By Jonathan Merrill on
3/21/2014 1:40 PM
Voltaire was once quoted saying, “Le mieux est l'ennemi du bien”, or translated “The perfect is the enemy of the good.” I was recently told by a senior IT leader about the hazards of being perfect and accepting the philosophy of the “80/20 rule”, where 80% is good enough and we need to get comfortable with not getting the other 20%.
Pretty incredible statements from a leader and indicative of the culture as a whole. Do you agree with him?
What if only 80% of planes didn’t crash?
What if the police only enforced the law 80% of the time?
What if your bank thought being 80% correct was good enough when handling your money?
What Is 100%?
Is being perfect meaning doing your job 100% of the time? I say the answer is no. There are four benchmarks I feel better answer the “perfection” question:
80% = Unacceptable. If you ask customers, this is not acceptable. Yet, this is the new norm. Go do a Internet search on “80% good enough” and see how any articles come up. Story after story of companies falling down, perpetuating and teaching a culture of mediocrity. I say this is not where we should be nor should we tolerate operating at this level.
90% = Below Expectations. This is where most people live and operate. The culture of exceptions. Often, we have to fudge it to get the rest of the way. Which is how checkbooks become pennies off, where uptime is calculated, and the majority cite as being “realistic”. I say 90% is just as bad as 80% as it is as conducive to the reflection of the organization as it is how the customer perceives service delivery. 90% is the equivalent of being second place.
100% = Expectations. This is where we all should be. Consistent outcomes live here. The goal is process and procedures should be executed at this level and accept no substitute. This shouldn’t be vaporware, but the law! KPI should be measured against this, especially around quality. 100% is winning, in my opinion. Operate here and your service delivery value organizationally far exceeds what one man can do.
110% = Perfect. This is where perfection lives and breathes. Not only performing to expectation, but exceeding expectation through extraordinary quality and exceptional detail, creating amazing value. This is nirvana, arguably. And I would admit impossible operationally. 110% may be hard to calculate mathematically, but we know it exists as we see it not just by process execution, but by customer behavior and your team’s demonstrated hard work paying off. Giving 110% is what we tell our people, don’t we?
By Jonathan Merrill on
3/14/2014 1:06 PM
Reading along the blogs these past few weeks, I’ve noticed an uptick in leadership articles. And I’ll stay away from the tips and tricks, but it’s got me thinking. How important is strong leadership really? If the senior leadership knows the business and hires awesome people, shouldn’t that be enough?
Take this comment from Kapil Raghavendra:
“However, in my humble opinion, we may need to consider one more important aspect for the the All-start team to truly remain an All-start team. A leader with the capacity to lead them. It's no good getting a team of Avengers together if you don't have someone like Fury controlling them. A team like that without strong leadership is a ticking time-bomb, its just a question of time before a Hulk brings down the house. The challenge with All-start team is not keeping them in control, honestly we can't, but its knowing how much to let them loose. The challenge is ensuring that their actions are for the good of the company and are in line with the overall objective. It's unlikely that all members in the team will have the necessary insight and the foresight to make right decisions on what actions can and cannot to be taken within their capacity of being a part of a larger whole. This is where someone like Fury is so crucial without whom we might not need external competition to sink the establishment, our best team will do it for us.“
‘Agree with Kapil, but I would alter a few points of language. You can't really control the Avengers, but you can channel their energy appropriately. It's not about control - it's about putting people where they can have the best impact and support the team well.”
“… The trick is to recognize that not everyone is the same. Look at a chessboard and see how the different pieces support each other. Your people can be thought of similarly - you play a bishop differently from a knight.”
Managers are a dime a dozen, leaders are rare. Most people don't understand the difference, even if they say they do. Managers don't trust you; leaders make it safe for you to take risks. Managers control, leaders nurture. Managers manipulate (direct), leaders allow you to grow.
By Jonathan Merrill on
3/7/2014 9:10 AM
Or is it called Orion now? That moniker has disappeared on the website now and many just call it Solarwinds. Although, that’s not true either as Orion is made up of many modules. And what is turned off and on depends on your wallet. Many of my peers just call it Solarwinds, so lets’ stick to that. But, I digress.
