Network security basics for building better corporate systems
A comprehensive collection of articles, videos and more, hand-picked by our editors
I don't mind healthy disagreement. In fact, there are days I seem to thrive on it. A good, passionate, fact-based debate can not only be invigorating, but it can help create better systems and better outcomes for the business.
But I hate being lied to.
I'm not naive. I know that untruths happen at every age, in every business. But the fact that it happens doesn't make it acceptable, at least not in my book.
Sometimes, lies can seem cute. Like when you ask, "Did you eat the chocolate cake?" to a child who stares back with wide, innocent eyes and a chocolate goatee.
But mostly, they just hurt. Maybe they hurt less when the liar is little and more when they are big. But the pain, the frustration and the loss of trust is still there. The same is true for a network which lacks end-to-end visibility.
As a 30-year veteran in IT and a longtime network engineer, nowhere is this more true than with an internet service provider (ISP). I know very few IT professionals who trust their WAN provider, a feeling that is due, in large part, because of past lies. I'm not talking about mistakes or miscommunications. I'm talking bold-faced whoppers.
Like the time I was on a support call and the ISP tech told me, "I looped the circuit and it looks fine on my end."
"Oh, really?" I asked as I stood with the unplugged T1 connector in my hand.
When I pointed this out, there was a pause and then, "Oh, I guess I was looking at a different circuit. Hang on…"
Or like the time when after several calls about consistently slow service an ISP tech insisted it was a misconfiguration on our end. That is, until I sent them a simple ping output that showed that literally every other packet was being dropped. Then and only then did the tech discover that the bandwidth configuration on their equipment was set to half of the actual circuit speed we had ordered.
I've named just two examples, but anyone who has been working on networks for more than a few weeks probably has his or her own set of similar war stories of ISP failures or a complete lack of end-to-end visibility and accountability.
Public, private clouds converge
Why is this such a big deal to me and why am I bringing it up now? Because, whether we like it or not, hybrid IT is coming.
Who am I kidding? The odds are that it has already arrived in your data center. In fact, in a recent study, SolarWinds discovered that 34% of companies it surveyed had between 10% and 24% of their infrastructure already in the cloud, and another quarter of those businesses had more than 25% of their workloads migrated. When asked to look ahead three to five years, 3% said their entire infrastructure would move to the cloud, while half of respondents said they expected that a majority of their workloads would make the same transition.
So, if your company is already in the cloud to some extent -- which it probably is -- and that trend is only going to continue, how do you, the IT professional, validate that things are working properly?
Before answering, I want to define the challenge more specifically.
Moving part of an environment off-site (i.e., to the cloud) has the potential to affect availability, performance and security of those elements. The specific challenge is that by moving outside the corporate data center, performance and availability become tightly bound up with an area that has previously been exclusively the purview of your ISP. Service providers rarely provide insight into which of their devices are creating additional latency or what routes are available from point A to point B. So, if your company experiences difficulty connecting to a service -- be it simple off-site storage or not-so-simple containerized high-availability mission-critical applications -- how will you know if it's an issue within your environment or a problem on the cloud provider's end, or the connectivity somewhere in between?
The only way you can be truly successful as an IT professional is when you have three things: responsibility, accountability and authority. When you are missing that third element (authority) -- as so often happens -- it's a recipe for disaster because you are unable to fix or even affect the systems that you are responsible for.
The challenge of hybrid IT escalates
And that's precisely the position that hybrid IT puts us in. We are responsible and accountable for the performance and availability of the applications and services running both on-premises and off-site, but we don't have the authority to fix issues if they occur within the network cloud.
The only way to mitigate this is with a fourth aspect of IT success: network end-to-end visibility.
You need visibility into your entire environment -- on premises, in the cloud and everything in between. Such visibility has to show a variety of device types -- from routers, load balancers, wireless controllers and firewalls to storage (whether spindles or solid state), servers (whether virtual or physical) and applications of every stripe. And it has to apply to a range of vendors. And because your IT environment is only going to get bigger and more complex as it extends itself into the cloud, it has to scale up in terms of devices and out in terms of variety.
When you have such visibility, when you have the ability to push aside the veil of ambiguity that is "the cloud" and see how your data is moving hop by hop, you have arrived at the next generation of network monitoring. You have arrived at the next level of Truth.
I learned shortly after my kids started speaking -- and, therefore, lying -- that the best way to avoid being lied to is to avoid giving a chance to fib in the first place. Instead of asking, "Did you eat the cake?" you simply state, "I can see you had some cake, huh?" and start the conversation there.
With a tool that can peer into the cloud as well as your on-premises environment, the phone call to the carrier can start with, "I see that 220.127.116.11.ptr.us.xo.net has been adding five seconds of latency for the last 20 minutes. What can we do about that?" That way you don't have to suffer the frustration of hearing them say once again, "Huh, the network looks fine to me."
End-to-end visibility is possible even in hybrid networks
How to manage hybrid networks
Harnessing SDN to build a hybrid network