Google
Your Ad Here

Tuesday, June 24, 2008

What’s the difference between CIO and CTO?

Here’s a quick breakdown of the distinguishing characteristics of those two roles.

Chief Information Officer

  • Serves as the company’s top technology infrastructure manager
  • Runs the organization’s internal IT operations
  • Works to streamline business processes with technology
  • Focuses on internal customers (users and business units)
  • Collaborates and manages vendors that supply infrastructure solutions
  • Aligns the company’s IT infrastructure with business priorities
  • Developers strategies to increase the company’s bottom line (profitability)
  • Has to be a skilled and organized manager to be successful

Chief Technology Officer

  • Serves as the company’s top technology architect
  • Runs the organization’s engineering group
  • Uses technology to enhance the company’s product offerings
  • Focuses on external customers (buyers)
  • Collaborates and manages vendors that supply solutions to enhance the company’s product(s)
  • Aligns the company’s product architecture with business priorities
  • Develops strategies to increase the company’s top line (revenue)
  • Has to be a creative and innovative technologist to be successful
Posted by at 1 comment:

What is the OSI model?

The OSI model is a hierarchical model of how different devices, protocols, and applications can interoperate to provide a network. The OSI (open systems interconnect) model was created by the International Standards Organization (ISO).

The applications and protocols that make up the network reside at different layers of the OSI model. Those layers are:

  • Layer 7 – Application
  • Layer 6 – Presentation
  • Layer 5 – Session
  • Layer 4 – Transport
  • Layer 3 – Network
  • Layer 2 – Data Link
  • Layer 1 – Physical

Most admins remember these layers by taking the first letter of the layer and matching it with a word. Here are some common ways to remember the OSI model:

  • All People Seem To Need Data Processing
  • Please Do Not Throw Sausage Pizza Away
  • Phew Dead Ninja Turtles Smell Particularly Awful

A common question is, “What application or protocol resides at each of the layers?” Here is a general overview:

Layer 7 - Application
The application layer is where the protocols and services that make up your application reside. Examples of what is located here are: Telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

Layer 6 - Presentation
The presentation layer “presents” the session layer data to the application. Examples of what is located here are: encryption (like IPSec), ASCII, and JPG.

Layer 5 - Session
This layer is responsible for initiating and terminating network connections. Examples of the session layer are Remote Procedure Call (RPC) functions and the login portion of a SQL session.

Layer 4 - Transport
TCP and UDP work at the transport layer. TCP provides the reliable, in-order delivery of your data, as well as error correction, sequencing, and windowing (flow control). Additionally, TCP at the transport layer provides source and destination port numbers that are commonly associated with applications. For example, TCP port 25 is SMTP, 23 is telnet, 22 is SSH, 80 is HTTP, and so on. These port numbers are very important if you are configuring an ACL (see my article, “What you need to know about Cisco IOS access-list filtering“) or studying for a certification test like the CCNA. Data at the transport layer is called a segment.

Layer 3 - Network
The network layer is where the “IP” part of “TCP/IP” happens. IP is responsible for addressing in the network. Because IP works at layer 3, you could also say that routing and routers work at layer 3. Any data at layer 3 is called a packet.

Layer 2 - Data Link
If you think about a WAN, there are many protocols that work at layer 2 (like PPP and Frame-Relay). However, if you just look at the LAN, the most well-known protocol associated with layer 2 is Ethernet. The Ethernet protocol uses MAC addresses to identify unique devices on the network. Any data at layer 2 is called a frame. Ethernet switches work at layer 2 to switch Ethernet packets. To do this, they keep a MAC address table or CAM table — mapping MAC addresses to switch ports.

Layer 1 - Physical
The physical layer provides the actual connection between devices. Ethernet cables and fiber optic cables work at layer 1. Data goes through the cables via electricity or light. That data is now represented as a bit (a one or a zero).

Posted by at No comments:

10 ways to build a solid capacity planning effort

Developing a comprehensive capacity plan can be daunting at the outset and requires dedication and commitment to maintain it on an ongoing basis. These 10 tips can help ease some of the challenges and increase the likelihood of an effective, successful program.

#1: Start small

Many a capacity-planning effort fails after a few months because it encompassed too broad a scope too early on. This is especially true for shops that have had no previous experience in this area. It is wise to start with just a few of the most critical resources — say, processors or bandwidth — and to gradually expand the program as you gain more experience.

