Network Infrastructure

Recently one of our client's Blackberry smartphones stopped receiving emails from their Blackberry Enterprise Server.  Usually resetting the device by pulling out the battery resolves issues such as this.  Ironically, she could send emails from the device just fine, plus the 10 other devices connected to their BES and network infrastructure were working normally.

RIM has several resolutions to this problem, which corrected the issue.  I first verified email redirection was enabled, and the correct inbox folders were checked.  Next I checked to make sure no email filters were enabled.  Finally, the resolution was regenerating the encryption key on the device.

1. Click Options > Security > Security Status Information

2. Scroll to the Services section.

3. Highlight the Desktop [SXXXXXXX] line.

4. Press the Menu key and click Regenerate Encryption Key.

After regenerating the key, all new emails were received to the device.

I recently had a project that required the installation of Microsoft Visio 2010 on my laptop for creating some network maps. I went through the normal install process as well as running all windows updates. I completed a document with no issues at all. The following day I opened that same file and went to edit an object and Visio would crash. After about thirty minutes of frustration I found my issue through even log digging. Of course it was the Send to Bluetooth addon! Way to go Microsoft yet another weird issue that the general user would have no clue how to diagnose... I will detail the fix for this issue below.

Cause -

Visio tries to access the send to Bluetooth feature which crashes. This appears to be a completely random event. Most likely when it tries to access the feature and it's not setup on the computer yet/

Resolution -

1. Open Visio **Important**  Hit Shift Key, then Right Click and "Run as Administrator"
2. Select Options from the menu (see below)
   
    
3. On the next window click Add-Ins.
4. At the bottom select COM Add-ins from the drop down and click "Go...."
   
    
5. On the COM Add-Ins window un-check the "Send to Bluetooth" and click OK.
   
    
6. You should notice that you next window will look like mine. if not you might have missed a step.
   

After completing the steps below please close Visio and re-open. (Good practice when making changes) Try completing the task that was crashing before you made changes and it should work fine now. 

This is one of the many day to day issues I take care of while providing network infrastructure support. Please feel free to comment or ask questions below.

Often times as a consultant I am asked to help with requests like this: How do I change my password in Outlook 2011 on my MacBook Pro? Well I figured I would start posting some of these quick fixes for anyone that might be dealing with them. 

The question was asked because of a password reset on the Active Directory user. This is one of the day to day tasks on a PC, but not as simple on a Mac. Here is the process -

1. Go to the Outlook menu bar and choose "Preferences" 
    
2. Select "Accounts" from the personal settings group.
   
   
   
   
    
3. Change the password in the "Password" field to the new one you have created. This window automatically saves any changes made.
    

Sometimes supporting Mac's in a companies network infrastructure presents new challenges. Skybyte consulting works with several clients that use Apple laptops and computers. I will post a few other fixes for some of the more odd Mac based issues we see in Microsoft based enterprises. Hopefully they can help some of you fellow IT pro's out there.

SkyByte Consulting has recommended Symantec Endpoint Protection and its managing capabilities to it's clients for a variety of reasons.  From the ease of deploying clients to end users and the ability to manage them all from one console makes Symantec Endpoint Protection a great Antivirus and Antimalware solution.  The Symantec Endpoint Protection Manager (SEPM) downloads definition updates from Live Update on a regular basis and then deploys the updates to each endpoint client connected to your network infrastructure.  Symantec releases several revisions throughout the day, so by only having to download one copy of the definitions to the SEPM rather than each individual client, you save bandwidth for other needs.

Recently I discovered a SEPM that had stopped receiving updates.  Rebooting the server had not helped and manually running LiveUpdate inside the SEPM would reply with "Error: LiveUpdate encountered one or more errors. Return code = 4".  According to Symantec, this could be a variety of reasons from network firewall security, IE's Enhanced Security, or a proxy.  I knew this was not the case and I was able to resolve this by following these steps:

1.  Stop the SEPM and SEP Embedded Database in Services.
2.  Uninstall Live Update from Programs and Features or Add/Remove programs
3.  Install Live Update from the SEP setup CD
4.  Open a command window, then browse to:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
Type lucatalog -update and press Enter.
5. Start the SEP Embedded Database service and then the SEPM service
6. Login into the SEPM and retry downloading updates from Live Update.

SkyByte Consulting is a premier provider of Virtualization solutions and technologies.


