Thursday, October 4, 2007

New Phone System

Well, it looks like we've decided on a new phone system for Calvary. For a very long time, (7+ years is an eternity technically), we've had an Inter-Tel PBX. This was a great solution when we first started leasing it, and had room for growth. However, being a proprietary system, the handsets are $$$, and we've now hit the limit of our current growth without moving on to a new long-term lease.

When we launched our West Campus, we went ahead and "tried" a Switchvox SOHO system. It's an Asterisk-based VoiP PBX, which means they are using the Asterisk OpenSource code and adding on enhancements (and they have support for cheap). We've been very happy with our SOHO system out there, and are making the switch to a complete SMB system here at Mid-Rivers. This will allow us to "peer" the 2 campus' together (direct campus-to-campus extensions!), along with giving us many options our users haven't experienced. We've decided to go ahead with the Polycom phones that Switchvox bundles (and sets up for you).

This whole process has been very easy, and the folks at Switchvox have had great sales and stellar support (even before the sale). The best thing about all of this is that in the process we're doing a better job of being good stewards with God's money!

Monday, August 20, 2007

Authentic Communications Self-Check

I'm currently reading Carly Fiorina's book Tough Choices. It's an excellent read btw. In chapter 15 she's talking about teamwork, and how ideas and plans are communicated:

"Although different types of communication can serve different purposes ... they all find their way to the same audience. And so authentic communications are not simply reality based, they are also consistent among different groups." ... Different messages may be pleasing for a time, but they will not be authentic, and over time people will reconcile them by choosing which to believe." (emphasis added)

This made me think about some different groups I communicate with: volunteers, my co-workers, family, church laypersons, acquaintances. Am I consistently authentic? Am I communicating different messages to my different contacts? Jesus was clear that we should authentically communicate his radical message of love, and we should do it consistently. There really isn't a reason I should communicate different messages to different people, but I do. Sin gets in the way, but most of the time it's my own shortcoming.

What are you communicating to others, and are you doing it authentically and consistently?

Wednesday, August 15, 2007

VMWare Server Console

We run ServiceDesk Plus 6 (Free Edition) for our Helpdesk. I've found it to be a great time saver, and it helps our Staff (and myself) make sure we're keeping up with their computing needs. This runs in a Windows Server 2003 Standard Edition Virtual Machine atop Ubuntu Server Edition on a Dell Poweredge 1950. It's been easy to setup, and a stable system. However, I recently ran into an issue where I can't connect to the VMWare Server Console (via my WindowsXP laptop) or the Management User Interface (VMWare MUI). This is just plain old odd. I'm running Ubuntu Server x64 (with a Dual-Core Xeon 2.33 w/ 4GB RAM). Has anyone else run into this issue?

Wednesday, August 8, 2007

Update: Firewall's & VPN

In a previous post I mentioned working on a site-to-site VPN project, connecting our Mid-Rivers Campus (960kbps channelized T1 ) to our West Campus (3mb/600kb DSL).

I ended up using an old P2 box at our West Campus, and tying the pfSense boxes together by OpenVPN.

Church IT people are often tasked with finding a "creative", (read: often inexpensive) way to do things. There are a few ways I try and accomplish this (in no particular order):
1. Quality Donations (very rare)
2. If it's free technology, give it a shot!
3. OSS, Open-Source Software, and it's brethren, often fit our model.
4. Ask vendors for non-profit discounts. If they don't have a program already, they may create one just for you!

I'll get into my philosophy on Church needs, Industry standards, and "Open Source" some other time.

Our firewall is a great example of how we've used flexible solutions to find a scalable solution:
When I was volunteering my IT time at Calvary, we had a little Sonicwall Pro 100. One day the box started to exhibit some weird problems. It had spent it's entire life sitting in a relay rack, in a room that averaged about 80 degrees. But this day it first needed a bunch of reboots, and then decided to stop working. Being our firewall, this was a very bad thing, because we now did not have an internet connection. We called our local SonicWall dealer, and found out that the box was 4 months or so out-of-warranty. So, we extended the service contract on the old box, and they sent us a replacement.

However, in the meantime, we needed something that would work until the new sonicwall arrived. I had recently tried smoothwall firewall at home, and liked the feature-set, so I grabbed an old P2-400 box, an extra nic, and we were up and running within 20 minutes. When the new sonicwall arrived, we plugged it in, and put it back to work.

Fast forward to the end of our contract extension, and the sonicwall has died a 2nd time. We call Sonicwall to try and find out what is going on, and get the "no-support customer support" runaround. They offer to let us buy a new Pro 100, or a newer model, but at this point, we know that the smoothwall is capable of working, so we just plug it back in, and decide if we're not happy with it, we'll then address a possible replacement for the Sonicwall/Smoothwall.

