I took this picture in my neighborhood leaving home for work one morning. Apparently I live in the sticks. Yes, that is a turkey. I see deer sometimes too.
A wild turkey. Just hanging out in my neighborhood. Apparently I live in the sticks.
Currently drinking: Terrapin Golden Ale
Filed under Uncategorized
So the company that I work for is a retailer with a couple hundred locations. Our IT backend has slowly been improving, but as a department we are perpetually understaffed and underfunded. This kind of explains the state of the network equipment in our stores. It’s a little embarrassing, really, but we are finally working to make it better.
Our current setup in our stores is a Cisco 1841 router and a 2950 24-port switch. That’s it. WAN connectivity is a T1. The switch has a couple VLANs on it for regular network equipment and for the POS system. The router has some ACLs controlling access to/from the network segments. Honestly this was some pretty cool stuff in 2005. It was even acceptable when these pieces of equipment went end-of-sale in 2007. But here we are 8 years later.
This setup has allowed us to pass PCI for a couple years now, but with the new PCI 3.0 rules, a stateful firewall is required, and we won’t be able to coast another year. Combine this new requirement with some high-profile breaches from Target and Home Depot, and our management is finally scared enough to give us the money to modernize our store IT infrastructure. And since we finally get a chance to redesign the store network with a clean sheet, we are doing our best to make sure that the new design is as secure as we can make it, is scalable, has room for expansion and extension to things we haven’t thought of yet, and is thoroughly kick-ass. And most importantly, this whole project will require a store visit to every store to rip and replace, so we can actually change things, and not be beholden to decisions that were hastily made 10 years ago and have been a millstone around our necks ever since.
Can you tell I’m excited about this?
We started this project by planning out what we want the network to look like. It came down to several whiteboarding sessions, with careful consideration of what our stores look like now, what they SHOULD look like now, and what decisions we can make now to ensure that we (or our successors) won’t be cursing us 5 or 10 years down the line.
Once we got our design 95% finalized, we started to think about what equipment and systems we would need to make it all happen. Some of it was obvious or pre-ordained (like the wireless solution, which I will discuss in a future post), but there were three places where we knew that we need a piece of equipment, and need to decide what would fill that role. First, and most obviously, we need a firewall. Second, we need a new switch. A bit of luck happened on this front, which allowed us to bypass the beancounter (yes, singular) a bit and get something much better than we otherwise would have been allowed to get. Third, we need a router. In our new design the router is no longer the single point of security enforcement like it was before, but the fact is, every one of our stores has a T1 on MPLS, so we need a router to connect to it. Honestly, if there was such thing as an Ethernet-to-T1 media converter, we would have used it, but there isn’t, so a-router-shopping we will go.
As I’m writing this, most of the decisions on this project have been made already. I’m writing it all up, because maybe somebody else will be able to get something out of the work that we put into our evaluations of different equipment. I will write some future posts detailing the evaluation process for the equipment that we chose, the decisions we made, and how things have shaked out, but I think this will do for now.
To read more about this project, follow the tag New Store Architecture
Currently drinking: Cruzan rum and IBC root beer
Filed under IT
Well, it’s about time that I get this thing started, eh?
You can read a bunch about me on the About Me page on here, so I’m not going to repeat myself too much. I decided to start this blog because as a network engineer in a shop that really should have a much bigger IT staff than we do, I run into entirely too much odd stuff, and I feel that it would be a shame to not record it so that future admins and engineers can maybe learn something, or at least get a laugh. Probably at my expense. There is a permanent forehead-shaped indentation in the wall next to my desk.
That said, I don’t want to limit this blog to just IT. I am a big fan of beer and other adult beverages, and every once in a while I find something that I want to share my thoughts about. In fact, the thing that actually catalyzed this blog and made me get off my ass to make it was a beer discovery. So that’s something I will talk about some. That catalyzing post will be coming really soon. It will even have a couple pictures in it!
I also plan on writing some things just because I want to. Not IT-related, not beer-related, just Me-related. For example, I’m rather a fan of SpaceX, and the recent Falcon 9 launch failure was pretty heartbreaking, so I might write something about that. I’m not an aerospace guy though, so there’s no danger that this blog will go full-time space-cadet. It’s just something I like that I may write something about. If these side topics don’t interest you, don’t worry. I’ll try to tag the topic-relevent posts, so you can filter out the random thoughts if you just want to get to the tech or the beer.
Anyway, enough of an introduction. I’ve got a half a bottle of rum and a six-pack of IBC root beer, and I feel like writing. Let’s do this!
currently drinking: Cruzan rum and IBC root beer
Filed under Uncategorized
