The big difference between the two cities is the amount of time that the InteropNet team gets to produce a live, fully operational and redundant network. In Las Vegas, this was nearly a full week of time - a tight timeframe across 17 different vendors, but now we’re looking back at that timeframe as a luxury. In NY, we’ll be getting started Saturday morning, and the network needs to be delivered on Sunday morning for the registration desk and exhibitor move-in to begin. If you’re keeping score, that’s about 24 hours to deliver a working network. Sounds hard, but it’s even harder when you consider that this means four DS-3s from two different locations, 17 full and 7 half racks of network gear, all the fiber and copper that the network is delivered over, etc all have to get done. Good thing that with 2 and 3/4 kids, I’m not planning on much sleep, and I don’t think the rest of the team is either.

In order to try and get the network delivered in that short timeframe, we worked hard at Hot Stage to assure that everything is ready to go. With some luck, the work that we’ve done here will allow us simply to roll the network gear into place, run the cables, fire up and go.

Now, things never really work out that way but that’s what EM7 is going to be there for. We’ll watch in real time as the network elements come live and be able to let the other InteropNet vendors know if their gear isn’t behaving as expected or is not visible for all the areas of the network that it should be. We’ll keep track of all of this in the EM7 ticketing system so that after the show we’ll be able to analyze the behavior of the network and systems as we did after Vegas.

I’m looking forward to the show and once again working with some of the top engineers in the country on a complex and rapidly deployed network.  Speaking of which, we’re still looking for volunteers to help in the NOC.  Volunteers get to work with some really smart people, get an education that would be hard to get anywhere else, and get a trip to NY where your expenses (for things like hotel accommodations and food provided by the show) are taken care of.  Sound interesting?  Be sure and check out the application.

ShareThis

A total of 155 trouble tickets were opened in the four days that the help desk was operational. Of these tickets:

• 91 were opened by exhibitors, these were opened by 75 different booths (of about 500).
  • 28 were to report slow or no connections. Of these only 6 were related to the network (all before the show opened), usually they were things like patch cables not pushed all the way in. The remaining 22 were user error. Another interesting stat is that four of the tickets came from the same networking vendor and in each case it was their own gear that was misconfigured. I guess as users we shouldn’t feel bad when we have trouble getting configs right.
  • The other 63 were change requests with the most common being a request to move an internet drop from one location in a booth to another.
• Two tickets were proactively opened by the InteropNet NOC team to notify/warn a vendor that a machine in their booth was infected and performing malicious scans of the network, in order to try and spread the infection. Without naming names here, it’s interesting that one of the companies was a security company and the other a very large software company.
• The remaining tickets were largely opened to track that activities of the NOC and InteropNet deployment teams as they deployed, tuned and maintained the network over the course of the show.

So what does this mean? It means that less about 15% of the exhibitors ran in to something that required them to open a ticket with the help desk and that in reality only 21% of those tickets were for valid issue, meaning only about 3% of the exhibitors actually had any issues. Further analysis shows that for the tickets where there actually was an issue, the issue was resolved in an average of 50 minutes, with the quickest in 11m and the longest at 2hr 39m. Finally, not a single valid exhibitor ticket was open during show floor hours. All issues occurred before the show began during the set-up phase.

Overall I think that these stats point to an efficient help desk and trouble shooting process that was facilitated by the link between the EM7 Trouble Ticketing system and Network Monitoring components that allowed quick validation of tickets so that the right teams could be dispatched.

ShareThis

Nowhere is that shift clearer than at the FBI's Regional Forensic Computer Lab here, which once lifted traces of incriminating Google searches from a suspect's hard drive to help convict him of murder. This week the lab became the sixth computer forensic lab in the nation to be accredited by the American Society of Crime Laboratory Directors, in another sign that computer forensics is no longer just about investigating hacker attacks.

"We've found video of gangsters rapping a song about a murder they committed," RCFL examiner John Leamons says.

The growth of law enforcement computer labs is an indication of how technology is increasingly involved in, or on the periphery of, criminal activity. San Diego-area law enforcement agencies founded the first regional forensic lab in 1998; there are now 14 such labs in the United States, with two more coming online this year. Last year the labs collectively performed more than 13,000 forensics examinations. The San Diego lab alone handled more than 1,000 requests from 40 law enforcement agencies in 2007, including 171 child pornography cases and 160 murder investigations.

In its early days, the RFCL examiners not only recovered the data, they analyzed it for evidentiary value based on the particulars of the case. But with exponentially growing data and caseloads, the 22 examiners here now focus on collecting and preserving data in a manner that will hold up in court, then hand that data back to the police agency for analysis.

Not surprisingly, the most valuable information comes from the files that suspects thought they had deleted, but which remained hidden in the nooks and crannies of their hard drives. "The key to computer forensics is unallocated space," says Leamons, who is on loan to the lab from the San Diego Police Department.

No one can remember a case being kicked because the lab made an error, but they can remember cases where they found evidence that exonerated people charged with crimes, Leamons says.

Cellphones pose a particular challenge, says Rebecca Adimari, one of the five examiners who work on them.

"Each has its own operating system and frequency -- there's probably over 500 makes and models and not many of them are the same," she explains. "There can be so much evidence on there."

From the unique ringtone caught on camera during a holdup -- to the accidentally recorded conversations on voice notes, to the Israeli thug keeping notes of extortion visits on his PDA -- the way people use their phones can be pretty incriminating.

"When they arrested the Arellano Felix people (a gang of Mexican drug lords later convicted of murder and drug crimes in 2007), they recovered 14 phones including one with a photo of a machine gun," Adimari says.