Recently SkyByte won an RFP for a major suburban park district near Chicago. SkyByte successfully beat out four other Chicago IT firms with our design and project pricing. The park district had approximately thirty aging physical servers well beyond their effective service life. Their server room consisted of two 42U racks full of old server equipment. SkyByte proposed a four server VMware vSphere Cluster connected to a NetApp 2040 SAN. Cisco switches were chosen and NFS was utilized for the storage area network. SkyByte architected a secure DMZ along with multiple production internal networks. The project had the added benefit of centralizing all of the organizations data within the new NetApp SAN. This further improved the organizations disaster recovery options.

SkyByte installed the new VMware vSphere cluster and virtualized all the old servers from P to V. The virtualization candidates were Microsoft Exchange, four Microsoft SQL database servers, file and print servers, application servers and many F5 load balanced web servers.  Upon completion of the project all old server equipment was removed, and a complete 42U rack was removed from the room. 84U U’s of space were reduced to 15U’s. Power and cooling requirements for the data room were reduced by more then 50%. The park district gained fault tolerance, and high availability; the system is designed to continue business operations with a two host failure. The organization also gained much more flexibility within their system to meet the public's needs. Other benefits have been much better performance logging and reporting. The organization has acknowledged system performance was dramatically improved across all servers.

SkyByte has been working with Virtualization technologies since 2003. Over the last several years we have focused our infrastructure practice on server virtualization and server consolidation through the use of VMware vSphere Clusters and standalone ESX and ESXi hosts. He have aligned ourselves with NetApp and EMC for storage solutions. SkyByte has found VMware’s virtualization product suite to be vastly superior to the competing server Virtualization software such as Hyper-V and Citrix XenServer. Specifically the levels of refinement, flexibility, reliability and support are much better with the VMware products.

Contact us today for a free evaluation of what Virtualization can do for your organization. 847.574.6256 or info@skybyte.com

San Fransisco, CA: Microsoft on Tuesday provided another glimpse at changes coming with the next-generation of Windows software that powers most of the world's computers.

Microsoft is making major improvements to a key Windows Explorer file management program to enhance how it interacts with the coming Windows 8 operating system, according to Windows division president Steven Sinofsky.
 
"Windows 8 is about re-imagining Windows, so we took on the challenge to improve the most widely used desktop tool in Windows," Sinofsky said atop a blog post detailing Explorer modifications.
 
"Windows Explorer is a foundation of the user experience of the Windows desktop and has undergone several design changes over the years, but has not seen a substantial change in quite some time," he added.
 
A control "ribbon" for commands was added to make them more easily accessible to people other than "power users" familiar with Windows Explorer shortcuts.
 
Engineers set out to "return Explorer to its roots as an efficient file manager and expose some hidden gems" in the form of handy commands many people may not know, according to Alex Simmons of the program management team.
 
Microsoft in June provided the first sneak peek at the successor to Windows 7, a next-generation operating system designed to work on both personal computers and touchscreen tablets.
 
Sinofsky demonstrated some of the features of the operating system code-named "Windows 8" at a D9 technology conference hosted by All Things Digital.
 
"Laptops, slates, desktops -- all can run one operating system," Sinofsky said.
 
"Windows 8" builds upon many of the features in Microsoft's latest mobile operating system for smartphones, Windows Phone 7, including the use of touch "tiles" instead of icons to launch and navigate between applications.
 
Microsoft has promised to reveal more features of Windows 8, which uses Internet Explorer 10 as a Web browser, at its developers conference in Anaheim, California, opening on September 13th

Nothing new has been released yet regarding new Windows Server 8 information and if Active Directory upgrades will need to be to unlock the potential for Windows 8 on current corporate network infrastructure.

1. Log onto BES/BESX Server
2. Open the user and choose delete user
3. It will prompt you Yes - Delete User or Yes - Delete the user and remove the BlackBerry information from the user's mail system (Choose User and BlackBerry Info)
4. Re-create user and set activation password
5. Activate phone.

• Sense
• Pictures of Contacts
• Improved screen sharing and document sharing capabilities
• Redesigned interface
• Improved IP Phone system compatibility
• And much more

Standards-

Wireless standards have stabilized substantially in recent years. The older 802.11a, 802.11b, 802.11g, and 802.11N standards are well accepted. While you still need to make sure that the hardware in your network will support whichever standard you decide to use, the odds are good that if you're OK with the speeds the standard provides, you're not going to have to worry about what will and won't work on your network.

802.11a – Up to 54Mb/s 75’-100’ Indoor range 5Ghz

Least used technology due to the cost when it was initially adopted. Now it’s cost is not much more than b or g. Since the 2.4 GHz band is heavily used to the point of being crowded, using the relatively unused 5 GHz band gives 802.11a a significant advantage. However, this high carrier frequency also brings a disadvantage: the effective overall range of 802.11a is less than that of 802.11b/g.

