Canadian Information Processing Society (CIPS)
 
 

CIPS CONNECTIONS

INTERVIEWS by STEPHEN IBARAKI, I.S.P.

CISCO networking and certification authority speaks

This week, Stephen Ibaraki, I.S.P., has an exclusive interview with the widely respected networking expert and author, David Hucaby, CCIE No. 4594.

David is a lead network engineer for a large medical environment where he designs, implements, and maintains networks using Cisco products such as Cisco multilayer switching and security products. Prior to his current position, David was a senior network consultant, where he provided design and implementation consulting, focusing on Cisco-based VPN and IP telephony solutions.

Discussion:

Q: David, we are fortunate to have you come in to do this interview—thank you.

A: It’s a great pleasure for me to be here. Thanks for inviting me!

Q: Can you describe your current work, and as an independent consultant focusing on Cisco-based solutions for the healthcare and banking industry? What products and services are particular to these industries?

A: Sure. My current work involves maintaining the network infrastructure for a university medical center. I get to recommend design changes for the network of Cisco switches and routers, as well as install and configure the actual devices. And of course, when things go south, I get to be involved in the troubleshooting work too.

Working in a healthcare environment is a bit challenging, as the network carries not only the usual user traffic (email, web browsing, instant messaging, and so on)—it also carries mission critical traffic like patient lab results, CT and MRI scans, and even telephone conversations! When the network is down or slow, patients might not receive the care they need.

As for networking products that are particular to healthcare and banking, the LAN switches and routers perform the same function as they do in all businesses. However, these industries require a high level of availability and performance, so the switches are usually large chassis with many high-bandwidth links. These are usually arranged so that any one box can fail completely and the network won’t be affected.

As you might imagine, security is very important too. I see the full spectrum of security products in use—many firewalls, intrusion detection systems, Virtual Private Network (VPN) gateways, and so on. Hospitals and banks not only have to keep unauthorized people out of their networks, they have to make sure the integrity of their data is secure when it travels over a network.

Q: Do you have some stories about very challenging situations and their resolution?

A: Most of my stories involve networks being down and crowds of people gathering. I had one experience where a hospital network suddenly had a condition called a “bridging loop”. Basically, this is where a portion of a switched network forms a closed loop, usually from a faulty piece of equipment or from someone inadvertently connecting things up wrong. Normal user traffic that used to flow just once now begins to circulate around and around the network, as fast as the switches can pass it. The end result is that most every link in the network becomes unusable very quickly.

In this situation, the cause of the bridging loop is very hard to find. We had several people working together at different locations for several hours before we were able to find the one link that was faulty. To compound the stress level, we kept hearing the hospital staff announce that most of the areas were resorting to pencil and paper methods from years past.

In another experience, a hospital’s core or backbone switches had a software bug that caused most of their servers to be unreachable. Again, many of the patient care functions ground to a halt. Although very stressful, I had a very good experience with Cisco’s Technical Assistance Center (TAC). I was able to stay on the phone with them for a couple of hours while they brought in more technical experts to troubleshoot and offer advice. That problem was solved by loading new software on the backbone switches—something that was complex, especially in a crisis, but easily done thanks to very competent people on the other end of the phone line.

Q: What trends do you see in networking with regards to products and services? Please make some predictions about the future, and future technologies that businesses and IT professionals should be considering?

A: Well, those are difficult questions. The one major trend I see is something Cisco calls “convergence” on the network. For many years, networks have been used to pass data files and allow connections or sessions from one machine to another. Recently, we’re seeing those same networks carry new real-time traffic such as voice (telephone calls) and video (teleconferencing and streaming video).  You can definitely do much more with your network connection now, and that network has to perform well all of the time.

Wireless network access is also quickly developing. You can find wireless LAN access in hotels, airports, cafes, and many businesses. People can be productive in their jobs no matter where they are located. Naturally, wireless is going through the same type of evolution—your laptop can access all of the resources you need to do your job, and voice and video applications are quickly following. Add to that VPN access, where a user can securely connect from anywhere to the corporate network and its resources, and the “mobile office” is complete.

Do you have differing recommendations for small, medium and large enterprise organizations?

A: I think we’re to the point where organizations of any size must consider the same basic things—network availability and security. The actual network design will probably differ just because the budgets and performance requirements differ. One nice thing about today’s networking equipment is that it is fairly straightforward to scale a small network up to meet new or increasing needs.

