According to a press release currently making the rounds, the Retrospect product has now been sold to Sonic Solutions, the makers of Roxio. To quote the press release:
We are pleased to let you know that Sonic Solutions purchased the Retrospect backup and recovery software from EMC on May 18, 2010 and is responsible for all aspects of the Retrospect product line and business going forward.
Retrospect will be part of the Roxio Division of Sonic, a leader in digital media software. Adding to our broad range of products for content creation and management capabilities for businesses and individuals, Retrospect plays a critical role in expanding the Roxio business in the backup category. We understand that backup and recovery is critical to both your business and to your customers, and the Retrospect product line significantly enhances our ability to meet these needs.
Their use of sandbox is really over and above what we’ve seen from any other vendor. Each installation contains 3 distinct sandbox profiles (currently I have 4.0.249.49 and version 5.0.342.9 although mileage here may vary according to updates), each profile allowing access to only files and resources that are absolutely necessary to complete the task that the process that leverages them requires. You can see the specific resources that are accessible by looking at these profiles. The profiles are located at:
You can then edit the profiles easily. For example, if you want to enable debug logging for sandbox, etc. This allows you transparency into what Chrome is doing but also allows you to further tighten security. Although, they have really taken their time to secure Chrome well and locked things down, so we doubt much further restriction is necessary or really possible. Overall, Chrome provides a great example of taking sandbox to the next level and extending it much more into the applications with graphical user interfaces than we’ve seen it extended to thus far.
For those who have had issues with Samba saving to file shares hosted on Windows Server, EMC or NetApp targets from within Microsoft Office (amongst other minor issues), you’ll be happy to note that Mac OS X 10.6.3 and Mac OS X Server 10.6.3 are now available for download. You can run softwareupdate to pick up the updates, or to download the updates manually see the links below:
318 has decided to open source our ASR Setup Tool under GPLv3. The tool can now be found at http://asrsetup.sourceforge.net. The ASR Setup Tool is built as a wrapper for the asr command line suite from Apple. The description from SourceForge:
Developed by 318 Inc., ASR Setup Toll is an application for setting up Apple Software Restore (“ASR”). In the context of the ASR Setup Tool, ASR is used for setting up a multicast stream that can then be leveraged for imaging Mac OS X computers.
For what it’s worth, we take ours from the command line. It helps keep proper track of the names screens. Simply open up a terminal window on a remote server via Apple Remote Desktop (ARD) and run the following command:
sleep 3; screencapture -iw ~/Desktop/filename.png
When you run that full string as a command you’ll have 3 seconds after hitting enter to highlight your target window, at which point your cursor will switch to the photo in window selection mode. Alternatively, you can run:
sleep 3; screencapture -iwc
Which will capture the picture to the remote machines clipboard (and can then be copied via ARD, and opened in Preview (File->new from clipboard).
For those of us who thought that the Final Cut Server 1.5.1 update was just a couple of minor bug fixes, there’s a little more than meets the eye. If you run /Library/Application Support/Final Cut Server/Final Cut Server.bundle/Contents/MacOS/fcsvr_client then you’ll note that there are a few fun new features. While there hasn’t been enough time to thoroughly put the new options through their paces, we do hope to do further reporting on them as we become more comfortable with leveraging them for automations. Stay tuned!
If you’re using the ATTO card along with Snow Leopard then the 2.41MP driver on their website is compatible with 10.6, but they have yet to update the website to reflect that it is. These are the drivers for 42ES coupled with the EMC Clarion system: http://attotech.com/product.php?model=80
You may want to check with Tech Support, but it appears the latest 10.5 drivers will work with 10.6
Mac OS X 10.6.2 Server is now available. This update represents a great step for environments that have either already made to, or are preparing/planning the upgrade to, Snow Leopard Server. In this update, Apple addresses the following issues (from Apple.com):
adding and removing imported users in Server Preferences
synchronizing Portable Home Directory content
using iCal web interface within select time zones
previewing and capturing dual-source video in Podcast Capture
server-side filtering of incoming mail messages
using chained digital certificates for mail services
creating images with System Image Utility
automating installation of NetRestore images
preventing brute force password attacks
using sudo command with authenticated Open Directory binding
binding to Active Directory domains with invalid service records
creation of mobile accounts for Active Directory users
correcting a problem that would cause the Software Update cache to grow excessively
There are a number of messaging solutions that allow for automated message archiving. Message archiving can save space, while freeing up valuable resources and can also help to maintain Sarbanes-Oxley compliance (as well as achieve a number of other objectives). But not all messaging solutions allow for automated archival. Enter Mail Archiva into the picture.
