Rethinking the UPoE value proposition

First, full disclosure: I am an HP Networking employee. All of the opinions comments and general snarkiness in this blog are my own though. I am writing this from my own personal perspective, not as an HP employee, but I think it's important that anyone reading this knows that I do have some skin in the game, at least in the big picture.

 

So a couple of weeks ago, I was having a conversation with someone at an HP event about VDI, UPoE, Thin Clients etc.. and I said “Yes! We've been talking to customers about the total solutions for Months! ”

Not many people realize how truly broad the HP portfolio is when you look at the entire company. So we have been talking for months about the ability to put together a complete VDI solution from HP.

Basically, you pick your flavour of Virtualization and then pick the appropriate Virtual System configuration. For those of you who don't know, Virtual System is an HP validated configuration specifically for different virtualization workloads. You do have options, either Xenserver on Hyper-V or VMWare View.

Then you can choose the appropriate HP Networking switch for your infrastructure, then you just need to attach one of the HP Thin Clients to connect your users to your applications.

So what does this have to do with rethinking the value prop of UPoE. When I first saw the 60 Watts per port blades that Cisco released on the 4500E last year, I thought

” Wow… I wonder how hot those cables will be?”

After I got past that though, I started thinking about what applications or devices would start to appear in the market to take advantage of these new capabilities? There were some examples out there, but I've noticed something interesting in the last year: Devices are using LESS power, not MORE power.

Do you remember when 802.11n access points first came out? They were one of the first devices that actually justified powering up to 803.3at devices. If you wanted 11n, you needed either power injectors or AT switches. Fast forward and today you can buy 3×3 MIMO with 3 spacial stream access points that will work on 11af Poe ports @ 15.4 watts or less. That's right, they will work on the same switches that you've probably had for years. No need to upgrade your infrastructure to support a new device. Just buy the new access points, get more throughput on your wireless and life is good.

The HP t410 All-in-one Thin Client

So a couple of weeks later, I was invited to a meeting with someone from the personal systems group division of HP to talk about how we had been evangelizing the products and then amazingly… he offered me a HP t410 AIO unit to play with!

I, of course, said

Heck yeah!!!

One week later, a couple of customer meetings and a skeptical twitter conversation, and it seems there's a lot of interest on the t410 at the moment. Mostly around the disbelief that anyone could get an all-in-one Thin client to actually run below 15.4 watts!

So I have collected some pictures of the experience to show you how easy this thing was to setup which was SILLY easy. I didn't include a picture of the box, but I think we've all seen an 18″ monitor and the link above also had some nice pictures of the unit. It's got a small foot print and a nice screen.

So without further ado…

1) Here's a picture of the Unit's Model Name. ( This was the last picture I took, but it's the one I have with the model name ).

Image 12

2) After I took it out of the box and plugged it into an old 3Com 4120 9 port PoE switch ( it's what I had ).

I got the following login page. From what I've read, if I had a “real” vdi solution that was broadcasting it's services, it would automatically detect the connection type and then connect to the server broadcasting the available sessions I think – No VDI in my home lab ( yet ) though so I get to manually select which type of VDI I would like to connect to. ( I chose RDP7 for a window 2008R2 server)

Image

3) It now prompts me for the Server name or address.

Image 1

4) I put in my username and password. ( I didn't need the other options ) and seconds later, I'm logged in.

Image 3

 

Pretty cool, right? (I'll save you the screen cap of a windows server desktop. ). I didn't get to test out the internal speakers since the VM I was connecting against had no sound cards.

 

So what about the PoE part? This is the awesome part.

Screen Shot 2012 09 28 at 10 10 54 PM

 

yup. That's right 10.6 watts while fully operating. Max of 13 watts, Average of 10.9 watts. Can you see why I question UPoE? Somehow the guys in the PC division at HP actually managed to put together a full all-in-one thin client with monitor and left JUST enough power for the keyboard, mouse, and the speakers as well ( I presume on the last one, never tested it ).

Caveats

Are the tradeoffs here? Of course! I've only playing with this for a few hours now, but so far. It's great. No issues at all. According to the data sheet, there are a few things that you will sacrifice in PoE mode though.

Specifically, there's the speed drop from Gig to 10/100. But in the case of a thin client, most of the streams are less than 2Mb +/-, so the whole speed drop is PROBABLY not going to cause anyone any issues.