Q: Can you provide your list of the five most important issues facing corporations and IT professionals today? How can these issues be resolved?

A: 1) Security – proper staffing and training is just as important as buying devices and appliances that perform security functions.

2) Obtaining and retaining highly skilled IT staff.

3) Keeping up with technology – Technical training is necessary to advance skills and embrace new developments.

4) Budgeting for new technology.

5) Proper evaluation of new “miracle” technologies – Often, new products sound much better than they turn out to be. The ROI may be great, but do you really need it and does it really work in your environment?

Q: With regards to security, please provide your detailed recommendations in this area?

A: Businesses rely heavily on their networks, so they must take every precaution to protect themselves from unauthorized or malicious people. It’s easy to throw security-related equipment at this problem, as I’ve often seen. But I think it takes much more than that to be effective. Security-related equipment generates large volumes of activity or error logs, and somebody needs to review all of that information regularly. I think many organizations either fail to realize the need for full-time staff dedicated to this task or they underestimate the number of people needed.

I also think it is very important for an organization to develop detailed security policies and stick to them. It’s very common for businesses to decide to put in firewalls at the edges of their networks, but they have no idea what the firewalls should be configured to do. It sounds silly, but the most difficult task of implementing a firewall is getting an organization to identify what types of applications and traffic they have and what resources they want to protect.

Q: How did you get into computing and specifically into Cisco?

A: Oddly enough, electrical engineering seems to run in my family. My father instilled an interest in electronics and computing in me for as long as I can remember. I’ve always enjoyed building digital circuits, and also enjoyed programming for several years after college. However, I found that I wasn’t an elegant programmer at all. A job change exposed me to a few Cisco routers back when I hardly knew what a subnet mask was.

What struck me about working with the routers and networks was the design and troubleshooting—I was finally blessed with work that meshed very nicely with my engineering talents.

I’ve always managed to work in places that are Cisco shops, so I’ve been exposed to more and more Cisco equipment. One nice thing about Cisco is that they are a (the) market leader with a wide range of products and functionality. They are also very open with technical information about their equipment and also about the underlying technologies. There is really no end of new things to learn!

Q: What is your recommended path into Cisco certification and what are the benefits of each? Can you share your study tips and important issues and challenges around the certification process

A: Cisco offers several levels of certification: “associate”, “professional”, and “expert”. These correspond to the Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), and the Cisco Certified Internetworking Expert (CCIE). You can start with the CCNA and work your way up to the CCIE through a series of many exams. Or, you can jump right into working on the CCIE directly.

Cisco offers many training courses through third-party training partners. These are all instructor-led and have hands-on lab exercises too. Taking a course is a great way to learn about a technology and get to see and touch equipment you might not otherwise see. Most courses are four or five days in length, so you get a lot of material in a relatively short time.

Cisco Press offers a wide range of books that can help you learn or study for certifications. There are books that correspond to the instructor-led courses, so you can read and study the same material at your own pace. Other books are targeted at a particular Cisco certification, and cover the complete subject matter while giving practice exam questions and scenarios.

The CCIE is the only certification that requires a two-fold process: a written qualification exam and an intense one-day lab exam. If you can achieve the CCIE, you have both technical knowledge and practical skills. The idea is that a CCIE can be dropped into most any situation and find a resolution in a short amount of time. Naturally, this is a very grueling process, requiring plenty of study and plenty of hands-on practice on a variety of equipment. Most people don’t pass the CCIE lab exam the first time. Or the second time.

I know many people who have benefited from online study groups for any of the Cisco certifications. It’s nice to read and participate in discussions with other folks working toward the same certification. In short, the Cisco certifications are so popular and the technologies are so open that it is quite easy to find enough material and enough help to study and pass the exams.

Q: You have done quite a bit of writing:

Articles
VLANs and Trunking

Books
CCNP BCMSN Exam Certification Guide (CCNP Self-Study, 642-811
Cisco CCNP Certification Library (CCNP Self-Study)
Cisco Field Manual: Catalyst Switch Configuration
Cisco Field Manual: Router Configuration
CCNP Switching Exam Certification Guide

What are the major themes in each and specific tips you can provide?

