Wednesday, June 19, 2013

Nice Visio Draw for Dual Cluster Network Devices (Firewalls, Routers, Switches)

There are two External Firewalls and Two Internal Firewalls. Between them, there are two different zones connected, web DMZ zone and mail DMZ zone.

10 Suggestions for how to be a successful Network Consultant

Having spent over twenty years in I.T. and over seventeen years in networking, Iíve worked with a lot of Network Engineers. Career progression has always been a hot topic. Iíve always been interested in learning how people have found themselves in the job they now do.

Until the Cisco certification bandwagon really got going about twelve years ago, there was very little structure in the profession of ëNetwork Engineerí. People tended to be measured on the manufacturer courses theyíd attended and the bragging they did about the networks theyíd designed, fixed or broken. I was always more impressed with the size of the broken networks. Anyway, now, thanks to Cisco Career Certifications we have a method of ëmeasuringí peoples networking ability which other networking vendors have copied. However, speaking as someone who regularly hires Network Engineers, youíre going to need a bit more than a freshly printed CCNP certificate to convince me that you should be let loose on our customerís networks.

The goal of most Network Engineers I meet or interview is to become a Consultant. Usually their motivation is ëcareer progressioní which will lead to better salaries and enhanced recognition amongst their peers. Often, having the title ëConsultantí is more important than being a consultant. Most people understand that there is no short-cut or boot-camp that will make you a consultant; itís a combination of knowledge, experience and good judgement.

Here are ten things that Iíve learnt and that I will think will help any Network Engineer develop towards being a consultant.

1. Assume you know nothing and take time to understand your customer. Listen to your peers, listen to your customers learn from their experiences. There is always someone who knows more than you and he/she maybe across the table from you listening to your ëdrivelí. Understand your customer, understand their needs, understand their frustrations, understand their motives and understand their skills. Listen to what they have to say and try to empathise with their problems. Generally Networks are built to enable business, make sure you understand that business.
2. Develop your soft skills. Consultancy is about communicating your ideas and opinions. A lot of great ideas have been lost because of a failure to communicate them. Learn to use Visio (or whatever drawing package youíre comfortable with) time spent learning to use the many features of Visio is never wasted. Also learn to use Word, Excel and PowerPoint (please, please donít start arguing the merits of open source software and explaining that Microsoft is Satan come to Earth in a software format; youíre here as the network guru, remember). When you have to present your findings or communicate your ideas, think carefully about how you are going to do it. A picture or graph is generally better than a 100 words. Understand your audience and be aware of their attention span.
3. Learn to write Management Summaries. Why? Because managers make decisions, I’m sorry thatís generally the case in most organizations. They hold the purse strings, are very busy and donít always have time to read your 56 page analysis of why migrating to OSPF from EIGRP would be a really cool thing to do. Itís a sad fact of the ëcomputer ageí that peopleís (especially managerís) attention spans have shortened due to information overload. They tend to read the beginning and the end of a proposal and ëskim readí whatís in between. Think of the Management Summary as a trailer to a movie, a good Management Summary will get the reader interested and read more of the document. If you want to convince someone to take a course of action then the Management Summary is the place to focus onÖ.. Sad but true.
4. First impressions do count. Whilst a freshly printed CCXP certificate may impress your mates and your Mum, it wonít impress your average IT Manager whoís network is in meltdown. His first impression of you will be what you look like or what you sound like. So make it count. Listen to what they have to say and choose your first words carefully. Acting like an expert is a lot easier than sounding like an expert, try and keep the impression going for as long as possible.
5. Donít alienate anyone. Generally IT projects or major troubleshooting events involve people from various aspects of I.T. as well as the ëvictimsí from the Business. They all have an opinion and they are all generally experts in their own areas. Respect their knowledge. They may be bigoted, opinionated and anti-networking, but it is your job to gently show them the error of their ways and guide them to the path of enlightenment regarding TCP/IP. Plus the fact, it may actually be the network at fault and you may end up needing their help.
6. SNMP Management, Syslog Collectors and Packet Sniffers. Learn how to really use these tools. SNMP runs on almost everything in the network and itís just sitting there with the answer to a lot of problems. You just need to know how to pose the right question. Analysing syslog messages takes time and requires patience but it often helps uncover the cause of a problem. Having WireShark on your laptop is all very well, but do you know how to write filters, use regular expressions and follow a TCP conversation?
7. Fix the cause and not just the symptoms. When troubleshooting your goal should always to understand what caused the problem and how it can be avoided in the future. Any fool can clear up an oil leak, but it takes skill to stop the leakÖ. And even more skill to preventing it happening in the first place.
8. Document everything. When troubleshooting, if you donít fix it after your first tracert, then get out the notebook and start drawing diagrams, noting down changes and recording when things happen. When youíre designing a network make sure you get all the information together in one place. Requirements, performance information, data sheets, test results, etc. It may be you that has to come back to fix it or upgrade it.
9. Only use agencies as a last resort and write good covering letters. When you feel the need for a new job then do your research, pick the industry, location and environment carefully. Take time to write customized covering letters for your cv. Remember, to a Recruitment Agent you are worth between 12 – 20% of your Year 1 salary, so most of them would have no qualms about putting you in a Russian Gulag if they happened to be paying well. Approaching a prospective employer direct shows initiative and can save them a lump of cash. Make sure you understand their business.
10. Stick to Networking. If a customer tells you that their marketing department have decided texting is going to be the start of whole new social networking paradigm, then just agree with them and build the network. Remember, we are Networking Gods not Marketing Guruís.

Three Layer Designed vs Layer 2 MultiPath Design

data centre designs shifting from “North-South” type designs to “East-West-North-South”

Explaining L2 Multipath in Terms of North/South, East West Bandwidth

15th March 2011 by Greg Ferro

In a number of Packet Pushers episodes, I’ve been referring to the nature of the data centre designs shifting from “North-South” type designs to “East-West-North-South”. Lets dig into this terminology a bit and show us

Spanning Tree is always North / South

I’m reasonably confident that most people who read this will comprehend how a switching network will use spanning tree to create a TREE.

It will look something like this where the sore switches are configured to act as the ‘root’ of the spanning tree, and traffic flows to core to the edge. More correctly, traffic always flows from edge to core to edge and always in a fixed direction. Because we tend to draw the core at the top of the diagram, and shows connections to the distribution and access layers as connecting down the hierarchy, we tend to see a ‘top to bottom’ or north-south distribution of data traffic flows.

Where this model fails, is that bandwidth between servers that are on two branches must cross the core of the network as shown in this network diagram.

The Weakness is the Core Switch Interconnect

The challenge with this is that the connection between the core switches can become heavily overloaded, especially in networks where the server fanout is large and commonly occurs in heavily virtualised network. To some extent, this is a new problem. Previously, the core switches would be interconnected with an EtherChannel that would provide multi-gigabit connectivity, and recently we saw the introduction of 10GbE ports which allowed for further increases in the core capacity.

Now that servers are connected and 10GbE, and the addition of storage data means that sustained traffic flows have increased, and not just by twenty or fifty percent. Storage data (whether iSCSI, NFS or even FCoE) means that these designs won’t last much longer.

Currently, it’s convention to locate the storage arrays close to the core network switches so as to reduce the workload in the branches of the tree which isn’t a bad strategy. But this doesn’t account for the East-West migration of virtual machines.

Layer 2 Multipath Switch Networking

Layer 2 Multipath (L2MP) refers to the recent developments in Data Centre networks where the core switch can no longer handle all the load. That is, if you have a three hundred physical servers and each physical servers hosts twenty virtual machines, then the gross data load including storage traffic will easily exceed the interconnect. We talk about the development of data centre models that support east-west traffic flows.

In this type of design, we can see that a L2MP core, regardless of the type – Big Brother or Borg style, means that bandwidth does not choke around any specific point in the network. So not only does the network support the traditional North/South bandwidth alignment that we have today, which creates artificial limits on how we can locate and distribute servers inside existing data centre networks, we are now able to provide East/West bandwidth to support loads that are dynamically moved around the data centre with a lesser degree of concern for key choke points that exist in legacy designs.

This especially applies to converged network where the storage data creates new loads that increase the sustained usage of the Ethernet network.

