June 18th, 2009
You can now tether your computer to the iPhone. The iPhone tethering option is available here (amongst other locations). Once downloaded, run a quick defaults command (I know, I sure do use a lot of defaults commands on this site), writing a boolean value into the com.apple.iTunes domain for carrier-testing:
defaults write com.apple.iTunes carrier-testing -bool true
Once you’ve done that go into restore mode in iTunes (option-click the Restore button) and choose the ipcc file you just downloaded.
Alternatively you can just click on this link from your iPhone to run through a quick generator to enable tethering. Doing so will generate a property list file with a .mobileconfig extension, similar to what you create in the iPhone Configuration Utility (if you’re like me you’ll want to see what this thing is doing before you cut it loose). Because the file is compatible with the iPhone Configuration Utility, you can actually download it onto your computer and double-click on it to add it into the iPhone Configuration Utility library and see which keys the payload will install. You can also open with your favorite plist-friendly editor and view the keys directly.
Tags: enable iPhone Tethering, HOW-TO, Howto, tether iPhone
Posted in iPhone | Comments Off
June 8th, 2009
You can read the press release at Apple. Highlights include:
- Half the cost: $499 for Unlimited Clients
- NetRestore is now bundled with Mac OS X Server
- Wiki2 includes iPhone and QuickLook-type image display
- Address Book Server now included
- iCal Server works with iPhone
- Push Email Support
- New iPhone Configuration Utility
- Supa-fast (OK, that last part is not official)
Tags: Mac OS X Server
Posted in Mac OS X Server | Comments Off
May 15th, 2009
Google Apps has taken another step towards the capacity for enterprise integration. Google Apps Connector for BlackBerry Enterprise Server will be available in July. Google was fairly quick to release a product that allowed for interaction with the iPhone and has recently added an ActiveSync option to connect to their mail services, allowing for the synchronization of contacts, mail and calendars to devices running Windows Mobile and the iPhone. This additional step simply completes offering up Google Apps to the major smartphones on the market. And with recent directory services integration offerings, Google Apps seems more than ever like a viable option in the enterprise space.
As partners of Research in Motion, Microsoft and Apple, 318 would be happy to work with you to formulate a unified strategy for managing, application development and application delivery for your mobile enterprise - no matter the platform.
Tags: activesync, blackberry, google apps, rim, smartphone
Posted in Mac OS X, Mass Deployments, Network Architecture, Web Development | Comments Off
May 15th, 2009
Thanks to one Ed Marczak we had a fix for a SonicWALL issue that was bugging us from awhile back. With SonicOS Enhanced and Content Filtering Service, Safari experiences errors trying to load pages that require a login, such as store.apple.com and www.amazon.com. This even occurs when CFS is not enabled on your Sonicwall.
To fix this, you need to uncheck the “Enforce Host Tag Search with for CFS” feature on the SonicWALL. In order to uncheck “Enforce Host Tag Search with for CFS”, you have to login to sonicwall console and then go to diag page, which is accessible by logging into the sonicwall and replacing the webpage name with diag.html.
For example, if you log into http://192.168.1.1/main.html you have to replace main with diag; that is: http://192.168.1.1/diag.html
This page will bring the internal settings page of the SonicWALL, and from here you can uncheck “Enforce Host Tag Search with for CFS”.
Tags: safari, Sonicwall enhanced
Posted in Mac OS X, Security | Comments Off
May 13th, 2009
If you’re wondering what was included in the 10.5.7 update, the itemized list has been compiled here.
Posted in General Technology | Comments Off
May 13th, 2009
Deploying the iPhone into the enterprise has a number of pain points. Two that we continue to hear are a lack of full disk encryption and developing software. For environment who cannot obtain enterprise developer accounts, we also continue to work through problems with regard to application provisioning. Many companies are also getting tired of trying to deploy applications to too many operating systems. One answer we’ve taken for some of this is to introduce web-based applications with small wrappers around them that are specific to each application/device. But Citrix has stepped up and released Citrix Receiver for iPhone and Dazzle.
Within the Citrix product line you will now be able to provision a thin client-based application and achieve the agility that business units want without the commitment to a specific platform. This means that if your users want Windows Mobile or an iPhone you can publish an application, tailored to their screens and with Dazzle, you can give them the option to choose which applications they want to access, making application provisioning easier for many environments. Because a thin client leaves all of its data on the server, the lack of full disk encryption becomes less of an issue with the iPhone as you can choose to sandbox your business critical data into thin client environments. And finally, you can go to market with solutions that can enhance your business faster in many cases, by leveraging existing efforts and resources.
Overall, we’re happy to add Citrix Receiver in our own portfolio of product offerings. We can now go into any development opportunity with even more options: begin a new application (fat client), deploy a mobile-specific web-based application or bring a thin client solution to the table. From an application lifecycle, being able to look at the iPhone in a similar fashion to how we look at Microsoft Windows and Mac OS X is key to maximizing the capacity an organization towards their the business potential.
