Archive for October, 2006

Practical ILM for Small Businesses: Information Life Cycle Management (ILM)

Thursday, October 26th, 2006

The amount of data used by Small Businesses is on target to rise 30% to 35% in 2006. Sarbanes-Oxley, HIPPA and SEC Rule 17a-4 have introduced new regulations on the length of time data must be kept and in what format. Not only must data be kept, it must be backed up and secured. These factors have the cost of data storage for the Small Business increasing exponentially.

Corporations valued at more than 75 million dollars are generating 1.6 billion gigabytes of data per year. Small and medium sized companies can reap the benefits of developments being made with larger corporations. Different methods and classifications for data are one of these.

Information Lifecycle Management (ILM) is a process for maximizing information availability and data protection while minimizing cost. It is a strategy for aligning your IT infrastructure with the needs of your business based on the value of data. Administrators must analyze the trade-offs between cost and availability of data in tiers by differentiating production or transactional data from reference or fixed content data.

ILM includes the policies, practices, services and tools used to align business practices with the most appropriate and cost-effective data structures. Once data has been classified into tiers then storage methods can be chosen that are in line with the business needs of each organization. The policies to govern these practices need to be clearly documented in order to keep everyone working towards the same goals.

Storage Classification

Online storage is highly available with fast and redundant drives. The XRAID and XSAN are considered online storage, which is best used for production data as it is dynamic in nature. This can include current projects and financial data. This data must be backed up often and be rapidly restored in the event of a loss. It is not uncommon to use an XRAID to backup another XRAID for immediate restoration of files and a Tape Library to maintain offsite backups of the XRAID.

Offline storage is used for data retained for long periods of time and rarely accessed. Data often found on offline media includes old projects and archived email. Media used for offline storage is often the same as media used for backup such as tape drives and Optical media. When referring to offline storage we refer to archives, not backups. Archives are typically static whereas backups are typically dynamically changed with each backup. Offline storage still needs to be redundant or backed up, but the schedules for backup are often more lax than with that of other classifications of storage. In a Small or Medium Sized company offline media is often backed up, or duplicated, to the same type of media that it is housed on. There may be two copies of a tape (one onsite and one offsite) or two copies of DVD’s that the data has been burned onto, with each copy stored in a different physical location.

Near-line storage bridges the gap between online and offline storage by providing faster data access than archival storage at a lower cost than primary storage. Firewire Drives are often considered near-line storage because they are slower and usually not redundant. Near-line can refer to recent projects, old financial data, office forms that are updated rarely and backups of online storage to be made readily available for rapid recovery. Backup of Near-line storage will probably be to tape.

Data Classification

Mission Critical data is typically stored in online storage. This data is the day-to-day production data that drives information-based businesses. This includes the jobs being worked on by designers, the video being edited for commercials and movies, accounting data, legal data (for law firms) and current items within an organizations groupware system.

For the small business, Vital and Sensitive data are often one and the same. Vital data is data that is used in normal business practices but can be down for minutes or longer. Sensitive data is often accounting data that a company can live without for a short period of time, but will need to be restored in the event of a loss in a short amount of time. Small business will typically keep Vital and Sensitive data on the same type of media but may have different backup policies for it. For example, a company may choose to encrypt sensitive data and not vital data.

Non-Critical data includes items such as digital records and personal data files of network users. Non-Critical data could also include a duplicate of Mission Critical data from online storage. Non-Critical data often resides on near-line or off-line media (as is the case with Email archives). Non-critical data primarily refers to data kept as part of a companies risk management strategy or for regulatory compliance. This includes old emails and financial records and others.

Classification Methods

The chronological method for classifying data is often one of the easiest and most logical. For example, a design firm may keep their mission critical current jobs on an Xraid, vital jobs less than three months old on a Firewire drive attached to a server and non-critical jobs older than three months on backup tapes or offline Firewire drives. It would not be possible to implement this classification without having the data organized into jobs first. Another way to look at this method is that data over 180 days old automatically gets archived.

This characteristic method of data organization means that data with certain characteristics can be archived. This can applied to accounting and legal firms. Whether a client is active or not simply represents a characteristic. If a type of clothing is in style or not represents another possible characteristic. Provided that data is arranged or labeled by characteristic, it is possible to archive using a certain characteristic as a variable or metadata. Many small and medium sized companies are not using metadata for files yet, so a good substitution can be using a file name to denote attributes of the files data.

The hierarchical method of data organization means that files or folders within certain areas of the file system can be archived. For example, if a company decides to close down their Music Supervision department then the data stored in the Music Supervision share point on the server could be archived.

Service Level Agreements

The final piece of the ILM puzzle is building a Service Level Agreement for data management within a company. This is where the people that use each type of data within an organization sit down with IT and define how readily available that data needs to be and how often that data needs to be backed up.

