Tuesday, December 23, 2008

ESXi monitoring, for free!

A few months ago I transitioned us from VMware Server to VMware ESXi, booting off of a USB flash drive. If you don't know about server virtualization, VMware ESXi is a great way to get your feet wet, and it's a stable, production-ready (IMO) product.

However, one of the things that eluded me (in both the "Server" flavor and the "ESXi" flavor) was proper monitoring. Sure, I could setup data on each guest VM, but that didn't give me any info on the host.

Fast forward to yesterday, and I hear through the grapevine that Veeam is offering a free ESXi monitoring tool. Go get it here.

I'm just downloading it today, but if it does what the "Features and Benefits" page says, then this will be a new must-have in my toolkit. More updates to come (hopefully) as I try it out.

Sunday, December 21, 2008

HELP: ACS TMS to Facility Scheduler Conversion

One of my current projects at Calvary is to work on moving us to the latest release of the ACS People Suite (10.1.1.2). Part of this process is getting all of our ACS The Ministry Scheduler data into ACS Facility Scheduler.

ACS Facility Scheduler is an "on demand" product. This means that all the actual data sits on ACS' servers, and they handle data integrity, backup, etc. for you. Months ago, we looked at converting to Facility Scheduler before ACS 10.0 came out. At the time, there were some issues we had (features missing). So, we waited until those features came out. When they arrived, I had other projects taking precedence, and consequently we rolled it all into the 10.x upgrade.

As part of our upgrade process, I found out that ACS has a great conversion tool to transfer your current ACS TMS data into Facility Scheduler. I first used this tool when we were testing the feature set. Before this 10.x upgrade, I got in touch with one of the ACS people about "resetting" our data so I could re-upload the current data. He kindly let me know that the latest version of the tool had this functionality built in!

However, if you take a look at the ACS Knowledge Base article or Facility Scheduler FAQ on the subject, you find that you can no longer download the conversion tool (and it doesn't show up in the previous "client downloads" section either).

 

Does anyone out there have the file "tmsconversion.exe" or "ACS_TMS_to_FS_Conversion.exe", the converter to move from The Ministry Scheduler to Facility Scheduler? If so, please shoot me an email: sross *at* calvaryonline.cc

Friday, October 3, 2008

Moving an Ubuntu virtual machine from VMware Server to ESXi (on a PE1950)

Wednesday I migrated my PE1950 from VMware Server (1.0.2!) to ESXi 3.5 Update 2. During the process I ran into some issues moving my Ubuntu 6.06 LTS VM to ESXi. Here's the play-by-play (including my hardware upgrade).

  1. Copy the VM's off of the VMware Server.
  2. Verify the copied VM's work ok, and that you have valid backups.
  3. Shutdown the PE1950.
  4. Update the BIOS on the PE1950. Without a BIOS update, ESXi will not run correctly.
    - Can you believe I was running 1.x, when we're now at 2.3.x! This box has been very, very reliable.
  5. Unrack the PE1950, and replace the SAS 5/iR (no RAID) controller with a PERC 6/i controller.
    - ESXi needs a hardware RAID controller.
    - I was previously running software RAID-1 on the Ubuntu LTS host. We needed a reliable system, since this box had become mission-critical.
  6. Install ESXi onto a USB flash drive (>=1GB).
  7. Boot the PE1950, and setup the RAID array (2x300GB 7200RPM SATA in RAID-1).
  8. After the array has initialized, reboot with the USB Flash drive plugged in (preferably to one of the rear USB ports).
  9. Enter the BIOS (F2), and modify the boot order.
    - I set the USB Flash Drive's mode to "Hard disk"
    - Modify the boot order to include the USB flash drive as taking higher priority than the PERC array.
    - Save and exit the BIOS.
  10. Setup ESXi.
    - ESXi will give you the IP you need for setting up the Virtual Infrastructure client, etc.
    - Your RAID-1 array will be setup as your primary datastore (datastore1).
  11. Use VMware Converter to move the vm's to the new ESXi box.
  12. Boot up the Ubuntu guest OS.

