Today many businesses are looking to squeeze more productivity out of their existing technology infrastructure. It just so happens that I love helping them unlock features that they never knew existed to provide a cost-effective technology solution to a business need.

For example, many organizations own a mysterious blue box buried in a wiring closet somewhere with the words “Cisco 2800″ printed in white across the front bezel. I am of course talking about a Cisco router; it usually runs for years with little or no intervention.

It never ceases to amaze me how these little devices are underutilized; they are FILLED with potential functionality. I would like to share with you three really cool—but little known– features of your router that offer big benefits. Since every IOS feature set is different depending on the version, check the Cisco Feature Navigator to verify support.

DISCLAIMER: A misconfigured router can leave your network in a nonfunctional state and we never recommend tampering with ISP-owned CPE equipment. Always work with a certified IT professional before making network hardware configuration changes.

Network Based Application Recognition (NBAR)
NBAR is a mechanism by which your router can identify predefined types of traffic. Once the traffic is identified, it can be added to a class map, which can be added to a policy map (QoS feature) and thus marked for special handling.

So what does that mean?  You know all of that BitTorrent traffic, such as Kazaa, Napster, and Grokster? Your router can pinpoint this traffic and slow it to a crawl (police/shape) or drop it completely. Conversely, we can also prioritize other types of traffic such as SQL and Kerberos. The advantage of NBAR over traditional class map mechanisms is that it can classify services that are more dynamic than a simple TCP/UDP port or source/destination IP.

Intrusion Prevention System (IPS)
Intrusion Prevention System or IPS is a method of intelligently identifying traffic patterns or certain types of traffic based on a signature file or “suspicious pattern” (called heuristic detection) and block the malicious traffic. Think of it as a police officer that sits in line with the traffic flowing inside your network. While there are certain hardware-based IPS devices, certain IOS versions have it built in with no extra hardware required.

GRE Tunnel IPsec VPN
Many organizations are running some sort of IPSec VPN already, yet there is a little known variant called an IPsec VPN GRE Tunnel. What is the difference, you ask?  In terms of functionality, it is somewhat similar to a traditional site-to-site VPN, but the GRE Tunnel has the added benefit of being able to propagate dynamic routing traffic such as OSPF LSA’s and EIGRP Hello messages. This is a crucial distinction: you can run a dynamic routing protocol across geographical, separate locations with all of the benefits such as dynamic path selection, route summarization and greater scalability. 

If you have any questions about these features, or if you would like to realize more IT efficiency in your operation, give us a call. Or registerfor our upcoming Lunch and Learn event, Microsoft and Cisco: A Perfect Match on September 16.

Recently I found myself scrounging under my bed looking for the dog’s chew toy. To this day I’m shocked I have a dog, let alone a chew toy. But there I was sucking in my gut so I could squeeze my hand one inch further, my fingers desperately grasping for a saliva-coated, rubber, squeaky mouse. At my feet the dog sat barking with a pinch of attitude.

“What’s up, man,” the dog barked. “Faster, faster….”

The experience left me coming to the conclusion that very little good comes from squeaky toys. Looking under my bed however did have a surprising outcome. As it turns out, deep in the underbelly of my bed, just past the squeaky mouse lay something very entertaining: a shoe box filled with old high school pictures. Hilarious, old high school pictures that reminded me of great times but also served as a stark reminder that, well, damn I’m old.

A little later I found myself speaking to my wife regarding our middle-age lives.

“Please, you’re not middle aged,” she said, shuffling around the kitchen between the dishwasher and the cabinet. “I am not married to a middle-aged man.”

“I think you are,” I said. “I can prove it”

My wife ignored me and continued to attack the kitchen work in the kind of way that bordered on obsession.

“I have some gray hair, look at this one,” I said pulling up a silver strand of hair near my ear. “There’s actually a few of these. I think I like them.”

“Means nothing. Lots of people go gray prematurely,” she said. “And I can barely see yours, it’s embarrassing.”

“My back is always hurting and I take Advil like its candy,” I said. Then I dropped the bomb.

“I like saving money, I want my house to be clean, sleep is my favorite past-time and I generally find myself thinking before acting on anything.”

“Whatever,” she said, which meant I won the argument.

It’s official. I’m old.