In a Small Business it is often the owners of companies that make this decision. In many ways, this makes coming to terms with a Service Level Agreement easier than in a larger organization. The owner of a small business is more likely to have a picture of what the data can cost the company. When given the cost difference between online and near-line storage, small business owners are more likely to make concessions easier than managers of larger organizations who do not have as much of an ownership mentality towards a company.

Building a good Service Level Agreement means answering questions about the data, asked per classification. Some of the most important questions are:

How much data is there?How readily available does the data need to be?How much does this cost the company, including backups? Given the type of storage used to house this data, how much is it costing the company? If nearly half the data can be moved to near-line storage what will the savings be to the company? In the event of a loss, how far back in time is the company willing to go for retrieval? Is the data required it to be in an inalterable format for regulatory purposes? How fast must data be restored in the event of a loss? How fast must data be restored in the event of a catastrophe? Will client systems be backed up? If so, what on each client system will be backed up?

Information Lifecycle Management

Most companies will use a combination of methods to determine their data classification. Each classification should be mapped to a type of storage by building a SLA. Once this is done software programs such as BRU or Retrospect can be configured for automated archival and backups. The backup/archival software chosen will be the component that implements the SLA, so should fill the requirement of the ILM policies put into place.

The schedules for archival and backups should be set in accordance with the businesses needs. Some companies may choose to keep the same data in online storage for longer than other companies in the same business because they have invested more in online storage or because they reference the data often for other projects. The business logic of the organization will drive the schedule using the SLA as a roadmap.

Setting schedules means having documentation for what lives where and for how long. Information Lifecycle Management means bringing the actual data locations inline with where the data needs to be. Once this has been done, the cost to house and back up data becomes more quantifiable and cost efficient. The SLA is meant to be a guideline and should be revisited at roadblocks and intervals along the way. Checks and balances should be put into place to ensure that the actual data management situation accurately reflects the SLA.

ILM and regulatory compliance are more about people and business process than about required technology changes. The lifecycle of data is important to understand. As storage requirements spiral out of control, administrators of small and medium sized organizations can look to the methods of Enterprise networking for handling storage requirements with scalability and flexibility.

Adding Alternate Listening Ports for Postfix in Mac OS X Server’s Mail Server

Thursday, October 19th, 2006

Many ISPs and hotels block outbound SMTP on port 25 in an effort to prevent spamming. This poses problems for mobile users who wish to send mail through their office’s mail server.

It is possible to add listening ports for SMTP in Postfix. There are two procedures that will work:

Adding port 587 for SMTP submission
Port 587 is the standard port that many ISPs and hotels allow for outbound SMTP. To enable this port:

Open up /etc/postfix/ (you will need to open as root or sudo)

Uncomment the following line:
submission inet n – n – - smtpd

Open up the submission port (587) on your firewall and if necessary, set up port forwarding to the mail server on 587.

Adding other ports for SMTP submission
318’s preferred alternate SMTP port is 443 because ISPs and hotels rarely block this port and SPI will usually not be scanning this port’s traffic because traffic on port 443 is usually encrypted and therefore not easily inspected. To enable this port:

Open up /etc/postfix/ (you will need to open as root or sudo)

Add the following line in along with the other services:

443 inet n – n – – smtpd

To use a different port number, change 443 to whatever port you wish to use.

Networking and Microsoft Windows

Wednesday, October 18th, 2006

Basics of using Windows on a Network:

The following will be based on a Windows 2000/XP/Media Center box.

Connecting a Windows box to a network using TCP/IP.
As a user with proper permissions (usually administrator, or a user with administrator permissions), open up network settings, determine which network card you want to use, and right mouse click on it.

After that, click on Properties. You may need to add TCP/IP under network settings. If this is already there, you should check the properties for TCP/IP for some things.

Checking properties under TCP/IP:
Once you click to view the properties of TCP/IP, you will see a tab for network, and WINS. Depending on the setup, you will probably want to leave the settings alone if there is already a DHCP and DNS server on the network. If not, this is where you would specify an IP address, Subnet, Gateway, DNS servers, and WINS server if applicable.

Connecting to a wired network
There are a couple of ways to connect to a wired network. You can have a DHCP server on the subnet, and if the jack you have connected to the same subnet, and Windows is set to Automatically Obtain and IP Address and DNS address, then it will automatically receive the proper information for an IP address, Subnet, DNS, and Gateway (as long as the DHCP server is setup correctly).

MSCONFIG is the command to bring up the GUI for the Microsoft Configuration Panel which will allow you to perform basic troubleshooting on the computer. You can select which items you want to startup in the background, and you can also select to have it startup in safe mode from MSCONFIG. It is often used when a bad program that runs in the background is installed, and you want to eliminate it from booting and starting with the user logging in.

