HistoryNet.com RSS
ArmchairGeneral.com RSS

HistoryNet.com Articles
America's Civil War
American History
Aviation History
Civil War Times
MHQ
Military History
Vietnam
Wild West
World War II

ACG Online
ACG Magazine
Stuff We Like
War College
History News
Tactics 101
Carlo D'Este
Books

ACG Gaming
Boardgames
PC Game Reviews

ACG Network
Contact Us
Our Newsletter
Meet Our Staff
Advertise With Us

Sites We Support
HistoryNet.com
StreamHistory.com
Once A Marine
The Art of Battle
Game Squad
Mil. History Podcast
Russian Army - WW2
Achtung Panzer!
Mil History Online

Go Back   Armchair General and HistoryNet >> The Best Forums in History > Historical Events & Eras > Warfare by Other Means

Notices and Announcements

Warfare by Other Means Economics, demographics, cultural, technological, and other factors that have affected the course of history.

Reply
 
Thread Tools Display Modes
  #61  
Old 09 Nov 11, 16:04
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Quote:
Originally Posted by boomer400 View Post
To be honest, I'm not too concerned about re-imaging corrupted gear; that's a pretty simple piece of maintenance relatively speaking. But if you look at the panoply of types of hardware, firmware, software that an large agency might use, the management and thus the security of it becomes more difficult. Not impossible but more problematic.

For instance, if an agency decides that it is necessary to move to Windows (the latest version) then it is usually necessary to have a timeline that matches not only the Windows OS update availability schedule but to have matching software and firmware for whatever other equipment resides in-house and is out in the field. Let's say, that the same agency faces a Windows XP, Vista issue and is using the Win7 upgrade as a way to get out of the XP EOL issue and classic Vista complaints. It will have to do for a time simultaneous maintenance on all three OSs' and the machines they reside (if they for some reason haven't disposed of XP licenses). Let's say then they decide that to avoid Windows complications in the future, they start to migrate to Linux. Now they have an additional OS (and which version of Linux/Unix?) and its' support issues as well as the fact that a lot of hardware and software doesn't support Linux or requires a lot of bit-twiddling to get Linux/Unix to see that gear. We're talking solely the basic operations for a really simple datacenter to operate, not even actual day-to-day user transactions. Not even support for much heavier servers or specialized servers.

Now, let's say that we (the agency) wants to operate its' own private cloud which is really nothing more than a datacenter with router-centricity. Ok, that means really it's going to own what it already has with "private" router connections to the Web. Whatever data is sitting in their shop is going to still stay in their shop. I seriously doubt that DOD or NSA is going to go 'cloud-centric' and move their data into the open or onto other government networks, at best, they may have a private cloudlike shop already; the environment isn't really going to change much. We're really just changing labels and access points and routing. Pretty much doubt that they're going to change their gear inhouse except to adopt more router-centric operations.

I have nothing against clouds or virtualization; they're great, may save you some money (maybe), can save some work (maybe), and offer opportunities (which is really the best part of clouds and virtualization). However, I don't think they necessarily represent some kind of security solution, especially since much of the problem lies higher on the network at the edge routers.
Let's not forget that they are interviewing NSA and Gov't security people in these articles. The edge routers are where you establish your first line of defense but it isn't the end its the beginning as you should have security layers. Which is part of the problem they are alluding to, Arpanet was such an integral part of the beginnings of the internet i don't think the DARPA truly understands it boundaries or where the internet begins and where their unsecured networks end.

Also I think our definitions of "private cloud" is different. In private clouds there are no physical boxes any longer. You have blade servers running multiple virtual machines per CPU (blades can have up to 8 CPUs) that boot to VSANs (virtual SANs) on your main SAN (storage area network. this is the model that Cisco is toting as the future for server computing and orgs have been eating this up. Your entire DC can now be stood up virtually. All the "hardware" platforms are essentially the same cause they are virtual.

Think of it this way I've heard numbers like 16 VMs per half blade card. 20 half blades in one 6U chassis. thats 320 server that fit in the space of 6 rack units or the equivalent of 18x19 in space. excluding the the cat 6000 switch and SAN that connects the servers to its' storage. Yes you read write. the storage operates over fiber channel and fiber ethernet.

Storage operating out of the network may sound like a security disadvantage until you realize that now since your servers are virtual so is your network. you have moved your network into the RAM of your blade server. routers and switched in this cloud space are now virtual and also exist in RAM.

