Monday 14 December 2009

Iiiittttsss Chriiiiissssttttmmmaaaaaassss!

Somone mentioned the old Slade hit from the 70's and I haven't been able to get the damn tune out of my head all day! I think that it's going to drive me crazy! (Mamaa, weer allll crazeeee now!)

Many years ago, on 24th December, I would stay right to the end of the day, and last thing would shut down all of the servers. No-one would be back into work until the first week of January, so it seemed pointless to burn all that power for no reason. Plus it gave the equipment a chance to be shutdown properly and restart. This doesn't always hurt as it can clear out any rubbish in memory.

The trouble was that the CEO felt lost without his email - after we gave him VPN access, he wanted to be able to check his email on Boxing Day, just because he could. Then of course, he wanted to be able to check the sales figure - why? There have been no sales and won't be for 2 weeks - but he wants it, so he gets it. And of course, that means all of the ERP systems have to be running. By the time that you work out which systems he might possibly want, it's easier just to leave them all running. (And of course, you know that he is going to phone up to check if the figures have been updated!)

So we don't shut things down anymore - and that means we have to keep an eye on systems to make sure that nothing untoward is happening. As you can imagine, the WAGS take a dim view of this - it only takes a few minutes to logon and make sure that each of the servers is up and running, but the amount of time is not the issue. We have automated alerts to let us know if specific events occur, but it's not quite the same and there is always a possibility that the relevant alert doesn't get through.

So the laptop is going to be hidden away somewhere, and an excuse made to either "take a nap" or "pop down the pub" - then a quick logon just make sure it's still all OK.

Whatever; we are fast approaching the holidays and the end of yet another year (where does the time go?) From my staff and I, the very best wishes to all the readers of this blog and to all the hardworking IT staff wherever you are. Have a great Christmas and try to enjoy whatever time you are allowed to take off. See you all in 2010!

Tuesday 1 December 2009

Up in the clouds

One of the hot topics in IT at the moment is “cloud” computing. Effectively, outsourcing your hardware to a dedicated data centre. A lot of people try to convince me that this is the way forward, that everything should be put “on the cloud” and that this will save astonishing amounts of money. I’ve seen some of the calculations and I am not sure that they always stand up to scrutiny.

For example, I looked at a Dell PowerEdge unit – the cost to buy outright (£1,200) was a bit higher than the cost to rent in a data centre for a year (£700), but obviously over a longer period such as 4 years, it would work out cheaper. There is an advantage to the cloud offer in that they would replace the equipment (probably with newer equipment) at a set point, but then it doesn’t appear on the asset ledger in the company accounts, which upsets the beancounters.

Of course the purchase price doesn’t include the Operating System, whereas the cloud offer usually does (but not always); and there is the cost of electric to run the item and to provide cooling which have to be factored into the equation. There is also a need to provide anti-virus protection, patch updates, data backups etc. Again, that is not always included in the price of the hosting contract and so might need to be added to their quoted price – something that is always clear.

In addition, there is the cost of managing the unit – and they don’t always provide all of the management services that might be needed. In most cost comparisons, they show a figure for on-site management (and I sometimes feel that these figures are inflated a bit) - but then they don’t include similar values in the cloud offer even though it would be appropriate to do so, making the comparisons meaningless.

Suppose the 4 year basic cost of renting the server in a data centre would be £2,800 – reading the small print of some hosts, adding in the other items could take it to as much as £4,500. My calculations show the internal cost of the device for keeping it on site could be about the same, perhaps just a little more. Certainly the outsourced system might still be cheaper, but not by that much.

Then there is another point – what happens when things go wrong. It doesn’t happen that often, but when it does, the PTB want to know that someone is working on the problem. They like to be able to go into the server room, and for staff to point out flashing lights, explain what is happening – it gives them enormous comfort to see that someone is on the job and that the problem will be resolved evetually. This can’t happen with an outsourced system – even with numerous phones calls, they just don’t get the same level of reassurance, and you cannot put a price on that.

Now I will accept that I have used very generic figures – and to be blunt, most numbers can be manipulated to show pretty much anything that you want. Ultimately, it should be down to each individual case to be decided on it’s own merits. If it makes sense to keep it in house, then do so; if it is cheaper to host outside then that has to be the right decision.

For example, we have our company websites hosted externally – the cost is far cheaper than we could do it for as we don’t pay for a whole server box, and in addition, we don’t have to provide 24 x 7 support which would really rack up the support cost. However, we maintain our own CRM system – we checked it against SalesForce.com and our internal system works out at half the cost over 2 years. We also maintain our own ERP system – we were offered the chance to have it outsourced, and the cost of the management fees per year alone was more than the wages of our entire IT department.

So I suppose my advice would be to look at the numbers very carefully – make sure that you are really comparing like for like. Then think about the importance of the systems to the business and what would happen if the external system failed and how much of an issue it would be. If the risk is acceptable and the figures check out, then by all means outsource it. But I would strongly suggest that for many people, cloud computing is not the great panacea that it is made out to be, and that it would be appropriate to think carefully before rushing headlong into a situation just because it is the latest, greatest thing.

Thursday 26 November 2009

Temporarily offline - working from home

I went up to London to a training session on Monday of last week. It was a really good session (better than I had hoped for) and I thought it well worth while. Unfortunately on the Tuesday afternoon, I started to feel a little unwell - shivering, shaking and sweating. By the end of the session, I was feeling really bad, and the trip home was a real struggle. I eventually got home very late (almost midnight) and I literally collapsed into bed.

It was a rough night - hot & cold sweats. The next day I felt more ill than I have done in a very long time. I had thought about grabbing my laptop to do some work, but I couldn't get up the strength to go downstairs to get the bag. It wasn't until the Thursday that I actually felt well enough to do more than stagger a few steps. When I did get back online, I quickly cleared a small backlog of emails, dealt with some enquiries over access permissions, and processed some internal items.

For most people in IT, this is actually quite a straight forward situation - there really is nothing particularly unusual about it. Within our company, most senior managers, departments heads and the sales people are more than capable of working from home for several days, perhaps even a week or two. We have also started putting together some processes to allow some of the other staff the option to be able to work from home - driven partly by a need to ensure business continuity, but also to allow a more flexible working pattern.

However, when you look at a lot of companies they just don't have the faciltiies for this. There is still a real antipathy towards the idea of remote working, and it is seen as less than desirable. Yet there are so many benefits - reduced travel costs / environmental impact, better work / life balance, the opportunity for staff to cover a longer working day, more productivity and the option for some people to hold a job when otherwise it might not be possible due to family committments or health issues.

Will this situation change? I think it will as many of these companies will start to find that they have to adapt to these new patterns of working. But I suspect that it may still take many years before everyone gets the option. A real shame - but I suppose that is just a reality of life.

In the meantime, I'm now back to work and it's almost as if I hadn't been off.

Friday 13 November 2009

Microsoft Data Protection Manager Server 2007

I written about this software before, but my staff and I think that it is such an awesome utility, I’m going to post some more comments about it. Quite simply, it is the best product that Microsoft have produced in quite a while, but for some strange reason, they just don’t promote it. As we are using it and it works so well, I thought that it would make sense to share some of our experiences.

So what is DPM Server 2007 and what does it do? Essentially, it allows you to backup servers and workstations using a disk-to-disk process, then a disk-to-tape process for longer term storage. In days gone by, almost everyone used a tape backup process as standard – but there are some serious issues with this.

Tapes stretch, or suffer degradation which makes them less reliable. Add to that, people have to change the tapes over (and sometimes they get tapes mixed up) and if you have to rely on non-technical staff on remote sites to change tapes (as we do), then you’ll know that they often forget to do it. Regularly, the backup software throws a wobbly so nothing gets backed up; and they don’t know how to check this or correct it, so they change tapes without anything being written to them.

Even if all has gone well, the recovery process can be awkward. First you have to make sure that you have the tapes (or even the right ones), someone has to change them back over, and sometimes you have to then inventory the tape to find the relevant file before you can recover that. Add to that, if it is a database, then you have to try to work out which bit you are going to receover – the actual file, the transaction log; it can get quite complicated.

The problem is of course that people do delete or over write files – this happened this morning with one of the design office guys at one of our remote sites deleting some drawings that another person had worked on yesterday. To recreate them would have taken probably the best part of a full day, and they are actually needed for a meeting with a customer, so they were keen to get them back as quckly as possible.

The recovery process is so simple with DPM Server, that it is almost embarassing. In the recovery console, point to the relevant server, open the drive and navigate to the file / folder. Click on it and select recover – then choose the options, such as restore to new location or overwrite, original permissions or new permissions, etc. Click start and wait for a about 1 minute while it starts the recovery process, then watch as the files are recoved. In our case, about 18 Mb of data restored in just over 2 minutes to a remote site. No need to panic, no swapping of tapes, no need for staff to run around like headless chickens.

As you may imagine the staff at our remote site were pretty greatful – we’ve told them that they owe us a few drinks the next time that we are up there (and you better believe we intend to collect!). But in all seriousness, the DPM Server makes the backup and recovery process so straight forward that our lives are considerably less stressed as a result. Anyone responsible for the data integrity of a business should really consider looking at using this product – you will make your life a lot easier.

