When should I upgrade?

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
Hey everyone,

Just curious... when should I upgrade parts of the infrastructure at work? We have some Cisco switches that are running IOS 12 and don't support POE. I don't think that they will be able to be moved to IOS 15. We also have some HP procurve switches as well and I'm not sure how old they are as well.

One reason for upgrading is because out APs use the extra power brick in order to work. Another reason I can come up with is discovered bugs in the IOS but I'm not sure if that will fly or not.

I'm pretty much in the helpdesk role with minimum support from a third party. So basically I'm doing everything that I can from configuring switches, adding users in o365 and AD, fixing end user issues and other troubleshooting stuff.
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Just curious... when should I upgrade parts of the infrastructure at work?

    Depends. Where I work we just completed upgrading all our switches last year, many of them were 10 years old, but still worked fine. Some shops only replace switches when they can no longer can buy the same model to replace dead switches from Cisco (but usually you can pick up switches from 3rd parties for years after), some replace them when they can no longer get support from Cisco for them, some places replace switches every X number of years, other places run them until they die and only replace dead switches, or you could have a requirement that you want the switches to preform that they no longer meet. Not having PoE switches isn't the end of the world, we had power injectors for several of our switches that had Access points that required PoE, before replacing them all with PoE switches. Generally the bigger the company is, the more often switches are refreshed. In smaller companies, if the network is running fine, it's pretty hard to justify to the owner to buy new switches that will cost the company ten of thousands to hundreds of thousands of dollars

    Usually it's far easier to get companies to pay for new computers every few years, because they can see a direct relationship between the speed of new computers and the old ones. Unless your network is pushing a LOT of data, replacing switches will not yield a noticeable difference in speed to the end users.

    Also generally we don't run the latest IOS version, we give Cisco time to shake out any bugs before updating the IOS, running cutting edge IOS is not without risks.
    Still searching for the corner in a round room.
  • hurricane1091hurricane1091 Member Posts: 919 ■■■■□□□□□□
    The easy thing to say here is that it depends. If you're working with 10/100 standard, it should be upgraded. We can go into more there, but really the easiest answer next to that is that Cisco announces end of life for devices, and then end of support. We have support on all equipment, and if Cisco is telling us equipment is no longer going to be supported, it is obviously time to upgrade. If you do not have support on your equipment though, this may not apply to you. I installed some ASR routers a year ago or so, and they are under support until some time in 2021 I believe. These were installed out of necessity, as the 3945 platform we had did not have the throughput necessary for the faster MPLS circuits we were planning on getting, which were necessary because of a new VoIP environment coming down the pike that would increase bandwidth requirements. Total snowball effect here you see. Anyways, if I am running the show at that point, these ASRs will be budgeted for replacement in 2020, and swapped out in the later part of the year. I do not foresee a situation involving replacement before that time.

    I also deployed a handful of F5 load balancers this year. Again, this is because Cisco dropped the ACE platform and support was coming to an end. An upgrade then occurred due to necessity once again. The important takeaway is that there has to be a need to upgrade in most cases, as money is not just handed out for the sake of upgrading for the hell of it.

    As for IOS versions, it is good practice to take the above advice and not get the newest version. It is good practice to standardize the version across the platform throughout the environment. New IOS versions are constantly released, but I am not sure if there is anyone out there who is upgrading the IOS on a consistent basis. There is certainly room for discussion here as to how necessary it is to keep updating the IOS. Sometimes bugs force upgrades though, which is likely the leading reason people upgrade the code at all I bet.
  • thomas_thomas_ Member Posts: 1,012 ■■■■■■■■□□
    End of Life, End of Support, if you need a feature set that a newer switch has that the current one does not, more efficient resulting in savings from electricity and HVAC(may only apply on a large scale), smaller footprint, and that's about all I can come up right now.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    As for IOS versions, it is good practice to take the above advice and not get the newest version.

    Recently someone asked for a recommendation for what IOS version to use and we gave them a recommendation of the version we use. They ignored our advise and when with the latest and greatest version. After installing the switch, which took a considerable amount of paperwork to get approvals to install it, Cisco announced there is a major bug in the IOS, they will not even let anyone download it anymore from there website. Now this guy has to go through a ton of new paperwork to get approvals to change the IOS version. People never learn.
    Still searching for the corner in a round room.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Thanks for the input everyone. I'm working on making things work out better for work.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    When you have budget (serious)
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.