Ode to the “Cloud”
A few months ago I posted an entry about cloud computing on the KCCS Blog. Since then there have been lots of start ups and lots of new services provided by some of the old players, like Microsoft and Google, the latter needed no mention here but what’s done is done, needless to say for small businesses and even larger organizations these services allow you conduct business in ways you never have before.
While I have been keeping tabs as best I could on the progress of various cloud services, and believe me at this point there are way too many for just one person to keep track of, I also took the time to test a few of them to determine whether they may have a place in KCCS and/or can be recommend to our customers for use. Now before I continue this post I should probably admit a few things,
- I am still not drinking the Cool Aid
- I still love traditional desktop/ server applications
Recently I made a big push to move our most common used applications to a cloud version or a cloud alternative. For example things like CRM, Support Ticketing, Invoicing and even Project management, as a result we are about 90% cloud based. But being the none trusting type there is also a traditional application on our servers that serve the same purpose and before you point out the fact that it just doubles the workload I will say this, most of the services we use also integrate in some way with our desktop applications like Office, meaning that changes made using either the cloud of the desktop application will reflect on the other.
To give you a general insight to what I am referring to I will give a break down of what service we use and how we use them.
Who is attempting to attack your company?
Today with the advent of cost effective small business high speed internet access and movement of many traditional brick and mortar businesses now moving to the online realm. Companies are dealing with more and more data than ever before.
More companies are also doing mobile computing via VPN and other remote access technologies. While some Software as a Services (SaaS) solutions come with things like SSL encryption. However more companies like ours are hosting our own applications such as CRM and various other mission critical applications almost all of which can be accessed over the public internet with little or no encryption, even though you can do things like using none standard ports, hackers can still use tools like Nmap or other port scanners to find these open ports in order to hack your network and destroy this precious information or use keyloggers and other exploits to capture confidential customer data such as credit card numbers.
How do you stop or at least give your self a fighting chance to prevent such attacks? Get an enterprise strength firewall with Intrusion Detection (IDS) and Intrusion Prevention(IPS). The trouble with these systems is that up until recently these appliances have cost thousands of dollars, Until now. Because of the growing trend in network based attacks we at KCCS have spent countless hours researching and testing various hardware solutions and are proud to announce that we have built a custom solutions that is specifically designed for small businesses.
Windows 7
It’s been a while since I have written a post so I decided to write one. I have been using Windows 7 now since the release candidate became public and I must say I am loving it. But instead of trying to write a review I decided to repost one from one of my favorite geeks Paul Thurrott from SuperSite for Windows. I know I should have down my own but since there are tons of these are out on the net I decided to cheat a little bit so here it is in it’s entirety
Windows 7 Review
What a difference a few years makes. When Windows Vista debuted in late 2006, I was full of questions: Windows Vista was a big, messy Windows release, delayed time and again, and suffering from too many features and too little cohesiveness. This time around, things are clearer. Windows 7 is less ambitious than its predecessor, but also a better product. It suffers from none of the aimless feature bloat that plagued Vista upon its release, and none of the aimless uncertainty that followed Vista's five-plus years of development. That the public reaction to Windows 7 has also been universally positive--another sharp contrast with Vista--is also gratifying. Windows 7 deserves the accolades, and it's one of the strongest entries in the Windows family of products ever.
And that makes reviewing Windows 7 difficult. This is a near perfect software release, that rarest of upgrades that improves on virtually everything about its predecessor while losing nothing of serious importance. Yes, there are nits. Sure, I'd have liked to have seen a few components of the OS turn out a bit differently. No software is truly perfect. But you don't have to qualify the successes of Windows 7 as you did with Windows Vista. Windows 7 is just excellent, with no caveats attached. And Windows 7 isn't excellent within the context of its reduced development cycle and the resultant reduced expectations. It's just excellent, plain and simple. No ifs, ands, or buts.
So now that I've completely blown the premise of this review, which will be published over the time leading up to Windows 7's general availability in October, let me at least frame the conversation that will conclude, inevitably, with discussions of unparalleled greatness. Because even though I may have just provided you with a peek at the end of this epic review, there's still a lot to discover.
here, in Part 1, I'd like to put Windows 7 in perspective. How has the world changed since XP first appeared eight long years ago? Windows 7 is being born into a sharply different environment than its most popular predecessor. But the parallels between XP and Windows 7 are many.
In Part 2, I will examine the all-important task of picking the proper Windows 7product edition. This is again an issue because Microsoft has saddled its users with too many choices, though there are certainly fewer valid possibilities than before. I've already provided the most thorough and comprehensive Windows 7 product edition comparison available anywhere, but in this review I'll make the decision process simpler than ever, especially for those who don't want to wade through giant charts.
