Today was a frustrating day. I was hoping to have a video to show you but the best laid plans…

Essentially, I was thwarted because part of the video would have involved using one of the company’s projectors, and it seemed that the computers I had administrative access to didn’t have sound, and the computers that had sound didn’t grant me administrative access – access I would need to install Macromedia Flash.

(I’m appalled. I mean, why don’t I have root access to all the company’s computers? I mean, I’m the company blogger, for crying out loud. Without me, the company wouldn’t have a blog, and without the blog the company would… uh… erm… maybe have a Google Pagerank of 5 instead of 6? Anyway, the point is, I provide a highly demented demanded service for the company…)

Anyway, we’ll have to reschedule that video. But it does make me realize the relationship between network performance and network security – and that is, that if the application your end-user needs will not run, you’re essentially looking at an effective network performance of zero percent for that application. While there are tons of monitoring solutions for determining up/down status, and one really groovy monitoring solution for application performance, not being able to use the application in the first place is a frustration that probably won’t show up in the NOC, but is there nonetheless.

It also makes me think about the “cry wolf” scenario with security. Look at the dreaded UAC for Windows Vista. I have a Vista box. First thing I did was disable UAC. (Second was install Firefox.) Too often when people interact with computer security, it is preventing them from doing something useful, rather than protecting them from something harmful.

So any time that you can take security away from the forefront and put it in the server, the less people have to interact with it, the less they get pissed off and the less likely they are to ignore warnings when something bad does happen. This, of course, requires keen insight into the behavior of the network and ways to detect anomalous behavior in real-time.

As for my personal problem with computer security – it’s not really that bad. I consider myself lucky that that’s the worst I have to deal with. I’ll just send in an IT request to set up the audio on the projector next week.

Australia drops Internet filtering plans, New Zealand backtracks on S92, and in Sweden, the Pirate Bay is on trial. 

The world is interesting these days.

First, Australia: According to the Sydney Morning Herald, the Australian Government’s plan to introduce mandatory Internet filtering (which we’ve covered previously) has been effectively defeated when independent Senator Nick Xenophon switched to supporting the Opposition/Greens coalition.  And the Herald was not pulling punches on the measure’s failure.

The Communications Minister, Stephen Conroy, has consistently ignored advice from a host of technical experts saying the filters would slow the internet, block legitimate sites, be easily bypassed and fall short of capturing all of the nasty content available online… Even the trials have been heavily discredited… Senator Conroy originally pitched the filters as a way to block child porn but - as ISPs, technical experts and many web users feared - the targets have been broadened significantly since then….

This week, a national telephone poll of 1100 people, conducted by Galaxy and commissioned by online activist group GetUp, found that only 5 per cent of Australians want ISPs to be responsible for protecting children online and only 4 per cent want Government to have this responsibility.

As our interview with Mark Newton last October, a network engineer from Australia, showed, the problems with the filters were twofold; in addition to blocking legitimate content, it also degraded network performance severely. 

One of the problems was the mission creep of the blacklist, which started with “illegal content” but broadened to include mature but legal content, and last week, there was an uproar after it was discovered that an anti-abortion group Web page was placed on the blacklist. 

Meanwhile, across “the ditch,” in New Zealand, the National/ACT/United Future coalition government has delayed action on a piece of legislation known in shorthand as “S92” – Section 92 of the Copyright Amendment Act.  This law would cut off Internet access for people accused of copyright infringement.  The accusation would not need to be proven, and Section 92 contains no punishment for a mistaken or malicious accuser. 

In response, protestors started an “Internet Blackout” protest, with black protest signs, completely black Twitter profile icons, and black Web sites.  When the law was delayed, the protestors returned their icons.  Media 7 News Reporter Russell Brown wrote about the incident on his blog, “Hard News.”

The protest virtually came out of nowhere last week -- it was conceived in a schoolroom in Warkworth on the Saturday, and enacted on the Monday. The mobilisation involved was really remarkable.

The protest was also a success because it has fostered a new voice on copyright and creative issues; one that isn't an industry or technical body. The Creative Freedom Foundation's petition has 12,000 names -- and 8000 of the signatories identify themselves as artists. That's remarkable. It has attracted worldwide attention.

