Bob needed a new server for a small virtualization project, and his regular value-added reseller couldn’t budge
on the price. He shopped around and stumbled across a great deal on the same server make and model offered by a little outfit out of state. There were no obvious red flags, and Bob placed the order. The server arrived and worked as expected. It wasn’t until several DIMMs started failing that Bob checked the parts carefully, only to discover that the DIMMs were not actually made by the manufacturer advertised. After checking serial numbers back to the server manufacturer, Bob discovered that the little value-added reseller (VAR) with the great price wasn’t even an authorized reseller, and the manufacturer promptly billed Bob for the support call. Bob, like thousands of other IT professionals, had become a victim of a growing problem: the IT equipment “gray market.”
Understanding the gray market
There are several ways to define the IT gray market: used, poor-quality and counterfeit. The used equipment market, sometimes called the “secondary market,” is an established and perfectly accepted means of liquidating old or excess IT equipment. For example, when equipment is refreshed in the data center, the old equipment that is removed is often sold off to the secondary market, which then resells the equipment as “used.” It’s an excellent way for businesses to obtain replacement parts for older systems that a manufacturer no longer supports, but that you cannot yet upgrade or replace.
But there is a darker side to the gray market, where poor-quality components or outright counterfeit components are incorporated into a product without the buyer’s knowledge, and this is where we’ll focus attention. A poor-quality component may be entirely legitimate and marked honestly from a supplier, but simply lacks the characteristics or reliability needed for the system where it’s used. A counterfeit component is even worse, designed and marked to simulate another manufacturer. A good counterfeit may be impossible to spot without a close inspection.
“We define gray market products as similar to [original equipment manufacturers] (OEM), but with wildly varying quality levels,” said Pete Sclafani, chief information officer and cofounder of 6connect Inc. “With hardware, gray market counterfeits can be very difficult to detect, and possibly even function the same as their [genuine] OEM counterparts.”
Economic pressures are causing system builders and service organizations to cut corners, and many see a cheap knockoff imported for a fraction of the price as an easy way to perk up the profit margin. Once such products make it into the vendor channel undetected, they are almost impossible to find without a painstaking forensic analysis–but such inspections are almost never conducted until the equipment has failed after some period of use.
“In this age of low-margin IT hardware sales, any quote that beats competition by a large percentage should be further investigated, potentially with the manufacturer directly, before purchasing,” said Pierre Dorion, data center practice director at Long View Systems.
The implications of counterfeit components
There is no clear single problem with gear containing counterfeit components. Some gear may actually work for many years without difficulty. Other gear may experience premature or repeated failures. Still, other IT equipment may simply not work properly (if at all). Similarly, the level of response that you receive from the vendor can vary wildly. Most legitimate VARs will service the equipment that they sold to you, troubleshooting or replacing any problem systems. In fact, you (and the VAR) may not even be aware that counterfeit components may be the root of the problem.
Counterfeit goods can creep into a build among other genuine components. Sclafani recounts an experience with a counterfeit memory card for a client’s network equipment. “It was in the same shipment as a ‘real’ one, and they were impossible to tell apart without a magnifying glass. The chip markings were consistent with the real one,” he said. “The only reason it was discovered was because the router started having errors that were finally isolated to the bogus memory chip.”
However, counterfeit IT equipment is more often identified when a VAR or equipment owner contacts the manufacturer for service. The serial numbers marked on the bogus devices are “real,” but they have already been assigned. A manufacturer checks the serial number, sees that it’s already used by another customer, and the discussion is over. No manufacturer will issue a warranty or support counterfeit IT equipment. It’s best to register all new equipment purchases with the manufacturer immediately. This ensures prompt warranty coverage and can help expose counterfeit equipment.
Imagine a counterfeit power supply is installed as a redundant supply in a server. The counterfeit supply fails and sparks a fire that damages the server. The counterfeit supply caused the damage, so neither the supply, nor the server, will be covered by a warranty. A company involved in a direct sale may find themselves footing the repair/replacement costs out-of-pocket, while a VAR selling the equipment may be held liable depending on the specific verbiage of the purchase agreement. But even without legal wrangling, honest VARs can be devastated by such revelations, especially if the VAR is responsible for selling and supporting a significant amount of data center infrastructure.
“It pays to know where your gear is coming from and ensure that your vendors are reputable and verified,” Sclafani said.
Protecting yourself from counterfeit IT equipment
In most cases, there is no real means of remediation for counterfeit equipment, but it’s always best to start with your VAR or other product vendor. After all, it’s in their best interests to satisfy the customer, especially if the purchase contract clearly specifies “genuine” components, or the customer suffered damage resulting from a failure of the counterfeit equipment. However, if you add aftermarket components that prove to be counterfeit, all bets might be off.
In the end, experts say the best protections against counterfeit IT equipment include contractual clarity and quality vendor relationships.
When purchasing IT equipment or components from any vendor, be sure that any contractual purchase agreement includes “genuine” language that stipulates that the product must be sourced from the specified manufacturer; no substitutions are allowed, and you have the right to financial or material recourse if substitutions are discovered. At the very least, you should be entitled to a refund and relieved of any return or restocking charges for counterfeit equipment returns. Put the onus on the vendor to deliver the products that you think you’re buying.
Also take the time to cultivate long-term relationships with quality VARs that are verified resellers of a manufacturer’s products. This may not prevent a close encounter with counterfeit equipment, but a VAR that has an active and ongoing relationship with you is much more likely to ensure they keep your business, regardless of what the purchase contract says.
Fight counterfeit IT equipment yourself
Remember that there is little substitute for your own due diligence. When a product arrives, take the time to check it yourself and verify that it is a genuine product from the specified manufacturer. Look for visual evidence.
“Depending on the component, it could be anything from the barcode label, to weld quality, to wiring spacing and discoloration,” Sclafani said. “But with the added element of software piracy, it is a really good idea to ensure that you put the product through its paces.”
Register the warranty right away. Also, use a test and development environment before deploying any product. The more critical the equipment, the longer and more aggressively you should test it.