Fast forward again about 1 year later, and I'm now working for the church, and the subject of off-site access comes up (both for me and a couple staff members). Until this point, we haven't had any VPN or any other type of remote access happening. So, I do a little digging and we start tunneling VNC and RDP sessions over SSH (smoothwall has SSH server support built in).
After a while, I start to do some more digging into Linux firewalls (being the geek that I am), and run across pfSense. pfSense is a firewall based upon OpenBSD, with FreeBSD's packet filter. I setup another old P2 box, and start playing around with it as a test VPN server/firewall. After about 2 months of testing (on and off), I put it into production. The simplified remote access support and QoS via the Traffic Shaper actually gives us a boost in web browsing, along with estabilishing some important protocols (VoIP, FTP, SMTP, POP, etc.) as quality baselines.

So here I am in 2007, and we've just launched a 2nd Campus. We will have a small office space at the new campus, but we're unsure of the data connectivity. After the building is up and running, I find out that we can get DSL service (as a starting option before a T-1), and we go ahead with the 3mb down/768kb up plan. Up to this point, our new firewall has worked great, although it did drop the connection one time after there was no activity for 2+ days. I'm still unsure if it was pfSense/OpenVPN's fault, the DSL connection (which we have to reset once a week), or if it was related to the fact that Monday morning a construction worker cut all our telephone lines ;) We'll see what the future holds.

The great thing about these firewall technologies is that I've only spent about 25 hours over 3+ years to setup, configure, link, maintain, and upgrade them. I have no doubt we could easily spend $1,000 per location for 3 years of quality service. The money the church has saved in support contracts, hardware costs, and other licensing has more than paid for itself. The great thing is, we can partner with other churches/organizations and share our expertise, helping them to use our experience as a starting point.

Friday, July 20, 2007

Photoshop performance & Upgrades

My Wife, Michelle, is a photographer, and as such, I am her IT department. Now, don't get me wrong, I love being her IT dept. However, her recent performance issues have me perplexed:

Photoshop crawls on her PC. We recently re-installed windows (to increase her boot disk's size), and she's got a powerful PC (Athlon64 3200+, 2GB DDR RAM, RAID-array for data, separate boot disk, discrete graphics, XP Pro), but Photoshop is slow when she does batches or large images.

So, in my geeky wisdom, I decided we needed to start thinking about upgrades, and here is where it gets troublesome:

1. Windows XP Pro (32-bit) only supports 2GB RAM per application (i.e. Photoshop can't really use much more RAM than she currently has).

2. Windows XP x64 is a minefield. From my reading, it seems that you should avoid XP x64 unless you are looking for an unpleasant experience.

3. Windows Vista is cutting edge (and I personally think it's bloated and still maturing). This means that we may have to replace her printer, scanner, and some other unknown thing if we move to Vista 64-bit.

4. DDR2 RAM is very cheap right now. I can buy 4GB of DDR2 800 for the price of 2GB of DDR 400. That's good-old economics.

5. AMD & Intel are in a CPU price-war. AMD slashed prices, and Intel is rumored to follow on Sunday (July 22nd). She currently has and AMD 939 Athlon64 processor. However, we purchased this AMD 939 to AM2 converter board (she has an ASRock 939Dual-Sata2 motherboard). That means that she could get an AM2 CPU and DDR2 ram as a drop-in replacement. Prices on AM2 cpu's are ridiculously cheap.

6. To complicate the upgrade waters, Intel is giving AMD a beating in performance right now. The Core2Duo is just smokin' fast. AMD is rumored to compete in the late-fall, but what about now? When Michelle was a starving photographer (without a 6 mos. old), we had serious budget concerns. Now that her time is more valuable, she can afford to pay for a bit better performance (but not "Extreme Edition" performance;).

Here's what I'm thinking and praying may work: Dual-boot Windows Vista Business ($150) or Ultimate ($220), and then upgrade her components (using a ~65W CPU). Once we're sure that Vista can handle things (and is fast enough), we can delete the XP partition.

AMD Upgrade: ~$330 for an AMD A64 X2 and 4GB of OCZ Vista Upgrade DDR2-800

Intel Upgrade: ~$750 for an Intel C2D E6750/E6550, Asus P5K mobo, a PCI-e VidCard, and 4GB of OCZ Vista DDR2-800 (1066MHz DDR2 is very pricey right now).

What's a guy to do? Intel for a performance increase, and possibly a better upgrade path, or AMD for the cheap route?

Wednesday, July 18, 2007

Firewall's & VPN

So we're looking hard at upgrading the Data and Voice provider technologies here at Calvary. This will involve increasing bandwidth at Mid-Rivers, providing Site-to-Site VPN capabilities, and reducing our voice and data monthly charges.

One of our providers offers a Fortigate 60 at branches as part of their site-to-site vpn/Voice/Data solution. This looks like a pretty nice product. It offers VPN, Firewall, Antivirus, dual-wan, Spam, and many other features.

I wonder how it compares to oss-based solutions like pfSense, Shorewall, m0n0wall, and Smoothwall. We currently use pfSense, and it works great, but I haven't really delved into the VPN features.
Anyone have any experiences with Fortigate products?

Tuesday, July 17, 2007

New blog

Well, I've started a Church IT blog. Hopefully I'll keep it updated, and I'll be posting all kinds of items here: questions, comments, and other musings and thoughts of a Church IT guy.

Leave me some comments, and let me know what's going on!