Power over Ethernet (PoE): The Basics

Power over Ethernet (PoE):
The Basics

With the introduction of new Ethernet-enabled devices expanding geometrically, the need to power these devices from standard AC power outlets has become a limiting factor. IP telephones, wireless access points, IP cameras and device servers are examples of devices limited by the need to have an AC power outlet nearby to plug in a DC power adapter. At best, power supply installation and wiring adds labor and results in the mess of extra wiring; worst case, the lack of nearby AC power means devices cannot be installed where they are needed.

In response to this need, IEEE developed IEEE802.3af and IEEE802.3at to standardize a system of supplying low voltage power to networked devices via the communications line commonly known as Power over Ethernet (PoE). Devices can be installed wherever structured Ethernet wiring is located, without the need for AC power outlets nearby.

Power over Ethernet or PoE is a standard describing a method of passing power over Ethernet cabling. The power is transmitted using two standards, Alternative A, over spare wires, or Alternative B, along with the data.

Alternative A:

Alternative B:

How Storage vMotion works and what it can be used for

I thought this was a great article by George Crump and since I get asked this a lot I thought I would post it .. Thanks George !

vMotion is one of the most compelling features of VMware. Its ability to transparently migrate a virtual machine (VM) from one physical host to another has countless uses, from balancing performance load to enabling system maintenance. VMware offers an equivalent of vMotion for storage systems: Storage vMotion. It allows for a virtual machine’s disk image to be transparently moved from one storage platform to another without interrupting the services that the VM is providing.

Once integrators get over the “wow” factor of Storage vMotion, it is important for them to understand how to leverage this capability in the solutions they design for their customers. Toward that end, let’s first talk about how Storage vMotion works.

Storage vMotion starts by copying the metadata about the VM contained in what is described as the VM's home directory to an alternate storage location. The metadata essentially consists of configuration, swap and log files that the VM needs. Once this copy is complete, Storage vMotion begins to replicate the VM's entire disk file to the new location. It does this using VMware's changed block tracking function to maintain data integrity as the copy occurs. Once the initial replication is complete, the changed block tracking engine is polled again to see which blocks changed during the first replication. On a second replication pass, just the blocks that have changed since the first replication started will be replicated to the new location. This step continues until both copies are in sync, at which point, the VM is suspended, pointed to the new location of its virtual disk image and then resumed. During this switch and before the VM is started again, one more check for data changes is made, and any final changes are copied over. This process helps ensure data integrity. While there are several steps involved in the process, it all goes unnoticed by the users and applications. The switchover is essentially transparent.

Storage vMotion can be used for a variety of tasks within the storage infrastructure for a virtual environment. The most common use case is as a migration tool when a new storage system is purchased. Instead of suffering downtime to migrate the VMs over to the new system, you can let Storage vMotion do the work. This enables daytime storage implementations, which reduces costs, with no downtime, which keeps users productive. It also enables storage integrators to more aggressively sell new storage systems into existing accounts without having to face one of the bigger sticking points of a new purchase: data migration.

Another use for Storage vMotion is as a performance load balancer. For example, if a particular VM needs higher levels of performance or if it can't take advantage of the device it is currently stored on, Storage vMotion will enable a shift to either faster or more cost-correct storage. A good use case might be a database application that sees a high level of transaction processing during a certain period of the day or even during a particular time of year. During these times, the VM that hosts the database can be moved to a faster storage tier, possibly a solid-state drive (SSD), and then when the peak demand passes, it can be migrated back down to more cost-effective storage, freeing up the SSD for another demanding workload. Right now this move does not happen in an automated fashion. Keeping on SSD only the virtual workloads that actively need the performance capabilities of SSD is an ideal way to get the most use out of the investment.

Migrating VMs that can't take advantage of the performance capabilities of the storage they are on to less expensive, lower-performing storage is another excellent use case for Storage vMotion. This is also a good way to minimize the impact of VM sprawl. While it may be hard to get users to admit they don't need a VM anymore, moving a virtually inactive virtual machine to slower storage can be a good compromise. If the use of the VM suddenly increases, Storage vMotion can be used to promote it back to higher-performing storage.

