Forgot your password?
typodupeerror
Businesses Security Hardware

Build Your Own NOC 267

Posted by timothy
from the role-playing-game dept.
Geminus writes "Ever wanted to build a cheap NOC but had difficulty explaining tech stuff to bean counting managers? Here's the basics on building one for under two grand. Makes for a pretty good dog-n-pony show, and proves useful too! Damn, I want to be an Armchair Network Operations Center General."
This discussion has been archived. No new comments can be posted.

Build Your Own NOC

Comments Filter:
  • by Anonymous Coward on Monday December 15, 2003 @01:52AM (#7722757)
    NOC=Nitrous Oxide Computing.
  • by yroJJory (559141) <.me. .at. .jory.org.> on Monday December 15, 2003 @01:54AM (#7722772) Homepage
    I guess you can build your own NOC, but if you don't have enough bandwidth, you can't teach others how to do it.

    There have been 4 comments so far and the story is already slashdotted!
  • by ruebarb (114845) <colorache@nOSPam.hotmail.com> on Monday December 15, 2003 @01:55AM (#7722774)
    I was part of a company that wanted to branch into network management for others

    problem was, to sell your services as a NOC, you have to already have it built, which we didn't have...we had a bunch of fake looking tools, though...

    where was this two years ago when I needed it...LOL

    RB
    • by Anonymous Coward on Monday December 15, 2003 @02:36AM (#7722931)
      This article was barely a page in length and revealed nothing concrete. This is meant as more of a joke than anything else, I assume. I hope you were joking as well... because that is pathetic if you'd need this article to learn how to build a NOC.
    • You could always do what the Pentagon did and just setup a huge dog and pony show for the masses.

      NOC story for funding.

      Awhile back the Commander of Cheyenne Mountain was taking a tour of the Pentagon NOC facilities. At one point of the tour the guide showed off a large board of lights all pretty with labels, flashing and so forth. (picture the bat computer and you'll have a pretty good Idea)

      Anyway the CO was so impressed by this that when he got back to Colorado he informed the network folk of this grea
  • Just add... (Score:5, Funny)

    by neiffer (698776) * on Monday December 15, 2003 @01:55AM (#7722777) Homepage
    Just add an LCD projector and I can play a 3d shooter on the big screen while keeping track of network packets.
  • by CyberSlugGump (609485) on Monday December 15, 2003 @01:56AM (#7722782)
    It must have been a *really* cheap NOC!
  • Nightmares. (Score:3, Insightful)

    by DAldredge (2353) <SlashdotEmail@GMail.Com> on Monday December 15, 2003 @01:57AM (#7722784) Journal
    This will cause me to have nightmares. I hope they are joking.
  • by jkrise (535370) on Monday December 15, 2003 @01:58AM (#7722797) Journal
    The NOC advisory "Your first Monitor should be watching CNN or the weather channel"

    Change that to Slashdot, Kuro5in, TheRegister, ThtOnion or something else. No CNN please.... if you have any sense of self-esteem, that is.

    -
    • by jkitchel (615599) <jacob_kitchel&hotmail,com> on Monday December 15, 2003 @02:13AM (#7722855)
      No CNN please.... if you have any sense of self-esteem, that is.

      Ok, fine. Make that Fox News then.
      *runs for cover*
      • Fox News Alert.
        Perterson Case
        Fox News Alert
        Jackson Case
        Fox News Alert
        Toby Case
        Fox News Alert
        More Mindless crap.

        And this is coming from someone who in the past bought dish network so I could watch fox news. But that is before it turned into all trash, all the time.
    • I worked in a Fortune 500 company's World HQ NOC, and of course, we were in the basement. World class NASA launch station looking facility. Anyway, since we were in the basement, we had no windows. So our window to the outside world was CNN.

      God does that station play the same annoying commercials all the time, it was horrible. However, CNN generated so many political arguments that work used to fly by. Seeing 9/11 happen live was quite scary. Nothing got done for quite a while after that, as CNN was t

  • The article. (Score:5, Informative)

    by Anonymous Coward on Monday December 15, 2003 @01:58AM (#7722798)
    A Website Dedicated to Computer Professional...and some not so Professional
    How to build a cheap Security NOC
    William M. Nett

    The Network Operations Center or NOC is the cornerstone of all computer networks. I've worked at AT&T's NOC, been around Government NOCs and seen small scaled versions. Most look like something out of the movie, "WarGames" and surprisingly, whether you're a Linux or Windows fan you can build one for cheap and be your own armchair NOC General.