Tags: citrix, iPhone
Posted in Mac OS X, Network Architecture, Web Development | Comments Off
May 12th, 2009
Retrospect 8.0.733 is now out and available for download. If you are using version 8 and experiencing problems then you should run it as it fixes a number of bugs. Bugs fixed in the Retrospect 8.0.733 release:
18925: Keep backup sets and scripts associated when catalog rebuild is necessary
20075: General UI Feedback: Okay/Apply
20131: Able to enter text in fields that should only accept numbers
20146: Log Limit doesn’t verify for valid value range
20156: Prefs >Media > media request timeout should check for valid values
20229: Scripts Icon backwards in details view when no script is selected
20258: Copy assistant should not allow you to select same volume for source and destination
20276: “More Backups…” is disabled in Restore Assistant
20332: Restore Assistant: script starts when you select ‘Save’
20343: Error backing up Win XP client - error -3043 (the maximum number of Snapshots has been reached)
20373: Sources icons display as usb removable drives
20437: Past Backup lists wrong date
20475: Disclosure triangles in volumes and scripts
20504: Remove all local volumes: Need to restart Engine to repopulate
20528: Servers displaying in the Sources list
20538: Improve column sizes and layout
20555: Verify Script: Options lists backup sets
20585: “Pause Server” should change to “Unpause” or “Resume”
20598: File Media Sets: remove option to change ‘Fast Catalog Rebuild’
20604: Volume Type not correct
20634: Script Schedule > refresh > auto deletes schedules
20640: Creating a new schedule item does not select the new item
20719: Console: DAG memory leaks
20729: Possible Small Memory leak in Engine when [Backupset EditWithPassword]
20735: New Backup Script: using Tag from previous script
20849: Creating a New Media Set does not accept some characters
20896: “Please update your server” dialog should be more informative
20919: Media Sets: Tape not display Used/Free/Capacity
20945: ScriptProperties::TransferMode seems to have incorrect values
20953: Need to be able to defer scheduled activities
20971: Use Small Icons setting lost after closing UI
21015: Sources: Clients duplicate in the Multicast list
21039: License Manager UI Issues
21087: Starting activity negates activity scope buttons
21124: Desktop: no license challenge when adding a 3rd client
21174: Smart Tag UI problem
21302: Disk Media Sets: when only one member - remove should be disabled
21382: Dev: ArcDiskInfo/ArcDiskFileInfo’s persistent logic is wrong, blocking ppc feature
21463: Need a way to change console’s server password on existing server
21487: Sessions and Snapshots get into state with different volume names
21510: Search for files restore not working across multiple Media Sets
21544: Launch engine at startup authentication broken
21552: Sources: Erase a local drive the disk used / total not updated
21562: Restore Files: Assistant - Search for files in selected Media sets
21590: Need to store extdFlags EXTD_HASACL and EXTD_HASMETA in trees
21603: File Media Set: during backup .rbf.rfc file displays as unix executable
21618: Unable to successfully restore IIS on W2K3 Server
21625: Rules not updating correctly
21628: Unable to add multiple device members
21644: Cannot change member location in Edit Member, throws error
21663: Bad value for Compression field in Activities
21712: Assert during first backup
21737: Crash with DLT1 drive
21740: Media creation time is wrong
21746: Crash trying to add NAS device
21752: Crash copying library directory
21755: module.cpp-825 assert
21764: Console crash while backing up NAS (tag-related)
21775: wrong password adding clients
21782: Restore Assistant: Assert at module.cpp-845
21783: Sources: Local Volumes displaying multiple times
21785: Restore Assistant: When Clients volumes selected unable to ‘Continue’
21791: U Mich. assert
21797: Klingon server assert during client backup
21800: RefBackupset::Search needs Progress object
21803: Error -703 unknown when trying to access a Media Set
21804: Firewire Lacie D2 AIT not responding
21812: Engine crash with invalid object
21813: Incorrect free disk space displayed
21815: Can’t stop engine on 10.4.11
21822: Search for files - manual selection is ignored
21824: Wrong Client Errors being displayed
21825: Client Test button missing
21826: Client connection strangeness
21830: Rules UI different in different parts of yeti
21837: Source’s ‘Last Backup Date’ field doesn’t roll up
21838: assert while trying to rebuild a disk media set
21846: Improve how compression data is displayed
21849: Editing script with many sources not easy
21852: Crash proactive backup to tape library
21856: Console crash with 8.0.608 (tag-related)
21858: Restore Assistant: Selected Media selector set jumps to top of list
21863: Restore Assistant: Restore files from which backup - no date displaying
21864: Restore Assistant: Preview for multiple media sets - only displaying files from first
21866: Assert during local restore: restore drive out of space
21868: better errors needed when license is required
21876: Assert: tree.cpp-3095
21877: Smart Tags not working with Clients set to Startup volume
21878: Assert: module.cpp-825 and others when adding clients
21879: Can’t erase 6.1 VXA-320 media
21881: Hang with 2 proactive backups running
21901: Selecting tape in slot during add member tries to add tape in drive first
21902: Grow the UI elements for all non-English language XIBs
21908: Can’t create a Size rule with more then 3 numbers
21911: Restore Assistant: Not restoring correct files (search restore restores too many files)
21915: Rule: Rules using ‘is not’ switches back to ‘is’
21916: Rules: unable to use Rule ‘Volume drive letter is’
21917: Rules: Files system is Mac OS switches to Windows
21922: Rules: unable to use ‘Date accessed’ rule
21924: Add Media Set: changes to catalog path in text field are ignored
21925: Add Media Set: Browse window should be a sheet
21926: Client browse cause engine crash: module.cpp-845
21934: Assert module.cpp-825 adding tape members
21939: Assert: tmemory.cpp-275 and Crash Reporter logs
21945: Restore Assistant: Unable to use ‘Search Media Set’
21960: VXA-320 FireWire loader issues including assert at intldrdev.cpp-4483
21961: Sources: Last Backup Date - local dmg files
21969: Find Files doesn’t always find the right media sets
21973: Sources: cannot remove local favorite folders
22002: Restore Assistant: issue with preview
22005: Restore: crash when accessing backup with a yellow icon
22006: Restore Assistant: FindFiles with mutiple found sets but not all checked doesn’t run
22013: Copy Backup: MD5 check some error
22024: Unable to change rules condition
22046: Script > Schedule > Text cutoff “F” for friday
22056: Restore Assistant: Restore files - Where do you want to restore: allows multiple selections
Posted in Mac OS X | Comments Off
May 5th, 2009
As with XP and Vista, Windows 7 doesn’t have the uber-useful (to us at least) Move To and Copy To options in the contextual menu’s by default. To create a Copy To menu item, go to the HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers location in the registry and create a new Default key with a name of Copy To and a value of {C2FBB630-2971-11D1-A18C-00C04FD75D13}. To create a Move To menu item, go to HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers (the same location) and add a new Default key with a name of Move To and a value of {C2FBB631-2971-11D1-A18C-00C04FD75D13}. Now you should have the menu items. Notice that the keys are only different in the 30 at the end of the first string of hex numbers…
Tags: contextmenuhandlers, contextual menu items, Windows
Posted in Windows | Comments Off
May 1st, 2009
The Xsan and Final Cut Server monitors have been announced at Xsanity and are now available for download. These will monitor processor and memory utilization of the Xsan and Final Cut Server processes respectively. SSH tunneling will hopefully be added soon so that you can run them remotely but that’s closer to a 1.x release rather than the .x release that is available.