The other thing, which I haven't experienced, is that the screen brightness will actually come down in the event that there's not enough power budget left on the switch to be able to fully power the unit.

 

Final Thoughts

This is a nice unit. It's got a small foot print. Nice screen. The out-of-box setup was extremely easy and the fact that it only draws 13 watts of power ( I'm using the max draw value I saw ) is absolutely AMAZING to me. It would have been easy for HP to start making Thin Clients that consumed more and more power to try and drive customers into purchasing new switches. Instead, HP threw some engineers at the problem and instead came out with a product that will work in customers existing environments without a costly upgrade.

As an HP Networking pre-sales engineer, I have to say it would be nice to have another reason for our customers to upgrade their switches, but as a human being, it makes me proud to work for a company that does the right thing for their customer and the environment.

 

 

Functioning with ADHD in an IT world

So I’ve got a reputation of been a productive guy. I’ve heard through the grape vine that some of the people in my company think I don’t sleep. I work constantly. I have no life. It’s funny the things that are said out there.

So in an effort to dispel the myths, and to possibly inspire others, I’m going to dish out some of my secrets.

 I’m ADHD.

I suspect that a lot of IT Professionals can relate to a lot of the ADHD traits. In fact, I think that our industry attracts a lot of AD/H/D’res because of this industries requirement for a fractured attention span and the ability to shift focus on the fly.  I’m sure we can all relate to the ” I’m in the middle of working on this OSPF problem and I’ve got the solution right now, just let me write this down… where is that pen… hmm… what was I saying again… … Squirrel!”

MP900426639

One of the common misconceptions about ADD is that people with it are unable to concentrate. The truth is, that the pendulum swings both ways. We can be hyper or hypo attentive. In plain english, we are either unable to focus at all, or unable to shift focus.  In our industry, the ability to sustain high focus for long periods of time can be a blessing when trying to troubleshoot a difficult problem. As well, the ability to shift focus on a dime and concentrate for short bursts on a new problem is also extremely useful when you are in a firefight and things are coming at you from all sides.

It’s sad to me how our school systems and parents today treat ADD as a disease that needs to be “treated” with medication. Especially when this is the very “disability” that I attribute a large part of my success to.

How do I use ADHD to my advantage?

Living with ADHD does require putting some tools, habits, and processes in place so that you don’t fall into the traps.  Like so many things in life, I think that most important part is just accepting it for what it is.  I don’t fight how I am, I flow with it.

Don’t fight the days when I can’t concentrate.

Please don’t tell my boss this, but there are some days that I’m sure I don’t get anything done at all. These are the days when I just can’t focus on anything no matter what I do. They happen. So what do I do? I water my social networks and I catch up on podcasts.

What do I mean by this? I pick up the phone and I call people I haven’t talked to in awhile. I tweet. I blog. I log into linked in and see if there are any suggestions for contacts who are not in my network. I call people I talk to all the time and argue over frame types, whether or not programatic nms’s qualify as SDN, whether or not VxLAN are complimentary or in competition. Whether or not network professionals will have a place in the world in 5 years. We argue about anything and everything. I ask about their families.

You get the picture. Basically. I pick up the phone and reach out and touch the people who have helped me grow professionally, intellectually, and emotionally over the years.

This might seem like I’m wasting time, but I promise you that when I have a problem that’s outside of my areas of expertise. I know who’s working in what areas, who’s got what special skills and who I can leverage for help.  I know who I can call just to bounce a crazy idea of off, and most importantly, I get into an environment where I’m supposed to shift from one subject to another which helps me feel sane on a day when I just can’t stay focused.

On these days, I’ve been known to go to the gym. Go for walks and catch up on industry news and technical content. Whether this is the packet pushers podcasts, something from iTunes U, the audio tracks from the http://www.INE.com CCIE written videos that I ripped. ( Yes… I paid for them! ), or sometimes even just pulling up the Khan Academy app and learning how to calculate net present value. Anything is up for grabs and I just go with what I’m inspired with on that particular day. Sometimes, I just unplug from tech and  listen to an audiobook ( currently game of thrones A storm of swords ) and let something that’s been causing me trouble muddle around in my head.  You would be surprised how often I come up with a solution by the time I get back from my walk.