The truth is, having “been around the block” has its benefits, particularly when it comes to business. Experience has taught me a lot about what works and perhaps more importantly what doesn’t work. Today, I realize that when I get excited about a technology it’s because I see intrinsic value in what it does and that I’m not simply responding to the industry hype machine. In the end, I have to see something that helps business perform cheaper, faster, better.

I’m excited about three technologies: smartphones, Silverlight and the cloud.

Ok, first off, when I talk about smartphones, I’m talking about the iPhone or the Droid or hopefully, if the stars align, Windows Mobile 7. Of course, what has me excited about the smartphone space is what’s happening around applications. I’m not talking about consumer applications. I’m talking about the smartphone applications that are changing how business gets done.

It’s a relatively new arena for SWC but recently we have been forging hard into these engagements and the client meetings have been fascinating. Each discussion has brought to light fantastic, creative and innovative ways to use these devices that have significant impact on how that respective business makes money.

And then there’s Silverlight, a newer Microsoft development platform for interactive web, desktop and mobile applications. In my opinion, it’s one of the nicer surprises coming out of Redmond and seems to be catching fire in the development community. But, from a business perspective, the real Silverlight story is Silverlight Pivot. In this case, a demo speaks a thousand words (so click anywhere it says “Pivot” or “demo” in this post). At a high level, think of Pivot as a highly compelling way to view and analyze data. I have found it nearly impossible to not get a profound reaction every time I show someone Pivot. Usually, the reaction includes an expletive followed immediately with the words “You know, with something like this we could…”

Finally there is the cloud. Huge topic!  I won’t even begin to try and go into details but I want to say this. For the right folks (because the cloud isn’t for everyone), this model can have massive economic benefits. In some circumstances the cloud should free up innovation and allow business to chase opportunities that they would have once thought impossible. I guess in short I want to say that almost every technology conversation today should begin by asking, “Does the cloud make sense here?”

I often find myself telling others how I love the technology industry because it’s always changing and constantly challenges us to find the lightning in the bottle. Every once in a while a few technologies come along that are striking reminders of this sentiment. It’s always fun when this happens and I’m excited about the days, weeks and months to come.

Even if I am old.

Anyone who uses SQL in their environment is at risk for what we at SWC like to call “digital cholesterol.” How do you know you have it? You might notice sluggish system performance, connection timeouts, query deadlocks or worse, complete failure or other near-disasters.

The problem for many mid-market companies is how to justify the expense of a full-time SQL DBA. Many businesses either outsource this function, hand it off to an overworked in-house IT team with little time or SQL expertise, or just put it on the back burner for someone to “get back to” when there is more time or worse, something bad happens.

If your SQL data is critical to your business, it’s imperative to properly assess and maintain your SQL environment. If your digital cholesterol means your database can’t grow with your business, that’s a big problem and it’s probably time for a checkup.

SQL servers should be assessed and maintained to determine whether the servers have been configured to established best practices. At SWC, we investigate everything from configuration, usage and performance metrics; from data we collect, we make recommendations that enhance the systems’ performance and management.

If you notice any of the symptoms of digital cholesterol, it’s definitely time for a checkup to get your system’s health back on track.

With Microsoft’s release of Windows 7, users now have more flexibility than ever before to work remotely—and your IT staff can better manage security and compliance across desktops anywhere, anytime. This is exciting news since remote access technology hasn’t really evolved since Virtual Private Networks (VPNs) were introduced in the late 1990’s.

Sure, newer versions of VPNs have become more secure, but there have been no technological advances in remote access since—even though many companies require more users to work from anywhere in the world. VPNs have several limitations, too. It’s one more application for users to learn, initiate and break. And that requires more troubleshooting and support, time that could be better spent on strategic initiatives. VPNs also make it tough to troubleshoot PCs remotely, since both computers must be available when the VPN session is running.

This is where Direct Access, a new feature available with Windows 7, changes the game. Now through Active Directory, users simply need Internet access to connect quickly and securely to your corporate network. A secure IPsec connection is created, giving the user access to your internal network just as if they are working from the corporate office.

Think about DirectAccess as a clientless VPN—there are no additional tools for your users to learn. And IT staff can work on any machine from anywhere in the world as long as users are connected to the Internet—they don’t even need to be logged in!

We have implemented Direct Access here at SWC and for many customers with great success. Direct Access is just one of the many new features of Windows 7 that allows users and IT professionals to be more productive and efficient everywhere.

