jgherbert

Good points, goodzhere‌. I don't think we'll likely get all teams using a single tool to monitor their own elements to the exclusion of all others; in fact to do so might be a bad thing, at least using "Jack of all trades, master of none" logic. So ok, I don't get my magical holistic management product; I'll concede that…

I write scripts out of a need to be lazy. If I do something twenty times a day and realize I'm tired of typing the same old commands or looking up the same information, eventually I'll write a script to do it for me. Sloth is responsible for many a good script, I'm sure!

Right. I'm not smart enough to know what the best way is to ensure a secure end point in a ZTD environment, but I'd wager that somebody is. Perhaps a key that's based on the MAC or serial number in some way; use it to generate keys on both sides of a connection and if they match, you're moving in the right direction. But I…

There's a parallel to that as well. There are number of sites which provide great answers to programming questions, and while it's really handy to grab the code and shove it into a script in order to get the job done quickly, it doesn't help us learn much. I liken this to somebody who is provided with router configurations…

Nicely put :-) Now, why do I have a headache?

BBC BASIC was somewhat unusual in that like C, it too allowed assembler (6502 assembler in this case) to be inserted within your BASIC code. I always thought that was a genius thing to have added, especially when dealing with a computer which was running relatively slowly (clocked at 2MHz).

All vendors are working for the greater good and have only the interests of their customers at he--- oh heck, I can't do it. You're right.

Absolutely. More to the point, do it from the beginning rather than try to add it later. I have a habit of starting a program by throwing in some (previously created) functions called things like "dprint()", "d2print()", "d3print()" and so on. Then courtesy of a global debugging variable I can decide how deep to debug my…

Tying nicely in with Jfrazier​'s point above, Palo Alto are great, and are another delicious layer in a very calorie-rich security layer cake. The "what if my IPS drops valid traffic" concern is still very much alive, mind you. IDS no problem, but I've seen many IPS systems configured for alert only (i.e. as an IDS…

Very succinctly put, and I think a great mantra for network management with today's typical limitations. To work well, that requires some tuning of what gets sent as a trap; I fear many of us just enable all SNMP traps and walk away without thinking more about it...

Of course he is. Don't you recognize the profile pic?

Absolutely; "DITDIWDI" is the motto for control freaks everywhere! I think it's also part of the "keep all information to myself" mantra that we see so often; it's not just perceived job protection, it's also that if you do it yourself you know it's done right. See also Greg Ferro's "If you can't be replaced, you can't be…

We use HTTPS to protect our online banking. There's a built-in incentive to keep HTTPS (and/or its successors) secure, and I see no reason not to ride on the back of that train.

Thank you!

Nice idea, @jkump. Maybe the front firewall could just log the denies, and the inner firewall log the accepts or something? Requires some firewall configuration synchronization, but I like the way you think! I suppose a DDoS of denials could take down the outer layer and kill connectivity anyway, but maybe it could stand…

So either shipping a flash drive to site (which could contain keys, registration server IP, etc), or in some cases doing a drop ship with certain information preconfigured. The latter is perhaps less ideal in some cases, but some vendors are offering that kind of service.

UAT? I believe Solarwinds is behind the sticker I have that says "Production is just Dev with screaming" ;-) Regarding Devops... they can be that way for sure. When they're coding infrastructure stuff, that leads to the NetOps concept. As I see it, the whole point of DevOps was to stop the whole "code it and toss it over…

I do not miss cassette tape storage. Not for a second ;-) The ZX81 and the BBC both had cassette-based storage (though the BBC also supported 5.25" floppy drives if you bought the right ROM and the drive hardware), and I remember distinctly the annoyance in particular of waiting for Level 9's "Return To Eden", a text-based…

Gotcha. I'm in agreement about the way such a change should happen; I prefer general consensus for new standards rather than a forced migration by any given vendor. My hope would be that companies would support SNMP (as the current de facto standard) in addition to emerging alternatives, and as with many protocols, the…

Excellent list of features to consider, novasamurai, thank you! I mentioned PasswordSafe above as something I'd seen used previously, but KeePass –which you mentioned above– is definitely a better option if I were to use that approach today, not least because it's actively maintained and the clients are available across a…

So I agree; and this is another challenge that the ZTD solutions for SD WAN have had to address as well, and it's not a simple one to fix, especially if you want to design a non-vendor-specific solution. PXE boot faces the exact same issue that you note, and it's a risk for sure. That said, there are ways on most platforms…

No argument about the performance from me. I'm in the fantasy world where the WMI concept could be applied to something more efficient, perhaps. But yes, take WMI with an appropriately large pinch of salt.

Thank you, Rick, for your support of the series and your regular feedback and comments on the topics raised. Thwack's awesomeness continues to be built half on the content and half on the userbase (Thwackies? Thwackers? ;-) who engage with that content and give so much back to the community here.

I love learning stuff on Thwack, so thanks for the great information! I've not had to play with OpenView for a while, that that's new to me. You're completely right about capacity planning; you have to have the historical data there to determine the real trends. As you were talking about splitting the data, I was actually…

I agree; SNMP is ample proof of that!

Good thoughts, mattoz‌. Permissions change is one of the things that scares me a little about file shares (or unix groups) too. Another vote for KeePass is noted! "We have the pw written down and locked away in case of emergency"> Please tell me it's behind actual glass... That would be so cool. How did you go about…

Ugh, that's an unexpectedly nasty behavior for the NIC; I'm not sure I've seen that before (nor wish to, thank you). Are you a five-minute poller, or have you chosen to do something else?

Definitely the case. And for those using the TechNet "RoboCopy" tool there's a /MT switch which permits it to use (by default) 8 threads, which should speed things up there too.

That leads to the next question, I suppose, which is "how can we make it so people don't have to look around, as it were; how can we pull all this stuff together in one place and automatically figure out the interactions across all the elements?" I suspect this will continue to be a serious challenge.