Making the Case for Draw.IO

Is Time To Say Goodbye to Microsoft Visio?

Diagramming is a very large part of how we communicate.  Flow charts, process diagrams, UML diagrams, network drawings, on and on.  Pictures are truly worth a thousand words.  And the go-to software standard for most organizations needing to diagram is Microsoft Visio.  However, working with different teams, I’ve encountered feedback where Visio wasn’t the preference.  Digging in, there is many pros and cons presented and let’s lay them out here:

Visio Pros Visio Cons
1. Market Leader in diagramming.
2. Wide variety of shapes.
3. Many IT Pros already familiar with Visio.
4. Been around for a very long time.
1. $533 per year licensing.
2. High learning curve.  Arguably, un-intuitive.
3. No Linux or Mac support.  No mobile support.
4. Office365 bolt on, versus integrated product.

Enter Draw.IO…

Application Development introduced use to Draw.IO in 2018.  After spending some time with the product, I find it very comparable.

Draw.IO Pros Draw.IO Cons
1. Open Platform for diagramming.
2. Diagram anything.  Practical.
3. Linux, Mac, and Windows.
4. Free.
1. Opensource. Slow to fix bugs.
2. High learning curve, but training helps.
3. No OLE or Windows Integration.
4. Heavy Java dependency.

Is the shift from a paid product to a no-cost product that meets or exceeds the existing standard a good idea? Granted, learning the tool is a must to become a competent diagrammer.  Are you willing to let Visio go?  Care to take on Draw.IO?

Get Draw.IO here:  https://www.draw.io/

Support/Training Videos are here:  https://about.draw.io/support/

What happens if we don’t invest in developing our people…

CFO asks CEO: “What happens if we invest in developing our people and then they leave us?”

CEO: “What happens if we don’t, and they stay?”

The Lesson: Train people well enough so they won’t leave. Treat them well enough so they won’t want to leave.

Numerous LinkedIn Postings

We see this advice over and over. As leaders, are we walking the walk? Or just more of the same. I talk to colleagues and training is still a problem. Fear of making the investment and watching that investment walk out the door cited as the primary reason.

In today’s economy, junior people are far more skilled than 10 years ago. I see the resumes. We live in times where candidates are highly competitive, highly motivated, and have goals. Financial goals.

Leaders: You are either a part of the solution. Or part of the problem. Invest in your people. Technical and professional. Hard skills and soft. Teach people how to win. Otherwise, your people will move on. And waiting till your top talent leaves you… is on you.

C-Levels: Culture starts at the top. Invest in your leaders. Values and culture matter. Establishes tone. What is and is not acceptable. Mentor the gaps, but hold the line on the winning culture: That you built. Otherwise, your leaders will move on. Waiting till one of your top leaders leaves the organization is on you. Money doesn’t solve the aggravation or feelings of having no support.

Invest in your people. Constantly.

\\ JMM

NSX Is Not For Beginners…

“If I would have known how difficult it is to get NSX up and running, I never would have recommended this solution.”
– Sonny Mendoza, System Engineer – Architect, Lanvera

One of Lanvera’s major achievements in 2018 was crossing the finish line with the deployment of VXLAN and VMWare’s NSX.  Although, NSX was not simple to deploy, easy to troubleshoot, nor kind on your patience.

In fact, in 2018, I attended a Palo Alto event where I sat at a table and talked about NSX.  Others overheard and came to our table to talk about it.  One gentlemen claimed he was on his third attempt to deploy it.  Another said it broke several parts of the network and IT deemed it a risk.  The other said it’s deployed but not in production, fear of it breaking.

All of these concerns are not unfounded.  Here is a few of the take-aways we ran into that marred/aided our deployment.

5.  Hiring A Consultant Does Not Guarantee Success.  After the consultant left, our NSX solution was technically up, but moving VMs between datacenters didn’t work as expected.  Routing didn’t work as expected.  And many phone calls to VMWARE ensued to work on the small whoops that the consultant didn’t catch.  Consultants often expect their clients to know what to look for and with something like NSX, we didn’t know what we didn’t know.

4.  NSX Training Does Not Guarantee Success.  At the behest of our sales engineer, they highly suggested we attend VMWARE’s NSX training, which we spend credits on.  My team reported that the training was problematic, from lab’s crashing or freezing to unable to run the content.  Many phone calls to support dragged it out by weeks, if not a month or two.  After the technical leads were trained, they found the training really didn’t prepare them for the challenges of the deployment.  “Thank goodness we had the consultant”.