Tags: final cut server, Xsan, Xsanity
Posted in Xsan | Comments Off
April 30th, 2009
Bob Metcalfe should be proud. from 3 whole megabits at inception in 1973, ethernet has gone to 10 megabits then 100 and to the desktop is currently sitting at predominantly gigabit speeds. But in the data center, a push towards 10 gigabit ethernet deployments has been going on since 2002. One of our favorite products is the Cisco Catalyst 4948, which has two 10 gigabit ports and 48 gigabit ports, allowing for a couple of servers at 10 gigabit or stacking as a core switch in a medium sized organization.
Of course, as an industry addicted to speed, 10 gigabit ethernet simply isn’t going to be enough; 40 gigabit and 100 gigabit ethernet products are already being announced, although primarily in stacking switching fabrics together. While the standard for 40 gigabit network has not exactly been ratified, we’ve been seeing a number of products coming out onto the market and standardization by the IEEE is expected in 2010 for 40 and possibly 100 gigabit networking.
The barrier from 100 and is expected to take a little less time than the 7 to 8 year window between when 10 gigabit was released and an expected 40/100 gigabit ethernet. Terabit networking is expected by 2015, which means that those 10, 40 and 100 gigabit interfaces will not be outdated all that quickly, providing a nice return on the investment.
Overall, 10 gigabit and up can be fairly costly (although with a 40 gigabit release, expect 10 gigabit products to come down in price a bit). However, it can increase the performance of a network environment exponentially when used in the proper locations and with a comprehensive strategy in place. 318 has experience with 10+ gigabit networking and can help in devising such a strategy. Feel free to contact us and we will be happy to review options and potential uses for your organization.
Tags: 10 gigabit ethernet, 100 gigabit ethernet, 40 gigabit ethernet, terabit ethernet
Posted in Network Architecture | Comments Off
April 24th, 2009
Firefox has a number of preferences. Not all are available in the GUI. To access these preferences, you can simply open Firefox and type the following in the address bar:
about: config
This will allow you to customize preferences, whether or not they’re otherwise known, line by line. These can then be copied between users, by inserting lines into the preferences file.
Like with most applications on Mac OS X, the preferences for Firefox can be deployed en masse. It is a bit more complicated than deploying preferences for some other applications. The reason for this is that the path to the preference file isn’t the same for all users. The file is located in the ~/Library/Application Support/Firefox/Profiles directory. It is an 8 character string followed by .default. For example, lzwntwo9.default. In this folder is a file called prefs.js, which contains all of the preferences for Firefox. For example, the following line will disable the check for whether you wish Firefox to be the default web browser for a user:
user_pref(”browser.shell.checkDefaultBrowser”, false);
Once you know what preferences you’d like to push out there are two options to do so (there might be more, but these are the two we’ve used):
- The first is to edit items in the Firefox.app bundle. Most of these can be edited using the /Applications/Firefox.app/Contents/MacOS/defaults/profile/prefs.js file, although the home page will be set using the /Applications/Firefox.app/Contents/MacOS/browserconfig.properties file. One note is that when you go to customize the prefs.js file it will give you a fairly nasty warning, but then it will push changes out to new accounts; however, don’t make any changes while the application is open. Additionally, this method requires deleting the existing preferences, so if you simply want to push out updates you’ll need to resort to the second method.
- For the second method, we look at a script that finds the name of the directory located in ~/Library/Application Support/Firefox/Profiles for the user (or all users for computer-based policies) of the system. We then set that as a variable. For example, using the output of ls ~/Library/Application\ Support/Firefox/Profiles/ as a variable called FFPREFSFOLDER would then be used to alter the contents of the js file using ls ~/Library/Application\ Support/Firefox/Profiles/$FFPREFSFOLDER/prefs.js as the actual path of the file for a user.
Now you can insert (or replace) the line that makes up the specific preference. This isn’t nearly as clean as using defaults to push out Safari preferences. But it does provide a way to push out Firefox preferences, be it as a file drop to replace the preferences in the application bundle or as a line edit to alter settings of an existing users browser.
Tags: Firefox, Mac OS X, Mass Deployment
Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off
April 23rd, 2009
At a VMUG meeting in Minneapolis in December, VMware employees mentioned that Virtual Infrastructure would be getting a new name, vSphere. A few days ago, VMware officially announced vSphere, the successor to the Virtual Infrastructure (VI) product line. VMware is hailing vSphere as the first true cloud-based operating system, hoping to capitalize on the hype that surrounds cloud computing.
VMware has had products available for years that allow administrators to cluster resources and place virtual machines on a virtualized abstraction layer that spans multiple hosts, pooling RAM, CPU and other system resources. When we had heard there was a raging debate about whether a private cloud was possible, we immediately though of all of our successful implementations of the VI product. vSphere is designed from the ground up to sit on low cost and energy efficient computing resources and allow for the flexible deployment of systems onto the cluster. This allows organizations ranging from small businesses to enterprise, from education to government to deploy new data protection and high availability resources, to pool IT assets in a manner not previously available.
