on anything but chasing them.

Now what some people do is turn off everything, and then wait until something bad happens, go back and figure out what alert would have told them about it. This keeps you from missing an alert the second time, but also means you miss the first one. Not a bad approach but pretty time consuming as well.

Many systems have default warning values and while they are reasonable, they often times don't really match my particular environment.

For example we have a server that generally has 97% of disk space used. Now I know the argument is that's too close, you should add more space. But it's always been at 97%. It never fluctuates because none of the temp files are stored there. I don't need an alert every day that it is nearly out of disk space. If it hits 98%, maybe I want to know.

Now I can easily go in and set that particular threshold for that particular server, but there are literally millions of those in our environment. I would need a team just to go through and configure it once, let alone keep up with it. This obviously is not a very scalable approach.

What I really want is a smart configure tool. Really I want it to run and keep track of all the alerts and what it thought was wrong, and every day, or week ask me "How did things run?" If the answer was good. Reset the alerts to be high enough to not get tripped but low enough to alert me still.

Friday, May 18, 2012

What's your vendors CLOUD score?

Are you, like almost everyone, looking at moving to the cloud? Before you move your critical applications to a new provider check out their CLOUD score.


Company: Are they financially stable? Is there management team seasoned and well respected? Who invested in them? Are they making money or burning cash? Will they survive a disaster and be there for you still?

Legal: Is the legal contract right for you? Check out this blog post to see if you have added the right clauses to protect yourself. Having a good relationship is key, but if something goes south the contract is what the courts will look at, not what the sales team said over lunch.

Openness: Can you integrate with other systems easily? Can you move your data out if needed? Can they use third party authentication methods, like LDAP, or SAML? Do they have a "trust" site so you can see if they are having performance or reliability issues? Do they share there roadmap so you can plan appropriately? Is their knowledgebase available and useful?

Usability: Can users learn the tool quickly? Is training online available? Can you make domain wide changes with an administrator tool? Can you do bulk uploads? Is it easy to manage the system? Is it easy to work with support?

Development: How easy is it to customize? Can you make meta changes from the user interface, or do you need a coding expert to make all changes? Do your developers know how to code in the language it uses? If not, how hard is it to find qualified developers, or train yours? Are the API's well written and robust?

If you ask all of these questions and are comfortable with the vendors answers, you can't go wrong. We use a spreadsheet that asks these questions and weights the scores giving us a result. Using the CLOUD score really helps us make the right decisions and avoid problems.

If you want to check out the spreadsheet we use to calculate our vendor's CLOUD score, check it out at

Friday, May 4, 2012

Stop micromanaging your network

Are you a micro-manager? I don't mean with your staff, with your network? Everyone knows that micro managing causes a drain on energy and efficiency with teams, but did you know it can do the same to your LAN?

In some networks,  management traffic like SNMP, netflow and ICMP can use 30% of the bandwidth and can actually cause some of the issues you are trying to stop. Partly this is because of the broken paradigm we use to manage networks. We configure and manage  everything separately.

What we really want is a way to communicate with the network and describe the behavior we want, and then let the devices work together to "make it so".

Imagine that you use SAP. (OK many of you do use SAP, so that's not too hard to do right?) SAP runs your company and is obviously very important. Now imagine you could tell your network, the whole network not device by device, that SAP was important so treat it as important.

Now maybe peer to peer traffic isn't important so you don't want to have that take up all of your resources, but if the resources are just sitting there doing nothing but costing you money, let it be used. Some traffic you just may not want on the network ever, either because you don't use it and want to mitigate risks, or it violates a regulation.

As new applications came on that are not classified and start to get used, the network should be smart enough to let you know. "Hey I've seen a lot of traffic using a new application called skype. What do you want me to do with it?"/ and you could communicate back, block it, make it important, make it un-important, and the network would know what that means, and configure itself to do that.

I think this is the future of network management. What do you think? Using things like onefabric, isaac and coreflow2 switches, we are well on the way to this vision of the future being a reality. Learn more by going to, or ask me.

Monday, April 30, 2012

My thoughts on this "Do You Have Klout? Employers Want To Know"

So Wired, Forbes and well everyone is talking about this article. Basically A guy applied for a job as a VP at a large marketing firm and got passed over because his Klout score was a 34. They hired someone with a 67.

Well that's how the story spins it, but the piece everyone seems to be forgetting is when they asked about his klout score, the guy had no idea what klout was. Now clearly not everyone follows the social media space that closely and there are a lot of sites that measure your social media influence,,, and those are the ones that are top of mind for me. If I looked I bet I could find another dozen easily.

