What Should We Be Monitoring?


To effectively begin getting a grasp on your applications performance, you must begin mapping out all the components in the path of your application. It might be wise to begin with the server or servers where your application lives. Again, this could be multiple different scenarios depending on the architecture housing your application. Or it could easily be a mixture of different architectures.


Let's say your application is a typical three-tier app that runs on several virtual servers that run on top of some hypervisor. You would want to start collecting logs and metrics from the hypervisor platform such as CPU, memory, network, and storage. You would also want to collect these metrics from the virtual server. Obviously, in addition to the metrics being collected from the virtual server, your application logs and metrics would be crucial to the overall picture as well. If, for some reason, your application does not provide these capabilities, you will need to either develop them or rely on some other existing tooling that you could easily integrate into your application. These metrics are crucial in identifying potential bottlenecks, failures, and overall health of your application. In addition to what we have already identified, we also need to collect metrics from any load balancers, databases, and caching layers. Obtaining all these metrics and aggregating them for deep analysis and correlation gives us the overall view into how our application is stitched together and assists us in pinpointing where a potential issue might arise.

How Should We Be Monitoring?


We have now identified a few of the things we should be monitoring. What we need to figure out next is how will we begin monitoring these things and ensure that they are accurate as well as providing us with some valuable telemetry data. Telemetry data comes from logs, metrics, and events.

Logging (Syslog)


First, let us begin with logging. We should have a centralized logging solution that can not only receive our log messages, but also have the ability to aggregate and correlate events. In addition, our logging solution should provide us with the ability to view graphs and customized dashboards, and also provide us with some level of alerting capabilities. If we have these initial requirements available to us from our logging solution, we are already off to a good beginning.


Now we need to begin configuring all our hypervisors, servers, load balancers, firewalls, caching layers, application servers, database servers, etc. There are many, many systems to ensure we are collecting logs from. But we need to make sure we get everything that is directly in the path of our application configured for logging. Also, remember that your application logs are important to be collected as well. With all these different components configured to send logging data, we should begin seeing events over time, painting a picture of what we might determine as normal. But remember, this might be what we termed after-the-fact application monitoring.



There are numerous different methods of obtaining metrics. We should be clear about one thing when we begin discussing these methods, and that would be not using SNMP polling data. Now don't get me wrong--SNMP polling data is better than nothing at all. However, there are much better sources of metric data.


Our performance metrics should be time series-based. Time series-based metrics are streamed to our centralized metrics collection solution. With time series-based metrics we can drill into a performance graph at a very fine level of detail.


Most time series-based metrics require an agent of some sort on the device that we would like to collect metrics from that is responsible for providing the metrics that we are interested in. The metrics we are interested in include those that were mentioned before: CPU, memory, network, disk, etc. However, we are interested in obtaining metrics for our application stack as well. These metrics would include application-related metrics such as response latency, searches, database queries, user patterns, etc. We need all of these metrics to visually see what the environment looks like, including the health and performance.


With metrics and logging in place, we can begin correlating application performance with the events/logs to start understanding what the underlying issue might be when our application performance is degraded.

Welcome to the Halloween Edition of the Actuator! It’s the Halloween Edition because of the date, not because the stories are scary. Although you may be concerned that the data is coming from inside the house.


As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!


Red Hat Cloud Prowess Drives $33 Billion IBM Deal

You want scary? Here’s IBM rising from the grave to buy the largest open source company in the world. Red Hat was set to make $3 billion this year selling software that runs on top of Linux, which is free. But hey, as long as they aren’t Microsoft, it’s OK for someone to profit, right?


Feds Say Hacking DRM to Fix Your Electronics Is Legal

In other news, our federal government made a decision that favored consumers. Yes, I’m scared, too.


"Smart home" companies refuse to say whether law enforcement is using your gadgets to spy on you

[NARRATOR VOICE]: They are totally spying on you.


Tim Cook calls for strong US privacy law, rips “data-industrial complex”

"Profits over privacy," well stated and I agree. We need better laws here. Sadly, our elected officials lack the necessary experience to make this happen.


Hubble Telescope’s Broken Gyroscope Seemingly Fixed After Engineers Try Turning It Off and On Again

Houston, have you tried turning it off and back on again?


GM’s data mining is just the beginning of the in-car advertising blitz

If you thought the ads at the gas pump, or inside taxis in Vegas and NYC were horrible, just wait until you see them in your own car.


Minds, the blockchain-based social network, grabs a $6M Series A

Yet another waste of time and money on an idea with Blockchain in the title. If this company is worth $6 million in funding, my Bacon Blockchain idea is worth at least $600 million in the first round.


As I was saying:


In my previous posts, I talked about the basics of AI in relation to network and systems management as well as why I love it. This post isn’t going to be as optimistic about the current state of affairs when it comes to AI. It isn’t the tech that bothers me. So what is my big problem with AI? The answer is simple and comes down to basically two things: marketing and money.


There are a lot of products touting the latest and greatest in artificial intelligence. They all claim to be the only thing that can save your infrastructure from the impending doom of manual work. The literature, webinars, and sales calls all start off with the horrors of running a network without AI and how inefficient it is. There is no shortage of FUD (fear, uncertainty, doubt) on the topic, all spewed in the name of selling you the latest and greatest cloud-based widget that’s smarter and faster than you are.


“How can you possibly, responsibly, safely run a network without our algorithms looking over your shoulder?”


They show off demos of their system finding impossible correlations in a veritable ocean of data and maybe even show the system reacting automatically while telling nice stories of administrators and engineers sleeping soundly while the mighty AI saves the day. The biggest question to ask there is “Where did the data come from?” Was it created specifically for the demo? Was it taken from a customer’s live network? Is that network identical to yours? The training that goes into building a reasonably sophisticated AI is intense. Especially when you’re talking about monitoring dozens, if not hundreds, of applications across a massive network. Does it understand your needs? Does it adapt? Does it dream of electric sheep?


Marketing aside, the topic of money is usually saved until the target (you) has decided they can’t live another minute without their product. Let’s assume for a minute that you’ve found a company that is building an AI suited perfectly for your needs. It ingests massive amounts of data from all over your network into a box (or boxes) that crunch all that info actionable results for you. It spits out pretty reports and integrates with all your systems. Where does that box (or boxes) live? On-prem? That going to take up a lot of rack space, power, and cooling. Plus those machines aren’t going to be your run-of-the-mill 1U servers. They will be power hungry, face-melting, GPU-packed behemoths. Cloud-based? Now you’ve just moved those same beasts to someone else's data center. Granted, the cost will decrease a bit because the vendor is likely counting on scale and flexibility to process multiple customers on the same hardware just as effectively. But add to that the bandwidth requirements of sending all your application logs, all your network logs, and anything else you can through at it up to the cloud, constantly. There are a ton of costs that go into running a system that can think like a person, and licensing is only part of it.


The marketing is strong when it comes to these products and it can be a bit misleading. AI is not going to save you from something that you couldn’t do yourself. AI isn’t going to magically fix all your user issues. AI is definitely not going to put your network and systems on autopilot. AI is going to be expensive and time-consuming to set up properly.


However, AI can save you money in the long run by becoming a force multiplier for your IT staff. AI can add in efficiencies that you weren’t able to even come close to before, and maybe even start making some money for your company (depending on your industry) by aligning your data better and creating new avenues to generate income from the systems already in place.

By Paul Parker, SolarWinds Federal & National Government Chief Technologist


Here is an article from Federal Technology Insider on securing medical device networks, in which I was interviewed about how customers are using our tools to help with this issue.


Connected devices have been an integral part of the healthcare world for years. Networked devices that form the basis of connected healthcare for monitoring, record-keeping, and drug delivery are commonplace in hospitals, clinics, and research facilities operated by federal agencies, including the Department of Veterans Affairs.


“Many of these devices, frankly, present a huge security threat to government networks as well as to the personal data of patients,” cautioned Paul Parker, Chief Technologist, Federal and National Government at SolarWinds, which develops IT management and cybersecurity technology.


The issue, Parker explained, stems from the sheer variety of wired and wireless devices from multiple manufacturers that can connect to the network. “Wireless medical devices can be moved around the building, or even taken to other locations. Yet, this ‘Internet of Health’ isn’t always treated with the same security mindset as a laptop or cell phone,” he said.


With a significant number of networked medical devices in use, the Department of Veterans Affairs has made aggressive moves toward solving this issue. Under the Medical Device Protection Program, launched in 2009, a new set of protocols was introduced to isolate connected medical devices on the network.


However, several security challenges remain. As Parker explained, “Many medical devices can store personally identifiable information, and most have restrictions on software patches and updates, which can make them vulnerable to attack. Not only can someone steal or inadvertently release the data that’s stored on each device, they are potential entry points to the entire network.”


In addition, medical devices may not be supported by enterprise management and cybersecurity tools, and some older devices simply can’t be updated to meet new security protocols. “These devices aren’t always visible to the network management tools, and, ironically, they can’t be scanned for infections,” Parker pointed out.


The solution, he said, stems from viewing these devices as entry points to the network. “Just like any other mobile device or a connected appliance, like a thermostat or lighting system, medical devices provide benefits and risks.”


Parker emphasized that compliance with security standards and regulations, including the Federal Information Security Management Act (FISMA) and the Risk Management Framework, are absolutely essential, adding, “Another must-have is centralized access control and configuration capabilities for every asset on your network.”


In a healthcare environment, where no breaches are acceptable, Parker suggested that an effective approach requires a comprehensive access control list (ACL) strategy that incorporates standardizing ACL configurations across the network while isolating and protecting medical devices. He also stressed the need to review and implement authorized network configuration changes while detecting and fixing unauthorized or suspicious changes, all in real time.


“Just like everything else in security, it comes down to having a strategy, enforcing policies, training the users and network staff, and using the right technologies for the task,” Parker said. “With the Internet of Health, the risks are huge, but those risks can be contained. For any agency dealing with medical technologies, there is no choice: these devices and the data they collect must be protected.”


Find the full article on Government Technology Insider.


The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

Leon Adato


Posted by Leon Adato Employee Oct 30, 2018

My wife called me for the third time, and I could hear that she was working hard to remain calm but was undeniably at the end of her rope. She had missed the freeway exit. For the third time. And was going to be late for our lunch date. Could I PLEASE tell her JUST ONE MORE TIME what the exit name was?


We were in Switzerland. The company I worked for had moved us there just a week earlier, and my wife was meeting me so we could have a quick lunch and then go house hunting. I told her, again, that the exit was "sheb." Since this was our third time on the phone, I was beginning to doubt myself. Did I have the exit name wrong?


And that's when it hit me. My wife's second language is Spanish. I, on the other hand, learned French growing up. For those unfamiliar with linguistic differences, Spanish is a delightfully phonetic language. It is almost impossible to misspell a word in Spanish, presuming you know how to say it out loud. French? Not so much. I had been telling her to get off at the exit named "sheb," because my French-speaking brain never gave it a second thought.