    What does a NOC do? It monitors connections, network activity, spots problems, conducts threat assessments, and calculates scalability requirements with customer demands... it also puts on a pretty good "dog-n-pony" show for potential investors and customers.

    What's required? Again, surprisingly not too much! Depending on the size of your company, this can be achieved with as little as an 8' X 10' room, and 4 computers. Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).

    You'll need at least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup. Here's the loadout:

    1. Firewall: Get a copy of IPCOP... its Smoothwall on steroids and very easy to configure. It has a built in Intrusion Detection System, Proxy logging, and you can use Coyote Linux as a failover if you think you are being attacked. This package uses a web interface, so there's no need for a
    monitor, keyboard, or mouse. These software elements are also free. Minimum requirements are a 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.

    2. Network Monitoring: Download a copy of F.I.R.E. and run it on a barebones 600 Mhz system. Configure and open Etherape on a monitor for an Air Traffic Controller's view of your network activity... bean counters love this. If you're being attacked or infected, you will quickly see where it's coming from. You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible.

    3. Got wireless? Download and run Airsnare with a semi hyped up Wireless antenna, and you'll quickly spot any war-drivers or unauthorized network connections. If you have an old directional motorized TV antenna system lying around you can go uber-elite and connect a cheap phased array panel antenna or cantenna to locate your wireless intruder with NetStumbler. This can all equally run on a 333Mhz Windows based system.

    4. Workstation: Here's the beef... a 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS. Trust me, once you go Dual-Head, you won't go back. The best Linux Dual-Head OS is SuSE 8.3. Tie this into the KVM to modify any of your servers.

    5. Red Phone... afterall, who doesn't want one? You're batman right?

    Your first Monitor should be watching CNN or the weather channel (depending on location), the second should be running Etherape, and the third should be running Airsnare or Windows Services Monitors (CPU, Netload, etc.) All of the software here except Windows is free, and easy to configure... except maybe your General's chair. In the end, aside from having your own
    WOPR, you have a NOC for just under $2,000.00

    William M. Nett

    Links:
    http://www.ipcop.org
    http://www.coyotel inux.com
    http://prdownloads.sourceforge.net/biatc hux/fire-0 .4a.iso?download
    http://etherape.sourceforge.net/ images/v0.5.5.png An etherape screenshot
    http://www.netstumbler.com
    http://hom e.comcast.net/~jay.deboer/airsnare/downl oad.htm

    Search Now:

    E-mail your comments to dougchick@thenetworkadministrator.com
    All rights reserved TheNetworkAdministrator.com

    Disclaimer: The Opinions shared on TheNetworkAdministra
    • Re:The article. (Score:5, Informative)

      by Silvers (196372) on Monday December 15, 2003 @02:07AM (#7722830)
      "You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible."

      Am I the only one that balks at this statement? Maybe I am missing something but it does seem that even with rx-only you could be infected, just not by any connection oriented protocols? (Or maybe even still if some really strange bug crops up).

      Or am I just missing something...
      • Re:The article. (Score:5, Insightful)

        by KrispyKringle (672903) on Monday December 15, 2003 @02:19AM (#7722873)
        Probably right. I've wondered about this before, when seeing these statements. But at least you don't have to worry about leaking information or being used as an intermediate host in an attack. Worst case is essentially a DOS. On the other hand, were this a logging host, you could concievably infect it as you mentioned, download to it a simple program (you'd have to hope you download it right, since there won't be any way to do TCP style checksumming, I suppose) and have it grep through the logs to remove entries with your IP address or whatever, all automatically. No? But that'd be a bitch of an exploit, if you could pull it all off all one way.
        • by puhuri (701880) <puhuri@iki.fi> on Monday December 15, 2003 @05:24AM (#7723394) Homepage

          There are some vulnerabilities for passive monitoring also. A search of CERT [cert.org] database for snort or tcpdump gives you a following list:

          • Heap overflow in Snort "stream4" preprocessor
          • Buffer overflow in Snort RPC preprocessor
          • tcpdump enters infinite loop when parsing crafted ISAKMP packets
          • tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets
          • tcpdump vulnerable to buffer overflow via parsing of AFS ACL packets
          • tcpdump, ethereal vulnerable to DoS

          A listen-only box gives you some protection but it cannot be the only protection for your traffic recorder.

