TechVirtuoso

InteropITX 2017 Breakdown

May 24th, 2017 at 10:00 PM No Comments Frank Owen

Interop is my favorite IT Conference. I have been to many other conferences including vendor sponsored events and for me, Interop stands out. The vendor related conferences almost always have a spin to it. Since InteropITX is a independent conference you don’t get all the hype. There was a lot of changes this year, for me and the conference.

Interop was rebranded to InteropITX
Jennifer Jessup left the Managing Director role after almost 5 years, Meghan Reilly took over
Interop left the Mandalay Bay in favor of the MGM. I am not sure when they started in the Mandalay, but it has been there since I have been going.
I opted for the Workshop/Seminar pass this year instead of the normal Conference pass.
I actually left Vegas after Interop with more money then I came with!

Even with the name change and the new location the biggest change for me was the Summit\Workshop pass. My engineer joined me at the conference and he took the more technical tracks (like the Packet Pushers Future of Networking Summit) so I went through the leadership track. My first two sessions with Rob Cordova was awesome. In the morning he went over how to continue to develop your people and in the second session he talked about how to innovate, specifically for IT. He kept the room entertained while actually providing some great insight and many ideas and skills I am sure everyone in the room found useful. I tried to go to a couple of technical sessions on Day 2 but they filled up quick so I ended up in another two leadership sessions. They weren’t as good as Rob’s (he set a high bar), but I still left with some good information.

On Wednesday I caught up with the guys at Tech Field Day and got to sit through a presentation from Paessler, the makers of PRTG. After the presentation I spent some time on the show floor talking with companies like portnox and Raritan (I didn’t even know they were still around!). I will have a couple of follow up posts on these companies to go in to a little more detail. I couldn’t spend as much time as I would have liked on the show floor because we were planning and performing an infrastructure upgrade in our Las Vegas branch, but I did spend enough time to see the joke of a Cisco booth. Not sure what that was all about, but it seemed like someone was on an episode of Punk’d.

Overall, it was a great conference and I think I will be attending again next year.

I can no longer recommend HP Servers for SMB

April 10th, 2017 at 12:02 AM No Comments Frank Owen

In the past I have flipped flopped my recommendations for server hardware between Dell and HP. I have never had any reason to recommend one over the other until now. I remember a few years ago hearing a bunch of hoopla about HP starting to require a service contract in order to receive firmware updates. I remember reading a blog post that broke down some of the details at put me a little at ease, so I went along with my business.

John’s post mentioned he thought this could have been a cash grab from service contracts, but HP stated this was not the case. I would recommend reading his article for all the details, but the gist was they were trying to prevent unscrupulous VAR’s from refurbishing Proliant hardware using their firmware. I personally think they were trying to prevent 3rd party service companies like Park Place Technologies from selling aftermarket service contracts. These service contracts are usually much cheaper then OEM, and will likely extend the amount of time a server is in production which means less hardware purchases.

Over the past few years, I have been dealing with mainly Dell PowerEdge devices. These servers do not have the requirement and make it very easy to update. Most of these machines can use their built in Lifecycle controller to automatically scan, download and install needed firmware updates. It is a very easy process, and no support agreement required! Fast forward to today and I find myself working on a HP Server that I spec’d out and installed for a client over 5 years ago. With most of his apps moving to the cloud he had no reason to replace this server. I was checking firmware, and of course with HP’s new policy I can not update the BIOS. So since HP has killed my ability to download the BIOS update, the machine will be sitting with a BIOS from 2011 until it is replaced.

Moving forward, Dell will be the only company getting my blessing in the SMB space. The extra cost of a service agreement for a large number of SMB’s doesn’t fit. Hopefully Dell doesn’t try and follow HP’s lead, but I think if that was the plan it would have happened already.

If you haven’t disabled telnet on your switches, shame on you!

March 20th, 2017 at 10:57 PM Comments Off Frank Owen

I am surprised at how many networks I run across that still have telnet and plain old http not only enabled, but the only way to manage these devices. This really is a easy change and in my experiences doesn’t have any drawbacks, so why do people still have these enabled on their network? Why are device manufacturers allowing these as options in new devices being configured?