Scale

Also, because hot spots can exist in the network core as traffic loads migrate around the network edge points, the L2MP allows for additional connections to be added as needed. Note that adding does not have the potential service impact and risk profile that making changes to spanning tree presents. Therefore, the network becomes more flexible (or less “crystalline” is the term that I use).

Note that the terms Borg and Big Brother are fully described inhttp://blog.ioshints.info/2011/03/data-center-fabric-architectures.html blog post from Ivan Pepelnjak.

The EtherealMind View

It’s worth noting that these changes are key to successfully addressing the networking requirements for virtualisation. Hopefull this helps to explain some of the reason that new switch architectures from Juniper and Cisco that relate to Fabric networking are important.

Bisectional Bandwidth

It’s worth noting that this problem is also related to the topic of Bisectional Bandwidth and the measurement of the server to server bandwidth as a function of the architecture. I wrote about this in this blog post : http://etherealmind.com/bisectional-bandwidth-l2mp-trill-bridges-design-value/

Rules of Writing Designs

EtherealMind’s Rules of Writing Designs

**Rule 1 – A Design Document is not an english creative writing project**

Forget school. Your writing isn not going to be marked by your English teacher.
It’s a statement of fact. There is no reason for creative writing.
stick to the facts, just the facts, and forget style.
don’t use fancy words unless they are technical fancy words.

Rule 2 – A design doesn’t get “read” it gets “used”.

Therefore layout matters less than facts, data, details and raw information.
Formatting doesn’t matter. Really.
It shouldn’t read like a book.
It won’t be published.

Rule 3 – Never write a paragraph when a bullet point will do.

If you are writing in paragraphs, you are wasting time. Use bullet points
A bullet point makes you focus on the data, instead of waffling about grammar.
Brevity means less mistakes because of bad interpretation.
You spend less time typing

Rule 4 – A bullet point should always be used instead of paragraph.

see previous rule.
only exception is the introduction, where you put some business background to the project.

Rule 5 – Use Diagrams

a diagram is better than a bullet point ninety percent of the time.
it’s possible to produce an entire design in diagrams ONLY.
Diagrams will be used more often, and stay on peoples desk for longer than a any paragraph or document.
Use diagrams.

Rule 6 A good table replaces even more paragraphs.

for moments when all else fails, and you think you need a paragraph ? Use a table.
tables carry almost information as a diagram.
most useful for “why”. Left Column = reason, Right Column = how, why, what.
and bills of materials.

Rule 7 – Never use adjectives, that’s what sales people and project managers are for.

any words that end in “-ly” should not be used.
the only opinion you are allowed to express is about technology.
Even then, I’m dubious.
weasel words are not allowed.

Rule 8 – A Design never needs more than four levels of headings.

Really, any more than four means your document outline is faulty.
make sure you know how to use the outliner feature of your word processor.
make sure you understand why you need to outline a document before you start.

Rule 9 – The design process goes from least specific to most specific.

Thus the Business Plan becomes High Level Design becomes a Detailed Design becomes a Operational Document.
Each one contains more and more specific information, and less and less words.
No exceptions.
if what you write isn’t more explicit than the previous document, then don’t write it.

Rule 10 – Use appendixes for irrelevant information that you think is relevant.

If you have any doubt about whether something is completely relevant, then use an appendix.
better yet, use a reference to an external resource.

Rule 11 – A Big Document is a Failure

use references to external documents and web sites
assume that the reader knows something about the topic. You don’t need to explain everything.
You will need to explain some things, that’s the purpose of the design.
You don’t get paid per page.
People won’t review a long document, and then your errors / mistakes get missed.
you waste your own time editing it.
no one will read it.
don’t fall into the trap of big documents are better. They are not.

That’s it.

Go and Design Something.
Do your research and testing.
Always document before, during and after. Especially after.
make it short, simple and it will be sweet.

Network Designer vs Network Engineer = Painter vs Artist

f you were a Painter, a really good painter, you would have skills and expertise in painting. You might understand your brush, how to make one, what hair is the best type for a given finish. You might practise on using different shapes, different hair and different movements. You might also be able to make your own paint, mixing the raw materials to produce the different colours. You could grow your own herbs, gather your own minerals and grind / boil and fix them to make your own paints. Your experience knows how to apply the paint, to combine your physical movements with the nature of the paint, surface and other factors to .

But to be an Artist, you would also need to understand shape, form and colour. You would spend time thinking about composition, and relationships, and creating a narrative within the picture frame. You would consider and practice, draft and draw elements of the picture, carry out preliminary sketches and form drawings until you captured the essence, the very spirit of your art. You would also need to have a relationship with those who might buy, or display, or commission you work – you wonít be a serious artist if you canít survive, and you wonít be serious if you donít practice your art every day.

A Network Engineer, a really good engineer, should have skills that knows how to trace, to detect, to debug. You should know how the network is connected, and why data flows that way, and not this way. What is its purpose ? What are the elements that join together, that are mixed, to provide the data flow from end to end. And then, make the fix.

But to be a Network Designer, a really good designer, also needs to understand the network, the entire network, and all of the elements that make it up. You should see the form and shape of the entire system, and the external factors that make it the way it is. You should understand what the you can do, with the materials available, and how you can touch-up the picture, to change that shape, to add a little character there. The business factors that created the opportunity, and restrict the picture from being great.

Tuesday, April 9, 2013

中国互联网地下利益黑客色情黑公关

冯大辉（Fenng）曾在其微信公众帐号“小道消息”上分享了一则关于“黑客”的故事，文章颇具传奇小说的风格，不少人读过之后表示“无法相信”。Fenng对此评道：“质疑的人或许并非无知，只是事情超过了他们的认知范围。中国互联网的三个世界，在地下世界发生地事情，地面上的人永远不知道是怎么回事。”

而关于“中国互联网”的三个世界，Fenng也早在2012年年初就提到过这个归类方法：“在中国，存在三个互联网形态。一种是媒体给人灌输的互联网，以海外IPO为目标的；一种是草根互联网，低调掘金，如迅猛龙般彪悍；一种是深藏地下的互联网。”

51.CA 加国无忧

这个分法，大致上是合理的，如果对应其实际的案例，第一类是属于“空中互联网”，通常保持在媒体视野之内活动，有着从西方借鉴过来的成熟的商业模式，比如大家熟知的百度淘宝微博等。第二类是“地面互联网”，贴着地气生长出来的原生态产物，极具草根和市井特色，一般都在埋头挣钱，鲜有媒体关注——过多的媒体关注对它们而言也不算利好之事，代表有9158（年营收破10亿的视频交友网站）、5173（中国最大的网络游戏交易平台）、雨林木风（以盗版Windows系统发家，现已洗白）等。

第三类的“地下互联网”，尽管涉及许多见不得光、游离在法律边缘的行当，但它也并不完全等同于一个法外之地。更多时候，无论是为了自保还是业务的安全需求，他们都不会主动的浮到地面上头让人发现。然而，在很多时候，地下互联网都无意中直接或者间接的影响着普通网络用户的生活环境，甚至参与制定过一些地上互联网世界也必须遵从的规则。加国无忧

在这里，我可以讲一下我所接触或者经历过的，地下互联网庞大冰山里的三座山头，它们平时可能只是以书面上的词汇形式为人所知，然而，毫不夸张的说，它们真正意义上左右着中国互联网的某些时局。

第一座山头，叫做“黑客（Hacker）”

在理论上，目前对于黑客的定义存在着比较重大的误读，简单来说，这个源自美国计算机业界的舶来名词本意上是用来形容对计算机技术有着深入研究、捍卫自由共享的网络精神、偶尔会利用技术优势做做恶作剧的电脑高手。只是猛兽易伏，人心难降，在私欲的牵引下，有些具备黑客技术的人走上了恶意破解商业软件、入侵服务器系统以谋取利益的道路，这些人被称为Cracker，而这里所讲述的山头，正是Cracker的领地，但是为了便于理解，暂时也将Cracker译为黑客，大家知道实际区别就好。加国无忧 51.CA