Eliminating Spyware and Viruses.
Ideally, a client should have some sort of malware security suite that will monitor for and remove/quarantine any malware detected. It is important that if the client has the software, that the software be constantly updated. If the software is not updated, it is possible for a new exploit to harness a vulnerability to install malware. To remove malware, you should try scanning using free tools such has Panda Online, Adaware, Spybot Search & Destroy, Ewidos, Hijackthis, CWShredder. You should first scan in safe mode, and MAKE SURE that in MSCONFIG EVERYTHING IS ENABLED. You should also make sure that System Restore is turned off (this is a place where malware likes to reside to resurrect itself if it is deleted).

First, use Hijack this, and note what the settings are. After scanning, remove as many malwares and you can, reboot in safe mode, and repeat the removal process. Run Hijack this again, and note any changes. Look up in forums on the Internet to see if anything remaining in Hijack this is considered bad, if so, make a backup of all of your settings, and proceed with caution. If removing the malware is going to take longer than a re-install and the client has a backup of their important documents, it may be wiser to just perform a re-install.

There are three ways you can setup a printer.
1. You can use the installer that came with the printer to install it, and this will often times come with other programs that will help you run diagnostics on the computer.
2. If the printer is plug-and-play and the drivers are built into the Windows OS, then all you have to do is plug the printer in, and it should be recognized.
3. If the printer is networked, you can use the UNC to connect to the computer that is sharing the printer, and then double-click the printer to install it (the driver has to be either on the client computer or the print server). You can also click the add printers icon in Control Panel and select check for network printers, and this will scan Active Directory for any computers that may be part of the directory, and allow you to install the printer as if it was a printer connected to a peer-to-peer print server.

Command Line
There are many things that can be done through command line. Here are the following useful commands:

Netstat –A: Shows you what the computer is connected to (ports) and is listening on.
Ping : Allows you to send an ICMP echo to check to see if there is a live network interface on a computer (some servers and firewall will purposely not send an an echo back for security reasons)
Nbtstat –A: Allows you to check what shares are available on a particular computer.
Tracert: Show how many hops to a destination there are, and what the times are on said hops.
Arp: Will show you a table of all
Whoami: On a server, this will show you who you are logged in as, and what the computer name is
Net use: Will allow you to map a drive or a printer
Net stop : Will allow you to stop a service via the command line.
Ipconfig : will allow you to view the address information on an interface, or release and renew an IP address.
Route : Will allow you to add dynamic or static routes to the routing table of the workstation or server.

Some malware can install itself as a services, so you may want to periodically check to see if there are any unusual services running on a computer. If the computer is a server, keep in mind, that the more services there are, the longer it will take for the server to reboot, or boot up. A lot of times, MS Exchange is the biggest offender of causing a server to come up or go down slowly. You should stop the Exchange services before shutting down, or rebooting, to shorten the time it takes for a server to go down.