And finally, in Sweden, the Pirate Bay trial is ongoing.  The prosecution had dropped about half of the charges by the second day of the trial, and two days ago, the charges in the case were altered, making the case look more and more likely to go in the Pirate Bay’s favor.

The thing that interconnects all of these cases is that I think this – and I may be wrong here – I think this represents a trend that the public is becoming more informed about the impact of legislation on the Internet’s capabilities and on network performance specifically.  People are becoming informed – and more importantly, active and engaged in Internet issues, to secure a network that performs to the best of their capabilities. 

Of course, I could be wrong. 

I really hope that you enjoyed yesterday’s “Geek vs. Wild” post.  Partially because it was really fun to do and if I get enough feedback, I can justify going back out into the woods with Ben to film sequels. 

One of the things that I hope you noticed on “Geek vs. Wild” was that most of the audio came from a lavaliere microphone on Ben; the Sennheiser SK/EK 100 series, specifically. Don’t get me wrong, the audio isn’t perfect, but I like how it turned out. 

I’m an amateur filmmaker in my spare time – you can check out the short documentary films I’ve edited for GeeksAreSexy.net on different inventors – and the one thing that I was totally unprepared for when I got into this hobby was how important audio was to the whole experience.  I probably have about twice as much money sunk away in good audio equipment than I do in actual film and video equipment.  It’s just that important to communicating the story that you’re trying to tell. 

Still, I know I could do better – yesterday, for example, I used the company’s Canon HG10 camera – a nice high definition camera, no doubt about it.  However, one of the features it lacked was a way to do manual gain control.  On my home rig, the Canon HG20, I use both manual gain control and a third party mini-mixer from Juicedlink so that I get fine control over the audio.  So I’ve got lavalieres connected to transmitters connected to mixers connected to the camera. 

But you know what one of the most important parts of the audio setup is?  Connecting a pair of headphones to the camera – the last link in the chain – to make sure that what I’m hearing is what will be on the tape – and to make sure that the quality of the sound meets expectations. It wouldn’t work if I tried to listen in on the mixer, on the wireless transmitter – it’s only how good it is in the camera that makes any difference at all.  If I tested the audio, say, at the mixer, a simple disconnected cable between the mixer and camera would mean that I have no sound at all – but the test would sound crystal clear!

It’s the same way with VoIP and VideoIP – Sevcik and Wetzel over at Network World have written about the importance in the difference between Quality of Experience (QoE) and Quality of Service (QoS) – while good QoS policies can preserve and encourage good QoE, the two are not the same.  Additionally, using standard networking tools, designed for TCP/IP connections, may not be able to provide the type of information that you need to monitor QoE on UDP based VoIP connections.  As Sevcik and Wetzel put it:

At this point we can hear you say: "But my tools monitor packet loss so I am all set." You may think you are because you have a tool that looks for packet drops on network routers. The tool probably monitors for output queue drops on critical links--like where large numbers of links converge or at boundaries where traffic flows from a high speed link (say a LAN link) to a lower speed link (like a WAN link). Although this is useful information, it is not enough.

The reason is that packet loss can occur anywhere along the path. Loss often happens because a half/full duplex mismatch prompts a layer 2 error that remains undetected by the Ethernet collision mechanism because of the mismatch. The packet is dropped because it's incomplete or has a bad checksum so no router queue ever sees it. The router reports that there were no packet drops, but this packet never even got there! A noisy copper line, bad Ethernet cables or even a router interface that is unmonitored can cause similar results. The fact is that even though your tools tell you all is well, the application is still missing data and the voice quality will plummet.

So when detecting problems with VoIP, it’s important to use tools that can monitor Quality of Experience as well as QoS – that detects things like jitter and noise, rather than just “dropped packets.”  This is what makes VoIP such a difficult application to carry over the network. 

The last time we saw Ben Erwin, he was playing Ping Pong while explaining how to leverage Cisco’s NAM. Today, we went out into the woods and filmed his alter ego, “Network Survival Expert Moose Dentabling” out in the Texas wilderness, relying solely on what he can find inside old network gear for survival.