 A little while back I told my marketing team that I wanted to launch a video series. Something unique and clever, I said. Something more than just the predictable, infomercial dribble that seems to ooze from every pore of our industry, I said. Something more down to earth, in the weeds, that sort of thing, like a talk show.  And I could be the host.

They had questions. 

“Are you sure?”

“I’m sure,” I said.

“Camera adds ten pounds…”

“I’ve got good bone structure,” I replied.

“Do you have a topic in mind?” they asked.

“Not yet….But it needs to be something big….but real.”  I squared my forefingers and thumbs and held them over my right eye like a viewfinder.

“Can you dig it?”

Crickets…

“OK, we can talk about show topics later,” I said.  “Who wants bubble water?”

And there you have it. The story of how SWC’s new video series “Out of the Box” was born. Join us for our first installment as we discuss today’s crazy economy, technical innovation and entrepreneurial guts with MVTRAC President Scott Jackson. Watch it and let us know what you think!

Most people understand why one of the most important aspects of a technology solution is the need for security. Oddly enough, one area in particular that is neglected most often is the switching (“Layer 2″) domain within an organization.

Why is this so often neglected?  It could be due to a lack of awareness. Also, while most organizations are willing to invest in a firewall solution, the general impression is that the most significant attack vector is from the outside. But there’s more to this story.

Here are three types of attacks that your Internet firewall, not matter how good, generally can’t stop:

VLAN Hopping: This is when an attacker gains access to the restricted network segment (VLAN) by manipulating a misconfigured access layer switch using tagged frames to masquerade traffic where it should not be. This is the equivalent of Tom Cruise using spy masks in the movie Mission Impossible to trick his foes into providing him with access to vital information and documents.

ARP Poisoning: An attacker replies to ARP requests on behalf of another host and is able to intercept traffic bound for it. Think of this as someone going to your mailbox, reading your mail, then placing the mail back into your mailbox. Only in this case what is being read is all of the data being sent to and from your workstation or server.

MAC Flooding: An attacker floods the network with an invalid MAC address in an attempt to max out the switch CAM table. Once this occurs, the switch becomes like a hub and will allow sniffing of ALL data frames on the network segment. This is like a person (we all know one!) who is normally reserved and quiet, but when they have a bit too much to drink they starting spilling the beans about anything and everything, even stuff you don’t care to hear. If you feed a switch too much Layer 2 data, it starts blabbing.

As you would guess, there is a solution for every single one of these exploits, but is your network protected against them?  If I was a betting person–and based on experience–my answer would be, “Probably not.”  The good news is that securing your internal network can generally be done by leveraging the functionality built into your current hardware.

Now let me counter these three attacks with three solutions that can be used to protect your Layer 2 domain. It should be noted that most vendors support their own iteration of this feature but may go by slightly different names, so as always, consult documentation.

SOLUTION 1 – DHCP Snooping: This strategy, generally used in conjunction with DARP (Dynamic Arp Inspection) will keep connected workstations honest. Think of this as the ultraviolet light used to spot counterfeit money.

SOLUTION 2 – Port Security: This feature limits a connected host to a specific MAC address entry. In the case of MAC flooding, the port can discard source addresses above an allocated limit. This feature is easy to set up and very effective.

SOLUTION 3 – Static VLAN membership: I can’t emphasize how important it is to remove ALL traces of dynamic trunking/tagging negotiation on your network. Tagged frames should never have the possibility to be on user facing ports. (There is one exception to this in the instance of voice VLANs, but when done properly, it does not create the security dilemma at issue.)

Obviously this list is only the tip of the iceberg. NAC, 802.1X, VMPS and RADIUS are a few of the more robust methods being used. But I wanted to emphasize solutions that likely require no additional hardware. What strategies have you used to secure your internal resources?

Software developers are a unique breed. We love to think in abstract terms. Many of us are more comfortable communicating in Java than in English. It’s a sign of a truly advanced civilization that software developers have been put to meaningful work rather than sequestered from the rest of society.

If you read my previous post, you know that I am passionate about writing software on a human scale. This means writing software that serves the user, rather than forcing the user to conform to the software. There are lots of hurdles that developers must navigate to achieve this ideal. The first is probably obvious: how to get started.

