Compare ISPs

Over the past several years ISPs have made enhancements to their infrastructure, expanding cable and fiber Internet connections. In some areas wideband connections, 50 Mbps or more of bandwidth, are now available.

If you haven’t done so lately, compare the offers from all the ISPs in your area. You might find lower prices from a competitor. If you have a T1 or other dedicated line, also reconsider a cable or fiber solution. Plus look for additional features, such as website hosting, antivirus protection, or Wi-Fi hotspot access for travelers. Some ISPs even offer hosted Microsoft Exchange and/or Microsoft SharePoint service.

Hosted Email

If you are a smaller organization you can usually get away with using a simple email service, such as those provided by website hosting companies or even free providers like Gmail from Google. Larger businesses might consider running a Microsoft Exchange server for more email functionality and other advanced features, such as calendar support and mobile device control.

If you’re a medium sized organization you might consider using a hosted email solution so you don’t have to run your own server. Microsoft provides hosted Microsoft Exchange services, starting at $5 per month per user. Some ISPs also offer hosted Exchange and SharePoint services, and some like Comcast offer it for free. You could also consider other solutions, such as Google Apps.

Open Source GroupWare

Instead of running the costly Microsoft Exchange and SharePoint servers, consider open source GroupWare solutions, such as SOGo, Citadel, Open-Xchange, and eGroupware. They can offer a backend for email, contact management, calendars, to-do lists, appointments, collaboration, and document sharing. End-users are typically given a web interface and/or access via client programs, such as Microsoft Outlook, on computers and mobile devices.

Open Source Help Desk Solutions

If your organization is large enough to have an IT department you’ll likely want a help desk solution to help track your PC and network issues and assets. Consider using a free and open source solution, such as from Spiceworks. In addition to incident tracking and asset inventory, it can help with network monitoring, UPS power management, and other IT issues. They even provide an iOS and Android app to let IT staff view devices, manage tickets, access user info, and more.

Open Source Router OSs

For small and medium sized organizations, consider open source alternatives for your routers instead of enterprise brands like Cisco or Juniper. For consumer level wireless routers you could use firmware replacements like DD-WRT or Tomato. For additional features like network-based antivirus and spam filtering, consider Untangle. For more enterprise functionality consider installing other router OSs, like Endian, Vyatta, or RouterOS on a spare PC or server.

RADIUS Server Options

If you’re a small or medium sized organization, consider a free or cheaper Remote Authentication Dial-In User Service (RADIUS) server for your authentication, authorization and accounting needs. FreeRADIUS is free and open enterprise-level RADIUS server designed for the Linux/Unix platform and TekRADIUS is a freeware Windows-based server.

If you require a RADIUS server just for enterprise (802.1X) Wi-Fi security, consider using APs with a built-in RADIUS server, such as select business-class APs from ZyXEL. You could also create your own router/gateway with a built-in RADIUS server, such as with RouterOS. Or instead of running your own server, consider a hosted service, such as AuthenticateMyWiFi.

PC Management Solutions

If you have more than a hand full of PCs and don’t already have a PC management solution in place, consider doing so. They can help you provide remote tech support, enforce antivirus protection, create firewall policies, silently install software and updates, track software and hardware, and monitor system performance. This central control and management can help cut time spent on support, increase security, and potentially reduce issues with proactive monitoring.

OCS Inventory NG and ManagePC are two open source options. Microsoft provides Windows Intune, starting at $11 per month per PC, which includes an upgrade to Windows 7 Enterprise.

Mobile Tech Support Apps

There are many smartphone apps that come handy in the IT field, most of which can save them time, in turn saving you money in the long run.

There are apps for finding and connecting to network shares, pinging servers, running port scans, connecting to SSH servers, connecting to databases, calculating IP subnets, looking up default passwords, and scanning for Wi-Fi networks. There are also simple HTTP/TCP/SSH server monitors and even apps from full network monitoring solutions. If you run Active Directory there are even apps to manage users and computers.