Really, I think it might just be that case of insanity that’s been making the rounds. We really can’t justify this other than we thought it would be cool, and it was 72 degrees with no humidity in the middle of February, so we were willing for any excuse to head out and still “work.”

So please enjoy “Geek Vs. Wild.” You can view it here, or you can check it out in full high definition at the YouTube page.

But while I’m on the subject – or rather off the subject, I wanted to mention a couple of things. First, when I was uploading the video to YouTube, I noticed this gem about a bunch of geeks who incorporated network monitoring (for fault) into their Christmas Lights setup.

Second, you’ll notice in the video that we used the iPhone “Campfire” app. For $.99, it was worth the laugh, but I had a heck of a time getting it onto the iPhone. See, the iPhone only allows you to sync to one computer at a time. You used to be able to hook up an iPod via USB to any computer and then use that to play music directly from the iPod, provided that you had iTunes. Not anymore – if I wanted to install the “Campfire” app, I would have had to delete all the songs on my iPod so that I could “sync” with the new computer.

Why couldn’t I have just bought the application and downloaded it over the 3G network? Because Apple/AT&T prevents the installation of applications over 10MB in size over the 3G network in order to preserve that bandwidth. A smart move, but combined with the sync problem, it created a major headache.

Why did you do that, Apple? Why can’t I use my iPhone at work and at home?

Eventually I did have to erase my iPhone music, which ticked me off, naturally. It just goes to show that you can be overzealous regarding security (in this case, the technology securing me from accessing the music I own), and overzealous regarding network performance and end up with ticked off end users.

By Brian Boyko

I wish my love life were as thrilling and fulfilling as the love life of NetQoS Performance Center.  The charming network monitoring suite just hooked up with EMC Smarts.  They not only hooked up quickly, they’ve started cohabitating: Through the NetQoS Connector for EMC Smarts, you can now view performance data from the EMC Smarts management console.

I’m insanely jealous.

When I wake up alone in the morning, I often find myself wondering what it would be like to settle down and find a nice special someone, or some management console, to settle down with.  Someone who cares for you deeply.  Someone who doesn’t overlook your faults, but rather, does everything they can to help you detect and correct them. 

I mean, I know NetQoS Performance Center is my friend, and I’m happy for him. Really.  I just – you know, I’m just kinda waiting for it to be my turn. Where’s my little network suite baboo?

It just seemed the other day that all NetQoS Performance Center was doing was single-direction, trap-level integration with Smarts.  But it came as a complete shock when NetQoS connector came out with a bi-directional orientation which allows the NetQoS Performance Center to alert the Smarts console to a problem, and allows NOC personnel to have direct access from the Smarts console to appropriate NetQoS performance data for quick analysis and troubleshooting. 

You gotta admit, they make a great pair.  Network operations groups relying only on Smarts sometimes didn’t know about an application slowdown until an end-user calls to complain, and then, since they lacked the performance tools to investigate the problem, it used to get escalated to the engineering group, causing all sorts of troubleshooting delays. Now the performance data is right there and NOC groups can start to get to the source of the problem much quicker.

Matt Sherrod, Vice President of Product Management for NetQoS put it this way: “The NetQoS Connector for EMC Smarts is really a shrewd matchmaker, resulting in a marriage between performance and fault that better arms NOC staff to proactively monitor application performance and take action without escalation or having to learn an entirely new product or discipline.”

I’m really bad at weddings.  I don’t know the protocol, don’t know how to address the hosts, and am really lousy at conversations.  Not so for NetQoS Performance Center and Smarts, who, simply clicked in the right way (with a right click) and now include protocol, host and conversation data for every interface to understand traffic composition across the WAN, and response time break-downs by network, server, or application for every TCP-based application to understand where performance issues originate. 

I think most of my performance issues originate from my lack of self confidence, really. Say – do you know if Smarts has a sister?

Last time Cisco came out with a game to market their routers, I pretended to knock off Yahtzee from Zero Punctuation. This time I’m not going to do that because my fake British accent from Australia stinks.