 

Upon boot, you'll notice that the Ubuntu machine has no network connectivity. Here's how you fix it (commands you need to type are in bold):

  1. Install VMware tools on the guest os (it's probably outdated)
    • In the VMware Infrastructure Client, choose the VM, and then go to Inventory->Virtual Machine->Install/Upgrade VMware Tools
    • log into the ubuntu console
    • elevate your privileges to root level by running sudo su
    • mount the cd-rom drive: mount /media/cdrom0
    • change directories to the cdrom drive: cd /media/cdrom0
    • copy the vmware tools tar archive to your tmp directory (making sure you pay attention to the name of your archive, including case):
      cp VMwareTools-3.5.0-110271.tar.gz /tmp/
    • change to the tmp directory: cd /tmp
    • extract the tar file: tar -xvf VMwareTools-3.5.0-110271.tar.gz
    • change directories to the vmware-tools installer: cd vmware-tools-distrib
    • run the vmware tools installer script: ./vmware-install.pl
  2. Restart your networking: /etc/init.d/networking restart
  3. Check to see if your NIC is now working properly. You can check your interfaces using the following command: ifconfig -a
    If you are receiving an IP properly, you're probably OK. This didn't work for me.
    DO NOT complete the following steps unless you have no network connectivity
  4. Shut down the VM: shutdown -h now (remember, we elevated our privileges earlier to root)
  5. Remove any NIC's that are currently in the VM.
  6. After removing any NIC's that are currently in the VM, add a new NIC.
  7. Boot the VM
  8. I now had a NIC that my system recognized, but I wasn't getting an IP. The issue was with my interfaces file.
    • Contents of /etc/network/interfaces:
      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The primary network interface
      auto eth0
      iface eth0 inet dhcp
    • Notice how it lists "eth0" When I ran "ifconfig -a" earlier, I received eth1 as an interface, not eth0
  9. Change eth0 to eth1 in my interfaces file: vi /etc/network/interfaces (replacing eth0 with eth1)
  10. Restart networking: /etc/init.d/networking restart

At this point, everything was working well.

Thursday, October 2, 2008

VMware ESXi (bootable) USB flash creation tip

Yesterday I went to install VMware ESXi on a Poweredge 1950. All along I wanted to get the system setup with a USB flash drive (and not use the onboard storage as my boot disk).

I did some research, and this blog post seemed to be the most complete posting on creating your own ESXi bootable flash drive.

So, I downloaded the ESXi installable ISO, opened up 7-Zip, and went for it.
I was very surprised that every time I tried to image the flash drive, I got an error in WinImage. Now, this was running on my Vista x64 box, so I went ahead and fired up a VM w/ XP Pro 32-bit. At that point, I attempted to re-image the USB flash drive, and things worked as planned

Moral of the story: Don't try and create a bootable USB flash drive using Winimage on Vista x64, it won't work! Use VMware (or another computer) to create the flash drive's ESXi install (apparently on a 32-bit OS).

Tuesday, September 9, 2008

AV Software Initial Thoughts: Sophos Endpoint Security

During my "find a new Security Software" dance, I've narrowed it down to 3 vendors/products:

- Sophos Endpoint Security
- Eset NOD32
- Sunbelt Vipre

 

I'm going to focus on Sophos Endpoint Security here. If you're interested in Sunbelt Vipre, check out my previous post.

  • The setup is very easy on the server side. If you would like to install on an x64 Edition of Windows Server, you'll need to create the database ahead of time.
  • The local "agents" on your computer are pretty slim. They aren't as lean/mean as the Sunbelt agents, but do have the option of adding NAC and a firewall. I tested without NAC or firewall enabled. Running with open file/copy file protection enabled really slows things down.
  • Sophos is way ahead of our previous version of Symantec. It uses fewer resources, and actually catches malware (and removes it). Symantec at best reported Malware. Windows Defender did a better job than our version of Symantec.
  • Deploying the software wasn't an issue. I didn't try a Vista rollout, but some people have had issues with Vista rollouts. I'm assuming any Vista issues are fixed at this point (Vista SP1 has been out for a while now).
  • The Enterprise Console is very powerful and flexible. It is very busy, imo. I felt like I really needed to spend some time getting familiar with Sophos' admin philosophy before I was ready to go. This isn't a bad thing.
  • I saw some of the reports. There seem to be enough. I didn't play with customizations.
  • I was able to run the "Console" without any issues.
  • Licensing was straight-forward.
  • Sophos arguably has the most feature-rich product I've seen to date that doesn't eat your computer for lunch.