许多媒体曾经或多或少披露过的“黑客”新闻，多半也是属于这类，在媒体的笔端，这类黑客似乎都是来自鼠标和键盘的混种天才，足不出户便能闯入任意网民的电脑里，盗取各种信息资料，或是轻易入侵各大网站，还能删改网站首页留下“到此一游”的得意战绩。这些报道，多以道听途说、或是采访已被公安抓捕的网络敲诈犯为信息来源，既有夸大之处——黑客通常必须要有“木马”等程序作为桥梁进行入侵，否则无法单凭网线就去操作任意指定用户的电脑，也不乏低估的地方——很多因为犯事而被曝光的小黑客其实属于黑客产业链的最下游，只是凭借在交易平台购买的暴力破解或攻击软件，以极小几率入侵了某些防御力量实在薄弱的网站数据库，实现了盗取帐号密码的目的。

真正入流的顶级黑客，他们其实都是一群生意人。

生意人有个特点，他们擅长玩的是交易，用一些东西换另一些东西，再用另一些东西换别的更多东西，最后获得自己想要的最大利益，而这个看似是技术密集型的行当，在他们的掌控下沦为了一个劳动密集型的行当。

2009年5月19日，这是中国互联网历史上的一个标志性刻度。有印象的网民应该都还记得，在这一天晚上9点左右，全国范围内出现了大面积断网事件，超过23个省份陆续出现网络中断或访问受阻的现象，持续了数个小时之久。而后，电信运营商和工信部把黑锅盖到了暴风影音头上，称“由于暴风影音客户端软件存在缺陷，在暴风影音域名授权服务器工作异常的情况下，导致安装该软件的上网终端频繁发起域名解析请求，引发DNS拥塞，造成大量用户访问网站慢或网页打不开。”而事情背后的真相却是，暴风影音虽然也应当为此承担部分责任，但它的确也是货真价实的受害者之一。后来有少数媒体对事件缘由作了较深的挖掘，发现是黑客在攻击DNS服务商的时候，致其服务器宕机，而暴风影音的域名解析正好处在这台服务器上，而拥有千万级用户规模暴风影音当时会在用户的计算机上残留一个用于监测状态和弹出广告的进程，这个进程在回传信息的时候遇到服务器堵塞，继而因为暴风影音的设定机制不断累计往回发送请求，最后直接弄瘫了中国电信的DNS服务器，让全国网友都断了网。

为什么黑客攻击能够引起如此震动的影响？这背后的利益关系核心，却是另一个行业：网络游戏。这里所称的网络游戏，是所谓的“私服”。中国曾经最大的网络游戏产品《传奇》在源代码发生泄漏之后，实际上就变相的成为了一个“开源”的游戏产品，任何稍具技术的用户都能自主的搭建《传奇》游戏的私人服务器，提供经过修改后的、在某些方面比官方更加“刺激”的《传奇》游戏。而基于庞大的用户付费基础，中国大地上如雨后春笋般一度出现了千万个《传奇》私服——具体数字比后来的团购网站巅峰数量更多，于是有些大的黑客就盯上了这个群体。

《传奇》私服在宣传时一般都需要搭建一个网站，用来提供游戏服务器的IP或登录器下载——这是用户进入其游戏的唯一入口，而黑客就瞄准了这个为私服运营者提供收入支持中不可或缺的入口，每天扫描新开的私服网站，向手底下的“操作者”发送攻击指令，后者通过常规DDOS或其他更高明点的手段将目标私服的网站攻击瘫痪，中断用户入口，再联系私服运营者，索要数千甚至上万元的“放弃费”。如若遭到拒绝，则进一步攻击游戏服务器，导致玩家无法正常游戏，彻底断掉私服运营者的财路。高峰时期，中国每天都有上百万台服务器受到这类黑客的操控，用于威慑和打击私服网站及服务器，而私服运营者方面因为本身就是违法生意，根本无法寻求警方协助。（这从侧面似乎也证明了私服行业的惊人暴利，在黑客、官方的双重打击下仍能前仆后继……） info.51.ca 无忧资讯

而519断网事件，就是由一伙黑客在打某家《传奇》私服的时候，直接攻击到了后者服务器所在的DNS服务商身上，进而引发暴风影音的连锁反应，酿成大祸。这让工信部第一次意识到了互联网在政治之外的风险，曾有网警单位试图打入黑客关系以及病毒产销链的内部，但皆因身份伪装失败而遭泄漏，不过也起到了一定的威慑作用。2010年3月，工信部低调推出了中国通信行业网络安全的首个部级指令《通信网络安全防护管理办法》，确定了电信管理机构的行政权力，还给公安部门下了任务指标，不少地区兴起“抓捕黑客”热，最终的结果可想而知：一些在网吧里自学简陋的攻击软件的青年被当作涉案重量级黑客锒铛入狱，而真正有能力的黑客则开始将研究重点由“入侵”转移到“隐匿”上，反倒间接的推动了中国加密数据网络技术的水平提升。 51.CA 加国无忧

还有更多单打独斗的黑客从事的是“信封”交易，通过自己编写的软件将恶意代码注入某些防范不严的网站数据库，造成用户数据的外泄（或者入侵大型网站后在网页上挂木马）。2011年年底CSDN遭到“拖库”攻击被黑客拉出600万用户的明文帐号密码，即为一例。经过这种方式拿到的帐号和密码，通常会由黑客使用另外的程序进行各种主流的软件或游戏进行交叉验证，比如，你在某论坛的帐号和密码被捕捉到之后，黑客会用此帐号和密码去撞QQ、各大邮箱、各大网络游戏等地，如果恰好有人帐号和密码在这些地方亦保持一致的话，则被封装为信，成为一件商品。这些被称为“信封”的文件被拿到批发市场上进行交易，由购买者再去挖掘更多用途的价值——比如购买了某网游信封后，就可以去盗取该网游帐号的装备，而在购买了某QQ信封后，则可以操纵这些QQ号去找好友行骗等等。一名已经洗手不干的黑客曾透露说，中国市场上待价而沽或正在交易的“信封”超过了二十亿封，年产值在百亿人民币规模。

逐利的黑客更有着“养号”的习俗，若是将木马或者后门程序种到用户的计算机内，则会盯上一些暂时没有价值、但可能会有升值空间的资料，比如级别并不高的网游帐号，待到该帐号成长起来产生价值之后再来“收割”。这类黑客倒是对360等安全软件抱有某种程度上的“谢意”，因为就他们的样本来看，没有安装安全软件的用户，重装系统的频率要比装了安全软件的用户高出太多——很多用户会将重装系统当作清理电脑的一项手段，而重装系统对于90%以上的本地木马或是后门程序都有着毁灭性的打击。

在中国，广东、福建是黑客聚集较多的地区，产业链上游的黑客，基本上都有着实业，我所知道的一名黑客，开着三家夜总会和一个茶庄，泡着古玩和书画市场，每个月抽一天的时间去他控制的工作室查账、开会，连他的老婆都不知道他的真实面貌。还有一名黑客，白天在一所专业学校里教计算机课程，曾在一个晚上打掉某著名游戏厂商的整个数据库，被该游戏厂商悬红百万人民币通缉，而他就在自己被通缉的期间，迎娶了该游戏厂商的一名女策划，后者对他愤恨说某黑客让自己公司蒙受损失并影响了自己的年终奖，他只是笑着安慰。

在黑客这个圈子，大的瞧不起小的，认为后者太过张狂，不仅扰乱市场，而且会招来不必要的政府关注。而小的都憧憬大的，并希望自己能够早日成为大的，所以常有急功近利的事情发生。一名年仅十九岁的黑客曾经黑掉了某个地区政府的官方网站，目的只是想要将成果展示给他的朋友欣赏，后来他被警察逮到，预计直到不惑之年才能再见天日。

另外，在媒体的渲染下让很多人谈“黑”色变的直接盗取网银钱财的黑客行为并不多见，因为此时，黑客的攻击对象并不是毫无议价能力的普通用户，而是国家金融机构，一旦被发现，后果不太能够承受，而且当越来越多的网银将手机验证作为交易环节之一，网银的壁垒也的确相对较高。与其冒着风险和难度来入侵银行的对外系统，一些小黑客更喜欢借助钓鱼页面的形式来诱导用户在虚假的网站上展开交易，再来借机引导被欺瞒的用户将钱打入指定账户。而大点儿的黑客，他们可以私下演示如何入侵大型商业公司甚至国家安全系统的能力，但是一般不会动里面的东西，只是不留痕迹的出入而已。