3.  Attending VMUG Did Not Guarantee Success.  Although, my team would say it helped.  In fact, Sonny took over a session at the DFW VMUG to talk through our NSX deployment with their subject matter experts.  Explaining our behavioral problems.  Lots of stumpers unsolved.  All that said, I am an advocate of VMUG.  I feel user groups are important to attend for these kinds of reasons.

2.  Reading VMWARE’s Books and White Papers on NSX Did Not Guarantee Success.  Forums and communities would highlight these reads, so we absorbed as much as we could.  However, the books contradicted what sales engineers and our consultants told us.  When we shared our sources for the matieral, “Well, that is technically true, but I don’t recommend it” is what we got back.  Conversations got really suspicious.  What is the agenda here?  Sell more VMWARE licensing or actually get NSX running in a workable state.

1.  Having a VMWARE Lab is the Biggest Recommendation We Can Make To Improve Success.  We didn’t have a lab, but the entire time either we made comments, consultants made comments, or people at VMUG made comments.  Testing these technologies in lab is far better than going straight to the production network.  VMUG is an excellent resource on lab licenses for the VMWARE IT pro.  Competency of the product is paramount, especially when encountering anomalous behaviors.

Resources

VMWARE’s User Group

NSX Communities

Beginner or Advance NSX Hands-On-Lab (HOL)

VMware product page, customer stories, and technical resources

VMware NSX YouTube Channel

\\ JMM

Technology solutions shouldn’t replace people management responsibility…

Let me give you an example:  In my healthcare days, hospital nurses often have downtime in the overnight shifts.  Nurses often loaded games and streamed videos on their workstation, which was against company policy.  When we approached hospital leaders, they asked for a technology solution:  Block the nurses from loading games and streaming videos.  I argued overnight managers should keep an eye on nurses and keep them busy.  Technology solutions shouldn’t replace people management responsibility.  In the end, technology solution won. And in the long run, this technology hurt that hospital’s culture and relationships with IT as an enabler.

Our SOP for these detection’s should be to report these incidents to their leader and HR.  Let people processes work and govern themselves.

Jonathan Merrill, 2018

Technology solutions shouldn’t replace people management responsibility, but it does. And often. And not much as changed in 10 years, other than information security awareness is now a mandatory thing. Which should have changed the conversation. But it hasn’t.

Culture will trump policy every time.

\\ JMM

How to Let People Go…

My advice on firing is simple: Treat that person the same way you’d want to be treated if you were in that situation. They’re still a good person, just not the right fit. So how do you help them move on in a productive way that allows them to maintain their dignity?
– Mary Barra, CEO, GE

Letting people go is uncomfortable, creates anxiety, and often a dreaded part of people management. It’s not surprising that it’s often done poorly. Here is my advice for leaders who face this difficult task.

  • Don’t do it on Friday at 5pm.
  • Have a plan. Assemble a team.
  • Keep it short.  And respectful.

Unsurprisingly, EntreLeadership has the best advice for this subject:

How to Fire Someone the Right Way (Highly Recommended)

Why You Need to Hurt Someone’s Feelings

Should They Stay or Should They Go?

\\ JMM

Infraguard: Protected Voices Videos…

FBI’s volunteer organization InfraGuard is a wonderful resource for cyber security.  Connectivity is not just federal, but a community of people who contribute to this group.  Highly recommended.

The FBI released videos on YouTube covering the gamut of security topics.  Although, targeted specifically on organizations running political campaigns, much of the content is applicable to any organization.

