LandWarNet 2009 in Review

I spent the week of August 17th in Ft. Lauderdale, FL attending the LandWarNet Conference. This was my first time at the conference, so I figured I would share a bit of my experience with you.

This year’s theme was, “A Global Network Enterprise Enabling Full Spectrum Operations for the Joint Warfighter”, and the exhibiting companies came from a range of technology industries including government consulting, military equipment to software.

While the show is predominately Army-focused, there were some smaller mixed groups in attendance as well. Attendance was strong, considering the state of the economy and the majority of the show sessions were full. The show floor was lively the first two days, but emptied out on day three. According to many LandWarNet veterans, the show is a magnet for hurricanes and has been closed early numerous times, so I’m not surprised people didn’t stick around the entire time.

Here are a few pictures from LandWarNet:

5 Tips For Getting the Most Out of Your Network Management System

Monitoring and managing network devices is becoming increasingly challenging. But it shouldn’t require a computer science degree or weeks of training to use a network management system (NMS). Here are five tips to help you improve the quality of your monitoring efforts and reduce licensing costs using your NMS.

Tip 1: Only monitor devices you really care about.
Be sure to review the inventory list discovered by your NMS. Remove any devices that your team does not manage or that you wouldn’t respond to if a failure occurred. You may be tempted to keep these “just in case,” but they can clog your database, slow your system and make it harder to see more important issues. This can even save you money, since most vendors charge by the number of devices you monitor.

Tip 2: Reduce the number of SNMP community strings.
Networks that have a large number of SNMP community strings take more time in discovery, often much more time since discovery systems must test each community string and timeout before moving on. It’s a common problem since strings frequently get added whenever a new Network Engineer joins the team. A better option is to create a uniform policy with no more than one SNMP community string for each type of device. For example, you could create a unique community string for routers & switches, security appliances and servers. If you need additional security, consider SNMP v3 or use the SNMP security feature on most devices to block SNMP requests from unknown destinations.

Tip 3: Use visual aids.
When appropriate, use a floor plan or geographical background image as part of your network map. Network layouts become more tangible and you’ll recognize devices and where problems or bottlenecks are occurring more quickly by using a visual aid.

Tip 4: Implement a standard naming convention for your network.
Use a naming convention that is readable and can grow with your network. It may seem hard to go back and change all the devices now, but recognizing those elements will become much easier in the future. Try something like this:
.....<#> SFOCA.1.RTR.CSO.4500.1
Which in friendly terms, means: San Francisco California, Site 1, router, cisco4500 #1. Now you’ll know right away where the problem is and on what device. In addition to being clearer, these types of conventions are scalable. Even though you may not support multiple sites or cities today, you’ll be ready when your organization grows.

Tip 5: Set rules and alerts.
Red lights and green lights are fine for showing the hard up/down status of devices, but there are many states in between. Take some time to understand normal performance levels in your network then tailor the rules of your NMS accordingly. It will pay off if you can be alerted when conditions start to deteriorate and allow you to respond before customers experience a problem. For example, monitor the interface utilization of end users or the switch ports they are on. If a user switch port is at 70% utilization, you may want to be alerted of high bandwidth consumption. On the other hand, bursts above 70% may be normal for your users, so that type of rule would cause an excessive amount of false positives. Instead, some systems will let you set alerts only when the interface utilization stays above 70% for an extended period, say 30 minutes.

Take some time to consider these five tips and if you have any feedback let me know.

Using SNMP for Network Troubleshooting

Here is a network troubleshooting tip to consider. Simple Network Management Protocol (SNMP) is used for getting notifications and performance data about networking devices. It can also be useful in a non-traditional way as well.

When most networking devices are very busy they stop responding to management requests and focus on core routing or traffic-level tasks. As a result, if you see increasing SNMP response times or worse complete SNMP response failure, it’s likely a leading indicator that a device’s performance is nearing the user impact stage. The device may not be down yet but, it very well could be shortly. Use this indicator to your advantage and start monitoring SNMP response time and failure rates. Be sure to keep a close eye on these devices and you’ll know about problems before it's too late.

Why use SNMP v3?
Need stronger security than community strings and access lists can provide? Consider moving to SNMPv3 if you haven't done so already. SNMP v1 and v2 are sufficient for many networks. When management traffic must pass over the public Internet, however, SNMP v3 provides improved message security that can be important.

Enhanced security features in SNMPv3 include:

- Message integrity to ensure a packet has not been tampered with in transit.
- Authentication and verification that the message is from a valid source
- Encryption of packets to prevent snooping by an unauthorized source

Whirlwind Tradeshow Tour...

This week I'm in Ft. Lauderdale at the LandWarNet show and next week I'm off to AFITC in Montgomery, AL. The whirlwind tour is off to a good start. The skies are bright and no hurricanes are on the forecast. For those that won't make it to LandWarNet this year, I'll be updating the blog with some information about the show and the seminar tracks.

It's always interesting to see what technologies industry is providing the military to improve their information advantage in the battlespace at these shows. If you're interested in learning about some solutions Kratos Defense will be presenting drop by booth #1513 at LandWarNet and booth #542 at AFITC. We are going to be demonstrating some interesting solutions including example workspaces created to provide Program Managers with a centralized view of all project related information, business intelligence dashboards displaying operational metrics, network management solutions for strategic and tactical networks and learning solutions to optimize workforce development.

Hope to see you soon.