The key components of vSphere all not all new. ESX and ESXi are the hypervisor. These sit on the physical machines (aka the Hosts) and build the virtualization layer. Sitting on top of the hypervisors is vCenter Server, which allows for the actual provisioning, monitoring, physical to virtual conversion process and centralized management. The vCenter Update Manager keeps all of the ESX systems updated (as well as some of the VMs themselves to help reduce the surface space of update management). The VMware High Availability piece gives failover between hosts. VMsafe is a another component that provides security APIs; while offerings from 3rd party developers are fairly immature expect this to grow rapidly as the virtualization industry moves into its next stage.
vSphere was built for microprocessers. The Nehalem and its successor, Westmere, are designed with collaboration from VMware; as such, they are built for virtualization. When you are looking to plan for a potential upgrade to vSphere, it’s important to keep in mind that each member of a vSphere cloud is going to run at the speed of the slowest host. Therefore, you will have tiers of VMware virtualized clouds, each with a class of system in it (for larger environments). The Nehalem and Westmere are designed for 8GB of RAM, so you’ll want to make sure to put plenty of memory into the cluster nodes, which have a deminishing return on investment (in terms of memory) around 120GB (so don’t be afraid of going hog wild on the memory front, those VMs need it!).
Overall, our tests of vSphere have shown a considerable performance gain for the guest operating systems running on hosts with newer hardware. Older assets have a lower impact on performance, but still have a slight upgrade. The biggest management features that we’re finding useful are an upgraded vCenter (for converting those physical systems over to virtual hosts), enhancements to Vmotion and automation. With the latest tools it is fairly straight forward to automate nearly every task using vCenter, including the deployment of new virtual machines based on templates, restarting a virtual machine and migrating them using Vmotion.
While the vSphere product may seem overwhelming at first, it begins to bring into focus a contained and mature VMware based infrastructure. There are a lot of new features; but there is bound to be a lot of marketing spin and while I’m sure it can, out of the box vSphere will not do your laundry. In order to help guide you through the planning phases of the next generation of the data center (which is after all, the true target of vSphere 4), 318 is here to provide the experience you need with regards to VMware licensing, architecture and of course support - be it with the guests, the hosts, the storage layer or the virtualization layer itself!
Tags: esx, esxi, virtualization, vmware, vsphere
Posted in Network Architecture | Comments Off
April 22nd, 2009
Exchange 2010 has been announced - and should be available later this year! The first public beta has some of the feature set and shows the direction Microsoft will be taking Exchange. Three things stand out about Exchange 2010: a continued to push into further integrated communications, client management and enterprise clustering. Additionally, Exchange 2010 includes improvements to the database design, which should reduce overall disk I/O by up to 50% and allow the databases to be run on lower tier DAS storage (with a target at SATA, even in larger environments). While a move to reduce errors in the database and make it less I/O dependent is a good start for compelling features, it does not speak to active-active clustering. These new options are more similar to the LCR options introduced in 2007, just with 16 replicas now being available - which allows for a lot of disaster recovery.
Exchange 2010 includes server-side email archival, which will be a big boon to many Mac environments (Entourage still doesn’t have an auto-archive feature). Server-side email archiving also allows enterprise organizations to gain further control over archives and enforce better policy management for mailboxes.
Exchange 2010 allows users to manage many of their own common tasks rather than opening a service request. Exchange will also warn users (and allow administrators to make policies based on these types of events) before they make common mistakes such as sending mail to large distribution groups, to recipients who are out of the office or to recipients outside the organization. Overall, this move towards self-service should reduce overall support costs.
Text based voice mail preview, voice mail rules and further integrated Outlook Web Access (OWA) and Outlook Mobile dominate the theme of Exchange 2010. Users of the Microsoft unified communications environment will be able to see text previews of voice mail using Outlook, delete voice mails out of Outlook without picking up a hand set and even create rules for dealing with certain types of messages (for example if a voice mail is less than 1 second it should probably just be deleted). There are a number of other features, most of which (such as a message indicator light, caller ID and voice control over voice mail) are already present in other modern phone systems - the key word here is other as Microsoft now has what amounts to a phone system built into Exchange.
As always, many of the new features of Exchange will revolve around new features within the Office product line, which will also receive a refresh in 2010. Public folders (not shared folders) will more than likely be moved into SharePoint, which will also see an update in 2010. There will also be a number of upgraded Powershell commands that will further automate the use of Exchange with the upcoming Windows 7 operating system.
Overall, for many environments, Exchange 2010 should represent a lower Total Cost of Ownership (TCO) than previous releases. However, it will need to be strategically planned well in advance, especially if your organization will be skipping Exchange 2007 and upgrading from 2003 into Exchange 2010. If you need help with the strategy and assistance, please feel free to contact 318 and we will do whatever possible to aid in the planning of this transition.
Tags: Exchange 2010 Public Beta
Posted in Windows | Comments Off
April 20th, 2009
Sun was in merger talks with IBM. Talks that had fallen through. Today, the Sun website says “Oracle to Buy Sun.” Oracle is the largest database company in the world and has been tinkering with selling support contracts for Linux and the Oracle suite of database products, that already includes PeopleSoft, Hyperion and Siebel. This merger, valued at $7.4Billion, will give Oracle access to sell hardware bundled solutions, further the Oracle development product offerings and give Oracle one of the best operating systems for running databases on the planet.
Oracle doesn’t just get hardware and Solaris though. This move also solidifies a plan for Oracle customers to integrate Sun storage. Oracle had previously been working with HP in a partnership that never seemed to gain traction. Then there is Java, MySQL, VirtualBox, GlassFish and OpenOffice.org. A number of the Sun contributions will be Open Source projects, but overall it’s possible to see a strategy that can emerge from a new Oracle + Sun organization.
