Energy Consumption | Infrastructure

TLDR (efficiently expressed – rhetorically); Reducing infrastructure hardware with virtualization technology and picking energy efficient hardware that ultimately reduced our energy consumption over the last six years. Certainly beating the annual increase on commercial energy costs and giving us insights into the power of software and hardware technology innovations. 

This project is: My measurements are a ‘broad stroke’ of what our potential savings were. We want to see if we A) saved money on electricity to lower the environmental impact and B) see if my operational planning is lowering our foot print, and requiring less of a demand on internal resources ($$$$) and operating more efficiently (this is what I really care about).

Infrastructure Energy Consumption Analysis

Well… I think the graph speaks for itself. We saved a lot of money on electricity. How did we do it? Keep reading.

What this analysis could have been: 

It could have been a complete analysis that broke down each system by CPU (E3, E5, AMD, etc..), RAM (8, 16, 32, 64, 128), Storage (RAID configs based on SSD’s, HDD’s), and exact amount of (network) data pushed by the hour. Gratefully, I get paid more than $0.082 per hour, unfortunately, that means that the time to perform a fully detailed analysis may dramatically reduce the cost savings. Then again, it could be tucked away as a hidden variable…, jk.

Remember, efficiency.  “When products use more power to perform the same amount of work, they are by definition less efficient.”

Why it wasn’t that: 

Cost benefit analysis i.e, not worth the time for a similar outcome. This analysis is being done in hindsight with 20/20 vision. If I wanted to make a decision about future infrastructure changes (collocation, hybrid public cloud, on-prem datacenter expansions) with vendor purchase agreements over $100,000 for a single refresh, then the cost/benefit may be exponential enough to measure. We don’t spend that type of money on infrastructure.

What it is: 

I mean, knowing that the new hardware consumes less wattage than the prior hardware and comes with software that supports low idle usage during low load times; means that the power consumption will be lower – in theory. But remember, all you know are the stats given to you from the vendor. That doesn’t include the environment variables (seasonal electrical cost changes, systems usage changes, and random implementations or deprecation’s, nor system count changes). That sentence alone is exhaustive and makes me want to switch to cloud computing! For instance, our year over year costs per device is on an upward trend, but our overall costs for our environment is on a downward trend. How is that? 

year over year electricity cost per device

Originally, I wanted to see how much of a cost savings or increase we would see from my infrastructure decisions. It quickly became apparent that most of my savings was not because I picked super efficient and ‘green’ hardware – but I did. The primary reason for my cost savings was actually a software technology – virtualization. Yes. It has been around for a LONG TIME.

The primary savings was accomplished during the partial and full virtualization phase (2016-2017). Reducing the onsite datacenter footprint from 24 servers down to 3 primary servers. Unfortunately, some of the technologies deployed required additional power consumption, increased demand on average server usage and increased PoE demand on all switches as more devices become Powered over Ethernet. 

Eitherway, we dramatically reduced our energy consumption! Yay, us. Sorry, Entergy.

What I plan to do with this: 

Increase system efficiency, cost effectively – I thought I made that clear.

The primary bottleneck that is limiting our system throughput are the disks I/O speeds. With future analysis, we will be able to determine if SSD’s can provide us with an operational cost savings through the direct cost of electricity, infrastructure purchasing costs by consolidating one of the Hyper visors from three down to two and comparing those cost savings to varying models. I’m considering and testing costs in both a hybrid-cloud infrastructure (which adds systemic processes (lowers efficiency)) and complexes the design (lowers troubleshooting efficiency without proper training) and increases demand for professional development. All variables must be considered before making a decision on our next infrastructure initiative. 

How I plan to measure: 

  • Electrical costs can continue to be measured on an annual basis by kWh per device based on average load/usage and multiplied by the total number of ‘like’ devices in the network. 
  • Processes can be measured by taking the collective salary average and dividing it by the support hours required to maintain, monitor, and support a hybrid-cloud. 
  • In the same light, troubleshooting time can be averaged by the salary over ticket completion times for systems / infrastructure tasks. 
  • And finally, PD costs are explicit when utilizing subscription plans, boot-camps, and training materials. The hardest aspect to measure will be personal, off-the-clock training time dedicated to increasing our staff knowledge on cloud computing maintenance and troubleshooting. 