Sophos' pricing was extremely competitive. Their rep's were knowledgeable and courteous.

I really have no complaints about Sophos.

Wednesday, August 27, 2008

AV Software Initial Thoughts: Sunbelt VIPRE Enterprise

I'm currently in a cycle of reviewing some Antivirus/AntiMalware software for our next round of protection.

Here are my initial thoughts on Sunbelt's VIPRE Enterprise (remember, I'm just a normal, non-AV-specialist IT admin trying this out):

  • The setup is very easy on the server side. Just make sure you have .NET framework installed (it will notify/install it for you).
  • The local "agents" on your network computers use a ridiculously low amount of resources (my Vista x64 box uses just 52MB of RAM when I turn all of the protection on; XP Pro uses less). Running with "open file/copy file protection" can slow things down.
  • Deploying the software to Vista machines is easy as pie. I've had some struggles with my XP boxes (haven't finished reading the proper way to do it yet).
  • The Enterprise Console can be a little slow at times when doing intensive tasks (like loading all of the threats in the database as a list, or sorting them).
  • A LOT of good reports come standard in the box.
  • Run the "Console" on a computer with a lot of RAM. When making changes to policies, etc. you can eat a huge amount of RAM. I ate 500+MB when doing some large list/policy settings.
  • Licensing is not complicated. I was very happy that it was straight-forward, and easy to understand

More updates to come! Up next is Sophos Endpoint Security.

Tuesday, August 26, 2008

Windows Vista Testing: Update 1

Welcome to part one of my Windows Vista testing experiment!

I'm going to try and put this in a series of Pro's/Con's, with a summary write-up at the end.

Pro's:

  • It sure is pretty. My machine uses Aero Glass, and it's a breeze to look at. I'm not sure yet if it makes life "easier" or "better"
  • Font rendering is greatly improved. Looking at XP (even on the same exact hardware), it's not as smooth. This reminds me of the good font rendering Apple has had for a while.
  • I was able to "push" my AV client to the Vista install without a hitch.
  • Vista is capable of using more RAM than XP 32-bit.
  • Vista x64 is more stable than XP x64.
  • Sidebar gadget's have immense potential for making my job easier (think management).

Con's:

  • User Account Control can be very annoying. Especially when getting everything installed.
  • You can't right-click on a folder and "Search" anymore.
  • Searching for "*.mp3" takes a LOT longer than searching for "mp3".
  • Setting up Search Indexing is not easy. I keep on using the "Click to turn on the index..." link, but then it keeps telling me it's not on.
  • Vista x64 uses more RAM than XP x64.
  • Vista's Task Manager doesn't give you the "usual" picture on Memory usage:
    • While using VMWare Workstation 6.5 today I noticed that my Sidebar was telling me I had used 89% of my 8GB of RAM. This seemed odd, because I looked in task manager and found that the largest process, explorer.exe, was using "186,104K". I only had a total of 80 processes, with 3 consuming >100,000K.
    • Upon further investigation, I found that the default "Mem Usage" column from Win2k/XP has now been replaced with "Memory (Private Working Set)".
    • To really see how much memory your processes are using, add the "Memory-Working Set" column.

Monday, August 25, 2008

Windows Vista: Testing Begins

Yesterday/Today I installed Windows Vista Enterprise x64 on my new workstation as my 2nd boot OS (I also have XP x64). Look for upcoming posts about how this experience goes for me. I'll be trying to implement the following best practices:

- As much as possible, try to experience Windows Vista like a regular user on the network would. aka "Eat your own Dog food"

- Follow Microsoft's "assumed best/default way" as much as possible.

Here are a couple questions for you:

What performance "metrics" suggestions do you have?

Am I missing any obvious "Best Practices" that you would implement with your users?

Wednesday, August 13, 2008

ACS Backup Service

 

For the past month I've been having issues with our ACS Backup Service. What this does is make a backup of the ACS Database to a network location. This is a crucial step in our DR process, because files in the backup location are replicated (tape, Disk, offsite).

