Apple Vs Android

Aside

I have been reading a lot of posts lately around Apple vs Android and it strikes me as odd that there is so much anger out there.  Why can’t people like both for what they are.  I may like one over the other but I don’t really feel the need to bash one for copying the other.  Who really cares if Apple used others companies ideas, improved them and changed the market forever.  They were still the ones that did it,  and before anyone else.

My first smartphone was a HP ipaq that ran some terrible form of Windows, then I moved to the iPhone 3g.  Since then I have focused on Android, starting with the Nexus S,  then the Asus Transformer 101 tablet and now the HTC one phone…  I loved them all.

At the Cisco partner summit last week Cisco was generous enough give everyone a gift,  and we had a choice between the Samsung galaxy tab 10.1 or the Apple Ipad mini.  Since I had a 10 inch tablet already I thought I’d try the Ipad…

Smooth, easy to use, and very comfortable. I must say I like it and I use it quite often…

After my long trip home that included cancelled flights and long taxi rides,  I got home and wanted to  watch the hockey game.  I was so tired and could barely keep my eyes open so I decided to stream the game over the Internet and watch it on the Ipad in bed …

But alas, the CBC steams the game using Flash so the Ipad was useless. I booted up the old Asus TF101 and watched the hockey game until I fell asleep.

Apple have done some great things,  as has Google and Microsoft.  Long may this continue as I think it helps breed innovation, but what needs to happen next is the collaboration between all of these operating systems to take some of the incompatibilities out of it…  I call it kludgy, a word I use to describe many things in the emerging technology industry.

Kludgy

1. A system, especially a computer system, that is constituted of poorly matched elements or of elements originally intended for other applications.

2. A clumsy or inelegant solution to a problem.

I thought I’d see if I could get the Hockey updates on my HTC One and was surprised to discover that the HTC One does not support flash either.

The moral of my story…  They are all good,  but none are perfect.. In fact I think my next purchase may be a Windows Tablet..

A good argument on the merits of one technology other another is always healthy, and I welcome a good argument, but please people, stop hating the competition. iOS is a good OS and for the less technical out there it is probably the right choice. Android has many features and lots of customization, but needs a more savvy user, and Windows looks good and fits into many

peoples comfort zone. So let’s all embrace these Operating systems and find ways to make them all work together as opposed to crushing the other until they don’t exist. Now I didn’t mention RIM/Blackberry and that is not because I’m a hater or anything, it just didn’t cross my mind until now. What RIM did was rest on their laurels, instead of innovating or even copy catting. So they are not really top of mind for me or anyone. I guess nobody hates them because nobody cares….

In conclusion lets stop bashing the competition and support all the technologies that will help make us more efficient and bring us closer together…

Outsourcing Network Management and Monitoring

Outsourcing to some, is a bad word. Almost as bad as “consulting”…. a word that makes me cringe. The fear of losing control seems to be the driving factor in steering IT folks clear of outsourcing. But it doesn’t have to be that way at least not with End to End. Now I don’t want to sound like a commercial, but I do see a significant advantage to our services over the competition. I will start by addressing the control factor.

Recently we were working with a prospect that had an existing Internet service with one of the big Canadian Carriers, I won’t mention names. As part of our engagement, we needed to gather some information regarding the configuration of the Cisco Router that terminated the Internet connection. The customer engaged their Carrier to provide configuration information and the carrier refused!!! Who’s network is this anyway? They played the “security card” and indicated that everything was provisioned and working as expected… After a couple of emails back and forth with the customer and carrier, I explained that this configuration was required for auditing purposes and that a “scrubbed” configuration, that is, a configuration that removes any reference to the carriers own security, would be fine. They still refused. Now I know we will eventually get a copy of the configuration, we just haven’t pushed hard enough yet. Since we have gone through this before, once we pull the compliance card, they will likely give in, but what a waste of everyone’s time.

Our Differentiator:

Like most MSP’s End to End provides a portal, where customers can access statistical information regarding their network and it’s performance. Unlike others however, End to End also provides access to all configuration files. Configurations are captured nightly and saved in our database. Access to scrubbed configurations are provided only to authorized users and they can be compared against previous configurations. In my previous example, access to these configurations would have saved countless emails, telephone calls and about two weeks.

