Now that I’ve returned from the whirlwind that was Interop Las Vegas, I thought I’d share some thoughts about my experience as a speaker and attendee.
First the good: The UBM staff was awesome and I appreciated the chance to pontificate on one of my favorite subjects, firewalls. Thanks to some quick thinking by the hardest working man in IT, Stephen Foskett, I also had the opportunity to be included as a last minute member of the Tech Field Day round table discussions. He always manages to set the bar high by inviting some of the most talented, independent thinkers in our profession and it’s a pleasure to be in such good company. Of course, I enjoyed spending time with the other Packetpushers who presented at Interop; Tony Bourke, Ethan Banks and Ivan Pepelnjak. Keep an eye out for their slides when posted, because the content was intelligent, informative and thoughtful. Ivan even let me heckle him without retribution during his presentation. The week’s highlights included dinner with two cool, highly accomplished women in IT; Tamar Newberger and Barb Goldworm. Then, an evening with the first CCIE, Terry Slattery.
Now the bad: Software Defined Networking (SDN) has become the latest industry unicorn poop to permeate every piece of vendor marketing propaganda. It was ubiquitous and I even expected to see it listed as an ingredient in the sandwiches at the conference snack bar. The event floor was also extremely loud, with the noise making it difficult to get any valuable content.
The ugly: yes, there were booth babes. Ethan and I even saw one with a tiara, which I immediately posted to Twitter. Not as many as in the past, but they still seem to have a hold on the industry and it’s disheartening. I really don’t get what these companies are thinking, because the concept adds no value and continues to alienate female professionals.
But enough blathering. Without further ado, my abstract and presentation slides for those who didn’t get a chance to attend.
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.