I’ve found that on these kinds of days, I am usually the most creative. Ironically, these are also the days when I am totally unable to act on that creativity.

So I write things down. I used to use post-its, but I have recently switched to mostly electronic formats. I would love to say I’ve settled on one tool, but to be honest, I use apples notes app ( nice that I can synch these to outlook, to my Mac, or to my iPad/iPhone combo. ). I use Evernote, and occasionally, I still use post its.

admission of guilt: I would love to say it’s because I’m getting more ecologicaly aware, but to be honest, it’s because I kept losing the post its. 

Make Hay while the Sunshines

When I have one of those days that I am hyper focused. I work. hard. non-stop. through lunch. I produce documentation. I lab up problems that I’m having issues with, and I keep at it until I get it done. Sometimes my wife has to come into my office at 6:00pm to let me know that I missed dinner because I’m so focused.

On these kinds I open up my notes, I pick whatever is the most pressing, or often just what I feel like doing that day, and I do it. Until it’s done. no matter how late.

The other thing I do is to look at my upcoming project work and see if there’s anything I can prepare in advance. Many people with ADHD are habitual procrastinators. One of the best things I’ve had to learn how to do is to become aware of my ADHD mood and to tackle things which are not due for a couple of weeks far in advance.

This is tough. It’s really tough. But I’ve found that when I’m hyper-focused, all I have to do is to jump in and after 5 minutes or so, I don’t have worry about it anymore. My ADHD takes over and I get the task finished.

Finding your Balance

ADHD is just a different way of thinking. It’s funny to me that people have focused so much on suppressing the symptoms when they should be focused more on simply ridding the waves.  To be honest, I usually go through waves where I will be either hyper-focused, or hypo-focused for about a week at a time. So it actually works out pretty well.

Sometimes, I end up with a project deadline when I’m in a hypo-focused cycle and I’ll admit, it’s tough. But life is tough and I don’t believe in using the “I’m sorry I have a disability” is an excuse for not getting your job done. The trick is just pushing through, planning ahead and finding ways to use your ADHD to your advantage.

Tools

I think I’ll save the tools subject for a future post. There are quite a few things I’ve put in place as far as software utilities, processes, etc.. to try and work with my ADHD instead of against it. Hopefully, sharing some of my coping mechanisms might help to inspire someone else.

Final Thoughts

To me, ADHD is like so many other things in life. It is a blessing or a curse. Which one it is to you depends completely on how you perceive it and how you react to it.

Troubleshooting Performance Issues in a Virtual Environment

So today I got to sink my teeth into a good problem. Performance issues in a virtual environment.

I have to say, this is probably the first time in my career where I walked in and I didn’t have to prove it was the network. The customer was prepared. He had his NMS tools in place ( Cacti ) and had been trending various points in the network over a period of time. 

Of course we started at the 101 stage and looked at counters, and when I said “Hey, you have some issues on your ASA” he pulled up the Cacti graph and said “Yeah, that’s an offsite backup that runs at midnight, we know about it and it’s fine with us. “

Can I say it out loud?  

WOW.

A lot of the customers I see are SMB/SME customers ( I am in Canada, remember? ) and although it’s uncommon to find a network with NMS tools in place, it’s even more rare to find one where they are actually using them!

I got called onsite to help out with some performance issues. The nice thing is that it was not the network, at least not yet. ( Until we’re 100% sure, I’m not going to discount anything, right? ). But we DO need to figure out where to start targeting our efforts.  

This is one of the problems I’m starting to see more and more of. Hard to troubleshoot anything when it’s in the cloud.

MP900426639

Picture Courtesy of Microsoft’s Online ClipArt Gallery.

 

No idea where the apps live in that picture, right? This gets even more interesting when you have VDI accessing virtual applications and start having performance issues on the client side. 

I know I’m going to get some snickers from this one, but my suggestion to deal with this is to create application flow maps to document how a complete transaction is made in a multi-tiered application. 

I know…  ” We can’t get them to create visio’s for the networks they already have, and you’re suggesting to ask them to create more?” 

Yeah… I know. But I can dream, right?

 

So let’s look at the following VDI multi-tiered application. This is pretty simple, right?

1) A client workstation connects to a Citrix Server over ICA or RDP.  

2) The citrix server browses to a web-app on a webhost.

3) The web host connects to a remote MS SQL Database and returns the results to the web host.