基本上，因为某些行规和自我保护的因素，中国的黑客圈子秘密很多，外流的极少，甚至有时会有意放出一些极其夸张或者与事实大相径庭的消息，干扰外界视线，达到隐蔽目的。他们大多认为黑客是一门吃青春饭的生意，希望早日当上“老板”，指挥后辈在前线冲锋陷阵，自己坐享其成，而出于职业习惯，他们也对生活中的许多事物保持相当高的敏感神经，每周注册一个新的QQ、重要代码写在本子上不往电脑里存、笔记本电脑的摄像头永远贴着不透明的胶布等，都是常见的现象，因为过度紧张和集中注意力，神经衰弱、睡眠质量奇差、脾气不好都是黑客们的职业病。

色情

接下来要说的第二座山头，叫作“色情（Porn）”

在世界上的绝大多数国家，色情业都是合法的存在，而在中国，由于国家体制的原因，色情业仍然处于法律的敌对阵营里。但是，食色性也，作为人性的原始需求，色情网站满足了网民对于欲望的部分需求，根据BusinessInsider的一份报告数据显示，色情网站占全球网站整体数量的12%，其总体流量占比可能逼近整个互联网流量的三成左右。 51.CA 加国无忧

尽管在中国，色情行业（及网站）都是非法产物，但这也无法遏制某些城市成为举世闻名的“性都”，也造就了如草榴社区这样的色情网站集群。

草榴社区创建于2006年，服务器在美国的科罗拉多州，时值中国曾经最大的色情论坛情色六月天东窗事发——其服务器虽然设在美国，但是论坛的主要管理员却都是不折不扣的中国人，又因内部斗争（主要为收入的分配）而造成不和，最后被山西省公安厅将部分论坛管理者抓获在案。草榴社区充分吸收了前辈失足的经验和教训，基本上不会设置太多的论坛管理者角色，即使需要存在的某些拥有管理权限的帐号，也都是不会在社区里发言和互动的（早期有过，但是后来就隐匿掉了），这样就尽可能的避免了信息外泄或者产生纷争的风险。而草榴社区的实际控制者，都有着海外国籍，受到他国法律保护。

因为目睹太多由利益而起的纠纷最终牵连网站的案例，加上草榴的主要创始人（几名美籍华人）家境尚好本就不算缺钱，所以并没有在盈利上花太大功夫。因为草榴社区一直是免费运营的政策——除了小范围内的展示型广告、网盘链接分成之外，都没有太多商业化的机制，这使得草榴社区的“名声”一直很好，一个不弹广告窗口、也不限定用户购买VIP方可浏览的色情论坛，怎么可能不受欢迎呢？2011年6月，草榴社区曾经尝试开放注册一天，结果一夜之内多了十三万新注册用户，管理方发现这样下去数据库会崩溃，于是就继续采用邀请注册的机制至今。

但是草榴社区并非是中国色情网站行业的翘楚，它只是色情影片进行分销的一个主要渠道，更上游的，是那些收费运营、更加隐蔽的色情网站。借助P2P的共享模式，下载色情影片成为了中国网民接触色情信息的主流方式，而影片并非凭空出现的，它的片源在日本、欧美等国家以商品的形式存在，那么这中间就需要当地华人掏钱去将光碟购买下来，再将其转码成为网络流行的AVI或RMVB等文件格式，制作成种子之后上传到色情网站提供P2P下载，这些人属于“发片员”。“发片员”少数是义务性质，大多还是会从色情网站的运营方那里拿到费用补贴，而后者则利用他们带来的影片更新内容，吸引用户下载、传播、付费。而有些用户则以这些种子作为资源，将其分享到草榴社区等网站，造就了后者的繁荣。

能力出众的“发片员”，甚至会在论坛里享有至高的特权，比如18P2P著名的“nike”（用户ID），这是一名香港网友，本身从事的就是色情影片光碟租售业务（在香港合法），因其能够以每天几十G的网络发片规模持续了好几年而闻名于世，在网络上一度有80%以上的日本有码片源都是出自他那里。18P2P对此贵客也是多方担待，明文告示任何人不得打扰nike，包括在其帖子下面回复攻击性言论、或是发送论坛短消息给他求片等，都会直接遭到封杀ID的处理。nike最终因为自己要结婚以及其最爱的AV女优松岛枫传出退役消息，而退出江湖，真正的“深藏功与名”，只留下传说。

苍井空在中国走红，日本AV圈内其实是不太待见的，因为作为一个在日本完全合法的行业，色情影视业仍然是一个通过销售光碟赖以为生的产业，对从业者、发行商的回报完全由顾客购买决定。色情AV在中国市场几乎是一个纯P2P的分享模式，在一个无视版权、甚至连色情本身都不合法的国家转而借助从影片中积累的名声进行变现，无疑释放出一种“鼓励中国人继续盗版日本的色情AV”的信号。不过苍井空也只是个案，无论是政治还是性文化上都呈保守姿态的中国，对待色情产业并未出现与它对待其他经济产业表现出“大力招商引资”的积极态度，2CH（日本最大的综合社区）上曾有一名日本网友十分疑惑，“为什么中国可以将土壤和河流都污染到百年后仍会残留剧毒的程度，却在色情信息上试图建设一个谁都知道真相但谁都不说出真相的伊甸园呢？”除了苍井空之外，与中国走得比较近的，还有常被中国一些酒吧请来站台甚至还和某情趣用品品牌合作亲自充当模特的小泽玛莉亚、分别出演过香港电影《3D肉蒲团》和《一路向西》的原纱央莉和希崎杰西卡、以及同样在新浪微博上拥有大批拥趸的长相酷似周杰伦的AV男优东尼大木等人。

在中国市场，运营得比较好的色情网站，一年收入大概可以达到千万人民币的规模，扣掉服务器及兼职人员（版主、发片员等）的成本，运营方可以入手数以百万计的净利，如果除开法律隐患，还是非常吸引人的，而且色情网站的运营方能够收获独有的荣誉感——整个社区的用户都将管理员们当做神一般进行膜拜，这种体验更是让人很为受用。去年，某色情网站的一名版主（美籍华人）回国探亲，天天都有当地网友排着队请其吃饭，其中不乏富有的私企老板，开着奔驰带他体验家乡变化，还说“虽然（自己）现在也常远赴东莞，但是发迹之前都是靠着他（指这名版主）在论坛上发的片子度日，实在感激不尽……”

除此之外，还有一些网友并不满足于对着电脑屏幕的异国女优浪费卫生纸，于是有着更多类型的网络经济，用于迎合这种寂寞和欲望交织的需求，包括真人视频、买春交流、夫妻换偶等。但由于更加踩住了法律的黄线，所以多数都只局限于小圈子范围内，除非运营方想钱想疯了，否则不会做出过多的声张。我认识一名无业的中年男性，全靠他的妻子通过在网上出售原味丝袜养活，一个月的家庭收入可以超过30万人民币。

黑公关

第三座山头，是“黑公关（Gangsterdom PR）”

和“骇客（Cracker）”牵连了“黑客（Hacker）”一样，“黑公关（Gangsterdom PR）”也干扰到了人们对于“公关（PR）”的定义和看法。

“公关（Public Relations，简称PR）”是由美国传媒行业在20世纪初创造出来的概念，属于管理功能，意指“组织机构与公众环境之间的沟通与传播关系”，随着舆论经济的发达、Edward L.Bernays这类学者的推动以及《公关第一，广告第二》等营销经典教材的风靡，正式成为政府和企业的一门必修课。

从事公关行业能够明显察觉，公关对于其理念的忠实程度和它所在的地缘政治的媒体自由及社会民主程度呈标准的正比趋势。也就是说，一个国家或者地区的媒体越是落后、越受限制，政治体制距离民主精神越远，那么公关在这片土壤上就越容易演变成为一个与其原生概念完全不同的产物。这个不仅是在公关行业，干过啤酒渠道拓展业务的应该也都能体会，想要在中国一个县级城市的餐馆里推广某个品牌的啤酒，与其啤酒的口味、品牌、广宣等内容都完全无关，只要搞定当地负责某个片区的地头蛇，后者自然会带着人马去帮你规定区域内的餐馆必须买进什么啤酒。无忧资讯

