End of Life…

Before I left Tanium, I was working on some content around Operating System EOL Lifecycle. What does this mean exactly though? When an operating system is RTM’d or released to manufacturing (aka, downloadable and installable, in today’s day and age), it usually has a set timeframe from the company that created it to support it during its “life time”. Resources are needed to keep the published operating system (OS) secure and reliable over time, so keeping people on something that’s ten years old for example can be a strain on the company. In order to bypass this, a lifetime for a product is decided, according to how fast the company can publish a new version.

Let’s take Microsoft Windows 10 as an example. For the last few years, major updates to the Windows 10 OS typically come out in March and September, so in 2019 the two major updates were 1903 and 1909. These have a specific timeframe for supporting security updates and features on these specific builds. Here is more information about what is supported and when those life cycles go “out of support”: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

When an OS is within its support window, major and minor updates to the OS are provided freely, provided they are activated appropriately. These can include new features, visual updates, and hopefully lots of fixes to previously known issues and bugs. Security updates sometimes have an extended time window, depending on how critical the threat is. When an OS is outside of this support window, the charges to ask Microsoft to support these systems becomes very expensive. Why though? Because Microsoft must spend more resources that have likely moved on to newer or other projects throughout the company, on something that is not making them money anymore. Newer versions have come out, and support for older versions has mostly ceased, other that critical security patches. Microsoft is a publicly traded company, is has to make money to survive, hence the expense to support these older systems.

What’s the solution when someone has older OSes, or out of date ones? Well, that’s a tricky question to answer. Home users, that only have their personal data and machine(s) to work on, can hit Windows Update to update their systems. Sometimes this causes issues with software that may be installed, but usually those get fixed pretty quickly. On a grander scale at a worldwide corporation though, the apps that are used for business run on the operating systems that are installed, so an OS patch could affect their ability to do business. For this reason, large scale patching of OSes needs a more tightly controlled mechanism and process in order to update their company’s systems. But I want to update my system now! Hahaha, not so fast buddy. If you update, and that update causes apps on your system to misbehave or interrupt business workflow, that can cost the company money in outages. Can you imagine a bad patch being pushed out to thousands of systems running the company’s public facing website? An outage like that could cost hundreds of thousands of dollars PER MINUTE. I’ve seen it happen, and it’s quite a scary site.

Ok, so how do I update my company’s systems safely? TEST TEST TEST. Grab a few machines that represent the majority of the systems in your company, and install the necessary patches for OS and apps on these systems first, away from the rest of the systems that are making your company money. Once those have been tested for stability and continuity, then a phased approach to update those systems across the enterprise can be performed. Whether this is a small patch, or a larger bi-annual Windows 10 or Server OS patch, the workflow would be the same. Test the updates with the software you normally use, then deploy at a larger scale once verified.

But I’m using Windows Server 2003 and it runs really old software that isn’t supported anymore, since the company that created it no longer exists. That’s really tough, and I feel for you. I’ve seen situations where this is more common than you’d think. But still the same issue, though you aren’t getting patches anymore at this point. If you can’t upgrade to a newer OS, because you can’t lose the app that is running on it, this would be a good time to isolate that system, and possibly move it to a secure space in the cloud. At least once it’s virtualized, the old hardware can be decommissioned. The old app and OS virtual machine could be in your data center or public clouds like Azure or AWS. Easier to manage, even though it still won’t be updated anymore, but at least still can be used.

Some important takeaways to key in on:

  • It’s important to know what’s no longer supported and when (no upgrades, no updates, no security fixes after the support window closes)
  • Why track this over time?
    • Not paying thousands to hundreds of thousands of dollars, just for security updates
    • Get ahead of OS upgrades
    • Gain better security visibility
    • Already paying for latest Windows through Microsoft Agreements, why not upgrade?

What’s Wireless “mesh”?

