Posted by on July 31, 2008 under Uncategorized | 
CITRT Fall 2008 look out!
I am registered - finally. I got final agreement from the co-CFO (Mrs. Bitbud) and filled out my registration. The $50 fee is nothing compared to flights from Tampa and hotels… oh well.
It was just a few months ago I stumbled upon Justin Moore’s website in a Google search for something, which then linked me over to Tony Dye’s blog, and then to the CITRT website. I don’t remember what I was searching for, but I found it… and a whole new world was open to me. I got excited to see such a large group of like-minded guys (and gals too, I am sure) that are passionate about God and IT! And had organized into the Church IT RoundTable.
When I saw the upcoming meeting was to be held in my original home state of South Carolina (I try to make the trip up once a year from Florida), I was already counting the days. Charleston… I’ll be looking forward to some Sticky Fingers Bar-B-Que and A.W. Shucks Seafood - I hope those places are still there? Last time I was in Charleston was for Promise Keepers a few years ago.
So how does the whole Round Table thing work anyway? I’m excited… just gobbling up information. I want to be a part of the whole thing, from open to close.
Trace - If I can help (from Tampa) let me know.
Read more of this article »
Posted by on under Uncategorized |
I have been knee deep in encryption process documentation and implementation the last few months and have come to the (obvious) conclusion that in today’s technology age, encryption is a key IT responsibility, second only to backups. And just as backups are something we take for granted (honestly - how often do you backup your computers at home) so is encryption.
That is, until something happens such as you lose your laptop, USB key, CD, etc… Maybe you do have a backup, but and you are unsure about what critical or private data was on it? Or a real example, your Director of HR puts their laptop through the security scanner at the airport and then forgets to pick it up on the other side (yes, it has happened).
Most small organizations don’t have the time, resources, or foresight to appropriately address the encryption aspect. I’ll be posting a new series of articles covering encryption on PCs, Servers, Networks, and data in general. Of course, it will all be done using FOSS (because FOSS based systems are the best I found, and encryption SHOULD be OS, to know that it is working as advertised). To start, here is a short list of key components to your path to full encryptification 
:
- KeePassX http://www.keepassx.org/
KeePassPPC http://keepasssd.sourceforge.net/ for Windows Mobile
KeePass http://keepass.info/ for Windows, and other links
I just started using this a few months ago when I needed something that worked on Linux, WMobile, Blackberry, and Mac. The beauty of this is cross-platform (and its FOSS and works well). There is a client for Linux,Windows Mobile (the two I use most), Windows, Mac, Blackberry,Java… It is super portable, has a nice organization structure, and even allows the storing of documents. I’ll elaborate more on it later - but for now, you need to get it!
- OpenVPN http://openvpn.net
Again, cross platform is the key here. Simple on the end users to connect, and works seamlessly through firewalls. Even supports Vista x64.
- Encrypted LVM
This isn’t a specific application but more a design process. For me, encrypted LVM is in use on the servers (and on MY laptop and PCs). I use Encrpted LVM, DRDB, Heartbeat, and NFS as the NAS configuration for storing the KVM Virtual Machines of ALL servers. A nice, secure, portable server package. I’ll elaborate more later.
- TrueCrypt http://www.truecrypt.org/
Again - cross platform FOSS is a beautiful thing. This last application will cover your needs for those pesky Windows and Mac users
- OpenPGP for E-mail http://enigmail.mozdev.org
For encrypting or signing e-mail in Thunderbird, OpenPGP is the standard bearer here. If you’re cool, you always sign your e-mail.
This is a short list hitting on some encryptification highlights on what I am using. Hope you find it helpful. Are you using any of these apps? How? Or something different? How’s your experience with it?
Oh yea, I just came across Adeona http://adeona.cs.washington.edu/
Nothing to do with encryption, but more of a FOSS Low Jack for your laptop. Interesting…
Read more of this article »
Posted by on July 26, 2008 under Uncategorized |
I’ve said it before, and I’ll say it again, unless you enjoy the spurious network outages or performance issues caused by a poor network card, by an INTEL NIC EVERY TIME. Even if your motherboard comes with another vendor’s NIC, get an Intel. Absolutely, if you are doing virtualization (any type of virtualization) use an Intel, PERIOD.
Yes, I am biased towards Linux support, and Intel has been a great supported of Linux. However, I have run into the same issues with VMWare Server on Windows - Broadcom NIC has issues, Intel NIC works great.
You’d think I’d learn my own lessons…
I setup a new KVM virtualization host server recently (HP DL360 2*Quad AMD, 18GB RAM), deployed it to the data center, and returned to the main office to happily remote administer via SSH - only to find the system no longer accessible. Of course the license for the iLO (Integrated Lights Out) interface hadn’t arrived yet, so another trip to the data center was in order to examine why the brand new server suddenly decided it didn’t want to talk to me.
Although I had installed a quad Intel Gigabit NIC, my host NIC was assigned to one of the on board Broadcom’s (thanks HP, for continuing to use these “high quality” NICs on your “high-end” servers). Needless to say I shouldn’t do that again.
Lesson re-learned…
Have you had a similar experience? Especially when virtualizing?
Read more of this article »
Posted by on July 25, 2008 under Uncategorized |
It has been many, many months (years?) of hard work, but we have finally cut-over to our new Joomla based website, and I have to admit it looks good! (check it out at yesheritage.com) All the credit for the good looks goes to Trent, who is the new “graphics master”. My job has been pretty easy after setting up the server and getting it configured - I just run around restoring the site after Trent accidentally deletes everything
.