The problem seems to be that the Backup Service doesn't want to run properly, and hangs in some way or form. I've worked with ACS, and at this point we're waiting for validation of ACS 10.0 (which we're hoping fixes the issue). In the meantime they suggested using the old, non-service backup program. This works, but also requires the user to be logged in. Being a server that I rarely touch, this server sometimes reboots for Windows Updates, etc. This creates an issue for us (seeing how you have to be logged in for the old backup tool to run).

So, I came up with the following script to restart the service. You can setup a scheduled task to perform this action at times you designate. This is a very basic script, and could be used to restart any service you're needing to restart at certain points in time:

net stop "ACS Service"
net start "ACS Service"
end

I'll definitely be finding other uses for this using Scheduled Tasks. Are there ways that you accomplish this more elegantly?

Tuesday, August 12, 2008

Test: Dew Revolution

Beware, this isn't IT-related info! So, if you're looking for a tech fix, this isn't it.

Today during lunch I tried Mountain Dew Revolution, which is described as "Dew infused with Wild Berry fruit flavor and Ginseng". My Dad had a couple of cans of it, and handed them off to me (he doesn't "do" the dew).

Experience:
I had Dew Revolution while eating my Sinai Kosher Hot Dog and Buffalo Wings potato chips. It was a good combination. Dew Revolution seems to be similar to traditional Dew, but then again, without some of the Citrus "kick" I associate with Dew. It was almost "Sprite with Mount Dew".
Then I ended lunch. At this point I had some Dew Revolution left, and kept working on it. Then I had a revelation: I didn't like the taste. The Dew Revolution was definitely not like Sprite, Classic Dew, or the 2 mixed together. I didn't finish it.

Verdict: Good with lunch, but not as a stand-alone.

Will I buy Dew Revolution? Probably not. If it was a stand-alone drinkable product, I might substitute it here or there instead of the original. But it's not. It definitely "feels" like it has more caffeine/kick, but it's pretty slight. If I want that caffeinated kick, I'll have a Mocha, regular Dew, or Dr. Pepper.

Friday, August 8, 2008

AV software choices

I'm starting the process of looking for a (possibly) new AV/malware protection vendor. We're currently using Symantec Corporate Edition, and the time has come for another round of licensing, etc.

Here's a short list of what I'm checking out in the next 2 weeks (hopefully I'll decide before August is over):

- Symantec Endpoint Security (apparently this replaces Symantec Corporate Edition)
- Eset NOD32
- Sophos Endpoint Security
- Sunbelt VIPRE Enterprise
- Avira Network Bundle

What other products should I be checking out?

Tuesday, July 29, 2008

VMWare ESXi resources

Well, the blogosphere is definitely talking about the fact that VMware released ESXi for free as of July 28th.

I've started putting together some resources for when I decide to try upgrading from my current free VMware Server to ESXi installable. Here's some starting points:

Good "help" site on ESX 3.5/ESXi 3.5
ESXi drivers, etc. on whitebox hardware
VMware ESXi website

Does anyone have any other good links for VMware support (hardware for ESXi, etc.)?

Tuesday, July 22, 2008

New Workspace

Well, because of some staffing changes, my office was recently rearranged. During the "move", I gained some desk space. At the same time, I also setup a new computer. The fast workstation I now have under my desk will be used for a Virtual "Test Lab", server staging, and (eventually) a network monitoring station. Here's some pics of the new layout:

Desktop_1

Desktop_2

Here's the hardware I'm working with:
1. IBM Thinkpad T43: Centrino 1.86GHz, 2GB RAM, 2x HDD (160GB total), removable DVD burner.
2. Custom Built computer (outside of pic): Core2 Quad Q9450, 8GB RAM, 300GB 10k boot disk, 1.3TB of usable disk space (1TB RAID-5 and 300GB RAID-0 array), Dual Nvidia 8600GT, Logitech Z4 speakers and a DVD burner.
3. Displays: 2x Benq G2400WD on an Ergotron Monitor arm, 1x Acer AL2216WBD attached to an Ergotron Laptop/Monitor combo mount.

