This week’s Actuator comes to you from Week 4 of N, as there’s no end in sight to our current situation. Everyone here is adjusting as best as possible. I hope you and your family are healthy and well. Keep washing your hands and stay home!

We want to address actual pieces of tech to improve your remote working experience. After all, this IS THWACK. It was inevitable before we finished this series, we’d dig into the bits and bytes; the wires and gear; and the programs and protocols of all this.

Here’s an interesting article by my colleague Craig McDonald reviewing cloud and software-defined data center adoption across government. Everything seems to be trending towards software-defined these days.

“Can you hear me now?” is funny until you’re in an important meeting and they really can’t hear you. Here are our tips and advice for dealing with signal issues and (minor)security touches.

Some folks are natural communicators regardless of the medium. Most of us—especially those who are new to remote work—may take some time to find their communication groove.

A lot of the tips in this series are predicated on the idea that the work we do is largely individual contributions. But the truth is at SolarWinds (and probably where you work, too), we do a lot of brainstorming, whiteboarding, and even four-hands-one-keyboard-ing. How can we continue to work together when we’re not actually together.

This may seem like one of the nitty-gritty questions for new remote workers, but it’s really simple: for the most part, you’ll get work done at home the same way you did in the office. 

This week’s Actuator comes to you from the middle of week 3 of 7, as our schools are closed until May the Fourth (Be With You). Here in Massachusetts, we’re entering the beginning of the curve, as testing becomes readily available. Wash your hands and stay home, people.

We want to discuss your options for staying on-task and on time. There are a lot of distractions at home, and your mind won’t be in the same headspace as if you went to the office. At least not right away—this takes a (usually small) adjustment period. Here are some tips and tricks from a few WFH veterans on maintaining focus, taking breaks, and managing tasks among other things

Here’s an interesting article by my colleague Mav Turner, who offers suggestions for scaling monitoring to support large complex networks.

With the progression of the impact of COVID-19 across companies, communities, and schools, there’s a good chance you aren’t going to be home alone. Potentially, this means getting used to multiple adults working from home, kids doing distance learning, and a menagerie of pets wanting attention all within a shared space. That shared space may have felt big enough for all of you previously, but with the added pressure of work and all being cooped up for prolonged periods of time, even a warehouse would start to feel cramped.

We now want to discuss how to maintain your work life at home. With our natural office-based times we move around gone, we find ourselves continuously sit in the same space. Here are some pointers for injecting a little more natural movement into your new work-from-home life.

The number one question people have been asking as they move to remote work is not “How do I set up my Wi-Fi?” or “How do I make my kitchen table more comfortable to sit at?” No, the first thing people are saying is, “I feel so disconnected.” Or, “I feel like I’m not good at this.” Or simply, “I don’t like this.” Simply stated, people need to know how they are going to establish a feeling of community and connection.

The right tools and team can make scaling up to handle disasters fast and efficient.  Here are some of my experiences ramping up a health care system's network to support environmental changes for doctors, nurses, and professionals during a pandemic.

So many things at SolarWinds, arise out of a desire to share our experiences and offer lessons we learned. In this case, our goal is to help you wrap your head around the new reality of you (and your users) working remotely when it wasn’t part of our work habit before.

This week's Actuator comes to you from my home office, where I’ll be located for the foreseeable future. We’ve successfully completed the first week of a three-week school closure. Last night we watched the documentary “Contagion,” so I fully expect this situation to last longer than just three weeks.

Here’s an interesting article by my colleague Brandon Shopp, who offers tips for monitoring and backing up cloud-based applications like Office 365.

As part of a series of Blog posts helping organisations focus on the important stuff during this period of Corona Virus crisis, this post discusses how bringing focus to your monitoring to the important metrics is essential. Having visibility of the normal operational baselines will give you access to understand what, how, where and why these metrics can impact the change in how your IT infrastructure and the services they deliver are potentially able and actually coping.

