SaaS aka why I should pay per month for billing

The topic of paying per user for a billing or management platforms comes up every so often.  I was able to sit down and talk with several vendors at WISPAPALOOZA this year about the value of their customers paying a per-user fee.

The most prevalent thought is about innovation and new features.  SaaS allows the billing vendor to invest development and testing time in rolling out new features to support new equipment, and other software.  LTE platforms are the hot thing in billing integration. New additions to software take people power and hours of testing and tweaking. Without monthly recurring revenue to drive such things billing vendors would have to develop this and then charge to the early adopters as an add-on.  This can be a double-edged sword. The early adopters have to pay a premium in order to get a partial solution because the vendor has to really prioritize how their development resources are used. The Vendor is always chasing the next big thing, which means other additions or fixes tend to get pushed back. They have to finish add-ons they think more folks will want to buy first.

The next thing is plain old hosting. Hosting a software application, whether in the cloud or on your own hardware costs money.  Co-location, software patches on the OS, hardware lifecycles, etc.  This cuts down on the end-user maintenance side of the hardware but pushes it back to the vendor. The peace of mind of knowing the thing that collects your money is running is backed up, and is available as part of the monthly fee you pay.

SaaS also allows for quicker releases of bugs and new features.  Vendors have more resources dedicated to development and changes. This allows for new add-ons to become available quicker.  Take the traditional model where you get bug fixes, but major feature add-ons are either a full point upgrade or major version upgrade. This usually costs money and is a slower process.  Not only does the vendor have to spend resources advertising, but they have to deal with support and other issues. With billing vendors who charge a monthly fee fixes from companies such as Paypal or Authorize.net are almost always rolled out very quickly at no additional charge to the end user ISP.

Some companies such as Basecamp, which is not a billing platform, have taken a hybrid approach to SaaS. Every major revision that comes out is an upgrade. You can choose to upgrade or stay where you are and pay the same amount.  This can leave customers behind but still allows them to use what they are paying for.  They just don’t get new features or bug fixes.

So the next time you are figuring out why you should pay for a billing platform on a monthly, customer, or subscription basis take all of this into account.

For those looking for xISP billing, and mainly WISP billing, here is a partial list:

www.azotel.com
www.visp.net
www.powercode.com
www.sonar.software
www.splynx.com
www.ispbilling.com (Platypus)
www.freeside.biz
www.quickbooks.com

If you have more please add them in the comments.

Did you know Amazon business account…

Did you know if you have an Amazon business account you can get preferred pricing with some vendors who sell Cambium on Amazon? This is not the same pricing you see when you visit amazon.com.  This is pricing that is extended to you from vendors who sell on Amazon.

The way this works is by passing along your business ID, which is public information, to a seller.  this seller then qualifies you for direct pricing, and if accepted you receive an e-mail saying you have been approved for direct pricing.  When you log in and view the Cambium items the updated pricing is reflected.

MTIN is not the seller of these items, but if you are interested we can pass your Business ID along to some vendors who do.

Vulnerability in WPA2

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8am Monday, East Coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

 

From Mikrotik:

On October 16. CERT/CC/ICASI released a public announcement about discovered vulnerabilities in WPA2 handshake protocols that affect most WiFi users and all vendors world wide.
RouterOS v6.39.3, v6.40.4, v6.41rc are not affected!
It is important to note that the vulnerability is discovered in the protocol itself, so even a correct implementation is affected.
These organizations did contact us earlier, so we have already released fixed versions that address the outlined issues. Not all of the discovered vulnerabilities directly impact RouterOS users, or even apply to RouterOS, but we did follow all recommendations and improved the key exchange process according to the guidelines we received from the organizations who discovered the issue.
We released fixed versions last week, so if you upgrade your devices routinely, no further action is required.
CWE-323
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13083
CVE-2017-13084
CVE-2017-13085
CVE-2017-13086
CVE-2017-13087

 

Tower Climber Harnesses

Recently there has been a thread on WISP-Talk about the best tower harness. Rather than going down the road of the best brand I figured I would take a different approach.  I sat down with Lee and Nick from TowerOne Inc. at WISPAPALOOZA 2017 in Las Vegas.

I asked them what they look for in a good harness and here were their top features.

Both said weight was very important.  This makes sense because you will be spending long amounts of time with the harness attached to you. Another feature was the ability to customize the fit.  Belts with synch type adjustments tend to be more comfortable than belt buckles with holes every 1 inch.