Wednesday 28 October 2009

BCS South West

A couple of weeks ago, I attended an event organised by the BCS South West (but forgot to post this write up!) – it was a presentation entitled “Towards Onlince Safety” given by Ken Corish, an Education Advisor. Although primarily intended for parents of school children, I felt it had a lot to offer those of us working in other areas such Commerce or Industry, and thought that many of the points made by Ken were highly relevant.

The presentation notes can be downloded from the BCS website: http://www.bcssouthwest.org.uk/server.asp?page=pastevents (Towards Online Safety). These give a really good overview of the current situation and how the issues are being tackled. However, watch out for a couple of the pages as they contain some really bad language – just bear in mind that the screenshots are of real pages created by children on social networking sites and you might be a bit surprised.

In addition there were a couple of short videos shown that were created by CEOP as part of the process of educating young people about the potential problems – these have been shown in many schoools and I would suggest that if you are a parent, you might want to see these for yourself. They can be downloaded from:

http://www.youtube.com/watch?v=-IOOn2wR8bU (Where’s Klaus?)

http://www.youtube.com/watch?v=vp5nScG6C5g (Think U Know: Girls)

http://www.youtube.com/watch?v=q4vyRBMjEv8&feature=related (Think U Know: Tom’s story)

http://www.youtube.com/watch?v=4w4_Hrwh2XI&feature=channel (Think before you post)

http://www.youtube.com/watch?v=CE2Ru-jqyrY&feature=related (Once posted, you lose it.)

Ken made the point that many adults don’t understand some of these issues, and so how can we expect children to. However, it’s also clear that many adults know little about online safelty or think that it is someone else’s responsibility. Whatever your view, it is important that the message does actually get around to everyone.

The Internet can be a great place – there is a lot of really good information available, you can achieve a lot and make great friends particularly if you are reasonably savvy. But it has its darker side and sadly, there are some really nasty people out there. However, that reflects real life and we should make sure that the more vulnerable people (and not just the youngsters) are properly educated to make sure that they stay safe.

I don’t know what I want – but I want it now!

Anyone that has had young children or has worked with them will know the feeling. Children can’t articulate what it is they want, and because the adults around them don’t understand them, they don’t get what it is they think they want (and often if they do get it, it turns out not to be what they really do want!).

Sadly this is often the case with many business people as well. They don’t understand the technical side of technology, and can’t use the right terminology to explain what they need (and often don’t actually know what it is they want). This can cause enormous frustrations on both sides – IT people are expected to be mind readers and business people are surprised that their simple requests seem to be so hard to fulfill.

We’ve had an example of this just recently – Sales wanted a report that would show some sales figures. However, they assumed that it was just a case of “output sales figures”. When it was then identified that there are a large number of fields in the database that hold different figures showing different things, they simply couldn’t understand this. As a result, the report produced is meaningless because it produces the wrong values for what they need. After several rewrites, it still doesn’t give what they want, and we appear to be nowhere near getting a satisfactory output.

Another issue has been some data that was used in a system that is not part of our remit to look after. That system has failed and they cannot get access. We’ve taken on the challenge of recovering the data, and we were getting phone calls every hour to ask how we were getting on. Fortunately, we have found a way, but it is irritating to have to keep explaining that the interruptions are delaying the process and as we are not psychic, we don’t know how long the process will take.

This is not a new problem, nor is it just confined to specific areas of the business. I’m sure that everyone has had to explain to senior managers that just because they have one copy of Office 97, they can’t install it on every single PC. Similarly, they are very keen to block access to web sites that they think are inappropriate for work, but it then turns out that they were the ones going to those sites!

Over the past few months, there has been a lot of discussion about future developments within IT; a lot of this focuses on the development of cloud computing. I’m not entirely convinced that it is the best way forward for everyone, although I can see some major advantages in certain circumstances. However, the problem is that some of those concerns are of a technical nature – the business people don’t understand the potential problems, and therefore can’t see the risks involved.

The problem is of course that many of the individuals concerned simply don’t want to learn the technical side of things – it then falls to the more technically minded to try to educate them in an appropriate way so that they can appreciate the problem. However, to do that, we have to be able to understand what they need so that we can provide the correct response, and in a way that they will appreciate the message. Basically, we need all IT staff to develop a certain level of business acumen (or to enhance their parenting skills!)

Monday 5 October 2009

The Sad, The Mad and The Bad.

A while ago, I was asked to take part in the Microsoft Technet Community Council. We had a meeting a few weeks ago and it was really positive – from comments made on the day, I think that Microsoft are serious about listening to people and taking their views on board.

Whilst I was at the meeting, I met several of the Technet staff, including James O’Neill – I’ve followed some of the stuff that he has done in the past, and it was really good to see the person behind the writing, so to speak. He’s really driven by his passion for technology and has written eloquently on several topics which I have found of real value. Catch it here at: http://blogs.technet.com/jamesone/

So I was saddened to read his latest piece - it turns out that he has been the victim of a theft, and has lost many treasured items that were in his laptop bag. No top of the range gizmos, but none the less, things that mean a lot to him. His blog shows the anger and frustration he feels – it’s a terrible thing to become a victim and although several other people have offered their condolences, I know that he will still feel the pain of the loss.

Many people have their lives in the mobiles or on their laptops – contact details, names, addresses, numbers. Many others keep other ID details and some even keep credit card or other bank information in their devices. Losing the device is bad enough, but then these people are unable to run their normal lives until they can replace the missing information. And if that information falls into the hands of bad guys, then they really have major problems.

People are generally trusting; we assume that other people will behave in a way that is similar to the way that we ourselves would behave. It’s a terrible blow when we realise that some people are not as trustworthy as we would like. It’s even worse when the people concerned are people that we know or trust. In this case, it was a public event organised by Microsoft for technology specialists - in other words, probably one of our own.

For many years, I worked as a manager for a number of the bigger UK retailers, some of whom are still around, a couple long gone. At the start of my training, I attended a security session – the trainer was the company CSO, a former senior officer with the Metropolitan Police. His first words to our groups of trainees were, “There are only 3 types of people in the world; the Sad, the Mad and the Bad. Everyone falls into one of these 3 categories – and that includes all of you”.

His cynicism was the result of many years dealing with the public – no doubt, he had heard every excuse, every sob story, met people that had suffered the slings and arrows of outrageous fortune and met many, many people that were just no damn good. But everyone? And he then made the statement that we lost more through staff theft, than through pilfering by customers. I argued with him, but to no avail; and his response was that one day I would understand. And I hate to admit it it, but yes he was 100% correct.

Monday 21 September 2009

Sniff, sniff.

I woke up yesterday feeling a bit ragged around the edges – sneezing / sniffing, coughing, eyes watering. No it’s not flu (not even Man flu) just a bit of a later summer cold. No aches, pains, shivering etc.

However, it did make me think again about our Business Continuity planning. I did some work on this a couple of years ago and we actually have a basic outline plan of what to do. I went through it earlier in the year with the HR manager as they were concerned about the possibilty of the swine flu epidemic causing us some issues.

Although nothing much happened at the time, going on past experience of influenza pandemics, there will be another bout of it over the winter months, and possibly a third wave later next year. Although it seems that swine flu is not as virulent as other strains, it could still cause some staff to take time off work.

As we are a manufacturer, production is likely to be affected by a reduction in staff available. They do have the capacity to run some light shifts, but it may be necessary to move production between the different sites. Fortunately possible as we have standardised methods – we don’t yet have a single system to control this, but that is a longer term project that is underway.

For office staff, we currently have a number of key people that work with laptops; these people have a remote access facilty that allows them to connect to internal systems and continue working. We are currently looking to replace a number of those laptops and the older ones will be kept back, cleaned down and issued for use in an emergency situation.

We also installed a new telephone systems a while back – we still have some more modules that could be added to this, but we hope the new system will aslo improve the way that staff can communicate with customers and suppliers in the event of some issues.

But one item that I did discuss with management hasn’t been fully implemented yet – a scheme to encourage better hygienic practices. Anyone that has worked in food production or in the health service will know that considerable resources go to training people to take more care over preventing passing on germs. I worked with some people in a lab for a while and the level of bacterial infection found in some of the swab tests could really put you off your lunch! And I’m sure everyone has stories of what they have found under the keys of a keyboard!

It’s strange how people that are so careful to wash their hands after relieving them selves, don’t bother to give their work surface even the most cursory of cleaning. And how many telephone handsets get a wipe with a cloth that looks dirtier than the surface it’s being used to clean? Perhaps we need to have a new certification – the correct sanitisation and cleaning of Personal Computers!

Friday 11 September 2009

Suffering with Delusions of Adequacy

Some years ago, I came across the phrase “Suffering with delusions of adequacy”. It was used in a contemptuous way to describe the attitude of some people working on a major project – the people concerned hadn’t bothered to check their work as they knew that what they had done was totally perfect because they had done it. In fact their work was severely flawed and as a result, the project delayed whilst the problems were fixed.

It’s possible to see this attitude on many different user forums. Someone will pose a question, and another person will then post a response belittling the first person for their lack of skill. However, the individual leaping to criticise the other may not have taken all of the factors into consideration and as a result, the comments may be completely inappropriate.