She has hundreds of power and data cables, since they're all peculiar to individual phones. And she has a special box that blocks signals on the phones in the lab, so no information is lost or compromised.

Examiner Patrick Lim, from the Naval Criminal Investigative Services, says he recently recovered data from a hard drive that had been burnt to a crisp. Asked if it was from an arson or a murder, Lim says he can't reveal the details.

"It was burned. That's all I can say."

The fiber types (such as multi-mode, single-mode), standards (SX, LX, LH) and  connectors (LC, ST, SC) seem to be a topics that need clarification about 80% of the time when we’re working with customers on networking equipment or site surveys.

Here’s a brief review of the various types of fiber, optics, connectors and when to use what. Let’s start with the basic stuff, and move down the line.

Multi-mode vs Single-mode
First of all, we have multi-mode and single-mode fiber. Multimode has a larger diameter ‘core’ or the area in the middle the light travels through. The larger diameter- think of it as a big tunnel- lets the light take different paths, creating multiple rays, or modes. The light bounces around more, which means the connectors and splices for multimode are more forgiving than for singlemode, but the bouncing causes dispersion and fidelity loss. On the other hand, singlemode has a much smaller diameter core, giving the light one straight path, or mode, through the cable. Because of this, singlemode offers higher throughput and longer distance, but the light equipment and connectors are much more finely-tuned. Which, of course, means singlemode is much more expensive.

When you’re adding or surveying multimode fiber, you should know what core size you’re working with. The core size affects bandwidth and the maximum distance you can reliably run it. Multimode usually comes in 50- or 62.5-micron, which is the core diameter. The larger the core size, the more bandwidth you get, but the shorter distance you’ can go. To give you a general comparison, most singlemode comes in 9-micron core, which is about 1/6^th the diameter of multimode.

When to use what. In short, the fiber type you choose will depend on 1) budget and 2) distance. Mostly, you’ll use multimode for short fiber runs, between switches, to servers and possibly between buildings, if they’re adjacent. You should use singlemode when you need higher throughput or a longer distance. Here’s a quick look at the types and maximum distances for each. I’ve also included a proprietary rating, for connectors using 1550nm wavelength over singlemode fiber, to get increased distance. (Standard for singlemode is 1310).

• Multimode - up to 220m with 62.5 micron core
• Multimode - up to 550m with 50 micron core
• Singlemode - up to 5km-10km (standard, using 1310nm optics)
• Singlemode - up to 70+km* (proprietary, using 1550 nm optics)
  

Fiber Optic Standards
You’ll need to know the type of optic to specify for your network equipment. Some vendors have their own proprietary fiber optics, but the standards are 1000Base-SX for multimode, and 1000Base-LX for singlemode. You can use multimode with 1000Base-LX with the addition of a mode-conditioning cable to set the light along the correct path down the cable. LX, which is standard, uses the ~1310nm wavelength. Vendors have created 1000BASE-ZX and 1000BASE-LH, which use the 1550nm optics to obtain longer distances. Note, here we’re talking about 1-Gig fiber, not 10GbE, hence the 1000Base. We usually just refer to these as SX, LX and LH, leaving off the 1000Base- when talking about the optics.

• 1000Base-SX - multimode
• 1000Base-LX - singlemode standard (can be used over MM with mode-conditioning cable)
• 1000Base-LH - singlemode non-standard (proprietary for longer distances at 1550nm)

Connectors
Here’s the fun part, and no one remembers what connectors they have (if they even knew in the first place!). There are several out there, but you’re probably going to only ever run into three - LC, ST and SC.

I’ll start with LC since that’s usually found on switches and other current network equipment these days. LC stands for ‘Lucent Connector’ (the creator) and is the connection type on SFPs (Small Factor Pluggable) or Mini-GBICs. They’re small, and were designed to replace the SC connectors.

Since I mentioned SC, let’s go there next. SC, or ‘Standard Connector’ are the predecessor to LC, and are similar in shape, but quite a bit larger. We suggest using the mnemonic ‘Square Connector’ to remember SC.

Last- and possibly least- we have ST, which really means ‘Straight Tip’, but many folks have a better time thinking of ‘Stab and Twist’. You stick it in and lock it in place by turning the outer barrel, sort of like BNC did. And yes, I’m old enough to remember the BNC days ;)

Duplex and Simplex
Most often, you’ll be using duplex fiber, which consists of a pair of fiber for bi-directional communication. Then- of course- you would use simplex fiber cables if you only need to send data a single direction. Those applications are more specific, but they do exist.

Ordering Fiber Cables
If we’re translating all our acronyms and numbers into something we can use, then let’s talk about how you put it all together when you’re procuring cables.

For example, let’s say you’re purchasing short fiber jumpers for connecting your patch cable to your switch. Most likely, you’ll want multimode, in a short length (2meters), with LC on the end going to the switch and let’s say SC on your patch panel. In our example, we’re assuming we have 62.5micron mm fiber.

What you’ll ask for is: Fiber jumper, 2 meters, duplex, 62.5-micron multimode, LC to SC.

LC	SC	ST

These are the best images I found to demonstrate the shapes and orientation of the various duplex fiber connectors we talked about. You can find these images and descriptions at Cables To Go.

Wowzers, I said this was going to be a short one. In fact, this post was originally titled “Fiber: A Very Brief Review of Cables & Connectors” but I had to rename it ;) Oh well- now you have all the information in one place for future reference.

# # #

In case you can’t read it from the goofy photo, it says:

Yes, I am certified.
No, I will not fix your computer.

So, I thought this shirt was appropriate and it made me laugh. Plus, it’s super-soft too!

# # #