No, 5000+ hosts do not need to be *directly* accessible from the internet, but there are an exponentially growing number of devices and information stores that need to be accessed by vendors and business partners (a good example is the change to digital diagnostic imaging by many hospitals over the last few years- those images have to move from hospital to hospital and hospital to clinic somehow). While solutions like Citrix or SSL VPNs are solving many of these issues, often direct VPN access is the only solution. With the VPNs, classic LAN-to-LAN tunnels within NAT space (RFC 1918) are not only prone to conflicts, but are complex to secure. Landing VPNs on routeable addresses outside the firewall (then pin-holing) is most often the only logical choice.
In the specific hospital case above (and this problem exists in many more industries besides healthcare, I'm sure, but healthcare technology is my area of experience)- based on the growth of connected devices, I will be out of IPv4 addresses in about 2 years. Maybe I was a bit loose with my 'wasteful' comment above- but in hindsight I am glad I hoarded when I did. Those remaining 300 routeable addresses are becoming precious. The days of handing out large IPv4 blocks are over as far as ISP's see it, so do I start hoarding more IPv4 addresses now? Sadly, I will probably have to, even if I am charged a nominal fee; it will most likely be cheaper than implementing IPv6, at least in today's skill-set market.
I don't know which ISP's or upstream providers you are dealing with, but in the last 2 years, every DS1/3 circuit I have ordered required quite a bit of justification for anything more than 5 IPv4 addresses. No, I have not had to pay extra for addresses yet, but I have been told by AT&T and others that/24 blocks are basically impossible to get on anything less than DS3's nowadays.
The last time I did get a/24 or larger block of IPv4 addresses was 3 years ago on a 6mbit bundle of T1's. That was a/23 for a hospital network of 5000+ internal hosts. At last check, we were using about 200 of our allotted 500+ addresses. A bit wasteful.
I remember getting T1's in the mid-to-late 90's, and there were no questions asked- you just got a/24.
It's the indexing of personally identifyable (sp?) information by third parties that is the issue. I hate to take the side of Ms. Stoddart (and the goverment) here, but she makes a valuable point. Example- I would hate for a court case between myself and my neighbor over the height of my hedges in Toronto to hurt my possibilities for a job in Florida all because an employer decided to google "my name". If the employer really wants to know, they can do a little leg work and go through the proper legal channels to find out. Otherwise they are jst fishing for dirt, and the indexing of your life on the web isn't helping your prospects.
The limited sh*t that shows up under my name in google now is scary- and I have never been directly involved in legal matters (outside of a speeding ticket). Even if google doesn't index the site, someone else will, and google will index them.
I wouldn't be so paranoid if I had not seen my own managers do google searches of names directly off resumes, then pass/circular file them based on info retrieved that may not even be that of the person who submitted the resume!
And they will all go stand next to the hottest marketing chic/umbrella girl/eye candy they can find so they can go home pull up the project web page and say they '...associated with this totally hot babe'.
Really though, how can they tell with RFID who someone is associating with vs. standing next to?
Why not bother with Postini? I would like to hear about your experience with it.
I have over 4000 mailboxes protected by Postini with nothing but positive results. Such good filtering that the end users actually call the helpdesk when they get a spam email, and that is about 2 times per week. Currently, Postini is blocking anywhere from 30,000-60,000 spam messages/day. I'd be satisfied with a 99% block rate, I'm stoked with a 99.999% block rate.
We have maximum protection (5/5/5) on by default for most users, and get very few false-positives. When there is a false-positive, it is normally a solicited bulk message. I have yet to see a legitimate person-to-person email get flagged as spam.
On average, I spend maybe 2 hours per month managing spam filtering. The efficiency in man-hours alone has paid off our investment many times over.... with no software or hardware to manage.
I am in no way affiliated with Postini and own no stock in Google (owner of Postini).
"is there something about it that allows it to work magnificiently when everyone in an area is trying to run 10 or 15 APs at once with 802.11n equipment?"
My thoughts exactly- Isn't the technology still using unlicensed air space?
A simple wireless DoS involves firing up a few AP's near a building from a public street. Nothing illegal about that... (unlike plugging in to a wired LAN without permission to do so).