          • I've seen vulnerabilities in tcpdump, ethereal, and Snort, but I never looked close enough to see if they'd work on a receive-only setup. Just because the initial attack is against a passive listener doesn't mean that it doesn't rely on some response to carry out an exploit (to do more than a DOS, in other words). If I get time (and I won't), I'll check into it. Thanks.
          • by Lumpy (12016) on Monday December 15, 2003 @08:23AM (#7723935) Homepage
            first of all you have to FIND it. It's not going to be admitting that it even exists on the network. so you either needto make a bunch of wild ass guesses, have inside information, or start systematically attacking all the non-sctive IP addresses in the subnet.

            all of which will set off lots of NOC alarms before you even get to the machine.
      • Re:The article. (Score:2, Insightful)

        by psyki (653079)
        With a "receive only sniffer", even if the machine gets infected it will have "zero chance" to infect other machines. Eric
      • Re:The article. (Score:5, Interesting)

        by boaworm (180781) <boaworm@gmail.com> on Monday December 15, 2003 @05:37AM (#7723420) Homepage Journal
        Another way of doing that is to connect the machines with a Hub instead of a Switch, and have one machine configured without an IP, only raw logging of network traffic.

        The idea is that whatever goes on out there will be logged/dumped, but never executed/analyzed, on this machine. And since it has no IP, it does not show and cannot be addressed. So if you have an intrusion, this machine is uncontactable, but still will hold all network traffic for you to analyze later.

        Kind of like making
        bash# ln -s /dev/lp /var/log/messages

        Pretty hard to clear up the trace now, huh ? :)
        • Re:The article. (Score:3, Informative)

          by AKnightCowboy (608632)
          The idea is that whatever goes on out there will be logged/dumped, but never executed/analyzed, on this machine.

          Wrong. Go look up the RPC pre-processing and stream4 vulnerabilities in Snort. I will also add that a very common way to configure a network sensor is to have one administration interface on an internal trusted network and the other passive listen-only interface without the IP on the dirty network. With the snort vulnerabilities your machine could become infected and used to reach your intern

        • Re:The article. (Score:5, Informative)

          by IGnatius T Foobar (4328) on Monday December 15, 2003 @10:02AM (#7724518) Homepage Journal
          Kind of like making
          bash# ln -s /dev/lp /var/log/messages


          If I may nitpick ... you could also achieve the same effect, without the symbolic link, by simply pointing to /dev/lp in your /etc/syslog.conf file. That way it would write to both locations without them having to be linked together. Moreover, you could define different logging levels (for example, send everything to the text file but only critical logs to the printer).

          syslog is a wonderfully flexible facility.
      • Am I the only one that balks at this statement? Maybe I am missing something but it does seem that even with rx-only you could be infected, just not by any connection oriented protocols? (Or maybe even still if some really strange bug crops up).

        Snort had such a bug once or twice within the last year that allowed a remote attacker to execute code as the user snort runs as (usually people run it as root) just by having the sensor listen to the traffic. Quite spiffy.

    • This article sucks (Score:5, Informative)

      by 0x0d0a (568518) on Monday December 15, 2003 @02:33AM (#7722922) Journal
      There is *not* a heck of a lot of content here.

      Most of the information is more than obvious to anyone interested in running a NOC (incidently, left out of the Slashdot story is that this is a *Security* NOC).

      I've seen random Slashdot posts that would be a lot more useful to someone interested in building a NOC than this thing.

      That being said, my own two cents:

      If you're using SNMP to manage your network, snmpwalk+scripts is good. If you can stomach not using open source software, Intermapper [intermapper.com] is really nice. Unfortunately, the two big open source competitors don't quite measure up -- Scotty [utwente.nl] is kind of old and grotty and rather TCL-oriented, and GxSNMP [gxsnmp.org] appears to be dead.

      Etherape, as suggested in the article, isn't the greatest choice either...IIRC, it doesn't support satellites, which means it needs to be running on the actual network it's monitoring. Not really acceptable for a NOC tool. Etherape is also, in my experience, rather CPU-hungry. There are a lot of commercial traffic flow visualization tools...not sure what's best, as I haven't played with many.