802.11b – Up to 11Mb/s 125’-150’Indoor Range 2.4Ghz

The dramatic increase in throughput of 802.11b (compared to the original standard) along with simultaneous substantial price reductions led to the rapid acceptance of 802.11b as the definitive wireless LAN technology.

802.11b devices suffer interference from other products operating in the 2.4 GHz band. Devices operating in the 2.4 GHz range include: microwave ovens, Bluetooth devices, and cordless telephones.

802.11g – Up to 54Mb/s 125’-150’ Indoor Range 2.4Ghz

This works in the 2.4 GHz band (like 802.11b), and was rapidly adopted by consumers when it was released in 2003. It shares the same bandwidth as the 802.11b standard, and also most standard wireless adapters support b/g. 80211.g still suffers like 802.11b in that even devices like wireless keyboards can affect its signal.

802.11n – Up to 300Mb/s 200’-230’ Indoor Range 2.4/5Ghz

802.11n is a recent amendment which improves upon the previous 802.11 standards by adding multiple-input multiple-output antennas (MIMO). 802.11n operates on both the 2.4GHz and the lesser used 5 GHz bands. It has the longest range and also the least interference of all of the standards.

 Note that in some cases, using different standards at the same time can hurt your network's performance. If blazing-fast performance is your number one priority for your wireless network, only allow 802.11n connections.

Security-

A wireless network creates security problems that wired networks don't have to face. Potential attackers can sit outside of your building, point an antenna, and potentially access everything you've got. It's well known in security circles that some attempts at wireless security are virtually pointless—it's said that the Wired Equivalent Privacy (WEP) standard has been completely cracked and a determined attacker can get through WEP protection in under a minute.

An enterprise environment should definitely support the Wi-Fi Protected Access 2 (WPA2) encryption standard. You might have older wireless equipment that isn't compatible with WPA2, but the risk of leaving your network exposed isn't worth taking for old equipment. Keep the older, pre-WPA2 equipment in mind, however—if you have older laptops or expect on-site guests with them, you'll need to provide an alternative, like a wired network.

Encryption isn't the only defense for your wireless network. Most enterprise-class wireless routers support VPN tunnels, and other features such as integration with a security suite are common. Remember that you have to protect your network, but also remember that advanced security features often carry a performance cost, so carefully balance your networks.

Performance-

Modern wireless routers can handle many simultaneous connections and lots of bandwidth, a major difference from less expensive SOHO routers. Plan ahead and know how much bandwidth and how many connections you'll need, though, because high-bandwidth applications and reliable connections are more vital as laptops and netbooks become more popular than desktops, even in enterprise settings.

An important consideration for wireless performance is range, but unfortunately your building, not your router, is probably going to be the biggest factor in range. It's probably not feasible to change your building's layout and construction materials for the sake of a wireless network, so plan to install repeaters for your wireless signal.

What Are Your Needs-

Wireless technology has advanced quickly in the last few years, so if you need a wireless network to perform certain task, chances are the equipment you need is available. The prices for wireless equipment vary by huge amounts, however, so take a thorough inventory of what you want to connect to your wireless network now and what you'll want to connect in the future.

What is your companies Network Security Policy? If you don't have one I suggest your perform Network Security Assessments and make sure that your putting the best effort you can into maintaing your data's safety.

Remember that you'll probably be connecting much more than laptops to your wireless network. Wi-Fi enabled smart phones are the norm now, and even devices such as media players and video game consoles have wireless access. There's no telling how people will want to use your wireless network in the next few years. SkyByte Consulting can assist with any of your companies network security projects from Cisco ASA firewalls, to Checkpoint support, VPN installations, and even performing network security assessments. 

• Assess your network infrastructure and decide if you need to acquire a new server or just require some server upgrades. Remember Exchange 2010 only runs on 64-bit versions of Server 2008 and R2. This also means you will need a 64-bit processor in your server.
• Do you currently use virtualization in your network infrastructure? If so you can virtualize your exchange server or servers using Microsoft Hyper V Server 2008,  Vmware Vsphere Installation, and other server virtualization systems.
• Download and read the Planning for Exchange 2010 and also the Deploying Exchange 2010 information on Microsoft's Technet site.
• Does your current network infrastructure design support an edge configuration, or will you be just installing a single server setup?
• If you are upgrading you can only upgrade from Exchange 2007 R2. This may require you to upgrade your exchange 2007 server to R2. If your running Exchange 2003 you will have to perform a migration.
• If your running an older network infrastructure like Server 2000 and earlier, it will require an Active Directory upgrade.
• Do your current email security solutions support Exchange 2010?
• When you finalize your plan also perform a business continuity risk assessment focusing on electronic communications for your business, and update your information Technology disaster recovery plan to include the new Exchange 2010 mail server or cluster. These are very important parts of the process that many neglect to do.

