Fortinet has a new FortiASIC for Edge?

Fortinet has been producing trusty security silicon for quite a while. It’s good to see the continuing innovation coming from the FortiTEAM. The Fortinet SP5 purpose-built ASIC is looking very good at launch.

What’s the goal? Must go faster, consume less power, and do more in hardware. The uses cases from Fortinet include edge compute, OT, branch, campus and 5G infrastructure. Wait… Edge?

Fortinet copy pasta — “Edge Compute: As edge computing improves efficiency and cost control through processing close to the edge, FortiSP5 supports high-speed networks and security threat protection for both commercial and operational technology (OT) environments, minimizing bottlenecks for traffic movement.”

FortiSP5 is not inside your edge compute. They’re saying FortiSP5 is supporting security and traffic movement. The term Edge may still be confusing and Fortinet is recognizing you still need the network demarc. It may be a security dmac, Internet demarc, SD-WAN dmarc, or 5G dmarc. In any of those cases you need a security layer between trusted and untrusted.

The FortiSP5 ASIC running underneath FortiOS is a purpose built application-specific accelerator. (Very good! Go team hardware!) However, anything that is not pushed through FortiSP5 is going back through the CPU cores. The vertical integration is very good and Fortinet has been very good at managing the hardware and software lifecycles required to add features.

Fortinet says 17x faster firewall performance compared to leading standard CPUs. Awesome! What is a “leading standard CPU” and how is FortiSP5 17x faster? A lot of processing happens on… wait for it… processors. Purpose built ASIC is clearly advantageous and I’m team hardware. It’s just a bit difficult to talk about comparisons without sourcing a real comparison.

Final Take:

Some industry buzzwords were added to the marketing release. No surprise. FortiSP5 is another generation forward and the team is still proving that silicon still matters. Does this ASIC exist in the edge? No, it exists in your security demarcation. If you have a closed SD-WAN, do you need all the security features FortiSP5 includes? ¯\_(ツ)_/¯

Looking forward to seeing what products will hold this new FortiSP5. Good job FortiTEAM!

Sources: https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2023/fortinet-unveils-new-asic-accelerate-networking-security-convergence-across-network-edges

Sources: https://www.fortinet.com/products/fortigate/fortiasic

ZPE Systems-Not Your Dad’s Console Server

ZPE was a presenter at Networking Field Day 26 and they showed a new approach to an age old networking problem. The old problem being how we’ve had to approach out-of-band networking. A lot of network engineers are familiar with the “build a network to run a network” problem. The costs of disparate management systems have exploded over the past decade and ZPE is on a consolidation path.

Long story short for ZPE Nodegrid is, instead of buying separate firewalls, switching, and console servers — why not run it all in one box? Then let’s throw in compute, make the platform modular, virtualize the security stack, add on cloud management, and boom.. Out-of-band-in-a-box!

Of course this is a bit of an over simplification of what ZPE Nodegrid is, but I hope that helped paint the first part of the picture. Why buy and run all separate components when I can get it all done in 1RU?

Thinking back to all of the out-of-band management systems I’ve worked with, ZPE seems to have addressed some of the biggest problems. One of which is the management and security of the system itself. ZPE is using a secure cloud first approach with their management platform and that’s a thumbs up from the start. I got the impression from their presentation that they really thought with a security first approach and that’s critical for enterprise buyers. The system and solution provides access to one of the most critical and sometimes most vulnerable parts of a device.

Building a modular first platform also shows they understand that there are vast differences in the networks and racks that customers build. I like the fact I can take their Net Services Router and add USB serial ports, compute to run a virtual firewall, and LTE modem. That may be all you need for a edge deployed automation reactor.

Pivoting away from looking at this as only an out-of-band solution, the Net Services Routers are in reality, a full SD-Branch ready platform for Secure Access Service Edge. Prevalidated virtual apps include Palo Alto, Check Point, Fortinet, Juniper, and Netgate. I think it’s a great approach to provide a validated platform and you have the flexibility to bring-your-own SASE.

Adding in a ZPE Nodegrid to connect to isolated networks such as control systems, industrial automation, audio/visual/broadcast may prove to be one of the most useful ways to bring in secure automation management. Nodegrid with ZPE Cloud will connect all the dots and provide easy and secure access to those networks.

Control, security, and flexibility are the three things I keep coming back to. I haven’t seen this amount of flexibility in any device from the competitors. ZPE looks positioned very well to become the leader in this space.

