Technical consultants...grrrrr
Mar. 8th, 2007 06:06 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
altivoSo when I started this job 4 1/2 years ago, they were relying on a contract agency to maintain network and equipment. It was agreed that I should take some of that over so that hours paid to the technicians could be cut back, freeing up money to pay me a little more than originally anticipated for my job. It took nearly three years to really get them to let go of the security blanket of the contract technicians, though.
As has always been my experience with such agencies, the contractors wanted to "do it their way" rather than the way we wanted things. They wanted all their clients to have similar setups, they wanted us to replace all equipment on a three year cycle (simply not an affordable goal for a non-profit public agency) and insisted on the newest all-Microsoft-all-the-time technology. Thank the gods we finally got rid of them before they could push us into Windows Vista.
Back late in 2005 we started having problems with our firewall. It was a WatchGuard Firebox, a model that was already discontinued and no longer supported (even though it was only three years old.) So we agreed to replace it with a then-current WatchGuard model, to the tune of $2200 when the software maintenance was factored in. This was done, the unit was installed, and has been running without a hitch since that time.
However, we're approaching the date in April when the maintenance comes up for renewal. By now the outside agency that did our network (complete with flaky documentation and rats nests of wires and code) has been decontracted and then dissolved. Officially I am entirely responsible for the network and hardware. I have three looseleaf binders full of "documentation" most of which was never kept up to date when changes were made. Some parts of the installation, such as a proxy server used to keep public access for internet users with laptops separated from our internal staff LAN, are virtually black boxes because they are completely undocumented.
A former employee of the now dissolved agency contacts us this week saying he "has learned" that our Firebox support will expire in April and he believes we probably should renew it. In the process he offers to sell us a block of hours of his time to maintain our stuff again. I am left scratching my head as to why he knows about this and we received no notice from WatchGuard ourselves. So I went to look at the license details. Sure enough, there was an account and password for the WatchGuard site that was to be used to download updates or make inquiries. It worked, and I got logged in. Not only have there been at least 20 security updates and fixes that we were not notified about, but the new X700 Firebox purchased in December of 2005 is not on our records. According to this account, we are still running the defunct Firebox II that was retired in January of 2006. Yet the X700 is active and registered. WatchGuard tells me it is registered but won't say to whom.
Cut to end of chase: After a lot of queries and prodding, we learn that when the X700 was installed, one of the outside agents did the activation and registration of the unit...to another library's account. Hence all notifications and information was being sent somewhere else, and not to us. I am unable to upgrade the firmware or software for the unit, and unable to renew the maintenance. Fortunately there seems to be a solution, which is to have the former contract employee who notified us of the expiration do a "transfer" of ownership of the unit to our library, at which time I will have control of it and be able to update it or maintain it. That transfer was filed this afternoon and I'm waiting for the confirmation.
The moral of this story is never to let your network environment be controlled by someone who doesn't really answer to you. You can't tell what they are doing, and that probably means you wouldn't like what they are doing either.
I tried to avoid buying another WatchGuard device back in 2005, but didn't succeed. The outside agency insisted that WatchGuard was what they recommended and could support. Some support. WatchGuard is not usable (or at least, can't be monitored) unless you have at least one computer running Windows, since all their control software is strictly Windows based. That alone would have been enough to warn me off from them. I prefer something that will talk to any OS, probably by using a web browser interface as H-P printers and 3-COM network hubs do now, or else a simple telnet command line setup. If I'm still around when this unit comes to the end of its lifespan, it will probably be replaced by a Linux box with two NICs in it and command line software.
In other news, weather warms up, but my cold is unimproved. Kerchoo! 'Scuse me.
As has always been my experience with such agencies, the contractors wanted to "do it their way" rather than the way we wanted things. They wanted all their clients to have similar setups, they wanted us to replace all equipment on a three year cycle (simply not an affordable goal for a non-profit public agency) and insisted on the newest all-Microsoft-all-the-time technology. Thank the gods we finally got rid of them before they could push us into Windows Vista.
Back late in 2005 we started having problems with our firewall. It was a WatchGuard Firebox, a model that was already discontinued and no longer supported (even though it was only three years old.) So we agreed to replace it with a then-current WatchGuard model, to the tune of $2200 when the software maintenance was factored in. This was done, the unit was installed, and has been running without a hitch since that time.
However, we're approaching the date in April when the maintenance comes up for renewal. By now the outside agency that did our network (complete with flaky documentation and rats nests of wires and code) has been decontracted and then dissolved. Officially I am entirely responsible for the network and hardware. I have three looseleaf binders full of "documentation" most of which was never kept up to date when changes were made. Some parts of the installation, such as a proxy server used to keep public access for internet users with laptops separated from our internal staff LAN, are virtually black boxes because they are completely undocumented.
A former employee of the now dissolved agency contacts us this week saying he "has learned" that our Firebox support will expire in April and he believes we probably should renew it. In the process he offers to sell us a block of hours of his time to maintain our stuff again. I am left scratching my head as to why he knows about this and we received no notice from WatchGuard ourselves. So I went to look at the license details. Sure enough, there was an account and password for the WatchGuard site that was to be used to download updates or make inquiries. It worked, and I got logged in. Not only have there been at least 20 security updates and fixes that we were not notified about, but the new X700 Firebox purchased in December of 2005 is not on our records. According to this account, we are still running the defunct Firebox II that was retired in January of 2006. Yet the X700 is active and registered. WatchGuard tells me it is registered but won't say to whom.
