After working with hundreds of companies around the world, it’s crazy how only a small few ever go into clean-up mode or deprecate the old when deploying the new. Everyone is all about deploying what's next and implementing the “new-new”, but few clean up the old. You throw in staff turnover and end up with "was like that when I inherited it", or “I was promoted into this”. Over time this can lead to support issues, extended troubleshooting times, degraded performance, and security vulnerabilities. This is why we often recommend fresh installations when new equipment is ordered. It allows us a chance to review what's in use today and optimize those services & policies vs of building on to lord knows how many years of patches, changes, tweaks, updates, etc.  Also provides the perfect opportunity to train teams and ensure everyone at a company is on the same page regarding policies, procedures, and standards.

Sometimes new equipment means you must start over with fresh databases such as changing vendors, or when the vendor changes platforms with a next-generation architecture such as AppleOS to NEXT to macOS or Cisco Systems Wireless portfolio makeover from AireOS-based WLAN Controllers to Catalyst 9800 series controllers powered by IOS-XE. I would argue that few firms migrate as many client environments from AireOS to IOS-XE as the team at Active Expert. One month this year my team must have migrated a dozen clients from AireOS to IOS-XE, and that was in a single month. Switching operating systems meant it wasn’t possible to simply upgrade hardware and reuse existing configs. It meant a clean-sheet design which also afforded us an excellent opportunity to recommend what’s best for the client, such as collapsing SSID’s, optimizing RRM, standardizing configurations, validating the deployment best fits the need, etc. Do those 8 x 1Gb uplinks still work from our 802.11n design days or should we be provisioning 40-80GB based on WiFi6E now being real and WiFi7 coming up quick? This clean-sheet refresh also provides an excellent window to explain what’s new with the client team, why we no longer need SVI’s for every VLAN as in the case with AireOS controllers, or why AP Groups died, what are radio profiles and slots all about, and of course start building new troubleshooting skills with Cat C assurance.

Misconfigurations are major vulnerabilities, and the staler code or policies you have the higher the attack surface becomes. Any compromise is hard to stomach, but it’s even harder to stomach when you had the right technology in place which had it been used according to its design and capabilities could have prevented said attack. Or even worse, had it been properly maintained…. Attacks aside, what about outages or downtimes? We still have clients report network impacts or down emergencies each year due to removing resource reservations from network appliances in virtual datacenter no matter how much we preach about these issues. Why certain clients never have those issues, and others due to me comes down to communication around the issue and properly cross-training teams.

Everyone is quick to put in those change records for new services, and deployments, but when was the last time you put in a change request for platform clean up or removal of stale policies or configurations?

Think about it!