DirectAccess is a new technology in Windows 7 that eventually may replace traditional VPN installation solutions such as Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol/Internet Protocol Security (L2TP/IPsec), and Secure Socket Tunneling Protocol (SSTP). DirectAccess is an automatic connectivity solution that allows clients running Windows 7 to connect seamlessly to the corporate intranet the moment they establish any Internet connection. The adoption of DirectAccess will not occur overnight. Organizations have to make major changes to their network infrastructure, adopt new server and client technologies, and fully change over form IPv4 to IPv6.

DirectAccess is an always connected, IPv6, IPsec VPN connection. If Configured properly a computer or laptop is able to connect to the Internet, and direct access automatically connects the machine to their corporate network. DirectAccess differs from other VPN solutions in the following ways:

• The connection process is automatic and does not require user to do anything. The DirectAccess connection process starts from the minute the computer connects to an active Internet connection. To the user it appears that they are always connected to the company's intranet, whether they are sitting in the office or they are in their hotel room on a business trip. Traditionally, users must initiate VPN connections to the corporate intranet manually.

• DirectAccess is bidirectional, with servers on the intranet being able to interact with the client running Windows 7 in the same way that they would if the client was connected to the local area network. In many traditional VPN solutions, the client can access the intranet but servers on the intranet cannot communicate with the client. DirectAccess provides administrators with a more granular way of controlling what intranet resources are available to remote users and computers. Administrators can integrate DirectAccess with NAP to ensure that remote clients remain up to date with virus definitions and software updates. Administrators can also apply network security policies to isolate servers and hosts.

As you can see DirectAccess is a very useful technology for the corporate user. Although it will require most companies to upgrade their network infrastructure, the simplification of the users involvement compared to a typical VPN installation might outweigh the work involved to implement DirectAccess.

SkyByte is a security based service and solution provider dedicated to the delivery of secure data communications, risk management, data integrity and corporate privacy. SkyByte offers a wide array of IT consulting services such as the design and maintenance of firewalls, VPNs, LANs, WANs, VMware server virtualization, messaging systems and secure wireless networks.
 

An essential part of a proper Business Continuity Management Plan evolves monitoring the environmental conditions inside the businesses data center or computer room. Ensuring optimum temperature and humidity conditions will ensure maximum equipment life. This provides the the best equipment reliability, provides IT ROI to the business and reduces the risk of equipment failure.  

For the past several years, SkyByte has installed and utilized an IT room monitoring system from AVTECH to monitor and alert key personnel of environmental conditions such as temperature, humidity level, air flow, and much more.  The system connects into your existing network infrastructure providing a web page to view real time status of all sensors connected.  The system can also send alerts via email and other communication methods if a problem or sudden climate change occurs. This allows the IT staff or consultants to take immediate action before its too late.

Inside the IT equipment room of a client, SkyByte has installed the AVTECH system, which is a 19" rack mountable 1U control board with connections for various sensors and accessories.  With this installation, we have 2 temperature sensors, a flood detection sensor, a power loss detection sensor and an airflow sensor.   

The two temperature sensors provide us real time air temperature and humidity levels in the rear of the main server rack and the outlet vent of an air conditioning unit.  If we happened to lose air conditioning, the room temperature could climb significantly in just a matter of minutes, posing a major threat to the valuable equipment.

The flood sensor detects and alerts of any liquid that comes in contact with a cable around the perimeter of the room.

The power sensor plugs into an AC outlet and with detect and alerts of a loss in power.

The airflow sensor alerts if the air conditioning system unexpectedly stops running.


Relying on this system provides both SkyByte and the client piece of mind that the environment surrounding their crucial IT equipment is in check.

SkyByte is well versed in Business Continuity Management Plans & Disaster Recovery Solutions as well as wide array of IT consulting services. Call or email us today for more information.


SkyByte is a security based service and solution provider dedicated to the delivery of secure data communications, risk management, data integrity and corporate privacy. SkyByte offers a wide array of IT consulting services such as the design and maintenance of firewalls, VPNs, LANs, WANs, VMware server virtualization, messaging systems and secure wireless networks.