I had a situation like this some years ago – a frantic sysadmin posted a comment on a forum about a problem with an ERP package that wouldn’t startup. One of the forum moderators responded with a confident assertion that the person had a virus and would have to completely re-install the OS and ERP package. I posted a comment that I had the same problem myself just 2 days before, and that it was solved by one of the run time elements being restarted – perhaps they should look at this first. When this was suggested, the moderator posted a major rant that newcomers should keep quiet!

In another incident several years before, I worked with a programmer on a large software package. I was running some tests using a manual script to check the functions of the software after a number of changes. I came across an unusual error which I reported to him – his response was that the software worked fine and it must be an error in the data that I was entering. I sent him copies of the data, screen shots of the process, yet he still refused to acknowledge there was a problem.

This went on for 3 weeks – eventually I spoke to another programmer who checked the code and found the error. It subsequently turned out the the first programmer hadn’t even bothered to run the checks – if he had, he would have seen the problem for himself as every other programmer did when I checked with them. This was extremely annoying as the wasted time could have been saved for more important issues and the faulty code had been issued to customers and had to be replaced.

Of course this is not specific to programmers (although they can be bad!) I’ve had discussions with networking technicians that refuse to accept that they could have made a mistake in setting up a routing table, and DB admins that can’t accept that their precious database is flawed. And don’t even get me started on consultants! As for the linux lovers and mac fanboys with their “my OS is better than yours”, they can be a real pain at times.

It seems that there are a lot of people in the IT world that suffer with delusions of adequacy. I’ve long felt that we need to try to improve the professionalism of the people that work in the industry, and this is one particular area that needs looking at. It seems to me that there are just far too many people that think they know the answer to every single problem, but need a large serving of humility. Whilst people act as if they are the fount of all knowledge when they clearly are not, it will be difficult to persuade others that people working in IT really are professionals.

Monday 24 August 2009

(Un)Social Networking

People are social animals for the most part. We love to communicate with one another, share information about what we and people we know are up to – and it’s been suggested that this is why human beings developed the capacity for speech. In years gone by, people wrote letters to one another, or if urgent would send telegrams. Later, the telephone allowed actual real time conversations between people and that has lead to the growth of the more modern methods.

With the growth of the Internet, different methods of communicating have been developed and are used by people to enhance the way that they converse. And this has created a major problem; many workers want access to these new methods of communicating – instant messaging, blogs, wikis, social networking, video streaming and photo sharing sites. This increases the amount of data being transmitted and stored, which also increases the pressure on resources, and adds to the possibility of security issues.

Now many will maintain that these new methods provide significant benefits to the modern organisation – arguments are put forward such as “providing new revenue streams”, “improving marketing opportunities”, “ensuring real-time communications” – all the usual buzz words that you get from the people trying to persuade you that this is the way forward.

I like to think that I am quite open minded about most technologies, and I can see that there is a lot to be gained on a personal level from the use of these products. I can even see a number of practical applications within a business environment and have planned some projects to explore some of these. However, I do have a number of concerns relating to the security of these systems and how much time people will spend on them.

For example, being cynical I know that most data losses are caused by internal staff, not by outsiders hacking into the systems. Most companies are extremely protective of their data; but the social networking facilities can make it very easy for this to be copied and moved.

There is also the possibility that these systems could provide a route in for malware to be loaded. A user wants to install a new “Tool bar” application they see advertised on an IM message and click to install, not realising that what they are really doing is installed a keystroke logger.

Of course, there is also the concern that the staff may spend more of their working day actually chatting or posting items online rather than doing the job that they are supposed to be doing (I’m doing this in my lunch break!). And we have all heard the stories of embarassment of people posting comments in emails or on Facebook that are then sent around the world. These can cause an organisation to lose business and come to haunt a company for many years after the original event.

I think that there is a place in work for some of these tools – if we can teach people how to use them properly. But we have to make sure that they are being used appropriately and that we have a set policy so that all staff know where they stand, and we have to make sure that we can enforce these. I doubt that we can completely block their use, but I think it appropriate to try to set some ground rules so that we can at least try to make sure that they are not being used inappropriately.

What do you think?

Tuesday 11 August 2009

The battle of the Vs – VMWare vs Hyper V

Last week, I and one of the guys in the department had the chance to attend an event that demoed VMWare 4 and Windows Server 2008 R2 with Hyper-V. Many thanks to the people at Nexus in Exeter (http://www.nexusopensystems.co.uk/) that hosted the event, especially Gary that did the demos.

The presentations were quite straight forward. The first session was VMWare and we were shown the installation process starting right from the bare metal server. The actual installation process was Linux based and took about 20 minutes on releatively low spec machines. Once it was all up and running, we had the chance to see some virtual servers being created – literally just a matter of a few minutes work. We also discussed the switching process and the various options, and briefly saw how to create virtual switches.

There was a bit of a discussion about the merits of the VMWare product – how it allows you to “overload” by selecting options for the virtual servers such as levels of RAM that total up to more than the physical amount actually available. I would want to check this out for myself, but it certainly seemed to run OK.

We then discussed clustering and resiliance and the demo that followed showed a high definition media file being moved from one virtual server to another – the file ran constantly during the move and there was not even a slight pause during the process. Really impressive! Certainly, this would be of significant value in a situation where you are having to move production data when people are still working on it.

The demo actually ran over a bit as we were really interested in the product and had several questions to ask about various aspects – and Gary was only too pleased to show us the various bits in response. There is no question that it is an awesome product.

We then had the chance to see Hyper-V in action and for me it was the first chance I’ve had to look at this. We have Windows Server 2008, but not the R2 version which contains the hypervisor. The main difference between the two is that the VMWare hypervisor sits above the hardware and handles all of the driver requirements. Hyper V sits at the same level as the OS, just above the hardware, but each virtual server will handle it’s own drivers seperately. It also doesn’t allow overloading of resources – once you hit the limit, that’s it.

From what we saw, the Hyper V runs well – certainly it provided a smooth experience whilst we were watching it and the test moving the media file ran pretty much the same. There were a few diffences in the way that the virtual networking operates, but certainly it seems to run as we had expected. It definitely doesn’t have all the functionality of VMWare, but then there is a price difference – it’s a lot cheaper.

I’ve been looking at this now for a few months (in between other jobs) and I’m convinced that virtualisation is the way to go. It will certainly cut costs in terms of the electric bill, and it will also fit very nicely into our backup process / business continuity / disaster recovery planning. About half of our servers will reach 5 years old next year, so it seems a good time to start planning a move over to a virtualised system.

We have had a couple of visits to different vendor demos and they have been really useful. Although nothing has been decided, we are leaning towards the Dell Equalogic equipment – it seems to be everything that we could want and a bit more. The big issue of course is what software to run on the servers which is why we wanted to get to the event in Exeter. Howevever, I still not sure which one I think is the best option for us.

I’ve therefore planned that in the new year, say Jan / Feb 2010, we will get ourselves a spare server – there are plenty of cheap machines around at the moment. There is a trial version of VMWare available and of course, the Technet subscription allows us to install an evaluation copy of Server 2008 R2. Hopefully, this will gives us the chance to actually work with both products so that we can get a really good idea of which one we prefer – all we then have to do then is sell it to the powers that be!

Wednesday 5 August 2009

Terminal headaches

We have been trying to implement some new software for the CRM – the product has been used by one of our sites for some time, but not on the other sites. They had tried to use it before, but it’s not designed to be used across a WAN, so it had been set-up as multiple databases and when they started getting issues, they just stopped using the product.

The company concerned have issued a new version and our sales people have seen it and really like it. The vendor has produced a modified client GUI to run in a web browser – the idea is that those users on the remote sites would make use of that and so we could run a single database for all sites.

Well, that WAS the idea – the software runs OK locally, but when it was running through the browser, it was not as fast. Although it was usable, there was a definite speed issue, and we were worried that the users on the other site might not be convinced enough to use the product if the speed was poor.

It then occurred to me – the database was installed on the server and we also had a copy of the client software installed on the server so that we could test it was running as it was being set-up. I did a quick RDP to a server on the other site, the from there did another RDP back to the server on our site. The speed of operation was good – as far as I could tell, the speed was the same as if we were running it directly at this site.

So I set-up some shortcuts and emailed them to the users at the remote site, and then talked them through how to save and use the shortcut. They agreed that this worked well and they were really happy with the speed of operation. But then we hit a snag – only 2 users at a time. As we are talking about having some 20 remote users, then there is clearly a bit of a problem.

Now my predecessor had bought volume licences for a lot of software which included some terminal server licences, but unfortunately, none of the paperwork specified what was what. I found the paperwork ages ago and set-up a profile on eOpen to manage all of the various items. https://eopen.microsoft.com/EN/default.asp - this is a great resource and I suggest that you check it out if you don’t already use it. It allows you to see what the various bits of paper refer to and it gives you details on date of purchase, vendor, type of licence, quantity etc.

However, when I double checked, the Terminal Services licence server had been setup and the licences applied – so that wasn’t the problem. I then searched through the various bits and pieces and subesquently realised where it was all going wrong. The server that the software was installed on was set to use Remote Desktop as the licensing mode, not the correct Terminal Services mode. A quick couple of clicks and problem solved.