Mail Archiva is an open source project aimed at bringing messaging archival to Microsoft Exchange, Zimbra, Mac OS X Server, Postfix, SendMail, IpSwitch, Axigen and a number of other messaging servers.
If you are in need of mail archival then feel free to reach out to us for more information on Mail Archiva today!
The vm_stat command in Mac OS X will show you the free, active, inactive, wired down, copy-on-write, zero filled, and reactivated pages for virtual memory utilization. You will also see the pageins as well as pageouts. If you wish to write these statistics routinely then you can use the vm_stat command followed by an integer. For example, to see the virtual memory statistics every 5 seconds:
Apple has released a new Mac mini that retails for $999. You might be thinking that $999 is just a little bit high for a Mac mini – and you would be right, that is, if it didn’t come with Mac OS X Server. The combination of the price point, the hardware and the software make the new Mac mini with Mac OS X Server a perfect purchase for small businesses and servers geared for use as specific utility servers!
The new Mac mini server comes with no optical drive, which is great because instead you get a pair of internal drives that can be setup in a RAID to protect your data! The server also comes with 802.11n, Ethernet and bluetooth – allowing a variety of uses.
Call 318 today for more information on this great new product from Apple!
10.6 has introduced the use of Greylisting as a spam prevention mechanism. In short, it denies the first attempt for an MTA to deliver a message, once the server tries a second time (after an acceptable amount of delay, proving it’s not an overeager spammer), it can be added to a temporary approval list so future emails are delivered without a delay.
The problem with this is many popular mail systems, including gmail, don’t exactly behave as expected, so the messages may take hours before they are delivered. To get around this, the people championing greylisting suggest maintaining a whitelist of these popular, but ‘non standard’ mail servers, allowing them to bypass the greylist process entirely and accepting the messages the first time around. The other problem is for companies that send mail through mxlogic and other similar services, the mail is sent from the first available server, potentially causing delayed because they were being sent by a different mxlogic box each time.
The problem with this under 10.6 is there is no gui or interface to inform you that greylisting is enabled (it gets turned on when you enable spam filtering), and so it just takes forever for messages to hit your inbox. You can start managing the whitelist / greylist system, or you can just turn it off:
Have you struggled with Open Directory backups? Do you open up Server Admin and click on the Archive button when an alarm in your calendar tells you to do so? Well, we’re gonna’ help you out then. We’re going to automate backing up your Open Directory. We’re going to invoke the backups through launchd and we’re going to keep them for an amount of time you determine and automatically prune the old ones. We’re going to let you choose the location to store them and the password to unlock them. And we’re going to let you do all this through a graphical package called the 318 Auto Archiver.
Originally written for our own staff we now open it up to you as well.
318 is proud to announce that we will have 3 speakers doing a total of 4 sessions at the upcoming MacWorld Conference & Expo in San Francisco in February. Speakers will be Beau Hunter, Zack Smith and Charles Edge.
We will also be announcing some events as the conference gets closer. If you are planning to attend then you can sign up here. We hope to see you there!
Virtual Private Networks, abbreviated “VPN” is technology that that allows users to connect from one place to another securely. What makes it secure is that the connection between point A and point B is encrypted. An encrypted tunnel is built between Point A and Point B, and then data is passed through that tunnel.
VPN’s come in many different types (protocols). Some of the most common include the following:
PPTP
Often called “dial up VPNs”, it technically extends the functionality of PPP. It was originally started by Microsoft, US Robotics, Ascend Communication, 3Com, and ECI Telematics. Their first draft of their IETF document for the protocol extension was submitted in June, 1996. The protocol extension is supported by Linux, Mac and Windows workstations.
Current versions of all three operating systems include the VPN Client application pre-installed in the operating system. All three operating system server versions can also be setup to allow PPTP connections. A Microsoft Routing and Remote Access Server (RRAS) typically uses Microsoft Point to Point Encryption (MPPE) which is based on RSA RC4 and supports up to 128 bit encryption.
IPSec
IPSec is short for Internet Protocol Security. It works on Layer 3, and is often called “Site to Site VPN”. It is usually used to connect one LAN to another LAN, most times using two hardware VPN units at each side communicating with each other. It can also be used to connect a workstation to the corporate LAN, typically using proprietary software from the VPN manufacturer/developer (although you can sometimes use the built in software in the operating system – as is the case with Windows). The protocol can function in two modes (Transport and Tunnel) and provides end to end security by authenticating and encrypting the packets between parties. It can support up to 168bit encryption with 3DES.