This totally sounds like a token ring problem.... Either network flooding or dropped packets (tokens). These issues used to be a bear to track down- going from machine to machine in serial from the MAU...
Ethernet and switching has made me fat- I never have to leave my desk to troubleshoot.
...But credit unions don't provide services to customers with no money.
In some ways the US healthcare system is already like credit unions- The more an individual puts in, the more benefit that individual receives. The people with the money reap the biggest benefits.
As someone who works in healthcare technology, I can tell you that the biggest problems in healthcare right now are government regulation and insurance companies. In California, if your medical facility receives any kind of government aid, you have to run the facility under their operating rules- They tell the hospital what it costs to dignose and fix, then pay based on that. Then they force staffing/patient ratios that have no logical reasoning (we can thank the nursing unions for getting the staffing laws passed). They even control little details like depreciation schedules on computers (5 years). They force the implementation of complex accounting systems that make the care-giver spend more time in front of the computer than in front of the patient.
I can say that I have never heard a nurse or doctor say "The work sucks but the money is great!". From what I have experienced, most are in it because they have a passion to help people.
Also, a 2.4ghz (b/g) or 5.8ghz (a) signal with any kind of strength can be an instant wifi killer. Wireless home phones, microwaves, or just another access point.
my $0.02
You may want to check out bringing a third party in to payroll. Someone like eWork http://www.ework.com/html/services/index.htm can payroll you and bill the client on your behalf. The benefit of this situation is that you would be a W2 employee of ework, avoiding the process of filing quarterly estimated taxes and keeping your own books. They often can extend group plan benefits to you at discounted rates, too. (I am not affiliated with ework.)
If going independent/1099, make sure you bill enough to cover things like benefits, taxes, expenses, etc. A rule of thumb is to double the hourly rate that you would work for them as an employee (i.e. if you'd work full-time with bennies for $20/hour, charge $40 as an independent).
Also make sure you cover your butt on contract details like overtime/off-hours work, minimum hours worked per week, job/task description, worksites, travel time/expenses etc...
my $0.02
Slashdot Mirror
No, 5000+ hosts do not need to be *directly* accessible from the internet, but there are an exponentially growing number of devices and information stores that need to be accessed by vendors and business partners (a good example is the change to digital diagnostic imaging by many hospitals over the last few years- those images have to move from hospital to hospital and hospital to clinic somehow). While solutions like Citrix or SSL VPNs are solving many of these issues, often direct VPN access is the only solution. With the VPNs, classic LAN-to-LAN tunnels within NAT space (RFC 1918) are not only prone to conflicts, but are complex to secure. Landing VPNs on routeable addresses outside the firewall (then pin-holing) is most often the only logical choice.
In the specific hospital case above (and this problem exists in many more industries besides healthcare, I'm sure, but healthcare technology is my area of experience)- based on the growth of connected devices, I will be out of IPv4 addresses in about 2 years. Maybe I was a bit loose with my 'wasteful' comment above- but in hindsight I am glad I hoarded when I did. Those remaining 300 routeable addresses are becoming precious. The days of handing out large IPv4 blocks are over as far as ISP's see it, so do I start hoarding more IPv4 addresses now? Sadly, I will probably have to, even if I am charged a nominal fee; it will most likely be cheaper than implementing IPv6, at least in today's skill-set market.
I don't know which ISP's or upstream providers you are dealing with, but in the last 2 years, every DS1/3 circuit I have ordered required quite a bit of justification for anything more than 5 IPv4 addresses. No, I have not had to pay extra for addresses yet, but I have been told by AT&T and others that /24 blocks are basically impossible to get on anything less than DS3's nowadays.
The last time I did get a /24 or larger block of IPv4 addresses was 3 years ago on a 6mbit bundle of T1's. That was a /23 for a hospital network of 5000+ internal hosts. At last check, we were using about 200 of our allotted 500+ addresses. A bit wasteful.
I remember getting T1's in the mid-to-late 90's, and there were no questions asked- you just got a /24.