Eero, similar devices, how they work, and why I decided to jump into the deep end of this tech. What is a wireless mesh? In simpler terms, it consists of multiple wireless devices working together (instead of a network extender, which connects to another wireless base station, and acts as a “helper” to get packets to a farther away device) to understand where the internet is and how best to get your packets from your device to the internet. Most wireless extenders that I’ve tried, usually halve the internet bandwidth to account for getting packets to/from the base station. Mesh devices, such as eero, connect together in a more intelligent way to understand where the devices are and routes packets from devices in a much faster way. My understanding is that when the mesh is set up, where the mobile device is, it connects to the closest access point and that access point knows how best to route traffic to the internet (either another AP or the base station, whichever is closest). Wireless extenders only know how to route traffic to the base station which sounds like it would be fastest, but not in every situation since half of the bandwidth is still consumed by extender-to-base-station traffic internally. Eeros cut down on that since they remember the fastest route to the internet. In my experience, having a couple of these devices in my condo, I get near gigabit speeds to my ISP from my Macbook Pro over wireless 802.11ac. Before with one access point and an extender, I might get 20-30Mbps. For me at least, mesh creates a more stable and reliable wireless network/internet connection without having the need to “reboot the router” every week or month. Other companies like Google, Luna, and Netgear also make wireless mesh products.

Making the switch from Android to iPhone

Earlier this year I made the switch from an Android based phone (Google Pixel XL) over to an Apple iPhone 7 Plus. Why? Well let me give you a history of some of the devices I’ve had first for a less biased view.

I started with an Ericsson AF738 flip phone back in 1996. Small and compact flip phone that fit in my pocket. Most students had pagers in high school, which required someone to call a number and leave a numerical message which then got sent to the pagers, then those people would call the senders back. My cell phone (which on AT&T had a 20 minute per month voice plan), was more than enough to let my family and friends know that I was running late on my way home, or that I was going somewhere after school. In many senses, it was my digital leash which allowed me more freedom than most.

Once in college, I decided an upgrade was needed and I got a Nokia 5160. I had a few more candybar style and flip phones until I bought my first PalmOS based device which combined my calendar and contacts with notes. Treo 600/650 were devices based on PalmOS, and the 650 was one of the first on Sprint’s network at the time to allow text messaging. After that, a Windows Phone, the Pocket PC PPC6601 slider with a keyboard was now my primary phone. It was useful and fun, but large.

After college, I moved up to Redmond, WA to work at Microsoft. I drank some of the Kool-aid and had some more Windows-based phones (Pocket PC, Windows Mobile, Windows Phone, etc.) until my first iPhone. I then had some reception issues where I lived at the time, and found that switching networks and switching to a new Motorola Droid on Verizon worked better for me at the time. I stuck with mostly Android phones up until this year, when I found that iPhones might be a worthwhile switch again for what I needed.

So… I switched to the iPhone 7 plus, picked up an iPad, Airpods, Apple TV, and some other Apple goodies. I still have Windows workstations and my passion for technology hasn’t changed. Best tool for the job, but why iPhone? It does what I need it to for now, allows me to iMessage with my friends and family, and my data just goes where it needs to when I need it. Will I switch again? Perhaps. Is Android dead? Absolutely not, and it keeps pushing the other player(s) in the mobile space to get better, including Apple. The new Apple Watch Series 3 with LTE is pretty neat, and definitely works well making phone calls and data.

My story so far…

People at a recent summit were asking a bit about my story, what did I do besides helping with the summit, technical background, etc.

Well, short version. College at Oregon Tech, contracted at Microsoft on the Exchange Mailbox team and tested the first versions of the Monad/PowerShell cmdlets for Exchange, then System Center Configuration Manager testing deployments, then a few years in SharePoint/SharePoint Designer for the 2010 release. Hopped over to Expedia, learned Splunk, and now I work at Splunk as a software engineer. I work on deployments, Microsoft related things, Python, Ansible, Cloud (AWS), Apps, Testing methodologies and a ton of other things.

Operational Analytics FTW

With a previous employer, I helped implement “big data” operational analytics. This wasn’t just an effort for our IT team to be cool – we were seriously overworked, and we suspected we had a lot more computing capacity than we needed, and the company was hoping to cut back on some upcoming capital expenses. Implementing operational analytics isn’t easy, but after a few short months it paid off: we were able to pinpoint specific areas where we had excess capacity, massively rearrange workloads, and identify the capacity we needed for new projects. Our net savings in the first two years was around $1.2M, and we’d just gotten started.