The reason I bring this up today is unless you are living under a rock (and if you are, I am sorry) you have heard about Wikileaks providing information on a huge amount of network vulnerabilities that are, and have been on many of the devices we have in our corporate networks. Cisco has now released a listing of devices (the first of many I am sure) and details of the cause. Surprise! If these devices are in your network and have telnet enabled, you have a big problem on your hands! If you still have devices managed by telnet, even if they are not Cisco you need to stop reading this post, and get to planning some changes!

This is probably the first of many security exploits we will see in the coming weeks. If you have equipment on this list, I would start planning firmware upgrades for the short term, and refreshes for the long term!

Quit checking the audit “check box”!

April 25th, 2016 at 10:12 PM No Comments Frank Owen

I am fortunate in my new role to have a lot of freedom. There wasn’t a lot of structure in place when I started so I can mold the IT policies as I see fit. This has been a blessing, and a curse as I try and navigate the standard IT policies that I have been pushed to enforce in my previous roles. Back then people would ask me why we need to change passwords so often. “Because it keeps us secure, and the company policy says so” would be my response. I never stopped and asked myself why things like this were put in place, and ultimately, does it really keep us secure?

Lets break down the common rule sets that have been the cornerstone of just about every password policy put in place.

8 Character Minimum Passwords

This has been common practice for quite a long time but I don’t think this requirement has kept up with the times. Is 8 character passwords really enough? Having passwords that are at least 8 characters will check the box when the auditor comes around but is that what we really should be focused on? Why aren’t we trying to push people to longer (simpler, easier to remember, more secure) passphrases?

Complexity Requirements

Everything from special characters, to numbers, to upper or lower case digits fall under password complexity. And with an 8 character password, I think they are necessary. If we start pushing people to phrases, and spend a little time educating people on choosing a simple secure password, why do they need to be enforced?

Password Expiration

This along with Length I believe are the two most used “Audit Check” boxes that are out there. This setting is the amount of time a user can have their password before the system forces them to choose a new password. The standard just about everywhere is 90 days. Most users who feel their password is a burden and hard to come up with will write down their password on a sticky note, leave it under their keyboard (or worse, attached to their monitor) and it will take them 30+ days to remember it without looking (just because we always have to look to “Double Check”) and then 30 or so days later the dreaded password expiration countdown starts. Personally I think I do a good job at password management, but 90 days still annoys the hell out of me. If you are in IT and you are reading this thinking “WAAAAHHHH you need to change your password every 3 months” take the “Password never expires” check box off your account for 6 months, and I have a feeling your thought process may change.

Enough ranting about it, but why do we need to change it every 90 freaking days? How is this going to keep me secure? This only helps if your password db gets stolen, and with our 8 character limit above and our modern hardware, it doesn’t matter if you change your password every 30 days, you are screwed. According to this article (I didn’t fact check) 90% of 8 character “complex” passwords are cracked in seconds in this case.

Password History

This setting usually sets the number of times you need to create a new password, before you can use the old one again. I don’t understand why this is even an option to leave off if you are setting your passwords to expire after a specific amount of time. If I make my users change their passwords (no matter the interval) shouldn’t I require that each password is unique? If I don’t, they fall into a pattern. IE: I set my first password to Penelope!1 for Q1, Penelope !2 for Q2, and so on.

We need to stop trying to “check the audit checkbox” and start looking at the business requirements, and designing our password policy around those. In my opinion, these items should be key for building a good password policy.

End user education is paramount. Show them how easy it is to create a longer passphrase and give them benefit to doing so.
8 Character limits with forced complexity is not enough, try and push people to 15+ character passphrases.
Don’t just set password expiration to 90 days, depending on your other requirements (length, complexity, etc.) push it out to 6 months. I think you will find far less sticky notes under keyboards!
One size does not fit all. Look at a solution like Specops Password Policy and give your end users options. They want a 8 character password, fine. It needs to be complex and you are changing it every 30 days. You have a 20 character passphrase, your password doesn’t expire for a whole year.

Lastly, don’t be lazy. If your users have a 90 day password reset requirement being in IT you should have AT LEAST the same. Get out and talk to the people who need to follow this policy and figure out what their feelings are. Find out what bad security practices they do, and figure out how to solve that issue for them. I think you will get a lot more out of it instead of just reviewing your audit checklist.

Lenovo: What have you done?

