Archive for February, 2009

File Replication

Thursday, February 19th, 2009

Performing replication between physical locations is always an interesting task. Perhaps you’re only using your second location for a hot/cold site or maybe it’s a full blown branch office. In many cases, file replication can be achieved with no scripting, using off the shelf products such as Retrospect or even Carbon Copy Cloner. Other times, the needs are more granular and you may choose to script a solutions, as is often done using rsync.

However, a number of customers have found these solutions to leave something to be desired. Enter File Replication Pro. File Replication Pro allows administrators to replicate data between two locations in a variety of fashions and across a variety of operating systems in a highly configurable manner. Furthermore, File Replication Pro provides delta synchronization rather than full file copies, which means that you’re only pushing changes to files and not the full file over your replication medium, greatly reducing required bandwidth. File Replication Pro is also multi-platform (built on Java), allowing administrators to synchronize Sun, Windows, Mac OS X, etc.

If you struggle with File Replication issues, then we can help. Whatever the medium may be, give us a call and we can help you to determine the best solution for your needs!

Tags: , , ,
Posted in IT Management, Linux, Mac OS X, Mac OS X Server | Comments Off

Automating Craigs’ List

Tuesday, February 17th, 2009

Craigs’ list is a great place to find all kinds of things.  But sometimes you need to keep looking for something, over and over for months on end until you find it.  Maybe it’s something you just don’t want to pay for or maybe it’s someone that wants that thing you just don’t want to throw out (like that bondi blue iMac).  Either way, there’s a site that will search Craigs’ List for you and  email you when a pattern that matches your search appears.  Simply do a search on Craigs’ List, copy the URL from your address bar in your web browser and then open CraigsListWatch.com. Here, you can paste in the URL, enter your email address and every other hour they will look for new postings that match your criteria. This is a great way to take so much stuff and automate your searches, without having to write an Automator workflow to do so!

Tags:
Posted in General Technology | Comments Off

Terminal Server 2008 Load Balancing

Thursday, February 12th, 2009

Load balancing is fairly straight forward in Microsoft Windows Terminal Server 2008.  Before you get started you’ll need to have multiple terminal servers, a Windows 2008 Active Directory environment and a centralized location to store your user profiles. 

When setting up Terminal Servers with load balancing and redirected profiles, no single terminal server should get overloaded by users while another terminal server sits idle.  When a user tries to connect to the terminal server, the master terminal server checks the load on each one of the servers.  It then logs the user into the terminal server with the least load.  Since redirected profiles are setup, every user that logs in will have all of their desktop items, documents folder and pretty much everything that they will need.  The user does not even need to know that they are on a different terminal server then they were the last time that they logged in.

To install Terminal Server clustering first verify that you meet the prerequisites of centralized home folder storage, Active Directory 2008 and multiple terminal servers.  Then install the TerminalServer Session Broker service on each one of the servers.  Then on one of the servers, you need to add all of the terminal servers into the session directory under groups in Local Users and Groups.  You only need to add it on one server and the change will replicate.

The next thing you need to is setup an alias and put all of the IP addresses for the terminal servers to be associated with that alias.  Once complete, when you do an nslookup on that alias, it should display all of the IP addresses that you entered.           

Then you will need to make some changes to group policy.  It appears that you must have a 2008 Domain Controller setup with the most upgraded schema to be able to do this.   Go to Computer Settings -> Policies -> Administrative Templates -> Windows Components -> Terminal Services -> Terminal Server and then TS Session Broker.  In here you need to put the name of the alias under Configure TS Session Broker Farm Name.  Then put the name of main terminal server in Configure TS Session Broker name.  Also you need to enable Join TS Session Broker and also User TS Session Broker Load Balancing.  After you have that setup, save the Group Policy Object (GPO) and attach it to the Organizational Unit (OU) that holds the terminal servers.