In Part 3, I will explain the various ways in which you can acquire and, if need be,install Windows 7. This includes PC bundles, retail copies, and Windows Anytime Upgrade, but it also includes various installation, upgrading, and migration tasks. I will take the mystery out of moving from your current version of Windows to Windows 7.
Over the next several parts of this review, I will divide up all of the new features in Windows 7 in digestible chunks so you can quickly hop around and find exactly what you need. I've divided up the feature list similarly to how I did so for my Windows Vista review, with subjects like user interface, security, performance, Internet, digital media, and many others.
In the penultimate part of this review, I will examine compatibility--both hardware and software--and explore how Windows 7 sets the stage for a coming generation of Windows products that breaks, finally, with the technological deadwood of the past in ways that are both elegant and seamless.
And then I will attempt to bring it all together with some sort of sweeping conclusion that, again, I assume I'm telegraphing pretty obviously already. As you'll see over the course of this review, there are plenty of small things to complain about. But the big picture with Windows 7 is universally positive. You'd have to be completely clueless--or a deluded Mac fanatic--to think otherwise.
8 years later...
If you're looking for an obvious spiritual predecessor to Windows 7, look no further than Windows XP. That release was basically a more compelling version of its own predecessor, Windows 2000, and featured a new UI, much better compatibility with devices and software, Windows XP also marked the death of the old-fashioned, DOS-based Windows products that had previously dominated the consumer landscape and offered up a number of end-to-end experiences that significantly simplified how users completed certain multi-step tasks (like acquiring digital photos) that we now take for granted. It arrived at the dawn of a new era of wireless home networking.
By comparison, Windows 7 is also a more compelling version of its predecessor, Windows Vista, offering enhanced usability, dramatically better performance, and new seamless compatibility options that were unavailable just a few short years ago. Windows 7 will also mark the death of an increasingly obsolete predecessor, in this case Windows XP, which has been granted an unusually long life cycle because of customer indifference to Vista. It will also usher in an era of pervasive 64-bit computing in a way that was only hinted at with Windows Vista. And like XP, Windows 7 expands on the themes of simplification and experiences, providing users with a finely-tuned UI that simplifies common activities. Windows 7, too, arrives at the dawn of an era of pervasive, anywhere/anytime wireless Internet access via 3G and Wi-Fi networks.
Taken as a slice in time, the October 2001 release of Windows XP was a watershed event. But it didn't take long for hackers to uncover an endemic security hole in the product, and Microsoft spent 2002 and 2003 retrenching and then, finally, halting Windows development so that it could rearchitect both the software and its development process to account for the highly-connected, potentially dangerous world in which XP was really being used. The result of this effort, called Trustworthy Computing, has had enormously positive ramifications across subsequent Windows versions and other Microsoft products. (Including Windows 7.)
[ Read my original review of Windows XP for some historical perspective. ]
On a more positive note, Microsoft used the time between XP and Vista to ship a bewildering number of platform improvements to Windows, most notably through several versions of Windows XP Media Center Edition--which added home theatre capabilities--and Windows XP Tablet PC Edition--which provided pervasive handwriting recognition and pen computing capabilities. Microsoft also innovated with touch computing during this time and with software for so-called ultra-mobile computers, small PCs that pre-dated the current netbook craze by some years. Not all of these efforts were necessarily successful from a commercial standpoint, but each left an indelible mark on the underlying platform.
By the time Vista finally arrived, Windows had undergone seismic changes. Vista brought with it a number of next-generation technologies that, sadly, remain little used today, though they do at least form the basis for further improvements in Windows 7. And many of t
he original "Longhorn" technologies that were designed to make Windows Vista such a stunning upgrade were dropped or changed over time, or back-ported to Windows XP.
The changes Microsoft made to Windows Vista meant that Windows, again, was ahead of the hardware curve. The system wouldn't run well on many existing PCs of the day, and its vaunted Aero UI required a class of graphics accelerator that some users--especially those with low-end laptops--simply didn't have. Worse, early compatibility issues, though solved within a year, continued to adversely affect public opinion of the product. Many people who had never even used the product assumed it was a dog thanks to clueless pundits and reviewers who had never bothered to correct their wrong-headed early impressions.
That Microsoft built Windows 7 on top of Windows Vista is a tribute to Vista's true worth, because the underpinnings are solid. It's funny to me that those who damned Vista over the past two years are now praising the very similar Windows 7. Yes, Windows 7 has a tweaked UI. And yes, Windows 7 does offer better performance than its predecessor. But in reality, there's not much of a fundamental difference between the two. Windows Vista and 7 share the same hardware requirements, for example, which I believe to be telling. And Windows Vista and 7 share identical hardware and software compatibility models, though Windows 7 does improve on Vista with an interesting virtualization feature that we'll discuss later in the review.