With countries on lock down, businesses telling staff to work from home, the capability of IT to support such a dramatic shift in how the services are consumed by users. I hope this article helps and contributes to you gaining better understanding and knowledge on maintaining an operational business and organisation during this dramatic time.

I hope this edition of the Actuator finds you and yours in good health and spirits today. The world has gone slightly cray-cray these past few weeks. It seems like yesterday I found myself elbow deep in fried pork products wondering if I would be able to fly home before the borders were closed. (Spoiler alert: I did).

Here’s an interesting article by my colleague Mav Turner about the increasing use of automation, and the benefits and changing skills needed to be successful.

Here’s an interesting article by my colleague Brandon Shopp with specific suggestions on improving access rights management and how to improve security without creating too much friction.

After two weeks away at events it is good to be back home, safe and healthy. I hope the same is true for anyone reading this post. Here's hoping the second half of the year sees a return to normalcy, whatever that may mean for you.

Here’s an interesting article by my colleague Brandon Shopp reviewing containers, their monitoring challenges, and suggestions on tools to manage them effectively.

My Journey in IT

<Memory fade in…> It’s 2010 and I’m at a furniture store doing office administration. I love the people I work with and I find satisfaction in my job daily by solving problems and helping people. I have no idea how much my life is going to change in one year. I’m 23, have a newborn, and have no idea what I want to do with my life. In late 2010, this company—where I had ambitions of rising through the ranks and had, in fact, just scheduled an interview for position I hoped to be promoted into—announced bankruptcy.

What the heck? The store closed its doors for the last time in January of 2011, and I had no idea what I was going to do. I hadn’t quite figured out life yet or planned for the future.

One month on unemployment later, I get a call. Brace yourselves for some nepotism, y’all! My brother-in-law worked in sales at a tech startup and wanted me to talk to an engineer about doing some work with SolarWinds software. He was confident in my abilities and encouraged me to give it a chance. I had numerous concerns, but what did I have to lose? That engineer took a chance on me, and I took a chance on both a startup and a new-to-me industry. I ended up working there for the next nine years. The leap into tech (with no previous experience other than I really love video games and computers, mind you) was both terrifying and rewarding. By the second or third week, I was teaching others how to do admin tasks in NPM. How had I come to learn such things so quickly? You can probably guess—THWACK. This community saved me! I asked (and eventually began answering) loads of questions here and learned along the way. Within about six months, I was named a THWACK MVP. Let me tell you, it’s still one of my favorite and proudest accomplishments.

Flash forward a few years and the “startup” has grown exponentially. By now, you may have guessed the startup I refer to is Loop1 Systems, Inc. I was leading a team of engineers with many years of experience in various sections of IT in optimizing and assisting with SolarWinds environments. I’ve spent years working in hundreds of environments, large and small, in many disparate industries, helping boots-on-the-ground IT pros optimize their monitoring. Every time I heard someone say they were able to get quality actionable data which saved the day—or simply saved them 10 minutes—I felt excited. If I was involved in the process, I felt satisfaction and pride in what small way I contributed to success; if I wasn’t involved, I liked to give kudos to those who made it possible and then sought to understand the entirety of the situation to carry the knowledge forward.

Over those nine years, my desire to learn and grow was never satiated, and even now I continue to expand my repertoire by immersing myself in tech every day.

Which sort of explains why I pursued becoming a Head Geek, but not completely.

News Flash: I Didn’t Know I Wanted to Be a Head Geek.

Why not? The answer’s silly. Even though I had personally met and spoken to many of the Head Geeks during their tenures, it didn’t seem like a “real” job. To me, the Head Geek role is almost mythical and certainly legendary. A job where you get paid to visit with people all day, share your experienced opinions, and hang out on social media? It seemed unreal and out of reach.