So now the staff at the remote site can all connect to the server and all use the CRM software. It seems to run just as quickly when half a dozen of them are using it – so they are all happy!

Monday 27 July 2009

Windows 7

Like a lot of people, we’ve been keeping an eye on the information coming out about the next version of Windows. We received a copy of the RC 1 candidate for Windows 7 on Monday (thanks Georgina) – we have a PC with a copy of Vista Business Ultimate that we use for testing purposes (a Dell Optiplex 210 with a dual core 1.8 GHz and 1 GB ram), so thought we would partition the disk and do a dual boot so that we could do a direct comparison.

The installation went quite well – some of the usual types of screens for the initial installation, but not as many as we would normally see for older OS. The actual process start to finish was a little over 40 minutes. We didn’t join the PC to the domain although we left it plugged in and it picked up on the required settings, so we were able to activate it straight away. We then joined it to the domain a couple of days later - no hassles at all.

I’ve also run another copy on a second machine – an HP dx2450 with a dual core 2.3 and 2 GB RAM. This one installed in just over 25 minutes. Again, it was a very straight forward installation, with only a few screens to configure and absolutely no issues at all.

Initial reaction to it was that it does look a lot like Vista – same screens, same gadget bar etc. However, within a few minutes, it was noticeable that it was faster that the equivalent Vista installation probably about 40 – 50% faster. The Start button, Taskbar items and other shortcuts all seem to work much quicker as well – no delays between clicking the button and the app starting to open, which was a bit of a major gripe with the Vista installation.

We added our AV product (Nod32 by Eset) – it worked straight away, without any issues at all. We then added our automatic patching tool (Shavlik) – as it’s an RC product, we didn’t expect it to work. However, it did actually pick up on the OS, although there were no patches for it at this stage. The second PC was left as a stand alone system and AVG free (8.5) was installed as the AV product. The PC was connected to the Internet to allow it to run the automated patching – again very quick, very straight forward.

At this stage, we are still testing different apps on the machines – our ERP software, some CAD software, and various applications which we use. Not one of them has had an issue with running – the UAC threw up its warnings, but I don’t consider that a problem as that is exactly what it should do.

We’ve left the test machines in an office for people to check out – so far only a few have taken the time to do this. However, of those that have used it, not one has said that they don’t like it. All comments have been very positive and it seems that a number of people are now very keen to get the product for themselves and we may well consider installing it early next year with our next hardware refresh. All in all, it seems that Windows 7 is just what the doctor ordered.

Wednesday 15 July 2009

Security 101

I don’t pretend to be a security guru, but over the last few years I have had some specialist training in this area. I’ve also read a number of books on various security topics and have developed a bit of an interest in the subject. As a result, I tend to look at things a bit differently now – and sometime what I see really gets me wound up.

This morning, I received a telephone call from someone that said he worked for the credit card fraud section of one of the main UK banks. Our company does have an account with them (we actually use several banks) and we get company credit cards through this particular bank. These are used for a number of things – minor expenses, making travel arrangements, increasingly to buy things on-line. It makes life easier, and the credit control staff in our accounts department can track the charges much more easily than though petty cash arrangements.

The person that phoned explained that he wanted to query a particular payment – not a problem. But then he said that he needed to go through some security checks to make sure that I am the right person to talk to. He asked for the card number, my date of birth, account password plus some other items – effectively everything that a crook would be able to use to pretend to be me. At that point I refused point blank – he has phoned me, and I have no way of knowing if he is in fact anything to do with the bank.

I tried to explain this to him – but clearly he was reading from a script and couldn’t deviate from the process. So I insisted that I wouldn’t discuss anything further and hung up. I then phoned their helpline (the number was on the back of the card) and was put into an automated system. Eventually, I got through a nice young lady who explained that she couldn’t put me through to that department; they only work via outgoing calls and will not accept an incoming calls “for security reasons”.

As it happens, she was able to check the required details and I was able to confirm that the transaction was OK. But I have to say that there is something fundamentally wrong with the way that this bank are working. I tried to get put through to someone to discuss this – they refused point blank. In fact it appears that the only way I can register my concerns is in writing – a letter is going to go off to them tonight and I’ll update this blog to let you know what they say.

To indicate why I’m so uptight about this, I should explain that a while ago a I bought a copy of the book “The art of deception” by Kevin Mitnick. I was a bit ambivalent about this to begin with, as I don’t think it is right to reward someone for bad behaviour; but I wanted to understand how he achieved the various expolits that he got away with. Although some of the descriptions of his activities are now out of date or only relate to things in the US, the majority of the principles are actually very relevant today.

In the book, he described how he managed to obtain information by talking to several people, using one piece of information obtained from one person to persuade someone else to reveal another and so on until he got just what he needed. In this way, he gained access to a lot of really sensitive information, and if he had wanted could have caused a lot of trouble. What is so disturbing is how easy he found it all.

In my case, I refused to pass over the information and then took steps to verify the person was who he said he was – but it appears that the bank don’t want to work that way and in fact try to prevent a fairly sensible set of precautions. Worse they are propagating a method of verification that is open to abuse, and it is likely that if the average person sees that the bank do it a specific way, they will assume it is OK and not question someone else that telephones them, potentially leaving them open for a security breach.

Social engineering is a fact not a theory – and that is why so many people still fall victim to scams and the quantity and quality of spam we get is testament to the amount of money that is involved, and the number of people that regularly fall prey to these crooks. The risks are well known and I would expect those people that are involved in areas of security to understand this. If they don’t follow good procedure, how are the rest of us going to enforce it at our level?

Friday 3 July 2009

Hot, hot, hot...

I booked to take a week off of work last week – no plans to go anywhere, but just wanted a bit of a break. It was a glorious week, with lots of sun, but not too hot, and I managed to catch up on some outstanding jobs at home, such as painting the windows. I also had the chance to sit around and just relax with a glass of wine or two….

So back to work on Monday this week. I thought that I would get an early start as there are a number of projects on the go and I wanted to get a few things out of the way. When I arrived, there was note on the door – the inventory clerk had had problems getting on the system, so had left a note for us to investigate.

When I checked the server room, everything was off and the room was absolutely boiling – we normally run at around 22-24 degrees C as we find that’s a nice temperature to work in, the servers are OK with that and it uses less power to cool the place down. I quickly checked and everything had shut down including the air conditioner which wouldn’t even re-start.

I looked at the UPS and that was showing power going in, but nothing coming out. I looked but couldn’t see a problem so grabbed a couple of power extension leads from our office and ran them around so that we could get a couple of systems running. Priority number 1 was the DHCP / DNS server so that we could get network services and that was the first one running. Next one was email – no problem there, it started up fairly quickly. But with the room so hot, I had to find a way to get some air movement. Even with all the windows and doors open, the room was still close to 40 degrees.

I pinched some fans from the HR office as a quickfix, and after about 20 minutes the maintenance manager came in. He did a quick check on the air con unit and discovered that the power breaker in the mains supply in the factory had tripped out – he reset this, but when the unit started up, it wasn’t cooling anything down. He contacted the service company who sent an engineer down later.

With the rest of my staff in, we started moving a couple of the servers – we have small backup room at the other end of the building so were able to put a couple of them down there as a temporary measure. By about 9:00 am we had most of the system running so that people could get on with the daily work.

When the engineer from the aircon company turned up, he identified that the compressor had failed and needed to be replaced. It took a couple of days to get this, only for him to then discover that anpother part had failed causing all the refridgerant gas to leak out. This is what caused the aircon to fail – and as a result everything over heated.

We checked the UPS settings as it is supposed to send an alert for various events, and it turned out that every event was ticked except the one for temperature. Doh! Basically the device had gone up to 60 degrees C and then just shut everything down. In addition, a switch on the device had tripped preventing any outgoing power.

So now we are almost back to what passes for normal – we have to make time to come in one Saturday to put everything back in place as it takes longer to build a rack up than it does to strip it down. But the aircon is cooling away nicely and hopefully, now we’ve ticked the box, it will warn us of any similar event in future.

Monday 29 June 2009

Castle walls

Just over a week ago, Microsoft held their Technet Virtual Conference – I found it a really useful event and there were a lot of interesting features. If you missed it then you might want to know that the material is still available from their main website.

During the day, items were split between technical and management; the first item in the management section was a recorded talk by Miha Kralj, one of their senior architects. He had a lot to say on the topic of where IT is likely to go over the next decade and it was delivered in a straight forward, humorous fashion. I found that I agreed with much of what he said – but there were a couple of items where I think he was a little bit out.

He talked about people in the workplace – how they fall into certain categories, Baby Boomers born the 20 years after WWII (which includes me!), Generation X, Generation Y and the latest additions to the work place, the Digital Natives. He stated that this latest generation are much more attuned to using computing devices and companies need to take this into account when planning for the future.

He argued that the Digital Natives are used to making use of newer technologies such as Instant Messaging, social networking sites such as Facebook, video sites such as YouTube or photo sharing sites like Flickr, and will expect to be able make use of these as part of their normal work routine. They are therefore unlikely to be happy conforming to corporate rules preventing the use of these products, and so companies need to “tear down the walls” to their networks.