It has been a long time coming this topic. And my current employer chose Solarwinds based on an internal recommendation to “solve all your ills”. He has since departed and we now have this tool that is everything we want it to have. I am not begrudging my Austin peeps nor the success this company has had, Solarwinds does work. It monitors everything. And their people are crazy smart.
I am, however, saying that Solarwinds may be an awesome engineer’s monitoring tool, I just don’t like because… it doesn’t excitement me. It is a boring tool, a frustrating tool, it’s not easy to master, has gotchas, and has been this way for years and years. Here are my gripes:
#4. Death By 1000 Alert Options.
This product has a crazy amount of alerting options. You can actually fuzzbust your fuzzbuster, there is so many alert configuration options. My biggest complaint is to get the functionality, you need to exit the web interface and fire up the alerts configuration tool. An application off to the side, because in 2015, we can’t put this functionality on the web. Oh, we can? Who is doing that? Everyone is?!?! What the heck, guys?
In practice, we had so many alerts configured in so many different ways, the alerts stepped on each other and we crashed our alert server. We literally sent 1,000,000 alerts daily for a few weeks. Once we realized our folly and the madness of allowing so many people access to create their own fiefdoms of alerts, it took 3 weeks to clear out the alert backlog. Solarwinds fault? No. But a true story nevertheless.
#3. So Many Modules.
One of Solarwinds strength’s is it’s extensibility through modules. The bolt on approach can enable the tool quickly and the potential is limitless. The approach is the right one and love the capabilities present. However, the problem is less about capability and more about the lack of a 360 degree perspective across the platform’s modules. Drilling down into IP addresses or application types, down to the host level or network layer. Sure, you can do this in individual modules, but each module has a limited set of integrated features, separated by the tabs at the top. So, there is a good chance to find the information your looking for, you’ll need to dive into two+ tabs to get the full picture. Not cool.
Because of this loose coupling, each module doesn’t feel full featured and I am left wanting for features I find in other product offerings. IPAM has it’s own discovery separate from NPM auto-discovery? Where is the unified work engine with triggers depending on criteria for each module?
Where is the smooth transition between modules… Oops, that’s leads to #2.
#2. Tired User Interface.
Solarwinds’ interface is way way way… way overdue for a refresh. It’s interface is reminiscent of 80s disco: Cool and hip, but tired and old fashioned. I see some hints here than there of some changes, but where is HTML5? Where is the customization on the dashboard? The tabs are horribly placed. What do you mean I can’t customize a tab? Why does the content look so dated?
#1. Tiring User Experience.
As a monitoring tool, sure it functional. Crazy functional. But as an enterprise network operations center dashboard, it’s not that great. In fact, as user interface tool, the data does not mean what it always says. Look at Figure 1, Nodes with Problems. Green means what? The node is up. Not that there is a problem. Just looking at the hosts don’t tell the story and tuning the story is not easy in comparison with other tools. In fact, it’s just not designed with that in mind. Because it’s a tool designed for another class of people.
Where is the drill down experience? Finding stuff is not always easy as module has it’s own search bar. The host information is cluttered and not easy to read creating the need to scroll. I hate scrolling. And I would expect there to me a lot more integration and symbiosis between the modules, linking easily within the hosts. There doesn’t seem to be an intelligence between the hosts giving the 360 view. Just tack-ons to the existing tired infrastructure.
I could go on for another page, but frankly, the user experience is designed for the Y2K Cisco engineer and not the masses. I want a tool that gives me vision and not wears me out trying to find the reasons.
By Jonathan Merrill on
2/28/2014 8:29 PM
EMC hosted an sales event mixed with Transformers the movie, which turned into a social and team building event for EMC’s good customers. As they ticked through their sales deck, there was one page that caught my attention. “Behold the wall of insignificance”, as the sales guy pointed at these companies:
The sales guy continued… “Misreading the signs… One wrong turn… Bad decisions…. And you could find yourself insignificant, just like these companies.”
Insignificance is not my calling… Nor is it yours… Nor should it be… Very powerful statements…
By Jonathan Merrill on
2/21/2014 3:48 PM
I recently attended an DFW IT Professionals meeting to see and watch a presentation regarding DevOps. It’s picking up steam amongst many IT circles and I’ve read a few articles about it’s importance. Below is a YouTube video of the presentation previously given at a DevOps conference.