      All in all, while the article's worthy of a post in a random discussion, it really isn't worthy of a Slashdot story.
    • by aardwolf204 (630780) on Monday December 15, 2003 @02:43AM (#7722955)
      5. Red Phone... afterall, who doesn't want one? You're batman right?

      Of course, then you can say stuff like "Get the Pentagon on the horn!" while smoking a stogie
      • by lewp (95638)
        I often do this when I'm working late in the NOC. Of course, then my cigar sets off the fire suppression system...
    • Re:The article. (Score:3, Interesting)

      by SkewlD00d (314017)
      NOCs... oh, like the one Enron had for petrochem market trading? HAHA. All u need is nmap, snort, ethereal, neotrace pro (runs on wine i think), dshield's log generator, etherape, and nagios (netsaint). Nagios is fucking l337. But a whole solution that integrates CRM (ticket manager) and monitor/response would be nifty w/ a slick interface. Something like neotrace + etherape + DIDS monitoring + nagios would be awesome.

      Lol, u can't find wardrivers if they have their transmitters turned off. ;)

      lmao...
  • NOC (Score:5, Informative)

    by chunkwhite86 (593696) on Monday December 15, 2003 @01:59AM (#7722802)
    For those who are wondering...

    A NOC is a Network Operations Center. It is one room, typically filled with many displays of real-time data which display the health/status of a network.
  • by beeudoublez (619109) on Monday December 15, 2003 @02:04AM (#7722818) Journal
    what if your boss/manager saw this and decided this is all you needed for your budget?
    Hard to justify higher costs when your proof of concept is some webpage discovered by your boss, we've all been there.
    • [quote]
      Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).
      [quote]

      what if your boss/manager saw this and decided this is all you needed for your budget?

      You will quickly find out if you need a hardware firewall or not.
      • You will quickly find out if you need a hardware firewall or not.

        Of course, with the limited use of the tools mentioned, I'd hardly say that a hradware firewall appropriate for this "NOC" would cost $15,000. Try a $600 PIX 501, if you must have a PIX.
  • SuSe Linux 8.3 (Score:5, Informative)

    by Anonymous Coward on Monday December 15, 2003 @02:05AM (#7722825)
    >

    1. SuSe 8.3 does not exist, it's in fact either 8.2 or 9.0.
    2. There is curently no dual head driver from Matrox Parhelia. Olders Matrox's video card has dual head driver, but they don't work anymore with "recent" motherboard since motherboard's voltage is changed from 3.5 to 5 volts. And yes, 1.2 ghz-era computer are affected by this voltage change.
    3. Vmware will be too slow with this configuration do to something really useful. Especially with dual heading.
    4. This article is either a fake or a troll.
    • Re:SuSe Linux 8.3 (Score:5, Informative)

      by RedK (112790) on Monday December 15, 2003 @09:59AM (#7724483)

      Actually, I agree this article is skimpy on the meat and is pretty much useless and filled with factual errors. However, i'd like to respond to your post

      2. There is curently no dual head driver from Matrox Parhelia.

      This is of course bullcrock. Matrox does have a driver for the Parhelia based cards which supports, amongst other things, dualhead configurations (and even triple head! Yes, on Linux). The second head is not accelerated however, so it might be a bit on the slow side.

      3. Vmware will be too slow with this configuration do to something really useful. Especially with dual heading.

      Oh please. Dualheads do not noticably affect the speed of the computer it's running on. Plus, i've run Windows installation within VMware on a P2-333 with a Linux host, all running a very good speeds and using only 288 megs of RAM (2x128 + 1x32). At work, we have a workstation that's a P3-1.0ghz and it runs 2 VMware sessions with Windows 2000 Server for tests, on a Linux host busy running most of our NOC tools. This is all nice and dandy and running along smoothly.

      4. This article is either a fake or a troll.

      Actually, it's not fake since it's posted there and I don't believe it's a troll since you can see a basis for something in there. It's just very badly researched and probably as never been tested in real life. This guy needs do to a lot more trials and research before he has a fully functionning NOC capable of monitoring more than the coffee machine.

  • by losttoy (558557) on Monday December 15, 2003 @02:10AM (#7722844)
    You need:
    1. A good network management system (Open-NMS)
    2. A good systems monitoring system (MRTG+RRD Tool)
    3. A good helpdesk software to follow trouble tickets.

