Internet Costs - Cisco Firewall / WAP

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Internet Costs - Cisco Firewall / WAP

#1

Post by johnshaw »

Can anyone on this list confirm how these items are rolling out to meetinghouses and how they are actually PAID for?

Is the Internet Cost paid for as part of an FMG budget? Or, as seems more likely, is it paid by them but swept by CHQ?

Is the Cisco Firewall 881W paid for as part of an FMG budget? Or, as seems more likely, is the FMG able to order these for each meetinghouse anytime without affecting their budget?

I can't for the life of me understand why I can't get Cisco 881W for a couple of my meetinghouses that are running out of IP's with the OLD firewalls (3 wards meet in each building). Every time I call and talk to someone they are actually surprised that we're still on the old firewalls, and tell me to talk to FM because they are 'supposed' to be upgrading them. Can anyone explain what 'supposed to be' actually is? These things have been the standard since the beginning of 2011, why am I being told that I can't get them until 2013.

-
Frustrated in Zion
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#2

Post by aebrown »

I think some of your assumptions are incorrect. Here is what we have been told:

From Funding in Meetinghouse Internet policies and guidelines: "High-speed Internet installation, equipment, and monthly fees are now paid by area offices and facility management groups."

In my interactions with my FM group, it has been made very clear that FM groups pay for the equipment out of their own budgets. If those costs were automatically reimbursed by CHQ, as you suppose, there would be no need for the FM group to make sure they plan for these costs within their annual budget. But they do have to make such plans, therefore it must come out of their budget. I assume that when CHQ sets those budgets, they take into account the need for this technology, but the funds do come from the FM group budget.

From Meetinghouse firewall: "All meetinghouses should have Cisco 881Ws by the end of 2013."

I have never heard any policy more restrictive than this. I've heard of hopes, and certainly many meetinghouses have gotten the 881Ws earlier, but there's no requirement for an earlier date. Certainly as current firewalls become inoperative, they would be replaced by 881Ws. The definition of "inoperative" may well vary from FM group to FM group.

In our stake, we had one PIX 501 become truly inoperative and it was replaced by an 881W. The PIX 501 in our stake center couldn't provide nearly enough IP addresses, and upon our request, the FM group also replaced it with an 881W. In another building we have an ASA 5505, and the FM group asked us to wait until 2013 to replace it with an 881W and 1041Ns, but they have placed this request in their 2013 budget.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#3

Post by johnshaw »

I've heard different stories from my FMG on Internet Costs, which tends to reduce my reliance on FMG credibility when it comes to this issue. I admit it is my own observation and not something that has been communicated or is something that affects others. The one thing that led me to believe it was a pass through was due to the transition in 2011 the FMG also assumed phone line payment for any accounts that had phone + Internet. So that would mean the FMG is having to parse a bill and associate some of it with Phone/pass-thru and some for their budget, maybe I'm over thinking it a bit.

aebrown wrote:From Meetinghouse firewall: "All meetinghouses should have Cisco 881Ws by the end of 2013." I have never heard any policy more restrictive than this. I've heard of hopes, and certainly many meetinghouses have gotten the 881Ws earlier, but there's no requirement for an earlier date. Certainly as current firewalls become inoperative, they would be replaced by 881Ws. The definition of "inoperative" may well vary from FM group to FM group.
aebrown, I looked at the WIKI and the sentence you pulled out with the 'end of 2013' date was only added on Aug 17, 2012 - up until that point it never indicated the expectation as you've communicated it here in this discussion to my understanding (if you can point to something earlier I'll gladly eat my hat). But, I believe, even the ICT team didn't realize that if they rolled out this initiative, that many of the FMG groups wouldn't do anything until it was MANDATED to be done (which they figured out this year and got the mandate in place for 2013 otherwise we'd be looking at 2014). If FMG 'chooses' to add those items to their budget they are penalized, if it was mandated (as it is for 2013) they have a built-in excuse for their increased budget numbers. The initial rollout slide deck (meetinghouse Internet training) did not indicate dates, so I do not believe it is unreasonable to have thought it was happening earlier. Certainly if a need requires it, it should be available. I still have 3 buildings with ASA and 3 with PIX, I've replaced a couple of PIX, one with ASA (prior to the 881W) and one with 881W. I'm not asking to have everything replaced, but what I need to get replaced should be available to me.

The information you get from the GSC is also different, they throw around upgrading to the 881W like there was no tomorrow, there is no communication that says, well, if you're running out of IP's work with you FMG to have the 881W upgraded in next years budget cycle. They say talk to your FMG, they're supposed to be upgrading them anyway.