Protected Voices Video Links

Social Engineering

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DOtf2CHqWcrg&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=rlR%2FafGiWGTrwCfY4IUIbQih0tpUdtuDgBn%2FpmaqJ%2FU%3D&reserved=0

Patching, Firewalls, and Anti-Virus Software

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DEZRaAPLpnOk&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=JZGgWUVyBXwKzbIfwvsaksKTWTE6ZipMuJ%2FQpARne8A%3D&reserved=0

Passwords

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dm9YAIrJHQ5A&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=GfOfXB1Ahi6kG3moq9YjW2%2BG99nzsMu0KrfC%2B5ckq28%3D&reserved=0

Information Security (InfoSec)

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DipTvQ5reUr8&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=ShZJIrEcU1j81ccKjWWh84XLAjDvY5kxozsWVrpog8I%3D&reserved=0

Browser and App Safety

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpL-Ck2x68Mw&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=pl54J5hf58B6U4du0b%2BrXc2Pnql7Sw8KzhFp2DqQR%2Bo%3D&reserved=0

Safer Campaign Communications

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DhlwwI5xwDvQ&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=JC5fC2el1X%2FD6lupjV0Bf93yzx4oB%2BYeWl86hkoAocQ%3D&reserved=0

Wi-Fi

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DluXZ1hUEKtY&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=Ik238uxHj0tNyquIlflKYXFglcKQZ16dkgnp5FTITMw%3D&reserved=0

Router Hardening

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DvNOU13WfHaQ&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=8zkcp5XDzo7uAP0vb%2FfmhyJ2bIGaIhLaYz6u%2FcmF5jI%3D&reserved=0

Cloud-Based Services

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DPkHhLeaLGCc&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=xwZ6jz1i%2F3qE6NbHacMTcow6hpW0eHrLvzzvJKh3zV0%3D&reserved=0

Virtual Private Networks

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DbzD6paYozGI&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=XH1nJOZBu4Aya%2Bk%2FKirvG%2FKygJp8%2FbpPqy4Tb%2FpayyA%3D&reserved=0

Have You Been Hacked?

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DTM1Bm8HOdmE&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=XOrv5i98td4YDdKe6geAvoEiUpuPZVNDF1CnSbwHV1w%3D&reserved=0

Incident Response

YouTube: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DNCene65EJww&data=02%7C01%7C%7C214a3ac6da0b4da2c36008d6176d6a35%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636722156024637744&sdata=z1UfUjJVNhxekpW1%2FRmKamMkzv9v6WBXSVDbESKYZDE%3D&reserved=0

\\JMM

Enter Predictive Index For New Hires and Retention…

Ask any military leader the difference between winning and losing on the battlefront is effective battlefield intelligence.  Hiring for culture is no different.  This is why EntreLeadership lessons focus on extending the recruiting process, creative interviews, and not making decisions purely on skill.

For years, I’ve advocated either DiSC or Style of Influence (SOI) in lieu of the Myers-Briggs.  I’ve taken all three in business settings and I would say each has strengths, but all three focus on approaching communication and collaboration.  I found something different.

On September 21, I attended Security Advisor Alliance‘s conference.  Arguably, one of the best conferences for information technology leaders in 2018.  One particular break out session caught my eye:  Using personality analytics not just for culture, but learning capability.

Here is the front page of my report:

Nevertheless, I was and still am throughly impressed by this tool.  Not only did it eerily get me as a possible candidate, it perfectly got my strengths and weaknesses as employee.  Things managers need to know as they give role and responsibilities, including things to look to ensure performance.

Check out these links:

// JMM

InfoSec Governance: What Success Looks Like

“If you spend more time on coffee than on IT security, you will be hacked.  What’s more, you deserve to be hacked.”

Richard Clarke, Whitehouse Cyber Security Advisor

Six Outcomes

#6.  Integration.  When all InfoSec processes work as intended from end to end.

#5.  Measuring Performance.  When all InfoSec processes are monitored and measured to make sure they acheive their goals.

#4.  Optomized Resources.  All InfoSec knowledge and infrastructure are being effectively used as designed.

#3.  Delivered Value.  When security investments support business goals.

#2.  Managing Risk.  Consciously deciding to act.

#1.  Strategic Alignment.  When InfoSec and business strategy align, creates three achievements:

  • The enterprise defines what good strategy looks like.
  • Security matches the company’s DNA, instead of trying to rewrite it.
  • The amount of money spent on InfoSec reflects how important security is to the organization.

\\ JMM

Does Network Cabling Matter ?

Cabling is important. Its need to be good enough. The problem I have with cabling is that people spend way to much time fussing, fretting and fooling themselves that having nice cabling actually has value.

You should be spending time in meetings, writing scripts or buffing up your excel skills to work out the software subscription licensing costs.