June 16th, 2015 at 11:17 PM No Comments Frank Owen

I have been a die hard Thinkpad fan since I got my hands on a Lenovo Thinkpad X200t Tablet back 7+ years ago. Since then I have had a number of different Lenovo “THINK” devices: ThinkCentre A70z, ThinkPad T420, Thinkpad Tablet 2, Thinkpad T440s and now the Thinkpad X1 Carbon (3rd Gen). There was TONS of posts after IBM sold their PC division to Lenovo claiming doom and gloom for the Think line. After retiring my x200 for the T420, I had no worries. The T420 was rock solid, a brick but was built like a Thinkpad should be built. I never had any issues with that Laptop, it never let me down. When I purchased the Thinkpad Tablet 2, I noticed some items that were not huge faults, but small attention to detail items. I was ecstatic about the design of the T440s, and ordered it before it was ready to ship, but this is when it really went south.

After using the T440s for 18 months here are my thoughts…

They switched to a new style dock with the T440s and newer. I have the Ultra version and it has issues resuming monitors from sleep.
I really tried to like the new buttonless touchpad, but I couldn’t. I have always been a “nub” guy, and the new touch buttons make it impossible.
Serviceability is a pain in the ass.
The space bar doesn’t always register when it is pressed (I am a “beater” so I know it is getting pressed.

Lenovo saw there error in their ways and brought back physical buttons for us nub users in the next iteration, and so I went for a 3rd Gen X1 Carbon. I have only had it for a couple of days but I think it may be going back.

Even though I have a OneLink Dock, instead of the Ultra, the sleep problem still occurs with my DisplayPort monitor.
It also randomly has a hard time coming out of sleep. In the last week I had to press and hold the power button to get the machine to come on after sleeping.
Until Microsoft fixes their DPI issues with multiple monitors, 2560×1440 on a 14″ screen is wayyy too small.

Bottom Line:

Lenovo needed to make changes in the ThinkCentre line to keep up but these issues are problems I can’t overlook. I love the design of the new Thinkpads, but they lack what made Thinkpad’s great, being rock solid. Would the ThinkPad line have the same issues if they were still owned by IBM? Nobody can answer that but if they don’t get a handle on this soon, I see a dark future for the company when it comes to the enterprise.

HP’s SQL Server Appliance for Big Data

May 7th, 2013 at 9:00 AM No Comments Frank Owen

Big Data. It has been around for some time but like “Cloud” I think it is the next big buzz word C-series exec’s will be asking their people if they have it, but not understanding why they want it. HP, partnered with Microsoft, recently released the second iteration of a SQL Server appliance. They call it the HP AppSystem for Microsoft SQL Server. I recently was invited to a virtual briefing about their second version based on Microsoft SQL Server 2012.

Why would anyone want to buy a appliance instead of just buying the hardware and then installing SQL Server 2012 you ask? From my understanding traditional SQL wasn’t built to handle the workload or storage requirements and more importantly buying a PDW Appliance you get one stop shop for support. Once you call Microsoft for a support issue there is no passing the buck to the hardware manufacturer. They may need to transfer you to HP but there should be no finger pointing on who is to blame.

HP isn’t the only partner Microsoft has, but with features like a modified version of Smart Update Manager and Insight Online not to mention their world class hardware, I believe HP has a leg up on their competition.

11 weeks, 1000 computers and Windows 7

April 11th, 2013 at 7:51 AM No Comments Frank Owen

I moved back to Colorado and took over two call center sites in September. Just as a little background I work for a outsourcing company that manages call centers for other companies (amongst many other things). It provides some IT challenges since we use the customers software on our machines alongside our internal software to run the business.

I received notice a few months after I took over these sites that our client wanted all of our desktop machines upgraded from Windows XP to Windows 7 by “April 15th” (we will get to the quotation marks later). Half way kidding I told my boss we would get it done in 60 days. I thought the 90 days that we were given was more than enough time even running as lean as we do, with two desktop technicians supporting a site of over 1000 desktops. I had built XP images and rolled it out to 800 machines in less than 60 days. 90 days for Windows 7 should be a piece of cake. I was in for a big surprise.