Link to ZPE Systems

Airvine WaveTunnel 60Ghz Indoor Backhaul

Airvine comes to life at Networking Field Day 23! They’ve been operating for quite some time and it was NFD23 where we see their big idea moving towards the public stage.

Their big idea is pretty simple, but it won’t be an easy execution. How do I get a network backbone to places where wiring isn’t feasible or even possible? In some scenarios you could force the issue of running wires, but if I can get nearly the same with wireless, then why not do that?

The Airvine WaveTunnel product will be positioned to do exactly that. Get an indoor up-link with 60ghz radios in a dual ring configuration. It’s not mesh Wifi and in fact it’s barely Wifi at all. WaveTunnel may have more in common with Ethernet and SONET than anything else. This indoor wireless system has an open range of 100m and it should easily beam through commercial drywall. I can think of some manufacturing floors where I needed to reach remote IDFs and this would’ve made a lot of sense. Airvine should also be able to build a use case for sports arenas.

Airvine still has challenges to solve before their first customer ship. They have an RF and Ethernet stack to complete while vendor interoperability will become a sticking point. It’s going to have to interact with spanning tree at some point and that’s just one place it will get interesting. We’ll find out those details down the road.

Beaming 60ghz through materials is more of a “Science!” problem than a networking problem. I think Airvine needs to invest in some materials science quality assurance and publish many real world test cases. The customer education cycle will need real world examples to immediately push through “Can it beam through X?”. Otherwise their entire sales cycle will be talking about concrete, metal, and water.

It’s certainly an interesting road ahead for Airvine and I’m looking forward to following their journey.

Learn more: https://airvine.com/
Youtube: https://youtu.be/-AsaijS-RGM

Getting Lost at Networking Field Day

This year is certainly one for the record books and especially so on the personal front. 2020 has been full of twists, turns, overuse of the word “unprecedented”, crisis management, and modern day urban survival.

What’s in store around the corner? Networking Field Day 23! I’m super excited this go around for #NFD23 and the opportunity to be fully engaged. It’s been easy to get lost this year with everything going on around us. I’m hoping to get my brain back into high gear and NFD23 is the super-fuel rocket boost out-of-this-world content explosion we all need. Well, I need anyway, your mileage will vary.

So what in the world does this have to do with getting lost? A short while ago I update the title of this blog to Foggy Bytes. It’s somewhat odd, but a play on a few things we deal with in the context switching world of networking, information technology, and our brain-fog aftermath. Human context switching is a productivity killer and generally speaking we’re having to do it on a hourly basis. We’re dealing with new projects, support issues, business changes, technology changes, and I overheard you shout “network automation” on the other side of this screen. So we’re left in this constant fog, if you will, of bytes-in and bytes-out through the fog of it all. I also relate to the blog title with a backdrop of imposter syndrome. We get the bytes moved, but not exactly sure of all the steps we took to get there or why we were chosen.

I’m also happy to say that my former “no media” policy has expired! Yay! I can have an opinion again! Not that I ever stopped having one, but now I can blog them again. If you’re changing jobs and you’re into any sort of content creation, even casually, be sure to understand any policies you may be subject to at your new position. I may even take some time to revisit NFD21 content and do some “where are they now” hot takes.

Networking Field Day 23 has an impressive line up and I’m looking forward to hear from everyone.

NFD23 is like a fresh Computer Shopper so be sure to follow along with us September 29–October 2, 2020 https://techfieldday.com

Subscribe to the channel! https://www.youtube.com/c/Techfieldday

Follow me on Twitter for live hot takes during #NFD23

https://twitter.com/Warcop/

Cisco Collab and Open VMware Tools

Hi! I’m back with a quick take on Cisco Collaboration UCOS 12.5 and switching to open VMware Tools.

There is a long and bumpy history with native VMware tools on Cisco UCOS collaboration applications.  If you have had your UC solution for many years, then it is likely you have bumped into issues along with the way.  Keeping the native VMware Tools upgraded, installed, and working can be a challenge during upgrades.  So I was very excited in 12.5 you now have the option to move straight to Open VMware Tools.

What are these Open VMware Tools? In short – the better VMware Tools.  The open-vm-tools package is 100% supported by both Cisco and VMware. Moving to open-vm-tools will not take you out of any ‘compliance’ or get you yelled at by TAC.