So let's start at physical security first. based on the numbers above 1000 servers in the space of two fridges is conservative to say the least. but lets just use that for purposes of discussion. instead of securing 1000 physical servers in 4000+ square feet you security 20 square feet. with this level of server density you can also condense multiple data centers into one. So less space and locations to secure. physical security simplified check.

Let's talk about vulnerability/patch management security first as network security has some simplification but also a lot of unexpected new "space" that needs to be considered and secured. So you stand up a data center with a 1000 servers. let's just say you need to stand up the latest and greatest new network toy. no waiting for a new or recycled box. you put a change request in and in theory a new environment of say.... 20 VMs are stood up in an hour. testing complete change request put in place and the new environment stood up in the an hour in production environment. PAtches break something roll back instantaneously. new application and patches need to be tested everything is virtual. Disaster strikes. Order the new equipment you are restoring to one really large box not 1000. think about how much faster it would be to replace the environment/data center. get the picture this is a no brainer and the big sell for companies and the government.

Network security: this is where things get crazy. Internet access to 1000 servers is handled through one pipe that feeds all your VM so single point of entry and exit easy enough. Put your security appliances in between that and you Internet link, BOOM edge secured! right? yes and no! In the old not virtual world of network security yes but in the new virtual world of security you have to the think about virtual security zones, where to put your virtual firewalls (virtual firewalls are brand new to the virtual space) and switches. Do you provision systems with the same security level (secret vs top) on the same physical hardware or different hardware or can you do it at the hypervisor level (VM management module). In an non-virtual world physically disparate systems can mitigate some of these concerns. However some of these networks are so old that these wiring closets look like a closet full of spaghetti noodles. Getting people to agree to less access on existing infrastructure is impossible. So moving into architecture allows you to reset the security paradigm in a holistic and political way and this is the a huge plus.

so you yes you do open up a lot of new security space that didn't exist before. However, the space is new to both the security engineers and hackers as this space never existed before. Here's some marketing fluff that cisco uses to sell this product to its customers (i don't work for Cisco). But you if you read through the fluff almost everytime you see save cost you can replace with help secure.


http://www.cisco.com/en/US/netsol/ns983/index.html

http://www.cisco.com/en/US/solutions...vate_cloud.pdf
Reply With Quote
  #62  
Old 09 Nov 11, 16:53
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
Are there really many practical reasons to still have a non virtual/cloud set up? That is your own hardware on your own site? I've got some answeres from folks in e security industry, but want your unvarnished opinions
Reply With Quote
  #63  
Old 09 Nov 11, 18:37
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Quote:
Originally Posted by Carl Schwamberg View Post
Are there really many practical reasons to still have a non virtual/cloud set up? That is your own hardware on your own site? I've got some answeres from folks in e security industry, but want your unvarnished opinions
Yes of course, chief among them is cost. it requires about $1-200,000 to implement the above describe architecture in a bare bones level say 40 VMs (guesstimate) as opposed to a 1000. the cost goes down to pennies per server (not on the dollar) as you add VMs but initial infrastructure costs are prohibitive. This removes small business out of the target market, Mid-size orgs would have to plan ahead and consider implementation/migration to when thier organization can depreciate the costs In terms of size of a company between 200-500 people would be the best time to transition.

Legal regulatory or compliance may also impact your decision to move to a virtualized architecture. Let's take PCI that has very specific controls around virtualization. An existing production environemnt with numerous legacy applications may find it prohibitive to make the move as a complete re-design of the involved application may be necessary.

those are the main reasons against but given a large organization which a unlimited resources i would say not making the move will cost you more in the long run. Certainly thier will be security concerns. none that would preclude you from a virtualized environment but may require a one off implementation that an internal risk team would have to evaluate and create plans for. Lets take a certfifcate server or the money wire systems at a bank. both systems require dual control and special physical security concerns that need to be addressed. I'm also gonna add branch sites that need server systems and server appliances for bandwidth reason in this bucket.

On an aside, i see one critical security issue, apart from the unknown previously discussed items, which is auditing and inventory controls. The last thing you want is for a VM to slip through the cracks. Some server that is decommissioned but never taken down. Unpatched and exposed it goes unnoticed like an old novell server hidden in broom closet until it goes down or worse......

