Long time no see!

Obligatory "Hello world!" from a somewhat-reclusive nerd that has resurfaced after a while of being inactive on Blogger.

So it's been a solid 3 years (already?! Yikes!) and I've done a lot of work revolving around my home network infrastructure. An insane amount of changes have occurred around my server/network setup and I love how things are going in that regard. Let's review some of the largest/most important changes I've made:

• General upgrades. I've finally obtained an ACTUAL network rack! It's a Tripp Lite 42- or 45U rack (can't remember which--will add at some point later on). This big boy cost me about $150 wih free shipping if I remember correctly--gotta love NewEgg!
• Wireless upgrades. I've made a load of changes in this area: I've gone from Cisco APs to a Linksys router, back to Aruba APs, only to switch to Cisco again and back to Aruba finally. I think I've finally settled on a solid setup. After trying Ubiquiti's UAP-AC-LITE access points and not liking them as well as I'd hoped I would, I'm currently enjoying 802.11ac TP-Link access points. They operate at both the 2.4GHz and 5GHz bands, boast 1.2Gbps max throughput and 802.3af Power-over-Ethernet technology, and look really great mounted on my ceiling (basement AP) and sitting in a corner (back room AP). 
• The most important aspects that I needed to have in a WLAN infrastructure were 802.3af PoE and a centralized management interface. Both points are met with the TP-Link EAP225 access points.
• Server upgrades. I went from a single, 4-bay Dell server with 32GB RAM and about 2-point-something TB of redundant storage space to a single, 2-bay Dell server with 32 GB RAM and just under 1TB of storage space for a few reasons. The primary reason was power consumption; I originally had both servers running 24/7/365 which was costing an arm and a leg, so I had to cut that down. I'm now running a single Dell PowerEdge 1950 which is absolutely perfect for the needs-versus-cost argument. Also, I pay about $20 per month for 2TB of Google Drive storage space (nice, huh?) for backups and media storage.
• Switching/network core upgrades. I am now operating two 48-port network switches (1 for PoE devices and 1 for non-PoE devices). I have a Nortel 4548GT-PWR Gigabit PoE switch for my WLAN power and a Nortel 5510-48T for wired devicess connections around the house. A few more upgrades are supposed to be arriving over the next three days: I have purchased a Nortel 5530 24-port switch, which has 12 GbE ports, 12 Gigabirt copper/SFP combo ports and 2 10GbE XFP ports. The 5530 will be an MDF of sorts; I plan on using its fiber-based ports to create a fiber network core in my home. I'll then use 4 of the copper-only ports to create a 4Gb backhaul to my router (also brand new! It's a MikroTik Routerboard and I freakin' love it!); I'll then use the SFP ports to connect my 4548GT-PWR to the MDF with a 4Gb backhaul as well. Finally, I plan to create a 2Gb copper connection between the MDF and my PowerEdge 1950 by bonding two copper ports on the MDF.
• Router upgrades. Back in January, I purchased a MikroTik RB2011UiAS-RM from Amazon for about $129.99 (possibly less). Since then, I've been constantly tinkering with it and have the following network setup (so far!):
• Untagged VLAN 1 is for the primary core of the network (wired and secure wireless connections). This WLAN has a MAC accress filter applied in whitelist form to allow only certain devices on it.
• Tagged VLAN 172 is for guest wireless connections (unencrypted, isolated network for whoever wants/needs to use it).
• Tagged VLAN 192 is for non-family, secure connections (trusted friends who just need secure Internet access)

If you'd like to see a PDF version of the upcoming network re-vamp, please click this link to view it in Google Drive.

That's all for tonight--me need sleep now.

My Favorite Technologies and Protocols

Based on the title of this post, you can guarantee that I've got to be one of the biggest friggin' nerds the world has ever seen. The bottom line here is that I love technology. Almost every aspect of (GOOD) technology fascinates me to no end.

My latest project that I am working on is a security-related idea of mine. My desire is, on my home network, to lock it down tighter than good ol' Fort Knox (tired on that expression yet?).  Yes, networking is probably my favorite part of computer systems. My grand idea this time is actually quite simple: implement 802.1x on my wireless network (check that one off!), get rid of Pre-Shared Key authentication (work in progress) and implement 802.1x on my wired network (work in progress). This completely prevents any unauthorized access to my network, thus protecting my data (or not).