Security appears to be another factor that shy’s IT folks away from Managed Services, but why is it then, that these same IT professionals allow a Carrier to control their Internet Gateway? I have had a lot of experience working with all of the carriers and I can guarantee you that Security is not their strong suit. In fact, I know the “default” password used by most of the Canadian carriers and I know that they never change it!!! Can you imagine this? Does it scare you? It would scare me!

Our Differentiator:

End to End uses RADIUS to control access to all devices that we Manage. This allows us to quickly add and remove user access to all devices that we manage. It allows us to track access by username, and to give customer either read only access or write access in a shared support model, AKA, co-source.

You have your own tool?

Unlike other Network Management tools our eView Portal is completely agent less. There is nothing to install at the customer premises. There is nothing to install anywhere, all we need is network connectivity – SNMP, Ping, SSH, HTTPS. Similar to the Salesforce.com model for CRM the eView portal can be up, Monitoring, Alarming and Capturing your Network in less time than it takes to install a competitor’s product.

Whats Next?

Our development team is working on an exciting new device access method that will truly be the most secure and functional means of network management, flexibility and control. Already in Beta, we expect the first release of this new access method to be in production by Q4 of 2010.

Perhaps you don’t want to outsource your network management and you just need a tool. End to End has already deployed this model to a number of our wholesale partners and as the need grows, the features are growing along with it.

So while the word “Consulting” still makes me cringe, I hope I have helped to convince you that Outsourcing is only a bad word when done by the wrong people.

How to determine what is NOT supported!!!

Much of my time is spent researching data sheets and release notes to determine the capabilities of a product and you can learn a lot about the capabilities of the product by reading these documents. However, the most important thing I’ve learned is how to read a document in such a way that you can determine what the product does not support. The vendors of course never tell you what isn’t supported, they tell you what is supported.

This I have found is the most challenging task in product research and without the skill you can find yourself in a difficult position after the product is already sold into the promises have been made. I don’t think this something you can teach but it is something you learn over time after being burned. Who pays for these mistakes? It is certainly not the vendors and it’s not the customer, it is the person responsible for the implementation.

 

Recently after discussing with a new customer requirements for a the firewall VPN URL filtering IPS device [all in wonder box] I did a little research and came up with a solution utilizing a Cisco IOS ISR router. I had thought I had done all my research, but during deployment we ran into some real snags!

First issue: not enough flash to run SSL VPN at IPS concurrently.
Second issue: URL filtering not supported using C B A C- must use zone-based configuration.

In reading through the data sheets for this router I read nothing about the flash limitations on the router that is sold to support SSL VPN and IPS concurrently. A flash upgrade was obviously required but this could not be determined until we had already ran into the issue. For the second issue, I have no one to blame but myself for I just assumed that URL filtering was supported using Cisco’s original IOS firewall technology. Had I done just a little more research I would’ve found the document to talk about URL filtering and how it’s configured in a zone-based firewall deployment. Nowhere does it say that URL filtering is not available using CBAC.

Live and learn as they say. I won’t be making that mistake again but at the rate that technology changes I probably wouldn’t have the opportunity to make that mistake again. I’m sure a new one is on the horizon but I’ll be sure to read all the documents so that I can determine what they have not told me.

Cisco Zone Based IOS Firewalls

It is about time that Cisco came out with this. I was never really a fan of CBAC – it worked but never really gave me the control I desired. Lets hope they add this functionality to the ASA to allow for Interface to Interface Control.

My testing started off with a basic CBAC configuration for a Secure Router connected to the Internet. Once I was happy with the configuration I migrated to a Zone based Configuration and although in the beginning is was a little confusing I soon got the hang of it…. I must admit that in a very large configuration this could get quite complex, but gives you the kind of control you need in todays environment.

Once I had the basic configuration running I was able to implement a more complex configuration and thats where I started to run into some snags…

For now stay away from the nested class-maps – altohugh they work they don’t currently support statistics, so you can’t really see your configuration in action.

WebVPN anyconnect client also isn’t supported (today) as the SSL SVI interface cannot be configured via command line and therefore can’t have a zone added to it. I am told by Cisco that they should have a fix for this in May in the 12.4(24)T2 software.

I really like the ability the Zone Based Firewall gives you of being able to block P2P data and even data embedded inside the HTTP protocol….

Nice work Cisco – keep it up.

Heath