So is Windows 7 just Vista with a bit of eye candy added and some performance tweaks? The cynical might believe so, but let's not get silly. Windows 7 is the sum of hundreds, perhaps thousands, of tiny tweaks, none of which would be particularly interesting in isolation. But taken as a whole, the result is astonishing. Where Vista felt incomplete and scattered, Windows 7 seems polished. Like an Apple product, it appears to be the result of a singular vision, though I'd be surprised if that were really the case.
This kind of refinement is hard to point to in any general way because it's all over the place. Every nook and cranny in Windows 7 has been given the once-over, and where changes needed to be made, they were made. There are big changes, like the new taskbar and the yet-another-version-of-Windows Explorer. But there are also many, many tiny changes. Nothing was overlooked. Nothing major. And nothing minor.
Asking customers to pay for something that is essentially a Windows Vista mulligan sounds ridiculous on the surface. But time and again, people who see and use Windows 7 are enchanted, and for good reason. Windows 7 is special, and that fact is obvious to anyone who comes in contact with it. In fact, Windows 7 has been so good for so much of its relatively short development cycle that it's become somewhat boring from my perspective as a reviewer. That should be taken as a good sign, however. It means that Microsoft has exorcised the excesses of the past. It is delivering on its promises.
Put simply, yeah, you want Windows 7. The question then, becomes which Windows 7? Which product edition should you pick? I'll help you figure it out in Part 2 of this review.
Continue to Part 2: Picking a Product Edition...
--Paul Thurrott
July 28 - August 8, 2009
Virtualization Vs, Cloud Computing
These days the biggest buzzwords in the IT industry have been the expansion of Cloud computing and the major push towards virtualizing the traditional computing infrastructure. But with these two new concepts come questions from business owners like you and me and the biggest question without a doubt has to be “which one is better?” or “which should i use?” While there is no one answer that can work for everyone I will say this, for some things it maybe better in the long run for certain services to be outsourced to cloud providers. One such things would be storage especially back up storage. There tons backup providers out there, for instance, Carbonite, Mozy and some ISPs are now providing backup services. However the other services seem to have limitations, for example Google Docs work great for simple documents and make it real easy to share those file, Microsoft also has a similar service called office live, and while this is a bit more robust than the Google alternative allowing you to create and/or edit files in your traditional Office applications and via the Office Live plug-in you can save it to you cloud account which like Google give you about 5gig of storage, which is pretty modest I must say. In the the end I still don’t think the various technologies have evolved enough to a serious consideration at this point, even though it may have its merits the price of small business servers including second hand or whitebox servers not to mention the fact that users will need to be able to get on the internet at all times limits the use for now until offline editing becomes more prevalent.
Build a Small Business Network Solution
I have been writing a lot about virtualiztion and going green over the last few weeks, but a thought hit me today as I was planning my next article. I realized that some Small/ Medium Sized Businesses(SMBs), may not even have an established data network to even begin implementing these solutions. I have been to many SMBs for various reasons both as a customer and as a technician and what I discovered was while most had one or several computers they were all stand alone boxes with little or no networking being used. To top it off most of these businesses depend on one computer for things like order tracking and even finances with pretty much no access control.
So for the next few weeks I will lay out a networking solution that is easy to implement and comes at little cost or possibly no cost depending on what hardware/ software you opt for. First thing’s first I will list the materials that I will work in this set up. Most of the software is free for example Esxi and Vmware Server are Free and you can invest in hardware to build a dedicated server using server hardware, buy a used server off of Ebay or Craigslist or quite simply recycle what ever old hardware you have laying around. whether it’s parts from old computers or entire computers. You can use this as an opportunity to replace your existing aging computers, desktop or laptops.
Software:
1. Windows Server 2003 ( Small Business Server, Enterprise, Standard)
2. Windows (XP Pro[ or Home], Vista [ Home Premium, Business Edition, Or Ultimate]
3. IpCop, PF Sense, ClarkConnect Community Edition, Smooth Wall Community Edition
4. VmWare Esxi
5. VmWare Server
6. Microsoft Virtual Server 2005 R2
7. Spice Works
8. Orion Network Performance Monitor
9. What’s Up Gold
10. Software Firewall and Anti-Virus ( Norton’s, McAfee, Zone Alarm are my recommendations) you can buy an Internet security suite instead of each separatel
Hardware:
1. FastEthernet (10/100) or Gigabit (10/100/1000) Switch(s) these can be managed or u-nmanaged ( unmanaged are way cheaper)
2. A good supply of Cat 5E or 6 network cable ( Pre-made is fine but you are probably better off getting a roll and some Rj-45 modules along with a crimping tool, the TIA A/B standards are posted all over the Internet so a Google search will give you directions on how to make your own patch cable.)