Now another very simple method of protecting your data is permissions. First and foremost, whenever I setup a server, I always remove that damned entry in the list labeled "Everyone" as this effectively locks everyone out. To grant a user (or group) access to read/write/modify, simply add the user (or group if it's a larger environment so you don't have to add thousands or more individual entries) and grant them the most restrictive permission possible for them to do their job, but to also protect your crucial data. NTFS permissions are usually enough to ensure that only authorized people access data, but I don't stop there. I go a step further and remove "Everyone" from the share permissions (because I do lots of inter-network file sharing) and manually add specific users (groups) to have permissions.

To make sure my data and network are safe, I am actively snooping around my network as a lower-privileged user to look for holes. Since I'm using a basic user account and I have the knowledge of what is where, I can find flaws and turn around and patch them. 

Hopefully more to come later as I discover more and more technology!

Free Open Source Ghost (FOG)

I know that I haven't been religiously updating this blog or even checking it that much, but I am in a caffeine-fueled good mood right now, courtesy of my poison of choice: Mountain Dew. I want to talk about one of the best tools that I have found when it comes to managing massive amount of computers: FOG. It stands for Free Open Source Ghost, taking a poke at Symantec’s classic Ghost software. What’s so great about a free program? Absolutely everything. Let’s dive right in.

FOG, originally released on SourceForge.net on 8-29-2007,is a lot better than you would think (your thoughts probably courtesy of “You get what you pay for”) considering what it has available in it. A basic summary of what it can do: disk cloning, software deployment, memory testing, disk wiping, disk testing, antivirus and basic inventory, all wrapped up with a nice web GUI. Now that I’ve got your attention, I would like to go a little further in-depth with my favorite function.

Disk cloning. This is my favorite feature of FOG by far. Basically, you create one master image of a disk drive and you can deploy it endlessly to an unlimited number of machines, as long as they are of the exact same hardware configuration. If you’re not sure what you’re doing, don’t even attempt to deploy image A to computer type B, or however you want to phrase it. Windows doesn’t like that too much. So this process is done with a tool called PXE (pronounced “Pixie”) which allows a computer on a network to boot from a very slimmed-down operating (usually WinPE or PXElinux) and be configured from an image that sits on a server, or a fresh install of an operating system. I use PXElinux because it comes with FOG and requires no additional configuration. As I write this blog post, I am installing Windows 7 to show how FOG works. Keep this in mind, however: I am using a trial ISO of Windows, so I’m not installing it over the network; rather, I am using a “virtual CD” if you will:

Installing Windows 7 Enterprise on a VirtualBox Virtual Machine.

Now that it has finished installing and I have a fresh, working copy of Windows 7 to play around with, let's upload an image of it to FOG:

FOG login page.

Windows 7 VirtualBox Virtual Machine Booting from PXE.

FOG saving the Windows 7 image to the server.

One thing that I've noticed in the professional IT world over the past few years is that most mass-deployment tools that cost thousands and thousands of dollars, yet they still lack one feature that I love a lot: the web-based GUI! These programs require you to install a console application to whichever machine you want to use to control the deployment on machines, and it's usually not a small install (a few hundred MB, in my experience). A web-based GUI is a heck of a lot easier: just point your (already-installed) browser to the web server hosting your FOG installation and you're good to go. Granted, this method isn't the most secure, but if somebody can manage to crack a password stored on a remote computer, chances they are good enough to crack a Windows-based administrator password protecting your console software, too. This poses a question to consider: why make it harder on yourself if hacking is still a possibility? More importantly, shouldn't YOU as an IT professional know to use really strong passwords? :)

Ultimately, FOG is without a doubt the best software to use for cloning machines, if for nothing else the price alone.

To be fair, there is one major flaw with FOG: it's darn-near impossible to backup your configuration. Simple fix, though: virtualization. I use VirtualBox for hosting my virtual machines (if you couldn't already tell, based on the screenshots and me saying it so much). This makes backing up your FOG Installation very simple. Copy the VirtualBox files to another server and an external hard drive. Simply pull out your backup if anything goes wrong. After all, that's what backups are for, right? ;)

Enjoy and have a great day!

P.S. Need help with FOG or need more information? Leave a comment and let me know! I'd be happy to see what I can do to help.