Klout though is the biggest one and for a VP of marketing to not be aware of it, seems like a big miss. Maybe he has 15 years of experience, but if it was traditional print marketing and they are looking for a social marketing expert, I can see why they passed. He didn't sound like a good fit.

Now I'm not in marketing, I'm an IT guy, but if I was asked the klout question, my answer would be different.

"Well my klout score is currently 42, and while that's not as high a score as I think I deserve, the reason it is lower than I think is because klout currently only ranks, facebook, twitter and google plus. I spend a lot of time on linkedin which I think has more business relevance than facebook. In fact according to a recent study by hubspot linkedin is 4X more effective than twitter and 7x more effective than facebook on visit to lead conversions. I think when influence is included I would be more comparable to a mid 50"

That shows I understand how klout works, what it is, and can speak intelligently on why I like it and don't like it. Now maybe they still want someone who is a social medial rockstar with a score to match, or maybe they disagree that is a valid way to do business, or maybe they just want someone who tweets way more than I do.

Either way I think that's a better answer than "I don't know what klout is". Even if I didn't know what klout was, I would have asked a lot of questions on why they think it is relevant and how it compared to other scoring systems.

In summary I think the reason the guy wasn't hired was his lack of knowledge on social media and now really the fact that his klout score was lower. My opinion of course since I wasn't there...

Monday, April 23, 2012

Network spring cleaning...

Well Spring is finally here, at least in Boston. Spring is that time to look around and do some of those cleanup tasks that always get skipped. So here is my top 5 spring IT tasks.

5. Check for zombie devices. You know which ones I mean right? The server that should have been retired 3 years ago but never seems to actually get turned off. Everyone has some of these devices. I’ve got apache web servers that we “retired” years ago, but they are still online. Some of them are so old and shaky we have to restart the service every 5 minutes to “keep it working”. Clearly they should just go away. My goal is to review all the devices in my network and see what should go away.

4. Review usage reports. Do you have WAN links or uplinks that are constantly running at 90%. Probably need to upgrade them. Or do you have a few ports that constantly generate errors. Maybe not enough to cause an alarm, but enough that you should fix them. It could be as easy as a bad patch cable and help solve some of those weird issues that pop up every few months. I’m also a fan of walking through the data center and closets looking for red lights. Sometimes people miss the alert that goes out and the next thing you know the second drive in the RAID set went bad and you just lost data.

3. Update and test your DR plan. If you have a DR plan that hasn’t been tested, it won’t work. They never work the first time you try it. Never. Run a test and figure out what isn’t going to work before you need it. Along with this, check the business continuity type things, like redundant power supplies actually going to different circuits. If they both plug into the same power strip they aren’t done right.

2. Check backups. Not just to see if they have errors, actually compare it to the list of servers that are online and make sure that you are backing up, or at least aware of, anything that is online.  Some systems may be online but not need to get backed up. Some active directory servers for example, or NIS slave servers and be rebuilt faster than restored anyway and they don’t store data. Not all AD servers are like this. If you aren’t sure back it up.

1. Check firmware and upgrade if needed. There are two schools of thought on this. “If it aint broke don’t fix it” and “Newer is better”. In my opinion, newer has better features which generally make life better, but be smart and make sure you understand and test the better features to make sure you are ready for them.

I’m sure everyone has their own list of maintenance that they want to do as well. If you want to add ideas, I’d love to hear them.

Friday, March 2, 2012

Please no more cloud FUD

Even before I read about the Azure outage I knew some where someone had a cloud outage. I could tell because there seemed to be an uptick in the number of "I told you cloud wouldn't work" articles, tweets and blog posts. Please no more...

Now I don't work at Microsoft and don't have any secret knowledge about what happened, but reading the public posts, it sort of sounds like a leap year bug caused "service management to go down". I suspect during the fixing of this, some other issues were caused that impacted performance and caused intermittent stability.

Now I don't use Azure but "Service management" sort of sounds to me like any existing service would continue to work, but new ones can't be brought up. If that's the case that's not a real big deal. Admittedly it would stink if I was planning to launch my new hot startup on 3/1 and couldn't bring production online, but I've got to think that's pretty rare.

It's hard to disagree that a leap year bug shouldn't have been missed, but hey I've let some stuff slip through that in hindsight should have been caught. I mean who hasn't done "reboot" or worse "shutdown" hit enter and then said "Damn wrong window". Mistakes happen.

Mistakes happen in our own data centers too folks. Anyone that honestly has never had an outage either runs a "data center" consisting of an Xbox, Wii and Pentium PC in their parents basement, or makes so few changes that they are still running Sunos 4.1.3 because they aren't done testing that new Solaris stuff.