Finally, Storage vMotion can be used to help with high availability. For example, assume that one shared array has had a drive failure, and a rebuild is needed. Because individual drive capacities are continually increasing, it now takes double-digit hours to to rebuild a RAID group. During this time, I/O performance suffers because of the rebuild effort, and, unless the system is using RAID 6, the environment is only one drive failure away from complete data loss. With Storage vMotion, the VMs, or at least the critical ones, could be migrated to a completely separate storage system, even if that system is from another vendor. Be careful, though, not to use Storage vMotion in place of a high-availability solution. Storage vMotion will help you when you have time to react to an impending failure, but a completely unexpected failure will cause downtime and you will need other solutions to protect against that.

Storage vMotion is a dream come true for storage integrators because they are best positioned to take advantage of it. Storage integrators sell solutions from a variety of vendors. Their solutions can range from high-performance SSDs to high-value, capacity storage. The integrator can leverage Storage vMotion to help a customer cost-correct their storage infrastructure, give them freedom to use a variety of storage platforms and provide another layer of protection in the case of hard drive failure.

Top 7 Considerations for Your Wireless Network

Introduction

It’s a wireless world outside, with cell phones, Blackberries, netbooks, and more relying on various wireless data networks to connect and communicate. Adding or upgrading your WLAN (Wireless Local Area Network) inside the business adds flexibility, convenience, and keeps data available everywhere inside your company. Wireless networks come at a cost, however, both in money and management time. Security concerns jump when you add wireless components to your network. So here are the Top 7 Considerations when adding or upgrading a WLAN for your business.

Considerations

1. Site Surveys and Wireless Signal Obstacles

Wireless networks aren’t magic, they’re radio. Just as your car radio signal drops because of distance or obstacles like buildings, mountains, and tunnels, your wireless network signal has limitations. In fact, a WLAN signal is much less robust than a radio station because of the frequency used. While a mountain will block a radio station, a file cabinet might block your network connection. Avoid placing access points close to windows, because the signal goes through glass as easily as it goes through air. Broadcasting your network to the world invites security issues and wastes bandwidth your users need. The most common wireless network types, 802.11b and 802.11g, are “two wall” technologies. This means the signal can only go through two normal walls before it becomes too degraded for use. Extra thick walls, or plaster walls with a steel mesh inside will degrade or stop the signal more quickly. Floors and ceilings count as wells, too, so learn to think in three dimensions while placing access points. Placing access points intelligently will support the most users with the fewest number of access points. Start by placing access points in the middle of the office and check the signal levels. If you have only a few wireless clients to support, you may get by using a laptop with a good signal strength meter in the wireless client utility (check your results with a second and third laptop). Larger companies should invest in wireless testing tools (some software tools are free or darn cheap) to speed the process. Search for “wireless network survey tools” for a quick list of thousands of options. Larger companies will need a site survey which can be expensive but speeds deployment and reduces the number of access points by locating them correctly. Smaller companies can usually get by without a survey if their physical location is limited. An extra access point or two goes a long way toward user satisfaction, so pad your budget a bit to ensure happier users.

2. Changes in Network Infrastructure

Adding wireless to your network requires more than just a couple of access points plugged into your existing router. In fact, wireless access points are one of the major reasons companies invest in switches with PoE (Power Over Ethernet). Placing access points on the ceiling is much faster and less expensive when you don’t need to run electrical power through conduits to each location. Small companies may be able to use a single wireless access point built into their main router as their only wireless infrastructure, but you know what they say about “best laid plans.” The flexibility of an extra access point or two is worth the expense. When planning for user capacity, take into consideration more than just laptops and some wireless-enabled desktops. Will iPhone users start surfing via their WiFi interface? iPad users certainly will. Check with your phone service manager, because wireless desk phone handsets can eat up a fair amount of wireless bandwidth. Your network hardware, software, and management processes will change more when you add wireless networking than you expect. Use the addition or expansion of a WLAN to examine and update your existing infrastructure. Bolting a new, high speed wireless network to an outdated and overworked router will only lead to complaints. 3. Router Upgrade Your router, the connection point for internal networks to the outside world, may not be suitable for a WLAN. Even routers than don’t include wireless support need to accommodate different network configurations to support a WLAN. A wireless network will have a different network address range than your wired network, and your router must support at least two network ranges. Companies with visitors often provide a “guest network” login in the lobby or throughout the building. This requires another network address range that should be separated from all your internal network resources. After all, a guest should see your Internet connection, but not your internal auditing files. If your router does support WLAN connections, and you’ve had the router more than three years, upgrading is recommended for security reasons alone. Wireless networks require authentication protocols that have changed drastically the last few years. Older routers are less secure, and often don’t work at all with newer security protocols included on the most recent laptops and other devices. Include the cost of a new router in your wireless budget. You may not need it, but better to be prepared than insecure.

