Join Keith Sinclair as he joins the Passionate About OSS Podcast and talks about how using open source software is a key building block to running your networks. The podcast is also available on Anchor.fm, Spotify, Google Podcasts, RSS, Pocket Casts, Breaker, RadioPublic or streamed below; 

Show Notes

Have you noticed the rise in trust, but also the rise in sophistication in Open Source OSS/BSS in recent years? There are many open-source OSS/BSS tools out there. Some have been built as side-projects by communities that have day jobs, whilst others have many employed developers / contributors. Generally speaking, the latter are able to employ developers because they have a reliable revenue stream to support the wages. Our guest on this episode, Keith Sinclair, has made the leap from side-project to thriving OSS/BSS vendor whilst retaining an open-source model. His product, NMIS, has been around since the 1990s, building on the legendary work of other open-source developers like Tobias Oetiker. NMIS has since become one of the flagship products for his company, Opmantek. Keith and the team have succeeded in creating a commercial construct around their open-source roots, offering product support and value-add products. Keith retraces those steps, from the initial discussion that triggered the creation of NMIS, its evolution whilst he simultaneously worked at organisations like Cisco, Macquarie Bank and Anixter, through to the IP buy-out and formation of Opmantek, where he’s been CTO for over 10 years. He also describes some of the core beliefs that have guided this journey, from open-source itself, to the importance of automation, scalability and refactoring. The whole conversation is underpinned by a clear passion for helping SysAdmins and Network Admins tackle network assurance challenges at service providers and enterprises alike. Having done these roles himself, he has a powerful empathy for what these people face each day and how tools can help improve their consistency and effectiveness. For any further questions you may have, Keith can be found at: https://www.linkedin.com/in/kcsinclair Disclaimer. All the views and opinions shared in this podcast, and others in the series, are solely those of our guest and do not reflect the opinions or beliefs of the organisations discussed.

I dropped into a quarterly business review that one of the Account Managers was doing with one of our customers last week. I like to do this from time to time to hear it for myself directly from the customer. It helps me understand the customers and gives me an opportunity to discuss our platform post-sale and integration.

This particular customer is a Telecommunications Carrier out of North America that runs a lot of wireless and fibre and is rapidly expanding.

The Head of Network Operations was on the call, and for the purposes of keeping the identity private, let’s call him Joe.

Joe talked about the snowstorms and how it impacts their network and field services team. The way it works is that the NOC team gets an alert, does some diagnosis and decides what process needs to occur. To send field service staff means that the problem is something that cannot be remotely fixed. Sending the team out in bad weather to work on wireless equipment is hard on the people who do the work, but at the end of the day, to quote Joe, “we pride ourselves on great customer service.”

Before this customer had opEvents installed, they would have a high rate of field service calls that would result in no fault found during snowstorms. This means that the field services team were not being sent to fix real field-related problems. For any company with a field services team, you know how important it is to send these guys to real problems.

The impact for the customer was that to clear all the events would take days, with over 50% being false reports.

During recent snowstorms, opEvents would handle the alert and find the source problem. The NOC team then could send the field services team out in the snow to investigate and fix the problems. Joe said that the level of accuracy in the alerts was fantastic and the NOC and Field Services Team rebuilt their trust and had confidence that they were being sent to a real fault.

When Joe studied the impact that the FirstWave Platform brought to the table, opEvents reduced event storms to zero, deduplication was no longer a problem and only pushed real events to the team. Field service calls were reduced and the network was brought back to normal in half the time.

“We had a lot of competitors’ customers switch to us during the snowstorms. The amount of downtime we suffered was minimal as we were right on top of any faults, we knew where they were and their severity and deployed our field services team accurately. It puts us ahead of the market.”

​Delivering security solutions to customers has progressively become more complex and inefficient for service providers. Because these solutions may comprise a range of point products from different vendors, they force the service provider – and customer – to manage multiple relationships and technologies.

Combining the scalability and flexibility of Software as a Service with the economies of scale of a multi-tenant environment can resolve these problems. A multi-tenant, SaaS security platform can strip out complexity and give service providers the ability to offer white-labelled solutions comprising world-class security technologies to customers.

At FirstWave, we provide a multi-tenant, SaaS platform that service providers can use to provide solutions that protect enterprises from cyberattacks across email, web and firewall vectors. Our CyberCision Platform orchestrates and provisions cloud-based SaaS based on virtualised email and web security, as well as firewall products from leading vendors. These include Cisco, Palo Alto Networks, Fortinet and Trend Micro; we aim to add more in future.

The platform – available on Amazon Web Services – can be accessed by service providers with no upfront costs and integration. It incorporates APIs and information feeds that service providers can take into their order management, customer management, ticketing and subscription billing systems. All FirstWave infrastructure, management and security processes are certified to ISO 27001 Information Security Management System Standard and ISO 9001 Quality Management System Standard.

The platform enables users to offer solutions to customers ranging from government agencies, financial institutions and multinationals down to two- or three-person startups from a single instance.

