Thursday, September 10, 2015

Oneview Dashboard Customizations

Now if you have been following me, especially on Linkedin, you know I'm no longer running the Network and Security teams at Extreme. That doesn't mean though that I'm not still in touch with people there and in touch with what's going on over there.

I'm doing consulting and contract work, but also looking for full time work. If you know anyone who wants to improve their IT efficiency, has security concerns and or is looking for a good IT leader or strong lieutenant please reach out.

This week though I'm helping a long time customer with a NAC and Security assessment. Part of that is helping to customize their Netsight instance to be a bit more useful to them. They are an Extreme customer from the Enterasys days so they have all Enterasys switches, not wireless though.

If you use Oneview, which is the web based interface to Netsight, you have probably seen the dashboards that exist. The NMS dashboard is sort of the main one I used to use. It's a good overview of the health of the network. If you don't use Extreme wireless though the entire middle pane is wasted.

So I wanted to change that to show NAC (or Identity and Access Manager if you like that name better). I figured since I was doing the work, I'd share with you how easy it is to do.

Login to Oneview and go to the administration tab, then click on Report Designer.

Choose the “system reports” you want to change. The main screen is NMS Dashboard but you can also change the Purview or Identity and Access Manager ones as well.

Simply change the Component name to be the data you want to show and then click save.

You can only use existing components but there are quite a few. These are some of the Identity and Access ones.

It will bring up the new Dashboard automatically.

If you want to delete it, go into the My Reports at the top. (not the one you originally edited) , highlight the one you want to get rid of and hit the delete icon.

The help files in Netsight are really good about this as well.

Hope it helps!

Tuesday, May 12, 2015

Securing insecure devices

I'll bet a lot of people read this post already

It talks about one particular medical device that has practically no security. No passwords, open telnet by default and a root shell. Yikes! For those not really into IT security, that's really bad....

It also talks about some other devices that are almost as bad. But in the medical space these devices are needed. I mean if someone doesn't get the right dose of drugs they will die and if this is the only machine available (I'm not saying it is), then until it is really fixed patients and doctors unfortunately need to roll the dice and hope for the best. Sort of like we all do with identity theft every day, but that's a different story.

So what can CIOs and CISOs do to protect them? Well the short answer is get after the vendors, but in the real world that takes time and honestly a lot of time IT just doesn't carry that much weight to over rule the medical professionals. As much as that's the right thing to do, it's not the effective thing to do.

Instead secure the network and don't allow unauthorized machines to connect to these devices. Tools like Network Access Control (NAC) and Network policy have been around for years (decades in some cases) and allow IT administrators and security experts to restrict  how and who can connect to these insecure devices.

For example, if people outside of IT shouldn't be allowed to telnet to the drug pump, the network can simply block all access to it. You can even go a step further and log if someone tries to telnet to it and alert security to investigate who did it and why.

If you are worried about someone unplugging the pump from the network and plugging it into a switch to tamper with it, you can even monitor the device and alert when it goes offline. That's probably not a bad thing to do actually in case the device fails.

I think we need to stop throwing our hands up and saying "The device isn't secure, it's not fair" and instead look at when we can do today with existing technology. We can make things better so don't give up.

