Cisco’s Umbrella – Another Effective Layer of Security

umbUp and running for only 20 days, Cisco Umbrella has protected us from 358 potential security issues. Diving deeper into the actual events show that many of these events are potentially dangerous sites, but better safe than sorry.

The most compelling aspect of this product is that it works in the cloud, before the data even gets to you. Most Web Filtering security solutions work at the perimeter level, meaning the data gets to your firewall and then it is blocked. Umbrella, does this at the DNS layer in the cloud, ultimately cutting down on your own bandwidth usage and providing security. two birds with one stone.

While I wouldn’t suggest you go and throw out any of your other security solutions, Umbrella can be a great add on to your overall security strategy.

Feel free to contact me to discuss further.

Remote Monitoring and Management – Build vs Buy

rhino-screen-linkedin

Recently I have been researching alternatives to our custom built in house RMM system. The cost to maintain and continuously enhance a custom system can be quite high and challenging. What I discovered through my research though was quite enlightening. I picked two very popular tools in the industry for comparison. I could look at others, but I think the two I picked should give me a good idea as to what to expect from the others.

Both tools had some wonderful features and were able to drill down into systems and ultimately help get to the root of the problem. That is of course if you have a really good technician/analyst that can make heads or tails of the copious amounts of information.

Both tools either integrated with external ticketing systems or you could use their built in system.

Both tools had a ton of probes and templates so that you could monitor and alert on just about anything.

What I didn’t expect was how focused these tools were on End Users and Servers, or how unfocused there were on Infrastructure.

Our tool was built from the ground up to manage Networks. Routers, Switches, Firewalls, VPN Appliances, Access Points Etc. In the demo I couldn’t get the guy to stop showing me Server examples. I needed to see some real world LAN/WAN examples.

Another disappointing aspect of the demo’s were the lack of Live Network Maps. A Live network map is crucial to any tech in identifying connection points, VPN Paths, Routing Protocols etc. In fact many of our customers use our live network maps in their own operations centre to quickly identify issues across their network. The live network maps I have seen from other vendors lack some of the basics we have built in to our tool (Called RHINO). A feature for feature comparison would be unfair and quite frankly our tool would not stand a chance against the big boys, but we have specifically built into our tool features that make sense to us as network managers and left out the bloat that I have seen in the others.

While the costs for me to continue development are high, my analysis of the other tools have me well ahead of the game. If I need a feature I add it, if there is a bug I get it fixed. This has allowed us to create a tool that is not only multi tenant capable, but has custom branding abilities and features that make sense.

The costs associated with the tools I have analyzed may make sense for the small or medium sized network, but when we get to 10,000 nodes, across hundreds of clients, the costs of these tools are astronomical. Those costs, coupled with the Server requirements and then the technical staff to maintain the servers, the application and the relationship with the vendor and then finally the maintenance costs far exceed the costs I have in maintaining in house developers. In fact my analysis has led me to the conclusion that I should be adding at least two more high end developers.

I am extremely proud of the work my technology team has put into this tool. This team works hand in hand with the technical support staff and professional services staff. These groups all working together have made the tool an efficient and effective RMM system with enough features to make it useful, but not so many that make it hard to use.

Being All Things to All People

Having being in the Managed Services game for about 25 years, as you can imagine we have seen the industry change drastically. When End to end started 23 years ago there weren’t too many Managed Service Providers out there. Today everyone is doing it, but what I have noticed is that many are trying to be all things to all people. In our infancy as an organization we were very opportunistic and took any business that came our way. As we matured we have narrowed our focus so that we can be the best at what we do.

We are not a Server, Storage, Anti Virus, Windows or Print Managed Service provider. We are strictly a Voice, Data and Wireless Managed Service Provider. We focus on core infrastructure technologies and ensure our staff have the latest certifications to be the best in those areas.