All of these items I've pointed out means, to me, that the assumption was that it would happen sooner than later, it is only running behind because of miscalculation in the ICT group not understanding how FMG works.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#4

Post by aebrown »

JohnShaw wrote:All of these items I've pointed out means, to me, that the assumption was that it would happen sooner than later, it is only running behind because of miscalculation in the ICT group not understanding how FMG works.
That's the heart of the matter. You are clearly making the assumption that whenever someone in ICS or GSC said something and didn't mention a specific date, that they really meant "sooner than later." Given that assumption, I can see how you would view a date of "by the end of 2013" as some sort of delay.

I don't see it that way. My assumption is that no one had particular dates in mind, and so "by the end of 2013" is a welcome clarification and to some extent is a speeding up of what was otherwise an open-ended upgrade process.

In the early days after the 881W first became the default firewall, there were delays of several months just getting the product delivered, regardless of the budget funds that were available. In that environment, no one could have accurately predicted just how long a world-wide rollout would take. Also, when the 881W first became available, the clear message was that any existing firewalls that were still serviceable should continue to be used. The message that all firewalls should be replaced is a fairly recent change in the message.

Regardless of our assumptions about how we got to this point, I think we're both grateful that there is a clear message with a clear deadline. We can't change the past, so that's all that really matters now.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
JamesAnderson
Senior Member
Posts: 773
Joined: Tue Jan 23, 2007 2:03 pm

#5

Post by JamesAnderson »

I'm involved with an FHC that is a standalone facility in a building CES used until they moved the ninth-graders to the seminary near the main high school, and we have an ASA we got to replace a 501 a couple years back. Are these to be swapped out for 881W's also by the end of 2013 as well as the meetinghouse ones for standalone FHCs like this? I've seen no discussion on FHC-focused forums or lists about this.
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#6

Post by jdlessley »

The best answer for that would be to contact the Family History department.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
harddrive
Senior Member
Posts: 501
Joined: Thu Jan 03, 2008 7:52 pm

#7

Post by harddrive »

AEBrown, thank you for letting me know about the 2013 for the firewall. I assume that would include any wireless access points that aren't a 1041n.

thanks for letting us know.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#8

Post by johnshaw »

aebrown wrote:In the early days after the 881W first became the default firewall, there were delays of several months just getting the product delivered, regardless of the budget funds that were available. In that environment, no one could have accurately predicted just how long a world-wide rollout would take. Also, when the 881W first became available, the clear message was that any existing firewalls that were still serviceable should continue to be used. The message that all firewalls should be replaced is a fairly recent change in the message.
Yes, this is right, the message that the 881W needs to be installed came about later, I would put the idea around the Tech Conference of 2011 though, when they introduced the concept of LDS Account access to the SSID, I'm sure the licensing benefits of the 881W has to weigh heavily on the team as well.

Mostly I'm disappointed that several hours of investment in meetings with FMG in 2011 resulting in what I thought would be replacements in 2012 turned out to be wasted. I didn't learn until much later that my FMG didn't have any idea what I was talking about, and was probably embarrassed not to know, therefore, it didn't get budgeted. Full backing of the SP, etc... Dealing in years rather than months is very difficult for me, particularly when I feel like I followed all the processes, and policies, got approval from the SP.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#9

Post by johnshaw »

JamesAnderson wrote:I'm involved with an FHC that is a standalone facility in a building CES used until they moved the ninth-graders to the seminary near the main high school, and we have an ASA we got to replace a 501 a couple years back. Are these to be swapped out for 881W's also by the end of 2013 as well as the meetinghouse ones for standalone FHCs like this? I've seen no discussion on FHC-focused forums or lists about this.

The licensing model with Cisco will result in greater savings and flexibility with the 881W, it is extremely likely... but, as the STS they will not really talk to you about it. You'll need to get with the Director, or the HC over FamilySearch and have them ask the questions.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#10

Post by johnshaw »

harddrive wrote:AEBrown, thank you for letting me know about the 2013 for the firewall. I assume that would include any wireless access points that aren't a 1041n. thanks for letting us know.
This doesn't necessarily flow. I have 100% coverage right now in our buildings with Cisco 'g' WAP's, but my FMG doesn't feel like his direction is to provide 100% coverage, only a portion of the building to support the clerk computers and the bishop. It will vary by FMG, I'd start dialogue with the PFR/HC so they can dialogue with FMG.
Post Reply

Return to “Meetinghouse Internet”