The first advantage is that you’re de-coupling the ESXi version of tools from the UCOS application.  This means you’ll no longer need the “Check and upgrade VMware Tools before each power on” setting on the guest machine.  The open-vm-tools package is built into CentOS6/7 (and many others) by default, so you’ll no longer rely on the ESXi side of the house to get this right.  For example, if the systems team upgrades ESXi underneath your collaboration application you won’t have the additional worry of VMware Tools staying in sync.

For Cisco this means they simply keep the open-vm-tools package in CentOS6/7 UCOS and can keep it in line during application maintenance. I think it’s a win-win for both sides.

So how do we get there? EASY – but you do require a REBOOT. WARNING! You need to ensure that the native VMware Tools are operational prior to switching to open-vm-tools.  You can check the status of VMware Tools from ESXi. If there is a warning about version or operating system selection you need to fix that first. Also, please be sure you’re working with the latest patched version of the UCOS software release if you’re doing VMware Tools maintenance. There are some bugs and field notices that may get you stuck. Patch stuff!

This is primarily geared for 12.5 so as of this post I’m assuming you’re working with 12.5 SU2. VMware will give you the installed and running status for the tools.

Check that you have native VMware Tools operational

admin:utils vmtools status

Version: 10.3.10.10540
Type: native VMware Tools

Now prior to making the switch and the reboot make sure you or someone else has UN-checked VM Options “Check and upgrade VMware Tools during each power on”.

Move the system to permissive.  This will relax Linux with a setenforce command.  This isn’t called out as required in all locations, but I’d certainly put it in the “recommended” category when making this switch.  You’ll easily be able to move the system back to enforcing.

admin:utils os secure status
OS Security status: enabled
Current mode: enforcingadmin:utils os secure permissive
OS security mode changed to Permissive

Make the switch to open-vm-tools package which will remove the native.

admin:utils vmtools switch open

This will uninstall the native VMware Tools and install the open-vm-tools.
The system will be rebooted automatically.
Do you want to proceed (yes/no) ? yes

The UCOS server will reboot and switch out the native for the open-vm-tools package. VMware will now show both installed and status, but it will read “VMware Tools is not managed by vSphere”.  You can also check at the UCOS CLI again with

admin:utils vmtools status

Version: 10.1.5.59732
Type: open-vm-tools

Don’t forget to change back to enforcing!

admin:utils os secure enforce

In conclusion I think this was a good move by Cisco to bring the VMware Tools swap exposed natively with a UCOS CLI.  Getting away from those native tools and just getting it managed within CentOS is great.

I believe this will remain ‘Optional’ for quite a while, but it’s possible this will become a required changed for CSR14.

For more information from VMware about Open-VM-Tools check out the repo https://github.com/vmware/open-vm-tools

Hit me up @Warcop on Twitter – Thanks!

_______________________________________

Extra VMware Tools troubleshooting.

Got root? (Recovery ISO | Atl+F2) Make sure you’re working in the active partition by checking timestamps on /mnt/part1 or /mnt/part2.

/usr/bin/vmware-uninstall-tools.pl will remove the tools

If you’re in a situation where you don’t have VMware tools in the active partition, then copy them from the inactive side. It’s likely they’re still over there. Find ‘vmware-tools’ directories on the inactive side and copy them over so that you can run the /usr/bin scripts.

Did you get stuck on a reboot and the only thing on the console is “Probing EDD”. Welcome to Field Notice FN70379 where you’ll need to generate new initramfs with “/usr/bin/vmware-config-tools.pl -d”

https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70379.html

Network Sausage Automation

It’s not hard to debate that sausage has conquered the culinary world. The global popularity of sausage is undeniable. Chorizo, linguica, luganega, wurst… cocktail, weiner, franks, brats… Lamb, pork, chicken, goat *gasp*… Broiled, fried, grilled, smoked, cold, hot… You get the picture? Lots of sausage, lots of varieties, and lots of methods.

Sausage has a primary defining characteristic. The meat must be chopped up. That’s it! This is where I draw an initial parallel to a network. A network moves data. After that, anything goes with sausages, or networks. Maybe you have a network of sausages? Maybe you’re a network engineer at a sausage company?

Sausages are also very regional, sort of like networking vendors. Your home tribe may consume just one type of sausage. Maybe your tribe likes a wide variety of sausages. There is nothing wrong with either food choice, that’s just your taste.