在中国互联网这个受法律和体制约束更小的世界里，有很多实际上是公关无法实现的功能需求，都是在由“黑公关”以“公关”的名义在行事。和“黑客”利用技术实现目的的方式不同，“黑公关”里的技术含量甚少，更多的是在四两拨千斤，用资源作为杠杆，对目标进行打击和讹诈。

神州租车曾计划在2012年启动上市，但是几乎是在消息传出的一夜之间，各大主流媒体、社交网络上都出现了关于神州租车的负面新闻，且用词相当激烈。神州租车的董事长陆正耀后来在微博上咆哮，“没完没了的水军攻击、伪装成客户向媒体爆料，居然还买广告版面发我们的负面，我怒了！”也是出于对“黑公关”的不堪招架。2012年4月，神州租车估值被一级级的调低，最后基本上缩水得看不到回报率，只得临时退出上市程序。无忧网 - 51

《深圳商报》曾经有过一篇《黑心公关“猎杀”上市公司》的简单报道，揭露了一些企业在上市前夕会被人为的盯上，瞄准企业为了顺利上市而“谨小慎微、希望顺风顺水”的心态，以胁迫的方式谋取利益，如果企业配合，“黑公关”机构就愿意顺水推舟高抬贵手，做一笔人情买卖，若是企业拒绝配合，那就会有“从中作梗”、“故意找茬”的事件频频发生，在企业上市的步履下使绊子。

“黑公关”一般掌握有多种形式的资源，平面及网络媒体、业界名流、水军都是常见资源，3.15等特殊时期更是有着堪称“核武器”的曝光机会，用“翻手为云、覆手为雨”来形容并不过分。向筹划上市的商业公司进行“勒索”虽然单笔利润丰厚，但从频率上来讲却是可遇而不可求，更多的时候他们都会“自造”机会。 - 多伦多 51 网

包括很多门户在内的一些网站，由于人力成本的原因，一些有着长尾价值的二级频道无法自营，便会外包给一些公司，由后者每年缴纳一定“代理费”，然后独立运作代理的频道，自负盈亏。不少“黑公关”也盯上了这块肥肉，拿下代理之后，利用该频道因为隶属门户网站而能够被百度等搜索引擎的新闻栏目爬虫索引收录的资格，逐家的找频道主题相关的企业索要广告费用，如若遭到拒绝，就会开始不断的曝光企业负面，而中国的很多网络新闻站点又存在着“采集”这一内容组织模式——即为了填充内容更新，网站和网站之间会互相转载新闻信息，这导致企业的负面信息会在短时间内变得极其庞杂，进而影响企业的订单、投资等收益。这时，“黑公关”再会以另一家壳公司的名义，上门“点拨”企业，贩卖删帖生意。这就是为什么我们会从很多地方看到对删帖公司“神通广大”的渲染，其实有些时候并不是他们有能力去“删”帖，而是帖子本身就出自他们，他们只是将帖子作为商品进行“下架”处理而已。加国无忧

当然，也有“黑公关”出过事，当一个狠人遇到比自己更狠的人时，如果察觉不到危险，一定会吃亏。360的周鸿祎就是这么一个更狠的人，故事其实业内都知道，周鸿祎说你把你的老大叫上一起等我，我带钱过来，然后自己没去，叫手下带了警察过去，人赃俱获的把对方给端掉了。但更多的企业没有这个胆识，一来在中国这个环境，没有一点小辫子存在的企业实在少之又少，二来企业本身也会顾虑能否做事做得“太绝”，用钱能够解决的问题在大多数情况下其实都不算太大的问题，如果惹怒了对方，导致用钱解决不了的报复上门，那时的摊子才更加难以收拾。

至于一些杯弓蛇影的媒体，将“黑公关”描绘为日进斗金的暴利的产业，倒也没有那么夸张。有从业人士对我吐过苦，寻找要黑的目标其实也是一件十分困难的事情，小的企业，它根本不在乎，你发他成百上千篇负面，可能反倒帮它做了宣传，而大点的企业，也都开始重视对法务部门的建设和投入了，万一引火烧身，也是得不偿失。而且在中国做生意并非完全靠市场，像蒙牛这样的厂商，无论是真的出事还是被黑，它的业绩还是很好，原因很简单，它搞定了工商（政治渠道）和货架（销售渠道），给消费者提供的是一个单选局面，又怎么会真的害怕舆论口碑呢。

可以说，“黑公关”只是一种极端的、越界的灰色模式，它的内核精神——“强买强卖，否则就不客气”在地上互联网世界也有着文明形态的存在：做过网站的人都知道，哪一天百度竞价排名的销售打电话上门来了，就意味着好日子的终结，如果不成为百度的付费客户，那么很快，你的网站在百度那里的收录数量将会急剧减少，你的客户无法或者很难从百度上找到你；而当美国互联网的“门户”模式都濒临破产的时候，中国的“门户”网站仍然茁壮成长，这里面也有美国互联网难以企及的一些因素，很多广告位在卖给企业的时候，企业投放的心态都是“花钱消灾”……

“黑客”、“色情”、“黑公关”并非地下互联网世界的全部，还有一些与“炒股”、“赌博”等主题相关的产业链，也在大众视野之外很是滋润的运转着。换句话说，只要能够保证利润的灰暗地带，都会有真菌孢子的滋生。中国媒体曾经从卡尔·马克思的《资本论》中引申出一句话，说的是“如果有100％的利润，资本家们会挺而走险；如果有200％的利润，资本家们会藐视法律；如果有300％的利润，那么资本家们便会践踏世间的一切。”这句话本身逻辑存在硬伤，而且其实也不是《资本论》里的原文（而是中国当年在翻译中增加的注解），但是它所指向的现象是被广泛证明了的，环境污染、食品隐患等社会矛盾的原因皆出于此，地下互联网的存活根源也不例外。

德国哲学先贤黑格尔在《Grundlinien der Philosophie des Rechts》中提出了“存在即合理”的辩证逻辑，所谓“合理”，常被曲解为“合乎道理”，实际意指的应当是“并非偶然”。在本文末尾，我想借用来解释地下互联网世界的存在：互联网不是一个脱离现实社会的时空，恰恰相反，它由现实社会中拔根而起，同时汲取了文明的黑白两面，无论是地上、地面还是地下，生长出来的果实都是同根同种，有一些无法公开的需求和意图，并不会凭空消失，陷到地下，自然有被满足的机会。我们没有必要上纲上线，时间的流逝、法制的完善、、科技的进化、文化的变迁会来解决这些，在那之前，不妨安然旁观，“让上帝的归上帝，让凯撒的归凯撒。” 无忧资讯 info.51.CA

Monday, March 18, 2013

关于IaaS的四个误解和猜想

IaaS(Infrastructure as a Service)，指基础设施即服务，消费者通过Internet可以从完善的计算机基础设施获得服务。基于Internet的服务(如存储和数据库)是IaaS的一部分。Internet上其他类型的服务包括平台即服务(Platform as a Service，PaaS)和软件即服务(Software as a Service，SaaS)。PaaS提供了用户可以访问的完整或部分的应用程序开发，SaaS则提供了完整的可直接使用的应用程序，比如通过Internet管理企业资源。

误解一：IaaS就是卖资源

现在流行的一个观点：IaaS就是卖资源，传统IDC是卖带宽和机架，云计算加上服务器，最多就是把这些资源通过虚拟化技术拆成散了零卖。

在我们看来，云计算分为3个层次：

1、资源层：这是IaaS提供服务的物理基础，主要包括计算资源、存储资源和网络资源，以及必要的电力资源、IP资源等。这一层主要通过规模采购和资源复用的模式来赚钱利润，利润不高。

2、产品层：这是IaaS的核心，IaaS运营商根据客户的各种不同需求，在资源层的基础上，开发出各种各样的产品。比如存储产品、消息产品、CDN(内容分发网络)产品、监控产品，而每一种产品又会根据场景和需求的不一样，做针对性的改造优化，形成特定类型的产品。产品层是不同IaaS的竞争力体现之处，这些产品在不同角度满足了用户的不同需求。这些产品是IaaS利润的主要来源，也是IaaS的重要黏性。像国内的阿里云就提供了云服务器和负载均衡、云监控等产品，Ucloud提供了块设备存储的UDisk、云数据库的UDB等产品。