Service providers can provision and activate solutions for customers within minutes and offer them packages of security policies. They can also manage all customers from a single pane of glass, and the customers themselves can have a single pane of glass view of their services and security policies. Our platform is carrier-grade and offers five nines service performance and strong hierarchical and role-based access controls.

Our platform is also compliant with the requirements of the General Data Protection Regulation, which protects the data and privacy of individuals in Europe.

With a world-class, multi-tenant, SaaS platform, service providers are now well positioned to help customers meet current and forthcoming security challenges.

Now that I have your attention, how can we possibly audit a network and find all the juicy details about the devices upon it, without having high level credentials to talk to those devices?

Well, it’s a bit of a mistruth. Or a caveat. Or whatever you want to call it. We definitely can do this, but for devices such as routers, printers and switches you will need a minimal set (read only, minimum access level) of SNMP credentials. Computers can be audited without any credentials being stored in Open-AudIT.

“How can you do that?”, “It won’t work on my network, my network and devices are locked down”. Yes, yes, your network is perfectly secure, I understand. In that case you are the perfect candidate to implement network discovery and auditing in this fashion.

So how do we do this? Well, as mentioned, first source a set of SNMP credentials that allow the minimal level of access. Do not worry about credentials for Windows, Linux or any other computer OS.

Next configure Open-AudIT to match devices based on IP address. Note that if you have devices that frequently change IP, you may need to enable this on a per discovery basis to avoid too many false positive device matches. Note that even this can be negated by using a collector per subnet to run discoveries.

Once you have your minimal SNMP credentials and have created and configured a subnet discovery, run it. Naturally devices without credentials will probably be classed as unclassified or even unknown. That is expected – no credentials, remember.

Next use your management software to deploy the audit scripts to the appropriate operating system for each device. For Linux machines (for example), you can use Puppet, Chef or Ansible to push the audit_linux.sh script. Windows domain users also have the option to deploy and run the script at domain login. Then create a cron job (or scheduled task under Windows) to run the audit script on a schedule of your choosing and submit the results to your Open-AudIT server.

Then you should check for unclassified or unknown devices within Open-AudIT and work through them, determining what it is and remediate as necessary.

As the audit script results are submitted, the unclassified or unknown devices should be matched and decrease in number.

Eventually you should have zero unclassified or unknown devices. You have just discovered and audited your network using only a minimal set of SNMP (read only) credentials. You still have all the data Open-AudIT usually collects, but no central store of credentials!

Obviously this will take a lot more effort than using Open-AudIT as designed, but in those cases where you just cannot store sensitive credentials in a central location, Open-AudIT still has you covered.

SD-WAN ha sido tendencia este 2021, en organizaciones que implementan ampliamente la tecnología, principalmente los proveedores de servicios gestionados (MSP’s), ya que permite resolver las limitaciones de ancho de banda que en la actualidad comienzan a ser un problema, cabe mencionar que, esta tecnología mejora la experiencia de los usuarios al utilizar servicios de internet que proporcionan velocidades de descarga superiores a las actuales. “Durante 2020, Doyle Research espera que varios proveedores marginales de SD-WAN salgan del mercado o sean adquiridos”. Por lo que, es de suma importancia que los ejecutivos de TI evalúen cuidadosamente la viabilidad al adquirir una marca de SDWAN, ya que en la actualidad existen varias opciones disponibles y cada una de ellas proporcionara ventajas y desventajas que podría marcar el éxito o fracaso en su operación.

“SDWAN ha aumentado su uso en múltiples plataformas de infraestructura, como lo son (IaaS), Amazon AWS, Microsoft Azure, Google Cloud y Oracle”. La mayoría de los proveedores de SD-WAN aprovechan el punto de acceso local más cercano que permite a los usuarios conectarse a internet con su proveedor de servicios contratado(ISP), esto ayuda a que se pueda transferir mas rápido la información al punto de presencia mas cercano reduciendo significativamente la latencia, lo cual es de suma importancia para negocios como, tiendas de autoservicio, farmacéuticas, restaurantes, agencias automotrices, entre otras.

Ya que SDWAN esta comenzando a utilizarse de manera gradual, es importante que los proveedores de servicios de internet puedan monitorear lo que pasa dentro de dichas nubes,  por lo que deben evaluar la capacidad que tienen para integrarse sin problemas con gestores/administradores de TI líderes en el mercado, incluida la conectividad desde el gestor hacia el CPE, para observar el desempeño de la sucursal, APIs personalizables, optimización del rendimiento, mapas georreferenciados y visibilidad de eventos de extremo a extremo, es aquí donde Opmantek ayuda a potenciar dichas características para el monitoreo de los CPEs de clientes, así mismo hace posible el monitoreo de los dispositivos que viven en la nube, inclusive si no tienen conectividad a través de ICMP. ¿Esta usted interesado en este tema?, de ser así no dude en contactarnos en latam@opmantek.com, en donde tenemos una solución hecha a la medida de sus necesidades.