3. To keep things neat you may want to invest in a server rack or go down to Home Depot or Lowes and get some wood and some screws and build you self one, just remember a few things
o Make sure you build one with enough room for expansion
o Build the selves with enough of a gap between them to allow for larger devises such as 4U servers, this will also allow better circulation of air
o It may be worth while to also get some mounting rail to allow you to slide out smaller devices and build a keyboard/ mouse sliding shelf
4. A KVM switch, this is totally up to you as to which type to buy and how many devices you want to support but i would recommend at least a 4 port KVM switch
5. Keyboard and mouse
6. Monitor, LCD or CRT doesn’t matter but remember LCDS are way lighter and take up less space. Also size isn’t important a 15 inch will work but the prices are so low you may find it to make more sense to get a 19 inch.
7. Network Interface Cards ( NIC) these again can be FastEthernet or Gigabit and how many you will need will depend on a few things but plan on needing about 3-4 of them.
8. Old computers, here it becomes a bit tricky because you want to use want to use the more powerful systems for the more heavy duty workloads such as being a server but typically a Pentium 3 Class with at least 256MB of Ram and a hard drive( can be any size for some things can be as small as 2 gigabytes and sometimes less!)
9. If you plan on using wireless networking then you may need one or more Wireless Access Points, I like the Linksys WAP54g.
10. You may also purchase a dedicated print server but it is not needed since any computer can be configured as a print server in about 2 minutes but still the choice is there.
11. UPS ( not the shipping company!) this an optional but recommended step because it allows your mission critical systems to remain operational for a few minutes after the power goes out, and automatically communicates with the computers/ servers to allow them to save and shut down properly. These guys can be pretty expensive but you can get one for every server one at a time as money permits.
12. Patch Panel (optional)
Now that is quite the shopping list! But I promise the pay off will be worth it. What we are doing is designing a network that will easily support an office of about 10- 20 people with a one person IT staff or no IT staff. To do this we will not use Active Directory or Exchange, but feel free to use this if you already have it set up, All computers and servers will be on a workgroup and we will also use WINS since NetBIOS isn’t routable, meaning that if you break your network into two subnet for example one for servers and one for computers and printers you will not be able to access the nodes on a different subnet, and this eliminates the need for someone to create and maintain a directory for user access ( log-on’s) and no need to learn how to create group polices etc. Also to minimize the cost and environmental impact we will be using some virtualization for perhaps one or two virtual servers.
I Created a couple of conceptual drawing to show you what your network could look like. The First one is a Server Rack, there are a few things to note, this was blown up a lot to illustrate things like the shelf space differences and remember this is just a concept you set up doesn’t have to be this complicated .
Again this is very rudimentary and only purpose is to give you a visual idea of what you network can look like. Come back for the next in our series, Building a Linux/ FreeBSD Router/Firewall.
Build your own firewall
This is the follow up to my last article in which I promised to walk you through how to build your own small scale data-center for you Small Business. For our first part of the project we will start by building a simple but very robust hardware firewall running a Free BSD(Unix) operating system, called PfSense that can be deployed in less than an hour for the basic configuration. For this example this is the hardware I will be using an old Dell Dimension L866r pictured below ( yes a white Dell!). The reason that
I picked such an old system is to drive home the fact that for some of the stuff we will be doing you don’t need brand new high-end equipment, in fact for something like a firewall this system is pretty much overkill but since it is actually a functioning part of our network I decided to use it for demo purposes. Now the system has a Pentium 3 processor clocked at about 733Mhz and is sporting 128Mb of RAM, a 20Gig Western Digital hard drive which is again overkill since the space requirements for this OS is about 128MB meaning that it can be run off of a Compact Flash Card. We also used a pair of 3Coom 10/100 Ethernet cards because they are probably one of the most highly supported cards on the market and are very cheap with the average price being around $5 on the Internet. A few things to note, the minimum required for this Firewall/Router is 2 NIC’s, you can use more than just 2 however, for example if you have two Internet connections coming in, for example a cable modem and a DSL line you can use both by creating a second WAN interface however since not many people will use this set up we won’t cover it here. Another thing to note is since this is more than just a firewall but also in fact a router depending on your needs you can get rid of whatever Soho router you currently use or were thinking about getting, instead if you wish to keep or add Wi-Fi to your network you can either purchase a Wireless Access Point such as the Linksys WAP54g, or again if you already have a Soho router that you use you can configure it to run in bridge mode which basically turns off all of the routing functions and only provides wireless access. With all of that said this set up is so robust that you can add more than one NICs on the LAN side ( inside of your network) all on different subnet’s and use static routes to determine how the traffic will move on your network, this set up is good if you would like to separate your works stations from your servers, having your workstations, printers etc on one subnet e.g. 172.168.0.0 and your servers on 172.10.0.0, again while this an option most people will not use this so we will not cover it here.