Highly recommended viewing:
By Jonathan Merrill on
2/14/2014 12:26 PM
I wrote an email to my team I’d like to share…
Good morning, team.
“Neo, sooner or later you're going to realize just as I did that there's a difference between knowing the path and walking the path…” – The Matrix Movie (1999)
Ok, so now you’re an SME. What does that mean? What are the expectations? What are the next steps? Let me answer those questions here for you as this is the tip of the blade when we talk about the knowledge culture.
What Does It Mean To Be A Subject Matter Expert?
Subject Matter Experts (SME’s) are the go-to people in an organization. SME’s have an oversized value to the organization as a whole as the level of expertise, knowledge, and wisdom is what the organization counts on to benefit the organizations’ ability to execute, ability to respond, and support functions during break/fix. That value intensifies as time goes on, as the material grow and matures, and your level of competence as a SME will be determined by how well you keep up your knowledge base.
Being an SME is centrist for developing a successful career, especially in IT. While our industry favors a “jack of all trades” approach, especially in the Microsoft and VMWARE spaces, you’ll find that only a few rise to the top as their knowledge is honed on very specific topics. The “master of none” is how many in IT get stuck in generalist roles and never grow to their potential. Instead, the SME concept is to be a “jack of all trade, master of some…”
From an organization perspective, we bring in the SME’s on subject matter during problems, during changes that effect that space, and serve a consulting role, especially during Strategy meetings. Further, SME’s play a positive role in ensuring cross-training and competence is establish on the team. If any of these fall, the SME is responsible for that gap and needs to do his or her part in ensuring the team learns up quick.
Ways To Develop A Subject Matter Expert Knowledge Base
There may be other ways, but here are the top five I would consider:
1. Read the publications and web sites dedicated to your area of desired expertise
It is amazing how much information you can find out and how much you can learn from targeted reading in the area of your expertise. This particular step is especially important to develop the theoretical side of the area of your expertise as well as understanding the trends for your area. Doing a simple Google search on your area of expertise can yield ten places to start reading. As you do this daily, those sites will link to other sites on your subject. Going to those places will expose you to even more. After a while, you will settle on ten to twenty sites that provide you the kind of information you are looking for to learn more about your subject area.
2. Join professional organizations and associations in your subject area
These could be true professional organizations with local professional chapters (such as the Project Management Institute), intelligently selected groups on LinkedIn not associated with a professional organization, or an informal group of like-minded individuals in your local area who work in the area you want to learn about. The benefit of these groups is that you bridge the theory to the practical. A local professional chapter cares about the theory of something — but they want to solve a problem they have and will share how they did so with others in the group.
3. Answer questions. So you can get asked more questions.
Be willing to answer questions about your area from others. If you don’t know the answer, go research the question until you get the answer or answers. This will increase your knowledge. Plus, the person asking the question will appreciate getting an answer and will tell others. Getting asked questions, researching the answers, giving the answers and getting more questions will exponentially increase your expertise. This knowledge will consist of both the theoretical as well as the immanently practical answers to pressing problems. The more you know, the more you will be asked, resulting in knowing even more by researching the answers.
4. Attend organized formal training.
Our organization does not object to formalized training. The vast majority may require an investment in time and money to attend. It’s my opinion that organized formal training is less effective on foundation topics and steadily more effective the more advanced the concepts and learning material are. Nevertheless, the SME should always keep an eye out on training opportunities as they are out there. In fact, if you look hard enough, some are free.
Experience + Certification = Exceptional Value. Find out what it takes to get the certification. That roadmap is a very good way to get what is needed to understand the various competencies contained within the subject matter area. Picking up the certification not only demonstrates competence, but shows mastery to peers and a personal benefit in achieving a career goals through continuing education. To me, this is the value of certification and, if used right, is a powerful tool for IT leaders and alike building the knowledge culture.
Expectations Of A Subject Matter Expert
1. Build And Maintain Your Knowledge Base
Now your assigned to the SME, it’s time to build competency. Using the ideas above, dive in. If you’re stuck or needing help, please talk to me and we can work together, but how you do it and what tools you use, is completely up to you.