Let’s follow Maria Von Trapp’s advice in “The Sound of Music” and start at the very beginning. Before we write a single line of code, we need to have clear answers to some very basic questions. A good way to approach those basic questions is to use the classic “Five W’s” that we all learned in school: Who, What, Where, Why, When and How. Here is a quick primer on how this applies to initiating software projects:

Functional Requirements:
WHAT must the software do?
These are the “Must Haves.” Come up with a list of 5 – 10 bullet points that enumerate what the software must do to be successful. If the list gets longer than this, the project should probably be broken into smaller iterations.

WHY is it important?
These are the “Must NOT Haves.” Summarize 3 – 5 problems (as reported by the users) that will be addressed by this software. Are there things they can’t do that they need to accomplish?  Are there things that are harder than they should be?  Are their customers complaining about issues or missing functionality?

Resource requirements:
WHO is required to be successful?

• Developers and other technical experts
• Project managers
• Business domain experts 
• End users  and customers

WHERE will the project work be done?
Do not make assumptions about the geographic location of any resources (human or technical). Cultural differences abound across environments, organizations and people on the development and implementation side. Assumptions about any of these differences can often make or break a project.

WHEN will the software be ready for the user?
This will likely be a moving target as information changes. Start somewhere with your best guess. It’s much easier to alter project timelines as you go than to shoot for vague or unspecified targets.

Experience requirements
HOW will all these other questions and answers be integrated?
This is the last question you should ask yourself. As you review the Five W’s, you should have a clear enough view of the significant details that you can say with confidence, “This is how we should approach this problem.”

Over the next few posts, I’ll unpack these a bit and discuss how we can use basic journalistic techniques to learn what we need to know to get started. In the meantime, what questions would you add to this list? How is my approach similar (or not) to your approach?

The Era of Convergence. Wow…that sounds scary. But as even the most casual technology enthusiast will admit that this is the environment we live in.  DVD players with wireless Ethernet that allows streaming of content; telephones are no longer “telephones” but mobile devices, digital music players, cameras, PDAs, etc. and the list goes on.  It’s hard to identify an area of technology that has not been affected by the ever increasing synergy that a wired (and wireless) society affords.

It’s exciting, but in a corporate environment, there can be unexpected side effects and even contentious situations when making technology paradigm shifts. A perfect example is moving away from traditional telephony (PBX) to voice-over-IP (VoIP) systems. Historically, an organization likely had one group managing their telephony and one group managing IT. With the introduction of VoIP, we now have a shift away from dedicated copper for phone lines to, potentially, running the desk phones over the existing corporate LAN.  (Can you say, “convergence”?)  Politically speaking who owns it?  Does the legacy telephone group understand the new technology?  Do you invest in training dollars to get their skills on par?  Or is it done the other way around: will the IT department now take responsibility for the phone system? (Because, you know, IT people have so much free time on their hands.) Which leads us to an interesting conclusion:

Technology adoption + convergence = drama
Why, you may ask, does this all add up to drama? Most commonly, people fear change or feel threatened (“Will I have a job?”) or sometimes both. In the case of our transition to a VoIP system, if the IT department takes responsibility for this, the telephony group may feel as if their responsibilities are being diminished; they may worry about what the next wave of changes may mean for their jobs. If you manage groups of people and are moving ahead with or just considering new technology adoption, it’s important to consider the political boundaries that might be crossed.  

Here are 3 pointers to help ensure a successful adoption across the board:

Recognize key players in your organization.  Every organization stands to benefit from the unique perspective and wealth of knowledge senior members possess.  Leverage their insight as a means of implementing change. Getting to know your people will also let you know when ”toe stepping” is going to occur. Most people understand that technology can and does change, and that the only way to survive is to adapt; they deserve the opportunity to understand the trajectory and hop on board.

When considering technology strategy, don’t “over hire.”  Just because you have adopted a new technology, don’t assume you need a full-time subject matter expert (SME) to manage this domain. You may be able to leverage an outside consultant to oversee deployment and execution; in most cases, this is the only way to get the needed expertise within budget. For long-term support, supplement your current staff with additional training and maintain a relationship (and budget) with your specialist consultant for issues that are beyond the expertise of your staff.  

Be thorough and take your time.  Just because something “new and improved” comes along, don’t minimize the impact it will have on your people.  If they are not able to leverage the technology, it will frustrate them and your business will not benefit. Creating a technology road map will help prioritize and negotiate reasonable time frames for adoption. To the extent feasible, ensure that everyone in the organization knows the road map.