I will however talk about Cisco’s new Cisco Edge Quest 2 game – designed to market the ASR 9000, as the original Cisco Edge Quest promoted the ASR 1000. CEQ2 is a much better game than its predecessor. In the new game, you go around collecting packets (green squares) on 5 different tracks. You avoid network disruptions (red) and collect speed-ups (blue). If you pick up damaged packets (purple), and have 10 seconds to repair them (orange) otherwise you suffer a network disruption. Network disruptions lower your uptime, and if your uptime is less than 99.999 (it starts at 100.00000), you lose the game.

The mechanics are functionally similar to Audiosurf, and just as Audiosurf is a fun game to play, CEQ2 is as well. As a criticism, however, I’d have to say that CEQ2 may be more fun to play, but it’s less educational.

With the previous CEQ, it at least illustrated different technologies, like “parallel processing” within the metaphor of the game. There’s no metaphor here – it’s just a game. You can call the green squares “packets” instead of “green squares,” but they’re fundamentally without any networking context.

There are interstitial advertisements that try to talk up the ASR 9000, but they’re pretty much skippable; and people will probably skip them even on the first time through. This is mostly because the format that they take, “faux news reports,” typically doesn’t work. Even if it was working, these ads have nothing to do with the actual game itself. It seems like a really, really bad commercial, interrupting the flow of the good time you have with the game.

That said, CEQ2 is probably good for Cisco’s branding. Maybe we should look into making a game of our own someday. Hmm…

The Cisco EnergyWise solution, which we wrote about earlier when it was unveiled at CiscoLive! in Barcelona, is starting to gather some attention.  For example, the Forrester Infrastructure Blog recently wrote about how EnergyWise can change basic assumptions within the ruling theory of IT.  (And yes, I wrote that all out so that I wouldn’t have to write a phrase as clichéd as “paradigm shift.”)

Still, when the shoe fits – the idea of “Green IT” has always been about reducing the amount of power consumption of IT itself; lowering utility costs.  Using IT to reduce the amount of power consumption for the company as a whole is an abrupt step change, advancing and augmenting the capabilities and responsibilities of IT in a revolutionary manner.  (Or… I guess you could call it a “quantum leap” if you had to…)

(Darn.  I’ve been working in this industry long enough that I’m beginning to think in buzzwords.  But I digress.)

Point is that we too often have been thinking of energy efficiency and network performance as – if not inversely proportional, than at least two goals that can interfere with each other – in that sometimes companies may choose to sacrifice one of them in order to improve the other, though most of the time, it’s mostly about finding a happy middle ground. 

But what’s happening with Cisco EnergyWise is that energy efficiency is now being shifted from a concern to a networked application.  The network can become the core of energy efficiency, rather than just a cause of energy consumption. 

This places IT teams in the precarious position of being responsible not just for the computers but for the facilities – heating, cooling, and lighting.  In other words, IT teams have just been given a hell of a lot of – and forgive the bad pun – power. 

Bad pun, yes, but resistance to IT taking over responsibilities for facilities will likely be strong because in an organization responsibility often is power.   When bad times come, and layoffs with them, companies will be more hesitant if someone is the only person in the company, “who knows how to turn on the darn lights…”

In an unrelated note, Network Instruments just released a new filter for use with GigaStor and Observer devices specifically designed to track the Conficker/Downadup worm.  More information on GigaStor can be found here. 

Ben Erwin, Technical Marketing Manager at NetQoS, comes back for another Whiteboard Series video to explain how NetQoS’s integration into the Cisco NAM means that you need fewer data collectors and can lower your costs by leveraging your existing infrastructure.

He also, for some completely non-sequitur reason, plays ping-pong.

A high definition version can be found at the NetQoSVideo YouTube Channel, here.

We talked a bit about the SuperAgent/NAM integration earlier.

As far as enterprise technology companies go, Savvis is probably one of the more interesting ones. They provide managed services for enterprise IT functions, building “IT infrastructure as a service.” (This type of outsourced IT model is more typically found in Europe, though as Savvis shows, there are advantages to using this method in the United States.)