First 30 Days

The first 30 days consisted of upgrading the 3 domain controllers from Windows Server 2003 R2, to Windows Server 2008 R2. We also built a new WDS server since our old WDS server was also still running Windows Server 2003 R2 and built the base image and did internal testing. We built new group policies and WMI filters to make sure these new policies only affected the new machines. Everything was smooth sailing. I sent my boss a status email outlining our plan of completion by “April 15th”

Week 5 and 6

Over the next week we rolled it out to about 5% of the first two business unit groups (about 30 desks) and made a few small tweaks to the GPO’s and the image. The next week we rolled it out to the remaining machines in those two groups, and like that we were sitting at over 60% of our machines completed. Proud of our status and since we met the goal I set for the first two business groups I sent an update to my boss reassuring him we were on track for the “April 15th” deadline.

Week 7 and 8

After completing the first two business groups, we had to slightly modify the group policies for the next two business groups. Luckily we didn’t have to modify the image at all so it went pretty quickly. We took the two weeks we had slated for these last two groups (around 100 machines) and made sure it was done right. We also pushed it to another 140 training machines. Again I sent my boss an email with our status and reassuring him of the “April 15th” deadline. This time I got an email back that we needed to get it done by April 7th. When I asked my boss why it changed he told me the date had always been April 7th, and he wondered why I kept forecasting completion for the 15th. I am not sure where I got the 15th from or why he didn’t mention it before now but hey, 1 week won’t make THAT much different, right?

The final 3 weeks

The final 3 weeks we had the least amount of machines to deploy but we had to modify the base image with additional software and when we rolled it out we also had to use Symantec PGP WDE (I hate this software) to fully encrypt the station. This adds about 3.5 hours to each machine setup time. We got the image modified in week 9, rolled it out to a test group half way through week 10 and then finished rolling it out to the support team, supervisors and managers in week 11 and finished with 12 hours to spare on April 7th. Everything was good (so we thought).

The Aftermath

It has only been a few days since we completed. After the roll out we received some strange reports from everything from corrupt OST files, corrupt Office installs to programs stating they were not valid Windows applications. None of which that were reported in our extremely short 5 day “soak period”. It appears the problems were caused by how we encrypted the stations and PGP wasn’t happy with it. To get up and running in time we had to log in as an administrator, install PGP, start the encryption process and use Windows Fast User Switching to Switch User and allow the users to immediately start using the machine. We are still troubleshooting and testing but we believe that was the cause.

Conclusion

There are a few things I learned throughout this process. It was a good experience and I know next time I will do a few things different.

When you are faced with a roll out of this size, take your firstestimate of time and double it just to be safe.
Make sure you always let the image “soak” for a minimum of a week (two would be better) with a test group before you start the roll out.
During the soak period make sure you restart the soak timer anytime you make a change.
Think through the roll out and make sure you setup the machine to soak exactly how you will deploy it to the floor. There should be no variation.
Make sure you get your boss to respond to any deployment plans that have to do with time frames. Silence is not golden.

Finally, I got my Lenovo Thinkpad Tablet 2!

February 4th, 2013 at 7:00 AM No Comments Frank Owen

My company has been trialing tablet solutions for the last year. They have tried out iPad’s and Nexus 7’s at other sites with limited success. The basic web apps work fine and the users can send/receive email on them, but none of our native apps work and some of the more complex web apps don’t work properly. I knew that until we got a full Windows based tablet they would not be useful for our management staff. I was very excited when my boss gave me the approval to order a Lenovo Thinkpad Tablet 2 back in October. I patiently waited week by week receiving accessories and emailing my sales rep checking on the status. Toward the end of December I was beginning to wonder if it was every going to show. I almost gave up in January when I received a tracking number in my email. It was finally shipped.

When the box arrived I was surprised how small it was. I thought they somehow made a mistake and sent another accessory. Upon opening, I found I was wrong. The tablet was much smaller and lighter then I expected. Compared to my year old HP Touchpad it is like a cell phone. I couldn’t believe that this small form factor was a full blown Windows PC! Keep with me as I go through the Tablet 2 and provide some pictures. Fore warning, these pictures are taken from my phone and I am not a photographer by any means.