As a Sun partner, 318 can assist its clients through this transition, be it with storage, MySQL, Java, Solaris or Oracle middleware scripting. Overall, this deal makes a lot of sense and 318 is behind doing whatever possible to ease our clients through the transition.
Finally, for those concerned that Oracle might just be buying Sun to kill off MySQL, keep in mind that the Open Source community built MySQL in the first place (or was integral to building it) and it can build another in its place just as easily, this time faster and with less required legacy support. MySQL is not a fluke. PostgreSQL or a newer solution will take its place if MySQL were to fall by the wayside under the Oracle helm. Oracle is not going to make MySQL into a martyr of sorts, and is going to want to capitalize on their investment (a Billion dollar purchase by Sun and obviously part of this purchase); especially with a clear business plan for MySQL to be profitable (which is why Sun bought them for such a lofty price in the first place). Overall, Oracle has no reason to kill MySQL; instead, with Siebel, MySQL, Oracle, PeopleSoft, etc - they can simply tout “All Your Databasen Are Belong To Us!”
Tags: MYSQL, Oracle, Oracle to buy Sun, SOlaris, sun
Posted in Directory Services, General Technology, IT Management, Linux, Scripts, Web Development | Comments Off
April 16th, 2009
Local Continuous Replication (LCR) is a high availability feature built into Exchange Server 2007. LCR allows admins to create and maintain a replica of a storage group to a SAN or DAS volume. This can be anything from a NetApp to an inexpensive jump drive or even a removable sled. In Exchange 2007, log file sizes have been increased, and those logs are copied to the LCR location (known as log shipping) and then used to “replay” data into the replica database (aka change propagation).
LCR can be used to reduce the recovery time in disaster recovery scenarios for the whole database, instead of restoring a database you can simply mount the replica. However, this is not to be used for day-to-day mailbox recovery, message restores, etc. It’s there to end those horrific eseutil /rebuild and eseutil /defrag scenarios. Given the sizes that Exchange environments are able to get in Exchange 2003 R2 and Exchange 2007, this alone is worth the drive space used.
Like with many other things in Windows, LCR can be configured using a wizard. The Local Continuous Backup wizard (I know, it should be the LCR wizard) can be accessed using the Exchange Management Console. From here, browse to the storage group you would like to replicate and then click on the Enable Local Continuous Backup button. The wizard will then ask you for the path to back up to and allow you to set a schedule. Once done, the changes will replicate, but the initial copy will not. This is known as seeding and will require a little PowerShell to get going. Using the name of the Storage Group (in this example “First Storage Group”) you will stop LCR, manually update the seed, then start it again, commands respectively being:
Suspend-StorageGroupCopy –identity “First Storage Group”
Update-StorageGroupCopy –identity “First StorageGroup”
Resume-StorageGroupCopy –identity “First StorageGroup”
Now that your database is seeded, click on the Storage Group in the Exchange Management Console and you should see Healthy listed in the Copy Status column for the database you’re using LCR with. Loop through this process with all of your databases and you’ll have a nice disaster recovery option to use next time you would have instead done a time consuming defrag of the database.
Tags: Continuous Backup, Exchange 2007, LCR, Storage Group, Update-StorageGroupCopy
Posted in Kerio, Network Architecture, Windows | Comments Off
April 15th, 2009
The EMC Celerra NX4 comes with a number of IPs (and other settings) set from the factory. The IP addressing, by default, is as follows:
- Primary Internal Network – 128.221.252.100
- Backup Internal Network – 128.221.253.100
- Netmask 255.255.255.0
- IP of Storage Processor A – 128.221.252.200
- IP of Storage Processor B – 128.221.253.201
- Gateway IP of Storage Processor A – 128.221.252.104
- Gateway IP of Storage Processor B – 128.221.253.104
Tags: Celerra NX4, default IP address, EMC, SAN
Posted in General Technology, Network Architecture, Xsan | Comments Off
April 14th, 2009
VMware’s ESX Server, like any system, needs to be updated regularly. To see what patches have been installed on your ESX server use the following command:
esxupdate -query
Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:
tar xvzf .tgz
Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:
esxupdate –test update
Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):
esxupdate update
There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).
If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.
You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:
esxcfg-firewall -allowOutgoing
Next, issue the esxupdate command with the path embedded:
esxupdate –noreboot -r http://
update
Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:
esxcfg-firewall -blockOutgoing
Tags: esx, esxcfg-firewall, esxupdate, noreboot, patch management, Test, vmware
Posted in Linux, Mass Deployments, Scripts, Windows | Comments Off
April 11th, 2009
318 has published another article on Xsanity, for scripting various notifications and monitors for Xsan and packaged up into a nice package installer. You can find it here
http://www.xsanity.com/index.php?topic=tips.
Tags: Command Line, notifications, scripting, Xsan, Xsanity
Posted in Xsan | Comments Off
April 10th, 2009
Windows, like Mac OS X can be put to sleep, locked or suspended from the command line. To suspend a host you would run the following command:
rundll32 powrprof.dll,SetSuspendState
To lock a Windows computer from the command line, use the following command:
rundll user32.dll,LockWorkStation
To put a machine in Hibernation mode:
rundll32 powrprof.dll,SetSuspendState Hibernate
If you would rather simply shut the computer down, then there is also the shutdown command, which can be issued at the command line. You can also use tsshutdn, which provides a few more options than the traditional shutdown command. All of these commands can also be scripted. For example, using the at command to provide a one time instance (which is actually a feature built into tsshutdn and shutdown). Another way to automate these in WIndows would be to issue the schtasks command (or simply write a batch file and use the GUI).