I started talking to current and former Head Geeks and a whole host of other people I’m proud to call my support system (family, friends, coworkers, etc.) about the opportunity. Only about half of those people are even in IT in any capacity, so it was a LOT of explaining on my part to solicit advice. I received advice and encouragement in many forms from all the wonderful people I know. My support system reminded me of all I’ve accomplished thus far and helped bring me back around to the notion that I can do anything I put my mind to. The interview and application process, by nature, requires you to rehash all your accomplishments and reminds you to think about your failures as well and what you learned from those. During this process, I came to realize Head Geeks aren’t just storytellers, bloggers, and personalities but people who get to use their experiences and knowledge to affect change in IT. Whether it be simply vocalizing a different perspective or sharing opinions and ideas with the world or opening a dialogue with the various communities in IT, Head Geeks have a platform to tell the stories of the IT pro. That is powerful in a way which speaks to me as an individual. People who share experiences both real and theoretical in a meaningful way which makes IT make sense to anyone. I want to do that.

I’m still blown away that I get to claim this role now. Me! Someone who still feels like she doesn’t know enough!

I’m beyond excited to transition from my role as a SolarWinds fangirl/THWACK MVP to a real-life Head Geek. I endeavor to continue to learn and grow and share knowledge and all my experience working in hundreds of different environments to the fore. I get to continue being excited when monitoring saves the day and the bacon!

My Advice

Never stop learning. Tech is constantly evolving and revolutionizing the ideas of what we think tech is. Drive yourself forward and look for help along the way. This community is a testament to what we can do together if we’re kind and helpful to each other. Occasionally, look back at what you’ve achieved thus far. Remember your successes, but also your failures and how you grew from them. The path behind you can remind you what you’re capable of and give you the confidence to pursue something meaningful to you. Go for it!

That’s been my journey through IT so far.  I would love to hear your experiences and stories as well.  Share them in the comments below so we can all celebrate where we are today and what it took to get here.

Catch you around the virtual water cooler! 😊

Here’s an interesting article by my colleague Mav Turner, who offers three steps to improve cloud security. From creating policies to improving visibility and automation.

This edition of the Actuator comes to you from my kitchen, where I'm enjoying some time at home before I hit the road. I'll be at RSA next week, then Darmstadt, Germany the following week. And then I head to Seattle for the Microsoft MVP Summit. This is all my way of saying future editions of the Actuator may be delayed. I'll do my best, but I hope you understand.

As always, here's a bunch of links I hope you will find useful. Enjoy!

It doesn’t matter if China hacked Equifax

No, it doesn't, because the evidence suggests China was but one of many entities that helped themselves to the data Equifax was negligent in guarding.

Data centers generate the same amount of carbon emissions as global airlines

Machine learning, and bitcoin mining, are large users of power in any data center. This is why Microsoft has announced they'll look to be carbon neutral as soon as possible.

Delta hopes to be the first carbon neutral airline

On the heels of Microsoft's announcement, seeing this from Delta gives me hope many other companies will take action, and not issue press releases only.

Apple’s Mac computers now outpace Windows in malware and virus

Nothing is secure. Stay safe out there.

Over 500 Chrome Extensions Secretly Uploaded Private Data

Everything is terrible.

Judge temporarily halts work on JEDI contract until court can hear AWS protest

This is going to get ugly to watch. You stay right there, I'll go grab the popcorn.

How to Add “Move to” or “Copy to” to Windows 10’s Context Menu

I didn't know I needed this until now, and now I'm left wondering how I've lived so long without this in my life.

Our new Sunday morning ritual is walking through Forest Park. Each week we seem to find something new to enjoy.

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by Brandon Shopp about DoD’s not-so-secret weapon against cyberthreats. DISA has created technical guidelines that evolve to help keep ahead of threats, and this blog helps demystify DISA STIGs.

The Defense Information Systems Agency (DISA) has a set of security regulations to provide a baseline standard for Department of Defense (DoD) networks, systems, and applications. DISA enforces hundreds of pages of detailed rules IT pros must follow to properly secure or “harden” the government computer infrastructure and systems.