And how do you spell "sheb" in the French-speaking part of Switzerland? (Answer: "chexbres")


I learned something that day about how I process and communicate directions, regardless of the language. Those lessons continued for the duration of our stay. Of course, distances and speeds were measured in kilometres. But it turns out the Swiss don't hold much stock in street signs. Roads operate as a network of roundabouts pointing to various villages. Getting from place to place means knowing you are going from Lausanne to Crissier to Pully to Renens. It's a far cry from "turn north at Elm and Wadsworth."


Directions, it turns out, are an incredible way to find out how someone thinks, and how they might work (both as an individual and within a team). Not just in terms of geography, but in other areas as well.


From time to time during my IT career, I've been on the other side of the desk, evaluating people we wanted to hire.


I discovered a few truths early on.


  • Everyone's background and path to IT is as unique as are their personalities, so you can never expect to understand someone's skills or level of accomplishment just by looking at how they got here.
  • Asking cookie-cutter technical questions rarely tells you anything except whether the individual on the other side of the table is good at answering cookie-cutter technical questions.
  • Questions like "tell me your biggest shortcoming" rarely elicit an honest answer (let alone foster a sense of trust or open-ness).
  • Questions that begin with "Tell me about a time when ...." are really an invitation to see if the candidate could improvise a work of fiction on the spot.
  • Asking deep technical questions usually just proves whether the candidate knows the same weird trivia about a certain technology that I know well, rather than whether they have meaningful skills to bring to the job.


After a bunch of really bad interviews, I was struggling with this issue yet again when I thought back to that day with my wife on the phone in Switzerland, and it all clicked. The next time I had a chance to interview a candidate, I threw out all the other frou-frou and tested my theory:


"Tell me how to get to your favorite restaurant."


The beauty of this question is that it's immediately obvious there's no wrong answer, and equally obvious that there's no way to "game" the system. You can't fake your way through it to give the answer the interviewer wants. You can't study a list of really good answers or crib off someone else. For the interviewer, this question also cancels out interviewer bias. Directions aren't dogmatic, and even if a candidate gives a different route to a location I know, that's not the point of the question anyway.


It's the way in which the candidate answers which reveals so much.


Do they ask clarifying questions? Things like “From here, or from your house?” or “Are you walking, biking, or driving?” or my favorite, “Are you a north-south person, a left-right person, or a ‘There's a K-mart on the corner’ person?”


Do they validate that I'm understanding their instructions? Anything from "Does that make sense?" to "Do you want a minute to write this down?"


Do they ensure that I'm even interested in going to that location? "Hey, my favorite restaurant is this weird little Thai place. Do you like Thai food?"


Do they skip all the niceties and just give me their set of directions, without preamble?


When I ask for clarification or even change the rules ("Oh, I forgot to tell you, I love public transportation. Can you get a bus to this place?") are they able to adapt?


And still, the point is that there's no right answer. I may be interviewing for a position where I need the employee to get right down to business, to avoid chit chat, to execute instructions as documented. Or I might be looking for a someone who can put themselves in the user's place, and therefore ask a lot of clarifying questions.


In the world of IT, there's an almost continuous focus on understanding where we've been, by collecting and analyzing baseline data; where we are, in terms of real time system statistics and performance metrics; and of where we're going, in terms of predictive analysis and data-based recommendations.


And maybe because of this, we can lose sight of two other data sets that are incredibly important: how we came to be here, and how we want to get to the step of our destination.

Ask a good server engineer where their server configuration is defined and the answer will likely be something similar to In my Puppet manifests. Ask a network administrator the same thing about the network devices and they'll probably look at you in confusion. Likely responses may include:


  • Uh, the device configuration is on the device, of course.
  • We take configuration backups every day!


Why is it that the server team seems to have gotten their act together while the network team is still working the same way they were twenty years ago?


The Device As The Master Configuration Source


To clarify the issue described, for many companies, the instantiation of the company's network policy is the configuration currently active on the network devices. To understand a full security policy, it's necessary to look at the configuration on a firewall. To review load balancer VIP configurations, one would log into the load balancer and view the VIPs. There's nothing wrong with that, as such, except that by viewing the configuration on a running device, we see what the configuration is, not what it was intended it to be.

"We see what the configuration IS, not what it was intended to be"

Think about that for a moment: taking daily backups of a device configuration tells us absolutely nothing about what we had intended for the policy to be; rather, it's just a series of snapshots of the current implemented configuration. Unless an additional step is taken to compare each configuration snapshot against some record of the intended policy, errors (and malicious changes) will simply be perpetuated as the new latest configuration for a device.


Contrast this to a Linux server managed by, for example, Puppet. The server team can define a policy saying that the server should run Perl v5.10.1, and code that into a Puppet manifest. A user with appropriate permissions may decide that for some code they are writing, they need to have Perl v5.16.1, so they install the new version, overwriting the old one. In the network world, a daily backup of the server configuration would now include Perl 5.16.1 and from then on that would implicitly be the version of Perl running on that device, even though that wasn't the owning team's intent. Puppet, on the other hand, runs periodically and checks the policy (as represented by the manifest) against what's running on the the device itself. When the Perl version is checked, the discrepancy will be identified, and Puppet will automatically restore v5.10.1 because that's the version specified in the policy. If the server itself dies, all a replacement server really needs is to load the OS with a basic configuration and a Puppet agent, and all the policies defined in the manifest can be instantiated on the new server just as they were on the old server. The main takeaways are that the running configuration is just an instantiation of the policy, and the running configuration is checked regularly to ensure that it is still an accurate representation of that policy.

"The running configuration is just an instantiation of policy"

Let's Run The Network On Puppet!


Ok, nice idea, but let's not get too far ahead of ourselves here. Puppet requires an agent to run on the device. This is easy to do on a server operating system, but many network devices run a proprietary OS, or limit access to the system sufficiently that it wouldn't be possible to install an agent (there are some notable exceptions to this). Even if a device offers a Puppet agent, creating the configuration manifests may not be straightforward, and will certainly require network engineers learning a new skillset.


Picking on Junos OS as an example, the standard Puppet library supports the configuration of physical interfaces, VLANs, LAGs, and layer 2 switching, and, well, that's it. Of course, there's something deeper here worth considering: the same manifest configuration works on an EX and an MX, despite the fact that the implemented configurations will look different, and that's quite a benefit. For example, consider this snippet of a manifest:


Puppet manifest snippet


On a Juniper EX switch, this would result in configuration similar to this;


Juniper EX configuration sample


On a Juniper MX router, the configuration created by the manifest is quite different:


Juniper MX configuration sample


The trade-off for learning the syntax for the Puppet manifest is that the one syntax can be applied to any platform supporting VLANs, without needing to worry about whether the device uses VLANs or bridge-domains. Now if this could be supported on every Juniper device and OS version and the general manifest configuration could be made to apply to multiple vendors as well, that would be very helpful.




A manifest in this instance is a text file. Text files are easy for a script to create and edit, which makes automating the changes to these files relatively straightforward. Certainly compared to managing the process of logging into a device and issuing commands directly, creating a text file containing an updated manifest seems fairly trivial, and this may open the door to more automated configuration than might otherwise be possible.


Centralized Configuration Policy


Puppet has been used as an example above, but that does not imply that Puppet is the (only) solution to this problem; it's just one way to push out a policy manifest and ensure that the instantiated configuration matches what's defined by the policy. The main point is that as network engineers, we need to be looking at how we can migrate our configurations from a manual, vendor- (and even platform-) specific system to one which allows the key elements to be defined centrally, deployed (instantiated) to the target device, and for that configuration to be regularly validated against the master policy.


It's extremely difficult and, I suspect, risky, to jump in and attempt to deploy an entire configuration this way. Instead, maybe it's possible to pick something simple, like interface configurations or VLAN definitions, and seeing if those elements can be moved to a centralized location while the rest of the configuration is on-device. Over time, as confidence increases, additional parts of the configuration can be pulled into the policy manifest (or repository).


Roadblocks and Traffic Jams


There's one big issue with moving entire configurations into a centralized repo, which is that each vendor offers different ways to remotely configure the devices, some methods do not offer full coverage of the configuration syntax available via the CLI (I'm squinting at you, Cisco), and some operating systems are much more amenable to receiving and seamlessly (i.e., without disruption) applying configuration patches than others. Network device vendors are notoriously slow to make progress when it comes to network management, at least where it doesn't allow them to charge for their own solution to a problem, and developing a single configuration mechanism which could be applied to devices from all vendors is a non-trivial challenge (cf: OpenConfig). Nonetheless, we owe it to ourselves to keep nagging our vendors to make serious progress in this area and keep it high on the radar. When I look at trying to implement this kind of centralized configuration across my own company's range and age of hardware models and vendors, my head spins. We have to have a consistent way to configure our network devices, and given that most companies keep network devices for a least a few years, even if that was implemented today, it would still be 3-4 years before every device in a network supported that configuration mechanism.

"We owe it to ourselves to keep nagging our vendors"


On a more positive note, however, I will raise a glass to Juniper for being perhaps the most netdev friendly network device vendor for a number of years now, and  I will nod respectfully in the direction of Cumulus Networks who have kept their configurations as Unix standard as possible within the underlying Linux OS, thus opening them up to configuration via existing server configuration tools.


What Do You Do?


How do you manage the expectations that devices are implementing the policies they were intended to, and do not become an ever-changing source of truth for the intended policy? How do you push configurations to your devices, or does that idea scare you or seem impossible to do? If automation means swapping the CLI for a GUI, are on on board?

What do you do?

Please let me know; I hope to see a light at the end of the tunnel (and I hope it's not an oncoming train).

Sascha Giese

VMworld EMEA 2018

Posted by Sascha Giese Employee Oct 25, 2018

My life with SolarWinds is so interesting.

I’m sitting in an aircraft returning from Dubai where we visited the GITEX show, yet I’m writing a few lines to prepare for the next show we’ll be attending.



VMworld® EMEA in Barcelona, running between 5th – 9th November, doesn’t need an introduction to THWACK®!

Both sqlrockstar and I will be attending as well as a group of handpicked experts from our offices in EMEA and the U.S.


We will show the features released in VMAN 8.3 a few weeks ago, and we’re looking forward to hearing your opinions in regards to what we are working on for the next releases!

As usual, this will also be an opportunity for you to just drop by and have a chat with us to see how we can help.

There is no need to register upfront to speak with us, just drop by at booth B529 when you have a chance.


And yes, there will be swag. As we don’t intend to take anything back home with us, we need your help to pick it up!

Ryan Adzima

My Affection for AI

Posted by Ryan Adzima Oct 25, 2018

In my last post I mentioned one of the basic use cases for Artificial Intelligence (AI) in a modern network. AI can be utilized to not only bridge the informational gaps between functional teams, but can crunch that data down and provide predictions of growth or even failures for proactive management. Digesting large historical data sets and spitting out basic correlations is only scratching the surface of what AI can bring to your operations teams. AI can be applied to to bring more efficiency and better user experience to your network and applications. Performance and security monitoring are two of my many my favorites.