Wireless Networking

Friday, October 6th, 2006

Wireless networks use high frequency radio signals to connect computers to each other and to shared-resources for the transmission of data such as files, images or connection to the internet. This type of network is known as a Wireless Local Area Network (WLAN).
Wireless networks offer most of the same ability as a traditional wired LAN. If your wired network has the ability to access the Internet today, then your wireless LAN will be able to as well.
A wireless LAN typically consists of two components; a wireless network card and an access point. The access point serves as an aggregate point for all wireless LAN communications within it’s range.
The access point connects to a traditional wired LAN to provide access to existing applications and services. Each computer with a wireless network card can roam about freely within the range of the access point and have connectivity to other wired and wireless resources through the access-point.
In larger environments multiple access points are deployed to provide greater coverage throughout a floor or entire building. This gives complete mobility for any number of devices. In this situation connectivity is maintained uninterrupted from one access point to another. This is referred to as roaming and is analogous to cellular phone service we use today.
Using technology based on the 802.11a, 802.11b, or 802.11g industry standards, we can design your network to support data rates from 11 Mbps to 54 Mbps with maximum throughput.
An access point when paired with a wireless network card provides wireless network communications. It’s closest equivalent in the wired LAN is a hub or switch.
Although access points typically transmit signal from 100 meters to 300 meters, when combined with advanced antenna designs we can implement your network to support ranges as far out as ½ mile (or greater). Conditions like the composition of walls, antenna placement and other variables play a role in this effective distance.
Ad hoc is a mode of operation which allows computers to communicate wirelessly amongst themselves without an access point.
It’s generally recommended to always have an access point when more than two computers need to communicate to each other wireless or when connectivity to a wired LAN is required.
This varies significantly from one manufactures’ access point to another but a practical estimate is 15 to 20 users per access point.
Three18 delivers solutions based on the 802.11b, 802.11a, or 802.11g standards. This technology is not only cost effective but also provides excellent performance. The definitions for these standards are as follows:
IEEE 802.11b is a technical specification issued by the Institute of Electrical and Electronic Engineers (IEEE) that defines the operation of 2.4 GHz, 11 Mbps, Direct Sequence Spread Spectrum Wireless Local Area Networks (WLANs). The 802.11b standard ensures that all wireless Ethernet products built to this standard are compatible.
IEEE 802.11g is a technical specification issued by the Institute of Electrical and Electronic Engineers (IEEE) that defines the operation of 2.4 GHz, 54 Mbps, Direct Sequence Spread Spectrum Wireless Local Area Networks (WLANs). The 802.11g standard ensures that all wireless Ethernet products built to this standard are compatible and backwards compatible with 802.11b.
IEEE 802.11a is a technical specification issued by the Institute of Electrical and Electronic Engineers (IEEE) that defines the operation of 5 GHz, 53 Mbps, Direct Sequence Spread Spectrum Wireless Local Area Networks (WLANs). The 802.11g standard ensures that all wireless Ethernet products built to this standard are compatible and will co-exists with other wireless specifications.
Solutions deployed by Three18 integrate the highest levels of security for protecting student grades, test scores, attendance records, or sensitive administrative files. In addition to the standard wireless security options such as 128-bit data encryption and MAC address filtering, our solutions include National Institute of Standards and Technology (NIST) certified wireless security techniques that are currently being used by the Department of Defense wireless networks.
This varies from one manufacture to the other but in general you can expect that all major operation systems are supported (i.e. Microsoft Windows 98, ME, 2000 Professional & Server, Mac OS, Linux, etc.)
It is possible today to build an entire network based on wireless technology. But in most cases an environment will have an existing wired LAN that they will wish to extend via wireless to leverage some of it’s advantages. Over time there should be a shift to more exclusively wireless LANs.
802.11a /802.11g are IEEE standards for faster and more capable wireless LANs. The answer to this question depends on the applications that you want to run over the network and whether there is an existing 802.11b network in place. Applications that require higher data rates such as video streaming would operate more efficiently on 802.11a and 802.11g networks. If you have an existing 802.11b network in place there are interoperability issues that must be considered.
For 802.11g networks, there are no limitations with existing networks since both operate on the same 2.4 GHz radio frequency. This is the main advantage of using 802.11g.
Since 802.11a networks transmit signals over a 5 GHz frequency, 802.11b clients will not communicate with 802.11a access points and vice versa. The good news is that the technology providers have begun offering “dual band client cards” so that end-users can roam between the different network implementations.
Bluetooth is a 1 Mbps technology designed for low cost and low power to connect personal devices such as cell phones, PDA’s, notebooks and other personal devices. 802.11b is a full LAN connectivity solution, designed to provide full network services at Ethernet data rates. 802.11b and Bluetooth both operate in the 2.4 GHz frequency range using different types of spread spectrum technology.
The Wireless Ethernet Compatibility Alliance (WECCA) was established in 1999 to certify interoperability of Wi-Fi (IEEE 802.11) products and to promote Wi-Fi as the global wireless LAN standard across all market segments.
Wi-Fi is an certification for 802.11b devices. All current product offerings are certified by WECA for Wi-Fi compliance in order to insure seamless interoperability with other manufacturers products.

A wireless network provides fast and flexible access to centralized content for applications particular to their environments. With this technology, organizations can establish network connectivity anywhere within the designed coverage area including conference rooms, offices, outdoor structures, and difficult to reach locations. Organizations can achieve gains in productivity by utilizing mobilized computers for real time applications such as data entry, inventory control, attendance, and etc. A wireless network infrastructure can also offer cost advantages over traditional wired systems through the elimination of the need to run expensive conduits and cable.

Installing PerfectFit On Windows

Friday, October 6th, 2006

Perfectfit installation from another computer.

Perfect fit can be installed from an installer, or from copying the appropriate directories and files over from a functioning version of Perfectfit.

On the functioning computer navigate to the Program Files directory, and copy the Omni fonts folder to the target computer. Register the fonts in the fonts part of Control Panel of the target computer. Copy the entire Omni folder, and delete the “path” text file on the target computer.

Drag the file named “PF51O.LBR” to “OMNI57”. Make a shortcut of PF510.lbr to the desktop (this will be their PerfrectFit application launcher). Open Perfectfit through the shortcut, locate the Perfectfit file (this will create a new path text file). Log in with working credentials. They will no longer be prompted about bad fonts, or about locating the Perfectfit file when running the application.

This would conclude installing Perfect Fit on a Windows workstation.