Monday, April 20, 2020

Supply Chains and Infrastructure Limits

Supply Chains and Infrastructure Limits

It starts with a cough - congestion - restriction of vital pathways that are critical for our survival.  No.  I am not talking about COVID-19 and our bodies, but the analogy of that virus and the impact the pandemic is having for our nation are very similar. 

Beginning Stages

January 6, the CDC issued a travel alert from Wuhan. While China was busy battling the virus overseas, we were having 1 or 2 cases here in the United States.  January 31 - US government started issuing a travel warning from China.  I moved my home office from Comcast Business to Xfinity Residential in February, thinking the increased bandwidth and lower cost would be good for us.  

In early March, I had to procure sanitizers for the office (hand and wipes) and started to secure those through various Amazon channels, but found that the dates for shipping those items were 30+ days out.  These items and toilet paper became a very hot, very sought after commodity that we normally take for granted. We still had sanitizer but not in the qty we wanted.  This was our canary in the coal mine for the supply chain. The first time in about a 10-15 years that I noticed we couldn't purchase something that was a normal commodity.  First, it disappeared from Amazon, and next our local markets. The run was on!

Then mid March, we had an incident at our office in San Jose, that required us to work from home prior to the Bay Area issuing its Shelter In Place (SIP) order and well before the State of California did the same, but relating to the Covid-19 pandemic we are in the midst of now.  My kids, two at Leland High School and one at De Anza Jr. College, were also told to stay home starting on March 16, 2020 with the rest of the Bay Area.  While our supply chain was starting to have issues, we weren't aware until all of Silicon Valley was working remotely that our Network Infrastructure was about to feel the congestion of 10 million people and kids working from their homes or going on streaming binges.  Kids were supposed to be restricted not only from school, but from one another.  No parties, no get togethers at the local Safeway parking lot (SPL - it is a thing).  With no outlet for our children and no remote schooling plan prepared by our school district, they turned to Netflix, YouTube, Hulu and other streaming services.  Couple this with people using their ZOOM, GoTo and WebEx to be productive for work?  And we have the perfect storm of stress testing our entire network infrastructure.

My move to Xfinity residential back in February seemed to be a cost effective move that my family loved.  Now, with every local family jumping on their Xfinity links, the entire system bogged down to a stutter and shuffle.  I quickly had to reshuffle my chess pieces on my board to allow me better ways to attack the problem.  I had to get XFinity Business back in the house as soon as possible. I simply could not work from 10AM to 4-5PM every day.  The contract wasn't stellar, but it proved useful.  I got 100 Mbit dedicated link with a LTE backup modem and battery backup device for $120 month for the first year.  The kicker was, it would only take 2 weeks to install and configure. 

Meantime, my wife and I were using our hotspots to remain productive during business hours.  Sometimes that worked good - and other times, not. 

As people were working through their lives of being at home and online, more and more people became reliant upon technologies like ZOOM to stay connected.  But the rapid influx of people onto ZOOM sessions and the 'ease-of-use' of Zoom, soon showed us the fragility of the platform.  The general lack of security as a standard, allowed many people to perform ZOOM bombs and jump into public meetings, playing all sorts of things like pornography sounds or displaying graphic images, all to simply be disruptive. 

Things are much better. Zoom has better security, our home internet is also very stable now, but still experiences outages every once in a while.  What this means is that we should now start looking at our general infrastructure and what load capacity it can sustain.  Companies have a responsibility to ensure that their systems have the capacity to expand to peak usage times.  Nobody thought that having 50-70 million school kids online at the same time would ever happen and all in video conferences.   

The silver lining for 2020 is that it is causing a shift in the thinking of businesses.  Altering our perceptions about what was acceptable and what we should be building out in the future.  We don't know if this pandemic will end in 2020 or 2021?  We hope it will end soon, but we really need to keep planning for the future.  Preparing for the worst.  Protecting our Infrastructure and Supply Chain!   Food for thought.