Tags: hibernate, lockworkstation, powrprof.dll, rundll32, setsuspendstate, sleep from command line, user32.dll, Windows
Posted in Windows | Comments Off
April 9th, 2009
Conficker Part II: we’re not trying to beat a dead horse here, nor be fear mongers; our goal is to be realistically managing risk. Conficker was set to go active on April 1st, but not a lot happened. Infection estimates tended toward the millions, as high as 15. That’s a sleeping bear that you likely don’t want to stir. Now, as we are a bit more into April and the thaw is upon us, the hibernation appears to be over, even if the only result is a still sleepy bear, rubbing his eyes and with a big yawn, wondering out of its cave. As though part of a bad April Fools prank, it appears as though Conficker is starting to stir, with reports from security researchers that it is just beginning to send out a payload to infected hosts that, while heavily encrypted, is reported to likely be logging keystrokes and designed to steal personal information.
Because Conficker is able to communicate with other infected hosts and download updates to itself (in the form of new payloads), it is able to morph into a new virus, able to do more damage to a system or be used for distributed attacks against larger environments. Because Conficker disables anti-virus software and Automatic Updates from Windows, the best fix is to download and run a tool designed for the task. You can download a free removal tool at Sophos.com.
Tags: botnet, conficker, encrypted, virus
Posted in Windows | Comments Off
April 8th, 2009
The new Nehalem Xserve is out. We’ve waited a couple of days to digest the information so here it is! The new Xserve is named from the next generation chip it has, which makes it the fastest Xserve Apple has yet to ship (this isn’t to say it’s the fastest Xeon, but it is faster overall by 2x-ish). To quote Apple:
Its single-die, 64-bit architecture makes 8MB of fully shared L3 cache readily available to each of the four processor cores. The result is fast access to cache data, reduced traffic between processors, and greater application performance. Combine that with the other technological advances and you get an Xserve that’s up to 2x faster than the previous generation.
But the processor being twice the speed isn’t the only thing that got a major upgrade. The new Xserve can take up to 12 slots (or 6 slots on a the quad-core) worth of 1066MHz DDR3 ECC SDRAM. The RAM is faster, but the new processor has an integrated memory controller, which reduces the latency between RAM and processor, again increasing speed. Each processor can control 3 banks worth of 1066MHz RAM, removing more bottlenecks from the chip to the I/O hub (which is also faster in the latest model, btw). 
Everyone else has been overclocking for years. Not that it’s overclocking, but close enough: introduce TurboBoost. If the other cores of a chip aren’t doing anything then the Nehalem will allow the CPU to spike up from 2.93GHz to 3.33GHz. So you’re not performing an operation telling the CPU to always run faster (and thus hotter). Instead, you’re telling it that if other cores aren’t needed to wind them down and move the heat over to the one that needs the power.
The New Xserve also has some very nice storage options. While we have been able to install 3 drives in the past, at this point there is a fourth drive option (similar to the original Xsever). Rather than being loaded into the front though, this drive is installed inside the system, and it’s a 128 GB solid state drive (SSD). You can also purchase a RAID5 controller for the Xserve. This seems to indicate that installing the Operating System on the Solid State Drive and placing data, be it mail, files, etc on the RAID5 (which doesn’t require a PCI slot) will be a common architectural choice. The Apple Drive Modules (ADMs) can now go up to 1 terabyte each. These are not interchangeable with older Xserves, and they are SATA. If you want to use SAS with the new Xserve, then Promise will now be handling all SAS drive modules (be it for Vtrak or Xserve) for Apple.
A couple of points about the new Xserve:
- The RAID5 controller: ZFS is more efficient than RAID5. Provided you are using ZFS, you can have more useable disk capacity with equal throughput using ZFS.
- If you’re not into headless serving, the dongle doesn’t come with the server any more (like with MacBooks), so make sure to order it, or just steal the one off your neighbors MacBook.
- Expect it to be a few weeks to ship these things (understandably, it’s a whole new gen of Xserve).
- Because it’s a new generation, your old spare parts kit likely won’t get you far with these things, and don’t expect to be swapping ADMs between the servers either.
- The quad-core is only $500 cheaper than the octa-core… Double the possible memory alone will potentially make the octa-core last a year or more longer than the quad-core as a viable production node…
- The SSD is nice and all, but they crash too. Just because there are no moving parts doesn’t mean that they can die. I’m all for using it as your boot volume, but… Make sure to have a bare metal backup, preferably one that is 1-button restore.
- One of the compelling aspects of this server is the processing per unit of rack density. The power requirements have been lowered, the firepower increased and overall the server is a blazing rocket ship. For the first time in a long time it has a very compelling story in the 1U server space: it’s similarly priced to other 1U systems, can run Windows/Linux and is way sexier than any other rack mount server (I know the data center isn’t supposed to be a fashion show but come on, the only other vendor that even cares about rack chassis looks seems to be Sun, who’s strategy is to make them look a little like a MacPro).
Tags: Nehalem, Xserve
Posted in Mac OS X | Comments Off
April 6th, 2009
In Tiger and below you used NetInfo Manager to enable and disable the root account in Mac OS X. However, in Leopard and above you use the Directory Utility. But you can also use the command line. In /usr/sbin there is a handy little tool called dsenableroot. To use it, simply open up Terminal.app and type dsenableroot. It will then prompt you for your password. Provided you type that correctly it will then prompt you for the password you desire the root account to have twice. Assuming the target passwords match, at this point you should see something similar to the following in your secure.log file:
Apr 6 09:38 client162 com.apple.SecurityServer[22]: checkpw() succeeded, creating credential for user root
There are other options you can use with the dsenableroot command. The -u, -p and -r flags can be used to put the username, password and root password into the command, so that it is not interactive. For example, the following would set the root password on a machine to TANSTAAFL! and use the username of Mike with a password of WyomingKnott:
dsenableroot -u Mike -p WyomingKnott -r TANSTAAFL!
The dsenableroot command can also disable the root account. To do so, simply use the -d flag. This can be done interactively with just dsenableroot followed by -d. It can also be done as in the above example in a non-interactive manner (useful for scripting or sending via ARD):
dsenableroot -d -u Mike -p WyomingKnott
You can also use dsenableroot to change the password of the root account, or stick with the passwd command for that.