OpenDNS for Content Filtering

If you don’t already have an Internet content filter put into place, consider using OpenDNS. They provide free and paid DNS service that you can use instead of your ISP’s. It can be a simple way to automatically filter out malicious, adult, and other dangerous sites in addition to any specific sites you want to block. It’s also usually faster and more secure than a typical ISP’s DNS.

Spend Carefully

I discussed a couple of different things you can do to help reduce IT and network spending, including comparing ISPs, considering hosted or cloud services, and looking into open source solutions.

Most of the tips have been technical in nature, but you need to look at all business aspects. Purchasing is one aspect. Prices on tech products can vary significantly from store to store. Plus online stores are usually much cheaper than brick-and-mortar stores. Comparison shopping can save a significant amount of money over time. Keep control of your IT spending and possibly limit employee spending at local stores.

There is some IT and network spending you don’t want to cut. Security related spending, for example, should be of top concern and may even need more room in the budget. The cost and ramifications of an intrusion, malware infestation, or Wi-Fi hacking are usually higher than investing in security solutions.

It may seem entirely too obvious that you should know how to type ? to ask for help when using the Cisco IOS. However, the Cisco IOS is completely different from other operating systems when it comes to using the question mark (help key). As the IOS is a command-line operating system with thousands of possible commands and parameters, using the ? can save your day.

You can use the command in many ways. First, use it when you don’t know what command to type. For example, type ? at the command line for a list of all possible commands. You can also use ? when don’t know what a command’s next parameter should be. For example, you might type show ip ? If the router requires no other parameters for the command, the router will offer CR as the only option. Finally, use ? to see all commands that start with a particular letter. For example, show c? will return a list of commands that start with the letter c.

#2: show running-configuration

The show running-config command shows the router, switch, or firewall’s current configuration. The running-configuration is the config that is in the router’s memory. You change this config when you makes changes to the router. Keep in mind that that config is not saved until you do a copy running-configuration startup-configuration. This command can be abbreviated sh run.

#3: copy running-configuration startup-configuration

This command will save the configuration that is currently being modified (in RAM), also known as the running-configuration, to the nonvolatile RAM (NVRAM). If the power is lost, the NVRAM will preserve this configuration. In other words, if you edit the router’s configuration, don’t use this command and reboot the router–those changes will be lost. This command can be abbreviated copy run start. The copy command can also be used to copy the running or startup configuration from the router to a TFTP server in case something happens to the router.

#4: show interface

The show interface command displays the status of the router’s interfaces. Among other things, this output provides the following:
•Interface status (up/down)
•Protocol status on the interface<
•Utilization
•Errors
•MTU

This command is essential for troubleshooting a router or switch. It can also be used by specifying a certain interface, like shint fa0/0.

#5: show ip interface

Even more popular than show interface are show ip interface and show ip interface brief. The show ip interface command provides tons of useful information about the configuration and status of the IP protocol and its services, on all interfaces. The show ip interface brief command provides a quick status of the interfaces on the router, including their IP address, Layer 2 status, and Layer 3 status.

#6: config terminal, enable, interface, and router

Cisco routers have different modes where only certain things can be shown or certain things can be changed. Being able to move between these modes is critical to successfully configuring the router.

For example, when logging in, you start off at the user mode (where the prompt looks like >). From there, you type enable to move to privileged mode (where the prompt looks like #). In privileged mode, you can show anything but not make changes. Next, type config terminal (or config t) to go to global configuration mode (where the prompt looks like router(config)# ). From here, you can change global parameters. To change a parameter on an interface (like the IP address), go to interface configuration mode with the interface command (where the prompt looks like router(config-if)#). Also from the global configuration mode, you can go into router configuration using the router {protocol} command. To exit from a mode, type exit.

#7: no shutdown

The no shutdown command enables an interface (brings it up). This command must be used in interface configuration mode. It is useful for new interfaces and for troubleshooting. When you’re having trouble with an interface, you may want to try a shut and no shut. Of course, to bring the interface down, reverse the command and just say shutdown. This command can be abbreviated no shut.