Once your group policies are in place you can focus on making the lives of your users a bit easier by enabling redirected user profiles.  First, you will need a place to put all of the user profiles.  Then you will want to move all of the users that need to access the terminal servers into a new Organizational Unit, create a new group policy object and enable folder redirection.  To enable folder redirection, go to User Configuration -> Policies -> Windows Settings and then Folder Direction.  Here, enable each folder redirection policy that you feel the users in the organization will need (this is different for everyone and can require a little testing to get it perfect).  While the choices are a lot to consider at first, Appdata, Desktop and My Documents are the most standard ones to choose and represent a great starting point.  The basic setting is what you will most likely want to use and then just put the root path to your profile in.  It will then give you an example of where everything will be stored and you will verify that the user names and the folders that you created on the network share are the same.

Once all of the users will be able to log into any of the terminal servers and get the same exact environment no matter which server they log into you are mostly done.  Setting up load balancing, the worry of one terminal server being over used is no longer something you need to worry about with 2008.  Once the cluster is setup, the master terminal server will take care of the rest.  

Posted in General Technology, IT Management | Comments Off

Citrix XenApp: New Look, New Features, Same Great Product

Wednesday, February 11th, 2009

Citrix XenApp has been around much longer that its new name would suggest. Formerly known as MetaFrame Presentation Server, XenApp has been a reliable solution for many years. It is the premier solution for application publishing and remote workplace access, while it also helps to ensure the highest level of security with built-in encryption.

 

Customizable Citrix Authentication Window

Customizable Citrix Authentication Window

XenApp provides a seamless workplace environment that enables IT departments to centralize the management of data and resources in a granular and automated fashion. As all of your information is hosted on company servers as opposed to being distribution across numerous client machines there is an inherently lower security risk of data being compromised, virus infestations and of course untrustworthy users.

 

XenApp is one of the most mature products of its type. XenApp provides greater advantages over most remote workplace applications in that it utilizes software that enables it to run across all platforms of systems. This ensures Windows, Mac and even Unix/Linux clients can access the same information in exactly the same way – using the native Windows applications published through a web or Citrix client interface. A unified approach to management drives down administrative overhead and expense by allowing IT departments to focus on one interface rather than having to support various individual systems all with their unique quirks or configurations.

Citrix in URL

Citrix in URL

 

With Citrix, a user simply browses to the website where the Application is hosted and logs in. From there, the end-user has access to all the applications that they have been granted access to.

Citrix Application Selection Dialog

Citrix Application Selection Dialog

 

Access to applications can be based on granular, user based settings or as a result of larger, more scalable group memberships either local to the Citrix server or based on Active Directory. Either way, each unique user can be provided a very specific and unique user experience tailored to their needs. For some users, you may allow access to a full Desktop environment while for others you may limit access to only a small subset of applications.

Citrix in Action

Citrix in Action

 

When you are looking to have an enterprise-level deployment of Mac OS X, Citrix can help to ease the transition burden. For example, many applications are not available to the Mac. If Mac OS X users are not able to access the corporate ERP system then they are not full citizens of the enterprise. The same goes with obtain support for various browser incompatibilities that may exist with corporate Intranets and obtaining features not available in the Mac versions of applications, such as being able to auto-archive in Microsoft Outlook (which is not a feature of Entourage). All-in-all, Citrix can help you ease into an enterprise switching campaign rather than force all of your users into a culture shock of new applications, new ways of doing things and compatibility problems.

Citrix is also a scalable solution. The clustering options in XenApp are far easier to configure than with Windows Terminal Server. The failover is fast and less infrastructure is required as the Citrix server is able to manage most of the workload.

318, Inc is a trusted Citrix Partner well versed in providing Remote Workplace and Application Publishing connectivity for organizations in both homogenous and heterogeneous environments. Allow our highly-skilled technology consultants assess and recommend the ideal Remote Workplace solution for your organization.

Tags:
Posted in General Technology, IT Management | Comments Off

Xsanity article on Configuring Network Settings using the Command Line

Tuesday, February 10th, 2009

We have posted another article to Xsanity on “Setting up the Network Stack from the Command Line”. An excerpt from the article is as follows:

Interconnectivity with Xsan is usually a pretty straight forward beast. Make sure you can communicate in an unfettered manner on a house network, on a metadata network and on a fibre channel network and you’re pretty much good to go. One thing that seems to confuse a lot of people when they’re first starting out is how to configure the two ethernets. We’re going to go ahead and do two things at once, explain how to configure the interface and show how to automate said configuration from the command line so you can quickly deploy and then subsequently troubleshoot issues that you encounter from the perspective of the Ethernet networks.