There is an undocumented option with dsenableroot, but it’s simply a very unexciting way to get a version:
dsenableroot -appleversion
Which should spit out a comma delimited output (well, almost) that can be used to (for example), verify that the dsenableroot command hasn’t been tampered with (although a checksum might be better for something like that):
dsenableroot, Apple Computer, Inc., Version 112
Tags: Command Line, Directory Utility, dsenableroot, Mac OS X, NetInfo Manager
Posted in Mac OS X | Comments Off
April 3rd, 2009
For users of Retrospect 8 with Tape Libraries, EMC has issued a bug advisory regarding precautions to be taken to make sure you don’t erase all of the data in the library. The warning is as follows:
This issue only applies to environments where EMC Retrospect 8.0 is used with a tape library. If that configuration applies to you, please read the following notice carefully, so that you can take necessary precautions.
Problem Description:
When highlighting a group of tape slots or a magazine and clicking Erase, EMC Retrospect 8.0 incorrectly sends the Erase All command, commanding the tape library to erase ALL the tapes contained in the library, instead of only those tapes in the group/magazine.
Immediate Workaround:
To prevent the accidental erasure of tapes that contain valid data, either erase one tape at a time, or remove all the tapes that you do not want erased from your library before performing an erase operation on a group of tapes.
Resolution Pending:
This issue is being investigated with the highest priority, and a fix will be provided via automatic updates as soon as possible.
Tags: bug, Retrospect 8, tape libraries
Posted in Mac OS X | Comments Off
April 2nd, 2009
The dock should have the applications you commonly need to get to. However, some simply want it to show them the applications that are open. You can do this by running the following command:
defaults write com.apple.dock static-only -bool TRUE
Once run, reboot, or just restart your dock with the following command:
killall Dock
To undo it:
defaults write com.apple.dock static-only -bool FALSE
Tags: Command Line, defaults, Dock, Mac OS X
Posted in Mac OS X, Scripts | Comments Off
March 30th, 2009
McAfee, Norton, AVG and Kaspersky have detection for Conficker built into their standard engines. However, we’ve been finding that in some cases the standard scanners do not see Conficker, given its polymorphous nature. For this reason, I would recommend trying the Conficker scanner that Tillman Werner and Felix Leder have released. This free tool, written in python, can be used to scan a list of IP addresses (can be kept in a flat file called iplist.txt). It’s fairly simple and straight forward and can be used to run through and scan all the systems on your network as an additional fail safe. Remember, the countdown to what could be the biggest April Fools joke ever (if it doesn’t do anything that is, which seems pretty likely) is ticking.
Tags: conficker scanner
Posted in Security, Windows | Comments Off
March 25th, 2009
The File Replication Pro folks have published a customer success story outlining some of the ways we’re using their product. Check it out and if you have any questions about what we’re doing with it feel free to drop us a line!
Tags: File Replication pro, FRP
Posted in General Technology, Linux, Mac OS X, Mac OS X Server, Network Architecture, Windows | Comments Off
March 13th, 2009
There’s been a lot of talk the past year or two about unified messaging. You may remember the old ATT All in One commercial where a person was golfing and his important call would find him, and he wouldn’t miss the call. Or have you ever had a job where every morning you had to check your e-mail, then your voicemail on your phones, and then walk to the fax machine to check your faxes? Well, Google this week released a new service called Google Voice. Google Voice is just a revamp of their system called Google GrandCentral. You have one number that people will call, and Google will route the call to all of your phones to try and locate you, and allow you to essentially ignore the call or accept it. You can also search your emails, voicemails, and SMS messages from the web. Microsoft Exchange offers a system that will allow you to get all your email, voicemail and faxes in one centralized location. Weaver just released a service in February that will allow Asterisk users to have their voicemail transcribed automatically and e-mailed to them. Below is a chart of services offered by Google, Asterisk, and Microsoft Exchange 2007 Unified Messaging to give you a better understanding of what technology route you may want to go.
Microsoft Exchange 2007 Unified Messaging
Microsoft’s Exchange 2007 Unified Messaging goal is to tie in Email, Fax and Phone into one manageable place. An example that Microsoft uses is that first thing in the morning most people check their email, then check their voicemail, and after check their faxes. Exchange Unified Messaging has the ability to tie together all three of these communication technologies into a single place for management.
Exchange Unified Messaging on it’s own cannot serve a PBX function, but harnesses a current PBX infrastructure into Exchange for end users to have a seamless place to manage their communications. The current iteration of Exchange Unified Messaging is with Exchange 2007. To leverage the entire suite of features, you must use Outlook 2007.
Google Voice
Google Voice is a communication infrastructure much like Exchange Unified Messaging, but seems to be targeted for non-business consumers. Google Voice is the current iteration of what was once known as Google GrandCentral. Its purpose is unified messaging as well, as it ties in your Gmail, SMS and incoming phone calls into your phone account created on Google Voice. Google Voice is an IP-PBX (VoIP) that allows you to make and receive calls with unified messaging capabilities.
Receiving calls can be done through any cell phone that you have, or through their Google Voice web interface. Making calls can be done via GoogleVoice (web-based), or through any other phone (landline or cell phone). The price point is very good (as in free). The price is free for all calls made to US numbers (long distance charges to other countries apply, of course). It requires no additional hardware.
