Holding the Creative Tension
We have a network infrastructure which supports some ISP services for people in our building, our own LAN, a DMZ, and point-to-point T1 to one of our clients (for which we provide backup Internet access, although the pipe is primarily for off-site data backup).
This network evolved. Once upon a time, it supported only our own LAN and web application hosting for our customers. We tacked a little bit on here, run a new wire there as we sign contracts, and we get to today.
Today, we want to put in multihoming and BGP routers with full tables. Ugh.
I've been scheming and postulating on this project for a couple months. I've created and thrown out several plans on incremental ways to migrate the network to be in a ready state to do this. It has been very difficult to get anything concrete moving.
So then a few days ago, I decided to bite the bullet. I picked one small change: rerouting traffic from our in-house customers through a different way to free up a needed interface on one of our routers. I wasn't sure how the network had evolved, so I put a little note to diagram the immediately relevant connections and VLANs involved.
I started diagramming, and I couldn't stop. I claimed the conference room whiteboard. I seem to have inspired a coworker who is fond of the network side of the business, and we ended up with the whole shebang laid out on the 8' wide, 4' high whiteboard using three different colored markers.
We stared at this for a while. Alan then fired up his laptop and pulled it into the conference room and began plugging the connections into "neato" (part of the graphviz package). After a couple hours, we had a new, cleaner diagram.
We used this physical-layer diagram and discussed how to move forward. Did this diagram challenge any of the assumptions that I'd made in deciding the little piece to move?
It did. So what to do now? We threw around a few ideas, but nothing satisfactory. Then I pulled out a piece of scrap paper and drew out a three-zone system, with redundant routers, and a "forward DMZ." I put the two diagrams next to each other and saw these two were worlds apart. No surprise there.
But then, looking back and forth, we found a whole new way to go about this in incremental steps. It was incredibly obvious.
I am reminded of wisdom which I think came from the Fifth Discipline: Work from deep understanding, and hold the creative tension between the way things currently are, and the reality you'd like to create.
System relationships
Your post reminded me of a project that has been looming and languishing in our IT department for really years now: System Relationships Diagram. It's not like progress hasn't been made along the way...we've really come quite far in setting up database tables with relationships for the software side of things. Software is profiled, as well users, tagged hardware, locations, departments, etc.
Software is installed on tagged hardware; the hardware is in a certain location, in a certain building, and the user is assigned to a location, so we're able to associate users with software. Then software is associated with servers (database, application, etc) so that if a server goes down, for instance, we can fairly instantly know what software and users are impacted and can generate a System Outage notification to the appropriate people.
Wherein lies the rub is the more complex issue of routers and wiring. Suppose fiber is cut on 5th street which is used to connect this campus to that one. What lies downstream? What is affected by the outage? That's the part we're trying to track now...and initially we're doing it pretty much as you described: through a visual exercise, with the hope of being able to translate it into a database so that we can build onto a sophisticated sort of dashboard that doesn't rely on specialized knowledge to determine impact.
It's amazing how intricate system connectivity can become and how fairly common it is for the "big picture" to reside only in the psyche of selected talented individuals who better hope they don't get hit in the head.
An exercise like you describe can help uncover areas of opportunity for improvement as well as laterally spreading the wealth of knowledge.
Inspiring post, Jason.