End to End is a member of the Trust X Alliance, a group of trusted partners that have come together to deliver best in class solution for our customers. Each member has their area’s of expertise allowing each of the members to focus on what they do best.

When I look at an organizations web site and they claim to do everything from Web Development to Cabling, Security, Wireless, Data Centre, Cloud Services, Managed Services, Managed Security Services, Managed Print Service etc. it makes me wonder how good they are at each of these technologies. Even within the Data Centre, there are L2 and L3 Switching technologies, Hyper-V, VM Ware, Fibre Channel, Fibre Channel over Ethernet, Linux, Windows, Storage, Firewalls, Routing etc. after

And even within common technologies there are multiple vendors. Can you be a Firewall expert in Cisco, Juniper, Fortinet, Palo Alto, Checkpoint, Sonic Wall and Watchguard. I think not. You may be able to understand them all but you can only be an expert in two or three…

Now I know that there are large organizations out there that can and do deliver all of these services. But do they really act like one company. Does the Data Centre guy interface with the Firewall guy within that organization or are they in separate cities and have never met each other?

If you have a need for anything, you can call me up and if it is my core, I’d be happy to deliver it. If it is not, I’d be happy to give a referral to our of our Trust X Alliance partners, and if I can deliver some, but not all, I will be completely upfront that we would be bringing in a trusted partner to help deliver the services I can’t.

This allows End to End to deliver high quality Managed Services in Voice, Data and Wireless technologies, while leaving the other technologies to companies that focus on what they do best. We win, our partner wins and most importantly our customers win.

 

Ontario EV Incentive Program FAIL.

I am so disappointed in the most recent announcement of the revamped Ontario EV Incentive Program.

Details can be found here, but here is the gist of it.

The province’s first Electric Vehicle Incentive Program was launched in 2010. Through this program, incentives were provided for the purchase of 4,800 electric vehicles and about 1,100 home chargers. The new, modernized program will:

  • Increase the current incentive range for EVs from $5,000 – $8,500 to $6,000 – $10,000
  • Provide an opportunity to receive an additional $3,000 incentive for vehicles with larger battery capacities
  • Provide an additional $1,000 incentive for vehicles with five or more seats
  • Continue to provide incentives linked to battery capacity of more than 5 kilowatt-hours
  • Cap incentives for vehicles priced between $75,000 and $150,000 at $3,000
  • Provide up to $1,000 for the purchase and installation of chargers for home and business use.

So, most of it is good news – increased base incentive, an additional incentive to larger battery capacities, and again for a vehicle with 5 seats or more…. But then a cap for vehicles priced between 75K – 150k…

Now, I already own a Tesla and was able to take advantage of the $8500 rebate, so I have nothing to gain or lose from this, but what message is it they are trying to convey? That cars in that price range are only bought by the rich and therefore they don’t need the incentive. Should a Ferrari owner have to pay more for gas because they can afford it?

The Tesla Model S meets all of the criteria for the base incentive, the battery incentive and the 5 or more seat inventive, but for some reason, based on the price they are capping the rebate at $3000…. What is the logic?

The early adopters of this technology have paved the way for the masses. Had Tesla not released the Model S, I don’t believe we would be seeing the amount of EV activity in the market from the other traditional car companies. These early adopters, have paid a premium, either because they love the car, want to make a difference with the environment, don’t want to pay for gas any more or all of the above. Why would the inventive program punish the people that have helped lead the way to reduce greenhouse emissions. This is what the program was designed for and exactly what the government is trying to accomplish.

If we look at a Plug-in Hybrid like the Ford Focus Energi that I priced out at $41K Canadian with it’s 7.6 kWh lithium-ion battery  and 5 seat capacity, that I would estimate would take the car approximately 38 Km’s on Battery alone, would qualify for a rebate $14,000. This car still has a 2.0 litre gasoline engine. I don’t know a lot about the plug-in Hybrids but could I never plug it in and just run off gas?