The 2 Benq LCD's and the Acer are currently all hooked up to the Quad-core rig, and I'm using the Thinkpad stand-alone (although I sometimes use the Acer with it).

Software I work with everyday:
ACS People Suite
Microsoft Office 2007
Mozilla Firefox 3
Mozilla Thunderbird
Putty
UltraVNC
VMWare Workstation 6.0
Winamp

I'm thankful that I've got such a great setup of tools to use every day.

Wednesday, July 9, 2008

Data Execution Prevention and svchost error (fixed)

Today, while trying to complete a user's Windows re-installation, I ran into an interesting issue giving me Data Execution Prevention (DEP) and svchost errors. Here's how it went down:

1. Clean Windows XP install (including SP2)
2. Installed XP SP3
3. Installed our "standard" setup (Office 2k, Publisher 2k2, ACS, Foxit Reader, CD/DVD burner, Windows Defender)
4. Installed the user's "needed" auxilary apps: iTunes, Quicktime, Audacity, Lame MP3 encoder.
5. Installed "useful" apps (trying to help the user out, since this computer has been a nightmare): .NET framework 3.5, CDBurnerXP, Paint.NET

Up until step 5, the computer was working exactly as planned, and had zero stability problems. Now, after installing .NET 3.5, CDBurnerXP, and Paint.net, things went haywire upon reboot. Suddenly I'm getting DEP errors, svchost errors, and things just aren't right (hard locks, no GUI, etc.). The exact errors were Event ID "1001" and Source "Application Error". Searching eventid.net and some other places yielded few, if any, results that were useful to me.

So, how (I) managed to fix this issue:

1. Uninstall Paint.net, CDBurnerXP, and then uninstall .NET 3.5 (notice the order there). This puts me at a "stable" config again.
2. Install .NET 3.5. REBOOT (this will cause any DEP and svchost errors to reappear upon boot-up).
3. If there are no issue, go ahead and install apps again, one at a time, rebooting after every installation.
4. I was able to install paint.net (the latest version) with no issues. My old version, 3.22, (that I originally was using) had issues with .NET 3.5.

If an app gives you an issue, find a new version (or don't install it). For me, it looks like Paint.net is the issue.

The crazy thing about this is that I have a lot of other copies of paint.net installed (with no problems). The problem here seems to be related to paint.net (which I had an old version of) and .NET 3.5.

Have you had similar issues with other .NET enabled software?

Wednesday, June 4, 2008

Google Apps Scripting

 

We've been a happy Google Apps customer now for about 3 months. The experience has been positive in every way that I've seen so far.

In my free moments, I often look at our growth over the next years, and in the process I'm re-evaluating the way we do all kinds of things: email, phones, internal communication, security, usernames, etc. This brings up a good point in the case of Google Apps:

  • How do I handle the "scripting" and other abilities that you get with a piece of software like Microsoft Exchange? Does Google Apps have the ability to use a language for automation of certain tasks (ala using scripts to do Active Directory tasks). I know that you can use scripts to help automate the tasks associated with creating new users, etc.
  • Google Apps has their API for a Single Sign On implementation. We haven't implemented this yet, but what limitations are there to this model? I would love to implement SSO across our "enterprise" (of about 85 computers ;) However, I'm currently facing all kinds of hurdles here: Database username restrictions, old habits, standards creation...
  • How do you handle and maintain changes across your complete domain with a web-app like Google Apps? Does anyone using a SaaS product like FellowshipOne have any experiences with multi-user changes (without having to go through each one at a time)?

How do you approach the "unification" issues in your organization? Does management at the higher levels make a decision? Does it kind of grow over time, unofficially? What approach do you take to admin issues when looking at SaaS type products?