Attachment and gear hooks came in next as a must-have feature. Breathability of the material was another one.  After a hot day on the tower, the ability to whisk away as much sweat as possible is vital to be as comfortable as you can.

TowerOne usually brings several different types of harnesses with them to their training events.  This way folks can try things on.  One that has been discovered is people tend to make how the harness is put on an important decision when buying a harness. Some like to put their harness on like a vest.  Others like stepping into the harness and then pulling it up.

So no matter what harness you go with, look into what feature are important to you and how it feels.

A story about a rotten company

Recently I received an e-mail from a company I haven’t done business with since 2003. They had kept my e-mail all this time and decided now was the time to send me a spam e-mail.  Let me give you a little backstory on Advanced Internet Technologies Inc.

Back in 2001 I went out on my own as an ISP.  Previously, I had worked for a dial-up ISP and they had been acquired by a larger company.  I saw the writing on the wall and decided now was the time to go out on my own.  With some borrowed money I made my first purchase, a white box 1U server. Keep in mind this is 2001.  This server with a pair of 80 gig hard drives and dual 1GHZ Xeon Pentiums cost me $1800. I had talked to a sales guy from AIT, and liked everything about the company. So I had my little server directly shipped to them and the loaded on Redhat Linux 4.  I was able to cobble my way through setting up sendmail, apache, and some other services and my ISP was up and running in a few weeks.  Things were clicking along for a few years.  We were doing dial-up and had a wholesale agreement with DialUpUSA for nationwide dial-up and ISDN.

Now, here is where it gets good.  One night in 2003 I notice my server load going crazy.  Server load was in the 30’s. Anyone who knows Linux knows this is something bad going on. So as I trying to track down what is going on I lose all connection to my server. No pings, nothing.  So, I call the AIT noc and see if they can look into my server.  I am told they would look at it.   Several hours go by and I am calling and calling trying to get an update.  I had suspected I had been compromised in one way or another and my server was doing bad things. 10PM turns into 10AM.  I call my sales guy at AIT basically pleading for him to find out what is going on.  He answers my phone call once, but subsequent phone calls go unanswered and no one returns my calls.  Still no answers.  I am calling every 15 minutes trying to get someone, anyone to give me answers.  This goes on for a few days.  By this time my business is suffering, because e-mail is down, including my own. After 4 days of no answers, I am in full-blown panic mode.  Luckily I was using the DIALUPUSA radius and e-mail and the web-site were the things down. In the meantime, I find FDC Servers in Chicago which had space and cheap bandwidth.  I rented a dedicated server from them and was able to get things back up and going after a week of downtime.

Fast forward about a month I receive my server in a poorly packed box with a note saying my server had been compromised and had taken down their entire network because it was sending out junk.  At this time on their web-site they were advertising a capacity of 45 megs to the Internet.  That was big time for 2003. And included in this note was an invoice for $2700 for work they had to do in order to deal with my server causing an outage on their network. The next day my attorney was sending them a very strongly worded letter with phone records on my attempts to contact them and how we would be pursuing legal action for violation of their SLA, which did include turn around time for trouble resolution. Many letters and calls later we never heard from AIT again. We were sending certified letters on a weekly basis.  My father would have been proud the amount of legal paperwork we sent to try and generate a response.

Anyway, So now 14 years later I get a SPAM e-mail from Byron Briggs, Chief Operating Officer of Advanced Internet Technologies Inc. on their dedicated server special. They kept my information after all these years, even after one of our letters told them to purge all of my information from their databases.

 

Dear Byron Briggs,
Your company is one of the lousiest companies I have ever done business with. Your total lack of response almost ruined my company. I was a loyal, and on-time paying customer every month of me being an AIT customer.  I still have the original server in my house as a reminder of how awful a company can be.  I feel sorry for the server for even having to be in a data center ran by such uncaring and callous people.  The poor Linux box suffered enough in its life.  I see on your Linked in you have only been at AIT since 2008. It would be easy to say that was in the past. However, Charles Briggs was there during my time as a customer. I am assuming you are one of his four children he speaks of.  I remember talking to Charles on the phone on several occasions when the company was small.  I referred business and we talked about the future of things. The lack of response after all of that was just the nail in the coffin.

Justin Wilson

If you are considering any type of co-location with ait.com I would recommend sticking your server in a refrigerator or cardboard box with a box fan hooked to the local Starbucks wifi before trusting this company with your business.