Resources:

Inspiration: https://codeascraft.com/2020/04/23/cloud-jewels-estimating-kwh-in-the-cloud/

Some research: http://www.webtorials.com/main/resource/papers/cisco/paper112/EthernetPowerStudy.pdf

Amazing vendors:

https://www.dell.com/ (PowerEdge is amazing!)

https://meraki.cisco.com/ (Built in power consumption metrics)

https://www.cisco.com/ (manual power consumption stats)

#show power inline

module available used remaining

(watts) (watts)

1 370.0  39 331




Disclosure:

  • Not affiliated with anyone / anything in this post directly.
  • Excuse grammatical issues, I’m not a writer.
  • All analysis was inspired by others with a personal directive to save the earth and increase efficiency.

2020

As always, I’m keeping this short.

2020 is here and I have focal point for the year. My optics are tuned and set on the follow list:

  • Clarity. In my mind and of others. All too often, I’m immediately responding assuming that I understand. Sometimes I don’t. It often comes off as rude or aggressive and it needs to change. This is a joint effort, but at least I will be the one to start the shift among my colleagues.
  • Project management. I enjoy organizing projects, drafting reports on progress and achieving varying levels of progress.
  • CCNP, Python, Ansible. The new CCNP is around the corner. It’s going to involve Networking, DevOps, and Automation. I’m getting it.
  • Action. There’s no waiting. Just acting. I’ll assess all opportunities that come my way, see if they fit with my 5 year and 10 year roadmap and execute on all opportunities that align.
  • Intentionally . Doing the best with full intentions of performing the best I can.

That’s it. I’m really just focusing on key skills, growing professionally as a manager and leader, and chiseling away at progress.

Cisco – The Future of Internet

On December 11th, Cisco announced the future in five categories.

  1. Silicon
  2. Optics
  3. Software
  4. Systems
  5. Architectures

1. Silicon – Referenced as the “engine to a car”, Silicon One is Cisco’s programmable silicon architecture – Q100. This transistor can handle large buffers, advanced programability and greater bandwidth!

Nerd Knob #1: 10 Tbps carrier-class capability

Finance: Drastically reduces the OpEx industry rate which sits at a 1:5 ratio

Read more here: https://blogs.cisco.com/sp/one-silicon-one-experience-multiple-roles

2. Optics – Slower interface speeds could easily cost a solution 10%. With new silicon photonics reaching 400G, the cost per bit can be driven down.

With the hardware becoming more diverse and software driven, we are now going to see an increase in cost on the speed.

Can you imagine? 400GbE connections. That’s an insane amount of data movement.

Read more here: https://blogs.cisco.com/sp/optics-fundamental-to-build-the-internet-for-the-future

3. Software – As Cisco references Silicon as the car, they reference Software as the steering wheel. Their Network Operating System (NOS) becomes an even more critical component in the future of the internet. With Cisco’s IOS XR7, come prioritization on operations. Their goal was to simplify and improve automation tasks with the overarching goal of “zero-touch”. With better efficiencies, comes more complexities. XR7 NOS allows teams to utilize the computer for insights and analytics.

Read more here: https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xr-software/index.html

4. Systems – Continuing the reference – the car. With Cisco 8000 series routers being deployed, we can now bundle the hardware and software for limitless opportunities. Okay, maybe not limitless for long, but definitely a game changer for the immediate future.

Nerd Knob #2:

1 RU Router can support 10.8Tb/s bandwidth…

3 modular form-factor platforms delivering support from 115Tb/s > 260Tb/s

Full Fabric redundancy

Top of the line security – Hardware based “Trustworthiness” for tamper proof control and visibility controlled by Cisco Crosswork Cloud

Finance:

Reduced power consumption per Gb (4W) which is 1/4th the consumption

Read more here: https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xr-software/index.html

5. Architectures – Everything listed above has been re-imagined with performance, trust and OpEx in mind. By keeping all of this on track, Cisco is reinventing how the internet operates with people and business in mind.

Read more here: https://blogs.cisco.com/news/future-of-the-internet-its-here


*This post is not endorsed by Cisco, nor is it a direct reflection of their beliefs and opinions.

Reflection & Vision

When you’ve reached a peaked plateau in any aspect of your life, it’s easy to feel lost, and fogged. Especially when you’re at a peak – but your internal furnace that drives for growth and learning beyond your current levels continues to beg the question; what’s next? It’s common for people my age to want more – and more constantly. It’s often referred as greed. And the definition may be accurate with that statement. I’ll debate it later.