When it comes to running a large network, you can’t be everywhere and experience what the user sees at all times. Tracking down transient or isolated issues is hard enough, but when those issues could be a cascade of small failures, it could be nearly impossible to find. For example, in the case of wireless, a minor delay from the RADIUS server adds a second or two and then a hiccup in DHCP adds a couple more, and finally the captive portal adds yet another 3-5 seconds… eventually causing a timeout failure on the client. You may be able to review the logs on a single service and see somewhat normal behavior, but to track it all down takes a lot more insight into the network.


Now if we have that insight, it may still be difficult to find, but handing that data over to AI allows it to see anomalous events on the network. Most AI systems take feeds in from as many points within the network infrastructure and applications as you’ll give them; ingesting server logs, packets captures, and so much more. They build all the relationships and baselines automatically and they understand what it healthy on your network and what isn’t. An AI-monitored network may be able to warn you beforehand that this wireless issue is going to occur. By seeing into all the parts of a network and actually understanding “normal,” AI can start alerting before your users even have an idea there may be a problem. In the same way systems have monitored applications in the past, from web server to database to client, we can have AI trained to see the entire transaction in context and learn about it.


Securing networks and applications is a tough job. There are constant new threats coming out. Some are persistent threats from all areas of the world that could cause utter chaos for any company. The complexity and vectors are so advanced that a simple firewall and anti-virus application from the good ole days simply won’t cut it. Layer 7 deep-packet inspection and application filtering aren’t even good enough anymore. These days it takes an intelligent system to truly protect a company’s assets; ideally, a system with human-like intelligence that can look at the information in context and make the same decision you would, just faster. Taking the same approach as the performance example, AI can learn your network and the behavior of all the components: servers, clients, and applications. With the right products, over time it will build out “normal” behaviors and start alerting to things outside the defined norm. Hopefully you can train it up to the point to act automatically and quarantine or completely block a threat. We’ve heard of self-healing and self-defending networks. But now it’s not just marketing--we’re finally seeing it.


These are just a couple of high-level examples I use when talking about why I love AI for IT infrastructure. A good product can take a powerful tool like we’ve used for years and turn it into a highly customized system meant to monitor your infrastructure knowing all the ins and outs. All you have to do is add a little data.


P.S. You may or may not have noticed I’ve used the word “context” a few times. That’s because it’s an important part of running a company’s infrastructure; knowing when and when not to react based on corporate policies, politics, or even culture. How do you teach an AI system that sort of advanced context? That’s coming in a later post…

Is our contribution measured by what we're doing or how we're doing it? Are we providing value or are we just getting caught up in what's exciting? How do we ensure that we're seen as contributing despite appearing to be less busy? Do our efforts to automate sometimes take away from our value rather than adding?


Automate All of the Things!


Automation is based on the principle that our expertise should not be wasted on the manual execution of simple and repetitive tasks. Spending some extra time to offload these tasks and free ourselves up for more exciting undertakings just makes sense, right? Well, that depends on a few things.


The Human Factor (Working Hard, or Hardly Working?)


Perception is an easily-overlooked consideration. It's no secret that the work of IT professionals is sometimes seen as a bit arcane by our management and peers. There's a general understanding of what we do, but the details of how we get it done are often another story.


Are we being evaluated based on the value of the work that we do, or based on how busy we appear to be when we do it? If we minimize the daily grind, are we creating the impression that we're less valuable because we don't appear to be as busy? The answer to these questions is going to vary depending on our work environment, but it's important that we manage perception effectively from the beginning.


The Technical Factor (What's the Value Proposition?)


As IT professionals, we tend to be passionate about the work that we do, so it's really easy to get excited about coding our way out of the daily grind. When this happens, we sometimes let our excitement get the better of us and don't give due consideration to the real value of what it is that we're doing.


If we're spending a week to automate a task that previously wasted days each month, we have a reasonable return on our time investment. Yes, it might take a few months before we really see the benefits, but we will see them. On the other hand, if we're spending the same amount of time to address a task that only took a few minutes out of each month, we really have to start thinking about the efficient use of our time. We can be absolutely certain that our management and peers will be thinking about it if we're not.


The Whisper in the Wires


Are we approaching automation in the traditional way where we just develop a collection of scripts as we need them, or are we embracing a larger framework? At this point, I'm guessing that we have more of the former than the latter, but with a lot of push to take a more strategic approach. This is a good direction, but not if we're out of a job before we can get there because we didn't manage the expectations properly.


If we want to address concerns of perception and value proposition, we have to do more than script our pain away when we can. It's very difficult to manage either of these if we're addressing everything piecemeal. We need a consistent policy framework incorporated into a well-documented strategy, and we need to communicate that effectively to our peers.


A documented strategy addresses perception problems by providing a view into the process and setting expectations. A consistent policy framework keeps us from getting so caught up in our own custom script development that we fail to show value.

Back from Austin and the best THWACKcamp ever! Thanks to everyone that helped make this year's THWACKcamp so full of awesome. Each year we get a little bigger, a little better, and a little more bacon.


As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!


Ticketmaster buys a blockchain company to guard against ticket fraud

I'm willing to bet money that this is not going to solve the issue of fraudulent tickets. Nor, will it help people hate Ticketmaster any less.


Comcast complains it will make less money under Calif. net neutrality law

Interesting how Comcast is complaining about lost revenues, as opposed to complaining about end-user experience.


Up to 9.5 million net neutrality comments were made with stolen identities

Even if true, this won’t be enough for the FCC to reverse course on net neutrality. It will be up to the states, like California, to enact their own laws.


Microsoft sports director allegedly tried to embezzle $1.5 million and stole employees’ Super Bowl tickets

Nice reminder that the biggest corporate threats are often from within.


Major Facebook Shareholders Join Call to Boot Mark Zuckerberg as Chairman

This would be a good first step for Facebook to win back some trust. It would also be the good first step for Facebook to remove Zuckerberg as CEO, too. These items might be related.


Crypto is the Mother of All Scams and (Now Busted) Bubbles While Blockchain Is The Most Over-Hyped Technology Ever, No Better than a Spreadsheet/Database

Grab some popcorn and enjoy.



Fishcoin, proving that blockchain hasn’t hit the lowest level of stupidity yet.


For those that were wondering, here's the Bacon Pie given to me during the close of THWACKcamp this year. Thanks to thegreateebzies and DanielleH for making this happen:


By Paul Parker, SolarWinds Federal & National Government Chief Technologist


Blockchain is already one of the top five most important technologies in the IT strategy of 12% of surveyed public sector employees, according to the recent IT Trends Report from SolarWinds. The U.K. government is heavily encouraging blockchain-based technologies, with a £19 million investment in innovative product or service delivery projects.


The promise of blockchain lies in how it can help accelerate the verification processes using many connected computers to store blocks of information. Blockchain is transparent by design, allowing data to be shared more easily between buyers and sellers.


Blockchain has the potential to revolutionize the way government agencies acquire services and solutions, but, as the financial world has discovered, network monitoring and management strategies play a critical role in blockchain’s success within public sector organizations.


Distributed network monitoring and visibility


The success of blockchain in procurement is dependent on a high throughput of transactions and low latency. Unfortunately, those goals can be difficult to achieve over a disparate network. In addition, according to the SolarWinds IT Trends Report, 58% of public sector IT professionals surveyed felt their network was not working at optimum levels.


On-prem and hybrid network infrastructures are highly distributed. Teams need to be able to monitor data as it passes between all of these services to help ensure that their networks are operating efficiently and dependable. The best way to get this insight is by monitoring strategies that are designed to provide access and visibility into the entirety of the network, wherever it may exist.


Resilient, but not impervious


Blockchain technology has been suggested as potentially more secure than alternatives, if

used correctly. This is due to its decentralized nature, which can make it a harder target for hackers to hit. Agencies must still make sure that they are maintaining the same high level of security practices they would do otherwise.


It is also important to remember that blockchain is a relatively new technology. As such, there may be vulnerabilities that have not yet been exposed. At this very moment, it is likely that many hackers are attempting to identify and exploit blockchain vulnerabilities. Maintaining a sound security position can help agencies fortify themselves against those efforts while taking strides to improve their procurement processes.


Innovation beyond the procurement process


Blockchain has considerable potential for the public sector in the U.K. It has been shown to be innovative and powerful in other industries and could very possibly revolutionize government procurement processes in the near future. However, this is only the start of the potential blockchain revolution. The same technology could work to track government loans and spending, protect critical infrastructure, or even help to deliver on the government’s foreign aid commitments in a

more secure and transparent way.


Success with blockchain, though, is contingent on supporting the technology with comprehensive network management. Clear visibility across all nodes and management of performance levels will be integral to helping maintain security and preventing blockages in the network. Only then can blockchain and distributed ledger technology successfully transform government digital services.


Find the full article on Open Access Government.


The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

There is a traditional market research technique called voice of the customer (VoC). Many people are familiar with this process, which involves surveys, interviews, and even watching customers interact with your products. Some companies use customer advisory boards (CAB) to collect feedback, too.


There’s no shortage of ways to get feedback from customers. The #hardtruth is that many of the ways are cold and unfeeling. It can take years for feedback to work its way into a product. I find that many companies talk about valuing customer feedback but fall short of connecting with their customers in a meaningful way.


When I joined Confio in 2010, my perception of the VoC process changed. It was there that I understood how it should work. Shortly after coming on board, I provided feedback regarding the monitoring of databases running inside of VMware. Have a look at this screen:



That stacked view, showing metrics inside the engine, the guest, the host, and storage? That’s what I told our dev team a DBA needed to see. Seven years later and that view still stands out when giving demos. The annotations were also something I requested. I wanted DBAs to know if there was an event on the host for that VM.


I still remember the feeling I had when I saw my feedback was used to make our product better. Imagine if a customer had the opportunity to do the same.


Well, imagine no more! The SolarWinds Usabili-buddy program is your opportunity! Go here to sign up for the program.


Usabili-buddy Example

Here’s an example of how the program has had a positive impact for everyone.


While working on the upgrade to alerting, the UX team was working with customers and gathering feedback. While there was already a roadmap and screens of how the UI for alerting would look, these customers noticed a gap in the feature. The customers recalled experiences in the past where they had misconfigured an alert and accidentally triggered an alert storm.


These customers wanted a way to avoid spamming end users due to a misconfigured alert. As a group, they came up with the feature below, on their own



I know, you can't see that, here is a closer look:



This was NOT on the original roadmap, but product management loved this idea. It was included in the very next release. 


Other companies talk about listening to their customers. We don’t just talk the talk. You can see the impact that the Usabili-buddy program and UX team has had over the years.


At SolarWinds, we’re listening. We know that we’re all in this together.


We don’t treat customers as revenue. We build relationships with them.


When you become a customer, you are a member of a community, not just a number in Salesforce.


Help Us, Help You, Help Them


We have 55 products now.


