Thursday, October 19, 2006


[*sigh*] Maybe it's my engineering background. Maybe it's having worked 20 years in engineering and 10 in security. Maybe it's hanging out with Rob & company. Most likely it's a combination of all of the above. In any case, for any type of system, general engineering rules apply. The topic of discussion this evening is "consolidation" as it applies to network management. A few newer people tend to believe that the one-ring-to-rule-them-all approach is the final solution. I disagree.

Consolidation of resources can be a good thing. It allows for easier management and cheaper operations.

However, past a certain point, it can also be a bad (or very bad) thing. Consolidation of resources without taking into account operations like security or unique organizational requirements (e.g., specific data sets) is poor practice. While collections of smaller (and diverse) systems are more expensive to manage, the overall operation is more flexible and much more tolerant of failure.

Think of it this way --> over the length of your lifetime, which do you think you'd be more tolerant of: 100 paper cuts or 1 accident with a guillotine?