When it’s time to refresh network hardware - switches and wireless - what’s your pitch to management? I mean, if you’ve built a reliable and performant network most people won’t even think about it, so how do you walk into a meeting and say ’ let’s drop $20K-$50K-1$00K to replace hardware that’s working fine’? To add to that what if you’re trying upgrade from low end gear to more traditional hardware where your costs are a lot higher than normal costs?
Previous IT implemented Unifi wireless and some Edgeswitch hardware with some other randomness. I tried to keep with that and bought additional Ubiquiti gear for a couple projects and tried to standardize (removed the randomness). It wasn’t a full refresh, but it was some work. Now after some crazy RMA processes, the joys of community support only, and the latest mess of firmware releases I’m just over Ubiquiti in a business/manufacturing setting. I use them at home and support them for a couple side jobs, but I don’t like doing it here.
Anyway, kind of looking for ideas of spinning the higher costs (outside of the obvious) and also hitting some mental block on ROI for network hardware. Any thoughts?
9 Spice ups
Well with your given scenario, if there’s no complaints about performance, there’s two ways to go about it. First age/warranties, explain this equipment is getting to end of life and isn’t under warranty anymore and a critical piece goes, it will be weeks to get a replacement in and running. Second, security, chances are the hardware isn’t able to support the latest and greatest in security, might even have vulnerabilities that the manufacturer states, “Yeah upgrade hardware, there’s no patch coming”.
2 Spice ups
If I read your post correctly, the only one being inconvenienced by this is you. As management, I’d look at the situation from that perspective. I could probably find 50 other projects in my company that inconvenience many more people that could be fixed for far less money. So, no.
Is there a business app I need to run that I can’t? Am I unable to handle customer orders on my web server? Are my checks mailed out late? If not, then you haven’t made the case for a network “refresh.”
2 Spice ups
Wait until the network can’t reliably do the job or meet the needs and then look at a refresh? As the IT manager it seems like I would want to avoid that.
I guess I missed the point that while I can make points to management about why we need upgrade ie: actual support, actual warranties, improved security features and building redundancy. My concern is that those terms don’t always translate and this business traditionally opts for low end solutions. Personally, I don’t like guesstimations on costing/value (how do you value security savings or warranties) as it feels like lying to justify the spend which is part of my mental block on valuing this project.
I view this like the backup situation when I started here. All backups where on external hard drives using on Windows Server Backup. Only 2 of the 8 virtual machines and 1 of 2 physical servers were backed up. The primary file server/DC only completed every other day and weekend fulls had been failing for 6 months. No one cared because we hadn’t experienced a failure. Management thought we were setup for a quick recovery, but primary server couldn’t do a single file restore in less than 45 minutes… imagine 2.6TB for full recovery. Hell, this box couldn’t reboot without removing both power cords. Did we have backups? Sort of. Were they good or setup to standards? No, so I addressed them.
This network relying on Ubiquiti is a little better off than our backups were, but we’re lacking support, true warranty (2 week RMA process), and can’t patch without risking problems or potential outages.
While support may be lacking, device availability generally isn’t.
Regarding RMAs, you may be better served having a few spares on the shelf. When something craps out, a spare goes in and the RMAed devices go back on the shelf when they arrive. The cost of these devices is comparatively low so the additional capital for some spares doesn’t break the piggy.
2 Spice ups
Them stocking devices is good because? For the record, the 2 most common switches we use are currently listed as sold out on the UI store.
We do have spares because of the RMA process. I lost confidence when I had 3 switches in a row fail before I could deploy them. Brand new from UI store and dead before they got off the test table. Took 2 months for RMA and costs us to ship them back, so we’ve got spares. That reminds me I should probably get them out and test before a production switch bites the dust.
None of that addresses the firmware and controller updates they have been putting out or their lack of response to addressing them. Just more bad updates.
Yes, I’m sure we’d all like to buy a new car every year to avoid having our car not be able to reliably do the job. But we don’t do that. We use the car until there aren’t enough seats for the baby-on-the-way, then we start car-shopping. Or we wait until the cost of repairs exceeds the cost of replacement. But we don’t say, “Let’s buy a new one because this perfectly adequate one might not meet our theoretical future needs that I can’t articulate.”
If you have equipment that doesn’t function, no one will argue with you. If you have equipment that fails, replace it with equipment that does better in an incremental fashion.
Again, with my boss hat on, you’re not making a case for how I benefit from spending this money. If an RMA takes two weeks and you have a spare on the shelf, what’s the problem? If you have a firmware update, why aren’t you loading into those spares and bench-testing it before you roll it out to production? Security “features”? You’ve got to do better.
1 Spice up
mparrish2
(Earthling8472)
8
This is how I make my case for hardware refresh.
Current Equipment:
Cost of Equipment (if bought new) = A
Cost of downtime / hour (accounting could probably provide this) = B
Amount of downtime in case of failure (in hours) = C
A plus the total B times C = D
New Hardware:
Cost of Equipment = E
Cost of downtime / hour (accounting could probably provide this) = F
Amount of downtime in case of failure (in hours) = G
E plus the total F times G = H
If D is larger than H you have a good business case. Otherwise, you don’t.
1 Spice up
Yes, I need to do better that’s why I asked. I’ve generalized the situation since this is the internet and I’m not actually trying to sell anyone here. I was looking for ideas and your questions have given me some, so thanks. BUT… I’d be lying if I told you that I’m buying that you ride network equipment until it fails you consistently though. 
I’ve seen enough ‘Robert posts’ to think I have a high level idea of the type equipment you’re supporting and I can’t believe you’re not preventively replacing infrastructure around that. I spent time at a decent sized insurance org and servers were replaced every 3 years while SAN, switching, and firewalls were every 5. Even public K12 had cycles on hardware and those budgets were small. I don’t think it’s uncommon to replace equipment before it becomes problematic.
This is helpful. Thanks!
Hey @rhummel - does this qualify as something worth reviewing when your subordinates talk about network refreshes?
Disappointing you is the last thing I would want to do. But, it’s still on my list.
All my production servers are HPs - that’s one reason they last so long. The newest ones I have are G7 and Gen8. Last year I bought a load of dual-CPU 16-core Gen8 DL380e that some other sucker swapped out because they were “old.” Add a bunch of memory (used) and some large-format hard drives and you’ve got your self a bargain infrastructure.
My switches are HP as well. One facility is running on all 2910al that are pushing 10 years old. I’ve had a few POE failures, but nothing beyond that. HP sent me 2920s to replace them - free. The other facilities are running mostly 2530s - bought used for < $200 each. I have so many spares I can use them as door props.
Firewalls? I use a distributed architecture. Each service gets its own firewall. But, it’s just a firewall, not a UTM. Unless IPs change dramatically, I have no reason to swap those out either.
We recently dropped our perimeter hardware RTO from 30 minutes (after on site) to < 5 minutes (adding some remote to the on site) by creating on-line duplicates of our essential firewalls. We didn’t do that by rotating out expensive, but working gear every 3 years.
Nothing needs to be replaced until it does. And then, it should be.
1 Spice up
No. Because we
a) don’t use cloud services,
b) don’t use password management software,
c) don’t use AaaS (anything as a service).
We do it all in-house: mail, filedrop, vulnerability scans, log aggregation, and so on.
We do because we can. I have on-site staff and I prefer to invest my money in people instead of services. Not everyone has that option, I understand. But, it’s the underpinning of my infrastructure architecture.
1 Spice up
I appreciate the breakdown… pretty interesting.
1 Spice up