Managing many products is a challenging task. But we are fortunate that our user community makes it easier. The quality of customers we have allows for better feedback, and better feedback leads to better products. Thank you for giving us your time, helping to make the products better for the next user.


But they aren’t our products. They are yours. We just maintain the source code.


Usability improvements are part of every release, and the UX team meets with product development on a daily basis. In each product cycle, UX plays an important role. It's a cycle of continuous improvement, and a project that is never done.


At the end of the day we all want the same thing: happiness. We want happy customers, enjoying long weekends, without worry.


If you have an idea, or just want to help, join the program and share.


Help us, help you, help them.

At what point does the frequency and volume of “it will only take a second to change” become too much to bear and force us to adopt a network automation strategy? Where is the greatest resistance to change? Is it in the technical investment required, or is it the habit of falling back to the old way of doing things because it's "easier" than the new way?


The Little Things


We all have those little tasks that we can accomplish in a heartbeat. They're the things we've done so many times that the commands required have almost become muscle memory, taking little to no thought to enter. They're the easy part of our jobs, right? Perhaps, but they can also be the most time consuming. There's a reason those commands have become so ingrained. We perform them far more than we should, but haven't necessarily figured that out yet... well, not until now anyway.


The solution? Network automation! Let's get all of those mind-numbingly simple day-to-day tasks taken care of by an automation framework so that we can free ourselves up for work that's actually challenging and rewarding. It's that easy! Or is it?


The Huge Amount of Work Required to Avoid a Huge Amount of Work


Automation, even with the best of tools, is a lot of work. That process itself is something that we will wish could be automated before we're done. There's the needs analysis; the evaluation and selection of an automation framework; training of staff to use it; and the building, documentation, and maintenance of the policies themselves.


When a significant portion of the drive for automation comes from overload, the additional technical workload of building an automation framework in parallel to the current way of doing things can be daunting. Yes, it's definitely a case of working smarter rather than harder, but that's still hard to swallow when we're buried in the middle of both.


The Cultural Shift


People are creatures of habit, especially when those habits are deeply ingrained. When all of those little manual network changes have reached the point that they can be done without real thought, we can be absolutely sure that they're deeply seated and aren't going to be easy to give up. The actual technical work to transition to network automation was only half of the challenge. Now we have to deal with changing people's thinking on the matter.


Here's a place where we really shouldn't serve two masters. If there isn't full commitment to the new process, the investment in it yields diminishing returns. The automation framework can make network operations far more efficient, but not if everyone is resistant to it and is continuing to do things the old way. There needs to either be incentive to adopt the new framework 100% or discouragement from falling into habitual behaviour. This could even represent a longer process than the technical side of things.


What Must Be Done


Neither the technical hurdles nor the human ones remove the ultimate need to automate. The long-term consequences of repeatedly wasting time on simple tasks, both to individuals' technical skills and job satisfaction and the efficiency of the organization, makes a traditional approach to networking unsustainable. This is especially true at any kind of scale. Growth and additional workload only serve to make the problem more apparent and the solution more difficult to implement. Still, there's no question that it needs to be done. The real questions revolve around how best to handle the transition.


The Whisper in the Wires


It's difficult to say what's harder, the technical transition to network automation itself, or ensuring that it becomes the new normal. By the time we reach a point where it becomes necessary, we may have painted ourselves into a corner with a piled-up workload that should have been automated in the first place. It also represents a radical change in how things are done, which is going to produced mixed reactions that have to be factored in.


For those of you who have automated your networks, whether in large installations or small, at what point did you realize that doing things the old was no longer a viable option? What did you do to ensure a successful transition both technically and culturally?

In part 1 of this series, we covered some of the most prevalent and most promising cybersecurity models and frameworks available today. These are all tools that can help you determine the size and shape of the current information security landscape, and where you and your organization are within it. We also realized that even with all of this, you still can’t answer some fundamental questions about the specific technology you need to protect your digital infrastructure. As promised, I’m going to spend the next four posts covering the four critical domains of IT infrastructure security and the categories they each contain. Let’s start today with the perimeter.


Domain: Perimeter

The perimeter domain can be seen as the walls of a castle. These technologies are meant to keep information in and attackers out.  In many cases, a Demilitarized Zone (DMZ) and other public network services are exposed to the routable internet via systems within the perimeter domain. Additionally, an organization may have multiple perimeters, similar to an outer wall and an inner wall protecting a castle.


The categories in the perimeter domain are network security, email security, web security, DDoS protection, data loss prevention (DLP), and ecosystem risk management.


Category: Network Security

Network security is typically the primary line of defense for traffic entering or leaving an organization’s network, providing a first-look analysis of traffic inbound and a last-look at traffic leaving your network’s span of control. The primary products in this category are firewalls, network intrusion detection/prevention systems (IDS/IPS), deep packet inspection (DPI), and other security gateways. Today, we rely on so-called next generation firewalls (NGFW) to package the functionality of what used to be many devices into a single appliance or virtual machine. More and more we are facing the challenges of deperimeterization as BYOD and cloud services stretch and blur the previously hard lines that defined our networks' boundaries. This is leading to the rise of software defined perimeter (SDP) tools that push security to the very edge of your new multi-cloud network.


Category: Email Security

Email has become a nearly universal communication medium for individuals and businesses alike, which also makes it a prime attack vector. Spam (Unsolicited Commercial Email - UCE) has been a nuisance for many years, and now phishing, click-bait, and malware attachments create real organizational threats. These attacks are so prolific that it often makes sense to layer email-specific security measures on top of network and endpoint solutions. Included within this category are email security products that offer antivirus, anti-spam, anti-phishing, and anti-malware features. Additional tie-ins to DLP and encryption are also available.


Category: Web Security

Much of our online activity centers around the web. This is increasingly true in our more and more SaaS-focused world. Web security seeks specifically to protect your users from visiting malicious websites. URL filtering (whitelist/blacklist) and other DNS tools fit into this category. Today, known and emerging threats are addressed within this category using Advanced Threat Protection (ATP) capabilities to analyze, diagnose, and dynamically implement rules governing web access in real-time.  This capability is typically provided using a subscription service to a threat database that has an influence on data exchange or name resolution traffic traversing a network.


Category: DDoS Protection

Pundits and others spend a lot of time talking about “going digital.” What this likely means to you is that internet access is crucial to your business. Your employees need to reach the information and services they need, and your customers need to reach your website and other applications. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks generate malformed/malicious packets or an excessive amount of inbound traffic to flood systems responsible for responding to valid queries.  Under such an attack, systems are unable to keep up with responses. D/DoS protection services recognize these attack techniques and implement methods to block the attempts or clean the inbound data streams so that only the valid traffic remains.


Category: Data Loss Prevention

Data is the new gold. Your intellectual property is now made up of ones and zeros, so you can’t lock it in a file cabinet or a safe. You can still protect it though – probably better than you could when it was on paper. Data loss prevention (DLP) tools classify, analyze, and react to data at rest, in use, or in motion. DLP ensures that your data remains available to those who need it, and out of the hands of would-be attackers.


Category: Ecosystem Risk Management

Your cybersecurity is only as strong as the weakest link in your ecosystem. A vulnerability anywhere in the supply chain escalates organizational risk and jeopardizes productivity, profitability, and reputation. Partner, supplier, and vendor security risk is a major area that cannot be ignored as a business issue any longer. You need to be able to continuously identify, monitor, and manage risk to improve the cyberhealth of your vendor ecosystem.


Up Next

Obviously, the castle walls are only one part of a well-crafted defense. In the next three posts of this 6-part series, we’ll cover the remaining domains of endpoint & application, identity & access, and visibility & control. In the final post, we’ll look at the full model that these four domains create, how it fits into the broader cybersecurity landscape, and provide some advice on how to put it all into practice. Stay tuned!

What Is It All About?


You may or may not have heard of application performance monitoring or APM. You may also have heard the term APM used in the context of application performance management. These two should not be interpreted to be the same. Application performance monitoring is exactly what is in the name: monitoring. It is all about monitoring the health of the application and external constructs. Application performance management is exactly what is in its name: management. Application performance management is all about the awareness and focus of the application. Generally, you will find application performance monitoring as a subset to application performance management tooling, but not in every case.


Are you confused yet?


In this post, we will be discussing APM from the monitoring perspective. Over the next series of posts, we will touch on various aspects of APM, such as what components in the environment we should monitor to ensure a healthy application state, as well as the components of the application that should also be monitored. Ultimately, APM should provide a satisfying user experience. We will also be looking at effective event management, alerting, and dashboards. Also, to keep things in perspective, we will first explore what I would term as “after the fact implementation” of application performance monitoring in a traditional fashion. In a later post we will explore implementing application performance monitoring in an agile fashion.


So, to sum up and answer the question “What is it all about?” it is all about the monitoring of an application's health, which includes various components that can affect the application’s health and performance. At the end of the day, we need a way to identify where the performance degradation is, and how we can swiftly resolve the issue. Having the ability to do this efficiently manner is the ultimate win for everyone. We will also be better prepared for the ultimate question, “Why is my application so slow?”


How Do We Get Started?


One of the most challenging aspects to solve when it comes to APM is “How do we get started?” This question is so challenging due to the fact that we must first identify all of the components that can cause an application to become unhealthy, therefore causing performance degradation. One might think that because it is application-focused that we might only look at the application itself which might only include the server, container, etc. in which the application is running. Only including these items would cause us to overlook the external components such as load balancers, databases, caching layers, hypervisors, container platform, and more. Because of these additional layers, we may actually experience application performance issues not from the application itself, but a result of an external component injecting the issue. So, to effectively identify all of the components, one must completely understand the overall architecture and ensure that each and every component is monitored. Remember, monitoring in this sense is more than just up/down, bandwidth, latency, etc. We must obtain enough information from all of the components and ensure that the data is correlated and aggregated to effectively pinpoint an issue when our applications performance is degraded.


As you can see, there are abundant areas that we should be monitoring which could in turn affect an application's performance. You may also be thinking to yourself that this is the way things have always been done over time. I would be willing to challenge the fact of whether or not they really have been, or better yet, how effective they have been over time.


Now is the time to get started and get a grasp on your true application performance.

This week’s Actuator comes to you from backstage at THWACKcamp. That’s right, I’m in Austin loading up on pork products and taking part in our annual two-day live event. When I am not on the livestream, I will be in the chat room answering any and all questions that I am able. Can't wait!


As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!


It’s alive! Scientists create ‘artificial life’ on a quantum computer

It's a simulation, i.e., it's code. But it's essentially the "Hello World" code for quantum computing. Something for us to build upon.


Are you a ‘cyberhoarder’? Five ways to declutter your digital life – from emails to photos

Data hoarding is a serious addiction, IMO. As a data professional I see the symptoms frequently. People need to learn to let go.


Life Is Dirty. So Is Your Data. Get Used To It.

Or, as I like to call it, “what happens when you allow stoners to perform data entry.”


Microsoft open-sources 60,000 patents to help Linux avoid lawsuits

Pretty sure a piece of adatole died when he heard this announcement.