A: My first book with Cisco Press was the CCNP BCMSN Exam Certification Guide, which is wholly devoted to LAN switching. One of the CCNP exams focuses on switches in a campus environment, and this book teaches and prepares the reader for the exam. Cisco certifications also change over time, to follow developing technologies.  This exam and the LAN switching subject matter have been updated, so this book was completely rewritten and released as the last one on your list, “CCNP Switching Exam Certification Guide.” That exam is very new, and the book was just released at the end of September.

I’ve also written two books with a CCIE friend—the two “Cisco Field Manuals”. These books are a very different format, as they break networking down into various functions and present a step-by-step sequence of Cisco commands needed. There are so many different Cisco devices, so many commands, and so many different protocols and technologies, I just can’t remember them all! These books are really meant to be quick references that you can carry in your laptop bag (if you’re a traveling consultant) or within reach at your desk.

Q: How can a novice get into writing, what important lessons have you learned, and do you have shortcuts to speed up the process?

A: First, I think you have to have a real interest in technical writing. It might be good to start out by writing short “tech notes” or white papers for your own organization or for an online or printed magazine. The more you write, the easier it becomes.

To write a book, a novice author will first need to submit a book proposal and a sample initial chapter to the publisher. The proposal gives a detailed description of the book, its subject matter, and intended audience. The sample chapter gives an idea of the author’s abilities to write about technical subjects. Usually, this proposal is circulated within the publishing company, as well as to outside experts on the subject. If everyone agrees that the book sounds unique and marketable, then a contract can be drawn up between the publisher and author.

Writing whole technical books is amazing to me. By this I mean that I can’t ever remember writing anything over 20 or 25 pages in college. Just one Cisco Press book can average anywhere from 500 to 800 pages! Obviously, detailed outlines are a critical piece of a large book. Once you know the subject material very well and have developed an accurate outline of topics to cover, you can write the big book one small section at a time.

I must also say that Cisco Press has been an excellent publisher to work with. They have provided very talented editors, project managers, graphic artists, and so on—each of them very helpful.

Q: You must have both interesting and funny stories to tell from your many rich experiences—please share a few.

A: I’ve had a legacy of ruining laptop computers at work and while writing books. After just a short time in my current job, I left my laptop on my desk too close to the window overnight. Needless to say, it was gone the next morning, extracted through a small hole in the window made by a brick. After the laptop was replaced, I took it into a communications closet. I had it nicely placed on top of an old ethernet hub while I worked. I went around to the other side of the equipment rack and began to unscrew a device I was replacing, not realizing that device held up the laptop. When the last screw came out, I heard a sliding noise and a crash. That laptop met the cold, hard concrete.

Q: Which ten resources do you find the most useful?

A: 1) Cisco.com – The all-encompassing information source for all things Cisco and network-related.

2) Cisco Press (www.ciscopress.com) – many, many good books on every networking subject.

3) Cisco Networkers conferences plus the RFC Sourcebook from Network Sorcery (http://www.networksorcery.com/enp/default0504.htm) – Very handy reference for RFCs and networking protocols.

4) Incidents.org – The Internet Storm Center and the SANS InfoSec reading room.

5) SANS Institute (www.sans.org) for security information and training.

6) The CERT Coordination Center (www.cert.org) for anything security-related.

7) Groupstudy.com – Cisco certification discussion groups.

8) eBay – The source for cheap, used Cisco equipment; studying for certifications requires hands-on experience, which requires lab equipment.

9) The Internet Assigned Numbers Authority (www.iana.org) – The official protocol and port number registration source.

10) Dilbert (www.dilbert.com) – Maintaining a sense of humor about the workplace is vital.

Q: If you were doing this interview, what three questions would you ask of someone in your position and what would be your answers?

A: 1) Are your certifications worthwhile after all? As for me, I have a CCIE, and I would say ‘yes, it certainly is’. Not only has it helped me move ahead with my career, but it has helped me be much more competent in my work.

2) Do you see the need for networking skills diminishing in the future? No, I don’t believe so. Networking is constantly expanding and constantly developing. The skills required to support corporate networks seem to always be on the increase too.

3) What do you do in your spare time? Because I work a full-time job and have been writing Cisco books for the past couple of years, spare time might seem hard to come by. Fortunately, I’m able to write every night while the rest of my family sleeps, leaving time for family fun. As for non-technical hobbies, I collect and use antique woodworking handtools.

Q: Do you have any more comments to add?

A: None at all.

Q: It was a pleasure interviewing you. Thank you for sharing your wealth of knowledge with our audience.

A: This was a fun experience for me. Thanks for allowing me to be here.