One of my biggest pet peeves is being told that I can't do something, or more specifically, that something can't be done. As soon as you throw a statement like that at me, you can bet your bottom dollar that all I'm thinking about is how I can go about proving you wrong.
We hear statements like, "that's not possible," or "we can't make that happen," all the time in IT, and many times without any sound logic behind them. Maybe it bothers me so much because I am an incredibly logical person by nature. I've even been compared to Sheldon on the Big Bang Theory. I tend to think about most things analytically, which in emotional situations can sometimes feel alienating.
Whether I'm being told that it's unsafe to read my Kindle while the plane is landing or that I can't drink carbonated drinks for a week after oral surgery -- I'm one to push the limits. I mean, what are the odds that the plane won't actually land or that my newly implanted teeth will suddenly release from the titanium screws in my skull and fall out?
Just as these statements rub me the wrong way in my personal life, this kind of thinking infuriates me as a network engineer. So, I thought I'd take a moment to raise the "bull malarkey" flag on a couple of common myths I hear about things you "can't" do.
*You can't use X because it's not secure, where the value of X is SNMP, ICMP (ping), Windows operating systems, Linux operating systems, wireless networks and so on. I hear this one all the time. Let's just take SNMP for example. First of all, SNMPv3 is quite secure and includes enhanced authentication and encryption over previous levels. Most network devices and network management tools support SNMPv3 today. That said, even with SNMPv2c (the most common version deployed today) there are several ways to secure it. And you know what? If you have people running around your network with protocol analyzers trying to gain access to your systems by sniffing SNMP traffic, you have much larger problems than MIB values being sent over the wire in clear text. Bottom line: Just about anything can be made to operate with adequate levels of security.
*You can't use NetFlow/jFlow/sFlow/IPFix or detailed logging because it'll bog down the router and cause it to start dropping packets. First off, most of the routers being produced today separate primary functionality like routing and switching onto separate processors or at least separate cores from ancillary functions like logging and NetFlow. Secondly, while it may be possible to turn on enough logging and/or flow analysis to slow down the router, it doesn't mean that you can't turn on some. As with any change like this, be sure to baseline your devices before enabling the feature and then monitor performance carefully. You'll be surprised at how much you can do.
*You can't allow Internet-based video, music and social networks on the corporate network. They would just use up too much bandwidth and employees would be less productive. It's alarming how many networks today block access to YouTube, Ustream, Pandora, Facebook, and LinkedIn. Without stepping into the argument about whether or not there is value in giving folks access to this content from work or whether it makes them more or less productive, let's just focus on the issue of bandwidth consumption. With rare exception, most of us pay a flat rate for bandwidth. We buy a pipe that is just so big for traffic coming in and a separate pipe for traffic going out. We pay the same amount whether we fill the pipe or leave it empty. Allowing access to these sites doesn't actually cost you money or negatively impact your business critical applications -- just so long as you do it correctly. This is where traffic prioritization and various methods of ensuring Quality of Services (QoS) come into play. If you're going block access to these networks from the office then don't be surprised if your employees are unwilling to allow access to work resources from their homes, personal PCs, laptops, iPhones, and iPads. Fair is fair folks.
*Last but not least, there is the question of whether or not we can allow access to the corporate network from personally owned computing devices, specifically, from smart phones and pad-type devices. The argument has been pretty well covered so I will only add this. I am seeing a crazy number of people carrying two or even three mobile devices with them everywhere they go these days. There's got to be a better solution to this problem than this -- and don't tell me it can't be done.
What "this is impossible," "it can't be done," rules in IT bother you the most?
Flame on...
Josh
Josh Stephens is Head Geek and VP of Technology at SolarWinds, an IT management software company based in Austin, Texas. He shares network management best practices on SolarWinds GeekSpeak and thwack. Follow Josh on Twitter @sw_headgeek and SolarWinds @solarwinds_inc.