#2: Speak your customers’ language

When requesting workload forecasts from your developers and especially your end-user customers, discuss the forecasts in terms that the developers and customers understand. For example, rather than asking for estimated increases in processor utilization, ask how many additional concurrent users are expected to be using the application or how many of a specific type of transaction is likely to be executed during peak periods.

#3: Consider future platforms

When evaluating tools to be used for capacity planning, keep in mind new architectures that your shop may be considering and select packages that can be used on both current and future platforms. Some tools that appear well suited for your existing platforms may have little or no applicability to planned architectures. This consideration should extend not just to servers, but to disk arrays, tape equipment, desktop workstations, and network hardware.

#4: Share plans with suppliers

If you plan to use your capacity-planning products across multiple platforms, it is important to inform your software suppliers of your plans. During these discussions, make sure that add-on expenses — the costs for drivers, agents, installation time and labor, copies of licenses, updated maintenance agreements, and the like — are all identified and agreed upon up front. Reductions in the costs for license renewals and maintenance agreements can often be negotiated based on all of the other additional expenses.

#5: Anticipate nonlinear cost ratios

One of my esteemed college professors was fond of saying that indeed we live in a nonlinear world. This is certainly the case when it comes to capacity upgrades. Some upgrades will be linear in the sense that doubling the amount of a planned increase in processors, memory, channels, or disk volumes will double the cost of the upgrade. But if the upgrade approaches the maximum number of cards, chips, or slots that a device can hold, a relatively modest increase in capacity may end up costing an immodest amount for additional hardware. This is sometimes referred to as the knee of the curve, where the previous linear relationship between cost and capacity suddenly accelerates into exponential increases.

#6: Plan for occasional workload reductions

A forecasted change in workload may not always cause an increase in the capacity required. Departmental mergers, staff reductions, and productivity gains may result in some production workloads being reduced. Similarly, development workloads may decrease as major projects become deployed. Although increases in needed capacity are clearly more likely, reductions are possible. A good guideline to use when questioning users about future workloads is to emphasize changes, not just increases.

#7: Prepare for the turnover of personnel

One of the events that undermines a capacity-planning effort early on is to have the individual most responsible for, and most knowledgeable about, the overall program leave the company. Regardless of the preventative measures taken, there is no guarantee that attrition will not occur. But there are several actions that can mitigate the impact. One action to take is to carefully interview and select an individual who in your best judgment appears unlikely to leave your firm anytime soon. You should also ensure that the process is thoroughly documented. If resources are available, training a backup person is another way to mitigate turnover. Finally, in extreme cases, an employment contract may be used to sustain ongoing employment of a key individual.

#8: Strive to continually improve the process

One of the best ways to continually improve the effectiveness of the capacity-planning process is to set a goal to expand and improve at least one part of it with each new version of the plan. Possible enhancements could include the addition of new platforms, centralized printers, or remote locations. A new version of the plan should be created at least once a year and preferably every six months.

#9: Institute a formal capacity-planning program

Some shops initiate a capacity-planning program in a very informal manner to simply get something started. There is nothing wrong with this approach if the intent is merely to overcome inaction and to start the ball rolling. This can also help raise awareness of the need to evolve this initial effort into a formal capacity-planning program. The one major drawback to this method is that all too often shops that start out with this approach never progress beyond it. At some point soon after initiating a capacity-planning effort, a formal process needs to be put in place.

#10: Market the lesser-known benefits of capacity planning

In addition to being able to predict when, how much, and what type of additional hardware resources will be needed, a comprehensive capacity-planning program offers four lesser known benefits that should be marketed to infrastructure managers and IT executives. These benefits are:

  • Strengthened relationships with developers and end users. The process of identifying and meeting with key users to discuss anticipated workloads usually strengthens the relationships between IT infrastructure staff and customers. Communication, negotiation, and a sense of joint ownership can all combine to nurture a healthy, professional relationship between IT and its customers.
  • Improved communications with suppliers. Suppliers are generally like any other support group in that they do not enjoy last-minute surprises. Involving key suppliers and support staffs with your capacity plans can promote effective communications among these groups. It can also make their jobs easier in meeting deadlines, reducing costs, and offering additional alternatives for capacity upgrades.
  • Increased collaboration with other infrastructure groups. A comprehensive capacity plan by necessity will involve multiple support groups. Network services, technical support, database administration, operations, desktop support, and even facilities may all play a role in capacity planning. In order for the plan to be thorough and effective, all these various groups must support and collaborate with each other.
  • Promotion of a culture of strategic planning as opposed to tactical firefighting. By definition, capacity planning is a strategic activity. To do it properly, one must look forward and focus on the plans of the future instead of the problems of the present. One of the most significant benefits of developing an overall and ongoing capacity-planning program is the institutionalizing of a strategic-planning culture.
Posted by at No comments:

