Quite a number of Medium and Large companies not too keen to lower their total cost of ownership when it comes to Internet connectivity spending. A FreeBSD/OpenBSD box running pfsense/OpenVPN is way cheaper than say, any Cisco hardware offering similar functionality, yet most companies opt for commercial purpose-built router/firewall hardware.
On Sun, Jan 30, 2011 at 4:17 PM, Patrick Kariuki <patrick.kariuki@gmail.com>wrote:
Quite a number of Medium and Large companies not too keen to lower their total cost of ownership when it comes to Internet connectivity spending.
A FreeBSD/OpenBSD box running pfsense/OpenVPN is way cheaper than say, any Cisco hardware offering similar functionality, yet most companies opt for commercial purpose-built router/firewall hardware.
I think I know why, and the reasons could just be two only, in my shortsighted view: 1. It's because they term the Cisco or other Appliances as "Enterprise". These other ones have "no name" and as such they believe they do not meet "Enterprise" requirements. 2. The other reason is that these FreeBSD/OpenBSD types have got no certifications associated with them like CCXX, etc. They therefore cannot source expertise for these from the market place they way they do for MCXX, CCXX, etc. For the techies in these organizations, they find it a hassle to cope with, given that in many cases, they can simply outsource the maintenance of the "enterprise" equipment to certain vendors, or even the the manufacturers, so they don't have to start learning and building FreeBSD/OpenBSD/Linux firewalls themselves. The trick is "Enterprise". You find a way to stick that name to a device and you are in business. Else you are nameless and unknown. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Amazing how router/firewall appliance vendors have managed to compete with opensource solutions under the "enterprise" and "professional support" banners, the effect all too visible on IT budgets and expenditures. If you can save by outsourcing the "unprofessional" Linux/FreeBSD/OpenBSD IT support or hire a techie conversant with these technologies and still handle your (whatever speed) throughput.. then why spend more?
There is a third option.. Managed Security.. where an enterprise secures your perimeter as a managed services. They normally offer a range of perimeter security options ranging from Linux/FreeBSD etc all the way to Cisco/Checkpoint boxes and licenses. The only thing is that you dont pay it off as a Capex but as a managed service based on Opex, fixed monthly fee. The vendor has a tunnel to the devise to manage it and update all that needs to be updated. The users have no direct control over the device but they have direct access to the logs and can change the policy via a controlled change management process with the vendor. The vendor has the duty of making sure that the client organization is protected from emerging threats proactively .. so they have to keep their ears and eyes open 24/7 http://www.iss.net/ http://www.clearstreamtechnology.co.uk/services-technologies/internet_securi...
@ Thomas, sounds fair enough.. managed services from specialized vendors can square out competition and build a good experiencel base for those offering these services, so instead of just working with say, a Service provider and Cisco, a customer has an option to work with a service provider and (other opensource solutions that works) for less - and leave the revenue sharing model to the vendor and the service provider. @ Phares - speaking of confidence in opensource solutions(grab some popcorn - true story), a director visits a country branch somewhere and is advised by the IT team there that replacing a certain appliance with pfsense and adopting other opensource technologies helped ease on the IT CAPEX while providing equally reliable IT services in the long run, when the director returns he coincidently finds a purchase order for the appliance(above) on his desk for him to sign, together with a bunch of service level agreements - he does not sign it and instead demands the the IT manager get in touch with the other team at the country branch. Unfortunately the two parties don't see eye to eye the underlying reason being the manager is not familiar with this solution. Still unconvinced, the director soughts help from his pals in the market and they point him/her to some guys, "they don't look professional, one of them is in jeans and a t-shirt with a penguin on it" the HR manager remarks, sneering at the bunch headed to the directors office, after some consultations with the director they have the system up and running in 2 week and offer training on how to install and manage these solution. See where I'm going Phares, most of these opensource solutions have a stable release, and its a matter of knowing HOWTO configure and maintain(provided that their development is on going there's more than enough support on their mailing-lists) On 1/31/11, Thomas Kibui <thomas.kibui@gmail.com> wrote:
There is a third option.. Managed Security.. where an enterprise secures your perimeter as a managed services. They normally offer a range of perimeter security options ranging from Linux/FreeBSD etc all the way to Cisco/Checkpoint boxes and licenses. The only thing is that you dont pay it off as a Capex but as a managed service based on Opex, fixed monthly fee. The vendor has a tunnel to the devise to manage it and update all that needs to be updated. The users have no direct control over the device but they have direct access to the logs and can change the policy via a controlled change management process with the vendor. The vendor has the duty of making sure that the client organization is protected from emerging threats proactively .. so they have to keep their ears and eyes open 24/7
http://www.clearstreamtechnology.co.uk/services-technologies/internet_securi...
@Patrick I'm with you on this. I'm running pf-Sense in production in two sites, never disappointed... I'm an advocate for practical open source solutions. Funny thing about the enterprise is that they don't believe in buying support for open source products, and that's why, ironically, proprietary systems win...e.g. you can't buy an Enterprise cadre VMware license without at least 1 year support... Now, if you had any issues, they will be resolved by support (which you paid for) and your staff will be up to scratch... Unfortunately, if you purchase say, Xen, you won't buy support, when your tech team has an issue, you are at the mercy of their ability to Google (laziness etc take over). The *perception* hence will be that Open Source products are less stable, which may not always be the case, just that the proprietary systems have figured out a way of support. I guess it's about the business model... On Mon, Jan 31, 2011 at 12:41 PM, Patrick Kariuki <patrick.kariuki@gmail.com
wrote:
@ Thomas, sounds fair enough.. managed services from specialized vendors can square out competition and build a good experiencel base for those offering these services, so instead of just working with say, a Service provider and Cisco, a customer has an option to work with a service provider and (other opensource solutions that works) for less - and leave the revenue sharing model to the vendor and the service provider.
@ Phares - speaking of confidence in opensource solutions(grab some popcorn - true story), a director visits a country branch somewhere and is advised by the IT team there that replacing a certain appliance with pfsense and adopting other opensource technologies helped ease on the IT CAPEX while providing equally reliable IT services in the long run, when the director returns he coincidently finds a purchase order for the appliance(above) on his desk for him to sign, together with a bunch of service level agreements - he does not sign it and instead demands the the IT manager get in touch with the other team at the country branch.
Unfortunately the two parties don't see eye to eye the underlying reason being the manager is not familiar with this solution. Still unconvinced, the director soughts help from his pals in the market and they point him/her to some guys, "they don't look professional, one of them is in jeans and a t-shirt with a penguin on it" the HR manager remarks, sneering at the bunch headed to the directors office, after some consultations with the director they have the system up and running in 2 week and offer training on how to install and manage these solution.
See where I'm going Phares, most of these opensource solutions have a stable release, and its a matter of knowing HOWTO configure and maintain(provided that their development is on going there's more than enough support on their mailing-lists)
On 1/31/11, Thomas Kibui <thomas.kibui@gmail.com> wrote:
There is a third option.. Managed Security.. where an enterprise secures your perimeter as a managed services. They normally offer a range of perimeter security options ranging from Linux/FreeBSD etc all the way to Cisco/Checkpoint boxes and licenses. The only thing is that you dont pay it off as a Capex but as a managed service based on Opex, fixed monthly fee. The vendor has a tunnel to the devise to manage it and update all that needs to be updated. The users have no direct control over the device but they have direct access to the logs and can change the policy via a controlled change management process with the vendor. The vendor has the duty of making sure that the client organization is protected from emerging threats proactively .. so they have to keep their ears and eyes open 24/7
http://www.clearstreamtechnology.co.uk/services-technologies/internet_securi...
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- With Regards, Phares Kariuki | T: +254 734 810 802 | E: pkariuki@gmail.com | Twitter: kaboro | Skype: kariukiphares | B: http://www.kaboro.com/ |
My point exactly Phares, I'm glad you mentioned Xen, I wouldn't use a better example.. ability to run multiple instances, one on standby as backup - no need to pay for support either it's got a mailinglist for both developers and users. On 1/31/11, Phares Kariuki <pkariuki@gmail.com> wrote:
@Patrick
I'm with you on this. I'm running pf-Sense in production in two sites, never disappointed... I'm an advocate for practical open source solutions. Funny thing about the enterprise is that they don't believe in buying support for open source products, and that's why, ironically, proprietary systems win...e.g. you can't buy an Enterprise cadre VMware license without at least 1 year support... Now, if you had any issues, they will be resolved by support (which you paid for) and your staff will be up to scratch... Unfortunately, if you purchase say, Xen, you won't buy support, when your tech team has an issue, you are at the mercy of their ability to Google (laziness etc take over). The *perception* hence will be that Open Source products are less stable, which may not always be the case, just that the proprietary systems have figured out a way of support. I guess it's about the business model...
On Mon, Jan 31, 2011 at 12:41 PM, Patrick Kariuki <patrick.kariuki@gmail.com
wrote:
@ Thomas, sounds fair enough.. managed services from specialized vendors can square out competition and build a good experiencel base for those offering these services, so instead of just working with say, a Service provider and Cisco, a customer has an option to work with a service provider and (other opensource solutions that works) for less - and leave the revenue sharing model to the vendor and the service provider.
@ Phares - speaking of confidence in opensource solutions(grab some popcorn - true story), a director visits a country branch somewhere and is advised by the IT team there that replacing a certain appliance with pfsense and adopting other opensource technologies helped ease on the IT CAPEX while providing equally reliable IT services in the long run, when the director returns he coincidently finds a purchase order for the appliance(above) on his desk for him to sign, together with a bunch of service level agreements - he does not sign it and instead demands the the IT manager get in touch with the other team at the country branch.
Unfortunately the two parties don't see eye to eye the underlying reason being the manager is not familiar with this solution. Still unconvinced, the director soughts help from his pals in the market and they point him/her to some guys, "they don't look professional, one of them is in jeans and a t-shirt with a penguin on it" the HR manager remarks, sneering at the bunch headed to the directors office, after some consultations with the director they have the system up and running in 2 week and offer training on how to install and manage these solution.
See where I'm going Phares, most of these opensource solutions have a stable release, and its a matter of knowing HOWTO configure and maintain(provided that their development is on going there's more than enough support on their mailing-lists)
On 1/31/11, Thomas Kibui <thomas.kibui@gmail.com> wrote:
There is a third option.. Managed Security.. where an enterprise secures your perimeter as a managed services. They normally offer a range of perimeter security options ranging from Linux/FreeBSD etc all the way to Cisco/Checkpoint boxes and licenses. The only thing is that you dont pay it off as a Capex but as a managed service based on Opex, fixed monthly fee. The vendor has a tunnel to the devise to manage it and update all that needs to be updated. The users have no direct control over the device but they have direct access to the logs and can change the policy via a controlled change management process with the vendor. The vendor has the duty of making sure that the client organization is protected from emerging threats proactively .. so they have to keep their ears and eyes open 24/7
http://www.clearstreamtechnology.co.uk/services-technologies/internet_securi...
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- With Regards,
Phares Kariuki
| T: +254 734 810 802 | E: pkariuki@gmail.com | Twitter: kaboro | Skype: kariukiphares | B: http://www.kaboro.com/ |
KVM. On 2/1/11, Patrick Kariuki <patrick.kariuki@gmail.com> wrote:
My point exactly Phares, I'm glad you mentioned Xen, I wouldn't use a better example.. ability to run multiple instances, one on standby as backup - no need to pay for support either it's got a mailinglist for both developers and users.
On 1/31/11, Phares Kariuki <pkariuki@gmail.com> wrote:
@Patrick
I'm with you on this. I'm running pf-Sense in production in two sites, never disappointed... I'm an advocate for practical open source solutions. Funny thing about the enterprise is that they don't believe in buying support for open source products, and that's why, ironically, proprietary systems win...e.g. you can't buy an Enterprise cadre VMware license without at least 1 year support... Now, if you had any issues, they will be resolved by support (which you paid for) and your staff will be up to scratch... Unfortunately, if you purchase say, Xen, you won't buy support, when your tech team has an issue, you are at the mercy of their ability to Google (laziness etc take over). The *perception* hence will be that Open Source products are less stable, which may not always be the case, just that the proprietary systems have figured out a way of support. I guess it's about the business model...