Devices and their places in the world

Hello all! It's been a while since I last posted on here, and I came across a good idea to blog about that's been on my mind for roughly a few years now. Let's get started!

My feelings on computing devices and operating systems vary drastically from one to another. Something important I've realized, however, something that's an odd concept that I'm not sure many think about. One of the most basic (and important) things to consider when mass-deploying devices across any size business is the combination of the user's needs and abilities. I would like to provide come insight into my thoughts on which devices belong where. It's going to be tough to spell it out for me, but let's see how I do.

We'll start off with a very popular device: iPads. Now I know that I previously wrote a post about deploying iPads and how they're probably not the best devices to use in a business, but I realize that my thinking may a little too black-and-white and not enough gray shades. If you have a large mobile workforce, a few iPads are probably not a bad idea at all. My thinking? Mobile workers usually don't have too much easy access to outlets, and chances are good that their laptops' batteries are probably not the best if they're constantly plugged on when they're at the office or at home. iPads boast great battery life and if your users are properly trained on how to use these devices, the battery life can be even better than one might expect (teach them how to close an app all the way when they're done with it and not as much power is used; inform them it's best practice to simply press the power button when they take a break from a meeting; little things like these go a long way). If they're away on a two-week business trip, make sure they know to charge it when they first get back to their hotel room, for example, and to check it before they go to sleep. Also, once it's fully charged, turn it off and then remove the charger once it's fully turned off. These basic steps allow the batteries to last much longer.

Let's move onto another device family: Android devices. I have a Droid 4 by Motorola, and I'm also a big technology guy (duh). That being said, they aren't the best devices to have in an enterprise environment for one basic reason (please remember: this is only my opinion and I'm open to corrections): they're not the easiest or friendliest devices for the most technology-challenged users. I love the idea behind the operating system and how anybody with a few weeks' time and some researching skills can develop an app. Like I said earlier in this post, it's important to be practical and consider who is going to be using the devices you buy. While Android devices may be perfect for IT staff, they may not be so great for someone in the payroll department, for example. IT staff are usually more comfortable with poking around a device to figure out what's going wrong, whereas most "basic" users probably aren't. I can't stress this point enough: have your IT staff put themselves into others' shoes and then it's easier to decide what's a good device for users.

Another common family is Windows devices. The vast majority of the world uses Windows operating systems. With the end-of-support coming for Windows XP, people are getting a little bit nervous about how business will be conducted. Windows 7 is still readily available on a small scale, but it may be harder to obtain a Multiple-Activation Key (MAK) from Microsoft (usually with some kind of contract) for Windows 7. Contact your local Microsoft dealer sooner rather than later for information if you haven't already. At the risk of sounding paranoid, I would avoid Windows 8/8.1 for a while with all the NSA information that has been leaked. Even national governments around the world are warning companies to avoid this latest operating system from Microsoft. (More info here).

Linux operating systems are becoming more and more popular for a few reasons: price, security and functionality. A vast number of these distributions are free (this list is pretty good) and most are stable and secure, provided you verify they are directly from the organization that writes them. My personal favorite is Ubuntu. I also like Fedora. These are really the only two that I've had any experience with. These systems are also great for running server-side applications to manage your business (FOG for computer imaging, OpenLDAP for authentication) and free versions of commonly used client-side applications (OpenOffice, Firefox web browser [avoid using Chrome if possible]).

So, as an IT manager, you need to consider what your users need and how you will address their needs. Integrate various devices in your network. Just be sure to make sure everything will work ahead together ahead of time!

Enjoy your day!

A side note--I know I'm a day late for this, but it's still important to say: if you know a veteran, please thank them for all they do. I personally cannot thank them enough for all that they risk and sacrifice for people like myself who are so undeserving. I hope at least one veteran sees this and that they know I sincerely mean it.

iPads in an Enterprise Environment

Just a note: I'm not an Apple "fanboy." I just thought I'd give my two cents on iPads. That being said, let's get to to the post.

If you've ever used an iPad, chances are pretty good you most likely like it. They're beautiful devices that serve their purpose which is exactly what you want in a consumer-based item. They're great for games/apps, movie-watching and other media, but let me ask an important question: who has time to do that all day long? Surely most "average joes" certainly don't; we work (or go to school), some have families while others just get bored of watching movie after movie after movie. Let's look at a few reasons why they're not the best devices to use in your enterprise (encompassing governments, schools and retail/corporate environments).