3、服务层：在产品层之上，IaaS运营商还会根据用户的需求提供一些更多的增值服务，这部分从商业角度不一定赚钱，但却是用户使用IaaS的重要条件。比如为用户提供数据快递服务，在中国则必须包含网站备案服务，还有安全服务等等。

误解二：IaaS没有什么技术含量

在各种媒体的宣传把云计算神话了，认为云计算无所不能，把云计算的技术看的很高端，技术含量特别特别高。而不少从事过技术的人呢，则认为云计算没有什么技术含量，已经有类似Openstack、Eucalyptus、cloudstack等不少开源系统可以直接部署使用，

或者基于KVM、XEN等开源虚拟化系统上做一套管理系统。

的确，随着云计算的快速发展，已经涌现出一大批开源的云计算平台，各大公司也都在积极支持开源软件的发展。但是即使发展快如Openstack，目前也没有很成熟的成功案例，因为IaaS的技术复杂度很高。

1、从基础上看，IaaS要实现多租户，弹性，稳定可靠和安全，必须要进行资源的池化管理，也就是把资源通过虚拟化技术形成资源池，然后根据用户的需求弹性分配，同时确保安全和隔离。之前提到资源主要包括计算、存储和网络，因此这里要做计算的虚拟化、存储的虚拟化和网络的虚拟化。

计算的虚拟化目前主要是通过XEN、KVM、Vmware等软件实现，相对比较成熟，但是在性能优化、稳定性方面还有很多工作需要完善。

存储的虚拟化目前还没有一个比较成熟的开源系统，如果文件型存储，则主要根据GFS的思路进行编码实现，必然Openstack的swift，而块设备存储则各显神通了，有nova-volume，国内盛大云、UCloud都各自实现了块设备存储。另外最近国际上非常流行的是SDS(软件定义存储)，实际上也是实现了存储的虚拟化。

2、在虚拟化管理之上，是大规模的调度管理，如何能快速找到合适的资源满足用户的需求，如何能根据监测的数据，动态调整资源，如何能动态迁移业务，如何防止雪崩。如果是10台机器，这可能很容易，如果是1000台机器，这是一个问题，如果是10000台以上的机器，那就是个大挑战了。而云计算，要实现解决规模化的能力，就必须解决大规模的调度问题。这里的难度和挑战相当的大。

3、性能和安全问题同样也是IaaS的挑战，如何确保一个用户的高需求不影响其他用户，如何防范一个租户入侵其他租户，如何防止一个用户被攻击不影响其他用户，这里需要我们更加深入的研究。

更多的产品研发，如上所说，IaaS除了资源之外，更关键的是产品，必须根据用户的需求研发出更多满足特定需求的产品。这就会涉及到系统、网络、数据库、应用和安全的方方面面，对IaaS开发和运维的要求都非常高。

综上所述，IaaS的技术门槛是比较高的，并不是没有技术含量。

误解三：IaaS是不安全的

业界都在质疑云计算的安全性，特别是Evernote的安全事故让更多人担心IaaS的安全问题。

以我十多年的安全从业经验来看：

1、没有绝对的安全，任何系统都有可能会被入侵；

2、安全是相对的，关键要看IaaS模式下和传统托管模式下哪种更安全。因此假设一个公司规模很大，有专业的安全团队，比如腾讯、阿里、百度等公司，则肯定他们自己部署会安全很多，但是如果假设是一个小的创业公司，不可能有很专业的安全人员，IaaS的服务提供商则可以更专业的提供安全保障。

误解四：公有云只能服务中小企业

由于大企业对稳定性的追求，以及对旧有投资的保护，的确公有云的用户大部分都是从小企业开始的。目前不管是国内还是国外，中小企业还是云计算的主要用户。

但是随着云计算的发展，我们也发现了几个趋势：

1、一些在公有云上成长起来的公司，长成大型企业后也依然在使用公有云，比如Netflex，因为他们发现如果自己要建立基础架构所需要的人力物力依然很大，困难依旧很多，还不如将精力投入在他们自己擅长的领域内。

2、传统的一些大公司，他们也逐步开始尝试将一些非核心业务或者新业务部署在公有云上，甚至将IT部门裁员，全部转移到公有云平台。比如兰博基尼、宝马等汽车公司，他们已经借助云计算来降低成本，借助云计算提高他们的设计渲染能力。

其实从电力发展的情况来看也是这样的，在现代这样的社会，我们很少看到有企业会自己建立发电厂，而不使用电网。相信随着云计算的发展，云计算取代IDC或者取代自己运营也是必然的趋势。

四个猜想：

一、IaaS增长快速

IaaS公共云服务将是增长最快的公共云服务类别。预计全球2013年IaaS的市场规模将达到80亿美元，其中AWS(amazon web services，亚马逊公有云服务)预计能达到25-28亿美元，Rackspace收入16-19亿左右，IaaS占35%，超过6亿美元，而被Verizon收购的Terremark收入将超过4.5亿以上，另外像Joyent，Savvis，GoGrid，Dimension Data等公司都会有一定的收入增长。

相比全球，中国的IaaS市场基数小，但增长速度更快，预计13年中国纯粹IaaS市场规模将会超过1亿美元，并逐步形成3-4家规模比较大的IaaS运营商。

二、大中型企业将开始接受云计算

正如上面所说，大中型企业已经开始尝试将一些非核心业务部署在公有云上。从AWS的客户列表中，我们可以看到财富500强企业或多或少都在使用亚马逊的公有云进行测试或者开发，其中有些公司在上面运行真正的应用，比如纳斯达克，兰博基尼等公司。

这种变化将会对传统的IT厂商，IBM、HP、Oracle产生很大的威胁，因为传统大中型企业是这些IT厂商的大客户。

而从AWS的发展来看，这也必然是云计算公司的发展目标，我相信在未来的3-5年内，云计算将会开始蚕食传统IT厂商的市场，而2013年就是一个开始。

三、SDX技术(软件定义一切)将会快速发展

传统的硬件厂商采用卖盒子的模式，设备是不开放，无法动态管理的，因此造成了很大的浪费和管理成本。

而软件定义的思想(Software Defined Everything)将黑盒子开放出来，使得数据和控制分开，能够更灵活的管理和调度，会成为后续发展的主流。

2013年的开始，我们就看到了软件定义存储(Software Defined Storage)，软件定义网络(Software Defined Network)，软件定义数据中心(Software Defined Datacenter)等一系列大的投资和收购行为。

我预计在2013年，SDS、SDN的产品和方案将会开始落地，相关的技术将会快速发展。

四、云计算改变相关产业链

随着云计算技术的发展，特别是应用的不断落地，云计算已经在很多行业发生了影响和变革，主要包括：

1、创业者：云计算极大地降低了创业者的基础设施门槛，使得创业者只需要关注他们的核心优势，发挥他们的核心优势。这对于一些原来不从事互联网的团队非常方便利用互联网创业，将会催生很多内容型、O2O型的创业公司。特别是2013年，国家降低注册公司的门槛后，越来越多的创业公司将会成批出现。

2、投资行业：由于云计算降低了一次性的服务器网络投入，使得创业者对天使的资金需求降低，可以很迅速的开发产品试水。如果产品好，则利用云计算可以快速成长，如果产品不好，则可以马上转行。因此投资的模式从传统的天使转向超天使，甚至可能不需要A轮，业务发展好就可以直接进入B轮。

3、服务器产业：传统模式下，服务器通过渠道销售给中小企业，渠道会是其中很重要的一环。在云计算模式下，中小企业将不用采购服务器。因此IaaS运营商将取代中小企业成为服务器的采购者，这对传统的服务器厂商和渠道产生较大的影响。

【作者：季昕华，前盛大云CEO、Ucloud.cn创始人】

Sunday, March 10, 2013

How to manage new department?

Question:
I was recently appointment as a new head of a department.

The thing is the out going department head is transferred to another department, which is on the same floor, and still have great influence.

The out going head only taught me some of the works she used to perform and some unfamiliar work I still need to figure out myself. She was not happy with the transfer and also bad mouth about me, which I heard from my colleague. I felt that the things that she teach me was sometimes wrong and does not give a clear solution. So I have to use my own judgement.