Then we take the Tesla – zero emissions – always, with over 400km range. Cash price in Canada ranges from 90K and up….. and the rebate is capped at $3000.

EVrange

Is Tesla being specifically targeted by the Ontario government? Has Ford, Chrysler or GM lead the charge in any way? They made EV’s because they were forced too. First by the Government and now by the consumers. Yet the incentive to buy a car that still produces emissions is larger than the incentive to buy a car that produces no emissions.

I am angry. The more I write, the angrier I get. So I will stop here, but I encourage  anyone who reads this to contact the office of our Premier to let her know your thoughts.

 

 

 

 

 

 

The Disruption of the “Internet of Things”

I was down at the new Cisco offices in Toronto this week for a customer meeting to talk about collaboration and unified communication solutions. Something I am proud to say our organization is an expert in. As we talked about the new and exciting features that the collaboration solutions can bring, including some really cool video conferencing solutions the discussion shifted towards the connected office. The lighting fixtures in the board room were all LED powered using PoE (Power over Ethernet).  The entire lighting system in the 29th floor of the tower is powered by PoE switches.

product_bulletin_c25-512173-1No high Voltage wiring required, instead everything is run over Cat5/6 cable. Cisco’s recent announcement regarding their partnership with Phillips is truly a game changer. Lighting an entire building without the need of an electrician.

Sensors in the hall way detect movement and turn on and off as required. Elegant controls on the wall for dimming and on/off control that don’t need to be connected directly to the lights they control. Everything is centralized and can be controlled through software, or controlled via a smart phone app.

As we have seen with many industries, these technological advances create new opportunities while at the same time can render an existing industry obsolete. I’m sure the calculator industry has taken a big hit since every smartphone on the planet has one built in. Even that is not necessary anymore because you can just ask google. Electricians will always be needed, but how much of their business came from running high voltage cable throughout a building for office lighting?

Things are moving very quickly and we all need to be in a position to adapt quickly. Any guesses as to what is next?

 

Price vs Value

Finding a good deal seams to be top of mind for everyone these days. Certainly when you are looking for a Product it makes sense to compare that product’s price from different sources to ensure you are getting the most for your money. I do that on a regular basis, however, when there is a level of complexity to the product I am looking to purchase, for which I do not have the knowledge, I need to rely on an expert to guide me through so that I can ensure I choose the right product for me. In these cases I do not look for the best price, rather I look for the best value. The value is not just on the product but also on the guidance I receive from the expert. Sometimes that may mean paying a little more.

Some people will take the knowledge that have learned from one expert and use that to purchase the product from someone that can provide a better price, but provided no value. Not Cool!!!

I think we see this in Government tenders quite a bit, where price is the only factor and things like quality and timeliness mean nothing.

One of my favorite signs I saw up in a local shop and was able to find on line:

 

Many of the products in my industry (IT) have come down in price, and at he same time the complexity of the products is increasing.  I remember a time when Firewall only needed 5 commands to get it working and the price was well over $15K. Today a Firewall with much greater horse power may only cost $5K but requires a certified engineer to enable all of it’s features. The Ratio between the Hardware Cost and the Resources required to “Make it Work” use to be 5:1 but these days can be closer to 1:1.

Making this even harder to swallow are the licensing costs we are seeing with many of these products. No longer do the traditional Hardware manufactures want to just sell you hardware and hope you’ll come back in 5 years for an upgrade, now they want you to buy the hardware and license features annually. Some will even go as far as disabling the product if you don’t continue the license.

Many tools have be released to help manage these products more effectively and that has had an impact on the costs associated with my core business (Managed Services). However the number of new features available offset these new efficiency’s.

So in the past a solution that may have looked like this:

Hardware: $15K
Maintenance: $1K
Professional Services: $1K
Managed Services: $250/mth

Over three years the TCO = $26,000

May now look like this:

Hardware: $5K
Maintenance + 3 Year Licensing: $7K
Professional Services: $1K – $5K depending on the feature sets enabled
Managed Services: $150/mth – $400/mth depending on the feature sets enabled.