Preview the next set of Free Network Utilities…

I just finished previewing three free network utilities that Kratos Defense & Security Solutions has developed. These have NOT officially launched yet, but I wanted to give blog readers the first crack at downloading and checking them out. You can choose from Army or Air Force skins (or both) and use these utilities from your desktop to:

1. Test download speeds (nice to know if your T1 is doing well)
2. Monitor any SNMP OID metric (Poll a CPU Utilization from a router etc…)
3. Monitor Syslog events (I sent a few firewall activities at it)

These will officially be released at upcoming Army and Air Force events in late August (LandWarNet & AFITC).

The skins make for a very cool display, everybody that came by my desk today asked about them. Just don’t tell anybody where you found the links or, I might not be given the preview next time :)

Free Network Utilities Download Links:

AirForce

Army

Five Ways to Get IT Training Cost-Effectively

In these tough economic times, keeping up-to-date and sharp with the latest high-tech skills can be very beneficial for the health of your career. Here are five creative ways to get training cost-effectively according to Network World.

1. Share the cost with your employer
One option is to offer to split the cost of training with your employer. It would cost the company more to bring in a new person than to train you in the skills they need. The solution serves both parties well.

2. Train yourself
You can gain a wealth of knowledge from self-study from online courses, books, videos and webcasts. Another resource for IT pros looking to learn is CBT Nuggets, which offers fee-based and free training products online.

3. Build your own learning environment
Building a home lab can help progress your career and be done cost-effectively (in some cases). Finding used parts and complimentary software can help with Microsoft and Cisco self-training. Check Microsoft for free trials of their products online and open source tools. Two open source projects worth reviewing include Dynamips, for simulating Cisco networks, and Olive for simulating Juniper networks.

4. Practice your skills
Use your knowledge and skills to help friends, family, charities or small businesses at low or no-cost to gain valuable experience. The effort can pay dividends on your resume and help you learn about new technologies without investing in training. This can also serve as the start of your own business.

5. Look for training discounts
Many training vendors are offering significant discounts because of the recession. It may be worth the time to do a little research to find some cost-effective training. Many vendors offer educational content at events and online as part of their marketing efforts. Keep an eye out for specific opportunities at your favorite vendors’ websites and for upcoming low cost or complimentary technology tradeshows.

Maintaining Network Awareness with Twitter…

Wanted to try a fun experiment and feed my network management alerts to Twitter instead of my email. Now let me explain, I’m using this for the alerts that are between super critical that need my instant attention (and are emailed to me) and those that can simply sit and wait all weekend or more for my attention (i.e. when I feel like looking at the NMS screen). By sending some events to Twitter (its on my phone and TweetDeck is on my pc) I can maintain “network awareness” while tweeting J or on the go.

Using the dopplerVUE network management tool, all alerts can be sent to a .Net assembly. Since Twitter has an API this part was simple – email me and I’ll send you the necessary files so you can create updates with your own Twitter account information.

Here are the steps to implement a twitter feed (takes about 5 minutes).

The ABCs of adding a twitter feed to dopplerVUE
A. Update your system with the new twitter.dll and EventService.exe.config files
B. Create a Twitter action that can be re-used.
C. Define a rule that will use the Twitter action

A – Updating the dopplerVUE system
1. Add the twitter.dll to the //systechnologies/dopplerVUE/Server folder
2. Back up your existing //systechnologies/dopplerVUE/EventService.exe.config file and replace with the new one provided.
3. Edit the EventService.exe.config file user and password lines with your actual Twitter account username and password.
4. Preference>dopplerVUE System>dopplerVUE Services Then restart the dvEventService and dvDataService

Now the Twitter action is ready to use.

B - Create a reusable Twitter action
1. Expand the NetOps> Action tree
2. Right Click on Actions and select Create Action
3. Enter an Action Name
4. Select Action Type: Custom DLL
5. Enter the assembly value of: Twitter.dll
6. Select Create.

C- Define a rule that will use the Twitter action
1. Expand the NetOps>Metric>Rules tree
2. Right click on an existing rule and select edit
3. At step 5, expand the Custom DLL folder and select the Tweet This! Action
4. Select Finish.

LandWarNet2009…IT in the Battlefield…

One of the cool parts of my job is that I get to attend a variety of technology tradeshows. On August 18th-20th the LandWarNet 2009 conference will be held in Ft. Lauderdale. If you want to see an interesting collection of IT products mixed with military gear like radio controlled mini robots that hold assault rifles, this is the place for you. If you are attending, please come by the Kratos booth (#1513) and say hi. Send me an email in advance and I’ll be sure to have an extra special gift waiting for you (compliant with govt. policies of course).

Will you Cause the Next Cyber Security Breach?

Friday’s edition of the USA Today contained an interesting article on the front page of the Money section “Virus targets firms’ financial accounts”. It goes on to explain how the Clampi virus is focused on attacking business computers where the administrator account is being used. Once hijacked, this account is then used to access PCs that perform banking transactions. Once the virus gains access to banking information, the damage can be quite severe.

The article discusses a series of steps to prevent these types of breaches, but, one in particular stands out. Don’t use your administrator privileged account for anything other than administrator duties. Create and use a “Normal” account for your day-to-day duties and ANY time you are surfing the net.

IT staff often use their admin accounts for everything. It’s simpler and saves time. Of course, this posting is written using my admin account… promise by tomorrow I’ll stop using it…