    • by Anonymous Coward on Monday December 15, 2003 @03:23AM (#7723053)
      Unfortunately, as someone who has had to support real NOCs for real networks on a tight budget, I can state without reservation that the open source tools you mention (MRTG/RRD, OpenNMS) are mediocre to the point of unusability.

      Some people might find this puzzling, but the best NOC systems I've used on tight budgets were homegrown applications, usually after trying out and discovering the deficiencies of the open source tools. It isn't that hard to write a good NMS, but once someone rolls their own good one in-house, it rarely gets released into the wild. For that matter, many of the commercial packages are steaming piles, so if you have a talented programmer or two on staff, you can add value to your company by just writing your own NMS and not waste time with mediocre packages.

      This is one of those things that SOMEONE could do well in the open source domain, but I haven't seen it. When someone hacks together the foundation of a really slick NMS at some company that needs it, it inevitably becomes a competitive asset and therefore cloistered in the bowels of engineering. Having a killer NMS is a significant competitive advantage, and the field is populated with enough mediocre solutions right now that there is significant financial pressure to keep NMS code bases proprietary.
        1. Some people might find this puzzling, but the best NOC systems I've used on tight budgets were homegrown applications, usually after trying out and discovering the deficiencies of the open source tools. ... For that matter, many of the commercial packages are steaming piles, so if you have a talented programmer or two on staff, you can add value to your company by just writing your own NMS and not waste time with mediocre packages.

        Now that I doubt.

        Just in the last year, I've had to introduce 3 differe

    • You didn't cite any open-source helpdesk software, so I'll just mention RT [bestpractical.com].
  • by Anonymous Coward on Monday December 15, 2003 @02:17AM (#7722870)
    Bashed out a window so a fan can circulate air, installed 4 of the cheap open frame racks, use a OpenBSD firewall and all of our servers run FreeBSD. It costs next to nothing to set up. Idiots down the hall from us spend $1.5 million on their room, $100K just for the air conditioner. The funny thing is they do 1/100th of the traffic we do. Believe me, the "IT" industry is set up to rip you off if you don't know what you're doing. This stuff can be done a lot cheaper than the suits lead you to believe. This is how we survived the bubble while the floor outside our door got marked up from other occupants expensive equipment getting moved in, and then out!
    • i agree with that!
      It is very simple mathematics, and a bit has to be knewn before actually trying first time(that little is that you know you can try it out:D)
      Anyways, when everyone else offers server hotel services for 150e/month minimum, this is being 1:10 shared 10mbps half-duplex con, sharing based on 'best-effort'(no qossing even oO;), with a max of 5ips... and at MAX nameserver usage for _1_ domain.

      Well, with simple arrangements, i managed to cut the price to half, plus increase the bw per user (1:7
  • Mirror (Score:5, Informative)

    by TPS Report (632684) on Monday December 15, 2003 @02:30AM (#7722912) Homepage
    Mirror Here [wiretapped.us]. I'll mirror the rest of the page, as soon as he recovers from the shock [freep.com] and replaces the charred, smoking remains of the server he once had.
  • by Mordant (138460) on Monday December 15, 2003 @02:38AM (#7722940)
    With very few exceptions (military, financial, public utilities sectors), it's pretty passe to have a 24/7/365 manned NOC, anymore, given VPN technology, the quality of remote-administration tools, etc.

    It just isn't necessary, anymore.
    • by KrispyKringle (672903) on Monday December 15, 2003 @02:50AM (#7722970)
      Many large networks with critical infrastructure like to have something that's manned most of the time, though 24/7/265 gets pricey. The reason's pretty obvious. If at 3 AM your network goes down, you don't really want all your customers to be up the creek 'till 9 on Monday.

      If you're talking about corporate networks, you're probably right. But if you're talking about hosting companies, ISPs, companies that host their own critical infrastructure (like those you listed above), then the NOC, in some form or another, makes sense, doesn't it?

    • NOC's Have a Purpose (Score:4, Informative)

      by Nazmun (590998) on Monday December 15, 2003 @03:19AM (#7723045) Homepage
      Although, some companies may have NOC's for no good reason... NOC's do have their places. I am a webhost (a small one) and our servers are in datacenters with thousands (in many cases tens of thousands) of other such machines. There are always at least one or two techs around in the wee hours of the night and a NOC is most certainly necessary to monitor all these machines and the network.