While there will never be a one-size-fits-all solution, you can alleviate any unnecessary “drama” by understanding your company’s culture and political boundaries, then managing your employees’ expectations accordingly. So your equation will look more like technology adoption + era of convergence = success.

Are you old enough to remember when Disney World handed out ticket books for the rides? Each ticket had a letter–A, B, C, D or E–and was valid for one ride. ”A” tickets were for the least interesting rides, while ”E” tickets were for the best, most exciting rides like Space Mountain. Of course each booklet had way more ”A” tickets than “E” tickets. 

I can still picture my parents flipping through our ticket books, counting how may E’s we had left.  Should we ride Space Mountain again? Or wait to see if the line for Pirates of the Caribbean would go down? At the end of the day, we would ride the horse-drawn streetcar up and down Main Street several times. We always had B tickets to burn.

They got rid of those tickets a long time ago (1982 according to Wikipedia), but I still remember what it felt like the first time I realized I could ride Space Mountain as many times as I wanted. As a roller coaster-loving 11-year-old, it was pure joy.  I remember standing in line with my brother for our umpteenth blast-off and talking about what a great idea it was to get rid of tickets. “Why didn’t they do this sooner?” I wondered aloud. “It makes so much sense to let people ride the rides they want to ride when they want to ride them.”

I was a real philosopher, huh?

What I couldn’t have understood at the time was that keeping tens of thousands of visitors fairly evenly disbursed across a park of that size is a logistical nightmare. The simplest solution is to give people limited access to the best rides. In other words, force the guests to use the park in a way that works best for Disney.

The lettered ticket system was replaced by an intricate system of electronic passes and limited-availability tickets.  I can’t begin to imagine how complex the system was to develop. But it works; it’s fairly amazing, actually. And I still get to ride Space Mountain as much as I want.

In my experience with software projects, I too often find myself tempted to take the B-Ticket approach. I want to avoid the complexities of giving a user the experience they want. At times, it’s a budget concern. Other times, there are technical issues. 

The more I design software, the more I find myself wanting to create systems that operate on a human scale. Ultimately, software must work for people; not the other way around! To create a useful tool, the user’s desires must be the primary concern whenever possible. In the real world, technical hurdles and budget constraints sometimes force us to compromise. If the user’s ideal solution isn’t viable, the compromise must be just that–a compromise.

A solution should be crafted that finds the closest fit to the user’s ideal rather than the easiest for the developer. People want to ride Space Mountain, not the Mike Fink Keel Boats. Herding people where they don’t want to go may address overcrowding.  But the rides exist for the riders, not the other way around.

In this blog, I’ll be tossing out thoughts about how to write software that operates on a human scale. Please post your own thoughts and comments. There are as many ways to solve software problems as there are users. The more conversation we get going, the more we’ll all benefit. And the more our users will benefit.

Incidentally, if you happen to be a great lover of Mike Fink Keel Boats, please accept my apology for my flippant disregard.  Ride them to your heart’s content. That means one less person in front of me at Space Mountain.

The latest news release says that 90 million Windows 7 units were sold in 6 months–a record pace! Having used Windows7 and incorporated its enterprise features like Direct Access (bye-bye VPN), I am completely on board. People always ask me, “Pete, should we move toward Windows 7 now or wait for Service Pack 1?”

The answer is “NOW” and here’s why:

High Performance: Windows 7 has outperformed XP and Vista on independent benchmark tests around the world.

New Enterprise Features: Strong new enterprise features like Direct Access, Branch Cache, AppLocker and Virtual Desktop Infrastructure (VDI) are easy to use and offer more productivity.

Compatibility: Windows 7 was tested more thoroughly than any OS ever created with third-party vendors. In addition, solutions in the VDI allow you to be flexible with application and desktop virtualization.

It’s what Vista was intended to be: Built on the strength of Vista’s security features, Windows 7 offers easier to manage User Access Control, more flexibility with third-party vendors (applications, hardware), and is just plain more aesthetically pleasing (AERO).

I know a lot of you out there are used to waiting for the first service pack before upgrading.  Think of Windows 7 as the service pack to Vista or Windows XP.

Until next time, where my topic will focus on the oh so taboo desktop deployment strategies for Windows 7 and Office 2007/2010. SWC has got the formula. Here’s a teaser: MDT (WAIK) = WIM + WDS = Deployment Success!

Which feature of Windows 7 are you most excited about?