2. Cross-Train The Team
On our team, it’s the SME’s responsibility to maintain competence on subject matter areas that are assigned. How that is done is completely up to the SME. Although tried and true methods for training are fine, I find in my experience that the more unique and engaged the training is, the better the recipient retains the information. In the end, the SME’s performance is judged at how well the team knows the content and how effective the SME is in that particular area.
Being a SME also means participating in meetings, discussion, writing knowledge base articles, etc.. In other words, never stop looking for opportunities to educate people.
I hope this document served a positive purpose with what I am hoping to achieve on the SE:OPS team. Foremost, ensuring you guys understand what I am expecting. Let’s make it so, team.
By Jonathan Merrill on
2/7/2014 10:21 PM
Here are a few notes I recently took during a leadership talk I attended.
What Does Leading Forward Mean?
- Vision to anticipate what comes next.
- Having the courage to do what needs to be done.
What Does Leading Forward Take?
- A commitment to clarity about the present reality.
- A faith filled perspective.
- A good memory. Not constantly looking back, but understanding history so as not to repeat mistakes.
- Courage to go it alone.
By Jonathan Merrill on
1/31/2014 11:28 AM
Like all things, Information Technology must do business with vendors to make IT go and volumes could be filled with horror stories when vendors came up short. It never ceases to amaze me how sales people submarine an opportunity and walk away confused, even befuddled. You just want to reach across the table and shake the guy, “Wake up, man! Your blowing it”! Doesn’t matter if your technology is better, sales people matter. What is said, matters. And what is actually done makes or breaks the relationship. Here are three in particular.
My first example is a national encryption solution I looked at when examining two form factor authentication. Their solution was solid, impressive, and price competitively. It came down to client support. They touted support for Android and iPhone with Windows phone will be supported in 90 days. Why Windows phone? Many on our executive team have Windows phones and prefer them (myself included). The sales team said numerous times, “We will have Windows 8 support by 3rd quarter”. Third quarter turned into fourth quarter, then 1st quarter, now 3rd quarter. Almost a year later.
Think I trust these guys now?
How to fix: If your going to make a commitment. Stand by them. If your going to miss it, get in front of it and talk to the customer.
My next example is well known printer company. We looked at them when examining our printing standards in the enterprise. At my behest, I brought them to the table as I feel strongly their technology is vastly superior on multiple fronts. The sales guys strode into the room and sat down to have a conversation. No deck. Just “tell us what you want”. How do we know what we want, you’re the sales guy. The atmosphere in the room changed and became awkward. The death blow was when the sales guys mentioned, “We do deals with thousands of printers, this would be on the low end of the scale.” He meant it as quick and easy, but came across as “you are small and insignificant”. Once the contracts were reviewed, sales guys stopped returning calls quickly and the sales processes collapsed. Only at the 11th hour did we get a VP at the printer company to step in and correct the sales course. But, too little to late.
This could have been avoided. Now, these folks are seen as arrogant and not customer service focused.
How to fix: Humility, humility, humility. You know your product is awesome, but never sit on our laurels. Arrogance kills more relationships than builds bridges. Instead, educate us. Sell us on why and how. And sell us on why it’s simpler to do it your way. Never depend on the product to sell itself. Especially, if the product includes the human element.
My last example is a wiring consultant we used to manage the wiring in a building, including bid spec for parts and materials, installers, and coordination of the project. What started out looking good ended up in a kaleidoscope of bad behavior. Here are a few examples:
- Used the same price sheet from another client and passed it off as “new numbers”.
- Changed the numbers. Doesn’t matter why.
- Made promises to wire manufacturers, distributors, and installers before the client selected. “You are guaranteed to get this!”
- Forced installers to “eat mistakes” the consultant made. If it were once or twice, maybe. But more than half a dozen times.
- Tried to get distributors and installers the client chose “dismissed” from the job, in favor of consultant favored distributors and installers.
- Was the cause of missing dates and milestones, due to lack of attention to detail and just sloppiness. Then blamed others.