Now lets take a look at the software itself. Like I said we will be using PfSense which is a spin off of the Monowall Project and is also made by the same person. The two are very similar but we chose Pfsense because we like it a little more than Monowall. Here is the basic information starting with the system requirements:
Minimum Hardware Requirements
The following outlines the minimum hardware requirements for pfSense 1.2. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.
CPU – 100 MHz Pentium
RAM – 128 MB
Requirements specific to individual platforms follow.
Live CD
CD-ROM drive
USB flash drive or floppy drive to hold configuration file
Hard drive installation
CD-ROM for initial installation
1 GB hard drive
Embedded
128 MB Compact Flash card
Serial port for console
As you can see this is a very light weight install. I have already listed some of the features of the firewall but there are tons that I didn’t even touch so here is a full rundown directly from the PfSense website:
Features
pfSense includes most all the features in expensive commercial firewalls, and more in many cases. The following is a list of features currently available in the pfSense 1.2 release. All of these things are possible in the web interface, without touching anything at the command line.
In addition to features, this page also includes all limitations of the system of which we are aware. From our experience and the contributed experiences of thousands of our users, we understand very well what the software can and cannot do. Every software package has limitations. Where we differ from most is we clearly communicate them. We also welcome people to contribute to help eliminate these limitations. Many of the listed limitations are common to numerous open source and commercial firewalls. 1.2 limitations already fixed in the code that will become the next major release will be noted.
Firewall
• Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
• Able to limit simultaneous connections on a per-rule basis
• pfSense utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense can do so (amongst many other possibilities) by passively detecting the Operating System in use.
• Option to log or not log traffic matching each rule.
• Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
• Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
• Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
• Packet normalization – Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”
o Enabled in pfSense by default
o Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
• Disable filter – you can turn off the firewall filter entirely if you wish to turn pfSense into a pure router.
Reporting and Monitoring
RRD Graphs
The RRD graphs in pfSense maintain historical information on the following.
• CPU utilization
• Total throughput
• Firewall states
• Individual throughput for all interfaces
• Packets per second rates for all interfaces
• WAN interface gateway(s) ping response times
• Traffic shaper queues on systems with traffic shaping enable
Real Time Information
Historical information is important, but sometimes it’s more important to see real time information.
SVG graphs are available that show real time throughput for each interface.
For traffic shaper users, the Status -> Queues screen provides a real time display of queue usage using AJAX updated gauges.
The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.
Dynamic DNS
A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.
• DynDNS
• DHS
• DyNS
• easyDNS
• No-IP
• ODS.org
• ZoneEdit
A client is also available for RFC 2136 dynamic DNS updates, for use with DNS servers like BIND which support this means of updating.
Limitations
• Only works on primary WAN interface – multi-WAN support is available in 2.0.
• Can only update one account with a single provider. 2.0 enables the use of unlimited accounts.
• Only works when pfSense has the public IP assigned to one of its interfaces. If you have a modem that obtains your public IP and gives pfSense a private IP, the private IP will be registered with the provider. In 2.0, there is an option to determine your actual public IP and correctly register it.
Captive Portal
Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general, see the Wikipedia article on the topic. The following is a list of features in the pfSense Captive Portal.
• Maximum concurrent connections – Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.
• Idle timeout – Disconnect clients who are idle for more than the defined number of minutes.
• Hard timeout – Force a disconnect of all clients after the defined number of minutes.
• Logon pop up window – Option to pop up a window with a log off button.
• URL Redirection – after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.
• MAC filtering – by default, pfSense filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.
• Authentication options – There are three authentication options available.
o No authentication – This means the user just clicks through your portal page without entering credentials.
o Local user manager – A local user database can be configured and used for authentication.
o RADIUS authentication – This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.
• RADIUS capabilities
o Forced re-authentication
o Able to send Accounting updates
o RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client’s MAC address as the user name and password.
o Allows configuration of redundant RADIUS servers.
• HTTP or HTTPS – The portal page can be configured to use either HTTP or HTTPS.