Monday, June 9, 2008

Windows Vista tricks

Instantly access Task Manager

As you know, in Windows XP, you can press [Ctrl]+[Alt]+[Del] and instantly get to Task Manager. In Windows Vista, that same keystroke combination will blank your display and display a full screen menu from which you can launch Task Manager.

In order to get directly to Task Manager in Windows Vista, you need to press [Ctrl]+[Shift]+[Esc].

Toggle Aero off and on

As you know, Aero is the fancy visual interface in Windows Vista that features the transparent glass design with cool window colors and neat animations. However, there are times when you may want to disable Aero to improve system responsiveness. For example, some games or other graphics-intensive applications may perform better with Aero disabled. Fortunately, you can easily do so with a shortcut.

To begin, right-click anywhere on the desktop and select the New | Shortcut command from the context menu. When the Create Shortcut wizard appears, type:

Rundll32 dwmApi #104

in the text box, as shown in Figure C, and click Next. Then, name the shortcut Turn Aero Off and click Finish.

Figure C

Create this shortcut to turn Aero off.

You can then create a second shortcut to re-enable Aero. To do so, launch the Create Shortcut wizard again and this time type:

Rundll32 dwmApi #102

in the text box. Name this shortcut Turn Aero On and click Finish.

Keep in mind that when you turn Aero off, the process will happen without any fanfare. However, when you turn Aero back on, the screen will blink momentarily as Windows readjusts the screen display.

Using Shell command shortcuts

While you can use Explorer, the Control Panel, or the Start menu to access key features in Windows Vista, sometimes a shortcut can be more useful. Hidden underneath the Windows Vista architecture are a whole host of special shortcuts known as Shell commands. To use a Shell command, all you need to do is press [Windows]+R to access the Run dialog box and then enter the word Shell followed by a colon (:) and then command as in:

Shell:command

As you can see there are no spaces between the word Shell and the colon and the command — it is essentially one word.

While there are close to 100 Shell commands, not all of them are very useful. As such, I won’t actually list them. I’ll just discuss the ones that I find most useful in everyday situations first and then I’ll list the other ones that I find occasionally useful.

Keep in mind that not all of these Shell commands will work in all versions of Windows Vista.

Most useful Shell commands

  • shell:ChangeRemoveProgramsFolder - opens the Programs and Features (Add/Remove Programs) window.
  • shell:Sendto - opens the SendTo folder so that you can easily add more locations to the Send To list.
  • shell:Common Administrative Tools - opens the Administrative Tools menu as a folder
  • shell:Desktop - opens the Desktop as a folder.
  • shell:Downloads - opens your Downloads folder.
  • shell:Quick Launch - opens the Quick Launch folder.
  • shell:Searches - opens the Search folder showing all your saved searches.