It's the indexing of personally identifyable (sp?) information by third parties that is the issue. I hate to take the side of Ms. Stoddart (and the goverment) here, but she makes a valuable point. Example- I would hate for a court case between myself and my neighbor over the height of my hedges in Toronto to hurt my possibilities for a job in Florida all because an employer decided to google "my name". If the employer really wants to know, they can do a little leg work and go through the proper legal channels to find out. Otherwise they are jst fishing for dirt, and the indexing of your life on the web isn't helping your prospects.
The limited sh*t that shows up under my name in google now is scary- and I have never been directly involved in legal matters (outside of a speeding ticket). Even if google doesn't index the site, someone else will, and google will index them.
I wouldn't be so paranoid if I had not seen my own managers do google searches of names directly off resumes, then pass/circular file them based on info retrieved that may not even be that of the person who submitted the resume!
And they will all go stand next to the hottest marketing chic/umbrella girl/eye candy they can find so they can go home pull up the project web page and say they '...associated with this totally hot babe'. Really though, how can they tell with RFID who someone is associating with vs. standing next to?
Why not bother with Postini? I would like to hear about your experience with it.
I have over 4000 mailboxes protected by Postini with nothing but positive results. Such good filtering that the end users actually call the helpdesk when they get a spam email, and that is about 2 times per week. Currently, Postini is blocking anywhere from 30,000-60,000 spam messages/day. I'd be satisfied with a 99% block rate, I'm stoked with a 99.999% block rate.
We have maximum protection (5/5/5) on by default for most users, and get very few false-positives. When there is a false-positive, it is normally a solicited bulk message. I have yet to see a legitimate person-to-person email get flagged as spam.
On average, I spend maybe 2 hours per month managing spam filtering. The efficiency in man-hours alone has paid off our investment many times over.... with no software or hardware to manage.
I am in no way affiliated with Postini and own no stock in Google (owner of Postini).
"is there something about it that allows it to work magnificiently when everyone in an area is trying to run 10 or 15 APs at once with 802.11n equipment?"
My thoughts exactly- Isn't the technology still using unlicensed air space?
A simple wireless DoS involves firing up a few AP's near a building from a public street. Nothing illegal about that... (unlike plugging in to a wired LAN without permission to do so).
This totally sounds like a token ring problem.... Either network flooding or dropped packets (tokens). These issues used to be a bear to track down- going from machine to machine in serial from the MAU...
Ethernet and switching has made me fat- I never have to leave my desk to troubleshoot.
...But credit unions don't provide services to customers with no money.
In some ways the US healthcare system is already like credit unions- The more an individual puts in, the more benefit that individual receives. The people with the money reap the biggest benefits.
As someone who works in healthcare technology, I can tell you that the biggest problems in healthcare right now are government regulation and insurance companies. In California, if your medical facility receives any kind of government aid, you have to run the facility under their operating rules- They tell the hospital what it costs to dignose and fix, then pay based on that. Then they force staffing/patient ratios that have no logical reasoning (we can thank the nursing unions for getting the staffing laws passed). They even control little details like depreciation schedules on computers (5 years). They force the implementation of complex accounting systems that make the care-giver spend more time in front of the computer than in front of the patient.
I can say that I have never heard a nurse or doctor say "The work sucks but the money is great!". From what I have experienced, most are in it because they have a passion to help people.
My $0.02.
Also, a 2.4ghz (b/g) or 5.8ghz (a) signal with any kind of strength can be an instant wifi killer. Wireless home phones, microwaves, or just another access point. my $0.02
You may want to check out bringing a third party in to payroll. Someone like eWork http://www.ework.com/html/services/index.htm can payroll you and bill the client on your behalf. The benefit of this situation is that you would be a W2 employee of ework, avoiding the process of filing quarterly estimated taxes and keeping your own books. They often can extend group plan benefits to you at discounted rates, too. (I am not affiliated with ework.) If going independent/1099, make sure you bill enough to cover things like benefits, taxes, expenses, etc. A rule of thumb is to double the hourly rate that you would work for them as an employee (i.e. if you'd work full-time with bennies for $20/hour, charge $40 as an independent). Also make sure you cover your butt on contract details like overtime/off-hours work, minimum hours worked per week, job/task description, worksites, travel time/expenses etc... my $0.02