The networking world can easily draw many parallels with sausage making and I could go on for hours about how the “sausage gets made”. Our presenters at Networking Field Day 21 talked a lot about one specific aspect of sausage making — network sausage automation.

So, if you like sausage, do you prefer sausage from a package or fresh sausage from a butcher? Network automation parallels this quite well. I like sausage from a butcher, but if I’m cooking for 500, I may use sausage from a package. It doesn’t mean I’m going to eat sausage from a package 100% of the time. I want both, but for different reasons. So give me network automation for the time I want to do something 500 times, but I don’t want automation for the design. I’m looking at you, [insert vendor here] that’s going to “green field” my data center with your “automation”. No thanks click-button-get-fabric.

Is network automation going to take your job? That depends. Are you a sausage stuffer? If you’re going to stand there and stuff someone else’s sausage all day long, then you ARE replaceable. According to Replaced by Robots – Sausage Stuffer, there is a 98% chance that “Sausage Stuffer” will be replaced by robots. Those automation machines exist and those packaged sausages are likely never touched by human hands. Life pro tip – don’t be a sausage stuffer. Create a recipe, be the chef, get your hands dirty, touch the sausage.

Also, according to Replaced by Robots – Network Engineer, there is a 3% chance of Network Engineers being replaced by a robots. I believe that statistic is very accurate. There are to many different kinds of sausage to believe a machine is going to automate your recipe. Unless you build the sausage automation machine. However, that isn’t an easy thing to do. Networking vendors spend millions on scalable platforms to perform all the necessary layers of automation. I hate to say it, but your *nix box with a few playbooks is not a ‘platform of automation’. It will help you package some sausage, but you made that sausage, created the recipes, and hold them dear, and call them George.

Some Networking Field Day 21 presenters showcased their automation platforms specific to their own solution. Some presenters showcased their multi-vendor approach to a platform. Either way the point was very clear, automation platforms are incredibly hard to build, maintain, resource, and pay for. Entire companies are being built around platform creation and very few, very very few companies are internally well equipped to build a platform. Some companies think they can make their own sausage, package it, sell it, and eat it, but that is a long way from reality. If you’re not already talking the language of cloud native application architecture, maybe stop now and budget a purchase.

I once received some advice from a rocket scientist, “Configure, don’t customize, a boxed product. The moment you customize then you become the owner, the developer.” Wouldn’t that also translate to trying to automate all the ‘boxes’ on your network? Engineers in the field are barely able to keep up with the rapid pace of change from one vendor and you’re going to create a platform that keeps up with the API changes of one vendor, two vendors, three vendors??? Seriously, don’t choke on your own network sausage automation.

I’ve always enjoyed seeing different visions of the sausage making future. Networking Field Day 21 showcased several of those visions and I have some more specific posts on the way. Will network sausage automation become a reality? Well, again, that depends on your tribe, your tastes, and your budget.

Alright, I need to wrap this up. 😉 I hope you’ve enjoyed networking sausage automation. Is wasabi sausage a thing? #sooory

—– A Networking Field Day 21 Reflection —- #NFD21 @TechFieldDay

 

Firefox DNS-over-HTTPS for the Enterprise

A little bit of technology buzz is being generated around Firefox and the “default” implementation of DNS-over-HTTPS (DoH). Mozilla has decided that at the end of this month (Sept. 2019) they will start rolling out DoH as default in the browser. I’m assuming you’re familiar with DoH.

Let’s address the most obvious problems for enterprises. DNS represents a wealth of information gathering within the four walls of a business. Content control, security protections, and split DNS are just a few things to mention. Breaking host level DNS resolution of browser is a threat against these protections. The security team should already be accounting for this in their SWOT as malware has already adopted this for C&C.

Mozilla has a plan for this and has set up ways Firefox will fall back to host DNS resolution, per network session (coffee shop, home, vpn), with a few specific checks.

When does it fall back? (I don’t know all the methods and I need to get back on nightly)

  • A canary domain listed in content control systems. If the lookup is triggered Firefox realizes the host is within a content control DNS system. OpenDNS/Umbrella immediately comes to mind with their operation of exampleadultsite.com. Not actually an adult site.
    • The problem for users- blacklists are a mess, standards, and are they really going to get worldwide participation to have this canary domain created? You could write a whole blog about the gaps in these systems.
    • By the way – DoH will not be enabled in the UK because of this exact issue.
  • Safe search redirection is triggered, in the example www.google.com resolves to forcesafesearch.google.com
  • Non standard TLD detection and RFC1918 responses. This isn’t a bad attempt at triggering the fall back, but many enterprises focus on split dns which is a valid TLD. IPv6 also throws a wrench in this logic.
  • Windows and macOS, detect parental controls enabled in the operating system

So what can you do inside your enterprise?