The other useful Shell commands

  • shell:AppUpdatesFolder - opens the Installed Windows Updates location in Program and Files.
  • shell:Cache - opens Internet Explorer’s temporary Internet files folder.
  • shell:CD Burning - opens the folder where Windows Vista temporarily stores files to be burned to a CD.
  • shell:Common Desktop - opens the Public User’s Desktop folder.
  • shell:Common Documents - opens the Public User’s Documents folder.
  • shell:Common Programs - opens the Start menu shortcuts folder.
  • shell:Common Start Menu - opens the Start Menu as a folder.
  • shell:Common Startup - opens the Startup folder.
  • shell:Common Templates - opens the Templates folder.
  • shell:CommonDownloads - opens the Public User’s Downloads folder.
  • shell:CommonMusic - opens the Public User’s Music folder.
  • shell:CommonPictures - opens the Public User’s Pictures folder.
  • shell:CommonVideo - opens the Public User’s Video folder.
  • shell:ConflictFolder - opens the Sync Center Conflicts folder.
  • shell:ConnectionsFolder - opens the Network Connections folder.
  • shell:Contacts - opens your Contacts folder.
  • shell:ControlPanelFolder - opens the Control Panel.
  • shell:Cookies - opens the cookies folder
  • shell:Favorites - opens your Favorites folder.
  • shell:Fonts - opens Vista’s Fonts folder.
  • shell:Gadgets - opens your Windows Sidebar Gadgets folder.
  • shell:History - opens the Internet Explorer history folder.
  • shell:InternetFolder - opens Internet Explorer.
  • shell:Links - opens your Links folder location.
  • shell:MyMusic - opens your Music folder.
  • shell:MyPictures - opens your Pictures folder.
  • shell:MyVideo - opens your Video folder.
  • shell:MyComputerFolder - opens Computer window.
  • shell:NetHood - opens Network Shortcuts folder.
  • shell:NetworkPlacesFolder - opens the Network Places location.
  • shell:Original Images - opens Windows Photo Gallery Original Images folder.
  • shell:Personal - opens your Documents folder.
  • shell:PhotoAlbums - opens your Slide Show folder.
  • shell:Playlists - opens your Playlists folder.
  • shell:PrintersFolder - opens Printers in the Control Panel.
  • shell:Profile - opens your main folder.
  • shell:ProgramFiles - opens the Program Files folder.
  • shell:Public - opens the Public User folder.
  • shell:Recent - opens the Recent Items folder.
  • shell:RecycleBinFolder - opens the Recycle Bin folder.
  • shell:Start Menu - opens the Start Menu folder.
  • shell:Startup - opens the Startup folder
  • shell:System - opens the System32 folder location.
  • shell:Templates - opens the Templates folder location.
  • shell:UserProfiles - opens the Users folder.
  • shell:UsersFilesFolder - opens your main folder.
  • shell:Windows - opens the Windows folder.
Posted by at No comments:

What you need to know about Cisco IOS access-list filtering

Know what an ACL can and cannot do

In the simplest of terms, a Cisco IOS ACL is used to define traffic. Once that traffic is defined, some action can then be taken on that traffic.

Commonly, an ACL is associated with the filtering of IP packets (Network Layer 3 of the OSI Model) as they pass through a router. In other words, it is used to permit or deny traffic through a router. However, if you just define the ACL only and don’t apply it to an interface using the access-group command, nothing happens.

While ACLs can be used for many functions like QoS, route filtering, and allowing access to the router, in this article, we will focus on using ACLs for filtering traffic in and out of the router.

Know the syntax of ACLs

To configure an ACL you need to include some basic information about which packets to permit or deny.

The general syntax for a standard access list is:

access-list {list number} permit | deny | [source address} [source mask]

Note that the standard ACL can only permit or deny traffic based on the source of the traffic.

The general syntax of a TCP extended access list is:

access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]

You should also know that extended ACL can filter IP traffic, TCP, UDP, ICMP, and other types of traffic. The syntax above is to filter TCP traffic.

Know that ACLs use wildcard masks

Cisco IOS ACLs use wildcard masks. These wildcard masks are required anytime you enter an IP address in your ACL. The only way NOT to enter an IP address (thus, using a wildcard mask) is to enter a keyword like “any” or use the keyword “host” before the absolute IP address of a host on the network.

Wildcard masks are the binary reverse of a subnet mask. Thus, to calculate a wildcard mask, you take the subnet mask of a network address or IP address, convert it to binary, turn all the 1s into 0s and the 0s into 1s, and convert it back to decimal. Sounds complicated, but it really isn’t. If the subnet mask is masked at the 8-bit subnet boundaries, then a 0 will turn into a 255 and a 255 will turn into a 0. Here are a few examples:

  • SN 255.0.0.0 = wildcard 0.255.255.255
  • SN 255.255.255.0 = wildcard 0.0.0.255
  • SN 255.255.128.0 = wildcard 0.0.127.255
  • SN 255.255.255.224 = 0.0.0.31

Do NOT use a subnet mask in a wildcard mask on a Cisco IOS router or switch, or you will end up with unintended results. (On the other hand, if you are configuring an ACL on a Cisco PIX, use regular subnet masks, not wildcard masks).