The problem I faced is that my experience is not as experience as my staffs work under me because some of them have work there for more than 10 years. While I work there for around 6 months only. I still need them to teach me some work.

Besides that, I am also not clear about what work my staff are performing. Thus, I asked them to fill in a work survey questionnaire and give a deadline to it. At the end, no one reply me. Besides that, I also want to implement new procedure to better monitoring of work progress. One of them answer me, it is a waste of time.

How to manage the department when you are not the most experienced?

How to introduce new procedures with the staffs follow through?

How to instill confident in staffs that I could lead the department well and listen to me instead of to the former department head?

Answer:
Well you have your work cut out for you. But this is not impossible. I will try to answer your questions.

How to manage the department when you are not the most experienced?

First off, managing a department is not so much about knowing exactly how to perform the work of your direct reports as it is about knowing how to lead, direct and manage people. You must make sure that the employees are respecting your authority. This is tough because as the newbie you don't want to come in looking like a big shot but at the same time these guys blowing you off and not resopnding to you is disrespect.

I would suggest partnering with your HR Manager and ask how to best handle these associates who are ignoring your deadline requests. That is one of the things HR is there for - to coach and direct new managers.

I think the survey was not the best approach because as a new manager you need to instill more of a one on one apprach. I suggest setting up one on one meetings with each of your new employees and get to know them. Make this more about rapport building vs just learning their job all at once. After the initial one on ones then I suggest setting up more time with each of them AT THEIR OWN DESKS And observe and ask them questions about what they do.

This is not going to happen overnight. You must lead by example and these people will eventually look to YOU for guidance vs the old dept head. You cannot become a manager and expect respect from day one. You have to earn it. Spend LOTS of one on one time with these folks but don't do it trying to be this big authority figure try to just get to know them as people first. Then when they respect you they will automatically want to listen to your direction. I would hold off on big changes right away because these guys need to get used to the management change first. Over-zealous new managers often make the mistake of thinking they need to come in and change everything around all at once. Bad idea. Change should come gradually.

I bet these employees have good ideas too, just as you do. In dept/team meetings I suggest you ask them for their input. Ask them what changes they would make and if you can implement some of their suggestions. This way they will see you are a member of the team as well and not just trying to play role of head hauncho.

MY management style is such that I work for them vs they work for me. My job as a manager is to get the most work from the team as possible in as efficient way as possible. Having this mindset I do not dictate I instead implement ideas and suggestions my team brings up and when I make suggestions for process improvement I always get their feedback first. No one likes the managers that make a lot of process improvements and fail to see the whole picture. Sometimes things on white paper don't look as good when you are the employee having to carry it thru.

And when I say I view it as I work for them I don't mean they dictate to ME what must happen it means that I see them as my team and a manager is ONLY as good as the team they manage. On performance reviews for managers, you can be the best model employee on earth but if your team is not producing, and if your team feels their environment is stifling to their advancement or not fostering a team atmosphere then they are going to ding the heck out of you on employee sensing surveys. Bad sensing surveys are a manager's worst nightmare. And on your own reviews if your team is not yielding desirable results that impact the bottom line then you are doomed.

So adopt the attitude that you work for them and let them know that you want to hear their ideas and will implement what you can. Take the time to get to know them. During one on one's ask about their kids, their families, what they like to do. Try to create some small talk with them. Vist out on the floor often and take a real active interest in their work. Compliment and praise where it is due. Do not praise if it is not warranted or then your words won't mean much but praise and praise often to your high performers. Everyone likes to be recognized.

You can also make work fun by running contests and team oriented games in team meetings. Bring some snacks in and make work fun.

How to introduce new procedures with the staffs follow through?

As I said I would not do that yet. You don't even know these people yet. You said yourself you are not familiar with their jobs. How can you make procedure changes without knowing specifically what the CURRENT procedures are? New managers always have the best of intent when making changes but if they don't know what the current process is, how can they improve it? Schedule one on one meetings to get to know these folks first. Then schedule time with each one to sit at their desks and learn what they do. Ask for their input. When you finally feel you have gotten your arms around current procedures and what each person is responsible for then you can start making improvement changes. ASK for and IMPLEMENT as many of their ideas as you can, if they are good ones. No one knows that work better than the employee.

How to instill confident in staffs that I could lead the department well and listen to me instead of to the former department head?

By employing some of the suggestions I gave you above. Respect will come when respect has been earned. I hate to compare it to a parent/child relationship since we are all adults but in a way it is the same concept. A child respects the parent who earns it. An employee respects a manager who earns it. The title alone will not automatically be commensurate with clout and respect. That former manager has it because she was there a long time and these people grew to trust her apparently. You have to make them trust you, and they can't trust that you know what is best for them until you know exactly what it is they do.

Take an active and sincere interest in their work, in them, and ask for their input and actually use it, and you will gain the respect you are looking for.

How to manage and control IT support department?

Question:
Is it possible to manage IT maintenance operations like a project, with typical project management mechanisms including scope, time, and cost planning? In our project we experience difficulties in such a management of our IT infrastructure support department. We don't know how to define their scope, how to control it, and how to make sure that the work is done. They are not developing any software but organizing our server space. Sometimes (and very often) their mistakes severely affect the entire project. I'm interested to find some formal or semi-formal instruments of this IT department management and coordination with the rest of the business.

Answer:
There is a danger in trying to use PM methodology to manage an operational process. PM methodology - waterfall, agile, Prince2, whatever - is designed to deal with temporary endeavors.

I suggest you build the processes you need to make thinks happen in the support department.

If you are unfamiliar with process development, you can find all kinds of resources on line. The basic steps are;

    make a list of everything your department needs to do
    organize it into process groups
    document the steps for each process
    start improving the processes

------------------------------------------------------------------------------------------

The main problem with maintenance and support teams is that it's usually really hard to plan their work in reasonable way in any longer time span.

If we define maintenance team as one which reacts either to problems within project (bugs, issues, inquiries) or to requests submitted by others (client, other teams) it's more like dealing with constant priority changes. If there's critical bug submitted we likely deal with it in the first place before moving to regular stuff. If there are other (major or minor) bugs which have solution deadline they also go up through priority list as the deadline approaches.

However even though it's hard to plan team work in any detailed way as the plan is going to change a number of times, you still can organize process in a way which just takes such situation as given. A very good method to try here is Kanban as it doesn't force the team to plan work up front but allows to react to priority changes in a neat way. See http://blog.brodzinski.com/2010/11/beauty-of-kanban.html as example of how Kanban in terms of reacting for frequent priority changes.

Kanban also does a very good job in terms of visualizing what the team is doing now, what they're going to do next, any problems they might have, individual responsibilities for tasks etc. In given situation not only may it help you to track their work but also help them to see what they're really have on the plate.

Also with Kanban it doesn't really matter what kind of tasks the team deals with as it wasn't designed with a purpose of applying it to software development only, so it can be perfectly used for the team dealing with infrastructure.
-------------------------------------------------------------------------------------------

This may be considered as a project itself " IT Operations Alignment".

In order to manage the service delivered by the IT Support Team you will need liaise with the Team Lead to understand the following:

    Current Process Logic for IT Operations (planning, approval requirements, etc...)
    Current Service Level of Agreement (SLA) to deliver solutions
    Resource Availability (remote teams, on-site testers, etc...)

Once you have gathered all relevant information regarding their processes try to match these with your own ones and identify any gaps or areas of improvement.

    Document Agreed Business Process and Operations/Projects - defining the scope of your business/project and where their support must imply.
    Agree a Service Level of Agreement - for an estimated timing of resolution according to the severity of the issue/requirement.
    Define and classify the defects or incidents according to the timing agreed on the SLA; e.g. Critical issues to be resolved in less than 24h, Critical incidents can be unavailability of the system or servers down. Moderate issues to be resolved within 72h, and so forth...

Finally, I would also recommend building a robust defect reporting mechanism which interfaces with IT. A good example could be eTracker, Jira, or SharePoint. By using these tools you can raise items according to the agreed scope and track the progress, flag concerns, escalate unresolved issues to senior management, and so on.

On a separate note, I would also consider that depending on the complexity of the teams and/or the business the maintenance of this relationship between IT Support and Operations may need to be managed by a separate role.