All the while touting the very high ethical standards, almost ad nauseam. Now, many don’t know about the very real underbelly of the structured cable wire industry, possibly a future blog. Nevertheless, this company gets a lot of work and I am shocked by the consistency inn bad behavior, starting from the top.
How to fix: Consciously choose to do right. Choose to be ethical. If you want to change the industry, rise above it and be an agent of change. Do no harm. Be positive. But, never compromise your values. And provide amazing value.
By Jonathan Merrill on
1/24/2014 4:34 PM
I am going to make a few controversial perceptions that is rooted in near 20 years of IT, but is all centered on how organizations treat creative thinkers and executers at various sized companies.
1. Creativity isn’t as important as assimilation (Process widgets the same way, every time, or else!).
2. We hire creativity, but want productivity. (Produce more widgets faster!).
3. The more creativity we hire, the less productivity we get. (Widgets are stupid and here is why).
4. Corporate culture is more important than creativity. (Everyone gets the same widget, or else!)
Can you identify any of these points at your company? How did we get like this? How do we fix it? Or should we?
By Jonathan Merrill on
1/17/2014 9:21 AM
We are looking at changing up our printing platform and recently obtained a document with best practices for printers from a CEH.
Printers face five main threats and vulnerabilities:
Document theft or snooping
- A person can simply walk over to a printer and pick up a document that belongs to someone else.
Unauthorized changes to settings
- If your printer settings and controls aren't secure, someone may mistakenly or intentionally alter and reroute print jobs, open saved copies of documents, or reset the printer to its factory defaults, thereby wiping out all of your settings.
Saved copies on the internal storage
- If your printer has an internal drive, it can store print jobs, scans, copies, and faxes. If someone steals the printer, or if you throw it out before properly erasing the data, someone might recover the saved documents.
Eavesdropping on network printer traffic
- Hackers can eavesdrop on the traffic on your network, and capture documents that you send from your computers to the printer.
Printer hacking via the network or Internet
- A person on your network can hack into a network-connected printer fairly easily, especially if it's an older model that lacks newer security features or isn't password-protected.
- Security flaws leave networked printers open to attack:
- According to InfoTrends, there are almost 30 million printers and multifunction devices in offices and homes throughout the U.S. and Western Europe, and most are connected to a network. This means they are just as susceptible to malware and hacker attacks as PCs -but for a variety of reasons they are often overlooked by IT professionals and used without proper safeguards by employees.
- A recent Xerox-McAfee study revealed that more than half (54 percent) of employees say they don’t always follow their company’s IT security policies.
- Also, half (51 percent) of those employees whose workplace has a printer, copier or MFP say they’ve copied, scanned or printed confidential information at work.
- The study goes on to say that more than half (54 percent) think computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6 percent say it is MFPs. This small percentage is proof that employees simply do not realize their office MFPs really are true networked devices that behave the same way their PCs do – and have similar vulnerabilities. Pair these stats with the fact that the average organizational cost of a data breach is $5.5 Million and you have a pretty strong argument for taking this warning seriously.
- But I know what you’re thinking: none of those massive breaches are possible through an MFP, right?
- Just about anyone can launch full-scale attacks against a network and a company’s information assets through an MFP if its physical and electronic access points aren’t securely controlled and protected. Those attacks can be as simple as someone picking up documents left in the MFP’s output tray, to malicious worms pulling sensitive documents off the network.
- Consider this example of hacking the network through an MFP: Today’s combination of mobile workers, cloud printing and the continuing penetration of Android-based personal devices make it possible for an attacker to create a malware app that infects the mobile device, opportunistically attaches itself to a cloud print job, gets downloaded to a networked MFP, and from there infects the entire enterprise network, completely bypassing firewall and intrusion detection controls. In this case, it’s complexity that creates the vulnerability.
- Significant difference between Printer MFPs and Copiers. Printer MFPs tend to be more secure than Copiers due to how often printer firmware and drivers are updated to fix issues and security changes. Copiers rarely address security issues once released to market.