If you’re responsible for a DoD network, these STIGs (Security Technical Implementation Guides) help guide your network management, configuration, and monitoring strategies across access control, operating systems, applications, network devices, and even physical security. DISA releases new STIGs at least once every quarter. This aggressive release schedule is designed to catch as many recently patched vulnerabilities as possible and ensure a secure baseline for the component in operation.

How can a federal IT pro get compliant when so many requirements must be met on a regular basis? The answer is automation.

First, let’s revisit STIG basics. The DoD developed STIGs, or hardening guidelines, for the most common components comprising agency systems. As of this writing, there are nearly 600 STIGs, each of which may comprise hundreds of security checks specific to the component being hardened.

A second challenge, in addition to the cost of meeting STIG requirements, is the number of requirements needing to be met. Agency systems may be made up of many components, each requiring STIG compliance. Remember, there are nearly 600 different versions of STIGs, some unique to a component, some targeting specific release versions of the component.

Wouldn’t it be great if automation could step in and solve the cost challenge while saving time by building repeatable processes? That’s precisely what automation does.

• Automated tools for Windows servers let you test STIG compliance on a single instance, test all changes until approved, then push out those changes to other Windows servers via Group Policy Object (GPO) automation. Automated tools for Linux permit a similar outcome: test all changes due to STIG compliance and then push all approved changes as a tested, secure baseline out to other servers
• Automated network monitoring tools digest system logs in real time, create alerts based on predefined rules, and help meet STIG requirements for Continuous Monitoring (CM) security controls while providing the defense team with actionable response guidance
• Automated device configuration tools can continuously monitor device configurations for setting changes across geographically dispersed networks, enforcing compliance with security policies, and making configuration backups useful in system restoration efforts after an outage
• Automation also addresses readability. STIGs are released in XML format—not the most human-readable form for delivering data. Some newer automated STIG compliance tools generate easy-to-read compliance reports useful for both security management and technical support teams

If you’re a federal IT pro within a DoD agency, you have an increasing number of requirements to satisfy. Let automation take some of the heavy lifting when it comes to compliance, so you and your team can focus on more pressing tasks.

Find the full article on Government Technology Insider.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Some folks find a profession early in their life and that’s what they do until they’re old and gray and ready to retire. Other folks find themselves switching careers mid-way. Me? I’m on the third career in my working life. I know a thing or two about learning something new. Why do I bring this up? Because if you’re in the IT industry, chances are you’ll spend a big chunk of your professional life learning something new. There’s also a good chance you’ll have to sit for an exam or two to prove you’ve learned something new. And for some, that prospect overwhelms. If that’s you, keep reading! In this two-part series, I’m going to share my thoughts, tips, and tools for picking up a new skill.

Be the Captain of Your Own Ship

Sometimes you get told you need to have XYZ certification to qualify for the next pay raise. Sometimes the idea comes from your own self-motivation. Either way, the first step to successful completion is for you to make the commitment to the journey. Even if the idea isn’t your own, your personal commitment to the journey will be critical to its success. We’ve all seen what happens when there isn’t personal commitment. Someone gets assigned something they have no interest or desire. Whatever the task, it usually gets done half-heartedly and the results are terrible. You don’t want to be terrible. You want that cert. Make the commitment. It doesn’t have to be flashy or public, but it does have to authentic to you.

Make a New Plan, Stan...

Once you’ve made the decision to go after your goal, it’s time to make your plan. After all, no captain sets sail without first plotting a course. For certification-chasers, there is usually a blueprint out there with what the certification exam will cover. That’s a good place to start.

Charting your course should include things like:

• A concrete, measurable goal.

• A realistic timeline.

• The steps to get from today to success[i].

Think about what hazards might impede your progress. After all, you don’t want to plot your course right through a reef. Things like:

• How much time you can realistically devote to studying?

• What stressors might affect your ability to stay on track?