#8: show ip route

The show ip route command is used to show the router’s routing table. This is the list of all networks that the router can reach, their metric (the router’s preference for them), and how to get there. This command can be abbreviated shipro and can have parameters after it, like shiproospf for all OSPF routers. To clear the routing table of all routes, you do clear ip route *. To clear it of just one route, do clear ip route 1.1.1.1 for clearing out that particular network.

#9: show version

The show version command gives you the router’s configuration register (essentially, the router’s firmware settings for booting up), the last time the router was booted, the version of the IOS, the name of the IOS file, the model of the router, and the router’s amount of RAM and Flash. This command can be abbreviated shver.

#10: debug

The debug command has many options and does not work by itself. It provides detailed debugging output on a certain application, protocol, or service. For example, debug ip route will tell you every time a router is added to or removed from the router.

The company’s applications will not only provide information about the health of servers, but also allow system administrators to remotely manage or shut down servers, said John Gromala, director of modular systems product marketing, during an interview at the HP Global Partner Conference being held in Las Vegas.

The ability to manage servers through mobile devices is a powerful tool, Gromala said. System administrators can also use the app to login to management subsystems to swiftly identify and address server problems, instead of logging on to management consoles in data centers.

The mobile applications are designed to take advantage of HP’s new Gen8 servers, which were announced on Monday. The servers feature tight integration of hardware and software to deliver better performance-per-watt while reducing maintenance and electricity costs in data centers.

The new Gen8 servers analyze, monitor and diagnose server issues gathered across 1,600 system parameters, and an HP service app will be able to access that data to get a picture of server health. The monitoring information is gathered by a secondary processor and controlled by a management application called Integrated Lights-Out (iLO) management engine.

A separate mobile app will allow system administrators to run scripts that help configure applications on servers, said an HP representative who declined to be named. The scripts can be simply cut and pasted, and the app will help configure the servers. For example, database servers can be configured by scripting in the app.

A system administrator will also be able to check the location of a server in a data center through HP’s mobile apps. That should help isolate specific server problems.

The service will be provided directly by HP or its partners for customers who opt in to receive the data. The company did not share information on when the mobile apps would be available for download.

One of the topics that’s come up for discussion a bit in the past few years is about malware (viruses, software to steal your contact info, etc.) for mobile phones. This is especially an issue for BYOD environments because the mobile phones that users select might not have the same security standards that IT would prefer. (Or, maybe they *could* be secure, but since the users are admins then they just install insecure apps. And in many cases they don’t even know it.)

Some people argue that malware isn’t really a big issue in mobile phones because the phone makers have app stores with verified apps, so it’s unlikely that users will find apps that are dangerous. But remember that it’s possible to configure a Blackberry, Android, or Windows phone to get apps from locations other than the official app stores, and who knows what those apps can do? (And even Apple, who forces users to use only their App Store, had an issue with security where a specially-crafted PDF that was downloaded could wipe the phone.)

Of course some people argue that users need to be trained not to visit dangerous websites so that they’re not exposed to these potential threats. But have you considered that it’s easy to send a user to a “random” website by embedding in into a QR code?

Seriously, how many people just blindly snap pictures of these and are whisked away to whatever site is on the other end, complete with malware, fake app downloads that look real, and phishing websites. (Newer QR code readers show the user a preview of the URL before they visit it, but I’m not sure that’s enough for regular users. Personally I like Norton’s free QR reader that runs the URLs through their threat analysis cloud and gives a big green “SAFE” label before the user continues. Even my mom could understand that!)

And antivirus software isn’t nearly as sophisticated on mobile devices as it is on real computers. Part of the problem is that mobile operating systems have special rules for how their apps can run and what they can do, and these rules apply to the antivirus software too! So for example, you might be able to get an antivirus app for your iPhone, but it will only scan email attachments that you specifically send to it–it’s not going to just work in the background and san everything automatically.