Friday, May 16, 2008

iPrism experiences

We're using a St. Bernard iPrism for our filtering here, and it's been a stellar product to work with. Here's a taste of what we've seen when using it:

- An improvement in the amount of perceived "wasted time"
- A great job in filtering out the bad content (porn, etc.)
- An excellent job in reducing the amount of malware-related materials. As an example, we don't have an enterprise anti-malware/spyware solution. The iPrism blocks malicious sites, and that takes care of almost all instances
- A reduction in the amount of viruses our virus-scanners have to address

These are all great examples of why the iPrism has been a big win for us. However, I've recently had 2 issues:
- There is no "social-networking" type of monitor. It's currently all or nothing. Other competitors are now coming out with these features, and it appears to be a hole in iPrism's lineup. I need an elegant way to handle social networks.
- IP spoofing: I've recently (over the last 3 days) had a LOT of issues with blogger.com It appears that Google (who owns blogger) distributes their servers, and this has caused a lot of issues with IP Spoofs. I'm talking to them now about blogger.com It seems that any time I need to write a blog post (or anyone else here), the "Sign in" bar, etc. is blocked. The "blogger.ch" domain is marked as pornography/nudity, and at the same time, if I add an IP-Hostmap entry, it works just fine.

Would I buy the iPrism again? most likely
Would I renew our support/updates contract again? definitely

So, are there any other iPrism users out there who can enlighten me?

Thursday, May 15, 2008

Security Hardening? Windows, Linux?

Here at Calvary I run a few different OS'es for my services: Windows Server 2003 (not R2 yet), Ubuntu Server Edition LTSP, Windows Server 2003 Storage Edition, and pfSense (via FreeBSD).

I read this article over on ars technica about SSH attacks rising (for the short-term it seems). I also read a good portion of the discussion that followed in the forums. The following comment got me pretty good.

Posted by "Muerr":
SANS suggests using the CIS Benchmarks (http://www.cisecurity.org/) as a starting point for hardening your systems according to the Defense In Depth principles taught in SANS courses.

Part of the security implementation should include disabling remote root login from ALL services, not just SSH. In fact, all unnecessary services should be stopped and disabled completely. If you must login as root remotely through SSH, use the option "PermitRootLogin without-password" which will enable SSH key authentication only. TCPwrappers are also desirable, as part of a 'default deny' security stance, and only allowing specific IPs or networks to connect to the sshd daemon.

Security through obscurity is only "good" against casual attacks. A dedicated attacker will find your SSH daemon running on port 10783 or whereever, because they're going to do a full port scan first.

I encourage everyone to read the CIS Benchmarks to get started on securing their Linux and Unix systems. That goes for MacOSX - if they don't have a benchmark, check out one of the BSD documents, since Mac OSX kernel, Darwin, is based on BSD.

Also, SANS provides a number of papers on security in their reading room, and of course, their training courses are probably the best in the industry. http://www.sans.org/

How hardened are my systems? How hardened are most Churches IT assets? Do we pay much, if any attention to "hardening" a system after setup/installation? Should we?

I know that we pretty much block anything from coming into our network at the firewall level (security through deny all).

What do you do, if anything to "harden" your systems?

Wednesday, March 26, 2008

WD and RAID????

So I was recently looking to put together a NAS box as part of a possible D2D2T implementation. My plan went the following way:

Get a case with a lot of drive bays
Purchase a cheap (but reliable) Mobo/Proc/RAM system (with lots of PCIe ports)
Install FreeNAS on a CF card
Purchase a RAID card (say this one) and hook up a bunch of drives

So when I was looking into this, I started looking at options like staggered spin-up and other reliability features, and e-mailed Highpoint to make sure the drives would play nice.

Here's what I got back:
"WD drives no longer support Staggered Drive Spinup.
In fact, some of their disks are reported to have serious problems with this option - if enabled, the disks will no longer be detected by non-RAID controllers.
Unfortunately, the disks do not actually support the setting, so it cannot be disabled.
This issue is not unique to our products.

NCQ should still function normally, but we would recommend contacting WD for more information."

To me, this is a little disturbing. WD drives don't supported Staggered Spinup, and there's no way to run in a "protected" mode?

For now this is a non-issue for me, as we've learned that we're not going to need the D2D2T strategy for the time being. If we re-visit this, we may need to look into how this shakes down.

SheldonS mentioned today in #citrt that he thought there was a firmware update that fixes this, but I would think that the Highpoint people would know about it.

Have you had any experiences with staggered spinup and Western Digital (or other drives)?