Boston Dynamics’ Atlas robot can now navigate obstacles Parkour-style and it’ll haunt your nightmares

Just in time for Halloween: a robot uprising!


Cryptocurrencies Just Plummeted $13 Billion in Value Over the Course of a Few Hours

Relax folks, it’s only a loss on paper. And, to be fair, these currencies never had real value to begin with, unless you were in the extortion business, or needed a kidney.


Criminals used Bitcoin to launder $2.5B in dirty money, data shows

As I was just saying...


Let’s do this!


Good day!


My name is Paul Guido, but here on THWACK® I use the handle Radioteacher. Many years ago, I taught the beginning Amateur Radio – Technician test, so I created this specific handle to communicate with my students.


Working as an IT professional since 1993, I’ve had the privilege of using a number of different hardware and software platforms. Anyone remember 10base2 Ethernet or FDDI? For the past 20 years, I’ve worked at a financial institution in south Texas, working on systems, networks, monitoring, directories, storage, and virtualization. Throughout this work I always keep security top of mind.


I began by lurking on THWACK in mid-2011, but officially joined THWACK in June of 2012. My first meeting with the SolarWinds team was at VMworld 2012, where I acquired my first swag from the Blues Brothers themed booth—it was a cool, cloth Fedora hat. I also had lunch that day with two Head Geeks™, but at the time I had no idea who they were.


I have attended every THWACKcamp™ since 2013. In 2015, I was the only customer to attend in person at the SolarWinds HQ. During the 2016 and 2017 THWACKcamp events, it was fun to go to Austin and meet other THWACK MVPs from around the world.


The best MVP meeting at THWACKcamp 2017 happened at a restaurant in Bee Cave called Rocco’s. Rocco asked if, "You all worked at the same company?" The answer? Nope. "So, you all work at the same types of businesses?" Again, nope.


So, we told him, "All of us use the same software platform to monitor our unique networks for our companies." Rocco looked a little puzzled.


I’m looking forward to the “People Do Dumb Things: Why Security Is Hard for IT Pros” session on Day 2 at 10:00 a.m. CT. Destiny Bertucci, Mandy Hubbard, Sandy Hawke, and I will discuss security from different points of view. You probably already know Destiny, the SolarWinds Head Geek™ and my rambling posts on THWACK. Mandy Hubbard is a software engineer and QA architect, offering deep insights on how current software is made and tested. Sandy Hawke now works with companies to help with marketing, but also leads another life thanks to here two decades of information security experience. Sandy is basically a superhero.


Budget season is coming up, what is your team doing to improve the security posture of your company?


Security’s biggest enemy is complacency. Register. Attend October 17-18, 2018.



By Paul Parker, SolarWinds Federal & National Government Chief Technologist


Wary that the Internet of Things (IoT) could be used to introduce unwanted and unchecked security risks into government networks, senators last year created the IoT Cybersecurity Improvement Act of 2017, legislation that placed minimum security standards around IoT devices sold to and purchased by government agencies.


IoT and Edge: Hype vs. Reality


It’s good that provocative and important questions are being asked now, before edge computing and IoT truly take hold within the federal government. As it is, we are still at the start of their respective hype cycles, with true adoption hampered by security concerns.


Agencies are still grappling with BYOD security, let alone IoT or edge computing. The recent controversy surrounding fitness app Strava, which inadvertently revealed the location of classified military bases, made it abundantly clear that there is still much work to be done. Agencies are still trying to get past these fundamental hurdles before fully embracing IoT.


Agencies are still very much in the exploratory phase with edge computing. As such, it is unlikely we will see widespread adoption of these types of solutions over the next year.


Fortifying Current and Future Networks


Still, agencies are laying the infrastructure for these technologies and need to implement strategies to help ensure that their networks and data are protected. As such, there are several things IT professionals can do now to better fortify current and future operations.


  • Have a clear view of everything happening on your networks. If the IT team does not have the ability to accurately track and manage IP addresses and conflicts, domain names, user devices, and more, they will not be able to know if or when a bad actor is exploiting their networks. You must be able to tie events on the network directly back to specific users or events. This strategy also helps in evaluating the new devices on the network to confirm they are operating properly and securely.


  • Use trusted vendors. The IoT Cybersecurity Act of 2017 requires that vendors notify their customers of “known security vulnerabilities or defects subsequently disclosed to the vendor by a security researcher” or when a vendor becomes aware of a potential issue during the lifecycle of their contract.


  • Find the positive in potential intrusions. Intrusions can help IT pros evaluate and refine remediation strategies, and automated network security solutions can learn from the breach to offer protection for the future.


There’s every indication that IoT and edge computing will prove to be more evolutionary than revolutionary in 2018. Most agencies will likely continue to be cautious with these technologies, as the first consideration must be how IoT and edge computing devices will be managed and secured.


But the more agencies learn about these technologies, the more they will ultimately be adopted. Agencies must begin preparing for that day. The best way to do that is to implement strategies that can help them solidify network security today while laying the groundwork for tomorrow.


Find the full article on SIGNAL.


The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

My name is Will, and I hide in the shadows of the NOC. I’ve worked for an ISP/Telco for the past several years (13?) and spent nearly all that time in the NOC. I’m tasked with finding ways to keep our folks informed of the various events occurring throughout our environment.


When I started working in our NOC, this is what they had been running:


While I'm not 100% on my timeline, I'm pretty sure I took over our SolarWinds® environment somewhere around version 9 or version 10 of NPM. Previous management had gotten rid of it, having replaced it with an overly complicated product, which ultimately failed a couple years later. Shortly thereafter, said management was replaced. Afterwards, we were asked what product we wanted, to which we replied, "SOLARWINDS!!!" When asked why, it was a unanimous response. "Because it's easy to use, and is a very flexible product." Since I have been in charge of our SolarWinds environment, starting only with NPM, we have added many additional SolarWinds products, such as NCM, NTA, SAM, DPA, Kiwi Syslog®, Web Help Desk®, a couple of Engineer's Toolsets, a couple of additional polling engines, a couple of additional web servers, and most recently, VMAN.


THWACK® has become part of my everyday routine, though it did not start as such. In the beginning, I mainly had a bunch of complaints, as well as a few specific questions about how to resolve various problems in our network. From there, I found THWACK points, and FREE shirts. As time passed and new issues appeared at work, each requiring a different solution, I started to really get into this community. After asking several questions, and receiving numerous answers, it started to click with my brain. I became more and more interested and curious about the product(s). I thought well, if it can do this, I wonder if it can also do that, and more. Eventually, returning to the here and now, THWACK became an extremely important resource, not only for me to get answers, but also for me to help answer the questions of other THWACK users, as was done for me. It's seems amazing to me, looking back at the how and why of joining and using THWACK, and seeing myself go from one end of the spectrum to the other.


I’m looking forward to this year's THWACKcamp, as I have every year. I have attended THWACKcamp every year it has existed, both virtually, as well as the in-person invites too. The 2017 THWACKcamp was my favorite, as SolarWinds hosted several other THWACK MVPs in person, at their headquarters in Austin, Texas. Getting to meet everyone was great, but getting to talk shop with other folks using SolarWinds products, and seeing solutions through their points of view, was easily the best part.


In regard to the upcoming 2018 THWACKcamp: While there are tons of great sessions, I’m definitely looking forward to the "There's an API for That: Introduction to the SolarWinds Orion® SDK" session the most, which takes place on October 17 at 11 a.m. CT.


One of the best aspects of the SolarWinds products is the flexibility. You can open the box and use the modules as is, likely covering the needs of most. Or, you can customize your environment in countless ways. Maybe just start with a simple SQL query. Then evolve and convert that SQL query into a SWQL query. Well, don't stop there; you can use that SWQL query to automate some (all?) of your daily tasks. Over the past couple of years, I have been doing more and more work with the SDK/API side of the products. Ironically, my adventures into the Orion SDK/API world have some connections to some of the first questions I asked on THWACK. While I wasn't quite ready to take the leap back then, many of the questions I have asked on THWACK can easily be answered using the API to build the solution. Now, when I say "easily", I mean you don't need to be a master programmer coder extraordinaire. You simply need to be willing to take the time to think and ask questions. I think it's one of those "experience is something you get just after you need it" type of things.


Graphs have been a big thing for us for a long time. We need to graph way too many things to be building pages manually. And, while we're at it, we need a better way to manage all of our pages/views. Luckily, we have the Orion SDK/API to help. Each time I revisit these projects, we make a little more progress, and somehow find a way to evolve them to the next level. Here are a few links to some of the different ways we have used the SDK/API to bridge the gap. After THWACKcamp 2018, I'm expecting to have learned even more new ways to improve my projects.

Using PowerShell To Automatically Provision a Series of Graphs Per View

Export All Reports, In Bulk, Via PowerShell and API

Adding Custom Tabs to The Top Level Nav Bar

Custom SWQL Views Manager

Using Your Custom HTML Resource to Build A Better Way to Navigate Your Custom Views

Using Your Custom HTML Resource to Properly Display SWQL Query Results



While I have been working with SolarWinds products for many years now, having accrued a fair amount of experience, I continue to attend new training courses, as well as revisit updated courses as well. (Virtual Classrooms | SolarWinds Customer Portal) I also look for helpful videos (eLearning - SolarWinds Worldwide, LLC. Help and Support), SolarWinds Lab sessions (SolarWinds Lab), and especially THWACKcamp 2018, as I know the next great idea I have for my environment will probably come from a comment, idea, or reference of another THWACK user, as it has so many times before.


What’s in your widget? Do you have a cool mod you want to share, or is there a task you need to accomplish but don’t know how? Let us know, and maybe we can find the solution together.


Join me. Register now. Attend October 17-18, 2018.

THWACKcamp 2018 – Tips & Tricks: Thinking Outside the Box


          THWACKcamp 2018 is approaching fast, which also means it’s time for one of our most popular THWACKcamp sessions—Tips & Tricks.


          In this Tips & Tricks session, titled “Tips & Tricks: Thinking Outside the Box,” I will be joined by THWACK® MVP and SolarWinds Technical Content Manager Kevin Sparenberg as we delve into some of your favorite products and how to get the most out of them with these simple but powerful tips and tricks. We want to make sure your products are tailored to your needs and are adaptable to the nuances of your particular IT needs. Live demos with step-by-step direction will help you visually recognize the different capabilities available to you within some of your favorite tools, making it easy for you to play around with some of these cool features. Want to get more out of your Orion® Platform, particularly the Orion SDK? We’ve got you covered. Been thinking about how you can get ahead of API exhaustion for Office 365 or other, similar tools? Not a problem. Ready to learn more about the Millennium Falcon LEGO alert? Sure thing.


          In case you haven’t already heard, registration for THWACKcamp is open, so it’s time for you to sign up for this entirely free, 100% virtual, multi-track learning event. Take advantage of our comprehensive and totally entertaining sessions, featuring your beloved SolarWinds Head Geeks, as well as technical experts on the wide range of relevant and necessary topics in the world of IT.