4. Rethink Security

Wired networks have one great security edge: hackers have to be inside your building to connect to your network. Wireless networks, especially when configured incorrectly, broadcast to the world. Security must be ratcheted up a couple of notches when you add wireless.
Every wireless access point sends an SSID (Service Set IDentifier), a unique number attached to wireless data packets to differentiate that WLAN from others. Do not confuse this with a security measure, because changing your SSID away from the default setting, and turning SSID broadcast off, only slows down hackers by about sixty seconds. This is a network identifier, not a security tool. Change it from the default for easier internal management, but don’t think it blocks anyone. Security client tools are like using WPA (WiFi Protected Access) and WPA2 for authentication. These supersede the earlier WEP (Wired Equivalency Protocol) that wasn’t, unfortunately, near as equivalent as the industry hoped. In fact, if your company handles customer credit card information, the PCI (Payment Card Industry) audits demand you use
at least WPA for wireless security, or you fail the audit. Wireless client authentication deep dives into far too many details for this discussion. Just be aware that adding a WLAN to your network requires a complete security approach, not just some piecemeal kludge to get a few laptops connected.

5. Clamp Down on Unauthorized Access Loopholes

A “rogue” access point is one that users set up for themselves, usually by going to an electronics superstore and buying a consumer router with wireless support for $30. No security, no authentication, and no management, but they blow a giant hole in your security wall.
The second way users either purposefully or accidentally destroy your security is through turning on Ad Hoc mode on their wireless client software. Early on, when Internet connections were limited, a laptop with an Ad Hoc connection helped others get to the Internet. Today they just help hackers. Use regular sweeps with wireless monitoring tools to find and quickly close both these loopholes. Discourage such experimentation by users by including ensuring everyone who wants wireless access has it, and by offering to solve wireless problems for users immediately. Users unhappy with IT are most likely to “help” IT by creating their own
wireless networks.

6. Plan for Upgrades

You may find older laptops and wireless client access cards may not support WPA2, or even WPA. That is one example of upgrades to plan for, but not the only one. Security protocols change regularly, and updated implementations of popular security tools offer much better protection than older hardware and software. This may mean updating some firmware on your wireless access points, or replacing an older router that can’t be updated. Your wireless budget needs don’t stop when you turn on the network.
The most critical area to plan for is upgrading your WLAN hardware to support 802.11n, the latest wireless protocol approved for use by the standards committee. Speeds in 802.11n are many times faster than 802.11b and 802.11g, and the signals go further with higher quality. The speed and increased user count supported by 802.11n equipment is well worth the upgrade, when you get to it. Beyond that, always plan for security upgrades. Test for security leaks, like rogue access points, regularly, and that may mean buying tools as the wireless user base increases. Keep your software, including on clients, wireless access points, and routers, up to date. Most of the time, a firmware upgrade will be enough. Be prepared that older equipment will reach a point where it must be replaced, and that point will usually be decided by a needed security upgrade.

7. Invest in a WLAN Controller

Small companies can get by managing wireless clients as they manage wired network clients: manually. This method is popular because it’s cheap, not good, and more than a dozen or so users seems to be the point where the manual method becomes painful. Unfortunately, small companies tend to ignore management needs rather than upgrade to automated tools.
Larger companies, because they can amortize costs over more users, rely on automated tools. One that’s critical for companies with more than a couple of wireless access points is a WLAN controller. These tools use less intelligent wireless access points but manage, configure, and secure them more completely than so called “fat” access points do. In addition, they provide a single management interface for all wireless access points and users. A WLAN controller is highly recommended as a management upgrade that saves time and increases security. Conclusion
As in life in other areas, doing things right takes a bit more time, effort, and often money. Doing a wireless network cheap can cost you a fortune. One of the largest and most expensive data breach thefts of customer information ever, from T.J. Maxx, occurred at a retail store through their unsecured wireless network. The cybercriminals actually did their work in the comfort of their own car in the parking lot. Done well, a wireless network offers user freedoms not possible any other way. Building a proper wireless network will be much easier when following the seven considerations presented here.