When I heard this, my immediate reaction was one of horror – like many others, I have had to deal with issues such as virus or spyware infection caused by a user opening an email or downloading a file that is actually a piece of malware. The old saying “an ounce of prevention is better than a pound of cure” is very relevant for those of us at the front end.

I understand the value of making use of these products, and in fact we are looking at introducing some newer methods of communication to improve the way that people work. But I also am very concerned about the topic of security. The reality is that the majority of users are still very naïve about safety measures – those of us entrusted with system administration cannot afford to rely on the users to keep themselves safe, and we have to make sure that they are not put in a position where they can compromise the security of the network.

Unfortunately, the new Digital Natives may well know how to do things, but are not yet savvy enough to know if they should; or more importantly, why they should not do something (and for that matter, most other users are just as bad). We may be able to allow some windows into our secure networks, but to remove the protection completely would be a very foolish thing indeed.

Sunday 21 June 2009

Technet Virtual Conference June 09

One of the problems for many people working in IT is the tendency to work in small groups, possibly even alone – there are many more of us working in teams of 5 or less than there are that work in larger groups. Unfortunately, this can then cause us to develop a “silo” attitude to working. It’s then very easy to become blinkered in our attitudes and the way that we work.

For that reason, I try to get out of the business occasionally to attend various events, and I encourage my staff to do the same so that we can see what else is going on in the world. In the last few years we’ve been to various seminars that were on developing technology that we thought might be of use to us that we needed to learn more about, and of course we always try to get along to the supplier events (just a hint to the suppliers – guys, forget all the crappy junk that you hand out, it’s t-shirts we want!)

Over the years, I’ve seen the Tech-Ed events and have wanted to go; but the company won’t pay and I can’t justify stumping up the cash myself. So when it was announced that the Microsoft Technet team were planning to hold a “virtual” conference, I was intrigued. I work quite a bit with video-conferencing and audio-conferencing – and as part of my studies through the OU, I’m used to collaborative online work with forums, wikis and blogs. For me, making it an online experience makes a lot of sense – instead of spending money on event facilities, the resources can go into the content.

If you didn’t get the chance to attend the event, then most of the material is still available on-line at: http://vepexp.microsoft.com/govirtual
and I understand that this should remain available at this location until September 09 – I imagine that it will be available after that, but filed away somewhere else. I would suggest that there is something for everyone – plenty of useful material for the techie, and for the managers alike.

Now many people can get cynical about these sorts of things – they envisage it purely as a sales vehicle. I understand those concerns and yes, it could be argued that Microsoft is trying to sell us on the idea of buying more of their products. Well Duh! they are a commercial enterprise – of course they want to sell things. However, the event was much more about the ideas behind the use of the technology and the way that it can be used.

We are currently doing some evaluation work with Windows 7 and there were a couple of items during the event that discussed new features and the way that Microsoft sees it being deployed. These were very useful – they highlighted bits that we hadn’t actually seen and we will be making a point of checking them out at some stage. There was also information about some of the additional features in Server 2008 R2 that we want to look at – and there was a session on Data Protection Manager Server 2007 which my staff and I think is one of the most valuable / useful products we have ever bought.

A few minor criticisms – I had a couple of issues with some of the material, probably because I was watching on a laptop whilst doing some other work, so on occasion the videos were a bit jumpy and some of the lip synching was slightly off; the presentation slides could also be out of step with the talk. I had a problem with one of the sessions; it froze part way through and wouldn’t re-start. (OK, I need to buy more memory for my laptop, I only have 512M.) However, I went back to it the following day and watched all the way through. There was also an issue with the chat function – apparently even the Technet staff had this problem.

On the positive side, I would highlight one particular session that stood out for me – a look at the future in a session by Miha Kralj. Really thought provoking and delivered with sense of humour. I would have to say that I do actually take issue with some of his points and may even discuss it in more detail in subsequent blog posts. But don’t take my word for, go the site and hear what the man has to say for yourselves.

All in all, 2 thumbs up for a very useful resource produced by the guys and girls at Technet – I think that they all deserve a big pat on the back for a great job well done. I’m told that around 4,000 people took part on the day and I really hope that many more go back to the site to check out the resources in the next few months. I think that they also plan to hold more events like this in future and I for one would definitely be taking part if possible.

Tuesday 9 June 2009

You don't want to do it like that .....

A few weeks ago, I was invited to go to another company. Whilst there, I had the chance to talk to a couple of their IT people about some of the issues that they face.

One of the first things that I discovered was that they have a real problem with their Exchange Server – it regularly stops working because the database un mounts. I was interested to know why, because we have only had that happen to us once in 4 years; and that was just after we had migrated from Exchange 5.5 to Exchange 2003.

It appears that their mailbox database is 85 GB in size; quite a bit over the 75 GB that is referred to in all the material on Exchange. All of the stuff that I found indicates that this will cause regular un mounting of the database due to the limits of the product (Standard edition).

I was a bit surprised at the size of their mail store – ours is just over 16 GB in size and we have about the same number of users. I told them that we operate a rigid set of limits – 200 MB per user for their mailbox and no attachments over 5 MB in size. They were astonished that we could get away with that; they told me that their users would be very unhappy at such limits. But as I asked them, are the users happy that the email system goes offline several times a week?

We’ve found that if you allow certain people more space, they just push it to the limit and if you then give them more, they will just save more rubbish. We’ve had people delete files, then leave these in the deleted folder – just in case they want to refer to the mail. We’ve had people keep emails from 10 years ago – in many cases the sender or recipient concerned are no longer around. Unfortunately, our experience shows that users will not manage their mailboxes unless you force them to.

We also found that people were just emailing files without even thinking about what they were doing; no attempt to compress or even check if it was appropriate to email the files. The worst case was someone from a sister company sending in a .pdf file of 80MB – to make it worse, the recipient was the CEO and he only wanted the one page from the document, not the whole file. We also regularly get people sending large files to multiple recipients – a few weeks ago, someone tried to email a software attachment of 8 MB to 20 people.

So we enforce the limits with absolute rigidity, and for the most part our users are used to this. We do allow them to archive off some mail to data files that are stored separately on a server – and these are then backed up as part of our normal backup routine. As a result, we get very few problems – this would indicate that our way of working is efficient and therefore other people would be wise to follow what we do.

However, what works for us most definitely would not work for other people. I’m aware that there are people that need to keep emails for much longer and are not allowed to delete anything as they have to keep records of all contacts for regulatory reasons. There is a tendency for IT people to assume that what they do will work for everyone – a bit like the Harry Enfield character who insists “You don’t what to do it like that, you want to do ….”

Unfortunately, in many cases, the person so insistent that he knows the best way to do something is unaware of all the facts. I had exactly that a few years ago; someone insisted that I could fix a problem by doing a particular thing to the TCP/IP settings. When I pointed out that we were using IPX/SPX, it meant nothing to him – he had never worked with NetWare and didn’t understand the difference between the two networking protocols.

Despite this, I am of the view that we could do a lot more in the industry to pass information on good practice around between people. In our department, we regularly find hints and tips that we like to test out in case there is something that helps make our job easier or prevents problems from occurring. Sometimes they work, sometimes they don’t – but it’s all good.

Friday 29 May 2009

Le VPN - Il marche maintenant!

The company I work for has sites in several European countries. A few of these are wholly owned, but many are business partner type set-ups. One of the latter was in France; but last year, we bought out the partner and the business is now wholly owned by us, and the business is run as a separate concern.

The long term plans are to get them to use the same systems as the rest of the group; but this is taking a bit longer as we are in the process of implementing a new ERP system and it has to work for us first before we put them onto the same system. However, we have set-up a VPN connection, got them to transfer to using our mail server, linked in their DNS and the AD and started them Video conferencing, so they are now looking more to us for support.

Working with the staff there is OK; all but a couple of older ladies speak some English and even they manage to understand me most of the time. One young lady in particular is native French but speaks fluent English and German; she can even switch language mid sentence. It makes me feel very inadequate (but then I remind myself that I speak binary and hexadecimal!) Like most people of my age, I did learn French at school; but that was over trente years ago. Even then, it was definitely the "la plume de ma tante" style of speaking. I'm sure that I could have played the part of Officer Crabtree in 'Allo, 'Allo with great effect!

We wanted to use our equipment over there so that we could manage it, but the former partner company, whose systems the site still have to use for the time being, insist that they want to control the connection. We occasionally get problems with the VPN - their router plays up and the connection doesn't get re-set properly, so I have manually do it from our end. A bit frustrating as we seldom get issues like that within the sites in the UK.

This week there was one such incident. However, this time it was worse than normal, as all attempts to get the VPN running again failed. The funniest part was whan they asked me to speak to the ISP helpdesk in France; they gave me a telephone number over there which I called. After about 2 minutes, I got through to a very nice young lady - in India! Fortunately, her English was better than my French!

After several exchanges of emails and various tests, we did actually get it running again. Although this is a slower way of dealing with people, it works well in multi language situations as each side gets the chance to think more carefully about a response - there isn't the pressure of a live conversation. Having said that, most of the people that I have to deal with do manage to make themselves understood. I do try to speak their language - but usually, they smile slightly then politely suggest that we should stick to English. Clearly, my French hasn't improved since Mme Vincente tried to teach me to correctly conjugate my verbs back in the late 60's. Ah, zut alors!