OK maybe there are a few folks that have been really lucky, but in today's environment we need to move fast. That means mistakes are going to happen.

Last year, or maybe two years ago now, we actually took quite a few servers down in our data center because of power. We actually have complete power redundancy and this should never have happened. Dual feeds, dual switch gear, generators, UPS, etc. The power even takes a different path through most of the building. Each cabinet has 2 (or 4) PDU's.

So what did we do? Well an administrator plugged in his servers and plugged them into 2 PDU's, one in the front, and one in the back. Unfortunately the redundancy is left and right. So even though it was in two PDU's they were both on A power.

We had to take one of the UPSes offline for maintenance and since we know we have redundant power we did this at noon. Looking back, not a great call. But it also wasn't the end of the world. We learned from it, corrected our mistakes and moved on.

No one said "See I told you we shouldn't have hired Rich". Well not that I heard anyway. My point is we all have outages, we all make mistakes, let's just stop with the silly "See cloud isn't reliable" every time someone  has an outage.

Wednesday, February 15, 2012

Thinking about going cloud? Have you asked these questions.

We use a lot of cloud applications and recently started asking a lot of questions. Frankly not all cloud applications or vendors are created equally and spending some time understanding what they really do can help avoid a disaster later.

This is the list of questions we ask. We send this list out and then do an hour or so phone call to review the answers with the vendors. We then use these answers to rank them in a weighted spreadsheet to help us make our decision. We also add in things like company relationship, user testing etc, but those aren't really things we ask the vendors about.

Anyway here is the list. I'd love feedback on what others ask.

Disaster Recovery and Business Continuity
Do you have redundant sites designed for auto-failover?

How long does it take for the redundant site to take over.

Does this include the time to decide to fail over?

What kind of RTO/RPO are in place and are they actually tested against?

Do you have geographic redundancy?

Can you restore accidentally deleted or corrupted data? How far back can you restore from?

What impact does a failed HD, server, cabinet, switch, data center have?

Is it possible?

Can we do legal holds by user, file, keyword?

Can we get access to “access logs” in the event we need to?

If so how far back can we get?

What does it show us?

Can we see who our users are sharing with?

If so can we easily remove access from an enterprise level?

Do you have a site like for transparent operations?  

Is it automatically updated with outages or performance alers?

Is code/data in escrow? If so how often does it get updated?

What is the migrate out plan like?

Can we request a backup of our data including any customizations?

Company financials
Are you private or publicly owned?

Are you cash flow positive? If not what is the cash burn rate and reserve?

Are you adding new customers? How many?

Do you track your NPS (Net Promoter Score)?

Do you support automatic provisioning and de-provisioning of user accounts?

Do you support LDAP.RADIUS or even better SAML authentication and authorization back to us?

Do you use encryption? If so is it for data in flight, at rest or both? What kind of encryption is it?

Compliance and Privacy
Do we get notified of an investigation?

Can our data be seized as part of another companies investigation?

Is our data recoverable by your organization? 

Do you have an SSAE16 or ISAE3402?

Are we allowed to have our third party auditors (or internal auditors) to audit your organization?

Please attach a copy of our master services agreement, terms and conditions or other contracts that we are using.

If you get bought by a competitor can I get my data out and go?

Are there financial penalties for service level agreement failure.

Are maximum increases baked in?

How much notice do you need to give us to terminate?

How much notice do we need to give them if we want to leave?  I

Does the contract auto-renew? If so what are the terms?

Are you globally load balanced? If so explain.

Do you use Akamai or other CDN for better performance?

Who do you use for WAN connectivity?

Do you offer “offline” ability? If so it is automatic, or does the user need to know that they will be offline and plan accordingly?

Do you offer built in integration tools to existing systems like SAP,, etc.

If not, how hard is it to build them?

What toolset is used for “custom development”

Are you staffed 24/7?

Can we proactively request assistance if we are doing something off hours?

Is it onsite, email, phone, web or all?

What sort of response time is available?

What is the average tenure of the tier1 staff?

Is there a public knowledgebase available? Is it the same as the internal one or is it filtered?

Can anyone from Enterasys call, or do we only get a certain amount of “authorized users”?

How quickly do new features show up?

Do we need to do anything or do we “magically” get them?

How much notice do we get for training users?

Is the system a true multitenant system?

Do you support multiple clients, like iphone, android, blackberry as well as tablets?

Is it strictly HTML5/browser based? If so which browsers and versions are supported?

Does the system support delegated administration?

How easy is it to automate tasks?

Can we apply roles to groups?

Do we get visibility into what is shared outside of the company, or what access has been granted to third party applications?

Can we enforce enterprise wide restrictions?