Monday, March 24, 2008

Cabling Clean-up: Phase 1

So in my previous post I mentioned adding some NeatPatch units to clean up the cabling. Well, today I got started. Here's the beginning of Phase 1, where I get a couple NeatPatches installed, and start trying to get the slack tightened up (and also allowing the patch points to move around).

Thursday, March 20, 2008

Network Messiness

I've been working here at Calvary for going on 2 years now. In all that time, we've had a pretty simple network: 1 Rack that is our IDF, server rack, everything. It's worked very well, and has been simple to manage.

Just one problem: we're growing!

As part of our growth, along with the addition of a 2nd rack (in another part of the building), we're getting things tidied up. So, first up is our current main rack (which is essentially full). Here are some before pics that I will let you gawk at before I get it all cleaned:




















That's the front














That's the side/entry point for most of the cables through the drop ceiling.

To help combat this, I picked up a few NeatPatch units from Jason Powell.

More pics to come as I get started!

Monday, March 10, 2008

MozyPro: Update

So in case you haven't noticed lately, Mozy is increasing it's cost for storage.

I went to do some investigating (to see how this works for us), and finally got a clear answer:

Current customers will experience the change like this:

- On the switchover (the 11th of March), Mozy will introduce their "new" admin interface, which will allow you to consolidate (and I'm assuming) simplify your management.

- The "new" interface will have 2 modes for backup: Desktop and "Enterprise-y". I say Enterprise-y (is that a word??), because it appears they have 2 levels of Enterprise, "MozyPro" and "MozyEnterprise". Enterprise gets you guaranteed response windows, and a couple other features, whereas current MozyPro customers are getting the same as their used to with MozyPro.

- With the new interface, you can purchase desktop licenses and storage at their current rates ($3.95/license, $0.50/GB)

- With the new interface, there will be a "Grandfathered" section. This is where you buy storage for "Grandfathered" licenses at "Grandfathered" rates.

- If you have a license for the "MozyPro" type with the new interface/pricing structure, you can buy as much storage as you like for only $0.50/GB. Note that this only applies to storage for "Grandfathered" licenses.

- If you need more licenses or storage after March 11th (tomorrow!), then you will pay the new rates ($6.95/license/mo., + $1.75/GB/mo.).

SO, the moral of the story is, BUY MORE LICENSES NOW, and then add whatever storage you need as you need it.

I personally love this model. I think this is a home-run for Mozy also, because they get to keep their current customers, strengthen their current customers loyalty, and also do what they're trying to do: make money. Of course, I would rather them keep the prices the same, but that does not appear to be possible.

Friday, March 7, 2008

Vista x64 Volume: More egg on Microsoft's face

So I'm trying to install Windows Vista Business English x64 (64-bit), and realizing further why IT departments are frustrated at Microsoft: the product line is incomplete!

Being a Microsoft Volume Licensing customer, they make install images for most of their products available. This is part of a recent change they made, where you can download the needed installer, instead of having to pay for and get a media kit shipped. I've loved this recently, because it's a huge time-saver, and saves us money (media kit's are between $15-$30).

HOWEVER, it appears that Microsoft does not want to make this easy for Volume license customers. You can log-in to your eopen/MLVS account, and download 32-bit media for pretty much any version of Vista, but 64-bit is nowhere to be seen! This seemed a little odd to me, so I made a couple phone calls. First up was our reseller, SHI. My rep there, Brian Spence, mentioned that the only media kits available are done online through the eopen site. However, if you go and try to find the media kits for 64-bit, they're "invisible";) So, next I called Microsoft eOpen support. They at first were utterly confused what I was talking about, and then they tried it for themselves. Needless to say, they couldn't get it downloaded either, so they then told me that I must order the media over the phone (since that was the only way it was available). When I asked why it wasn't available for download, and when it would be available, they had no answer or timetable.

This all underscores one thing: lack of a consistent experience. As an administrator (and user), when you tell me that you're going to make it easier, and you're trying to promote your flagship OS, wouldn't you want to provide a positive experience? Apparently not. I really had to pry to find out why the 64-bit version wasn't available, and I also had to then spend more money! No one had an answer for my on why it was this way, no one apologized, and no one offered me a free media kit.

So, this makes me wonder: does Microsoft really care about their new flagship OS, and getting customers to care, or are they just trying to ruin their reputation?