It’s not a bad place to be and I realize this. I’ve had mentors, father figures and friends refer to this point in life as many different things. All of which have resulted in complacency, losing businesses, or failing on their part of the deal in partnerships. That’s where I was earlier this year. I was at my turning point. A point in time where I could choose to make a change. It would either result in returning to Port, maintaining my anchor or setting sail for the high seas.

My decision? Well, none of the above. I overthink everything. I decided to come back to basics. Develop a strategy that will ensure my success – long term, expand on my foundation, and then embark on my journey.

So, I’m in the middle of developing key skills that will last me another decade in this vastly dynamic world of technology. Being a network and systems specialist is only a fraction of who I really am and even of that percent that I am, I can still be greater.

Skill #1 Systems & Networking – I’ll spend time learning Cloud infrastructure from a technical stance. Mastering understanding from a top level managerial view down to the cleanest whitepapers written by the creators of these technologies. Wikipedia is not a proper source.

Skill #2 Management – I’ll spend time learning how to encourage natural incentive and effort for a common strategic goal.

Skill #3 Leadership – being prepared and present more frequently in meetings. I’m already good at this, but I’ll be even better. Providing more follow up and follow through on projects and goals. Creating an environment of care and compassion among my peers and colleagues.

Skill #4 Entrepreneurship – I’ll work on my partnerships. Creating strategic partnerships that truly benefit both sides with sustainability in mind.

Skill #5 Personal – removing limiting thoughts and hesitation from my mental reflex. Preparing to be a father and a better husband with every opportunity.


I think it’s important to understand why I chose skills rather than certifications for my goals. Having an understanding of your desired skill will remove the limiting factors of choosing a single cert and believing that it’s all you need. In reality, I must master my skills, which may equate to five certs, 400 hours of video lessons and another 10 years of experience. The later is much more appealing and hard to beat, especially when competing against a team of nerds, a processor and code for future jobs. It also empowers me to go out, gather the best data on the subjects and study them to a mastery level – then apply what I’ve learned to be truly great.

Week 1 – Unifi for Home

It’s week one in my new house. I have Unifi powering my network with the security gateway, ubiquiti switch and AP Pro. Lots of information to come, but so far, I’m loving the Unifi dashboard and features. Especially the specifics of their automatic topology!

Unifi Ubiquiti Home network set up

Update #1 12/2/2019

Unifi for Home use is amazing when you combine the Security Gateway with any of their switches. Getting the live dashboard and alerts with their “insights” dashboard is an amazing feature. 100% worth the cost ($139).

Personal Finance

I’m not going to write about personal finance 101 because it would end up being version 10,000,000,000,000 ^365…

We’ve seen enough. Everything has been repeated and humans are humans.

I am, however, going to share my methods, which includes an excel sheet and a budgeting application.


The Excel sheet – I use it “planning” and being pro-active with my budgeting efforts. What I mean by this is, I plan purchasing a home, funding a college account for my future child, purchasing a car, or planning future investments. It’s sort of like a quick simulation.

Setting the goal, here’s how I do it – the categories:


Let the simulation(s) begin!

Just start filling it out based on a monthly view and allow excel to “summarize” it for you. Do the same for your expenses and see how much is left in the (“Net(+/-)) column at the end of the month.


On to the App! This is what everyone wants to see.

So, yeah, it does a lot – but it keeps things simple. My favorite feature about the application, aside from being able to view all accounts at once (Student loans, home loans, credit/debit, and 403b accounts), I’m able to view my “net worth” because of the vast account capabilities.

The other cool feature, is the ability to categorize. Throughout the month, I set a dollar amount budget (based on my monthly excel budget) and I categorize all expenses throughout the month. By the end of the month, I look at the budget dashboard and see where I am with my budget categories. Most of the time, I’ve over spent on restaurants or groceries, or wood working projects. I promise, one of these days, I’ll treat wood working like a business and actually make money from it!

The unspoken and indirect feature that Personal Capital offers, is the ability to reflect. I was feeling a little negative toward my finances – feeling as if I hadn’t made any progress in the last year. Personal Capital maintains record of all transactions and net worth… when I reflected on the app, I saw that I actually paid down $20,000 worth of debt, saved for a mortgage down payment, paid off my car and enjoyed an expensive vacation for a week in Florida… It instantly boosted my mood and made me realize that I am making steady progress on my financial, material and social goals.