Performance

This was my biggest question when I was pushing for the tablet. Could this little 1.8 Ghz Z2760 Atom SoC processor handle the day to day tasks and completely replace someone’s desktop machine? For the Average user, I think it could. Using the dock, I was also able to plug in a second monitor via HDMI and it pushed the 10.1 touchscreen along with the 23″ 1080P external monster sitting next to it. During the last few weeks using it on and off I never ran into any problems with shuddering or lag. I didn’t throw a lot at it, but I left my laptop at my desk and had no issues using it as my main machine away from the office. Could it replace all my machines? Absolutely not. Could it replace my laptop as my main portable machine? Absolutely.

Hardware and Design

First look the tablet looks amazing. When you start looking closer you start to see some flaws. It does not have the Thinkpad build quality that Lenovo is famous for. The corner of the 10.1 inch Gorilla Glass “creaks” when pressed, and pops out past the bezel once in a while. The camera on the front seems also off center. They added a FCC sticker on the back as well as a sticker that says “Not Encrypted”. The sticker with the serial and the type code placed under the SD Card flap is protruding out the top. Mostly minor issues, but problems that screams “I was thrown together and pushed out the door”. I am guessing they didn’t want to delay shipping any longer then they already did, but I would much rather have seen these issues worked out and wait another couple of weeks to receive the tablet.

View Full Album

There are few expansion ports and buttons on the Tablet 2, but I am very happy for the ones they included. Starting on the top right you will find a small power button, moving to the middle there is a door that opens up to a Micro SD slot as well as a SIM card for AT&T 3G/4G connectivity and all the way to the left is the pen for digitizer input. On the left side of the tablet you will find a full sized USB port (something I will rarely use, but absolutely needed) and a Micro USB slot for charging. Yes, you heard that right, a standard Micro USB port for charging. On the right side you will find a headphone jack, volume up and down ports as well as a Auto Rotate on/off button. I find myself accidently hitting that button quite often. On the bottom you will see the standard dock port, and a Mini HDMI port.

With a little more attention to detail I think this could be a very good design for a tablet.

Software

I am still not sold on some of the “enhancements” Microsoft has put in place inside of Windows 8, even on a touch screen tablet. It is MUCH more touch friendly then their previous OS’s but not as much as it needs to be. I am still not a fan of full screen applications and I am not sure if I ever will be. One thing that surprised me is a lot of the famous Thinkpad software was missing. There was a few Lenovo programs but the software suite they are famous for is missing. I also experienced frequent lock ups that started the first weekend I received the device with just the default software stack. I don’t think this is a performance related problem but rather a software or driver issue. Hopefully Lenovo can find a quick fix for this problem and get it pushed out.

I could not get the Cisco VPN Client to function properly (ShreSoft VPN works fine) and Symantec Whole Disk PGP Encryption is not yet compatible with UEFI or Windows 8. If I wouldn’t have experienced issues with the Tablet 2 freezing, these two programs not functioning would have delayed the rollout. No matter which of the CloverTrail Atom devices you pick, these issues will follow because they appear to be limitations with Windows 8 (x86 more then x64).

Battery Life and Portability

With light use I was able to get almost the 10 hours of Battery life Lenovo claims the Tablet 2 can get. Each user will have different experiences, but even streaming HD video I still got close to 8 hours. It charges from a Micro USB port at the bottom left hand side of the tablet. The charge is a 2A charger (same as the HP Touchpad charger). In my experience any Micro USB charger will work with this device but as most of the Micro USB charges are only rated as 1A, it may take longer to charge with the Micro USB chargers you have laying around the house. At only 10 inches long, 6 inches tall and less then a half an inch think the Tablet 2 will go anywhere you want it to. I was able to fit it inside of my already crammed 14″ laptop bag with ease.

View Full Album

Final Thoughts

The Lenovo Thinkpad Tablet 2 is a awesome companion device for power users and could be a complete desktop/laptop replacement for the normal office user. I am disappointed about the design flaws I have mentioned as I am used to a top notch machine when I see the brand of Thinkpad or ThinkCentre. Overall I have enjoyed working with the Lenovo Thinkpad Tablet 2 and I think it has found a spot in my laptop bag for now. With the problems I brought up (especially with it freezing) it will stay as a secondary device to my laptop and will not make it to prime time for our Management team. However, I may look at upgrading from my Thinkpad T420 to a T520, since I can always break out the “T2” if I need more portability.

HP Printing, who knew?

