Monday, August 20, 2007

Authentic Communications Self-Check

I'm currently reading Carly Fiorina's book Tough Choices. It's an excellent read btw. In chapter 15 she's talking about teamwork, and how ideas and plans are communicated:

"Although different types of communication can serve different purposes ... they all find their way to the same audience. And so authentic communications are not simply reality based, they are also consistent among different groups." ... Different messages may be pleasing for a time, but they will not be authentic, and over time people will reconcile them by choosing which to believe." (emphasis added)

This made me think about some different groups I communicate with: volunteers, my co-workers, family, church laypersons, acquaintances. Am I consistently authentic? Am I communicating different messages to my different contacts? Jesus was clear that we should authentically communicate his radical message of love, and we should do it consistently. There really isn't a reason I should communicate different messages to different people, but I do. Sin gets in the way, but most of the time it's my own shortcoming.

What are you communicating to others, and are you doing it authentically and consistently?

Wednesday, August 15, 2007

VMWare Server Console

We run ServiceDesk Plus 6 (Free Edition) for our Helpdesk. I've found it to be a great time saver, and it helps our Staff (and myself) make sure we're keeping up with their computing needs. This runs in a Windows Server 2003 Standard Edition Virtual Machine atop Ubuntu Server Edition on a Dell Poweredge 1950. It's been easy to setup, and a stable system. However, I recently ran into an issue where I can't connect to the VMWare Server Console (via my WindowsXP laptop) or the Management User Interface (VMWare MUI). This is just plain old odd. I'm running Ubuntu Server x64 (with a Dual-Core Xeon 2.33 w/ 4GB RAM). Has anyone else run into this issue?

Wednesday, August 8, 2007

Update: Firewall's & VPN

In a previous post I mentioned working on a site-to-site VPN project, connecting our Mid-Rivers Campus (960kbps channelized T1 ) to our West Campus (3mb/600kb DSL).

I ended up using an old P2 box at our West Campus, and tying the pfSense boxes together by OpenVPN.

Church IT people are often tasked with finding a "creative", (read: often inexpensive) way to do things. There are a few ways I try and accomplish this (in no particular order):
1. Quality Donations (very rare)
2. If it's free technology, give it a shot!
3. OSS, Open-Source Software, and it's brethren, often fit our model.
4. Ask vendors for non-profit discounts. If they don't have a program already, they may create one just for you!

I'll get into my philosophy on Church needs, Industry standards, and "Open Source" some other time.

Our firewall is a great example of how we've used flexible solutions to find a scalable solution:
When I was volunteering my IT time at Calvary, we had a little Sonicwall Pro 100. One day the box started to exhibit some weird problems. It had spent it's entire life sitting in a relay rack, in a room that averaged about 80 degrees. But this day it first needed a bunch of reboots, and then decided to stop working. Being our firewall, this was a very bad thing, because we now did not have an internet connection. We called our local SonicWall dealer, and found out that the box was 4 months or so out-of-warranty. So, we extended the service contract on the old box, and they sent us a replacement.

However, in the meantime, we needed something that would work until the new sonicwall arrived. I had recently tried smoothwall firewall at home, and liked the feature-set, so I grabbed an old P2-400 box, an extra nic, and we were up and running within 20 minutes. When the new sonicwall arrived, we plugged it in, and put it back to work.

Fast forward to the end of our contract extension, and the sonicwall has died a 2nd time. We call Sonicwall to try and find out what is going on, and get the "no-support customer support" runaround. They offer to let us buy a new Pro 100, or a newer model, but at this point, we know that the smoothwall is capable of working, so we just plug it back in, and decide if we're not happy with it, we'll then address a possible replacement for the Sonicwall/Smoothwall.

Fast forward again about 1 year later, and I'm now working for the church, and the subject of off-site access comes up (both for me and a couple staff members). Until this point, we haven't had any VPN or any other type of remote access happening. So, I do a little digging and we start tunneling VNC and RDP sessions over SSH (smoothwall has SSH server support built in).
After a while, I start to do some more digging into Linux firewalls (being the geek that I am), and run across pfSense. pfSense is a firewall based upon OpenBSD, with FreeBSD's packet filter. I setup another old P2 box, and start playing around with it as a test VPN server/firewall. After about 2 months of testing (on and off), I put it into production. The simplified remote access support and QoS via the Traffic Shaper actually gives us a boost in web browsing, along with estabilishing some important protocols (VoIP, FTP, SMTP, POP, etc.) as quality baselines.

So here I am in 2007, and we've just launched a 2nd Campus. We will have a small office space at the new campus, but we're unsure of the data connectivity. After the building is up and running, I find out that we can get DSL service (as a starting option before a T-1), and we go ahead with the 3mb down/768kb up plan. Up to this point, our new firewall has worked great, although it did drop the connection one time after there was no activity for 2+ days. I'm still unsure if it was pfSense/OpenVPN's fault, the DSL connection (which we have to reset once a week), or if it was related to the fact that Monday morning a construction worker cut all our telephone lines ;) We'll see what the future holds.

The great thing about these firewall technologies is that I've only spent about 25 hours over 3+ years to setup, configure, link, maintain, and upgrade them. I have no doubt we could easily spend $1,000 per location for 3 years of quality service. The money the church has saved in support contracts, hardware costs, and other licensing has more than paid for itself. The great thing is, we can partner with other churches/organizations and share our expertise, helping them to use our experience as a starting point.