Last edited by tnbn75; 09 Nov 11 at 18:49..
Reply With Quote
  #64  
Old 09 Nov 11, 19:05
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
Quote:
Originally Posted by tnbn75 View Post

On an aside, i see one critical security issue, apart from the unknown previously discussed items, which is auditing and inventory controls. The last thing you want is for a VM to slip through the cracks. Some server that is decommissioned but never taken down. Unpatched and exposed it goes unnoticed like an old novell server hidden in broom closet until it goes down or worse......
I'll have to ask about that one. The chronic legacy problem Matt refers to is user acess that remains after the individual departs or changes his role. He implies that unused & undeleted user names and passwords are a larger security problem than IT managers realize. The other item he sees regularly is transfering sensitive info into unsecure areas.
Reply With Quote
  #65  
Old 09 Nov 11, 20:43
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Quote:
Originally Posted by Carl Schwamberg View Post
I'll have to ask about that one. The chronic legacy problem Matt refers to is user acess that remains after the individual departs or changes his role. He implies that unused & undeleted user names and passwords are a larger security problem than IT managers realize. The other item he sees regularly is transfering sensitive info into unsecure areas.
I missed one of your questions in the last post. I really can't speak about my current environment. I can tell you that i have been a pen tester and security risk assessment auditor for many companies ranging in size from small to fortune 500.

To answer your last post without fail disgruntled or ex-employees are your number one threat, number two being the rest of your employees (think social engineering). The first issue with old user accounts that haven't been disabled is still quite prevalent but Mitigated by internal business process. Regulations like SOX and PCI require that all user accounts are audited quarterly and and unused accounts be disabled. But as you can imagine if this sometimes this slips through an audit or two. an ex-employee remotes in from the Internet and if single sign on is in place its game over.

on you second item around sensitive data. This was/is huge. ‪Pre-SB1386 this was even a threat let alone having technology to police this. A person with a hi-capacity USB drive could rob a company blind. Technology has caught up with the threat. technologies exist now that prevents sending sensitive data over the wire or on a USB key without it being flagged, quarantined and encrypted.

so we can all be on the same page, all networks are the same. Hard and tough on the outside Soft and chewy on the inside. some less soft internally but at the end of the day get inside and thier in trouble. This is changing as we quickly on the network but humans still remain and darwin moves much slower than technology.
Reply With Quote
  #66  
Old 10 Nov 11, 00:54
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Ya know, it's really nice having things like virtualization, cloudspace, etc. etc. But I'm always reminded of the old adage that posession is 9/10ths of the law and I am definitely old school in my security views. Sure we can virtualize a million boxes into blades but that data (whatever it is composed of, OS, software, streaming data, pictures, images, etc. etc.) is still being stored somewhere. It doesn't mysteriously vanish into the aether except for Cisco and upper management wishful thinking. It gets stored and backed up somewhere. It gets accessed somewhere else. Whether it's in your organization or someone elses', it exists in binary. Sure you can compress your service software into VMs but that data will hardly ever get more compressed than it already is until it gets purged out of archive. So, if we're going to compress 500 user spaces and 100 servers spaces worth of information into a single machine, that's great. But really, I don't care as that's not my worry. It'll save some power and make my datacenter look a little empty. Nevertheless, I'm sure I'll hear about how I went from 500 arms to 40 because that will for sure impact how programs retrieve data and NCQing will slow up. So then I'll have to spring for solid state drives and my costs will jump up.
However if I'm a government agency, I wonder if all that stuff implemented as sold will be how I really implement it. Maybe, but then I'll really worry about that data because it'll be sitting on some other guys property, some other guys bladefarm, some other guys vault. The ultimate sales pitch which I've heard from some guys trying to sell me on cloud computing is that all my software and data will go into aether and my responsibilities as an IT geek are over except to monitor checklists. My server spaces will be hosted on some CPU farm managed by ATT, Verizon, etc. etc. Is this how a government security agency will expect to manage their IT environment in the future? It's great if you're running a small business or game servers but really, the gov? If so, we all got some CYA remedial school to go to.
The biggest thing to realize about virtualization is that it is an old old concept. However only recently have common OSs, CPUs, memory, data busses, and storage been able to take real advantage of virtualization. So it's not a panacea to IT security. Possibly for IT management of a large environment, it can help reduce problems. It won't make them go away though, I've never seen a big shops' problems go away when they take advantage of virtualization and horsepower; one specific shop I know of reduced their heavy machine count down to something like 4 from 20+; a big financial institution. But sure enough, the iron machines went back up in number as new purposes appeared. Their PC environment went virtual too but broke continuously for a long time. That expanded in volume as well eventually. The problems just move around. So security will continue to be an issue regardless of how much or how little you use virtualization.
Reply With Quote
  #67  
Old 10 Nov 11, 03:17
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Quote:
Originally Posted by boomer400 View Post
Ya know, it's really nice having things like virtualization, cloudspace, etc. etc. But I'm always reminded of the old adage that posession is 9/10ths of the law.......Maybe, but then I'll really worry about that data because it'll be sitting on some other guys property, some other guys bladefarm, some other guys vault. The ultimate sales pitch which I've heard from some guys trying to sell me on cloud computing is that all my software and data will go into aether and my responsibilities as an IT geek are over .....
To be perfectly clear about private clouds they are called private clouds not because the are in the "cloud" but because you own and manage all the equipment. If the NSA wants to implement a private cloud solution they will purchase the infrastructure, the equipment, including data, will sit in an NSA data center, owned and managed by the NSA. No other entity needs to be involved after the initial hardware purchase.