We finally moved off our Drupal based site. Drupal is a great product for an admin (me), but Joomla was just easier for our end-users to work with, so that sealed the deal. This is just the first phase. Next will be adding in some new modules and housekeeping around the site to get it more organized. DOCMan and the newly updated Fireboard Message board system are in the works.
Then the big one, CiviCRM. It is already installed, we just aren’t using it yet.
Big thanks to the Joomla Team and all of it’s contributors, as well as the Web team at HCC: Rebecca, Natalie, and ‘Delete Master’ Trent.
So, do you use a framework like Joomla for your site? Is it custom?
Interested to see what it used to look like in (before I started going to Heritage)? I pulled this from the Internet Wayback Machine. It is quite… sparse
Read more of this article »
Posted by on July 23, 2008 under Uncategorized |
When you setup a network interface(s) for a Virtual Machine (VM) you must assign a MAC address to that interface. Much like an IP address, you must insure that the MAC address you assign does not conflict with any MAC address on your network. For a home network, it is simple enough to check the MAC address of each device, but in a larger environment with a large number of devices the task can be much more difficult.
For either situation, there is an easy solution. A reserved range of MAC addresses exists, much like the reserved range of IP addresses for private use. It is technically referred to as a Locally Administered Address, or LAA. Where a MAC address is comprised of a 6 octet address (in hexadecimal form), the LAA range has the second LSB (Least Significant Bit) set to ‘1′. So valid ranges for LAA in hex form are:
Read more of this article »
Posted by on July 15, 2008 under Uncategorized |
I read a blog today (Jason Lee - Exchange Storage Limits) and the question posed was what you think were good guidelines on storage limits for mailboxes when using Microsoft Exchange. Nothing is so simple in my mind…
I think a new philosophy is needed regarding e-mail. The tools/ technology (Exchange in this case) should not dictate what the user’s needs are/ what the business requires. As such, we do not impose storage limits (today), although the PST Unicode format limit is 20GB. Our Exchange DB is broken into 16 storage groups, between 20-50GB each.
Too much time is wasted by the user trying to manage e-mail, clean up e-mail, archive and move e-mail. They have other things to do. The world has changed, and e-mail is now a central personal repository for storing information. A user should be able to store as much as they need to, and be able to easily search the data.
The real problem isn’t the data stored in this case, its the architecture. Exchange’s single file database storage is archaic at best. Microsoft needs to to move to a maildir type format (one file per message - which they won’t do). This would speed things up immensely, AND improve DR capabilities.
As such, we are working on implementing a Courier IMAP system for “primary” unlimited storage, and the Exchange mailbox will be pulled back to 100MB. Exchange will remain in place for it’s groupware features that the users are dependent on (read - Outlook). The Courier based system is a rocket by comparison, on much less hardware.
My point is that IT really should NOT dictate how much a user can store or how to store it, IT should just make sure they meet whatever the user’s needs.
Read more of this article »
Posted by on July 14, 2008 under Uncategorized |
Get the new virtualization goodness at:
http://kvm.qumranet.com
Details:
Read more of this article »
Posted by on under Uncategorized |
We use HP Proliant server which have iLO (Integrated Lights Out) which allow for remote management of the server, including power on/off and virtual media - as though you were in front of the system. Anyway, the remote console require either IE for Active X (no thanks) or Java.
The catch is that currently (July 14th, 2008) Ubuntu 64 bit’s Java Plugin for Firefox 3 doesn’t work (or rather, doesn’t exist). There are way too many posts on the subject, with various non-working work arounds.
Read more of this article »
Posted by on July 9, 2008 under Uncategorized |
Using RAW virtual disks in KVM is my preferred method. Granted QCOW2 has some more/ different features, but there is still currently an issue where you sometimes get corrupted data, at least when running a Windows Guest (attach link here).
Read more of this article »
Posted by on July 4, 2008 under Uncategorized |
Interested in the technologies we use at church?
Server OS: Ubuntu 7.10 and 8.04 Servers
Virtualization: KVM and KQEMU (bye-bye VMWare and Xen)
Firewall: PFSense
Website: Drupal (Joomla coming soon)
E-mail: Zimbra
Switches: cheap stuff
Wireless: cheap stuff
Internet Bandwidth - 20mbps up/ 20 mbps down (yes - it is nice)
NAS - FreeNAS and Ubuntu as NFS Server
Ebox - Windows domain/ file sharing capabilities
We were using Plone for Intranet. A good application, however. trying to find something lighter (no Zope) and possibly integrate with Joomla. Simplification is key, and I don’t want to administer the Zope framework just for the Intranet. Looking seriously at Alfresco, however its Server side Java makes it a bit ‘heavy’, and then there is a new system for administration. Great functionality though.
Coming soon(ish):
Convert Zimbra to OpenLDAP, Postfix, Courier, and SOGO (Scalable Opensource Groupware). Java based systems are just too heavy on resources.
Considering also Citadel + SOGO.
Switching from POTS to Asterisk + VOIP. Asterisk on Ubuntu running on KVM. Vitality as VOIP provider with Linksys ATAs.
Implement Quagga for OSPF border network.
Apps in use:
Lots of apps, lists coming soon
Read more of this article »
