When should you bin that old mainframe? Infrastructure 101
Your data centre shouldn't need a 24/7/365 emergency support contract
It's very easy to forget that buying kit for your infrastructure is just the first step on a long, long road. It's also easy to forget that everyone keeps their infrastructure kit going for years longer than their accountants depreciate it: we've all got something in the comms room that's still clinging to life.
And this is nothing to be ashamed of, as the vendors support us in doing it – so for instance Cisco's 3750G switch stopped shipping on 30 April 2013 but its last support date isn't until the end of January 2018.
Let's look, then, at five things you need to consider through the (often lengthy) lifetime of your infrastructure assets.
Make sure you monitor your kit. By “monitoring” I mean using a proper SNMP-based monitoring package that will alert you to the smallest issue. Although network kit is becoming increasingly commoditised, that doesn't mean it doesn't break. Most of the time things tend either to work or fail completely, but intermittent problems still happen.
More commonly, though, you get packet loss or other issues from dodgy copper cables, mucky fibre connections and the like – and you'll see these from the port stats if you're monitoring properly.
If there are components you can't monitor, check them frequently. In previous lives I've had to do visual checks on internal fans because I couldn't interrogate them electronically; similarly I've had to use CLI-based commands (generally with automated scripts) because although the command line interface would tell me (say) the status of the internal power supplies, the SNMP interface wouldn't.
2. Config management
Configuration management is one of my favourite areas, because it stops people telling me porkies. The idea's simple: you have a centralised management server that automatically connects daily to all your infrastructure devices (well, anything that has a CLI that you can use to download a text-based copy of the configuration), downloads the config of each, compares it with the previous copy, and alerts you to changes.
I'd be a couple of hundred quid better off if I had a tenner for each time someone's told me over the years “nothing's been changed” when actually I had an email in my inbox proclaiming that (say) the VLAN settings on the access switch uplink port had been altered.
There are loads of packages that will do this – my favourite is Kiwi (now SolarWinds) CatTools, which for a tad over five hundred quid provides me with confidence that I know what's changed and when.
Maintenance contracts are your friend, and you need to be careful to: (a) choose the right one; and (b) renew them in time. Sounds trivial, but it's not.
Sometimes the right contract is none at all. I once saved a packet when I joined a new employer by culling a contract on the office desk phone handsets: we had about 250 handsets of which we blew up maybe one a year; the monthly maintenance contract on them cost more than buying half a dozen new phones. So we just kept a handful of spares and binned the maintenance. Similarly, I went for the cheapest option on the Cisco wireless access points because we had plenty of coverage overlap and it cost next to nothing to have a spare in the cupboard.
It's tempting to go for 24x7 support on kit, but ask yourself whether you need it. The right answer is often a bit arse-about-face.
Instinct would suggest that you'd want 24x7 support on your data centre kit but you could live with 8x5 working-hours support for the office desktops and printers. Maybe, though, that's wrong: the vast majority of your office kit probably has a single LAN connection, so the loss of a 48-port switch could mean a lot of people inconvenienced. But in the data centre you ought to have everything dual-connected and so the loss of a switch may not interrupt service at all.
With regard to renewing in time: make sure you do. Most vendors charge some kind of reinstatement fee, and particularly with older kit you can find that even though there's an extended maintenance scheme, once a contract has expired you can't renew it at all.
3b. Update the serial numbers
As a quick follow-on to the maintenance renewal: I've been bitten before when I've had equipment replaced under a maintenance contract, only for the replacement unit to die a few months later. No problem, you'd think, but actually it was because the manufacturer hadn't updated the serial numbers on their systems – so it took a ridiculously long time to persuade them that the kit was in fact covered.
If you get something replaced under the maintenance contract, make sure you double-check with the vendor that the old kit is taken off the contract and the new kit is added.
4. Software upgrades
Software upgrades exist for a reason. Sometimes that reason is the introduction of new features, but most often it's because the vendor has fixed one or more bugs that cause operating problems and/or security vulnerabilities. It's important, then, to keep up with software upgrades.
This is generally pretty simple these days: it's not that common to kill your kit by starting an upgrade that keels over halfway and renders the device unusable. The thing to be cautious of, though, is the hardware requirement of the new version. The two main problems I've come across over the years are:
- RAM requirements: every so often you'll find that the next release needs an on-board RAM upgrade because the software image is bigger than the previous one.
- Flash requirements: it's kinda handy to be able to keep the old firmware and the new on the on-board flash of the device (so you can roll back to the old revision if everything goes pear-shaped), but again, one occasionally finds that you can't fit the old version and the new one on the on-board storage.
Eventually you'll end up decommissioning things: nothing lasts forever. If the kit's particularly esoteric you might be offered a few quid for it. I've sold some hideous old monstrosities for beer money to dealers who are desperate for spares to service customers that still have working installations. Most of the time you'll simply dispose of it or recycle it.
Whatever the case: you absolutely must be sure to remove every last bit of configuration on the kit, to be absolutely sure that there's nothing confidential going out of the building. Remember that a lot of kit might have non-obvious storage – flash cards nestling inconspicuously under subtle covers – so read the manual carefully and be sure to remove them and to factory-reset the core configuration.
If you're disposing of a device with on-board storage because it's died, remember that physical destruction may be the only way you can be sure that nobody else can get hold of something they could use to deduce (say) your standard admin password or your VPN key info. ®
Sponsored: Becoming a Pragmatic Security Leader