View the full article here.

Posted in General Technology | Comments Off

Shared Memory Settings Explained

Friday, February 6th, 2009

Shared memory is a method of inter-process communication (IPC), where two processes communicate with each other through shared blocks of RAM. Because communication is resident in RAM, shared memory allows for very fast communication between processes. There are significant drawbacks to shared memory; one obvious limitation is that all communicating processes must exist on the same box. Additional complexities with the implementation of shared memory means that it is typically relegated to lower-level, performance oriented systems, such as databases or backup systems.

In OS X, these settings MUST be tweaked if you are expecting to backup significant amounts of data with any semblance of speed or stability. I can confirm that both TiNa and NetVault use shared memory for IPC. Other products such as Retrospect or PresStore utilize other IPC methods, such as named pipes.

kern.sysv.shmall
shmall represents the maximum number of pages able to be provisioned for shared memory. It determines the total amount of shared memory that the system can allocate. To determine total system shared memory, multiply this value by the size of the page file. The page file size can be determined via `vm_stat` or `getconf PAGE_SIZE`. A typical page size is 4KB, 4096 bytes.
In OS X, Apple uses extremely conservative settings for shmall. At 1024, OS X defaults to only 4MB of shared memory.

kern.sysv.shmseg
shmseg represents the maximum number of shared memory segments each process can attach. Default in OS X is 8.

kern.sysv.shmmni
shmmni limits the number of shared memory segments across the system, representing the total number of shared memory segments. Default in OS X is 32.

kern.sysv.shmmin
shmmin is the minimum size of a shared memory segment, this should pretty much never need modification. Default is 1.

kern.sysv.shmmax
shmmax is the maximum size of a segment. Default in OS X is 4 MB, 4194304.

Suggested Settings:

512MB of shared memory
kern.sysv.shmall: 131072
kern.sysv.shmseg: 32
kern.sysv.shmmni: 128
kern.sysv.shmmin: 1
kern.sysv.shmmax: 536870912

1GB Shared memory
kern.sysv.shmall: 262144
kern.sysv.shmseg: 32
kern.sysv.shmmni: 128
kern.sysv.shmmin: 1
kern.sysv.shmmax: 1073741824

Posted in Mac OS X, Mac OS X Server | Comments Off

The Time Machine Safety Net

Monday, February 2nd, 2009
Time Machine utilizes Leopard’s new MAC framework, providing a “safety net” to ensure the integrity of your backups. Access control provisions are applied via a kernel extension located at /System/Library/Extensions/TMSafetyNet.kext, which makes calls to _mac_policy_register and _mac_policy_unregister. All of this results in a backup set which contains data which is immutable via standard means. For instance, attempting to delete a Time Machine backup via the cli utility ‘rm’ will result in failure, as well as any other cli file operation utility which attempts to alter Time Machine backups. 
It seems that the system enforces the restrictions based upon all of the
following conditions being met:
  1. Has ACE ‘group:everyone deny full control’
  2. Resides in a directory “Backups.backupdb” located at volume root with the same deny ACE

Steps to create the safety net:
 

$mkdir -p /Backups.backupdb/test/test1
$chmod -R +a# 0 "group:everyone deny add_file,delete,add_subdirectory,
delete_child,writeattr,writeextattr,chown" /Backups.backupdb/
$rm -rf /Backups.backupdb/test
rm: /Backups.backupdb/test/test1: Operation not permitted
rm: /Backups.backupdb/test: Operation not permitted

Attempts to alter this data is then unsuccessful. However, there are a few back doors here. There exists a cli binary at /System/Library/Extensions/TMSafetyNet.kext/Contents/MacOS/bypass
which allows you to supply a command + args as an argument and completely bypass the access restrictions. Likewise, GUI level apps can delete these items by escalating via the authorization trampoline.

Posted in General Technology, Mac OS X | Comments Off