Blocking Cloudflare is not a good solution even though that may be the initial reaction. Cloudflare obviously does a lot more than DNS and keeping up with blocking a CDN is just a painful management point. Don’t do this.

Today, Firefox may not be included in your desktop system management and this will likely become a future requirement. Users are able to manually enable DoH and specify a custom provider that isn’t Cloudflare.

You can signal non-managed Firefox installations with the canary domain, which would work while machines are on-network. This canary domain “use-application-dns.net” needs to return NXDOMAIN instead of the A or AAAA IP address. Again, to reiterate this will not block a user manually enabling DoH.

Running a proxy and/or edge decryption clearly presents you with additional options to block this configuration.

So what’s the most logical step? Welcome to Firefox for Enterprise!
… Sorry, more management, but that isn’t all bad. Consider adding Firefox as an allowed package alongside an enterprise policy.

If you’re doing psexec checks to block Firefox or SWIM then you’re controlling things differently. If you want to allow Firefox then you need to give it a policy. Firefox will check for enterprise policy to disable DoH.

  • Is the Firefox security.enterprise_roots.enabled preference set to true?
  • Is any enterprise policy configured?

Also, if you’re allowing Firefox in the enterprise I hope you are already controlling security.enterprise_roots.enabled. Firefox runs their own root program and you should be controlling those circles-of-trust. Did we not clearly explain the circle of trust to you, Greg?

What would be my recommendation? Deploy Firefox with Windows group policy ADMX templates, macOS/Linux file distribution.

Firefox ADMX templates can be found at https://github.com/mozilla/policy-templates/releases

DNSOverHTTPS – Locked

Configure DNS over HTTPS.

Enabled determines whether DNS over HTTPS is enabled

ProviderURL is a URL to another provider.

Locked prevents the user from changing DNS over HTTPS preferences.

https://github.com/mozilla/policy-templates/blob/master/README.md#dnsoverhttps

I hope I covered this information accurately. If I got anything blatantly wrong feel free to call me out and I’ll edit.

Thanks!

________________________________________________

The rabbit hole.
https://github.com/mozilla/policy-templates

Source link: https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

Source #1: “If a user has chosen to manually enable DoH, the signal from the network will be ignored and the user’s preference will be honored.”

Source #2: “When any of these checks indicates a potential issue, Firefox will disable DoH for the remainder of the network session, unless the user has enabled the “DoH always” preference as mentioned above.

Source: Pi-hole is already on it — Within the past 24 hours of this post this canary domain was merged into development https://github.com/pi-hole/pi-hole/pull/2915

If you’re looking to fall deep down the rabbit hole of DNS-over-HTTPS issues then I have the link for you. The IETF has published an extensive look at DoH risks and issues at https://datatracker.ietf.org/doc/draft-livingood-doh-implementation-risks-issues/

Information Silos – Hire a Floater

I rather dislike information silos and everything they stand for. I like collaboration, knowledge sharing, and that is likely evident by the fact you’re reading my blog post right now. The “information silo” cuts against my personality and if I keep writing in this paragraph I’ll tell you how I really feel.

So why do they exist? Scale and functional teams will create these silos. Which is necessary to churn productive work in a large business. Team X does X, Team Y does Y, and Team Z does Z. If every day at work, XYZ had to get together and discuss their responsibilities then they’d never get anything done. We all need to produce! The traditional management hierarchy makes this even worse with vertical up-down pay, titles, and promotion systems. So if you join X, Y, or Z then you may exist in that silo for a very long time.

Why these silos exist and grow hair becomes an accounting problem. To overcome the information sharing gaps you need to hire an X-Y translator, an X-Z translator, etc… and all those translation hires become expensive. For every layer and silo you create, without the translator you may get stuff done and grow, but agility shrinks.