Top 3 Reasons for Print Security Not Being Adopted (Research and analyst company Quocirca)
- 92% - Low Priority
71% - Unawareness of Benefits
65% - Lack of Print Security Strategy
Physical Security for Your Printers
- Increasing the physical security of your printers can help prevent document theft or snooping, unauthorized access to stored documents, and misuse of the printer's ethernet or USB connections. Place printers strategically to balance ease of access and security. Putting them in a somewhat visible open area that is accessible to most the users may be a better idea than sticking them in a separate room or office where you can't monitor them as closely. In any case, consider designating separate printers for management and other sensitive departments and keep those machines secure from other employees.
- Also consider buying printers that require users to provide some form of identification (such as a PIN) before it prints.
- And don't neglect hard copies of documents. Shred sensitive papers when you no longer need them.
Password-Protecting Your Printers
- If you have a business- or enterprise-class printer, it probably has an administrator control panel of some sort that you can access through a Web browser, a screen on the printer itself, or your PC's command line. Most such printers will let you password-protect the control panel to prevent others from changing settings without your knowledge. Refer to your printer's documentation to learn how to do this.
Securing Printer Admin Traffic on the Network
- A password alone won't stop a determined hacker. The admin password may not be encrypted when you send it from your computer to the printer, which means that someone could intercept it and gain access to your printer's controls.
- To avoid this, use an encrypted connection when you access the admin control panel, if your printer or print server supports it. For instance, when accessing the interface via a Web browser, use an "https://" address (which uses SSL encryption) instead of a regular "http://" connection. If you need command-line access, use encrypted SSH instead of clear-text Telnet sessions. If your printer came with a printer management application, see whether it supports encrypted connections.
- For additional help in combating hacking, check your printer for ACL (Access Control List) support or for some other feature that lets you define who can use or administer it. Be careful not to open your printer's Web interface (or any other admin interface) to the Internet, to prevent people on the Internet from finding and trying to hack your printer. Your network firewall should provide enough protection and this shouldn't be an issue unless you explicitly configure it to open access to your printer. If your printer supports Internet Printing Protocol (IPP), FTP print jobs, or any other feature that lets people send it print jobs over the Internet, consider disabling the feature if you don't use it.
- If your printer or print server uses SNMP (a protocol for managing and monitoring devices on networks) to communicate (as HP's JetDirect products, for example, do), try changing the default SNMP community names to a strong password to help frustrate would-be password capturing, cracking, and additional hacking. And whenever possible, use SNMPv3, a newer version of SNMP that includes authentication and encryption for added security.
Securing Printer User Traffic on the Network
- To prevent users on the network from intercepting print jobs as they go to the printer, find out whether your printer or print server supports encrypted connections to and from the PCs on your network. Some printers do use SSL/TLS, IPsec, and other encryption methods.
- Check your printer's documentation and consult the vendor about whether your current equipment supports encryption or if you can purchase additional hardware or software to add such support.
Updating and Upgrading Your Printers
- Make sure that you keep your printer's firmware and drivers up-to-date. Often, updates add new or improved security features, patch known security holes, and fix other problems.
Discarding an Old Printer
- Before disposing of an old or broken printer, make sure that its internal hard drive (if it has one) isn't saving any documents. Check your printer's documentation or speak to its manufacturer to determine whether it has a drive--and if it does, to learn how to erase the data. If the you can easily remove the drive, you may be able to connect it to a PC and erase the data with special drive wiping programs that make the data completely unrecoverable.
VLAN Best Practices
These are some general guidelines in creating VLANs. A VLAN creates a boundary between devices, so the goal is to plan the boundaries that will improve network functionality and security.
- Grouping devices by traffic patterns - Devices that communicate extensively between each other are good candidates to be grouped into a common VLAN.
- Grouping devices for security - It is often a good practice to put servers and key infrastructure in their own VLAN, isolating them from the general broadcast traffic and enabling greater protection.
- Grouping devices by traffic types - As discussed in this How To, VoIP quality is improved by isolating VoIP devices to their own VLAN. Other traffic types may also warrant their own VLAN. Traffic types include network management traffic, IP multicast traffic such as video, file and print services, email, Internet browsing, database access, shared network applications, and traffic generated by peer-to-peer applications.
- Grouping devices geographically - In a network with limited trunking, it may be beneficial to combine the devices in each location into their own VLAN.
Father, Leader, Mentor,
Problem Solver, Visionary,
and Technology Professional