      There is NO way a laptop can replace a NOC in such a case. You need a centralized area where everything is monitored. As for remote administration, it's always been pretty decent with Unix (and in our case it's linux mostly) but that just helps the NOC become more useful for us.
  • by Zero__Kelvin (151819) on Monday December 15, 2003 @02:42AM (#7722949) Homepage

    The article calls for:

    1) At least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup.
    2) A 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.
    3) A barebones 600 Mhz system
    4) A 333Mhz Windows based system.
    5) A 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS

    All the above for under $2000.00? Can we also assume that the author works for free, so that setup cost is $0.00? I haven't priced VMWARE in a long time, but if memory serves, that should be near or over the 2K mark by itself. Perhaps the author meant under $20,000.00? What am I missing here folks?
    • by richie2000 (159732) <rickard.olsson@gmail.com> on Monday December 15, 2003 @03:06AM (#7723008) Homepage Journal
      I haven't priced VMWARE in a long time, but if memory serves, that should be near or over the 2K mark by itself.

      You need to refresh your DRAM. VMWare Workstation 4 costs $299 from vmware.com. The rest of the stuff can be had for free, more or less. 17" monitors are $100 a pop new (CRT, that is), the 1.2GHz box can be built new for around $200 (1300 Duron, 256MB RAM, 40GB disk) and the rest of them are dumpster-diving fodder. The only things in his list that actually may cost Real Money (TM) are the big screens, but you can get old 24" Sun monitors on Ebay for a song and maybe a little dance and then you just need to get/make a VGA-Sun adapter to be in business.

    • by Soko (17987) on Monday December 15, 2003 @03:32AM (#7723071) Homepage
      Perhaps he meant "$2000 Capital Investment"?

      Most of what he calls for can usually be gleaned from the office "PC Bone Yard". The most expensive item is the big dual head computer with associated software. Getting it all for under $2K would be a challenge, but not impossible. As for working for free - he set this up for his employer (An assumption - I'll RTFA when it's not /.ed), so they'd be paying him anyway. Since he's trying to make himself more productive, they'll get more for less in the end. I can't see a problem with that, as long as his other duties are kept up as well.

      Sliping stuff you need in under the coprorate radar is easily done with FOSS. When setting up a NOC, if you spread any purchases you need out a bit most of them will be cheap enough that they can be bought on an expense account or with petty cash - you avoid Budget Comittees and/or the Accounting Dept. Call it a "Test Case", and use it to prove that a NOC is a good investment, not just some toy or geeky buzzword. Being able to have concrete numbers that say "See? My NOC isn't really expensive, but it adds a ton of value." will keep the bean counters happy. Once the NOC is in place and you show it has value, you will get to keep it - and sometimes expand it.

      This is one of the ways that FOSS shines - you can (most times) just get the job done without getting caught up in coprorate red tape, since the inital capital outlay is usually minimal.

      Soko
  • by Jason Scott (18815) * on Monday December 15, 2003 @02:42AM (#7722950) Homepage
    I used to host with a fine place, but disagreements over costs and bandwidth usage charges inspired me (along with the purchase of my home) to host in my own basement. I have 3-4 customers, and we'll keep it at that. Bandwidth is a T-1. And I think the place looks pretty sharp. [cow.net] This is also where textfiles.com [textfiles.com] and bbsdocumentary.com [bbsdocumentary.com] are hosted, so it works for me.
    • by Anonymous Coward
      I see two Lisas. So that would be Basement NOC/Museum. Just charge admission.
  • WTF? (Score:2, Interesting)

    by bazik (672335)
    The best Linux Dual-Head OS is SuSE 8.3.

    WTF has Dual-Head support to do with the distribution?
    • Re:WTF? (Score:2, Insightful)

      by thempstead (30898)
      Well its an amazing distribution ... seing as SuSE went from 8.2 to 9.0 .... there is no SuSE 8.3!