Tuesday 26 May 2009

Netbook update

I managed to catch the CEO this morning to talk about his experience with the Inspiron mini. He has been using it for a few days now, including the weekend and has had the chance to try it on a short trip.

Generally, he is very impressed by it. He thought that the screen might be a bit too small, but he found that he was working a bit closer to it when he was on the plane, so didn't really have an issue. He has been shown how to find the screen magnifier, but prefers to change the font size instead.

The battery was conditioned before he took it away and he is getting just over 3.5 hours life - he feels that this is enough for most things. I discussed getting him a second battery to keep as a standby, and I may do this, but at the moment, it's not a priority.

When it is on his desk, he uses an external monitor - there have been a couple of issues with getting the screen resolution right and we tried using several devices including a wide screen monitor but that didn't make a lot of difference. He seems happy enough with the one he is now using running at 1024 x 768. The re-installed O/S appears to be working as well as if it had been factory installed.

It doesn't have a specific docking station, so we are using an old Belkin port replicator device; that works just fine. I did discuss him having one for use at home as well; not a particular need, but I think he may think about it again later.

As indicated, most of what he looks at are emails, some documents, spreadsheets and occasional web pages. He also has Messenger running so that he can talk with his son who is at Uni. The device handles this well; there is no sign at the moment (early days I know) of any real speed issues. He has shortcuts to data on our data store and can access these really easily; he also used the VPN connection to get access over the bank holiday and reported no problems with anything.

So far, a definite 2 thumbs up from him and from us. He has even been talking about getting a couple more; primarily for use by some of the other senior managers throughout the group.

Update:

The CEO came back to the office today and he is even more impressed with it than before. He did say that a couple of programs seemed to run a bit faster than on his old laptop - I think because it hasn't built up all of the various junk that accumulates as you use these devices.

He did make a point of saying that he can fit into his suitcase for when he and his wife go on holiday. I suggested that she might not be too happy (I know she won't be!) and that she might object quite strongly to him adding into his luggage. He said it is small enough that he can sneak it in without her knowing - oh well, I don't think I'll be invited to sit on their table at the Christmas party this year!

Monday 18 May 2009

Notes on a Netbook

We’ve just bought a new lightweight notebook for the CEO – a Dell Inspiron Mini 12.

http://www1.euro.dell.com/content/products/productdetails.aspx/laptop-inspiron-12?c=uk&cs=ukdhs1&l=en&ref=lthp&s=dhs

I thought that I would do a review of this as it’s a new product and a number of people have expressed interest in knowing how we got on with it.

First the background – the CEO does a lot of travelling and wants to be able to work wherever he is. He has a laptop that he is happy with, but in the past few months, some airlines are getting a bit restrictive on hand luggage, so he wanted to try and get a lighter device that could be packed in his bag.

He has tested a smart phone – the HTC Touch Pro and thinks that this is good for the email side of things, but the screen and keyboard are too small for him to use for more than very basic functions – he needs to refer to spreadsheets, documents etc so he really needs a larger device.

I checked out the details of several models of the smaller notebooks including the perennial favourites of senior management, the Sony Vaio. However, the Inspiron is much cheaper at just over £300 – he decided that at that price, he could swallow wasting the money if he didn’t like the device, or if it proved not powerful enough for what he needs to do.

We placed the order and it took a bit longer than most items that we’ve ordered through Dell; it appears that it is only currently manufactured in China, so that’s not really surprising. It actually took just under three weeks; we normally get stuff within 7 days. Mind you, as they are closing their place in Ireland, we may have to get used to waiting a few extra days.

When it arrived, everybody’s first impression was one of astonishment – it is so small and light. At 1.2 kg, it is just a bit more than a bag of sugar, but it actually feels lighter. It has a smooth shiny top lid (ours was black) and it looks very professional. The trim inside is silver with the new flatter touch pad – and the action of the pad is very smooth and positive.

Start up seemed a little bit slower than a normal laptop, but not by much. Once we had gone through the normal Welcome to Windows menu items, the unit seemed to operate pretty much as might be expected. I’ve not used a device with the Atom processor in it, and if this is anything to go by, it seems to do the job.

The notebook comes with an integrated web cam, and the aperture is tiny – less than 5 mm across (no that’s not a typo – 5 millimetres). However the clarity is really excellent and the necessary software is quite easy to use. The screen generally is easily readable even though the surface is quite shiny – we tried it with the blinds on the windows up and even with a strong outside light, it was still easy to read.

The device has built in network (100Mb not gigabit), wireless connection and Bluetooth facility. We tried all of these and the connection was smooth and quick to set-up in each case, just like a standard laptop. It doesn’t have an optical drive as the case just isn’t thick enough at less than 10 mm – but there are USB ports and also ports for microphone and audio output.

Unfortunately, it comes with Windows XP Home edition – no good for connection to a domain. I was a bit surprised at this and queried why – however, it appears that almost all of the mini notebooks are loaded with Win XP HE. The few exceptions are the Sony Vaios and some of the HP models which have Vista Business.

As Win XP HE is no good for us, and we have a spare copy of XP Pro, we decided to try and install this. The installation took about the normal length of time for a new install. At this point, some of the drivers for the integrated hardware would install, but most wouldn’t. However, we then installed the service packs – once they were on, we were able to get all of the drivers loaded OK.

At this stage, we have Office 2003, Adobe Acrobat 9, our ERP software, patching software, and anti-virus software all installed. Our tests seem to show that is noticeably slower than a normal laptop, but certainly not to an unusable degree. Generally, the windows seem open quite smoothly and programs starting up do not take an unreasonably long time.

We are currently trying to condition the battery – it seems to last about 2 hours at the moment. We’re also going to install a USB modem for mobile broadband. In the meantime the CEO now has a USB mouse and a port replicator set up on his desk to use with it and we’ve supplied a mini USB mouse for him to take with him on his travels.

I’ll get some feedback from him and post it in a couple of weeks after he has had the time to get used to it.

Thursday 14 May 2009

Spam, spam, spam, spam, spam .................

We had a slight problem yesterday – access to the Internet became a bit flaky. People kept calling to say that access was denied or sites were taking a long time to open. At first, we thought that this was just people being impatient, but quickly we realised that there was a problem.

The firewall device seemed to be struggling a bit – the connection log showed a very high level of packet transmission. That wasn’t too unusual as our current connection gets maxed out on a regular basis and we have seen it much worse. A few tweaks and it all seemed OK – so we thought no more of it.

Later in the afternoon, we had the same problem; tweak again, all OK – but then it happened again very quickly afterwards. A brief discussion and it was decided that we should re-boot the device to clear anything that was cached that might cause a problem. One quick reboot and everything was hunky dory.

When I got into the office this morning I was a bit surprised to find about 20 or so emails that were exact duplicates of ones that I had received yesterday. I asked around and a number of other people had the same problem. I did a few checks, but couldn’t see any problems. There seemed to be the usual level of network activity – nothing that would indicate any issues so I put it down to the previous day’s problems.

Over the next couple of hours, I worked on various items including a few support issues. During that time, I received several more emails, some internal, some external. Around mid morning, I thought about it and realised that I had actually received no new external mail, they had all been duplicates. I did a quick check using an external mail service, and realised that there were no incoming or outgoing mails at all.

The guys and I did some tests and quickly realised that something was seriously wrong with the firewall – it was running like a 3 legged dog and several pages of the control menu just would not open at all. We called the support team at the mail service and they checked but confirmed mail was coming in – so we called the vendor of the firewall. They checked but also found that it was running slow so they escalated the problem to the manufacturer.

About an hour later, we got a call from the vendor – the support guys from the manufacturer had found that there were a lot of emails in the cache of the device – about a 1000 or so. They said that they would run a script to clear the cache and expected that this would fix the problem. About 20 minutes later, they phoned back again – it wasn’t a thousand, but one hundred thousand! - and more coming in by the second.

Eventually, they cleared the cache and the email started to move, and our spam mailbox suddenly started to groan under the weight of the mail. It was all from one IP address in Japan, to one mailbox, with one subject line. A quick calculation showed over 10,000 incoming mail every hour. To deal with it, we set-up a PC logged on with the user account for the spam mailbox, and then we set a rule within Outlook to delete the incoming mail from the specific sender. Once this was set running, we could see the incoming mail, but also see it being deleted – it was really cool to watch.

All in all, we feel pretty good about it; once the problem was identified, we had a solution really quickly. Yes we did have a period of a couple of hours with no email, but no-one actually realised this. One of the directors did have an issue with trying to send an important mail to a potential client; but I was able to do that for him using a specific backup external mail facility set-up for that purpose.

After identifying the problem we had outgoing mail within about 15 minutes – incoming mail took slightly longer because of the backlog of garbage, but still less than 30 minutes. The staff were all kept informed – but later it seemed, most of them hadn’t even realised that there was a problem until they got the email from me to tell them about it.