Over Three Years Best Case TCO = $18,400
Over Three Years Worst Case TCO = $31,400
Over Three Years Average TCO = $24,900

As you can see things have not really changed that much from a TCO standpoint. The costs have just moved to other areas.

My point here is that in the new model the expertise and value is of greater significance than the product itself. There are lots of vendors out there touting that their product is the best and yes some are better than others in certain aspects of what they do, but the product alone provides no value if it hasn’t been configured correctly for security performance and monitoring.

Don’t make the mistake of buying on price alone!

 

Backup, Redundancy and Disaster Recovery

 

I have written about Fibre cuts in the past and the need to ensure you have backup circuits in place.  Recently I have noticed an increase in the frequency of Fibre cuts specifically in the GTA (Greater Toronto Area). There is always a lot of construction going on, and I guess it’s expected that every once in a while a back hoe may cut a cable, but weekly outages seem to be the norm.

A few weeks ago, just down the street from our office a dump truck ran into a hydro pole and took out a chunk of Fibre. This caused major issues in the area as a number of carriers, including ourselves, use this as their primary path. When police and fire arrived to assess the situation they blocked access to the site until they completed their investigation. Understandable, however this delayed the repair significantly. The technicians were unable to access the site for hours. When they were given access, I think they all went home and didn’t complete the repair until the next day.

If your business relies on the Internet or private communications to your branches or Data Centre you must have a plan that includes diversity and redundancy. Organizations are moving services to the cloud thinking they are going to save money without calculating the additional cost to ensure you always have access to that cloud.

Let’s take SIP as an example of a service that many have already moved to. In the past your office had a number of Phone lines in the form of an Analog line (1FL) or a Digital line (PRI). If your internet connection went down, you still had the ability to conduct business over the phone. SIP is an alternative to physical phone lines. The phone lines still exist but they are now hosted elsewhere by your SIP Provider. You access those lines over the Internet, or a private connection using the SIP Protocol. Session Initiated Protocol is not new, but has reached a point of maturity that it is now a standard for Voice communications. Moving your Voice services to SIP is a great way to save on both monthly charges and equipment charges, as this can work over your existing internet connection. But what happens when that connection goes down. You don’t just loose the Internet, you lose inbound and outbound calling.

Two connections to your SIP provider are required to ensure connectivity. But that is not enough. Two Diverse path connections then? No, that won’t do it either. Two diverse path connections from separate carriers? We are getting closer! What I’m trying to point out is, that there is always a chance that you will be disconnected from your cloud service, no matter what the service is, but there are a number of steps you can take to mitigate outages. Redundant Hardware, Redundant Carriers and Diverse Paths are just three of many steps you must take to mitigate the risks. In the end, you may or may not actually save money, or the ROI will be measured in years instead of months. You can’t just look at the cost of a phone line vs the cost of a SIP session. Looking at those two items in isolation is a sales trick used by some SIP providers.

IMG_20151203_154927

Over the years I have seen many backup solutions fail due to unforeseen circumstances. This is why backup circuits and redundant hardware is not enough. Having a Disaster Recovery plan is crucial, even if it is rudimentary. A few years ago (maybe it was more than that) there was an electrical fire down at 151 Front St., the hub of the Internet in Toronto. This electrical fire caused a power outage. The backup generators could not be brought on line because they used Diesel gasoline. The result, no Internet for most of Toronto until the fire was under control. What if there is a fire in your building, or at your Data Centre? Have a plan in place. It doesn’t have to be an elaborate plan, but make sure you can at least get your phones rerouted. How long can your business survive with no access to the Internet or the cloud services that you rely on? Many businesses don’t even realize how many cloud services they actually use.

Knowing what the impact of downtime will cost your business will help you determine what level of redundancy you really need.