The problem with mobile phones is that they have a lot of personal data on them, including where you are. They’re in your pocket at all times and they have cameras and microphones in them. A compromised mobile phone has virtually unlimited value to an attacker, and a user only has to be tricked once to give a bad app permissions to do whatever it wants.

While the best advice from the analysts is to just download apps from the official app stores (and to not jailbreak your iOS device), what can you to as an IT professional? Do you lock the phone up and not allow the users to do anything? Do you look for an MDM or BYOD solution?

Long term this shows the viability for real software that can separate the user environment from the work environment. I don’t know if that’s as intense as VMware’s Horizon Mobile or something like what Blackberry is doing in their Playbook 2.0 software. But I do know that having all that corporate data on devices with end-user admin rights makes me nervous. Now what?

Good Evening Geeks

In all seriousness, your job description blew me away. 10 minutes of your time, that’s all I ask. I guarantee you won’t be disappointed. Good night, and good luck.

On Friday Google launched the public beta of the “Google Remote Desktop” extension for the Chrome browser. This extension allows one computer to remote control another, all done via Chrome extensions on both ends. We first learned that Google was working on something like this over a year ago. (Back then they were calling this “Chromoting”), but this is the first time that the general public has access to this capability.

The current beta requires that a user is present on both ends. The person whose desktop is being remotely controlled clicks a button that says something along the lines of “I would like to be controlled” which generates a key. Then the remote controller types that key into the Chrome web app to initiate the remote control session.

Chrome Remote Desktop

The requirement to have a user present on the remote end means that Google Remote Desktop is not ready to replace LogMeIn or GoToMyPC. However, Google’s official description of the extension says: The goal of this beta release is to demonstrate the core Chrome Remoting technology and get feedback from users. … Additional use cases such as being able to access your own computer remotely are coming soon.

From a technical standpoint, a message on the Chromium-dev mailing list reveals some basic details about how it works. Responding to a question about what protocol and what libraries it uses, Alpha (Hin-Chung) Lam wrote:

The protocol is something we designed and based on several google technologies:

Bottom layer is a P2P connection established by libjingle. This can be RDP, TCP or a relay through Google.
We use PseudoTcp implementation in libjingle to provide reliable connection.
On top of that is SSL connection.
protobuf is used for structured data and framing.
Graphics are encoded using VP8.

Digging into that, this basically looks like a peer-to-peer, secure, reliable connection, with VP8 encoding happing at the remote host and a simple VP8 player on the client. (Although the client also has to have the ability to send keyboard and mouse data to the remote host.)
What’s this mean for Google?

Now that we’ve seen the basics of how Chrome Remote Desktop works and we’re hearing what Google might want to do with it, what does this actually mean for Google? Why are they going down this path?

At the most basic level, Chrome Remote Desktop means that Google can enable access to legacy desktop apps from Chromebooks without needed any third party software. As long as a user had a desktop running Chrome somewhere, they could access that desktop and those apps.

Of course we’ve already seen similar concepts from other vendors. Citrix actually showed off their HTML5 “clientless” Receiver at the Chrome launch. And we’ve also seen (either released or in preview form) full browser-only clients from Ericom, InstallFree, and VMware. So this is nothing new per se. But why is Google going down this path?

Is there maybe an angle here for Windows apps from the cloud? Maybe it’s about the cloud and not about your own desktop apps running at home. Although I can’t see Google caring too much about the cloud. Certainly their platform can’t run these apps. Sure, we can understand Microsoft doing this with Azure, but they have twenty years of legacy apps to protect. Google doesn’t.

Then again, who’s the real audience? Will personal end users still have apps? And if they do, won’t they be intense apps that won’t work in the chromoting environment anyway? I mean if people are just getting occasional access to MS Office, wouldn’t they just switch to Google Docs?

Regardless of what it means, this is just another tiny pebble pushing Windows into the “middleware” space that they’re destined for in the “Small d” world.

http://www2.kartboy.com/x4/home.php