The cloud you have been referring to is "shared cloud space" where a third party owns and manages the infrastructure. The NSA nor any gov't agency would be implementing this.

As far as CPU the blades hold 8 CPUs and each CPU has 8 cores. The VM managers allow you to move VMs around on blades and to specific cores "on the fly". You will not lose processing power. In fact you could potentially gain some as you can put your low CPU utilizing servers on the same CPU and give the extra CPUs to the processing hogs.

About SANS you are almost dead on. Your sata SANs would be dedicated for OS cause once its loaded in to ram there isn't much need for them. All really disk intensive read apps would be on fiber channel SCSI multi raid drives. for all your write intensive apps you will indeed have to leverage a Solid state SAN. But realistically you would need the write throughput of ebay or google to really require a solidstate SAN. Most businesses will be fine on SCSI raid.

if private clouds sounds a bit big iron i agree. I certainly don't disagree that there are pitfalls. But if you do not know where the borders of your network are and aren't certain how to shore up your security. Outsourcing you security it better than not having any at all.
Reply With Quote
  #68  
Old 10 Nov 11, 13:09
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by Carl Schwamberg View Post
I'll have to ask about that one. The chronic legacy problem Matt refers to is user acess that remains after the individual departs or changes his role. He implies that unused & undeleted user names and passwords are a larger security problem than IT managers realize. The other item he sees regularly is transfering sensitive info into unsecure areas.
I used to set my user password lifetimes to something like 4 weeks just to annoy them. Then when the complaints reached a crescendo, I would set them to 10 digits, no words and set the lifetime to something like 3 months but that was when I had a lot of good will for the other stuff I could do. In any event, as tbn says a good user audit every week or two normally will take care most of those problems within a few months. I say months because some people will have more than 1 user account for one reason or the other or the machine type will have specialized default machine accounts that need to be managed as well. So after annoying enough programmers/IT managers/designers, one can pare those specialized machine accounts into something that makes sense.
The other thing that tbn mentions about users (disgruntled and otherwise) is spot-on. I found that by maintaining extremely good relationships with other departments would yield very good pro-active information about problem people. Many times that information traded back and forth would allow us to get a handle on potential issues and circumventing problems; sometimes it wasn't even classic security breach stuff like errant data. Sometimes it was people selling contraband on messaging interfaces or people using web connections inappropriately (this is before even web-nanny software was a thought). And especially good relationships with financial and accounting teams have a great synergistic effect as the money guys really could help with budgets!
Mind you, the best information more often than not came from line managers and supervisors; they had the heartbeat of their teams and the best scuttlebutt as well. We found that higher-level management often would withold information because they were favoring someone or were protecting their turf.
Reply With Quote
  #69  
Old 10 Nov 11, 13:26
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by tnbn75 View Post
To be perfectly clear about private clouds they are called private clouds not because the are in the "cloud" but because you own and manage all the equipment. If the NSA wants to implement a private cloud solution they will purchase the infrastructure, the equipment, including data, will sit in an NSA data center, owned and managed by the NSA. No other entity needs to be involved after the initial hardware purchase.

The cloud you have been referring to is "shared cloud space" where a third party owns and manages the infrastructure. The NSA nor any gov't agency would be implementing this.

As far as CPU the blades hold 8 CPUs and each CPU has 8 cores. The VM managers allow you to move VMs around on blades and to specific cores "on the fly". You will not lose processing power. In fact you could potentially gain some as you can put your low CPU utilizing servers on the same CPU and give the extra CPUs to the processing hogs.