Wednesday, April 8, 2020

Cloud Strategies and Authentication Methodologies

Like any forward thinking IT Department, we have been vigilant in trying to find more and more efficient methods of connecting our users with their data/resources.   Do more with less resources is the mantra that no IT person ever wants to hear, but it is chanted by every executive, either breathlessly behind closed doors, or touted as the norm.  While I have never been a stranger to this, working in start-ups for the past 25 years, it has become more about how efficiently I can run a department by offloading repetitive tasks to automation while maintaining the integrity and security of a system. 

Clouds are Brewing

A lot of companies 'doing more with less' have adopted cloud strategies where only on-premise systems used to live.  At first - 10 years ago - I was against moving things to someone else to host/serve.  Why would I want to give up control of a system or service - the hardware, the software, the management and configuration, not to mention the customization.  

My first foray into cloud services was Online Exchange - this pre-dates Office 365 by about 3 years. At first, the thought of me allowing my Sys Admin skills in managing a mail system going stagnant was horrifying.  But then the ease of managing a system as complex as Exchange, yet offloading all the technical bluster to a 3rd party was exactly what I needed at this new job I was starting.  

Gone were the worries about disaster recovery or day-to-day maintenance that Exchange systems love to produce.  If there was a problem, I engaged that 3rd party to find the solution - they became my 1st level of technical support for issues.   I could learn to like this.  It was providing me more freedom to grow into other areas and focus on the company and not the tools.

Fast forward 10 years and now a lot of companies are adopting a cloud strategy or culture (cloud culture).  It allows the offloading of otherwise critical systems that would require multiple administrators to manage/run.  My exchange system today consumes over 3.3 TB with 375 active e-mail accounts.  It services a global community of sales, services and support folks and remains very accessible and has an up-time around 99.99%.  To run that same system on premise, would take a lot of hardware, dedicated storage area network, with replication to a hot site some place, not to mention a full time admin if not two. 

How Many Passwords?

Now we come to the crux of the article - and that is the disparate nature of cloud systems/services.  This new urban sprawled compute environment has one glaring issue.  Each system usually has its own set of logins - ways to authenticate and/or password systems specific to that resource.  That is until companies like OneLogin or OKTA came around to help extend a single authentication schema that could be used across multiple different platforms, including Atlassian, O365, Salesforce and online ERP systems like Netsuite or Dynamics 365.  Again - looking at doing more for our company but with less manpower to do it with.  Instead of several different logins I have to remember and onboarding processes, I can now relay upon a single provider to assist with authentication and provisioning of these different systems. 

Virtana uses OKTA.  They are a very robust provider of authentication services, ranging not only from the actual SAML Authentication process, but multi-factor authentication, automated provisioning/deprovisioning services that ensure the mitigation of user errors.

Fast forward to today and we have deployed this single solution (OKTA) in over 20 different services my team provides for our company.  Couple this with employment of multi-factor authentication with rotating keys or SMS verification and we have a fairly robust and stable authentication mechanism.

Now when we are tasked with bringing online a new system (SurveyMonkey or Monday), we first look for the SAML integration points and how we can continue to leverage our single sign on system.  

Monitor My Cloud!

Recently, Virtana acquired a company called Metricly.  This company has a wonderful framework for monitoring Cloud systems - like AWS instances.  This became the third pillar in our triad of performance monitoring solutions, called Cloud Wisdom.  Now - this isn't an infomercial or advertisement.  It is a product that truly delivers what it says - an analysis of your infrastructure and an uncovering of the abstract nature of what cloud service providers currently offer.  The best part of this platform is the Cost Optimization model (from an OPEX point of view).  It is one thing to say AWS cost us $50,000 this month - but it is another thing to see that breakdown and understand that by shifting and moving resources around, we could save the company some dollars!  That is extra money that we could use to innovate more or invest in infrastructure or people!  I might be biased - then again, I also just might be experienced!   Check out CloudWisdom here: