Sunday, November 10, 2024

The Enterprise Security Meta Model

When talking about security, people often don't quite understand the big picture. They often jump into the details and specifics without necessarily understanding or have a clear view of what overall context drives the need for their specific solutions. So often, it turns into a spaghetti that can of-course be served on the table, but no one know - Who asked for it, Why we are serving this, To whom beside how it comes together as a whole to make a perfect sense out of it. Neither anyone knows if it tastes good !

Here is a meta model as how things look like from a bird eye view perspective and should help you better connect the dots next time to make some sense of the security mess such as  - Cyber security, Infra Security, Applications Security, Data Security, AI Security and so forth. 

A more detailed view was shared earlier here





And remember...



Further Readings:

How to Organize Your Cybersecurity Program

HTH...

A Tech Artist ðŸŽ¨

Thursday, November 7, 2024

AI/GenAI, Enthusiasm and the Missing Bits - The Expert Beginners

Amidst the AI/GenAI revolution, a new breed of "gurus" has emerged, often with inflated claims and limited practical experience. While genuine expertise is essential, it's crucial to distinguish between true AI practitioners and those who simply capitalize on the hype. It's important to critically evaluate the claims and contributions of such individuals, as superficial understanding can lead to misguided implementations and missed opportunities. 



Often during my conversations these days with the IT people and leaders from different markets within the Asia-Pacific, everyone is learning AI, since not being able to spell that out correctly means you are legacy.

On the flip side, interestingly enough, less than 1% people actually understand what AI really is and perhaps 0.1% are able to talk and follow through with the details around:

  • AI Strategy
  • AI project life cycle 
  • AI infrastructure 
  • AI Algorithms 
  • AI Governance
  • AI Ethics

While over simplification is good way to communicate effectively with the non-technical audience, but then we are talking about IT folks and industry. Just getting familiar with the lingo likely give the false sense of mastery. 

There seems to be significant gaps in terms of how IT industry folks are getting trained on these topics (outside the old traditional DS community people).

If people tells you that they understand what GenAI is and how it works, but haven't heard of "Semantic Model, Ontology & Knowledge Graphs", very unlikely they know anything beyond the lingo.

Further Readings:

HTH...

A Tech Artist ðŸŽ¨

Friday, October 18, 2024

Navigating & Making Sense Out of Networking For AI/GenAI - Don't Be Fooled Yet Again by the Presentations Based Promises

 


While we have all witnessed highs and lows of AI, accelerated and fueled by GenAI in the last 2 years, where everyone in every industry including IT would assume You are stupid if you can't spell that out, yet there are very little concrete evidences put forward by business and technologies companies to fortify their claims and how fantastically they have been solving the problems which were not possible earlier at all or how they have taken a very transformation approach to solve them beside everyone in competition is left behind and hence "You should use our products and services", if you want to join that "elite group" as well.

Now there are perhaps enough talks, materials, white papers and podcasts which you might have come across at some point supporting that hype.

On the contrary if You speak with the real world practitioners (hard to identify and find) or me who don't easily get intimidated by the "shiny new tech", here are few things You may want to consider while picking up your:

  1. Preferred Solutions
  2. Preferred OEMs
  3. Preferred Systems Integrator
  4. Preferred Managed Services Provider 

Why Should I care ? - Well actually you should, See - If you are still looking for answers to these questions, You have likely missed the bus and is now trying to cope up with the industry and your competition. Or perhaps, it's a mandate given by business to your company's IT team, Product team and so forth.

Now you might have been playing with some of Gen AI capabilities either for fun or really seriously (outside mandates from business) using the public clouds, since its cheaper to play, test and throw/dismantle and do it all relatively cheaply, but in the absence of a firm "Strategy", you have either "underdelivered" or "failed" or perhaps "had little success" and want to leverage those learnings to further fortify your strategy and make course corrections.

Meanwhile the big management and IT consulting firms must have been reaching out to your Board, MD & CXOs claiming that they have successfully solved this puzzle and have enough evidences and credibility to showcase and telling you that you should now onboard them as partner to this endeavor into unchartered territories. It will only cost You few millions $$$ and 6-12 months of time to transform your business forever, And how you will be the next "MAANGx" - X being the latest addition to the group as You. Happy Ending !!!

What you either often forget or have a "dejavu" moment of is:


I have seen everything working perfectly on presentations earlier too beside from my partners - consulting firms, vendors, large public cloud providers, systems integrators or managed service provider telling me how they are putting their credibility and life on the line for me to be successful. 

So remember, as an enterprise (small-mid-large) You have:

  • A large baggage of your technical debt 
  • Absence of  strong and foundational architectural + design practices within IT, though on paper everyone claims they have
  • Believing this time Your partners in crime won't ditch you or would leave you in the middle
  • No incentives to put together a good solution but a solution that serves the immediate needs/mandates, it always works like that in Enterprises and Telcos, later you can blame it on - pace of technology change, people issues, process issues, technology issues, urgent needs etc...
  • Hiring smart people only solve half of the problem at best ...ever

So rather ask your "Partners" to move beyond the presentations, market research data and help you with:

  • A short-mid terms AI strategy 
  • What accelerator's, assets, frameworks, reference architectures, models, test results they have in place to expedite the whole process with speed and agility and yet minimizing the risks
  • Show, don't tell about - Your experiences (Industries, scale, labs, poc/pilot, expertise & depth, partner ecosystems with level of innovation/MVPs, success stories that you can validate yourself beyond the presentations
  • Help build a strong and evidence based business case with ROI instead of just a bunch of excel sheets thrown on you
  • Can they do a BTO (Build, Transfer & Operate), Org. wide AI upskilling is a long uphill battle which most are loosing without admitting at this point 
  • Choice of consumption models (IaaS & PaaS), don't pour all your money into promises


And at last, the technical details around:

  • Clear cut business cases
  • Supported models (small, large, multi-layer, multi-tier)
  • Accuracy (data) & course correction methods + Architectural tradeoffs
  • Supported vs. required integrations
  • Quality and controls
  • Runtime environments
  • Performance boost methods, metrics and measurements  
  • Dev vs. Test vs. Production pipeline
  • Tokens (Free vs. Paid, How many, Cost per token, Cost breakdown per token use, Length of Prompt/Description, Error rates)
  • Hallucinations
  • Privacy, compliances and regulations 
  • Sustainability footprint (ESG metrics and Power needs)
  • Investment protection 
  • High level and tentative cost + efforts for each level of customizations
  • Adoption roadmap, milestones, success metrics and RACI
  • Governance & risks mgmt.
  • Cost management, quality assurance & ROI
  • Program structure & stakeholders

And next time when you read about - how "X/Twitter" has put together a data center running 100K+ GPUs in just 19 Days - Remember you are not "Elon Musk" and most likely your company don't have one either beside the risk appetite that "X" has is far bigger. 

But otherwise, all You know are the execution details, behind the scenes how much time and effort they have put in for coming up with a strategy and plan is what you no clue about, beside they are known for they high standards and hence they became this big. 

But if you think "strategy" is something you can fully "outsource", you are bound to learn your lessons sooner than later.

So stay grounded and keep it real. 

HTH...

A Tech Artist ðŸŽ¨


Further Readings

Elon Musk Has Activated the World’s ‘Most Powerful AI Training Cluster.’ It’s Equipped With 100,000 Nvidia GPUs

Nvidia eyes data center Ethernet as its next multi-billion-dollar biz

Incorporating generative AI into your company’s technology strategy

Amazon, Google make dueling nuclear investments to power data centers with clean energy

AI and its carbon footprint: How much water does ChatGPT consume?

Meta's Mark Zuckerberg says energy constraints are holding back AI data center buildout

Why Zuckerberg’s multibillion-dollar gamble doesn’t just matter to Meta

Meta loses $200 billion in value as Zuckerberg focuses earnings call on all the ways company bleeds cash

Has the AI bubble burst? Wall Street wonders if artificial intelligence will ever make money

The AI bubble has burst. Here's how we know

Shiny object syndrome

Bonus Materials For GenAI Enthusiasts From Web - Credit to Original Creators  

























Wednesday, October 9, 2024

What Your Mamma Never Told You About "Asking So Many Questions" - A Short Perspective By An Architect

Architects often exhibit a propensity for excessive questioning, a characteristic perhaps inherent to their training in making rational and informed decisions. However, their education frequently falls short in equipping them to navigate the VUCA (Volatile, Uncertain, Complex, and Ambiguous) landscape and the inherent ambiguity that often pervades project requirements. Consequently, architects tend to seek definitive answers based on known information, overlooking the potential value of questions that can significantly impact project outcomes.

Beyond technical expertise, architects should possess a broader perspective, capable of zooming in on intricate details while maintaining a holistic view of the project. This requires a diverse toolkit, encompassing not only experience and humor but also the ability to effectively communicate and collaborate with stakeholders across various levels of technical proficiency.



In the dynamic world of IT, effective communication between architects and stakeholders is crucial for successful project delivery. However, a common pitfall is the tendency for architects to demand excessive detail and clarity from stakeholders, often overlooking the nuances and complexities of their perspective.

Understanding Stakeholder Perspectives

It's essential to recognize that stakeholders may not possess the same level of technical expertise as architects. Their primary concern is often to achieve specific business outcomes, rather than delve into intricate technical details. Additionally, stakeholders may have varying levels of understanding of the project's scope and constraints.

The Importance of Contextual Understanding

Architects should strive to understand the broader context of the project, including the business objectives, constraints, and potential challenges. This will help them tailor their communication style and provide more relevant information.

Multiple Paths to the Same Goal

It's important to remember that there are often multiple ways to achieve a desired outcome. While architects may have a preferred approach, it's essential to consider other viable options and be open to different perspectives.

The Evolving Nature of Requirements

In today's rapidly changing business landscape, requirements can evolve over time. Architects should design solutions that are adaptable and can accommodate future changes.

Navigating Ambiguity and Uncertainty

Stakeholders may intentionally introduce ambiguity into requirements for various reasons, including fair play, commercial negotiations, or to foster creativity. Architects should be prepared to handle such situations effectively and seek clarification when necessary.

Effective Communication Strategies

To bridge the gap between architects and stakeholders, consider the following strategies:

  1. Active listening: Pay close attention to what stakeholders are saying and ask clarifying questions to ensure understanding.
  2. Plain language: Avoid technical jargon and use clear, concise language that stakeholders can easily understand.
  3. Visual aids: Use diagrams, charts, and other visual aids to illustrate complex concepts.
  4. Iterative approach: Involve stakeholders throughout the project lifecycle to ensure that their needs and expectations are met.
  5. Prioritize information: Focus on the most critical details and avoid overwhelming stakeholders with unnecessary information.

By adopting these strategies, architects can foster better communication with stakeholders, leading to more successful projects and improved outcomes.

Further Readings:

The Architect Elevator — Visiting the upper floors

When Asking Too Many Questions Undermines Your Leadership

How Mindfulness Can Help Engineers Solve Problems

Navigating Ambiguity: Creating Opportunity in a World of Unknowns

Mastering Uncertainty: How to Thrive in an Unpredictable World

Thinking In Bets

Thinking, Fast and Slow

Leading in Ambiguity: How to Transform Uncertainty into Possibilities

Six Simple Rules: How to Manage Complexity without Getting Complicated

Cracked it!: How to solve big problems and sell solutions like top strategy consultants

What's Your Problem?: To Solve Your Toughest Problems, Change the Problems You Solve 

Upstream: The Quest to Solve Problems Before They Happen

Monday, August 12, 2024

Book Review - Building Data Centers with VXLAN BGP EVPN: A Cisco NX-OS Perspective

 

If you are completely new to EVPN, this book might help you understand the basics. But interestingly enough the book is dedicated to VxLAN BGP EVPN spread across roughly 450 pages and still miss to cover following topics in details:


- BGP underlay & Overlay designs details and tradeoffs beside best practices

- No details of EVPN route types, their encoding, flooding scope & optimization

- No details of design choices & tradeoffs 

- Lot of repetition 

- Very condensed packing of contents

- EVPN MLAG/Multi-homing details are skipped

- EVPN Policies stitching details are missing between different BGP AFIs & potential issues in ref. to policy control and information loss

- Multi-pod and Multi-fabric designs are are briefly touched  with no details but just plain theory

- EVPN over DCIs (L2 vs. L3) are very briefly touched with no details at all

- VxLAN & EVPN OAM are completely skipped

- No complete end to end configuration examples and scenarios

- Dual Stack & IPv6 only DCs are completely skipped

- Open Stack integrations are skipped

- How to deal between Physical and Virtual VTEPs is not covered

- Controller vs. Controller less designs are skipped

- Programmable fabric scalability details are not covered 

- Platforms specific details and limitations are not addressed 

- EVPN control plane security options are left for you to explore


HTH...

A Tech Artist ðŸŽ¨

Tuesday, April 16, 2024

Why Enterprise IPv6 Never Took Off - A Short & Crisp Business Perspective (For Sanity)


 

It's been only 30 years or so when the first IPv6 IETF draft probably came out (Was called IP-NG <Next Generation> back then, there was IPv5 too which You can't find in most book today). 

Ever since then, the network engineering community seems to have fallen in love with the newest blue angel. There are probably 100s of books, Video/Classroom trainings,  Podcasts that have been released covering it from all different technical perspectives (Apps., Services, Infra etc.). Everyone of those have been claiming that one should start embracing IPv6 sooner than later or else Your IT would become irrelevant and Your CIO and You will be thrown under the bus. So start now...

To fuel this trend further, they predicted that with IOT (Internet of Things) taking over the world, You will soon run out of time very quickly and not knowing IPv6 will make You irrelevant because of big demand of new IP addresses.  


I in fact came across "WhyNoIPv6" recently which seems to be a fancy protest forum against companies not offering their consumers to connect through IPv6. 
But why the businesses are yet not keen to put money into it for the most part ?

Imagine you are the virtual CIO of the company and You got to convince Your IT stakeholder about why they should pour some money into this. Just try to answer following questions.

1. What business value does it really add ?

2. What would the implications/opportunity lost, if we don't do this ?

3. Do we know what my business competition is doing about it ?, If Yes - What benefits have they achieved or costs they have saved ?

4. What is the best case vs. worst case scenario for by when our beloved Telcos/CSPs will run out of IPv4 address space in reference to our projected growth and requirements which will impose requirements for more IPv4 addresses. 

5. Throw some $$$ internally or hire an external IPv6 consulting firm, ask them to put together a planning document that covers - IT wide IPv6 readiness, Roadmap, Tentative Cost (Adoption Curve, HW/SW, Licensing, Deployment, Migration, Integrations, Support, Training, Highlighting Current IT Maturity and maybe - The Pitfalls/Lessons Learned by Industry).

BTW... IPv6 does offer some amazing technical benefits as well as has got some amazing new drawbacks/complexities to deal with, which of course You can solve as long as your are committed...fully. Picking up on IPv6 should only take few weeks.

Until then - Trust God, Trust NAT & other stuff which many would tell you are so ugly solutions, and politely ignore such warning:

HTH...

A Tech Artist ðŸŽ¨

Thursday, February 8, 2024

Consulting Myth Busting - They are very good problem solvers

 


Though Consulting and Enterprise Architects comes in many shapes and sizes, one of the common misconceptions I often hear and have to address is - "They are better problem solvers, specially if problems are complex in nature".
 
I politely disagree.
 
They are often people who are better "Problem Framers" beside "System Thinkers".
 
Few things for You to consider:
 
  1. You may still be solving the wrong problem.
  2. You are still forcing yourself to solve problem which might be multi-dimensional/discipline in nature. So you can at max fix your part of the problem only. (Outputs not outcomes). Many just unintentionally do it to grow their pride and be seen as heroic.
  3. There are only probably 2 books in the market You can find on problem framing, you can still find 100s on problem solving.
  4. You really need to practice hard to win against your own conscious/unconscious bias.
  5. You need to fight against the status quo (Your environmental needs to be successful).
  6. You got to be expert at everything and yet you are not an expert at anything. (You will only get this point if You have lived through it for real).
If you are deeply in love with any particular discipline or is passionate about, You are not really a consultant. Find a better word for yourself and your identity.  
 
More on problem framing and why It doesn't really matter in 99% cases in the future post maybe.

HTH...

A Tech Artist ðŸŽ¨