About SANS you are almost dead on. Your sata SANs would be dedicated for OS cause once its loaded in to ram there isn't much need for them. All really disk intensive read apps would be on fiber channel SCSI multi raid drives. for all your write intensive apps you will indeed have to leverage a Solid state SAN. But realistically you would need the write throughput of ebay or google to really require a solidstate SAN. Most businesses will be fine on SCSI raid.

if private clouds sounds a bit big iron i agree. I certainly don't disagree that there are pitfalls. But if you do not know where the borders of your network are and aren't certain how to shore up your security. Outsourcing you security it better than not having any at all.
You're right; in my mind, though, the logical conceptual endpoint for virtualized computing is ultimately cloudspace. Whether it's a private cloud within a specific entity or a private/public cloud (the web), by offloading your physical infrastructure (with the exception of your necessary network gear and whatever interface hardware you need), you can really cut your costs upfront. From a 'what if' point of view, it can be a massive amount of money. In one of my past experiences, one project I saw had a endcost savings of something like $1.25 million over a 4-5 year period for a single machine! The problem was that as a hosted environment there were certain physical requirements which could not be contractually met in situ.

As for NSA or similar agencies, yep, they wouldn't be caught dead doing public cloud (although I think it makes sense from a honeypot aspect). However, I'm sure they're up for doing the private cloud if they aren't doing it already for specific things. My point simply put is that virtualization and cloud computing to some extent is the antithesis of compartmentalization which defense and security depends on. Yet, it is true also that budget dollars can make your decision for you.
Reply With Quote
  #70  
Old 10 Nov 11, 16:05
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
Quote:
Originally Posted by boomer400 View Post
.... We found that higher-level management often would withold information because they were favoring someone or were protecting their turf.
Or they are simply clueless. My observation is upper level managers often are from outside the organization and not up to speed (and never will be) on the local IT. Or, they are putting priority on other management facets & depending on getting by on their subordinate's skills. Or, they are simply idiots. My accquantance 'J' was contracted to provide a Fix Package for a very large Japanese companies US subsidiary. He quickly saw the senior responsible manager over the communications/IT was not concerned J & his helpers were billing the customer $500 per hour to listen to to the managers endless bass fishing stories.
Reply With Quote
Sponsored Links

  #71  
Old 11 Nov 11, 00:31
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by Carl Schwamberg View Post
Or they are simply clueless. My observation is upper level managers often are from outside the organization and not up to speed (and never will be) on the local IT. Or, they are putting priority on other management facets & depending on getting by on their subordinate's skills. Or, they are simply idiots. My accquantance 'J' was contracted to provide a Fix Package for a very large Japanese companies US subsidiary. He quickly saw the senior responsible manager over the communications/IT was not concerned J & his helpers were billing the customer $500 per hour to listen to to the managers endless bass fishing stories.
Well, I was trying to be nice...but fish stories are always good if you're being paid $500/hr. to listen to them. I think the only guys I ever really pay unusual attention to were outside consultants who had to come in to do stuff we couldn't do. And usually we wheedled them into doing extra stuff for us while waiting for certain things to finish up (pgms compiling or data being dumped or machines IPLing). After all, I was paying them top dollar so I was going to squeeze them (but gently); usually being nice and helpful is all the encouragement I need. A lot of times, it was things like pumping them for IT information which was useful for the longterm.

But, yeah, upper management.... nothing like them. One shop I was in had IT upper management on the East Coast while we are in the West Coast. They had zero understanding of our business model and needs and negative understanding of the IT environment. Ours was a brick and mortar business dealing with industrial vendor post-market equipment support and we used IBM iron. Their model was software development/Linux boxes/Oracle and (imaginary) technical expertise based on inexpensive fresh young college guys. Their security was such that inhouse (their house) software developed for specific industries were stored on laptops left in the building in unsecured offices (from what I understand, the IT bosses office). Some of it was quite good and very useful; we got to see it being demonstrated. So one night, they were stolen, of course. And no one knew who did it. So they decided to branch out into other territory and acquired us. It was like cats and dogs. And the upper level management had no idea how to manage us except by firing the local managers (all experienced and with the company for 5+ years) and bringing in their own folks (with Harvard MBAs as they pointed out) who would help us "grow and experience modern business practices".