Think security first, and the rest will fall into place easily.

And if you need help or are interested on how MicrAge can guide you through this process please feel free to contact me

Creinhard@microage.com
480-366-2091

DESKTOP OPERATING SYSTEMS - By Ed Tittel

Windows 7 user accounts and groups management

Ed Tittel, Contributor
07.12.2010
Rating: --- (out of 5)

Digg This! StumbleUpon Del.icio.us

There are three types of basic Windows 7 user accounts for solutions providers to work with: one for administrators and equivalents; one for standard, everyday users; and another for a guest account (turned off by default in Windows 7). All of these types are shown in Figure 1, along with an administrator account. To access the Windows 7 User Accounts item in the Control Panel, type user into the Start menu search box, then click User Accounts in the resulting menu selections that appear.

Figure 1 – There are three types of basic Windows 7 user accounts.

With administrator accounts, solutions providers can install software, make configuration changes, add or delete files in most directories and so forth. Standard users can manage their own files inside the %SystemDrive%\Users\ directory tree, and they can only make limited changes to their machines. Guests can look at system files, but only in certain directories, and they can't do much to the Windows machines they have access to. Having user account control is vital for creating user IDs and associating passwords and images to accounts. But when it comes to managing user rights and permissions, the real action lies elsewhere in Windows 7.

More resources about Windows 7 user accounts Why User Account Control in Windows is necessary

The best Windows 7 user accounts control comes via group management

Ask any experienced Windows solutions provider, and he or she will tell you that the best way to manage rights and permissions -- the controls that establish which applications or services a customer may run and which files or other system resources they can access -- is by establishing groups related to specific kinds of roles or activities.

A quick look at Windows 7's default group names and descriptions (Figure 2) helps illustrate this principle, while also listing the roles and activities that Microsoft finds most useful on Windows 7 systems.

Figure 2 – Windows 7 default group names and descriptions in the Local Users and Groups management console.

Notice the kinds of groups that appear by default, which include backup operators (those who can back up or restore systems), event log readers (those who can access and view event log contents to seek out and diagnose system issues), network configuration operators (those who can manage network configuration items and elements), remote desktop users (those who are allowed to log in from across the network or the Internet) and so on. The idea is to break various types of functionality into distinct areas (or roles), each of which is associated with some group, and then to use group membership to grant access to groups. For example, a system with PhotoShop installed might have a PhotoShop users group, and only those who belong to the group can run PhotoShop on a specific computer.

To access this capability, solutions providers must be logged in using the Administrator account or another account with administrator privileges (like the Ed account in Figure 1). Then, you can simply type lusrmgr.msc in the Start command search box to open the Local Users and Groups management console plug-in depicted in Figure 2. The word "Local" is important because the control applies only to one Windows 7 (or other Windows) machine at a time.

For network users, Active Directory and Group Policy hold the keys to the kingdom

The principles of managing Windows 7 user accounts are slightly different on Windows server networks, where Active Directory servers typically house user account and group information and definitions as well as the policies that go with them. Though you can manage groups, accounts and Group Policies locally from individual Windows machines on production networks, the process is too time-consuming to be worth the effort.

Most solutions providers use the Microsoft Management Console (mmc.exe) with plug-ins to support users, groups and Group Policy management. You can use the Active Directory (AD) Users and Computers tool to set up AD users and groups, and you can use a Group Policy management tool (the Group Policy Management Console, aka gpmc.msc) to set up and manage group policy settings. Group policy settings are used to control desktop appearance, application access, file system rights and permissions and lots more.

Top Ten Reasons For A Server Refresh !

#1 Power Savings- New servers offer Energy Star certified families of servers. The right sized power supplies are 90%+ more energy efficient and provide lower
power draw.

#2 Cooling Savings - The latest server offerings are designed for greater venting and airflow. The latest generation of HP, IBM and Dell servers use less than 60% of the fan power from our
previous generation servers.

#3 Improved Performance with the latest Intel processors new servers provide up to 180% performance per watt improvement over our older generation servers.

#4 MicroAge's services- We maximize value of new technology while empowering you to operate and maintain solutions.

#5 Consolidation and Virtualization Find a “hidden data center” by consolidating several physical servers into one physical server with nine virtual machines.