Cut to end of chase: After a lot of queries and prodding, we learn that when the X700 was installed, one of the outside agents did the activation and registration of the unit...to another library's account. Hence all notifications and information was being sent somewhere else, and not to us. I am unable to upgrade the firmware or software for the unit, and unable to renew the maintenance. Fortunately there seems to be a solution, which is to have the former contract employee who notified us of the expiration do a "transfer" of ownership of the unit to our library, at which time I will have control of it and be able to update it or maintain it. That transfer was filed this afternoon and I'm waiting for the confirmation.
The moral of this story is never to let your network environment be controlled by someone who doesn't really answer to you. You can't tell what they are doing, and that probably means you wouldn't like what they are doing either.
I tried to avoid buying another WatchGuard device back in 2005, but didn't succeed. The outside agency insisted that WatchGuard was what they recommended and could support. Some support. WatchGuard is not usable (or at least, can't be monitored) unless you have at least one computer running Windows, since all their control software is strictly Windows based. That alone would have been enough to warn me off from them. I prefer something that will talk to any OS, probably by using a web browser interface as H-P printers and 3-COM network hubs do now, or else a simple telnet command line setup. If I'm still around when this unit comes to the end of its lifespan, it will probably be replaced by a Linux box with two NICs in it and command line software.
In other news, weather warms up, but my cold is unimproved. Kerchoo! 'Scuse me.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-03-09 04:18 am (UTC)Ah well at least now you will have control over the system :)
But yes contractors are a double edged sword.
no subject
Date: 2007-03-09 05:15 am (UTC)Yes, at least I'll have control over one more piece of the system.
no subject
Date: 2007-03-09 11:03 am (UTC)no subject
Date: 2007-03-09 06:58 pm (UTC)*also offers the horse large sized tissues, hoping the cold doesn't evolve into the flu or such*
no subject
Date: 2007-03-09 11:43 pm (UTC)I've often suspected outside technical contractors of doing that sort of thing, though really I don't think these guys were that organized or competent. It was more like they protected their position by keeping things secret. When I started, our regular technician not only kept good and current notes but went out of his way to show me what he was doing and explain it. He didn't stay for long though. Took a permanent position somewhere else. Those who followed him weren't so forthcoming, and the documentation quickly declined. Soon they were just scribbling illegible things in the margins of the first guy's neatly printed and organized tables and instructions. Then even that stopped. The last one was an East Indian immigrant who spoke heavily accented English and seemed to do his best to avoid explaining anything or even telling us what he was doing.
I discovered today that they still have a private vpn doorway into our network. No sign that it has been used, but I'll be disabling it this weekend when I deal with the daylight "saving" fiasco created by our stupid administration and congress.
no subject
Date: 2007-03-10 07:35 pm (UTC)Heh I am only replying to this in particular because I had somewhat forgot you had an inflatable toy version of yourself as par the icon shows. To think it was me talking online with Expandranon lamenting on the fact there aren't that many inflatable horsefurs that lead me to you.
no subject
Date: 2007-03-10 07:58 pm (UTC)My friend
no subject
Date: 2007-03-10 10:00 pm (UTC)Expandranon mentioned about Goldenstallion having those inflatable horses and zebras (and mentioning some of the things he does with them, which does interest me) and I knew about Xydexx ever since I first came upon the story of him written by Rogue of Macrophile.com fame (that story really influenced my RP playing as it were). My problem though is I have no way of honestly contacting them without seeming idiotic and oh so fanboyish about it. I think I also came across Goldenstallion on Tapestries once and that encounter didn't bode well for the either of us.
Still after being in the online fandom as it were for the past 8 years I am willing to learn and play along. I do however want to chat with folks of likeminded interests though I can't get out of the house much.
no subject
Date: 2007-03-10 10:29 pm (UTC)no subject
Date: 2007-03-11 01:27 am (UTC)no subject
Date: 2007-03-10 02:16 am (UTC)I've never been in charge of such things, or even able to
voice an opine about them, but I've seen it happen.
I was working in a computer lab dedicated to the handicapped
and was the one that did all the physical hands on stuff
to integrate clients stuff to the labs stuff. I often
complained about the network, but was told to "deal with it"
and, to my credit, I did. Though even the clients complained.
These were high functioning people. Mostly with CP in motorized
chairs but sharp as razors about computers, thus their
interest in the lab.
Long story short, the "network consultants" had no idea what
they were doing, were, actually, defrauding us, and all
the while going down the street to the nice expensive
bar/resturaunt and giving each other "awards".
Nice work if you can get it.
This is when I had an epiphany and went back to get
my degree.
Happily, they, also, dissolved as a company and the State
dee period ay period then (you may have heard of him)
Elliot Spitzer started an investigation.
Fortunetly I was long gone by then.
Sorry for ranting in chorus with your rant but
I /do/ understand. Hopefully the reward for
all your hard work won't be more hard work.
*imagines a clydesdale clomping in and /glowering/
at the board when all this is done*
no subject
Date: 2007-03-14 12:17 pm (UTC)Get well soon :) *hands the big hossie some hot blackcurrant juice*
no subject
Date: 2007-03-14 01:02 pm (UTC)