Now that we all carry supercomputers complete with real-time GPS mapping in our pockets, a reference to physical maps may feel a bit antiquated. You know the ones I’m talking about; you can still find them at many malls or theme parks, and even some downtown city streets. It’s usually a backlit map on a pillar with a little arrow marking “you are here.” It’s designed to give you a sense of where you are and how to get where you're going. While that physical map may feel a bit dated, at least it’s still effective. That’s more than I can say for many of the InfoSec practices, products, and procedures we find at companies of all shapes and sizes.


That security gap is really not surprising though. Organizations and individuals alike are becoming more and more connected, while information and assets are becoming more and more digital. At the same time, the bad guys are becoming more and more organized and sophisticated. It feels like new threats, vulnerabilities, and breaches are announced every day. To keep pace, vendors seem to announce new products every week, not to mention all the new companies that are constantly popping up. As security professionals, we are left trying to sort out the mess. Which tools provide defense in depth, and which are just causing duplication? How do I even compare competing products and the protections they provide?


Luckily there are some models, frameworks, and best practices available to help us figure it all out.


Three of the most widely known and referenced are ISACA COBIT, ISO 27002, and NIST CSF:

  • COBIT is a "business framework for the governance and management of enterprise IT” published by the Information Systems Audit and Control Association (ISACA). Governance is the key word there; this is a high-level framework to help executives execute policies and procedures. It’s the widest in scope, is best used for aligning business objectives with IT and security goals, and can be thought of as a strategic base for the ISO and NIST frameworks.
  • ISO 27002 is a set of best practice recommendations for implementing an Information Security Management System (ISMS) published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is essentially a list of checklists for operational controls that are used in conjunction with the requirements laid out in ISO 27001 to help ensure that your approach is comprehensive.
  • The Cyber Security Framework (CSF) published by the US National Institute for Science and Technology (NIST) is much more tactical in nature. Its most recognizable aspect is called the “Framework Core,” which includes five functions: Identify, Protect, Detect, Respond, and Recover. It also includes “Implementation Tiers” and “Profiles” to help you define your current risk management abilities and future/target goals within each of the functions.


A couple additional frameworks that are less well known but worth reviewing are RMIAS and ATT&CK:

  • RMIAS stands for Reference Model for Information Assurance & Security. This model "endeavors to address the recent trends in the IAS evolution, namely diversification and deperimeterization.” It describes four dimensions (security development lifecycle, information taxonomy, security goals, and security countermeasures) and incorporates them into a methodology that helps to ensure completeness, risk analysis, cost-effectiveness/efficiency, and consistency in your IAS practice.
  • ATT&CK stands for Adversarial Tactics, Techniques & Common Knowledge. It "is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.” In other words, it contains deep knowledge about how and where the bad guys are known to attack. Provided by MITRE, a non-profit R&D organization, it is gaining wide acceptance among practitioners and vendors alike as a common language and reference.


Of course, there are also a growing list of industry specific frameworks, models, and regulations like HIPAA, HITRUST, FEDRAMP, PCI-DSS, SOC, CIS, and more. While all of this is great, I’m still left with those same questions: Which tools provide defense in depth, and which are just causing duplication? How do I even compare competing products and the protections they provide?


What we require is a more practical model of the specific technologies needed to secure our organizations.


Through the remainder of this series, I will introduce and describe a reference model of IT infrastructure security that aims to fill this gap. Over the next four posts I will illustrate four technology domains (perimeter, endpoint & application, identity & access, and visibility & control), including the current drivers and the specific categories within each. Then, in the final post, I will describe how this model fits within the broader ecosystem of cybersecurity countermeasures and provide some advice on how to put it all into practice.

THWACKcamp 2018 – People Do Dumb Things: Why Security is Hard for IT Pros


We often hear a lot of discussion about high-level security, but these types of concerns aren’t really what the general public is facing on a day-to-day basis, at work, or at home. People who have a very limited or virtually non-existent background in IT might not even realize that the things they’re doing are putting their data, your data, and potentially even your business at risk. So what kind of security risks do we see from the vast majority of the people across all companies and organizations, and how do we actually resolve them?


In this THWACKcamp panel session “People Do Dumb Things: Why Security is Hard for IT Pros,” I’ll be joined by Broadway National Bank Sr. Network Security Engineer and THWACK® MVP Paul Guido, CS Disco Software Engineer/QA architect Mandy Hubbard, and Computer and Network Security Shaman Sandy Hawke to discuss all the most practical ways that you can keep team members from putting your security at risk. We’ll place some of our IT expertise on the back burner as we try to tackle these issues from an IT novice viewpoint, so we can come to realistic and meaningful solutions on how you can help prevent these small and large security fumbles from happeningin the first place. As security breaches become more commonplace, it’s important that we as IT professionals remember that these breaches don’t have to be the norm. Even the use of social media can hold potential threats that we need to think about and create safeguards for. This session is geared for people of all IT skill levels who want to improve their security—so basically, everyone.


Not yet registered for the premier IT event that thousands of your peers have already signed up for? No worries, you can register for THWACKcamp 2018 today! With two days of sessions—taking place October 17 – 18—THWACKcampprovides you with the opportunity to learn from SolarWinds Head Geeks and IT industry experts in a number of different fields, all for free and from the comfort of your laptop. Don’t miss out on this entirely free, virtual IT event that’s sure to take your IT game to the next level.

I’m sure you’re intrigued by the title of this THWACKcamp 2018 session (as you should be).


So, what exactly does the classic movie “The Seven Samurai” (which inspired the recent remake “The Magnificent Seven”) have to do with data protection? Well, quite a lot, as it turns out. After watching “The Magnificent Seven,” it dawned on me that there are striking similarities between the villagers and the way data is protected.


During this session, “The Seven Samurai of SQL Server Data Protection,” I’ll be joined by InfoAdvisors Senior Project Manager and Architect Karen Lopez as we break out seven different features that can help safeguard your data. Whether it’s data at rest, data in use, or data in motion, your data needs protection.


We’ll be highlighting key features of SQL Server, as well as defining how each of these features can be applied to the three different types of data. Transparent Data Protection, Dynamic Data Masking, and AlwaysEncrypted are just some of the features that we’ll look into and walk you through, so you can strike down data attackers at a moment’s notice.


Don’t want to miss this session or any of the others offered during THWACKcamp 2018? Well, then don’t! The event is entirely free and features SolarWinds Head Geeks and IT experts in a wide range of fields discussing the topics most relevant to you. You can even chat with these tech dynamos during the event! Be sure to register for this premier, online IT event, happening October 17 – 18.

Whether you’re a seasoned IT professional or a tech newbie just trying to get into the IT game, you’ve probably noticed that alerts can be a real pain—if not managed correctly.


Don’t let alerts control your life and bring down your monitoring. Join me and SolarWinds engineer Mario Gomez during the session “Alerts, How I Hate Thee,” as we hash out some of the real struggles that poorly crafted alerts can create,and then discuss practical solutions to improving your alerts and resolving these issues. Some alerting topics we’ll dive into include: understanding and leveraging the differences between an alert scope versus a trigger;  the best time to trigger an alert; best practices for testing your alerts; and options for sending notifications that give a break to your poor old email system. And of course, we’ll also look at some options for integrating alerting into external systems like Slack and ServiceNow as well as using automation to take your alerting to a whole new level. After all this discussion and analysis, we’ll all hopefully come out the other side hating alerts a little less and starting to enjoy the benefits proper alerting can have on monitoring.


This session is just one of many that you can look forward to during THWACKcamp 2018. Taking place from October 17 – 18, this two-day, premier online event is entirely free! Enjoy the event from the comfort of your computer—wherever that may be—as you learn from SolarWinds Head Geeks and a wide array of technical experts, all of whom bring their different backgrounds and areas of expertise to the table. Be a part of an important industry discussion that will gear you up for all the IT goals you want to meet in the coming year. If you haven’t already, be sure to register so you don’t miss out on this year’s THWACKcamp!

Modern network and systems engineers have a lot to deal with. Things like overlapping roles, constantly changing client devices, and new applications popping up daily create headaches beyond comprehension. The amount of data produced by packet captures, application logs, and whatever else you have to help troubleshoot issues is astounding and can leave even the most skilled engineer reeling when trying to track down an issue. The human brain is designed to recognize patterns and outliers, but it is simply not equipped to deal with the scale of today’s IT issues.


Over the past few years, data scientists and software developers have teamed up to try to solve this problem using an old paradigm but emerging technology: Artificial Intelligence and Machine Learning (AI from this point on). AI, put simply, is a program that is “trained” to monitor a given data set while looking for either specific or unspecific information contained within. By scouring the data, it can build complicated patterns and baselines, learning along the way what is “normal” for a given system and what isn’t, as well as forming predictions based on what could be coming next. From there, a few things can happen; from as little as flagging the information for later review by human eyes all the way up to a completely automated remediation of any notable issues discovered.


Right now, you’re either thinking “Sign me up! I want to AI!” or “Not another one of these…” And I don’t blame you. I’m all AI-ed out too. But that doesn’t mean it isn’t useful. Just do what I do when I hear yet another marketing person start talking about the rise of the machines. Cover your ears and yell. I don’t care about how a vendor is going to get something done, I just want to know what it will do for me. I’m a wireless network architect, a coder, and a technology lover. I am not a data scientist. Make my job easier and I’ll be your best friend at lunch (which you’re paying for). What can AI do for me and you as the ones keeping the lights on and moving our companies forward technologically?


The most basic use case I’ve come across is historical data correlation and actionable health prediction. Like I mentioned, I’m a wireless architect. I design and manage a massive wireless network across a large geographic area. Monitoring the network, applications, RF, and performance of hundreds of thousands of clients across the entire organization isn’t just a difficult job -- it’s impossible for a single group to do without some serious assistance. The tribal knowledge contained within each team I work with is impossible to impart on a single person or persons to monitor everything and correlate all that information into any sort of useful data. That’s where AI comes in. Using historical trends to predict new needs, looking at past failures to see when the next one will occur, knowing that certain events or even times of the year will cause application load we can’t handle, we can properly scale and prepare for nearly anything.


Now, as I mentioned above, I’m not a data scientist but I have no problem letting them make my job easier. As much as I hate the term AI (I’ll explain in a later post) and the marketing drives me crazy, I am welcoming it with open arms. I am also waiting with a baseball bat to take it down if anything goes wrong.


This is the first post in a series I will be writing about Artificial Intelligence and Machine Learning, which will cover how I use it, why I love it, why it terrifies me, and why words matter. Stay tuned for more. I promise it won’t be too dull.

I *just* realized that it’s October and I can’t believe 2018 is almost in our rear-view mirror. Christmas will be here soon, folks; might be worth getting an early start on making your lists.


As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!


Cloudera and Hortonworks announce $5.2 billion merger

I see this merger as a sign that AWS and Azure are slowing choking the life out of companies that offer niche services. As the AWS and Azure menu grows, we should expect more stories like this, and see these companies as ones on borrowed time.