#6 Simplified Management many new systems have embedded management which speeds deployment by eliminating the need for CD’s. New Management Consoles provide simplified tools to deploy, manage, and update
systems.

#7 Commonality Image commonality across platforms. Clean, consistent placement of interface •
ports. Obvious, clear component organization.

#8 Purposeful Design Customer inspired design using professional industrial materials including improved chassis, rails, cable management arms, hard drive carriers and latching.

#9 Improved Reliability All steel construction cable management arm eliminates creep. New metal hard drive carriers. Quick release rack latching for easy deployment

#10 Our Financial Services Simplify server acquisition with flexible financing options.

Contact me today to learn how MicroAge can save you time , money and out perform the competition with A+++ Service
creinhard@microage.com
480-366-2091

Don't let Your need to meet PCI compliance bust your budget.

In today's budget-conscious world, many organizations find themselves struggling with the challenge of meeting PCI compliance requirements while controlling IT and network security-related costs.

MicroAge can offer your company several solutions that will both maintain your PCI compliance while securely protecting your credit card information for a reasonable cost.

Recently, we were contacted by a small- to medium-sized non-profit organization that was having difficulty adding an Intrusion Detection Prevention (IDP) solution to its network to protect cardholder information.

The organization's existing firewall would not allow for the addition of any IDP software, so I suggested that the company move its firewall from its external-facing position to an internal PCI-segmented position and then add a Juniper SRX210 Services Gateway for IDP on its external-facing network. We provided this solution for less than $2,000.

Since all organizations that accept, transmit or store any cardholder data MUST be PCI compliant, regardless of size or number of transactions, Sword & Shield offers a variety of products and services to help you securely maintain compliance without breaking your budget.

For small- to medium-sized businesses, MicroAge will provide general PCI consulting to help you complete your Self-Assessment Questionnaire and submit your Attestation of Compliance (AOC) to your acquiring bank.

Larger organizations may need a comprehensive security assessment of their data security standards to complete a documented Report on Compliance, while companies with a large number of widely-dispersed points of sale locations may need assistance in completing SAQs for each location.

For more information, please contact Me @ 480-366-2091 Chris Thanks

Infrastructure Architecture

Why Infrastructure Architecture Matters

Infrastructure architecture is a new kid on the architecture block. Traditionally, a large amount of IT-architecture attention has been devoted to information and application architecture. However, several developments have fostered a growing desire for infrastructure architecture. But not only will an organization's infrastructure provisions benefit from the appliance of this new architectural discipline; IT architecture, as a whole, will mature. Being that infrastructure architecture is in its childhood, a lot of work has to be done to stimulate and create infrastructure-architecture methods, models, and tools. This paper includes a number of first steps in this new architecture discipline.

The Importance of "Trust" in an Automated World

For ages, "trust" has been the basis of our economic system. In our economic transactions, we rely on "trust"—confident, as we are, that things are carried out properly. Our confidence is based on our experience with—and the reputation of—the companies, governments, and individuals with whom we interact. Many of the services that we use are virtualized. For example, the amount of money in a bank account is no more than a record in the bank's database system. Contracts, bills, and receipts are produced to underpin our activities; however, in an increasingly automated world, even these documents tend to be virtualized. How many companies urge their clients to accept e-bills, e-contracts and e-accounts these days, instead of paper copies? Many! As long as they can be accessed by these clients, there remains some sort of cogent evidence that the system is still running. I started to wonder if these companies understood the important role of their infrastructures, because:

• Business drives everything.
• Information and communications technology (ICT) enable business.
• There is no ICT without infrastructure.

  And, therefore:

• There is no business without infrastructure.

A Solid Infrastructure: Essential to Business Continuity and Agility

Of course, it is not infrastructure services alone that support automation. Software applications contain most of the (complex) logic that drives automation. Therefore, it is not a surprise that a quick survey of the IT-architecture field shows that information and application architecture receive the greatest amount of attention.

Most methodologies and frameworks focus on application architecture. When a methodology or framework does pay some attention to infrastructure, it is remarkable that the level of abstraction is significantly lower when dealing with infrastructure services. This can be understood from a historical point of view. In most cases, infrastructure services have been "simple" during the first decades of IT development. While applications advanced in functionality and complexity, hardware only got "faster." However, the turning point came during the Internet hype. Infrastructure vendors innovated like never before.