One of the caveats that we often pointed out is the idea that relying on an outsourced IT department means that it’s difficult to make sure that your network is being managed correctly; the corporate equivalent of trusting that your auto mechanic knows what he’s doing. And to that end, we’ve recommended that companies that rely on outsourced IT have some way to independently monitor network performance.

Savvis decided to skip that step and offer network performance monitoring on their “Global Network Solutions” themselves; using NetQoS’s tools. This way, their customers get insight into traffic composition, network utilization, and application performance assurance on Savvis’ MPLS-enabled Application Transport Services.

Or in other words, independent monitoring of network performance on managed IT is now standard on Savvis. It’s kinda like when Saab made seatbelts standard in 1958.

Here’s the obligatory “the economy stinks” paragraph: You can imagine that outsourced IT functions would be appealing for many companies as they refocus on priorities. A good IT department can help you better sell widgets, but if the widget company goes under, the IT department is going to go down with it. IT enables business. IT is extremely important to the business. But IT is not the core focus of the business (unless, of course, you’re Savvis or another outsourced IT provider). Outsourced IT means that companies don’t have to worry (as much) as they would if they tried to operate an internal IT department while figuring out how to make and sell the core product.

Companies do still have to worry that they’re getting the service they paid for, though, and that’s why network monitoring will remain important no matter what solution – insourced or outsourced – companies choose to handle their IT infrastructure.

Is it that time again?  Another media outlet suggests that the Internet is so clogged up with worms, spam, and people who can be broadly classified as “jerks,” that the only solution is to ditch it and come up with something else?

I suppose it is – although this time, it’s John Markoff of the New York Times presenting the argument, which makes things a little hairier. 

Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.

What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there.

Most of this anxiety is regarding the Conficker/Downadup Worm; a worm so deadly that just one drop of it on a dog’s tongue can kill the strongest man.   Okay, no – but seriously, the worm disables Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting before downloading and installing additional malware, while creating an HTTP server to distribute itself more effectively to other computer.  Finally, the worm starts a dictionary attack against administrative passwords.  It’s not a superworm, but it is nasty. 

The Conficker worm travels via infected laptops, infected USB flash devices, and any computer that it can guess the Admin password to.

The bad news/good news situation is that any client infected with Conficker will likely experience congestion on the network from malware downloads and uploads; the good news is that this congestion makes the worm easy to detect, with a very specific pattern.  Brett Roberts, of Microsoft New Zealand, pointed out that Conficker:

“… will try every three hours to connect to specific domains over HTTP (‘phoning home’) however, unlike many other worms which use a static list of domains, Conficker’s domain list is dynamically generated by an algorithm which has now been reversed engineered.

“Because of this, it may be possible to identify infected hosts on your network if you’re able to log outbound traffic and then analyse those logs. If you see an entry in your logs for one of your systems connecting to one of these domains, that system may be infected by Conficker.

“You can also use this information to block access to those domains at your network perimeter by adding these domains to any “block lists” you might have.”

With a situation like this, network monitoring and network security overlap – and  the same network management strategies, tactics, and tools are needed to provide both security and performance.

But going back to John Markoff, while you can debate the merits of having an information superhighway which requires drivers licences, does the idea of a “gated community” internet even begin to address these problems?   Conficker is mostly an Intranet, rather than Internet worm; it spreads through USB and corporate networks, which are already much more of a “gated community” than any reform to the Internet will ever be. 

Gated communities on the Internet have tried – and while some have succeeded as business models (Facebook, Myspace,) they cannot be said to be completely secure.  Perhaps the last time we saw a “gated community” model that actually was secure was back during the days of AOL, Compuserve, and Prodigy, which essentially provided all the content internally and did not allow users to generate their own.  Any move towards this model would be counter to the trends of user-created content which have made sites such as Flickr, YouTube, and Digg successes. 

There’s a maxim that any computer or program that prevents it’s users from doing stupid things also prevents it’s users from doing clever things.  I can’t imagine that an Internet that prevents stupidity would encourage intelligence. 

I’d rather risk it out here with the bad guys and the bugs, because among them are the truly brilliant.