Know how to create an ACL and apply it to an interface

For example, here’s how a sample configuration might look for access list 1:

Router(config)# access-list 1 permit 172.16.30.0 0.0.0.255
Router(config-if)# interface e0/0
Router(config-if)# ip access-group 1 out

The ip access-group command is used to apply an ACL to an interface and specify the direction that it applies.

The commands above permit any traffic going to IP network 172.16.30.0 from going OUT the router’s Ethernet 0/0 interface. Any traffic addressed to that network will still be allowed in, but it won’t be permitted to go out interface e0/0.

Know the implicit deny

Let me ask you this: What is allowed through the ACL above? Answer: Only the traffic to the 172.16.30.0 /24 network. Why is that? That is because at the end of every ACL, whether you see it or not, ALL TRAFFIC IS IMPLICITLY DENIED.

So, what traffic is allowed through the ACL below?

Router(config)# access-list 1 deny 172.16.30.0 0.0.0.255

That’s right - NO TRAFFIC is allowed because certain traffic is explicitly denied and ALL OTHER TRAFFIC IS DENIED by the implicit deny.

How do you see the traffic being denied? You can enter your own explicit deny with the log keyword, like this:

Router(config)# access-list 1 permit 172.16.30.0 0.0.0.255
Router(config)# access-list 1 deny any log

Know that ACLs use top-down processing

Cisco IOS ACLs use top-down processing. This means that when a condition in the ACL is met, all processing is stopped. Thus, if there is a permit for network 1.1.1.0 in the fifth line of the ACL but it is denied in the third line of the ACL, then that traffic is denied.

Know the three Ps of ACLs

Remember, you can only apply ONE ACL:

  • Per Interface
  • Per Protocol
  • Per Direction

As most of us are applying IP ACLs, the protocol doesn’t matter that much, but the important thing to know is that you can apply only ONE ACL on each interface in each direction. In other words, you can apply only one INBOUND and one OUTBOUND ACL per interface.

Know how to verify which ACLs are applied and which are configured

Showing what ACLs are created and what ACLs are applied is easy if you know just a few commands. These commands are:

  • show access-lists
  • show ip interface
  • show running-config

Know that there are many methods and types of ACLs

The Cisco IOS supports IP Standard and Extended ACLs in both named and numbered versions. Additionally, there are reflexive, dynamic, and lock-and-key access lists, among many others.

Know how ACLs can be used in the real world

While you may understand the concept of ACLs and how to configure them, it is important to know how to use them in the real world.

Here are a few business applications for ACLs:

1. Basic packet filtering for security: Filter traffic from a host, a network, a protocol, or port.

2. Packet filtering for bandwidth control: Say that a streaming audio or video application was using network bandwidth, and it was on a certain port number. With an ACL, you could discard those video and audio packets to prevent overutilization of bandwidth.

3. Other functions with ACLs: Route filtering, QoS, controlling access to the router, etc.

Posted by at No comments:

Word of the Day: Tokenization

Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information without compromising its security. Tokenization has become popular as a means of bolstering the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

In a credit card transaction, a token typically contains only the last four digits of the card number. The rest of the token consists of alphanumeric characters that represent miscellaneous cardholder information and data specific to the transaction underway. When an authorization request is made to verify the legitimacy of the transaction, the actual card number is used only in the initial request. The token is returned to the requester instead of the card number along with approval or rejection of the transaction. The token is stored in the point-of-sale (POS) system but the credit-card number is not.

Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks. Tokenization improves on encryption technology by keeping sensitive information out of the data stream. With the proliferation of identity theft and the consequent increased risk of ruinous civil and criminal proceedings, many corporations are turning to tokenization to minimize exposure and cost while maximizing their own security and that of their customers.

Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.
Posted by at No comments:

Word of the Day: Soft skills

Soft skills are personal attributes that enhance an individual's interactions, job performance and career prospects. Unlike hard skills, which tend to be specific to a certain type of task or activity, soft skills are broadly applicable.

Soft skills are sometimes broken down into personal attributes, such as:

  • optimism
  • responsibility
  • a sense of humor
  • integrity
  • time-management
  • motivation.


and interpersonal abilities, such as:

  • empathy
  • leadership
  • communication
  • good manners
  • sociability
  • the ability to teach.

It's often said that hard skills will get you an interview but you need soft skills to get (and keep) the job.
Posted by at No comments:
Subscribe to: Posts (Atom)