Infrastructure started to become "smart," together with a massive growth of connectivity solutions. This coincided with the rapid development and deployment of new application types (such as e-marketing, e-commerce, ERP, and data warehousing), which demanded new infrastructure services.

Within the infrastructure field of work, a silent revolution took place. Many new and complex types of infrastructure services have been added to the field, while existing services gained a lot of functionality. Traditionally separated domains (such as telephony and video) are being integrated within the infrastructure domain, while generalized, standardized applications (such as mail, calendar services, and collaboration applications) are being added to this infrastructure domain. This results in complex infrastructure landscapes that are hard to manage and expand. Most current infrastructure landscapes are the result of a history of application-implementation projects that brought their own specific piece of hardware into being. Mergers and acquisitions make things even worse—leaving many companies with different sets of the same services that are hard to connect to each other, let alone integrate and consolidate.

Why Infrastructure Architecture Is Decisive

When organizations (out of necessity) pay attention to business-continuity management or want to save on costly administrative staff, they should invest in infrastructure architecture to rationalize, standardize, and structure their infrastructure landscapes. Organizations also benefit from infrastructure architecture when they want to be flexible and agile, because a solid and naturally scalable, modular infrastructure provides a firm foundation for quick adaptations at higher levels. The coming market, which is full of digital natives (forming "markets of one"), asks for a degree of flexibility that can no longer be supported by infrastructures that are inconsistent and hard to expand. These markets need infrastructures that are constructed with standardized, modular components.

Of course, proper project management, skilled design, construction, and operation are essential to implement and maintain reliable infrastructure services. But to make infrastructures consistent and fitting with business needs, architecture is indispensable.

However, not only infrastructure landscapes benefit from proper infrastructure architecture. To be able to translate business, information, and application architectures into solutions that really work in a real world, the supporting infrastructure services should be in line. The result would make architecture stronger as a whole and enable architecture to deliver solutions that are consistent from beginning to end. To enhance the effectiveness of architecture, we must pay attention to infrastructure architecture to complete the whole picture.

A nice incentive is that it directly pays off to invest in infrastructure architecture. Blessings that are delivered by a mature use of it include:

• Greater insight into and overview of existing complex infrastructure services by preparing a transparent and structured taxonomy.
• Development of a structured, standardized, and consolidated set of infrastructure services that optimally support business processes and applications. This prevents overlapping and diversity of services, and thus reduces the complexity of managed services and life-cycle management. Standardization produces greater flexibility bottom-up, because it makes it easier to carry out expansions, changes, and replacements.
• A balanced examination of the possibilities that are offered by new technologies and a concrete path towards solutions to the challenges that occur in business operations. Specialized expertise is used to dispel hype, but without missing opportunities. Architecture thus strengthens the demand side in an area that is frequently dominated by the supply side (that is, manufacturers and suppliers).
• Transparent and complete input—both technical and functional—for engineering, building, and testing activities. Architecture avoids a one-sided, technical approach to projects for building infrastructure services, and it also safeguards the alignment of delivered products with the predefined requirements for functionality and quality.
• Improved alignment with operational services, because architecture enables engineering that is driven by service-level agreements (SLAs)/operating-level agreements (OLAs). Service-level management and operational services play a role at an early stage of creating new infrastructure services. This results in better and more effectively supported SLAs and OLAs. In combination with standardization and consolidation, this reduces the complexity of service-level management and operational services, too, because there is less diversity in the SLAs and OLAs.

First Steps

Infrastructure architecture is a young and immature discipline. Available literature is scarce, and it is very hard to find schools and universities that include some of it in their curricula. Much of what is called "infrastructure architecture" can actually be considered as "design." However, this is quite natural for a discipline that needs to develop more abstract methodologies and models.

Structuring and rationalizing design is a first step. Architecture methodologies should be developed by elaborating design practices, because this is the only way in which they stay in touch with reality. The border between architecture and design should remain diffuse, because as soon as the distinction between the two proves itself in some way to be clear, it will create a painful gap. Architecture misses its goal when architects are not able to transform their abstract constructs and artifacts into real solutions, because designers, specialists, and engineers cannot understand the directions that the architects provide. If this happens, engineers tend to start building their own solutions that are related in some way to the interpretation that they have regarding the architect's high-level descriptions.