Supply Chain Security Speculation

One of the better threads on SuperMicro, and is updated with recent articles to help track the shifting story. “…never ever expose IPMI interfaces to the Internet. Unless you want hackers, because that’s how you get hackers.” Truth.


Voice Phishing Scams Are Getting More Clever

Please talk with your family, especially elderly parents, about such scams. A 10-minute conversation with you today can save a lot of heartache later.


The Internet’s keepers? “Some call us hoarders—I like to say we’re archivists”

Data growing at 4PB a year? I will not complain again about my users hoarding data, ever. Or, if I do, I promise to say “things could be worse.”


Tiny Gecko Makes "a Bazillion" Phone Calls From Inside Hawaiian Animal Hospital

I have no idea how this is possible, because I can't never place ONE call from a conference room. Is it 9 to dial out? 8? Nothing?


Entire broadband industry sues California to stop net neutrality law

Wow, those broadband companies must really care about what’s best for the consumer, and that’s why they are all coming together to fight the law California passed. Right?


More falsehoods programmers believe about time; “wisdom of the crowd” edition

For anyone that has ever had to code or support an application or system that spanned multiple timezones.


Everyone is excited about THWACKcamp this year:


We all start out somewhere. Our first taste of technology somehow leads to that first server build, switch config, or line of code. Which, in turn, leads to our first “real” tech job and a slew of other firsts—first time leading a project, first outage, and maybe even the first promotion. Somewhere along the way, you had your first chance to work with SolarWinds® tools.


While experienced IT professionals can look back (hopefully with fondness), many of us are just getting our legs under us when it comes to SolarWinds solutions. Right now. Here. Today. And that’s what this session is all about: helping you get up to speed quickly and avoid the feeling of hunt-and-peck that often comes when learning a new software suite.


In this THWACKcamp 2018 session, I’ll be joined by fellow Head Geek Destiny Bertucci  to give a tour of the most important features, screens, tools, and utilities that you’ll need in those critical first days, whether you are completely new to the role of monitoring engineer, or are experienced with monitoring but new to SolarWinds.


Want to make sure you attend this and other sessions during this year’s THWACKcamp? Be sure to register for THWACKcamp and plan out the sessions you’ll attend on October 17 – 18. Not sure if you’ve budgeted enough to attend this premier online event? Don’t sweat it! THWACKcamp is completely free. You don’t even have to worry about travel expenses—just make sure you have access to Wi-Fi. SolarWinds Head Geeks and a wide array of technical experts will be hosting these sessions, as well as answering your questions in a live chat, so you can walk away feeling like you can take on any IT challenge that comes your way. Can’t wait to see you there!

By Paul Parker, SolarWinds Federal & National Government Chief Technologist


Automation should be at the foundation of every federal IT pro’s performance strategy. Automating network configuration demands is a perfect place to start and has four primary advantages:


1. Save time, increase productivity. Continuously monitoring device configurations and receiving notifications of configuration changes can dramatically simplify managing network configuration files, particularly in multi-vendor network environments. Invest in a network configuration management tool with automated network backup, change monitoring, change approval, and bulk change deployments.


2. Reduce downtime caused by failed devices. Automated configuration management means there are full device configurations stored—which, in turn, means they can be easily restored or copied to set up a new device or replace a failed device. A tool that sends notifications in real-time whenever there is a configuration change can help backtrack and check if a recent configuration change is the cause of a network issue.


3. Accomplish configuration changes quickly and efficiently. Configuration change errors are not uncommon and can have cascading effects, including network outages and downtime. Automated configuration can help identify and fix configuration change errors. Consider deploying bulk configuration changes across multiple devices and device types to save what can be an hours-long task.


4. Compliance with regulations. Every federal IT pro is aware of the importance of meeting compliance requirements. An automation tool can help enforce compliance management policies by identifying and closing network security gaps. These tools can make your STIG deployments and Command Cyber Readiness Inspections as simple as clicking your mouse. Additionally, the ability to require network changes to be approved before being pushed out can help ensure that no changes violate regulations.


Ensuring optimal performance is the end goal; automation is key to achieving that goal. There are many ways to implement automation, and many automation tools available. Start by learning which tools are designed for large-scale networks. Investing in products that scale will be an initial, critical differentiator. After that, narrow down the options by ensuring that the company and product are approved for use on government networks, and ensure that the product offers the correct mix of flexibility and capability for your environment.


As a federal IT pro, the mission is the bottom line; the time saved through automation can help sharpen that focus. Implementing automation tasks and workflows allows time to focus on developing and deploying new and innovative applications, and more effective ways to deliver those applications to users so they can have the tools they need to do their jobs more efficiently. The end game will result in a significant ROI and better controls, but remember that it’s important to allow the teams to deploy these tools properly. Your time, energy, and efforts will be rewarded in spades.


Find the full article on our partner DLT’s blog Technically Speaking.


The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

In this day and age, good security can make or break your business, your IT, or even your personal life. Security is something that everyone thinks about—from “Did I lock my door before I left?” to “Do I really have a strong enough login to protect my vital data?” That said, there are some environments where security is of the utmost concern. A prime example of this high-stakes security is the U.S. government, as SolarWinds’ IT management work with our Federal customers has shown us time and time again.


During this THWACKcamp session, “What the US Government Can Teach You About Securing SolarWinds,” I’ll be joined by Paul Parker, SolarWinds Chief Technologist for the Federal & National Government, as we thoroughly review some of the helpful security techniques employed by Federal IT teams and how they can be applied to any business, regardless of size or security needs. We’ll certainly take a look at the SolarWinds products that are commonly used by government agencies for cybersecurity and how they can play a part in helping to optimize your security. Through thoughtful demos, we’ll review Active Directory integration and how it can assist with single sign-on, multi-factor authentication, and CAC, as well as Network Configuration Manager (NCM) compliance policy reports. We’ll also share some real-life examples of port requirements and security gone wrong. These talking points are just the tip of the iceberg of what you’ll get during this THWACKcamp session.


Can’t wait for THWACKcamp 2018? In all your excitement, don’t forget to register for this premier online IT event, where SolarWinds Head Geeks and IT experts will provide you with IT sessions focused on helping you improve your IT knowledge and skills. Taking place between October 17 – 18, this event is entirely free and virtual, meaning there’s really nothing holding you back from taking your IT skills to the next level and gearing up for all of your 2018 goals.

If you attended last year’s THWACKcamp (it was pretty great, if you weren’t able to watch), then I’m sure you’ll remember our session providing tools and insight on how to help network engineers monitor like SysAdmins. So, it’s only fair that during THWACKcamp 2018 we do the reverse—showing SysAdmins how they can monitor like network engineers.


Joining me for this session “Monitoring Like a Network Engineer When You’re a SysAdmin” will be fellow Head Geek Destiny Bertucci and SolarWinds Technical Content Manager Kevin Sparenberg. While both SysAdmins and network engineers are vital to IT, they’re doing and seeing things from completely different vantage points, which can make it challenging—but not impossible—to switch places. SysAdmins are used to changes being just a click away and totally visible. On the other hand, network engineers are pressed to see things from multiple perspectives, in a much less graphical fashion. What can make this seemingly large gap more manageable? The answer is, simply, the right tools. We’ll walk you through several demos, including looking at IP Address Manager (IPAM), NetPath, and Network Configuration Manager (NCM), so you can have a first-hand look at how easily these tools can turn a SysAdmin into a network engineer—well, at least for a day.


Are you ready for THWACKcamp 2018? Taking place October 17 – 18, this entirely free, online IT event is something we’ve been looking forward to since THWACKcamp 2017 wrapped up, and we’re excited for you to join us. Not sure you can make a last-minute trip to the event? Not a problem. THWACKcamp is completely virtual, so you can enjoy sessions and chat live with SolarWinds Head Geeks

and IT experts from the comfort of your laptop. All you have to do is register and carve out some time to learn about all the latest in the world of IT.

As an IT pro, I’m sure I don’t have to tell you that monitoring is a not so secret key to your success, whether you are focused on networking, applications, storage, cloud, or some other area of the IT stack. While you may be hyper-focused and dedicated to your monitoring and the data it relays back to you, have you ever stopped to think, “What’s monitoring my monitoring?” This may sound like a never-ending loop of monitors monitoring monitoring systems (say that 10 times fast), but it’s actually something quite necessary and very feasible to do—with the right help and tools, of course.


In this THWACKcamp 2018 session, we’ll explore the different techniques and tools that can help ensure your monitoring itself is running smoothly and being properly watched. With the expertise of my co-host and Orion® Core Program Manager, Kate Asaff, we’ll enjoy an informative discussion, as well as several relevant demos, surrounding the topic of monitoring. Learn how hot-ticket issues like syslog, traps, and orphan records can be remedied thanks to the latest build of Network Performance Monitor 12.3 (NPM). Want to know how you can take care of your monitoring and not break the bank? Luckily, there’s plenty of free tools you can employ to help keep an eye on the health of your monitoring, including Traceroute NG, Storage Response Time Monitor, and the free version of Database Performance Analyzer (DPA). Not to mention, we’ll walk you through some of the great, popular SolarWinds tools employed for tracking your monitoring systems, including NetFlow Traffic Analyzer, Legacy Orion Server, and more.


Want to make sure you attend this and other sessions during this year’s THWACKcamp? Be sure to register for THWACKcamp and plan out the sessions you’ll attend on October 17 – 18. Not sure if you’ve budgeted enough to attend this premier online event? Don’t sweat it! THWACKcamp is completely free. You don’t even have to worry about travel expenses—just make sure you have access to Wi-Fi. SolarWinds Head Geeks and a wide array of technical experts will be hosting these sessions, as well as answering your questions in a live chat, so you can walk away feeling like you can take on any IT challenge that comes your way. Can’t wait to see you there!

During this THWACKcamp 2018 session, we’ll explore some of the various facets of the Orion® Platform that can help you take your system to the next level. With the help of my co-host, fellow Head Geek, and all-around tech wiz Destiny Bertucci, this session “Optimizing Orion” will take you on a journey through the various products that are built on the Orion Platform, such as Server & Application Monitor (SAM) and Database Performance Analyzer (DPA). We will show how these products benefit one another and help provide you with the results you’re looking for. We’ll also walk you through polling completion, polling rate, and how exactly to scale up or out, which will ultimately inform the decisions you make and actions you take in your virtual environment.


Once you have these optimization techniques under your belt, it will become common practice for you to employ and monitor them regularly. But don’t just take our word for it. We’ll let the products do the talking. Through comprehensive SolarWinds product demos, you can see exactly what it takes to get your Orion Platform products functioning at the next level, aside from the already useful out-of-the-box features.


Though I’m sure you’re already aware and counting down the days, THWACKcamp 2018 is well within reach. We can’t wait to share with you all of our great sessions, which will take place October 17 – 18. Be sure to register for this free, premier online IT event if you haven’t already. We’ll see you there!