• Pass-through MAC and IP addresses – MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.
• File Manager – This allows you to upload images for use in your portal pages.
Limitations
• Can only run on one interface simultaneously.
• “Reverse” portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.
• Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.
• Currently not compatible with multi-WAN rules. We hope this will be resolved in 2.0.
DHCP Server and Relay
pfSense includes both DHCP Server and Relay functionality
And More…
This is by no means a conclusive list. It will be expanded as time permits.
Now that’s a lot of stuff!
Lets start with the install process. Start downloading the image from the website and burn it using your favorite program ( we like PowerISO and MagicISO). When you are finished burning the cd go to the machine that will become your firewall and start it up. Enter the BIOS by pressing the appropriate key, usually Delete or F1 but may be different depending on the manufacturer of the BIOS for us since it’s DELL we know that it’s F2. Change the boot order to put the CD-ROM/DVD-ROM to be the first boot device. Hit ‘escape’ then select “save and exit,” while the machine restarts put the cd containing the firewall image in the drive and wait for it to boot. Assuming you did everything correctly to this point you should be greeted with the following screen.
Press 1 then hit enter and you will see the files being loaded that will allow the system to run.
Next you will be asked whether you want to create VLANs, this is optional and will not be covered, so select ‘n’ then hit enter.
This is the screen that will allow you to configure your network cards. The system displays all the detected cards( hopefully I didn’t have to tell you to install the cards into the computer!) in our case em0 and em1 but the interface designations can be different, for instance we have seen the cards identified using “xl0″ and “xl1″. At the bottom it will ask you to select you LAN interface or press ‘a’ to auto detect, but I have never gotten the auto detect to work so we will do it manually, it doesn’t matter which you assign to what role but generally the way we do it is the ‘zero’ card is the one we use for the WAN side and it is normally the top card in the PCI ( the one that is closet to the CPU) and obviously the ‘one’ card becomes the LAN card.
So go ahead and assign your first card ‘em1′ in our case and press enter.
Now you will be asked to select your WAN interface which be ‘em0.’
The next step asks if you want to add an optional interface, since we are only using two cards we will just hit enter to skip this step.
Before everything is committed you will be given a summary of everything that will be added to the configuration go ahead and hit ‘y’ then enter.
Now all of the settings will be created and saved
You will then be brought back to the menu screen but this time you will have a few more options.
Before we touch any of the other settings we will first assign the IP addressing scheme for the LAN side, note this step is only necessary if you plan on using the firewall as router with DCHP and are not using another DHCP server such as a Soho router.
With that said chose option ‘2′ and you will be asked to assign a LAN IP address, now since we will be using it as a router we will choose the subnet and the first available address which is one, so our address will 172.168.10.1. You will then be asked about the Subnet Mask information, just because we felt like it we chose /16 which is the same 255.255.0.0. The standard mask for Soho systems is /24 or 255.255.255.0 which is what the store bought Soho routers will use. This doesn’t really matter for a small set up like this but this will have enough room for up to 253 hosts (computers) for the 172.168.10.0 to 172.168.10.255 range but in actuality this subnet cant support up to 65, 536 hosts, a number that a small business of 50 or less or even as much as 100 will not utilize.
In the next step you will be asked whether you want to turn on DHCP, since we want that select ‘y’ then enter
You will then be asked to choose the stat and ending range for the DHCP pool since I don’t anticipate needing more then 148 addresses in the DCHP pool I set the range to .2 to .150
Bear in mind that this is only the range of IP addresses that can be dynamically assigned, you are still able to use the rest of the addresses for static addresses but since this can cause some conflicts I recommend you only assign static addresses from the .151 to .254 range ( note you can not assign .0 or .255 as these are reserved for special functions). After some more processing you will be brought back to the menu
This is the end of the initial set up phase. The firewall is functional and will run but only from the cd. the next step will be to install the OS on the local hard drive. Press 99 then accept all the defaults as your are moved through the menus for the installation process. Once the install is done simply remove your cd and reboot the computer. You can now access the WebGUI through the ip adress that you specified for example 192.168.1.1
Virtualization
I have mentioned virtualization in the past and have given overviews of how it can be beneficial to business. However what I noticed that when I try to explain it to customers even the ones that are pretty tech savvy are usually pretty confused as to how it works exactly, so I will try to break it down in terms that everyone should be able to understand.
