Here's what I heard from 2 network engineers who were both working from Washington, DC this week:
Network Engineer #1:
"I am in DC this week and this morning I asked the guy in the next cube what was new. He runs the Symantec Update Servers and said that over 25,000 PC's will need to be updated when the government workers return to work. So being polite I asked what was the size of the file for the update after 14 days. 300Mbps per user each reaching the same server at 7:00am on the day that everyone returns to work!
"So I have been in meetings all day attempting to understand all of the issues that will crash the networks in DC on the return to work. From Symantec, McAfee, e-Mail, all sorts of reports, what a mess. The last time the government shutdown was in 1996 and most access was Frame Relay on simple PC's with 100Mbps disks and 3½ floppies, using modems to access the office.
"So when government opens it will crash because the government when they went home turned off the PC's, Blackberry's, and all the toys that require updates daily. To say nothing of what will happen to IP Telephony with SIP. Then add video, etc. And it all comes back to DC. So what will the Verizon network look like on the first day back. The DC ring is only a 10Gbps OC-192c.
"Thought this might be of interest to you, hundreds of thousands of PC's wanting e-Mail in a network built for T1 services all calling home at 7:00am. No one is paying attention because in the real world when did you last turn-off your PC's?"
Network Engineer #2 in response to Network Engineer #1:
"Yes, we have solutions to address this but it needs to be part of the deployed design and policy set from the start.
"You are correct, there are 3-updates per day from Symantec and if the number of revisions is limited to a small number of days, a full update would be required vs. micro updates, which is the preferred update method -- smaller sized updates. One can also populate the network with Group Update Providers the cache the downloaded content or Live Update Servers that pull down the data as it is released from Symantec, and via policy you can designate where systems get their updates. I can go on-and-on. I can spin this stuff in my sleep and go on-and-on with ways to address things here!
"Again, if the global design is properly architected, the impact will be minimized.
"Yes, someone who did not architect correctly could experience performance issues; but updates by most vendors today include a random update delay so systems are not swamped.
"In addition, we can take it to a whole new level with things like Intel vPro chip and Wake on LAN technology.
"While this could be an issue, I would be surprised if updates were not taken into consideration. But if people want help, they can give me a call and pay for our services. We deal with this on a frequent basis."