So this is something that I picked up from way back when. It’s the concept of a “floater” which is used on manufacturing floors, assembly lines, or production lines. I once acted as a floater on a credit card statement production floor. Back before e-statements, the credit card processor was likely responsible for statement production. There was the printing silo, the warehouse silo, the production silo, and the mailing silo just to name a few. It was the “floater” that kept these silos fed. If the envelop stuffing machines needed more envelops or more advertisements then you’d go fetch it and share that information quite physically. The key point I’m trying to make is that each silo performed a single production focused task and that kept itself moving. The printers printed statements, the warehouse organized everything needed, and the mail room silo kept everything moving out to the postal service. It was indeed quite an impressive operation.

What would happen if we expected that production system to operate without floaters or feeders? The warehouse system couldn’t keep things organized if their job was also to accept and run materials to the floor. The stuffing machine operators couldn’t expect to keep their machine running if they had to get their own materials, discuss what they needed, or take the envelops to the mail room. The mail room couldn’t run at full capacity if they had to go get their own stuff or move their own mail.

The key was the “floater” who could move and operate within each of these silos. They understood key elements of each of these production silos and helped keep the larger machine running. The floater didn’t need to know exactly how to run the stuffing machine, or the printing machine, or the mailing machine, but knew _enough_ to keep it running.

The floater concept is lost among traditional IT silos. We expect everyone in their silo to know what the other silo is doing. The best we can hope for is people in one silo toss and spit out enough information so that things don’t grind to a halt. In full speed production, the teams barely have enough time to tackle their own work, much less help the other silos understand what’s going on.

Things get bad when things break down. If one silo starts to slow or fails to operate it can have a severe impact on the rest of the business. The floater can help pace things by relaying information and key pieces of details to keep things on track, slow things down, or speed things up. In the credit card processing line this was a very in-the-face approach. Quite a bit of yelling was involved.

In a small to medium sized business this is usually handled relatively easily within IT. The IT team may be just a few people and the day-to-day of working and meeting together is enough to keep information sharing afloat. When we start getting into small enterprise is where the problems begin to surface. We expect the producers in the security team, network team, and compute team to both produce and float. This results in inefficiencies and the production line starts to get messy.

Hire IT Production Floaters, seriously. It’s a real job title in manufacturing and assembly. I think floaters can help elevate production and at the same time destroy the information technology silos. As the benefits of cross-team collaboration erode the information sharing barriers each silo becomes more efficient. Functionally move someone between security, network, compute, edge, mainframe, and the PMO on a regular basis and I’ll bet it has a positive impact. Let those individuals report back as an outsider looking in. Do they have something negative to say about how the network team deals with the security team? Having been on both sides they should be listened to. Help them pace production and make changes where needed.

For fun — What would that job description look like?

Essential Functions

  • You will be responsible for performing varied tasks including network, security and testing of applications.
  • Work will be performed in different functional areas depending on the highest need at the time.
  • Must be comfortable and willing to have varied work that may change each day or potentially several times throughout the day
  • Demonstrates capability in configuring network devices and securing computing devices
  • Capable of reading and comprehending network architecture diagrams and routing protocol diagrams
  • Responsible for checking deployed devices to meet XYZ security compliance standards

Minimum Qualifications

  • Not be an idiot, willing to learn, change skills, seek out new life, go where no one has gone before
  • Able to read an OEM manual, use an IP subnet calculator, text and walk
  • Be at least 18 years of age
  • Ability to work independently

Equipment/Machinery Used

  • A web browser
  • A terminal
  • Linux, Windows, Mac networking tools

Personal Attributes

  • Ability to speak intelligently, to others smarter than you, in their own area of expertise.
  • Very strong written and oral communication skills
  • Keen attention to detail and not afraid to call anyone out
  • Ability to effectively prioritize and execute tasks in a high-pressure environment
  • Ability to build a team-oriented and collaborative environment
  • Mentally and physically flexible just in case you need to rack something by yourself in RU 42

Hire a floater!

In case you’re still here — let me know what you think!

Cisco Live – A Shared Experience

I’m not sure if you knew this, but I really love complex systems. Nothing gets much more complex than the human interactions and emotions we deal with every day.

Some days, when we work with our routers, switches and firewalls they’ll give us some unexpected feedback. What do you do with that feedback? Maybe you’ve written some automation tool or output processing program to figure out that specific output. Cool, nice, you want to not have that unexpected outcome to ever happen again. That’s the bubble computers fit in, don’t do this unless I told you to. Humans, not so much.