4) etc… 

 

Screen Shot 2012 09 21 at 9 59 02 PM

Can’t get much easier than this right? The great thing about this is that it becomes fairly easy to overlay this to the virtual environment which starts to allow you to get a better idea of how the application is currently instantiated in the physical/virtual environment. 

Let’s look at the above example installed in a blade server environment where the three parts of this particular app flow lives on three different blades in three different chassis. 

Screen Shot 2012 09 21 at 9 59 07 PM

As you can see from a performance troubleshooting standpoint, we just went from a three points to check ( let’s throw out the client as that’s just screen caps ) to twenty-one points, without counting the network devices which are used to provide connectivity between the blade chassis.  

Although you can create affinity rules between VMs to ensure they are located on the same hypervisor physical host to avoid performance issues, we all know that people make mistakes, so by creating and applying the application flow map to the physical environment so you can start looking at only the specific devices which are actually involved in your specific performance issue. 

Last, but not least, I would also suggest you have on hand the storage flow maps for both the specific application as well as the relationship between the physical hypervisors hosts and their storage arrays. 

Screen Shot 2012 09 21 at 10 01 43 PM

I’m not a storage expert, but I’ve seen my storage buddies tell stories of Database and VDI LUNS thrashing on the same physical disks that had obviously left them with nightmares for weeks. 

 

Any one have any tricks or suggestions on troubleshooting application performance issues in highly virtualized environments? As we move towards “THE CLOUD” I don’t see this getting any easier. 

Let me know how you’re approaching these problems! I’d love to see a better approach! 

 

A different kind of SDN? Programatic NMS with Management Layer Abstractions

I was at an internal event this week where we were going over some of the amazing things that HP is working on, some which will come to market soon, and some which may never make it out of the labs. 

To answer the obvious question: No, I’m not going to talk about that.  

 

But during one of the sessions, an interesting conversation took place which I wanted to put some additional thoughts down on paper, or e-paper as it were. 

As is the case so much in the industry right now, the conversation came down to a discussion around this question

What is SDN?

The speakers statement, which I’ll look at below, was that programatic NMS is NOT SDN.  Now he is a very smart guy and I do have to say that his presentation was very good, but I had to object to that particular point.  I’m still not sure if I’m right or wrong, but I think it’s worth at least examining the point. 

So first I’ll refer to Martin Casado’s slideshare presentation which you should check out as I’m going to take parts of it out of it’s context in an attempt to make my point.  ( As they say, when you take the text out of the context, all you’re left with is a con ).

For those of you who didn’t check it out, the presentation focuses on the idea that the true benefit of SDN is the power of abstractions. The idea that abstractions allow for much greater flexibility and evolution because you don’t have to worry about the fundamental underlying complexity.

Imagine if all the software in the world had to be written in assembler. I’ll wait while your body works out the sudden urge to scream and jump out a window.

Screen Shot 2012 08 23 at 3 08 07 PM

 

So one of the fundamental tenants of SDN is that

Abstractions are the way forward.

I agree with this 100%. Abstractions take away the underlying complexity and allows us to concentrate on the task at hand. 

So the slideshare preso above deals primarily with the idea of control plane abstraction in the sense that OpenFlow’s purpose is to allow for instructions sets abstractions to be sent to OpenFlow enabled switches which will allow them to bypass all the current control plane complexities that we all know and love in the current network paradigm.

 

I’m 100% in agreement with that.

But what is of particular interest to me is the idea of management plane abstractions. Now for those who don’t know already, I’m an HPN Solutions Architect and an avid evangelist of HPN’s NMS platform, HP IMC.  ( Full Disclosure ).  So I will be attempting to make this argument in context of what IMC is providing now and where I see it going. 

DISCLOSURE: I AM NOT PLM AND I AM NOT REPRESENTING HP IN ANY CAPACITY, OFFICIAL OR OTHERWISE, THIS IS STRICTLY THE THOUGHTS BOUNCING AROUND IN MY HEAD ).

 

If one of the core ideas behind SDN is the idea that abstractions NEED to be created in the networking world to allow us to evolve past the current “protocol-per-problem” paradigm that we are all living in,

It seems to me that allowing management plane abstractions should also have value and should qualify as a type of software defined networking. 