Asterisk
Asterisk is an open source IP-PBX (VoIP) platform based on Linux. It requires a computer to run on and can tie in your existing land line with almost any VoIP provider of your choice. Call pricing depends on your phone carriers.
|
|
Google Voice
|
Asterisk
|
Exchange 2007
|
|
Voicemail
|
Yes, stored on Google’s PBX Server.
|
Yes, stored on PBX Server.
|
Yes, originating from current PBX, but forwarded and stored in Exchange
|
|
Email
|
Yes, integrated with Gmail.
|
Yes, SMTP’d to host of your choice.
|
Yes, integrated with Exchange and Outlook
|
|
Transcribing VoiceMail
|
Yes
|
Yes, not natively as it needs to use VoiceScribe and then emails you the trasncript
|
No, but allows the user to take notes (including manually transcribing voicemail) to allow voicemail to be searchable via Outlook
|
|
Price
|
The use is free, and calls to US numbers are free. Your cell provider rates still apply, and Google has their own price for long distance calling.
|
Free to install and use, and configure. The call price rate depends on your local and/or VoIP carrier.
|
Phone calls rates are based on your PBX/Call Provider. Only certain PBXs are supported. The price for Exchange is $699 for Standard or $3,999 for Enterprise depending on how many storage groups and databases per mailbox server role you need. Both come with unified messaging.
|
|
Can call more than one of your phones at a time to try to locate you.
|
Yes
|
Yes, but you need to purchase additional trunks (VoIP or PSTN)
|
Depends on PBX
|
|
Can automatically locate you and route calls depending on bluetooth proximity.
|
No
|
Yes
|
No
|
|
Native Address Book
|
Yes, integrated with your Google Account.
|
No
|
Yes, integrated with Exchange Contacts
|
|
Call Management
|
Yes, via your phones (and possibly through Google Voice)
|
Yes, via your phones or through HUD
|
Yes, through Outlook and possibly through your PBX Software
|
|
Fax
|
No
|
Yes, but it’s through VoIP, and not realiable
|
Yes, through a standard fax line
|
|
VoIP
|
Yes
|
Yes
|
Depends on PBX
|
|
Listen to voice messages without changing their context to another application
|
Yes, integrated with Google Voice
|
No - you need to use whatever sound application is installed on your computer
|
Yes integrated with Outlook
|
|
Multiplatform
|
Unknown, but since it’s web based, it may work on Linux, Mac, and Windows.
|
Yes - Linux, Mac, and Windows
|
No, just Windows with Outlook 2007. You can play messages in Entourage, but may either have to change file type in Exchange from *.wma to *.wav, or have Mac users install WMP 9 for OS X
|
|
Configure individual voice mail settings
|
Via phone or web
|
Via phone or web
|
Yes integrated with Outlook
|
|
View all voicemail in one location
|
Yes
|
Yes
|
Yes
|
|
Distinguish voice and fax messages from email messages within mailbox
|
No, just voice mail from email, and only through Google Voice
|
No
|
Yes integrated with Outlook
|
|
Determine whether a voice message has already been played
|
Unknown
|
No
|
Yes integrated with Outlook
|
|
Add notes to a voicemail message natively
|
Unknown
|
No
|
Yes integrated with Outlook
|
|
Reply to a voice mail with email
|
Unknown - not sure if it can work with blocked numbers or telephone numbers not in contacts.
|
No
|
Yes integrated with Outlook
|
|
Add telephone numbers received to Contacts natively
|
Unknown
|
No
|
Yes integrated with Outlook
|
|
Share VoiceMail
|
Yes
|
Yes
|
Yes
|
|
Adding a user
|
Free. Requires that each user is registered with a Google account.
|
Free. Just create a new extension for IP phones. For non-IP hard phones, you must buy a FXS card (or to connect a regular phone to an ATA).
|
You must buy CALs for each user. For unified messaging, you must have both the Exchange Standard AND Entprise CAL. Exchange Standard CAL is $67, Exchange Enterprise CAL is $35. You must purchase both CALs for each user. You also need to add a user to your PBX - pricing and licensing depends on PBX provider.
|
There are some things that may catch your eye (or not) when you first see this chart. Exchange Unified Messaging is expensive, but offers a lot of features that the other two don’t. From a “birds eye view” it may also fit your enterprise better if your companies’ locations use different types of PBXs, but you want to “unify” all of the communication in Exchange.
If you have a heterogeneous environment or non Windows environment, Asterisk or Google Voice may be a better route for you.
If you are concerned with regulatory compliance, Google Voice may not be your best choice since you do not have a centralized location of all your communication readily available.
When determining which choice is a better fit for your business, carefully weigh your options (price, compliance and room for expansion to name a few). It will be exciting to see how the technologies are managed, and what the future holds for unified communications. If you plan to roll out any of these services, or are in need of consultation, please don’t hesitate to let us know. We’re here to help.
Tags: Asterisk, Exchange 2007, Google Voice, Unified Messaging
Posted in General Technology, IT Management | Comments Off
March 12th, 2009
Facebook released some major updates today. A number of people have complained that they don’t like the new layout, but the minor changes have you clicking less to find things, which conserves their bandwidth and lets you get to things faster. The newer graphics are sleeker and honestly a bit more like what you’d expect to see on an iPhone. Also, now you have the ability to simply eliminate friends from your news feed, which allows you to get the most up-to-data on the friends you actually want to know about.
Facebook seems to be more and more popular by the day. 318 has had a group on Facebook for a couple of years, and managed the Mac OS X Server group and the Xsan group, amongst others. Now we’ve added a fan page as well! Check it out here and become a fan.
Tags: facebook
Posted in Web Development | Comments Off
March 10th, 2009
We recently did a post on Xsanity about integrating StorNext clients with Xsan. It is very important that when you’re doing this type of integration that you remember that all metadata controllers need to have that license.dat file. If they don’t then not all of your clients will failover properly. When you’re finished with the integration, we recommend backing up the entire /Library/FileSystems/Xsan/config directory and running a cvgather. This final step will also make sure that if you need to restore a metadata controller that you won’t have to have a new license.dat file generated (amongst others).
Tags: license.dat, StorNext, Xsan
Posted in Xsan | Comments Off