One of these brilliant ideas was replace our Big Blue boxes with Oracle servers on Linux blades. It was so good that when they rolled out the first critical web app, our ops guys couldn't use it as the retrieval time to find a customer by name or ID number was something like 4-5 minutes during a busy period of day; in testing, it was something like 20 + seconds. In our AS400 operational environment, it was subsecond even with hundreds of sessions up but ugly due to green screen. We had proposed a number of ideas on software design in order to alleviate issues like this; we'd be thinking on how to improve performance and redundancy using a PC style environment for a number of years. But because we were going to be replaced, our ideas were ignored. But upper management was too focused on trying to get more funding rounds from the investors in New York who were totally clueless about what was going on. Just a sad sad story.

Last edited by boomer400; 11 Nov 11 at 13:58..
Reply With Quote
  #72  
Old 11 Nov 11, 12:08
GCoyote's Avatar
GCoyote GCoyote is offline
ACG Forums - canis administrationem
United_States
Distinguished Service Award ACG Ten Year Service Award ACG 5 Year Service Ribbon Greatest Westerns Campaign 
Greatest Spy Movies Campaign Greatest Blunders Campaign Best Pin-Up Of World War II Most Significant/Influential Tank Campaign 
Most Significant/Influential Multi-Role Aircraft C 
 
Real Name: Gary C
Join Date: Aug 2004
Location: Laurel, MD, USA
Posts: 19,109
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
Another question. I keep seeing occasional stories about hardware coming out of overseas factories with malware already installed in non-volatile memory. Have any of you ever encountered this on the job or is it just an urban legend?
__________________
Any metaphor will tear if stretched over too much reality.

Questions about our site? See the FAQ.
Reply With Quote
  #73  
Old 11 Nov 11, 13:42
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
That's not urban legend; it's been a problem for a number of years. Our protocol on receiving new pcs has been to order them with recovery discs but not to trust the recovery discs or recovery folders on the drive. Usually the machines get wiped just to remove all the junk on them anyways. Then they get reinstalled with a clean OS installation so we avoid junk being delivered on them. The quality control at manufacturers nowadays can be quite problematic. There have been problems even with smartphones so we have to be cautious there as well.
Reply With Quote
  #74  
Old 11 Nov 11, 19:27
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Quote:
Originally Posted by GCoyote View Post
Another question. I keep seeing occasional stories about hardware coming out of overseas factories with malware already installed in non-volatile memory. Have any of you ever encountered this on the job or is it just an urban legend?
You mean like this?

http://www.washingtonpost.com/wp-dyn...ess/industries


Ahhh.... talk of managers always reminds me of Krispy Kreme. People hire managers because they have management degrees. These days its an ingrained part of the system. What do they learn in school? whatever is the current business trend. Up until recently one of these trends was essentially "expand and they will come" which we now know to be "expand until you collapse under your own weight." Both Krispy Kreme and Starbucks followed this model. Both expanded greatly both had to roll back expansion. Starbucks managed to save more stores but what idiot could have possibly thought that opening 3 Starbucks on the same block would generate more revenue?

Also I've seen teams who will get rid of there teams "dead weight" by pushing him into management. newly made managers are generally not allowed to work with the team they had before becoming a manager. Admittedly some people work hard and aspire to be managers. Unfortunately most managers don't realize that what makes you successful as an individual contributor is same thing the creates bad managers.
Reply With Quote
  #75  
Old 12 Nov 11, 12:19
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
U.S. charges Florida pair with selling counterfeit computer chips from China to the U.S. Navy and military
http://www.washingtonpost.com/wp-dyn...ess/industries
Washington Post Network NewsXPROFILE
By Spencer S. Hsu
Tuesday, September 14, 2010; 11:28 PM

I am wondering how long that has been a chronic problem in the computer buisness. Counterfit parts are rampant in US industry. Slipped in along the supply chain and passed along by managers desperate to make a delivery & deadline. They dont make the checks they should. This morning installing a toilet I had one of the bolts break under relatively low torque. A close inspection showed they were not the workmanship I'd usually expect in Kohler brand item. Counterfit or simply a manufactorer cheating on specs they shipped to the customer & I had to dig into the truck to find replacements.

The guy I rent workshop space from found that when his employers part dept had periodic trouble obtaining Macintosh parts obvious counterfits would show up. He and the other service tech created a upper managment fight by returning the suspect parts they screened out en mass, along with memos on the subject to every level of management. Apparently the wrong managers won, the service techs were let go and the company is flailing about trying to sub out the service work.
Reply With Quote
Reply

Please bookmark this thread if you enjoyed it!


Thread Tools
Display Modes



Forum Jump

All times are GMT -4. The time now is 02:37.
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.