      t

  • This [panoramtech.com] company has some products [panoramtech.com] that will REALLY [panoramtech.com] impress the suites. Round the setup out with a few 1337 dvorak gesture keyboards [fingerworks.com], comfortable chairs [hermanmiller.com], and a network camera [securityideas.com] outside the door. Did I miss anything?
  • by Ridge (37884) on Monday December 15, 2003 @02:52AM (#7722976)
    How can they not mention a giant display-oriented map of your region/country/world on the wall!? Minimally this display should:
    • Be in color.
    • Be at least 12'x6'.
    • Numerous people wearing headsets must be employed to stare at it with a sick fascination for the entire day.
    • It should be able to animate interesting events, e.g. incoming ICBMs, lightning strikes, or Godzilla attacks with appropriate context-sensitive graphics.
    • Bonus points if you can surf porn or play tic-tac-toe on it.
  • by Tyndareos (206375) on Monday December 15, 2003 @02:55AM (#7722983) Homepage
    This is the website: http://fire.dmzs.com/
  • The Christmas tree (Score:5, Interesting)

    by BrookHarty (9119) on Monday December 15, 2003 @02:56AM (#7722987) Homepage Journal
    How many other people out there, went over the correct shade of yellow for the alarm lights with a vendor? Funny stories about NOC design. This thread could have some very interesting stuff, if people would let some company secrets slip. ;)

    But onto my point.

    Biggest thing about a noc, is you need to see the alarm, other than taking action, missing an alarm is the worst design flaw. Filter, Page, auto-ticket, there are many things a professional NOC can lend some experience on design. Not everything has to cost, in fact many opensource software works great. (Big Brother anyone?)

    BTW, windows and vmware? Pfft.. Worst thing you want is a crash in the middle of working, Solaris and xterms. Eye-candy is the worst thing to get in the way of working outages.

    Humm, also a good ticketing system is important, if you want to page out someone, you need to have enough detail for the person to do their job.

    Oh yea, give me an Aeron [google.com] Chair also. I know, its .com ish, but they do feel great.
  • Akamai NOC Tour (Score:3, Interesting)

    by mcbridematt (544099) on Monday December 15, 2003 @02:56AM (#7722989) Homepage Journal
    You might want to have a look at Akamai's NOC at http://www.akamai.com//en/html/about/nocc_tour.htm l

    Pictures of Akamai's NOC also were in the Wired article about the Slammer Virus a few months ago.
  • by yalla (102708) on Monday December 15, 2003 @03:03AM (#7723004) Homepage Journal
    I used to work in a NOC of a major cellphone carrier. Working in shifts, staring at your HP Openview, no coffee/food at your desk, boring calls from the staff "Oh, the connection to server ABC isn't working. Do something!" - and when really something goes wrong you feel you want to be an octopus - you need 8 arms for 8 phones.

    Essentially the job is: Stare at network map, wait for thingys to blink, make calls.

    Yalla.
  • Dual-headed video (Score:5, Interesting)

    by John Courtland (585609) on Monday December 15, 2003 @03:17AM (#7723042)
    ...is indeed the greatest thing since sliced bread. I've had it for about 2.5 years now, and one day when my primary monitor went out, I almost couldn't function. Being able to have Visual studio open in one screen and All sorts of Docs and a web browser in the other, I don't know how I did it before...

    In the same vein, nVidia included a really nice feature in their latest drivers (I think it's been around since the 4x.xx series, but it wasn't as refined) that lets you "throw" a window. Pure genius, whoever invented that. With 2048 pixels of desktop space, it actually takes over an entire mousepad to move a window across the desktop. With throwing, I just flick my mouse. If I have a few IM windows open, a few Putty terminals, etc etc, it's great to just get stuff out of the way real fast and put it all into a known area.
  • NOC (Score:2, Funny)

    by mirko (198274)
  • by altaic (559466) on Monday December 15, 2003 @03:45AM (#7723094)
    It would really be better if stories like this were not chosen for the front page. Whenever a story is posted with unexplained acronyms, tons more people click the links to see wtf it's talking about. More people who don't care about the actual (obscured) topic needlessly eat up the bandwidth, and the links are slashdotted much sooner. I know this is off-topic, however it does pertain to this story...
  • Nagios... (Score:4, Informative)

    by helzerr (232770) on Monday December 15, 2003 @03:53AM (#7723114) Homepage
    How is it there is an article about a homebrew N.O.C. that doesn't mention Nagios [nagios.org]?
  • How about a retro-looking NOC? Chart recorders, walls of blinking lights, big dials, keyboards with buttons that light up, teletype printers, brass railings, and red battle lighting.

    The SFFD fire dispatching center used to look like that. Now it's just a roomful of PCs.