So lets start off by saying this. Virtualization is a technology that lets an operating system run on top of another operating system, think of it like this, if you are using windows on your computer, that is what you are stuck with, you can’t run any Linux programs. In fact you can’t run some older windows programs either, because of the way the new Windows Operating Systems are designed. Your only option is to either have a computer for every operating system and you want to use or create a multi-boot system that would allow you to boot into a different operating system, while this is fine it is very inconvenient because you have to stop working on what you are working on to reboot your machine and boot into a new OS. What happens when you need to share information between two OSs? Well this is where having more than one computer will work, but if you use 3 or 4 OSs for different applications then this will be very tedious. This is where virtualization comes in.
With virtualization provided that the computer that you are running your virtual machines on is powerful enough in terms of processing power, hard drive space, and memory, you can run all 4 of those operating systems at the same time in addition to the main OS that you are using for your everyday use.
Now virtualization comes in a couple of flavors, the first type installs on your computer just like a regular operating system and you operate it just like any other application, the second type is called a bare-metal application which is what it sounds like. Instead of running Windows or Linux you install a small program( which happens to be Linux based) which provides a platform that allows the virtual machine to communicate with your computers hardware.
Now that we have that part covered I should take the time now to mention that the first type that i mentioned also comes in two sub flavors, server virtualization and desktop virtualization. The difference is that server virtualization is designed to work in server environments on and is usually managed via a web interface. Desktop virtualization is used on a desktop computer and is used for things like testing out a new version of an OS or for the uses I mentioned like for using applications that are not compatible with the OS that you are currently using.
Here are just a few common virtualization applications (hypervisors)
1. VmWare Workstation
2. VmWare Server
3. VmWare ESX
4. Xen
5. Xen Server
6. Microsoft Virtual Server 2005
7. Virtual PC
8. Virtual Box
9. Hyper-V
There are some small scale open source hypervisors out there that aren’t on the list, but a quick search on google will give some more insight as to the variety available a large number of them are free.
Well that’s it. It is really just that simple to understand! The complexity of virtualization is in how it is utilized and when things like SANs and redundancy are put into the mix. Come back again soon I at some point I will continue this topic and by all means feel free to post comments or questions.
Is Linux right for your Small Business?..
It’s been quite a while since I’ve posted but in my defense I’ve been busy with work and some project for a couple of clients not to mention school. Well let’s get down to it.
I’ve been doing a few deployments for small businesses for people like me who do their day to day business administration from their house. In addition I have been doing some smaller deployments of windows boxes. The biggest complaint from customers is the cost of licensing, since each computer running windows requires it’s own license to be considered legal even if you are using a single image for all of them. Typically I include the batch licenses in the over all price of that the customer is billed, however this is sometimes make customers uncomfortable about the price of the project.
This got me thinking what about Linux? I know most computer users are used to windows but however since users on a domain are not allowed to install software or make any system changes anyway there shouldn’t be an issue with this. I so i began testing a bunch of different versions of Linux and came up with the best solutions. This is especially true for business that have moved most of their applications online, for example things like CRM applications like MS Dynamics or SugarCRM. This move to a centralized web based environment makes it easy for everyone especially us IT folks because it eliminates the need to push software updates to every computer on the network. So I started with Ubuntu which is great for users new to Linux and is very easy to use but I don’t think it is conducive to business needs but can still be used. I tried OpenSuse and Fedora both are good but had issues with things like wireless devices such as the Boradcom bcm4300 series of wireless cards, though with some work they did work, but all in all they would not work well for laptop users. The last one that I tried was CentOS 5 which is based on Red Hard Enterprise Linux but without the support of RHEL . However the OS was solid and worked almost flawlessly though is was still unable to get the wireless devices to work.
My final opinion? A combination of CentOS and Ubuntu would be ideal for most business needs. The reason I suggest Ubuntu is because of the relative ease in which I got the wireless working compared to the others so I would suggest Ubuntu for laptops and CentOS for desk bound workstations. They can all be managed using openLDAP, which I tested in a virtual lap I created for this post and from what I hear it should be able to work with Active Directory ( Linux folks correct me if I am wrong)though I haven’t tested it myself. More to come on this topic.
Network Management/ Monitoring
” Hey why can’t I access the file server? and why is the network so slow today?” Hmm maybe you should have been paying closer attention to your network environment. This is probably one of the most over looked aspect of network administration. Being able to get a snap shot at what your network looks like and how your systems are performing can be one of the best things you can do for preventative maintenance. Usually only large networks invest in this arena but as a small business owner and a serious computer nut I love to know exactly what’s going on all my systems. And it is all relatively simple to set up and requires very little supervision or maintenance after it is set up.
As I stated before I am very strict about the way my network is being used and when if there are any errors on the connected nodes. And because of this and a few connections and some Googling within the corporate IT world I got my hands on some stuff.