I’m going to sit down with the guys in the next few days – we will draw up a brief outline of what happened and will use that to see if there was anything else we could have done to (1) prevent it, (2) detect it, (3) prepare for it happening again. This will be added to our Business Continuity / Disaster Recovery Plans

Tuesday 12 May 2009

Hanging on the telephone

A couple of years ago, I highlighted that the company telephone systems were getting very old – one of the PBX switches was so old that parts were no longer available for it, and support for all of the systems was very limited. On top of that, the systems needed very specific handsets which were getting harder to source if we needed to replace them, and many of those we had were in very poor condition. I also felt that the telephones didn’t really meet our needs as they had limited functionality.

I spent quite a bit of time looking at various options for replacing these and had numerous meetings with potential vendors. I did some comparisons and produced a short list; those were then invited to put together a final presentation. After about 4 months work, I eventually decided to buy a Mitel system through BT.

I have to say that the new system is really good; it has great functionality and I think that it is really easy to use. Mitel provided a couple of trainers, access to an online training system, some documentation and advice – and the engineers were really helpful. I made the documentation available to all staff and took the time to go around every single member of staff to show them how to do the basics, and how to get access to the online training material.

But even though it is such a good system, there are a number of issues. Incoming calls can now be routed between offices, and yet I regularly hear people advising customers that they have dialled the wrong number and they make the caller re-dial instead of just transferring the call. The other day one of the senior managers wanted to have a 3 way conference call, and couldn’t remember how to do it; he had to phone up the IT office from another phone to ask how to do it whilst the customer waited on the other line.

There are still some people that haven’t recorded their voicemail message after almost a year of use; of those that have, many just use it as an answer phone and still don’t appreciate that there is so much more that they can do with it. I really can’t see why it’s such a problem for them.

However, this technophobia didn’t come as a complete surprise to me; when we ordered the system I decided not to take all of the additional functionality as I suspected that most of our staff would struggle to learn just the basic operations. I suggested that once they had become comfortable with the new phones, we could look again at the optional extras.

Last week, I took a couple of people up to the Mitel head office (a big thanks to them for their hospitality) specifically so that they could see some of the additional functionality. Much of this is based around the concept of unified communications and having previously seen this, I’m impressed by the possibilities. The two people that I took with me were equally excited – within a matter of minutes, they were discussing how all of this could be used to provide efficiencies.

Unfortunately though, I am a bit concerned about getting the go ahead for this from the board; I don’t expect the new functions to come cheap, and it is going to be difficult to predict a valid return for the investment. If it is used properly, than there is no doubt that we will see some useful improvements, but I am not certain we can count on people to actually use the new functions properly. (Yes, I am having another go at our technically challenged staff.)

Part of the problem is clearly that people are naturally reluctant to change the way they work. This is especially true if they have been doing things a particular way for some time. Although I’m trying to make things easier for everyone, and make their working life better, they don’t always see it that way. From the user’s point of view, it’s no fun being told to do something a specific way if it makes no sense to you and when you try to do your best, you get made to feel stupid.

But we have to be able to communicate, and the new technology is important in making sure that this is efficient and cost effective. We have to find a way to get everyone to make the best of this – both for their sakes and for that of the company.

Friday 1 May 2009

I see you - can you see me?

My first experience of video conferencing was because the company that I was working for needed a way to communicate between sites. At the time, they had 2 sites in the South West and one in the Midlands; people spent hours travelling between sites, just for a 1-2 hour meeting. They felt that audio conferences just didn’t meet their needs, which is why they travelled for face to face sessions.

The MD had received an invite to a presentation showing how video conferencing worked and he was so impressed, he bought the equipment on the spot (he was a bit like that). The supplier made sure that he knew it would use ISDN, so we had the lines installed before the equipment arrived. Unfortunately, they weren’t able to supply anyone to set it up and show us how it worked, so I had to trawl through the manuals to work it out for myself.

For about the first 6 months, we had problems; mostly down to people unable to work out how to use the remote control handset (yes really). There were some technical issues to do with line usage that I finally managed to get straight by talking with my colleagues at the other sites. Later, we started to call some sites in Northern Ireland on a regular basis – again a few issues to start with, but once we hammered out the protocol of who called who, it all ran very smoothly.

At one stage, the staff involved in Quality Control on all of the sites were calling each other up on a weekly basis to discuss procedures and how they could deal with some fairly major changes to meet customer requirements. The VC sessions allowed them to respond far quicker than had been the case previously and this was the primary reason that the customer continued to send the business our way.

My current company has sites right across the UK and Europe; the CEO and other senior managers used to spend a lot of time travelling at quite a cost to the business. I proposed the VC option shortly after I started and at first, the reaction was less than overwhelming. However, I got a really good IP based solution installed and set-up the connection between the two main sites. They were totally bowled over. In fact, it went down so well that we were told to roll this out across the group – we had each site connected within a few weeks.

Again, the first 6 months were the hardest bit – people will play around with the settings! Eventually though, things settled down and the VC units really began to pay for themselves.

Now people will argue about the true cost savings – everyone has their own way of calculating these. Basically, I just work out what the saved travel costs are (fuel, trains, hotels, etc); although you can also include saved time not spent in travelling to be more accurate. Based upon just travelling costs, in the first year alone, we saved about 5 times the amount the units cost us to buy. In the second year, we saved over £100,000.

The really interesting thing is how people re-act in VC meetings; when we first started, they were very self conscious and nervous about talking. However, in a very short space of time, this changed – in most cases, before the end of the VC session you would see that people were just talking as normal, they forget that the other people are miles away. Although it was generally just managers at the start, now all staff take part; we had one meeting a while back, where some of the goods in staff were taking part in a session to discuss a new procedure with their colleagues from the other site.

Unfortunately though, we are getting a few issues currently – the bandwidth on the Internet connection is getting crowded and we desperately need more than we have available. Hopefully, we should see this sorted in a few weeks time, but long term we really could use a decent fibre connection. (Stephen Carter, minister of communications; are you listening?)

As you may gather, I’m a big fan of video conferencing – it saves money, time and improves communications. It does also allow you to appear really professional if it is done right. As a business tool, it’s suitable for most SMEs, not just the big boys. For those interested in environmental issues, it’s a really great way to reduce the carbon footprint caused by travelling and very cost effective.

However, I have also seen the next generation of video conferencing – Telepresence. (Link below)

http://www.cisco.com/en/US/products/ps7060/index.html

It is really astonishing and I want it now! You have to see it to really appreciate it – but there are some videos on websites that give a good idea of how it works and just how good it really is. As far as I am concerned, the only bad thing about it is the price tag. I foolishly asked what it would cost us, and 2 years ago it was just over a million dollars US (probably the same amount in sterling now). This is a bit on the high side for us – I don’t think that I can persuade the board that it is worth spending that kind of money.

For those companies that have multiple sites, particularly if they are some distance apart, video conferencing is a really good way to keep people in touch without breaking the bank. With all of the environmental pressures, I’m sure that in the future we will see the take up of video conferencing increase; this has to be good for everyone.

Wednesday 22 April 2009

Suffering Support!

A while ago, I upset some of the senior managers – after a particularly stressful day, I suggested that we retire all of the existing office staff, and then go down the local junior school and select 30 children at random. I offered my opinion that these young people would be more IT literate than our current employees!

Of course, I was joking (mostly); but sometimes, it is difficult to understand why people find the simplest things so hard to do. For example, if you can’t print, then it would seem a fairly simple thing to do to check that the printer is turned on, and has paper and ink in it. Yet not a week goes by without someone complaining that their printer is “broken”, and then upon investigation, we find that it has run out of consumables.

A few years ago, I tried to carry out some research into the effectiveness of our support team: I analysed the number of support requests and how quickly they were resolved. But then I looked at what the actual items were; and most were what we would refer to as very basic IT problems. Some related to simple hardware issues such as cables pulled out, others were minor software related items; where is my “lost” file etc? Only a few really needed “an IT person” to fix, just someone with a reasonable level (as we see it) of common sense.

Now the first reaction was to check if this was down to laziness on the part of the staff member; after all, let’s be honest, it is easier to pick up the phone and call for help than to try to fix something yourself. However, it became obvious from the analysis that there was a large number of support issues that came down to the various individuals lacking some pretty basic IT skills.

I then carried out some more research and it soon became clear that many of the staff had actually had no real computer training – at best, they had been shown a sequence of steps to perform; click button A, click button B then button C, then print. But if it didn’t print, they often just pressed the same buttons again as they didn’t know why they had to press those buttons. When I asked, they had difficulty explaining what they were doing. They just couldn’t explain in terms that I could relate to (in many cases because they didn’t know); and some of the instructions I offered were clearly just as meaningless to them.

This worries me; a great deal of time is wasted and productivity suffers as a result. Users feel frustrated that they are unable to work with the tools, and morale begins to suffer. Then the IT staff turn up, and too often the user feels belittled by someone that shows annoyance at having to deal with a very minor problem.

So the immediate reaction would be to suggest that all staff should be better trained; clearly this offers benefits, yet too often, the reaction of management is that the users don’t need to become “IT trained” in order to carry out simple tasks. This is possibly true – but equally, we cannot continue to put people in front of a PC and give them so little training that they make as much work as they actually achieve.