On Mon, Jan 31, 2011 at 12:41 PM, Patrick Kariuki <patrick.kariuki@gmail.com
wrote:
@ Thomas, sounds fair enough.. managed services from specialized vendors can square out competition and build a good experiencel base for those offering these services, so instead of just working with say, a Service provider and Cisco, a customer has an option to work with a service provider and (other opensource solutions that works) for less - and leave the revenue sharing model to the vendor and the service provider.
@ Phares - speaking of confidence in opensource solutions(grab some popcorn - true story), a director visits a country branch somewhere and is advised by the IT team there that replacing a certain appliance with pfsense and adopting other opensource technologies helped ease on the IT CAPEX while providing equally reliable IT services in the long run, when the director returns he coincidently finds a purchase order for the appliance(above) on his desk for him to sign, together with a bunch of service level agreements - he does not sign it and instead demands the the IT manager get in touch with the other team at the country branch.
Unfortunately the two parties don't see eye to eye the underlying reason being the manager is not familiar with this solution. Still unconvinced, the director soughts help from his pals in the market and they point him/her to some guys, "they don't look professional, one of them is in jeans and a t-shirt with a penguin on it" the HR manager remarks, sneering at the bunch headed to the directors office, after some consultations with the director they have the system up and running in 2 week and offer training on how to install and manage these solution.
See where I'm going Phares, most of these opensource solutions have a stable release, and its a matter of knowing HOWTO configure and maintain(provided that their development is on going there's more than enough support on their mailing-lists)
On 1/31/11, Thomas Kibui <thomas.kibui@gmail.com> wrote:
There is a third option.. Managed Security.. where an enterprise secures your perimeter as a managed services. They normally offer a range of perimeter security options ranging from Linux/FreeBSD etc all the way to Cisco/Checkpoint boxes and licenses. The only thing is that you dont pay it off as a Capex but as a managed service based on Opex, fixed monthly fee. The vendor has a tunnel to the devise to manage it and update all that needs to be updated. The users have no direct control over the device but they have direct access to the logs and can change the policy via a controlled change management process with the vendor. The vendor has the duty of making sure that the client organization is protected from emerging threats proactively .. so they have to keep their ears and eyes open 24/7
http://www.clearstreamtechnology.co.uk/services-technologies/internet_securi...
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- With Regards,
Phares Kariuki
| T: +254 734 810 802 | E: pkariuki@gmail.com | Twitter: kaboro | Skype: kariukiphares | B: http://www.kaboro.com/ |
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- David Maina. P. O. Box 8310-00200, NAIROBI, KENYA.. Cell:+254-721-950073. Registered Linux User #407239. ---------------------------------------------------------------------- "By golly, I'm beginning to think Linux really *is* the best thing since sliced bread."
On Sun, Jan 30, 2011 at 4:34 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
It's because they term the Cisco or other Appliances as "Enterprise". These other ones have "no name" and as such they believe they do not meet "Enterprise" requirements.
2. The other reason is that these FreeBSD/OpenBSD types have got no certifications associated with them like CCXX, etc. They therefore cannot source expertise for these from the market place they way they do for MCXX, CCXX, etc.
For the techies in these organizations, they find it a hassle to cope with, given that in many cases, they can simply outsource the maintenance of the "enterprise" equipment to certain vendors, or even the the manufacturers, so they don't have to start learning and building FreeBSD/OpenBSD/Linux firewalls themselves.
The trick is "Enterprise". You find a way to stick that name to a device and you are in business. Else you are nameless and unknown.
I have to agree... For instance, if you choose to run say, Zimbra, for your mail (it is also in the "Enterprise" category of late), you will have one question, how many people do you know who can support you. It comes down to manpower. We don't have FreeBSD/OpenVPN etc training for the 'masses'. So basically, you are in a narrow support ecosystem. As someone once put it to me when I suggested going Opensource - "No one ever got fired for buying IBM". Basically, go for a known brand you keep your job should it hit the fan.... -- With Regards, Phares Kariuki | T: +254 734 810 802 | E: pkariuki@gmail.com | Twitter: kaboro | Skype: kariukiphares | B: http://www.kaboro.com/ |
participants (5)
-
maina -
Odhiambo Washington -
Patrick Kariuki -
Phares Kariuki -
Thomas Kibui