• Will your own starting point knowledge-wise make the journey longer or shorter?

Make Like a Penguin

If you’re a Madagascar[ii] fan, you know the penguin credo is “Never swim alone.” It’s great advice for penguins and for IT knowledge-seekers. Making your journey alone is like filling your bag with rocks before you start. It just makes life harder.

There are a ton of great online and real-life IT communities out there. Find one that works for you and get engaged. If your journey is at all like mine, at first you might just be asking questions. I know I asked a zillion questions in the beginning. These days I end up answering more questions than I ask, but I find answering others’ questions helps me solidify the strength of my knowledge. Another community is a formal study group. They help by providing structure, feedback on your progress, and motivation.

  Lastly, don’t forget about your friends and family. They might not know the subject matter, but they can make your road smoother by freeing up your time or giving you valuable moral support. Make sure they swim, too. This article has been a little high-level design for a successful certification journey. Stay tuned for the next installment. We’ll go low-level with some tips for getting to success one day at a time. Until then remember to keep doing it... just for fun!

[i] https://www.forbes.com/sites/biancamillercole/2019/02/07/how-to-create-and-reach-your-goals-in-4-ste...

[ii] https://www.imdb.com/title/tt0484439/characters/nm0569891

As a database administrator (aka DBA, or Default Blame Acceptor) throughout my career, I’ve worked with a myriad of developers, system administrators, and business users who have all had the same question—why is my query (or application) slow? Many organizations lack a full-time DBA, which makes the question even harder to answer. The answer is sometimes simple, sometimes complicated, but they all start with one bit of analysis you need to do: whether the relational database management system (RDBMS) you are using is DB2, MySQL, Microsoft SQL Server, Oracle, or PostgreSQL.

It’s All About the Execution Plan

A database engine balances CPU, memory, and storage resources to try to provide the best overall performance for all queries. As part of this, the engine will try to limit the number of times it executes expensive processes, by caching various objects in RAM—one use is saving blocks with the data needed to return results to a query. Another common use of caching is for execution plans or explain plans (different engines call these different things), which is probably the most important factor in your queries performance.

When you submit a query to a database engine, a couple of things happen—the query is first parsed, to ensure its syntax is valid, the objects (tables, views, functions) you’re querying exist, and you have permission to access them. This process is very fast and happens in a matter of microseconds. Next, the database engine will look to see if that query has been recently executed and if the cache of execution plans has a plan for that query. If there’s not an existing plan, the engine will have to generate a new plan. This process is very expensive from a CPU perspective, which is why the database engine will attempt to cache plans.

Execution or explain plans are simply the map and order of operations required to gather the data to answer your query. The engine uses statistics or metadata about the data in your table to build its best guess at the optimal way to gather your data. Depending on your database engine, other factors such as the number of CPUs, the amount of available memory, various server settings, and even the speed of your storage may impact the operations included in your plan (DBAs frequently refer to this as the shape of the plan).

How Do I Get This Plan and How Do I Read It?

Depending on your RDBMS, there are different approaches to gathering the plan. Typically, you can get the engine to give you a pre-plan, which tells you the operations the engine will perform to retrieve your data. This is helpful when you need to identify large operations like table scans, which would benefit from an index would be helpful. For example—if I had the following table called Employees:

If I wanted to query by LastName, e.g.,

SELECT STATE

FROM Employees

WHERE LastName = ‘Dantoni’

I would want to add an index to the LastName column. Some database engines will even flag a missing index warning, to let you know an index on that column would help the query go faster.

There is also the notion of a post plan, which includes the actual row counts and execution times of the query. This can be useful if your statistics are very out of date, and the engine is making poor assumptions about the number of rows your query will return.

Performance tuning database systems are a combination of dark arts and science and can require a deep level of experience. However, knowing about the existence of and how to capture execution plans, allows you to have a much better understanding of the work your database engine is doing, and can give you a path to fix it.