I fully admit that this will not be as revolutionary as the idea of a complete control-plane abstraction like what OpenFlow is promising in the next 2-10 years. ( I’m not holding my breath ). But I do strongly believe that there is some pretty amazing benefits that can be gained today IF the management abstractions are in place.

As well, I also believe that this could easily be the current missing-link that will allow us to bridge the gap between where we are and where we want to be.

 

Example

So let’s look at the following simple example so I can try and make my case.

Imagine, if you will, you are running a dual-vendor strategy. I know you all are, Gartner said it’s a good thing, right?  But now you have discovered that MOST of the current networking hardware manufacturers are offering NMS platforms that limited to managing their own devices. 

So let’s imagine that you are running Cisco and HP equipment in your network and you want to deploy a new VLAN across your data centre. 

Assuming that your NMS’s are single-vendor NMSs ( like Cisco Prime LMS ). You’re stuck  You MIGHT be able to login in to your Cisco Prime LMS interface and deploy VLANs, or you might be able to rely on VTP or GVRP/MVRP to take care of this for you. 

Now if you were using HP IMC, we have already abstracted the management layer to allow you to just say ” DEPLOY VLAN 15″ and the programatic NMS actually takes care of the rest. 

Check out this video for a demo.

So how does this work? 

ABSTRACTIONS

Let’s take the a step further and look at this in the context of SDN. Imagine the following scenario if you will.

A user plugs in to the switch. What happens

1) The dot1x supplicant kicks in and says ” Hey NAC ( sorry BYOD ) server; Is this guy allowed?”

2) RADIUS server says ” Yup, but he’s a sales user, so he needs to go in VLAN 15 

So far, this is pretty standard, right? RADIUS server responds back with the tunnel-group attribute or some other proprietary VSA and the switch puts the user in the right VLAN, right?

 

Wrong.

 

The NAC software has no knowledge of whether or not that particular VLAN is actually present on switch where the user is plugged in.

 

So imagine if there was a programatic interface, like the eAPI in HP’s IMC that would allow the conversation to go like this. 

1) User plugs in to a switch, dot1X process takes place, switch contacts NAC software through RADIUS protocol and the RADIUS server says ” This user should be in VLAN 15 “

2) The NAC software checks with the NMS to see whether or not the VLAN which we are trying to deploy is actually present on the switch in question. 

3) The Programatic NMS would then check the VLAN database to see if that specific VLAN is present on the switch in question. In this case, the the NMS will respond with a no.

4) So now the NAC program knows that the user authentication is going to fail because the underlying infrastructure does not have the necessary services in place ( the VLAN ) to be able to complete the transaction, so it then asks the programatic NMS to deploy the VLAN in question to that switch. 

 5) The programatic NMS would then connect to the switch, and add the VLAN. The NMS would check the bridge MIB, or whatever other MIB might be present to verify that the transaction was completed successfully.

6) After some arbitrary time value, the NAC program would then ask the NMS if the VLAN is present on the switch.

7) The NMS would then respond with a resounding ” Yes! It’s there!” 

 8) The NAC program would then complete the RADIUS request, place the user in the right VLAN and everything is great, right?

 

The best part of this, no human intervention, the program is able to request a service from the network, the network is able to respond that it’s not present and reconfigure itself to meet the needs of the application. 

 

So where’s the abstractions?

Look at the flow above. The NAC program asked ” Is this VLAN present” it didn’t say “When I run the command show VTP Database, after you parse through it, is VLAN 15 present?”  which of course would not work on a juniper or hp switch. 

The NAC program uses the self-describing RESTful API calls like

http://127.0.0.1:8080/GetVLAN device id15

And the NMS responds with an XML output which does not contain that VLAN ID.

Then the NAC program sends an HTTP post to the NMS and says 

http://127.0.0.1:8080/addVLAN:15?devID15

 

note: I don’t have the eAPI SDK in front of me, so I’m making up those calls, I’ll try and fix them later with the real syntax when I have a chance. 

And then the really cool part happens.

If it’s a Cisco IOS based Switch, it uses the Cisco IOS switch device adapters which define the specific commands or SNMP OIDS to set the VLAN on that particular platform.

If it’s an HP Comware switch, it uses the HP Comware switch device adapters which define the specific commands or SNMP OIDS to set the VLAN on that particular platform.