Oh, and don’t take my word for it
https://www.bbb.org/myrtle-beach/pages/business-reviews/internet-services/advanced-internet-technologies-in-fayetteville-nc-11001845/reviews-and-complaints?noskin&clean

http://www.vistainter.com/reviews/A/ait.com/

 

Save bandwidth on Apple updates

Like many networks, you have users using Apple devices. iPhones, Ipads, computers, and other Apple devices are constantly updating apps, downloading updates, and other content.  MTIN can install an OSX Caching server on your network. This low powered server caches software updates, allowing faster downloads, especially for new iPhone IOS updates.

Contact MTIN today and learn about our turnkey solutions for making your Apple users happier.

The problem with peering from a logistics standpoint

Many ISPs run into this problem as part of their growing pains.  This scenario usually starts happening with their third or 4th peer.

Scenario.  ISP grows beyond the single connection they have.  This can be 10 meg, 100 meg, gig or whatever.  They start out looking for redundancy. The ISP brings in a second provider, usually at around the same bandwidth level.  This way the network has two pretty equal paths to go out.

A unique problem usually develops as the network grows to the point of peaking the capacity of both of these connections.  The ISP has to make a decision. Do they increase the capacity to just one provider? Most don’t have the budget to increase capacities to both providers. Now, if you increase one you are favouring one provider over another until the budget allows you to increase capacity on both. You are essentially in a state where you have to favor one provider in order to keep up capacity.  If you fail over to the smaller pipe things could be just as bad as being down.

This is where many ISPs learn the hard way that BGP is not load balancing. But what about padding, communities, local-pref, and all that jazz? We will get to that.  In the meantime, our ISP may have the opportunity to get to an Internet Exchange (IX) and offload things like streaming traffic.  Traffic returns to a little more balance because you essentially have a 3rd provider with the IX connection. But, they growing pains don’t stop there.

As ISP’s, especially WISPs, have more and more resources to deal with cutting down latency they start seeking out better-peered networks.  The next growing pain that becomes apparent is the networks with lots of high-end peers tend to charge more money.  In order for the ISP to buy bandwidth they usually have to do it in smaller quantities from these types of providers. This introduces the probably of a mismatched pipe size again with a twist. The twist is the more, and better peers a network has the more traffic is going to want to travel to that peer. So, the more expensive peer, which you are probably buying less of, now wants to handle more of your traffic.

So, the network geeks will bring up things like padding, communities, local-pref, and all the tricks BGP has.  But, at the end of the day, BGP is not load balancing.  You can *influence* traffic, but BGP does not allow you to say “I want 100 megs of traffic here, and 500 megs here.”  Keep in mind BGP deals with traffic to and from IP blocks, not the traffic itself.

So, how does the ISP solve this? Knowing about your upstream peers is the first thing.  BGP looking glasses, peer reports such as those from Hurricane Electric, and general news help keep you on top of things.  Things such as new peering points, acquisitions, and new data centers can influence an ISPs traffic.  If your equipment supports things such as netflow, sflow, and other tools you can begin to build a picture of your traffic and what ASNs it is going to. This is your first major step. Get tools to know what ASNs the traffic is going to   You can then take this data, and look at how your own peers are connected with these ASNs.  You will start to see things like provider A is poorly peered with ASN 2906.

Once you know who your peers are and have a good feel on their peering then you can influence your traffic.  If you know you don’t want to send traffic destined for ASN 2906 in or out provider A you can then start to implement AS padding and all the tricks we mentioned before.  But, you need the greater picture before you can do that.

One last note. Peering is dynamic.  You have to keep on top of the ecosystem as a whole.

Premium Content?

Folks,

I have been going over the idea of premium content within my blogs. I find myself wanting to write more and more, and writing would help one of my other projects I have going.  However, I don’t make any direct money from the blog.

In an effort to provide more regular content, I have come up with the following ideas.

1.I will be implementing a premium posts section of this blog.  For the foreseeable future, this will be a free section. All that will be required is you fill out a simple registration.  We won’t spam you, but you will have the option to be notified of updates.

2.I will be doing more sponsored posts to keep as much content as possible in the non-premium space.  As a result, I am looking for vendors with products they would like reviewed.  The idea is if I buy a product with my own money, it’s most likely going to be a premium post.  If a vendor or manufacturer wish to send a product to be reviewed this will be a public post.

I am looking for vendors and manufacturers that wish to be regular sponsors. This strategy is open and fluid as things progress.