------------------------------------------------------------------------------------------

When I have had support responsibilities I found it was a very successful week if I got the planned work done on two days. A lot of support time may be taken up responding to problem reports. Even if the problem is out of your control you still need to determine that it isn't in your control. You may then need to manage the response to the problem.

There are projects (usually on the small side) within the work that the support group will be handling. Setting up a process to make those happen could be worthwhile.

The one area ITIL is reported to be best suited to is managing support groups. I would consider implementing that area of ITIL.

Monday, January 28, 2013

华尔街银行家疯传：这是我见过的最棒求职信

华尔街银行家疯传：这是我见过的最棒求职信

　　Shocker. It seems that ‘humble’ could actually work on Wall Street。难以置信。“谦逊”这个词似乎在华尔街挺管用。

　　Well, at least for the brutally honest and hilariously self-deprecating

　　young student, whose cover letter publicized on Business Insider, has generated a ton of positive interest amongst investment banking bosses。好吧，至少对于这位万分诚实而且滑稽的自我贬低的年轻学生来说是管用的。他的求职信被发布在美国科技博客Business Insider上，而且引发了无数投行老板的赞扬。

　　Perhaps unsurprisingly, the recipient of the e-mail immediately forwarded it on to colleagues, adding, “This might be the best cover letter I’ve ever received. Second and third paragraphs especially。”正如人们预料的那样，这封邮件的收件人很快把它转发给了同事们，而且补充说，“这也许是我所收到过的最好的求职信了。尤其是第二段和第三段。”

　　Another added to the e-mail chain, “I wouldn’t be surprised if this guy gets at least a call from every bank out there。”还有人在邮件上补充说，“如果这个人至少接到一家这里(华尔街)的银行打来的电话，我一点也不奇怪。”

　　For your reading pleasure, I’m including the letter in full and have taken the liberty to highlight the classic bits。这里附上这封求职信全文，并在经典部分做出标记，以便大家阅读。

　　Subject: Summer Internship主题：暑期实习

　　Dear BLOCKED亲爱的XX

　　My name is (BLOCKED) and I am an undergraduate finance student at (BLOCKED). I met you the summer before last at Smith & Wollensky’s in New York when I was touring the east coast with my uncle, (BLOCKED). I just wanted to thank you for taking the time to talk with me that night。我是XX，是一名XX大学金融专业的本科毕业生。前年夏天我在纽约的Smith & Wollensky餐厅见过您一面，当时我正和我叔叔XX在东海岸旅游。我想感谢您那晚抽出时间和我交谈。

　　I am writing to inquire about a possible summer internship in your office. I am aware it is highly unusual for undergraduates from average universities like (BLOCKED) to intern at (BLOCKED)， but nevertheless I was hoping you might make an exception. I am extremely interested in investment banking and would love nothing more than to learn under your tutelage. I have no qualms about fetching coffee, shining shoes or picking up laundry, and will work for next to nothing. In all honesty, I just want to be around professionals in the industry and gain as much knowledge as I can。我写这封信是想求得贵行一次暑期实习的机会。我知道对于像XX大学这样的普通大学的本科毕业生，想在贵行实习是很困难的。然而我希望您能为我破例一次。我对投资银行特别感兴趣，无比渴望在您的指导下学习。让我端咖啡、擦皮鞋或者送洗衣服我都毫无怨言，必定会尽心尽力。坦白地说，我只是想和这个行业的专业人士们相处，从而尽可能多地获取知识。

　　I won’t waste your time inflating my credentials, throwing around exaggerated job titles, or feeding you a line of crapp (sic) about how my past experiences and skill set align perfectly for an investment banking internship. The truth is I have no unbelievably special skills or genius eccentricities, but I do have a near perfect GPA and will work hard for you. I’ve interned for Merrill Lynch in the Wealth Management Division and taken an investment banking class at (BLOCKED)， for whatever that is worth。我不会浪费您的时间看我弄一堆夸大其词的证书、工作头衔之类的来告诉您我之前的经历和技术能力和投资银行的实习是多么相衬。事实上我没有什么惊人的特殊才能或天赋，但我确实有近乎完美的平均绩点，而且会为您努力工作。我曾在美林证券的财富管理部门实习，还曾在XX上过投资银行课程，还挺值得的。

　　I am currently awaiting admission results for (BLOCKED) Masters of Science in Accountancy program, which I would begin this fall if admitted. I am also planning on attending law school after my master’s program, which we spoke about in New York. I apologize for the blunt

　　nature of my letter, but I hope you seriously consider taking me under your wing this summer. I have attached my resume for your review. Feel free to call me at (BLOCKED) or email at (BLOCKED). Thank you for your time。我目前还在等待XX大学会计专业的科学硕士录取结果，如果我被录取，会在今年秋季入学。我也计划在读完研究生后继续就读法学院，地点应该会在纽约。我为我这封信的坦率向您道歉，但我希望您能认真考虑今年夏季让我为您效力。在此我附上我的简历供您参考。您可以拨打我的电话XX或发邮件到XX。感谢您抽出宝贵时间阅读这封信。

　　Sincerely,

　　BLOCKED。

　　您真诚的，

　　XX

　　Not everyone is impressed by this cover letter though。然而并不是所有人都被这封求职信所打动。

　　Lex van Dam, former top trader at Goldman Sachs and head of hedge fund, Hampstead Capital, takes a dim view of the over-hyped reactions of the Wall Street bosses.Lex van Dam曾是高盛集团的顶级操盘手，现任Hampstead资本的对冲基金经理，他对于华尔街老板们的过热反应不以为然。

　　“They live on a different planet – and probably have never seen any of these letters before as their HR departments are trained monkeys。”“他们简直生活在另一个星球上，可能之前从没见过类似的信，因为他们的人力资源部门只是循规蹈矩。”

　　In other words, another example of a viral letter for entertainment purposes, that is much ado about nothing. And yes, I’m doing my best to ignore the ‘trained monkeys’ bit。换句话说，这只不过又是一封以娱乐为目的的病毒式求职信，根本是小题大做。是的，我已经尽力忽略“循规蹈矩”这个字眼了。

Zachman Framework Detailed

The term "Zachman Framework" has multiple meanings. It can refer to any of the frameworks proposed by John Zachman:

The initial framework, named A Framework for Information Systems Architecture, by John Zachman published in an 1987 article in the IBM Systems journal.^[5]
The Zachman Framework for Enterprise Architecture, an update of the 1987 original in the 1990s extended and renamed .^[6]
One of the later versions of the Zachman Framework, offered by Zachman International as industry standard.

Collage of Zachman Frameworks as presented in several books on Enterprise Architecture from 1997 to 2005.

In other sources the Zachman Framework is introduced as a framework, originated by and named after John Zachman, represented in numerous ways, see image. This framework is explained as, for example:

a framework to organize and analyze data,^[7]
a framework for enterprise architecture.^[8]
a classification system, or classification scheme^[9]
a matrix, often in a 6x6 matrix format
a two-dimensional model^[10] or an analytic model.
a two-dimensional schema, used to organize the detailed representations of the enterprise.^[11]

Beside the frameworks developed by John Zachman numerous extensions and or applications have been developed, which are also sometimes called Zachman Frameworks.

The Zachman Framework summarizes a collection of perspectives involved in enterprise architecture. These perspectives are represented in a two-dimensional matrix that defines along the rows the type of stakeholders and with the columns the aspects of the architecture. The framework does not define a methodology for an architecture. Rather, the matrix is a template that must be filled in by the goals/rules, processes, material, roles, locations, and events specifically required by the organization. Further modeling by mapping between columns in the framework identifies gaps in the documented state of the organization.^[12]

The framework is a simple and logical structure for classifying and organizing the descriptive representations of an enterprise. It is significant to both the management of the enterprise, and the actors involved in the development of enterprise systems.^[13] While there is no order of priority for the columns of the Framework, the top-down order of the rows is significant to the alignment of business concepts and the actual physical enterprise. The level of detail in the Framework is a function of each cell (and not the rows). When done by IT the lower level of focus is on information technology, however it can apply equally to physical material (ball valves, piping, transformers, fuse boxes for example) and the associated physical processes, roles, locations etc. related to those items.