November 13th, 2012 at 4:37 PM No Comments Frank Owen

In late October, I was invited to a HP Tech Day that focused on printers. In the past, these events have been great, but they were around more (at least to me) exciting technologies, like servers or storage. With the way my schedule has been (I moved back to Colorado in August to take a new position with more responsibilities), I almost passed up the opportunity, but I am glad I didn’t.

Inkjet, or Laser?

I have always been a Laser person. I have a small Brother Laser printer at home, and I used it for almost 3 years without needing to replace the toner. If I would have purchased a comparable Inkjet printer, I would have been replacing the ink cartridges every 3 months. HP’s OfficeJet Pro X, being released in the 1H of 2013, may change my views when it comes to ink, instead of toner. This beast can print up to 70 color pages per minute! The black cartridge can handle 9,000 prints before it needs to be replaced. Color costs almost half of what a traditional color laser does, and black costs a tad bit less.

She is pretty!

LaserJet Testing

I had no idea what all went in to bringing a new Laserjet printer to market. They not only stress test them, but since they are shipped all over the world they also test them under different temperatures and humidity levels. Since different paper reacts differently in different printers, they also test over 200 types of makes/models of paper through every printer. These types of tests do not come cheap, 1 million a year just for the paper alone!

Look at all that paper

I will be elaborating on these items further, as well as on Quality HP Toner, how they are helping their clients be more efficient and the Digital Oasis lounge.

Disclaimer: HP invited me to the Printing Tech Day and paid for all accommodations while I was there. I received some swag including a HP backpack and a Notebook but I was not required to blog anything good or bad about this trip. My opinions are my own and cannot be bought.

Interop 2012

June 4th, 2012 at 4:10 PM No Comments Frank Owen

Back in the day the Consumer Electronics Show was the one event that I made sure I made it to every year. I love Vegas and a week of geeking out + Vegas was something I could not pass up. I think part of it was growing up, but spending 7 – 10 days in Vegas and the humungo CES show drug on me. I stopped going to CES but found my new favorite conference was Interop. Three days in Vegas, a much smaller show floor and the type of tech shown is what sets it apart for me. I was planning on going to Interop 2012 when I got invited by HP to the Gen 8 Tech Tour. The Tech Tour took up two of my planned days but they graciously offered to send me to the Interop show as well.

Dreamworks and HP

After the Keynote on Wednesday morning some of the bloggers (and even a few from press) got to spend some time with Bethany Mayer, SVP and General Manager of HP Networking and Derek Chan , SVP, Operations; Head of AT Global Operations at DreamWorks Animation. Derek spoke about the strong partnership that Dreamworks and HP have had in the past. They have collaborated on many different projects over the years, and really gave back to their industry. Dreamworks collaborated with HP to build the first LCD that could replace the contrast quality and the black levels of the high end CRT’s they were using. They worked with HP to build Halo, the only fully global, fully managed end to end solution (having participated in a Halo teleconference at a HP Tech Day I have to say it is an awesome technology). It only makes sense that when they are looking to replace their network, they check out HP as well. They have replaced their entire network infrastructure with HP gear and haven’t looked back.

HP Wireless Networks

As the BYOD fad get larger, wireless becomes more important to the enterprise and HP is no slouch when it comes to wireless. There were a number of devices on display at Interop 2012 ranging from a rugged waterproof access point up to a device that replaces a network jack to give you 4 ethernet ports and wireless connectivity up to 400 square feet.

108+ million packets per second and 74 Gbps traffic

The HP Booth and the Interop show floor was very loud, but as you moved toward the back of the booth it got louder. That is where we ran into Sam Rastogi, Global Product Marketing Manager, HP with his monstor of a router, the HP 6600 and a rack full of Spirent gear. The Spirent test setup was simulating 74Gbps traffic and 108+ million packets per second! For more info on the setup and how the HP Distributed Multi-core arcitecture kicks ass visit Sam’s blog post

Conclusion

There was some questionable decisions brought up this last year with HP’s previous management that left me and a lot of other people uneasy. If they continue innovating like I am seeing in both the network space and the server space and keep the right dedicated, passionate employees like the ones I met on the trip I think HP is on the right path.

There was a lot more information shared about HP’s announcements on their partnership with F5, DVPN and their new 10500 campus switches that I haven’t been able to get into here (I am way over my 500 word limit) but after HP Discover expect many more in depth posts on this and other technologies from HP.

Older Posts »