The second App – Robinhood. If you’re investing but don’t have more than $200,000 invested in a stock trading brokerage account, then I suggest that you invest for free – in Robinhood. Seriously, you can make money instantly with their free trades. Buy Apple today, sell it in a few days and enjoy your 1-3% profit margins. If you capitalize on this technique which leverages compounding growth and the market continues to do well, you’ll do well!

Free money, create an account and start trading!


References

Message me if you would like a template or a more complete run through of anything in this post.

Defending Against RYUK

Computer code on a screen with a skull representing a computer virus / malware attack.

It has been exactly four weeks since Homeland Security, the National Guard and LA DoE scheduled an emergency phone conference with all Technology Directors in the state of Louisiana.

During this briefing, we were informed that 6 school districts and 2 government agencies were attacked by a ransomware known as RYUK. The immediate reaction was frightening as the governor of Louisiana demanded a state of emergency. We were told to shut down internet access and remove local admin rights until further notice.

Keep in mind, we were two weeks out from the start of school (smart timing on RYUK). We had to finish deployments for hundreds of chrome books, projector installations, finalize surveillance installs and manage several other projects in our department.

A day passed before we received a strategic game plan from Homeland Security that detailed several phases of security implementations. Phase 1, turn off all internet access. This can be hard to do when your trying to deploy devices, run updates and have 150 staff members coming back to campus…

I’ll explain the technologies and how everything works later in the blog.

We spent a week tightening up the ship, blocking internet access based on firewall rules, attempting to have offsite backups work, deploying devices, installing software… we were extremely reliant on the internet.

Services were breaking constantly, as expected when you turn off the internet (LOL, if I don’t laugh, I’m crying). My boss could see the stress on our department and offered full support to us while we navigated these high seas. I have to say, I have one of the most supportive bosses in the world (Shout out)!

She granted the additional resources necessary to tackle this oncoming storm.

Four weeks later, 600+ hours between two employees, we now have all systems patched, removed local admin, wiped and deployed. In addition, all members of our organization have been trained on identifying phishing attacks (for your reference). And the entire network is locked down according to recommendations made by Homeland Security.


The Technical


Known threats to block

deny any any 84.146.54.187/32
deny any any 75.147.173.236/32
deny any any 218.16.120.253/32
deny any any 170.238.117.187/32
deny any any 195.123.237.129/32
deny any any 194.5.250.123/32
deny any any 85.204.116.158/32
deny any any 31.184.254.18/32
deny any any 186.10.243.70/32
deny any any 104.20.209.21/32
deny any any 445
deny any any 447
deny any any 449
deny any any 8082
deny any any 16993

They have identified RDP (3389) and Email (80/443) as the two primary vectors of initiation.


How we “turned off” the internet

Using the firewall “deny any any” and manually adding 40+ pages of “trusted” ip addresses was not an option for us. It was extremely time consuming and impractical. I often fat-fingered IP and port numbers. I broke everything. I wish Meraki allowed me to use a CLI for this type of task. Luckily, Meraki had a second option for us.

Meraki offers Content Filtering, which allows you to blacklist everything (*) and whitelist URL’s. I chose this option. Upon blacklisting the entire internet with (*), I was then able to whitelist common sites much more efficiently.

Anything that ends with .gov and .edu were whitelisted, but not completely. Aside from these, every other site had to be whitelisted. Aside from the constant adding, this process is very easy.

All traffic is triple filtered with the leading Cisco, Google, and Meraki products in the globe. With dual content filtering, IPS/IDS and AMP screening, our traffic has been relatively clean – to say the least.

When it comes to Meraki, we were also able to filter traffic by country. This allowed us to block traffic from random countries that we have no business communicating with/through.

Anti-virus

We commissioned a new AI based product to help protect all of our servers, faculty and staff. Hoping that their spread of knowledge with the recent attacks will help prevent attacks on our network.

Advanced email filtering & quarantines

Google allows for us to enable advanced email filtering and quarantine. I’ve enabled all features to flag suspicious emails and I’ve personally trained every employee on proper email usage and what to look for in an email.