Durability: These devices aren’t the most durable items in the world. Being made of glass, something falls on it and it’s most likely going to get broken. There goes (for a bare-minimum iPad) at the very least $500 USD. That’s a hefty chuck of change and I don’t think that your IT department is going to like having to shell out that money for a new one. This brings me to my next point.

Serviceability: Unless you’re a trained Apple technician, you probably won’t have the ability to fix them in-house (especially if you are managing hundreds of them), let alone the time. Two options at this point: buy a new one (expensive) or send it to Apple to be repaired (also expensive). In reality, most enterprise environments have some sort of IT department. Chances are that they aren’t working for free or out of the kindness of their hearts. Who wants to pay an in-house technician and Apple to fix your devices? That’s pretty much paying for the same thing twice and, last time I had heard, the point of a business was to make money.

Manageability: iPads aren’t the easiest things to manage. They’re not like PC’s where, when something goes wrong, it’s pretty easy to fix. Let’s face it folks: Apple devices most certainly do fail, despite what Apple tells their customers. There really is only Apple’s software (Configurator, I believe) to mass-deploy them. Apple lets very few others, if any, control their devices because they want your money. And to even use the Configurator, I believe that you need a Mac (correct me if I’m wrong, please). Ask yourself: do you really want to be that limited?

So in retrospect, why should businesses buy iPads? I really can’t think of any good, solid, concrete reasons. You’re paying a boatload of money to buy the device, then to mass-deploy them, then to repair them when the inevitable happens. iPads (and Macs, for that matter) are made from the same parts as Windows- and Linux-based devices, so they ultimately will fail and that’s something you need to count on. Seriously, everything’s all hunkey-dorey when they work, but a huge part of any massive investment is knowing how to keep it going for years and years to come. No CEO is going to authorize the purchase of 10,000 iPads with the hopes that everything will just work forever. That’s a whopping $5,000,000! That’s more than a lot of IT departments’ entire budget! Who wants to shell out everything they have with no backup plan?! Certainly not me.

That’s just my two cents on Apple devices with the main focus being put on the iPad. If I think of more, I'll post it later, but now I'm hungry (and my head hurts from listening to the Dropkick Murphys on full bass and high volume. Great band, by the way, just very loud!)

Enjoy your weekend!

My Home Network

Ever wondered about what geeks do in their free time? Before your mind hits the gutter, be realistic. Most  people around the world probably can't wait to get away from their job at the end of the day, have a nice dinner and just be with family. IT people are the same. Some like leaving work at work. Crazy idea, I know. Some people, on the other hand, can't wait to get home and work on their own personal network/computer/whatever. I'm one of those people.

I work for a school district's technology department. I love my job, but most nights after work I'm exhausted. That doesn't stop me from being on my computer for...well...the rest of the time that I'm awake. This stuff is how I make my living and, more importantly, how I enjoy myself. I like solving problems, fixing stuff and building things from the ground up (mainly networks, of course). All that being said, prepare for the nightmare that is my basement.

This first picture is an overview of what my home network looks like. (To me, it's the most amazing thing in the world. Not really, but whatever.) From the top left to the bottom right, the first item is my router. It's a Cisco Valet Plus M20 running DD-WRT. Great router, never really had any huge issues with it. It just sits there and works, passing packets right along. Cost me $60 USD on clearance.

Next up (top right): my NETGEAR GS724T Gigabit switch. This switch handles all the traffic in my house. It's basically what you would call an MDF (Main Distribution Frame).

Next shelf down on the left is my patch panel. Nothing special there, but it was a steal: the panel itself cost no more than approximately $25 USD and the bracket holding it cost about $20, so $45 total (no duh, Sherlock). It's Cat5e and that's where all the Ethernet wires around my house feed from. The color code is basic: black wires = standard, non-PoE ports, all Gigabit; the yellow wires are standard PoE ports for my access points; the orange wire is the VLAN for my family's laptop; finally the gray wire is the port outside (disconnected from obvious reasons). Also on this shelf is my UPS, which literally powers my entire network and is connected to the server to shut it down in the event of a power outage. Finally on this shelf is my Motorola SB6121 modem.