Orion NPM from Solar Winds. This was a pretty good piece of software. It does a very good job of detecting everything on your network even things on different subnets. The layout wasn’t that great but this is probably because I am a visual person and a snazzy UI always peeks my interest. It uses maps to show the general layout of the network but in all honesty the maps are kind of cheesy granted they map is really a layout of the WAN. The Network Summary is a little
better and while it’s not pretty either is very good at organizing the information by either the manufacturer or operating system in a tree. In my opinion what makes this program so good is the vast amount of information that it displays from just the dashboard view, for example nodes with problems, physical information such as CPU usage, RAM usage and hard drive usage, even what is currently stored in RAM by the amount of memory it is utilizing and
with optional modules you can also monitor application performance and log errors as they happen. Of source it have it’s own statistical engine build it so it captures information such as usage over time and displays them on a graph for you to review. The information includes things like bandwidth usage and CPU usage to get a good idea as to how much your systems, especially your servers. There is so much that I couldn’t list them all without writing an article only about this program. If you want to find out more information about this management suite I would suggest you go to their website and check it out for your self. You can also use the online Demo( which is where I got the screenshots from) and take it for a spin.
Spice Works. Now after looking at the price for the previous product, some where around $3000 for the basic software, there is an alternative out there, no it’s not Linux-based, called SpiceWorks. Now this program probably isn’t as detailed as Orion but it does have one advantage over it, IT’S FREE!! The standard version is fully functional as the paid version the only difference as far as I know is that this is add supported so you will have tons of website ads being displayed, but this is a small price to pay for such a great product and a plus to people like is it’s pretty. It’s very light weight for what it does.It can be run on a 700MHz processor ( 933 in my case) and even though it is recommend that you have at least 512MB RAM I have been using it with 256MB. This product not only does the network monitoring and management that typical programs do it also incorporates a help desk ticketing system and also does invetory and categorizes them. one of my favorite things about SpiceWorks is the fact that although it does needs a computer/server to run on you do not have to dedicate anymore hardware to the job, so if space is tight, as it often is in a datacenter, the dashboard is accessed through a web browser, and for those of that run a webserver the default port can be changed, in my case I used port 8080. The dashboard has all the typical stuff as you can see but what I like is the way the information is displayed for example for the inventory you see everything broken down by what the are,
for example here you see a basic inventory of my home network. It shows things like a pie chart of the manufacturers being
used and can also be used to do things like create purchasing tickets. This is a very useful tool, it will let you keep track of who needs what and allow you to assign it to who ever does you IT purchasing.
There are tons of other products out there such as Tivoli, Uni-Center, Nagios, and many others, these two are probably my favorite and are probably the easiest to get up and running. In addition I think these are capable of running in a small business and they won’t break the bank and will allow a small IT staff of one or two people to keep track of what is going on.
Data Security, Do’s and Don’ts
Today received a call from my mother telling me that none of the computers in the house had Internet connectivity and also that the house phone wasn’t getting a dial tone. Of course because I am a professional I was able to narrow down the problem within a few seconds because I could hear the TV in the background I knew that the issue was limited to the cable modem. Long story short the power cable broke probably because there was another issue on the ISP side and my family was probably trying to rest the modem but in the process the broke the cable and made the situation worse.Which brings me to the point of this article.
The first step in securing your data and mission critical systems is not a firewall or super complicated password, but something much more simple, a $2 lock. Yes believe it or not the first step is something as simple as placing your servers in a locked room with limited access to only the people that need access to it.
Disable all external access to your devices. Like disabling your USB ports, disabling your CD-Rom. Yes these are scary thoughts because I know you are thinking about “what if I need to fix something?” Well the answer is simple, you can access everything through your network and if by chance your network is also down, notice I didn’t say to remover your keyboard and mouse access so you can still log in traditional means if need be.
Another security measure is plain and simple, CREATE A SECURE PASSWORD! Using your dogs name with a few digits from your address is not a secure password, granted it is better than just using your name but with a bit of social engineering a hacker can put two and two together. A secure password should probably be about 8 characters at the minimum and contain uppercase letters lowercase letters a number or two and one and more special character such as @ or !.
You may be saying to yourself “why would anyone want to hack my network?” But the answer is as simple as this, if you think your data is valuable enough that you would want to secure it by using firewalls and placing everything on a centralized server then you must think you have something very valuable to protect. And if you feel it necessary to protect it then someone will think it’s worth trying to steal.
Product Categories
Prices
$170.00 - $420.00$420.00 - $680.00
$680.00 - $2,000.00
$2,000.00 - $3,000.00
Over $3,000.00
Show All