To offer an analogy, many people drive cars – but we don’t allow people to climb in and drive off without undergoing some form of training and taking a basic skill test to prove they are ready to be let loose on their own. Whilst using a computer is not quite as serious (for the most part), it still makes sense to ensure that the person using it has a certain level of knowledge to make them as efficient as possible.

Tuesday 14 April 2009

Printing for Fun and Profit

When I started with my current company, I was more than a bit surprised at the number of printers - almost every other PC had a printer attached, and most of those were inkjet printers. There were so many different makes and models that keeping track of them was a problem - and there were almost 40 different cartridge types that had to be bought. We were ordering replacements every single week, and not just a couple at a time, but literally dozens. We had a storage cupboard just for these cartridges.

Now to me, this is simply crazy. Although there are some inkjet cartridges that hold larger quantities, most will have less than a standard pub spirit measure (25ml) - and while you can still get a single measure of scotch for £1.50, the same amount of ink will set you back £15 - £25. Given the choice, I know which one I'd prefer!

My predecessor had simply bought cheap printers - and every time, he bought a new one, it needed a different type of cartridge. He also considered it easier to attach them directly to a PC so there were very few people doing any form of network printing. The problem is of course that this is exactly what the printer manufacturers want - they sell the printers at a cheap price, knowing that they will make their money on the ink (and boy, do they make their money). And of course, a cheap printer will fall apart quicker, but hey that's OK as it doesn't cost that much to replace it (although you'll then have yet another different type of cartridge!).

So we started by working out where the most appropriate place was for a networked printer, then ordered up some decent mono laser devices. Within a year, almost all of the older inkjets were gone. In fact, we now have about 50% more users, but 30% less printers. And we are now down to about 5 toners with about 5 inkjets, so it's easier to keep track. Plus, the laser toners last much longer so it works out much cheaper. In fact, we reckon that we save about £25,000 to £30,000 per year over what we had been spending.

Now of course, there are those that will say "use compatible cartridges" or even "refill them". Tried those and they are an absolute waste of money and more importantly, time. You end up spending so much time fiddling around - I really think we have more important things to do. Also many of the compatibles don't work; and a lot then cause cleaning issues. I just think that it's far better to get decent equipment and be done with it.

That's not to say that users were happy; far from it. When we first started moving them onto networked printers, you would not believe the fuss it caused. People really don't want to walk 20 feet to get their print jobs. But eventually, they started to accept it and now the situation is so different. Although we still get some problems, there are far fewer than we used to have, administering them is easier and most of all, we save money that we can then spend on other things that help us do the job better.

In fact, this is such a simple thing to do, that I am astonished how many companies are still using large numbers of inkjet printers. I spoke to a manager at another company and they have around 500 users - he told me that he has one member of his IT staff almost permanently dealing with printer issues. He couldn't actually tell me how many they have as they have actually lost track of them; they think that they have over 300. (that's not a typo; yes it's three hundred!)

Now no disrespect to him, but for me, that is a red flag - time to make some serious changes. And if people complain, then I would insist on charging them for buying cartridges. If these consumables end up on their budget, I guarantee they will take notice!

So do yourself a big favour - get rid of all inkjet printers, replace them with laser printers. You'll feel better for it.

Thursday 9 April 2009

Email me

I do actually remember sending my first email. It would have been around 1990 - I had been playing with PCs for about 3 years. I had managed to get some odd bits & pieces of equipment from an auction; one of these was a modem that ran at a blistering 2,400 bits per second. And in those days, there was no plug and play, you had to create files that would contain the necessary commands to make the hardware work.

In my case, it actually took several days to get it working, but finally I managed to get it to dial out on command. The only problem then was what to connect to - there were not the ISPs we have nowadays. I actually managed to connect to a Bulletin Board Service (BBS) that I think was based in North London; I remember watching with fascination as the screen suddenly displayed a list of numerical options - of course no GUIs in those days. I vaguely remember that to post a message was option 5; I sent some messages to a couple of people, but there weren't that many people you could mail.

Of course it has all changed now; email is a major tool of the business and it is difficult to imagine how we could work effectively without using it. Every department relies heavily on being able to contact others, both inside and outside the company. And unfortunately, this leads to some major problems. Previously, the company had very few effective controls on the email and no email policies at all. I made my self quite unpopular because I insisted on setting these controls in place and worst of all, enforcing them with total rigidity.

To begin with, we upgraded to Exchange 2003 from 5.5 which was quite a task in itself - nothing had been prepared and the AD wasn't quite right. Later we had to move from an older server to a newer rack mounted device with more processors, memory and storage, and that process was much easier - in fact one of the easiest migrations I've ever had to do. We also started to get people moved from all different varieties of Outlook onto one version (2003); it took several months, but we got there.

Among the changes we made was to implement a fixed limit on mailbox sizes - just 200 Mb. Now for most people that is not a problem; but we regularly keep an eye on the sizes, and every time, it's the same names that appear close to the limit. I regularly get asked to increase the size limit but refuse; if I increase it, they will just let it run to the new higher limit, then complain that isn't enough.

To provide some assistance, I set-up space for mail to be archived to a .pst file on a designated space on a server, so it gets backed up as well. People have been shown how to archive, but you could be forgiven for thinking that we hadn't as so many users still don't seem to be able to do this.

We also limit the size of attachments on incoming and outgoing mail to 5 Mb. You would not believe the number of emails that get rejected due to the size of attachments - and the size of some of these; we still get complaints that a mail won't go through when it has a 20 or 30 Mb attachment. We've shown pople how to use other methods of transferring files, but they just don't want to know. As an example, I checked the mail logs yesterday and there was another incoming mail rejected from a user at our parent company in Germany - the person had attached a spreadsheet of 14 Mb, and sent copies to 5 other users in Germany, and 6 in the UK. When it failed, the person then re-sent it to all 11 people twice more!

Still, I suppose that I can't complain; the system is now working really well (apart from the users!) - we have even managed to add the domain for our French company to the system and they now connect to us for their email. Il marche tres bien! In fact, it looks as though they are particularly impressed as we fix issues for them far quicker than their previous host.

Just now have to wait for Exchange 2010....

Friday 3 April 2009

Networking




At my previous company, the network cabling was pretty poor – it was put in by a guy they referred to as “Dodgy Dean”. I’m told that he is wanted by 3 separate police forces and is currently living somewhere in the Costas!

Basically, it was a mix of old coaxial cable (with BNC connectors), some Cat 5e cable most of which done correctly, but some of which was reversed (green / orange). It was run through gaps in the walls, through drains, over the roof, through guttering, mixed in with power cable, under motors – pretty much a mess. There was absolutely no structure to it what so ever.

The network used to crash throughout the day – tests showed that quite a number of the cables were dead (around 20%). I also found some strange configurations in the hubs, with cable crossing over and packets travelling unnecessarily longer distances. The speed was pretty poor (as you might expect) and people would often accidently cut through or disturb cables to cause disruption.

I eventually decided enough was enough – I set about replacing all the crap. As I started to pull the old cable out, I found even more hidden away than I knew about – it turns out that he never took anything out, just ran more cable when one piece failed. Some of the old cable was covered in all sorts of green, brown and black slime! Much of it showed signs of the outer sheath cracking or breaking up as it was in such poor condition. In the end, I filled a whole standard skip up with the dead cable and still had enough over to half fill another.

Eventually, it was all tidied up, documented and tested and the network became a lot more stable and transmission speed improved. Then I changed jobs!

When I started with my current company, it was a bit like taking a step back in time. Again, there was a mixture of older coax cable, some fibre and mostly Cat 5e. The cable runs were really poor, just shoved in where they could with no planning of any real kind.

So I trained up one of the staff, showed him how to do basic Cat 5 ends, and punch down in the patch panels. I spent some time analysing what was really needed through the offices and factories, then considered how best to replace all of the garbage.

We started with some fairly basic changes – moving some cables and putting some new ones in a more controlled way. Then we added proper basket tray above the office spaces to carry new cable and it started to take shape. We always run cables in threes – the extra cost is minimal, but it provides a lot more capacity and it is easier than trying to add in later.

When the company decided to build new offices, it was agreed that we would cable it up – we had had quotes in the range of £38,000 to over £50,000. In the end, we put in almost 10,000 metres of cable for the new offices and the cost of materials was a little over £3k. Add in another £3k for staff time involved and it became a major cost saving. It actually allowed them to plan for a really fancy lighting system that cost some £30k.

In the comms rooms, the patch panels look really pretty as they are very carefully patched. In most places, these normally resemble explosions of spaghetti, but ours are very different and nicely laid out. We have had several people in from outside companies that are astonished at the quality of the work we have done. (See the picture above for an example of a comms rack - we have 3 full height units, 1 half size and 2 wall cabinets, and they all look like that.)

So why do we put all this effort in? Well, we take a pride in our job; we want to have something that we can point to as high quality work. It also makes our lives easier; if there is a problem, it takes less time to identify and resolve. The structure we use provides much more capacity for growth with minimal effort – it’s also a lot easier to move people around when necessary.

The problem is of course that within the company, most people don’t recognise the effort that has gone into it. All they are interested in is that the system works when they want it to, and as a result they just don’t appreciate that not everyone takes as much care as we do.