Home from Microsoft Ignite, which means I spent a week away from news headlines and I’m now thinking I should disconnect from the headlines more often.


As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!


Facebook says nearly 50m users compromised in huge security breach

I’m beginning to think that Facebook might be awful at this security thing.


Elon Musk and Tesla to pay $40m to settle SEC case over tweets

Nice reminder that you have the right to free speech, but that doesn’t mean you are free from consequences. Oh, and one tweet can be costly.


Google reportedly pays Apple $9 billion/year to remain the iPhone’s default search engine

Makes you wonder how much money Google is making from that “free” search engine they have.


Your Notifications Are Lying to You

Read this and then re-think those alerts you have filling up folders inside of Outlook.


Apple Watch’s new auto-911 calls after falls may tumble into legal trouble

Interesting scenario outlined here, and likely a result of Apple not having a specialist in ethics involved in the design of this new feature.


Cars that talk to each other are coming soon, and could save thousands of lives

As a fan of autonomous cars, I endorse this application of technology and wish it was in place last week when my Lyft driver was involved in a minor accident.


Your Calendrical Fallacy Is...

For anyone that has ever had an issue with dates and time when building systems.


Autumn in New England. How do you like 'dem apples?!?


By Paul Parker, SolarWinds Federal & National Government Chief Technologist


Here is an interesting article from Federal Technology Insider on monitoring complex networks, as presented by one of our customers during our Federal User Group meeting earlier this year.


When it comes to monitoring and managing complex IT networks, it would seem that the ideal solution would be to build custom tools uniquely suited for the environment.


Or is it?


As David A. Richards, Senior Technical Manager EOSS/GuardNet, one of the largest Department of Defense (DoD) networks, shared recently at the SolarWinds Federal User Group, “When it comes to ensuring the safety, security, and continuous operation of GuardNet, it’s vitally important that we be able to customize our tools to achieve organizational objectives and make actionable decisions.”


His team found themselves in a position where they were inundated with information and couldn’t find the proverbial needle in the haystack. The opportunity to break out of the cycle of information overload, analysis paralysis, and circular discussions came in the form of network management and monitoring tools from SolarWinds.


While the assumption might be that ‘out-of-the-box’ tools wouldn’t be able to cope with the rigors of a complex environment like GuardNet, the tools came with a significant strategic advantage: native customization capabilities.


Starting with a customer-generated architecture diagram, Richards and his team were able to rebuild the network to meet not only today’s needs, but also to prepare for additional demands on the network that will come as the DoD rolls out the Joint Regional Security Stacks (JRSS). The JRSS will add more nodes on a global scale and will also require compliance with new DISA security standards that will apply across the DoD, including GuardNet.


So what advice does Richards have for other government IT leaders who are responsible for complex networks?


  • Stop thinking in terms of single devices. Start thinking of the network as an ecosystem and identify dependencies within the ecosystem.
  • Use monitoring tools to help visualize the network. Draw a map, color code it, and share it.
  • Identify patterns of failure and recurring problem areas, overlay them on the map, and target those areas for remediation.
  • Move from a technical diagram to a format that can communicate the business value to secure funding for additional network monitoring tools that can help automate routine tasks, such as load balancing and patch updating.


These lessons were invaluable to Richards and his team during last year’s hurricane crisis in Puerto Rico. Following Hurricane Maria, sites in Puerto Rico could no longer monitor GuardNet. Richards and his team ensured that sites on the mainland were able to add that workload. While the initial step was just to see what parts of the network and devices were up or down, they were able to quickly access credentials and add specific device monitoring and management to help ensure continuity of operations.


As Richards shared, “The ability to create a regional view of the situation in a very short period of time gave better insight into areas of most damage and criticality and got us on the right track to normal operations much more quickly than anyone anticipated.”


Learn about solutions that offer network management and monitoring in any circumstance here.


Find the full article on Government Technology Insider.


  The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

   THWACKcamp 2018 Preview - Six Ways to Improve Your Security Posture


  In case you’ve somehow missed the news, registration for THWACKcamp 2018  is now open! In our annual free, virtual, multi-track IT learning event, you’ll have the chance to hear from industry experts as well as SolarWinds Head Geeks and technical staff. I’m particularly excited for my “Six Ways to Improve Your Security Posture Using Critical Security Controls” session, happening October 17 at 11 a.m. CT.


     Security policies within organizations are under a lot of scrutiny these days. Luckily, the Center for Internet Security (CIS) has published Critical Security Controls as guidelines to help you maintain good cyberhygiene. The CIS Controls are created and updated by security professionals working to assist individuals in securing and protecting against common vulnerabilities and threats.


     In this session, join me and my security co-host of awesome, Senior Product Manager Jamie Hynds, as we discuss the top six CIS Controls and how you can use SolarWinds security management tools  to help back up these controls. You may already have these tools, but are you using them to help promote a secure environment?


     THWACKcamp is a live virtual learning event on October 17 – 18, 2018, featuring 18 sessions split into two tracks. Best of all, it’s monetary- and travel-free! Session topics include new technology, optimizing virtualization, automation guides, and thought leadership admins care about, not just vendor hype. Be sure to register today and attend to take advantage of live Q&A during each session!



The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.







For THWACKcamp 2018, I had a chance to return to a task/skill I haven't really done much of in a while: programming. That may be a surprise for some people, so let me explain.


I have done a lot in my career, from desktop support to systems administration to network engineering. And there's been a decent amount of scripting involved. But I'm not "A Programmer." As anyone will tell you, a batch file or shell script can be sophisticated and even elegant, but it's still not the same as "real" programming. What I usually say is that "nobody ever wept with joy at the beauty of my code. In fact, the most complimentary thing anyone's said is 'well, uh, it ran. I guess'."


And I'm okay with that. I never aspired to be a "real" programmer. The thought of spending each and every day coding does not excite me. Again, that's okay, and if coding is your jam, that's okay too. I'm not hating on anyone.


All of that said, though, there's something deeply satisfying when I—an avowed script kiddie—can bang out a few lines in something more sophisticated than BaSH and get something to run. Better yet, something that runs with consistent results. Best of all, something that does something that I don't have to do any more. So I do understand the thrill and attraction of programming. I just don't want to do it all the time.


As we prepared for THWACKcamp 2018, I had a chance to flex those rusty programming muscles for the first time in a while. Kevin Sparenberg offered me a chance to join him and Zack Mutchler for the session "There's an API For That," where we dug into the ways that the Orion® application programming interface (API) could be used to bend SolarWinds solutions to your will, to help you achieve your greatest monitoring automation desires. In terms of raw programming experience, Kevin and Zack are lightyears ahead of me, which made the entire experience both awesome (because I got to learn) and daunting (because I didn't want to look like a complete noob). But it was also a great chance for me to mentally track the experience so I could tell you about it here.


It took me a while to figure out what I wanted my example to DO. Honestly, this is a weird problem to have since my regular everyday problems "volunteer" themselves to be solved all the time. Here I had to go looking for a problem that was understandable to a broad audience, simple enough that I could present a solution in about 10 minutes, and was something that *I* could solve with programming. But after a few days, I finally hit on something that seemed plausible. My only challenge was that, due to travel, writing commitments, and a week-long holiday, “after a few days" put me about 4 days before our record date. So I had to work fast.


I decided to do my example in Perl. As I explained in the session, I did it partly out of sheer stubborn-ness, and partly because I wanted to show that ANY language (even one that is, admittedly, NOT the best choice) will work with the Orion API. But I had one more reason: It's the programming language I know best, and like I said, I didn't have a ton of time.


Coming back to programming felt like returning to a foreign country where I'd spent a summer in my teens. Back then, I was fluent. I wasn't native, but I could get around, make myself understood, and not say embarrassing things in the grocery store. But years later, all I have left are vague recollections and muscle memory. Like a spoken language, in every new line of code I encountered a, "Doesn't it work like that? Wait... let me look it up... Oh that's right! THIS is how I used to do it!" moment. The curve to get back to my old skill level was steep (because I was remembering and re-familiarizing, not re-learning), but even so, it took time.


As I worked, I adopted a habit that I use in my writing, something I learned from a 2014 interview with Joss Whedon. In discussing how he gets things done, Whedon advises writing the fun part first, the part where your heart is. Then when you have to buckle down and do the hard work, the "dog's body" work, as he puts it, you're motivated because you have all this amazing stuff that's just sitting there waiting for you to connect the dots.


So I wrote the fun bits of the script first. I'm not going to tell you which parts for me were fun because sometimes it was just, "Oh, I get to use this command that has a good memory for me," and other times it's, "I love this function because it's so efficient." (I have an almost unwholesome love for the "chomp();" command for that exact reason.)


What I didn't do—what, in hindsight, I SHOULD have done—was write from the center. I should have gotten the core function down first, and worked outward from there. So much about the core determines what happens at the edge. In a way, that's the same thing Joss was teaching. He said "fun part" but he really meant "the meaty, important, essential" part. I went for actual fun. I should have looked for meat (I believe my fellow Head Geek Thomas LaRock, a.k.a. "Bacon Man," would concur).


Because all of a sudden, I got to the most important line—the one that did all the heavy lifting. It was also the piece of code that I had ZERO experience with previously. Unlike the earlier work where I was re-familiarizing myself with what I already knew, THIS was learning. This was the moment I had to go and figure it all out from scratch. And at this point, it was 8 p.m. the night before the recording.


That's right, I'm baring my soul to you now. The guy you see on camera couldn't get that code running just 12 hours earlier. But you know what, that's not dirty laundry. That's business as usual for most of us in IT. It's not running, and we put in the time and the sweat (and maybe a few tears are shed, and maybe a little scotch is imbibed), and we get it working.


I worked the problem until I literally couldn't see straight. And then I let it go. That's a skill that has taken me years to accept. That sometimes you have to put it down to solve it. I got a few hours’ sleep and came into work the next day, and found the best programmer I could find. Luckily, the best person I could find was also the person who more or less invented the Orion API—Tim Danner. I found him at his desk, coffee already installed, and with a spare five minutes.


Let me take a momentary aside and share some important lessons I've picked up in my career.

  1. Being able to ask for help may be one of the most important skills a programmer can learn.
  2. Knowing WHEN to ask—meaning not so fast that you clearly haven't even tried to solve the problem yourself, but not so long that you are completely underwater—is a close second.
  3. Following right on the heels of one and two is knowing WHO to ask.


I explained my issue, I showed Tim both where I was stuck and what resources (documentation, etc.) I had gone to. Tim immediately saw that I was stuck from a combination of lack of experience doing REST calls in Perl (which should surprise nobody because Perl is not exactly the go-to language for this kind of thing) and documentation. He was able to fix both of those, and my code, before the coffee on his desk had cooled off.


I headed down to the studio with a spring in my step, with a working script on my laptop, and with my feelings about programming both confirmed and renewed. It's a fun place to visit, but I wouldn't want to live there.


For those who are curious, you can find my post detailing the ACTUAL script here.


The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.