If it’s an HP Procurve switch, it uses the HP Procurve switch device adapters which define the specific commands or SNMP OIDS to set the VLAN on that particular platform.

 

ABSTRACTIONS

No matter what kind of switch that user is connected to, HP’s Intelligent Management Center will hide all of the underlying complexity from the NAC program and respond to the same specific RESTFull API call. 

 

So instead of all the device specific syntax, it’s almost like a simple conversation.

NAC Program to HP IMC ” Is VLAN 15 present? “

HP IMC to NAC Program  ” Nope”

NAC Program to IMC ” Can you please add it for me?”

HP IMC to switch ” Add VLAN 15 to your configuration “

HP IMC to switch ” You done yet? “

NAC Program to HP IMC ” You done yet? “

HP IMC to NAC Program ” I’m done”

 

Now are their other failure modes which should probably be checked? Absolutely, off the top of my head, you would also have to check the dot1q trunks between the device and the L3 interface for that particular VLAN to ensure that you have end2end L2 connectivity and you’re not going to create an isolated orphan VLAN which dumps you user into no connectivity, but that’s just adding more logic to the program.

 

So back to the original question: Does a programatic NMS qualify as SDN or not?

Let me through out the following description. 

A paradigm where a application can request a specific service from the network and the network is able to dynamically reconfigure itself to respond to the applications specific requirements. 

 

That kinds sound like software defined networking to me.

What do you think? Is it the law-of-physic changing paradigm that much of the media would have you believe is coming? Nope. But does it have value? I’ll let you decide. 

Another eAPI post – What can you do with a QR tag?

So we’ve had some ambitious little engineers with too much caffeine and some new toys to play with.

For those of you who are interested, I’m going to post the source over to

which is the new IMC forum site that @neelixx setup. This code was not created by a professional code, but at least it’s a proof of concept of what you can do with a little bit of time and some knowledge.

P.S.  If you don’t have a QR code reader on your phone yet, and you didn’t just click on the image…. that’s   www.netopscommunity.net

@netmanchris

A Network Services Platform

So things are starting to get interesting with the HP IMC eAPI that was recently released. It’s really amazing to see the types of creative projects when technical people are presented with new toys. 🙂

So for those of you who didn’t read my last eAPI blog post, let me catch you up. The eAPI is a RESTFul inteface that allows programmers, or scripters to leverage the various network services that HP IMC presents.

Thanks@ioshintsfor a quick look at SNMP vs. RESTfull interface

Basically it looks a little like this.

note: This is not a full list of the IMC modules or services. Check out the HP website for a complete list.

The RESTfull inteface presents the services in a XML format which is consumable to any programming language that can parse XML. ( I’m not a programmer, but that’s pretty much all of the current ones from what I understand ).

Those services are then applied to specific devices. But what’s COOL about this, is the following.

Say you want to change a VLAN on a bunch of ports. Some of those happen to be HP Comware switches, some of them happen to be HP Procurve Switches, and some of them happen to be Cisco switches. The IMC device adapters at the bottom do all the work for you, providing a device abstraction layer so that you can just say ” add VLAN” rather than having to worry about the syntax of all the individual devices.

So what’s actually available in the HP IMC eAPI? Well you can checkout @neelixx’s blog for the documentation. This is the first release, but I’m told that the eAPI will continue to grow with each future release of the platform AND the modules.

But I think what’s a LOT more interesting is some of the projects that have started to creep up.

For example

1) Wouldn’t it be cool if when you sent someone an outlook invite for a meeting in your office that your network access control system would automatically create guest accounts for the day of the meeting and send them to your guests?

2) Wouldn’t it be cool if when your support desk could simply click on a user in Microsoft Lync and automatically see where they have been logged in the network? Check out what access service is assigned to them. Maybe they are having trouble accessing some resources and you want to make sure they are in the right VLAN.

I’ve also started to see other apps pop up such as an application that searches the entire network for the mac addresses of lost laptops and locates the interface they are plugged into. Pretty handy for a hospital where a lost laptop with patient data is a nightmare. Or something as simple as an app for a a College which allows the teacher to shut down all the interfaces for the switches which are in their classroom, and then to turn them all back on with a click of the button.

No login to the NMS.

No call to the help desk.

Just shutting down the ports when the students aren’t listening, and turning them back on when it’s time to work.

What about you guys? HP has given you some color. What are YOU going to paint?