Q. Want your advice on a cabling colour scheme for our new data centre ?
A. I DO NOT CARE. IT JUST HAS TO WORK. NO REALLY. I JUST DONT CARE

From Blog Ethermind, June 2018

I read Greg Ferro. I have read his blog for many years. I feel his pain and acknowledge it.  And, although this argument is well written, it is worthy of comment for those who choose to think different.

You see, I do fall in the camp that cabling is important. It’s representative of many things that exist in Information Technology that are under the covers.  Cabling determines how serious you are, how disciplined your IT show is, and the attention to detail your team has.  Yes, cabling says all that.  And when you invite me over to see your data center, it’s what I am thinking when you show off your hard work.

“Network cabling usually only represents 10% of the total technology spend.” – Bill Atkins, during his time at Panduit

Yet, we run the production IT show on that cabling.

“Sometimes you have to do IT two or three times to get it right.” – Former CTO (Name Witheld)

Ouch.  Doing the same things two or three times is not cost efficient and often indicative of culture.  Did you hire the right people and put them in the right seats?  Did we listen to our wiring experts or follow the misguided advice of “this is how we’ve done it for 20 years”?  Two or three times in the wire business is great for the manufacturer and installer, bad for the organization writing the check.

Why Cabling Should Be Important To IT People

I didn’t say critical.  But there should be a standard to hit, as IT craftsmen.  A guide to follow.  Here is my top 5 things I recommend peers to consider when cabling.

#1.  Wiring should be easy to understand.  Color codes and design.  BICSI.  ANSI/TIA/EIA-606-A, Administration Standard for the Telecommunications Infrastructure of Commercial Buildings, or the updated ANSI/TIA/EIA-606-B documents these standards.

#2.  Wiring should be easy to troubleshoot.  As-Builts in all data centers and cable plants.  Consistent labeling throughout the facility.  Velcro over zip-ties.  Basket tray versus cable tray.  Combined wire with slack vs. just letting it hang.

#3.  Quality versus Crap.  Mid-grade wire versus minimally compliant.  Wire for the 20 year plan vs. no plan.  1GB is often plenty.  10GB is overkill if your back end can’t support it.  Think hard about plenum vs. non-plenum.

#4.  Manufacturer and installer proud.  When the manufacturer wants to show your work to their prospects, that’s a good sign they’ve done it right.  Choose certified installers.  Ask the question.  Then choose quality products that align with your team’s standards.

#5.  Wire once.  Your ROI is far better achieved when the installer comes out to do the big job versus coming out multiple times over 2-3 years.  Multiple times often equates to two times the labor cost.  Your not saving money and the chances of mistakes are actually higher.  Wire once, if at all possible.  And then ask the manufacturer to QA your job during your walk through.

\\ JMM

Why You Are Being Asked To Be in CAB

Today’s blog is from the mailbag of notables.  The context of this email is when I was “leading by walking around” and overhearing a few employes not wanting to go to CAB.  Not wanting is putting it nicely.  CAB is “Change Approval Board”, which is mostly a call to talk about the changes happening to the production environment.

From: Jonathan Merrill
Sent: From My Desk
Subject: Why You Are Being Asked To Be in CAB
Importance: High

Just overheard “Why do I need to be at CAB. I don’t have changes”. Not the first time this has been said. And it’s not unnoticed those team members who don’t show up. Before you say, “busy”, I know everyone is busy. We are all busy. Nevertheless, here is why I encourage you to be at CAB every time:

1. If you do have a change, you need to explain to CAB what the change is, what it will impact, and allow architects and SMEs to chime in. We’ve had one over-ride since we started CAB, which saved us from an embarrassing situation.

2. You listen in on what’s changing in our environment. Operations teams must have the pulse on what’s going on. If you don’t know, how can you react? Putting things together is a skill, just like listening and comprehending. All three should be applied in CAB.

3. Opportunities to sharpen your saw putting in changes. Once we get some consistent muscle memory on non-standard changes, let’s talk about standard changes. Until then, let’s learn from each other and ensure we understand the why about change management. I’ll need your help to train other teams once they get incorporated into our change system.

If you’re working on a critical ticket, production outage in flight, or anything affecting a client ability to process, then your at least armed with what changed.

If your actively engaged in a production issue, clear it with your manager and let him or another team member represent your change in CAB.

Any other reason… eh, no. Knowledge culture, folks. Root word is “Know”. We need you to know. I need you to know. This is the culture we are building. Please participate. Everyone…

\\ JMM