Moving down one more shelf is my server (in the picture there is an external drive running backups): this thing is a beast. 16GB RAM, two quad-core Intel Xeon processors, two 80GB 7200rpm drives (RAID 1) and two 1TB 7200rpm drives (RAID 1 as well). It's running two virtual machines (one for FOG imaging and the other as a second DNS server). It's my pride and joy and cost me a whopping $339 USD. Also, my outside access point is on top of the server just chillin' out.

The final shelf in the picture is my wireless system, consisting of an Aruba Networks controller (model 200; cost $325 for the controller and 8 access points) and a Nortel 10/100 PoE switch (model 460-24T-PWR, cost $50). Yes I know it's overkill, but I justify it by saying it is learning experience for later on in life. Also, when my tax return comes in, I'm probably going to upgrade to 802.11n access points (Aruba model AP125 is my target) and ditch the PoE switch; I'll most likely just use the 2 Gigabit PoE injectors and buy a third. Not the best method for powering wireless, but it should hopefully work.

Some close-ups: 

 Nortel & Aruba units

 Dell F1D server

 Patch panel and my crappy wiring system

Cisco Router and NETGEAR Switch, with a side of UPS (sorry for the horrible joke)

That's it for this post. Hope you enjoyed the virtual tour. I'll post as this changes.

Saving your company's hard-earned cash

Let's face it: I'm a total nerd. It's just what I do, and to be completely honest, I wouldn't have it any other way. I like to focus on some of the things that I find to be crucial to any technology-oriented business (so basically any business) or school district. I do have other interests, like politics and law and stuff like that, but my main hobby is technology. That being said, let's get down to my first blog post.

If you're like just about anyone else in the world, you love to save money. No big deal, most of us are like that, including myself. One of the best ways to save a boatload of money on technology items is simple: where possible, buy refurbished or even used: Buy it on eBay! Yes, that sounds a little crazy, but hear me out. Some basic reasons for doing something this drastic? Keep reading:

Cheaper - nine times out of ten, companies and schools need to save money just about everywhere they possibly can. So why not be a hero for your company and save them money on the little things? A shining example: my school district gives a laptop to everyone in the high school to use for their four years of high school. Obviously, keeping a $500+ laptop safe is a tough task for people who aren't on the "rougher" side of technology (a.k.a.: they aren't guys who fix what people break). Most people are pretty careful when they realize that the item they are carrying is worth a lot of money. Darn good thing, too. But even these people are still people: they make mistakes. Laptop parts and accessories constantly go bad; it's a fact of life so there's not too much point in worrying about it. What's a good way to counteract high costs that manufacturers impose for repairs? Buy it on eBay! Chargers are the most common item that I see break: they get tripped over, dropped, etc. A great way to save costs is to buy these sorts of items for cheaper than you should have to pay for them. Not every part can be substituted for a cheaper item, but most can. A charger for a Dell Latitude D630 laptop can be purchased on eBay for less than $15! I'm not sure how long that link will be good  for, so buy while you can!

Get rewarded - eBay has a great program that rewards their buyers for shopping with them: they'll give you 2% of what the item price to spend on their website. 2% of a $15 item is next to nothing (approximately thirty cents), but when your mobile workforce consists of thousands of people nationwide, why not receive something extra for your IT department's efforts? Let's do a little math here: $.30 x 1,000 workers' chargers broken = $300 to spend on other items you desperately need but can't afford at a cheaper rate as well.

Be protected - eBay has a great resolution center for the extremely rare problem that may arise: They get you to work with the seller of the item to fix it between the two of you. If the seller doesn't help you out or they just flat out ignore your requests for peace, not only does eBay cover your purchase, they'll also even let you leave a negative review about the seller to protect other buyers like yourself.

Help small businesses - many smaller retail businesses get a start (or supplement their income) by selling on eBay. The more you buy from them, the more people they will be forced to hire to help them cover all the shipping and listing and so on. This gives people more spending money in their pockets since they now have a job. The more diverse array of products you sell, the more likely your sellers will become your buyers: people hire new workers -> new workers get paid -> new workers see you helping them -> the more likely they are to help you out by buying from you when it's time to liquidate some old assets or when you are selling new items.

These things may have never dawned on you before, but now that they have, give them a try. I can't guarantee that you will be the happiest person ever, but your boss may like you more for pitching a great idea to him!