As of today, we are not in the clear, but we are in a much better state now than we were a month ago. We were given the chance to reflect on our current policies, enforce new procedures and tighten up security campus wide. Other organizations were not given the same opportunity as us.

For anyone out there battling this, please reach out if you need support. This is a beast to navigate and cyber crimes are not going away anytime soon.


References

Center for Internet Security (Homeland Security)

Read about Protecting your network

Read about Emotet Malware

Read about TrickBot

Knowledge Curve

I’m going to keep this one short, like most of my posts.

The Knowledge Curve signifies the “possibility” of knowledge if someone were to have consistent and focused study throughout their life versus the typical life long learner that prefers a more sporadic approach – which is provoked by work demands or life changes. There’s no shame in learning as you go from a career perspective, but you can change your outlook on learning exponentially by having a more consistent approach to learning.

The key here is that you’re not “resetting” by allowing your brain an unnecessary break (several month’s or years). I specifically remember the first time that I obtained my CCNA. I had all of the textbook knowledge crammed in my brain, I was confident, and then I decided to stop labbing and maintaining my knowledge after passing my exam. Three years later, I have to renew my CCNA and progress onto the CCNP – but I lost a lot of the knowledge because I have not been using it in a practical manner. There’s a way to prevent this from happening to you.

Stay maintained and continue learning. It’s a life long venture; not a 5k race. Reading one topic a day for three years would have kept me on cusp of knowledge in the world of CCNA and honestly, it would have promoted me to learn CCNP before my renewal date… So now, I’m stuck renewing my CCNA again before I can even progress onto the CCNP. That’s not because of a limitation set by Cisco, but rather the inherent need to relearn all of the information that I put on the back burner three years ago…


Edit #1 – 8/25/2019 – Finished post and corrected grammatical errors.

Google Sheets – Asset Management

Do you need an asset manager? Are you a small/medium organization? Then I have the perfect application for you! It’s called Google Sheets.

Get yours here:

Asset Management

https://docs.google.com/spreadsheets/d/1c17XY8iywyal_fUr1LBFofWlljrpQEbOs5WW0d9EKBU/copy


Seriously, though, if you have any questions – reach out to me.

My sheet covers Asset Management, Repair Logging, Systems and Network logging, and a user dashboard to see which devices a user has assigned to them at any moment and their repair log history. You know, just in case you need to bill them…

Port-Security (Mac-Address Filtering)

Port-Security is fundamentally great to implement, especially since this command supports both static (Sticky) and dynamic mac-address filtering.

Basic configuration:

##Open Interface##
(config)#int e0/2

##Enable Port-Security##
(config-if)#switchport port-security

##Allow a specific mac-address##
(config-if)#switchport port-security mac-address aabb.ccdd.eeff

##Only Allow a single mac-address##
(config-if)#switchport port-security maximum 1

##If policy is violated, err-disable port##
(config-if)#switchport port-security violation shutdown

Verify configuration on the interface:

#show port-security interface e0/2
Sw1#sh port-security int e0/2
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 1
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : aabb.ccdd.eeff:10
Security Violation Count   : 0

View from both devices:

Once the Router (R1) changes it’s mac-address, it will err-disable the Switchport from Sw1. 

R1(config)#interface e0/0
R1(config-if)#mac-address aabb.ccff.eeff
Sw1#
*Jul  6 17:14:56.613: %PM-4-ERR_DISABLE: psecure-violation error detected on Et0/2, putting Et0/2 in err-disabl
e state
Sw1#
*Jul  6 17:14:56.613: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address aa
bb.ccff.eeff on port Ethernet0/2.
*Jul  6 17:14:57.621: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/2, changed state to down
Sw1#
*Jul  6 17:14:58.617: %LINK-3-UPDOWN: Interface Ethernet0/2, changed state to down
Sw1#

To fix the err-disable, you will want to put the original MAC-address back on R1 or add the new mac-address to the port-security interface. Then, you will want to cycle the switchport. (shut/no shut) – verify w/ ping. 


If you want/need to save the mac-address that was learned after a reboot, you will need to use this: 

(config)#int e0/2
(config-if)#switchport port-security mac-address sticky aabb.ccdd.eeff
#wr

If you get an error, perform this first, to remove any previously set mac-address:

(config-if)#no switchport port-security mac-address aabb.ccdd.eeff 

##followed by: 

(config-if)#switchport port-security mac-address sticky aabb.ccdd.eeff