Thursday, April 30, 2015

IT Communications you should be doing, but aren't

IT has a reputation of not communicating well. Which is sort of funny, if you think about it, we enable all sorts of communications from voice mail, video conferencing, e-mail, instant messaging and the list goes on and on.
So here are a list of communication tips you should be using. Many of these are informal communications, things I wouldn't send out to the whole company on email, but using a tool like Chatter from, SharePoint from Microsoft, or even an internal blogging platform is a great way for people that are interested in what is going on, to be able to know. It also has the benefit of letting me not feel like an internal spammer.
  1. System down alerts. This includes all the times that something fails but doesn't cause an outage. What a great way to market all the thought you put into redundancy, fail-over and availability without sounding like a self-promoting ass. Of course outages that do cause a significant impact need to go here too. Hopefully you don’t have too many of those.
  2. Roadmaps – We all know that roadmaps change, and sometimes pretty frequently, and I know that’s why a lot of us don’t share roadmaps. The trick is to add the commentary so when it changes people understand why it changed. It’s also a great way for people to know what is coming and to be able to proactively train on them before they need to use them.
  3. Informal notifications on upgrades – Look no one cares if you patch servers, they care about them being available. Letting them know that you are patching them Sunday night at midnight is a good thing, especially if it fixes or avoids an issue.
  4. Training – There are a lot of free training resources from Microsoft, Apple, Google or or SAP offer online videos too. These are great things for you to share either on your IT web site, or informally through blogs or chatter.
  5. Security issues that may impact people at home. It’s a pretty safe bet that your employees have computers at home and would likely find value in any heads up on security incidents that are impacting the company. They are probably seeing some of the same attacks at home and may not know it. With so many people using their home machines to check email or login to the company, making their home machines more secure is always good.
  6. Team recognition. There is probably not a lack of innovation in your team, why not recognize it and get some recognition for the cool things your team is working on. We regularly would do a "Geek of the week" award. It's kind of cheesy, but helps show that we value innovative ideas.
  7. Personal accomplishments. IT administrators are people too and no doubt have major personal accomplishments. Maybe one of your staff just finished their MBA, or the Boston Marathon. It’s good for people to know your team as people, and not just the person that fills the toner when the printer is out. If your company likes the people in IT, they are going to like IT as well.
  8. Blog on industry trends. Many of us in IT actually know what the trends in IT are, in fact you may have people that are influencing those trends. Why not share the insight you bring to the company as a whole. Now let’s be clear, your opinion on the latest power over Ethernet specification may not be too interesting to the co-op in finance or the VP of HR, but you never know, they may be pursuing a masters in electrical engineering and are also working on PoE.
  9. Deals or discounts. If you have a corporate plan with a cell carrier, you may be able to offer the same discount to employees. It’s probably the same with many of your vendors, like Dell, Microsoft or Motorola. If you can help save employees money, what a great way to show added value to them.
  10. Surveys and feedback. I am a bug fan of measuring IT customer satisfaction. In fact I'd argue that of all the metrics, this is the one that actually matters. It's a great idea for the CIO (or a senior IT leader) to personally reach out to some number of resolved helpdesk tickets. It shows you care, and shows that you are open to feedback. When asking for feedback, the real trick is to actually listen and act on the feedback. Asking and then ignoring is actually worse that not asking. 
These are some of the things I have done in the past to make IT more approachable, responsive and likable. I'd love to hear what other people do as well!
You can also find this on Linkedin and follow me there as well.

Thursday, April 9, 2015

Know your audience

(From one of my recent linkedin posts - feel free to follow me on linkedin as well)
I try to bite my tongue and not rant, but sometimes material just presents itself and it's too good to pass up.
I just got a call from a local ISP. It went to voice mail , of course, but I digress.They had recently installed new fiber for another company in our building and wanted to talk about diverse paths and redundancy.
Perfect. It's always good to know about options and even though we already have a separate fiber from two different companies, it's good to have a third option, especially when our 2 year contract is almost up.
In fact, it seemed great. A sales call for a product I can use and timing that is almost right.
So why, the post?
Well after she talked about the diverse fiber she went on to explain that they also offer Cisco hosted voice and we should look at replacing our phone system and upgrading to Cisco.
Now, I'm sure they do a lot of business selling Cisco phones and I think that's great. But, Extreme, where I work, is a competitor to Cisco and I will never buy Cisco products here. I mean that would be like showing up to the Microsoft Redmond campus and trying to sell an ipad, or going to Ford's corporate offices in a Subaru.
Nothing wrong with Subaru, Iphone or Cisco, but know your audience. If she had stopped at diverse fiber paths, I'd be on the phone now.
I'm actually torn between ignoring the call, and calling back and going "Really? Cisco? Really?" like Seth and Amy from Saturday Night Live. Or Seth and Kermit