Saturday, February 16, 2008

VLAN's, what to do?

So as part of some new additions to the network, we're now in need of some VLAN's.

The problem is, this now means that we have some work ahead, and also have a bit of a conundrum. We have one switch (HP 2224) that does not support VLAN tagging, but will pass VLAN's on. We also have a couple points in the building where we've had to deploy small, cheap switches (because ports don't work anymore, or we suddenly need more network drops where it's hard to run more cable).

Here's the VLAN planning that I came up with (this is the ideal, candy-coated world):

1 - Default
5 - Management
10 - Servers
19 - Printers (is there a reason to not put the printers on my "Main Office", #21, VLAN?)
20 - VOIP
21 - Main Office
22 - Finance
23 - Information Kiosks (semi-public computers, domain-limited internet terminals)
24 - Video Equipment (editors, etc.)
25 - ACS Check-in
26 - Private WiFi
26 - Worship Arts Department (they have some special needs besides standard office computers)
30 - Site-to-Site VPN
100 - Public WiFi

So, any suggestions, things I should watch out for, change, etc.?

Friday, February 15, 2008

New Switch!

Well, it looks like I'm gonna average 1 post/month for the beginning of 2008. That's not good! Hopefully I'll have some more this month (I have plenty to blog about).

We got a new switch in today, an HP ProCurve 2900-24G (way to go eBay!). Here's some pics:















That's a great pic with my Treo650's camera. The 4 ports on the right are optional SFP slots.
The switch is the item in the foreground (not the HD-cam in the back!).

Here's one showing off the back ports (10Gig-E for stacking!!!):














This is part of a "kiosk" project I'm working on. More details later (after I make more progress in pulling cables!).

Tuesday, January 15, 2008

Fixing the "GoesByName" in ACS

We recently have been focused on getting Ministries' extraneous databases moved into ACS (our Church Database software, or ChMS).

While helping Friend 2 Friend get their reports made, we found that we needed the extra flexibility of the Report Designer (rather than the built-in reports). However this presented us with an issue: How do you make the report smart enough to show the "GoesByName" if it exists, but otherwise show the "FirstName"?

A quick call to ACS support, and I came back with this little tidbit of code:

if People['GoesByName']='' then
value := People['FirstName'] else
value := People['GoesByName'];

This works great (since our text box only shows the first name), and is very easy to setup.

Here is how you make it work:

1. Create a variable box. This is the little button on your toolbar that looks like a calculator.
2. Right-click on that new box that is now in your report. You'll see a sub-menu called "Calculations...".
3. In the calculations window that pops up (on the left-most column), put the above code-snippet into the text box (it is case-sensitive).
4. Click ok, and then preview your report (to make sure it worked).

Notice that you can use the "Code Toolbox: Data" section (upper right) to choose options for your "Fields" view (below the Code Toolbox). This allows you to drag and drop variables into your code.
The drag and drop functionality is nice from a non-programmer perspective. It makes it very easy for your average users to use this functionality. All you have to do is teach them how to use an "If ... then ... else" statement ;)

Don't forget to use the Pascal { and } commands to comment-out portions of your code. I put a description of what I was doing at the top.

Pretty nifty, heh?

Thursday, January 3, 2008

Help: Broken keyboard key!

Well, it happened. My incredible IBM keyboard has had an injury.

While installing a RAM upgrade in my T43 (2687), one of my most-used keys, the "\" key came off (this is the second time it has happened).















Unfortunately, this time it won't go back on.
The little white fastener/lever-thingy has broken, and no longer has some of the supporting hinges.











So, it looks like I'll be headed to ebay to pick up an extra key, or ponying up for an entire new keyboard.

Anyone have experience with any shops that sell keys/keyboards?

I'm back!

Well, it's been a crazy couple months since my last blog post. Here's a list of what's happened:

- Purchased, installed, & trained the staff on a new phone system.
- Took a 1-wk. vacation in Kissimmee, FL. Picked a great time to go, as it was less than 40 degrees in STL, and greater than 70 degrees in FL.
- Made it through CTS, Christmas Eve, and the whole season in general. It's joyful, but very draining with a new baby and lots of family visiting!