That’s one difference compared to when we are interacting with people. You never know what that response is going to look like to your input. Logic in – snark out? Snark in – logic out? Maybe both? How fast can you process that snark to escalate it to another level? Wow, where am I going with this.

Anyways – back to the part where I said I love complex systems. Human interaction is complex and I love observing it. I love being a part of it. I love people. I love shared experiences.

Shared experiences are part of living life. Why do you enjoy eating together? Maybe you don’t. Why do you enjoy watching movies together? Maybe you don’t. Why do you enjoy going to the lake or the beach? Maybe you don’t.

The point is – Cisco Live is a shared experience for the community of people that come there and socialize. Not everyone is there for that aspect and that’s OK. Go kill some sessions, bang out this incredible new automation workflow, awesome! However, that isn’t why I’m there and I know it’s not why several others are there. I’m there for the opportunity to enjoy a shared experience with those that have lived, loved, felt, bled, and cried the same things I have.

So back to this topic of “Why shared experiences”? Why Now Josh? Why wait until Cisco Live 2015 to start attending? The reason is – the community. I’ve been watching from afar for a really long time. When Cisco put real value ($$$) in the conference for reinforcing the social aspect is why I wanted to be there.

The social aspect, the shared experience, is why I’m there. The people are more important. Period. We all want these shared experiences in life and Cisco Live is one of the few, if only, places we can take a deep breath and make ridiculous jokes about subject matter only we’d get. You wouldn’t get it.

So where do we go from here? It’s an easy answer for me. I’ll be there, phone, lanyard, loin cloth, and backpack in tow. I’m there to talk to YOU and get to know YOU. We can share shop knowledge or not, I don’t care which, just join the conversation. Sit in the circle and say something snarky, ridiculous, super smart, or whatever.

I’m looking forward to meeting more people and watching the community expand. I’m hedging on, it’s not what you know, it’s who you know.

.. and this was train of thought.. not sure if I ended up where I wanted to.

Collaboration (insert nothing here)

I’ve been sitting here trying to think of a topic and I’m drawing a blank. So that’s what I’m going to talk about. Nothing. Zero. Null.

My current daily focus centers on connecting people to people, people to robots, and people to data. So it involves a fair amount knowledge of understanding networking principles, tools, and concepts. However, I also have to lean into the philosophical and the “being human” side. So how as a “Collaboration” guy do I get people disconnected? How do I build things in such a way you actually have a chance to get to zero? Silence. Nothing.

It really comes as a series of recommendations because the technology that exists today is focused on keeping you connected 24x7x365 to something. That something could be work, data, or media. Being “disconnected” isn’t a concept that is around much anymore. It used to be a prevalent part of working with technology. Remember the “bring your laptop in for updates” events? How about before laptops? Keeping workers functional when disconnected used to be a very real thing. Now you’re always on and the traditional work day has long drifted away.

The first recommendation is get in complete control of your notifications. Even if takes hours to figure this out you should stop and write down or type out all of the things that “notify” you. Figure out how they notify you, prioritize, and if it’s not priority then turn it off! Those little red notification bubbles on all those apps are not needed. Remember – if the product you’re using is free then you are the product. Some companies need you “plugged in” to operate. In “priority mode” there should only be 2 or 3 things that notify and interrupt you while working. In “flex mode” feel free to open up those notifications a little more.

The second recommendation is get in control of your calling and texting notifications. If you have a business number and a personal number are you using your business number? That’s one way of setting up a barrier between being on and off. You can text with your business number quite a few different ways and companies should really consider offering that. Business calls, texts, and voicemails flow and stay within the business. The side benefit is it makes it easier for other people to cover your work as needed. If you need to disconnect for vacation, family, or whatever you can redirect that flow of information. It’s not so easy if the flow of information is direct to your personal. I think this is hugely important for getting to zero.

The third recommendation has nothing to do with technology. It has to do with you as a human exercising some deep rooted control over yourself. Tell yourself you’re done with work between certain hours. Tell yourself you’re done with all screens for periods of time. I’ve learned some things firsthand watching my children. Creativity doesn’t fully realize itself when we are constantly connected and feeding our minds. We need to be bored. We need to be off. Zero. Nothing.

I’m not treading any new ground here in anything I’ve said. There are some really awesome articles and research available on these topics. I highly recommend making sure you know how to disconnect without interrupting your work streams. If you’re the single individual in a corporate IT department get on contract with a managed services company to back you up. Everyone needs a break. Take one.