  • Worthless article.. (Score:5, Interesting)

    by Thomas Charron (1485) <twaffle@@@gmail...com> on Monday December 15, 2003 @04:58AM (#7723295) Homepage
    This article was a complete waste of time..

    I could just as easily post an article saying 'Get *4* Tires, *2* axells, and engine, and a few other things. Toss them all together, and you just made your own CAR!!'

    I mean cripes. It's not talking about ANYTHING besides 'buy cheap puters and put neat graphics up'.

    I've had bosses that could have written this article.. Heck, I bet they did. 'Whatcha wantt a fluke for? I mean, we BUILT you a NOC for a grand!!' Bear in mind, the 'NOC' was a closet with two monitors I salvaged..

    I dunno, perhaps I'm just getting old but..

    I fee like I just wastes a good minute of my life reading that..
  • How to Get Out of Your NOC Career That You Got Suckered Into Like an Idiot. I'd love that one, please.
  • Office space around here goes for around 200 (well, your location it might be different) a month, and bandwidth these days is pretty cheap. So after everything is said and done, you are looking at spending around 1-2k a month. If you aren't going to use alot of bandwidth, hell it could be less than a grand a month.
  • by bkeeler (29897) on Monday December 15, 2003 @05:52AM (#7723470)
    1. An array of 24-hour clocks displaying the local time in places the company doesn't even do business, and
    2. A huge red button on the wall labelled "Emergency Network Shutdown". When the boss is showing the big-wigs around you leap up from your chair, shout "OH MY GOD!" and hit the button.
  • by AndroidCat (229562) on Monday December 15, 2003 @07:11AM (#7723680) Homepage
    They mention all the cool toys and stuff to run your own NOC, but leave out the most important part: LUSERS!

    What's the point of being Napoleon and BOFH of your own NOC if you don't have lusers to abuse? I think I might have an answer, however.

    Tapping the vast pool of cheap out-of-work IT workers, LUSERS'R'US can provide a simulated load of lusers on your network -- Even with an adjustable rate of phone calls with silly-assed questions and problems for home NOC commanders to deal with.

    If you want to be a real BOFH, you can't reign in hell without some damned souls to boss around. You need us. You need LUSERS'R'US!

  • by ApheX (6133) on Monday December 15, 2003 @09:24AM (#7724249) Homepage Journal
    Unless you suffer from a power outage. Then your 'NOC' is down, your servers down. Everything is useles and out of your control.

    Author should mention either hopping on eBay and getting a used rackmount UPS or building a battery backup yourself using car batteries. As crude as it sounds if you have the space (a seperate room) you can build a huge battery back up system for (relatively) next to nothing and be able to simply add more batteries for longer uptime, etc.
  • CNN (Score:5, Interesting)

    by pyite (140350) on Monday December 15, 2003 @09:40AM (#7724354)
    Can't underestimate the importance of some news channel on at all times. During August of this year, we were in our NOC and we saw our power blip for a second and heard the UPS alarms from the adjacent machine room. Shortly thereafter, we found out we were on diesel power. Our monitoring tools began to show remote devices going down, some coming back, some not. I noticed my SSH session to home died around the same time. I began to worry. I called my house to see if my answering machine would pick up. No dice. It was at this point we realized a big power failure had hit us. A few minutes later, the reports started coming in on CNN that all of New York had gone down, etc. Eventually it all made sense, but it was definitely important to have CNN... even if we knew about the power failure before they did.
  • ummm (Score:3, Funny)

    by djupedal (584558) on Monday December 15, 2003 @09:52AM (#7724434)
    I've worked deep inside a NOC, and this is no NOC...
  • by butane_bob2003 (632007) on Monday December 15, 2003 @01:43PM (#7726722) Homepage
    Who wants to sit in a 4X8 closet with a bunch of cheap windows boxes? I want floated floors with forced air cooling, an inert gas fire suppression systems (and gas masks for everybody!), huge monolith UPSs (built in), a biodiesel/fuel cell backup generator, 3 fiber trunks on major internet backbones (gotta have multi-homing), an isolated command and control center, rackspace out the wazoo, a top 500 supercomputer or two, bullet proof glass walls with opacity dimmers, biometric security scanners, armed guards, NORAD like bomb shelter construction. Oh yeah, and a cafeteria. And armed female guards cloned from Lucy Liu's DNA. Now we're talking.

Felson's Law: To steal ideas from one person is plagiarism; to steal from many is research.

Working...