SSL VPN
SSL VPN is a type of VPN that allows communication to happen over https via web browsers. The main advantage of SSL VPN is that no additional client software is required besides a web browser. Since no software needs to be installed on a computer, a user can access the corporate network via VPN from just about any computer (i.e, Public Computer, kiosk, etc.). The disadvantage is that because it tends to make the applications you would normally use a web type of application, you often lose some of the intended user experience of those converted applications.
L2TP
L2TP is short for Layer 2 Tunneling Protocol. It doesn’t do any encryption on it’s own, and is often used in conjunction with IPSec (L2TP/IPsec VPN). The biggest thing to remember about L2TP is that it allows more types of applications to communicate through the VPN connection that otherwise are not supported in a standard IPSec implementation.
In a nutshell, deciding which VPN protocol to implement depends on your budget, the hardware that you have, what will be connecting (workstation/user, or LAN to LAN) and the ease of use. Please feel free to contact us, and we will be happy to help plan out your VPN infrastructure, or answer any questions that you may have.
Firefox has a number of preferences. Not all are available in the GUI. To access these preferences, you can simply open Firefox and type the following in the address bar:
about: config
This will allow you to customize preferences, whether or not they’re otherwise known, line by line. These can then be copied between users, by inserting lines into the preferences file.
Like with most applications on Mac OS X, the preferences for Firefox can be deployed en masse. It is a bit more complicated than deploying preferences for some other applications. The reason for this is that the path to the preference file isn’t the same for all users. The file is located in the ~/Library/Application Support/Firefox/Profiles directory. It is an 8 character string followed by .default. For example, lzwntwo9.default. In this folder is a file called prefs.js, which contains all of the preferences for Firefox. For example, the following line will disable the check for whether you wish Firefox to be the default web browser for a user:
Once you know what preferences you’d like to push out there are two options to do so (there might be more, but these are the two we’ve used):
The first is to edit items in the Firefox.app bundle. Most of these can be edited using the /Applications/Firefox.app/Contents/MacOS/defaults/profile/prefs.js file, although the home page will be set using the /Applications/Firefox.app/Contents/MacOS/browserconfig.properties file. One note is that when you go to customize the prefs.js file it will give you a fairly nasty warning, but then it will push changes out to new accounts; however, don’t make any changes while the application is open. Additionally, this method requires deleting the existing preferences, so if you simply want to push out updates you’ll need to resort to the second method.
For the second method, we look at a script that finds the name of the directory located in ~/Library/Application Support/Firefox/Profiles for the user (or all users for computer-based policies) of the system. We then set that as a variable. For example, using the output of ls ~/Library/Application\ Support/Firefox/Profiles/ as a variable called FFPREFSFOLDER would then be used to alter the contents of the js file using ls ~/Library/Application\ Support/Firefox/Profiles/$FFPREFSFOLDER/prefs.js as the actual path of the file for a user.
Now you can insert (or replace) the line that makes up the specific preference. This isn’t nearly as clean as using defaults to push out Safari preferences. But it does provide a way to push out Firefox preferences, be it as a file drop to replace the preferences in the application bundle or as a line edit to alter settings of an existing users browser.
Performing replication between physical locations is always an interesting task. Perhaps you’re only using your second location for a hot/cold site or maybe it’s a full blown branch office. In many cases, file replication can be achieved with no scripting, using off the shelf products such as Retrospect or even Carbon Copy Cloner. Other times, the needs are more granular and you may choose to script a solutions, as is often done using rsync.
However, a number of customers have found these solutions to leave something to be desired. Enter File Replication Pro. File Replication Pro allows administrators to replicate data between two locations in a variety of fashions and across a variety of operating systems in a highly configurable manner. Furthermore, File Replication Pro provides delta synchronization rather than full file copies, which means that you’re only pushing changes to files and not the full file over your replication medium, greatly reducing required bandwidth. File Replication Pro is also multi-platform (built on Java), allowing administrators to synchronize Sun, Windows, Mac OS X, etc.
If you struggle with File Replication issues, then we can help. Whatever the medium may be, give us a call and we can help you to determine the best solution for your needs!
Shared memory is a method of inter-process communication (IPC), where two processes communicate with each other through shared blocks of RAM. Because communication is resident in RAM, shared memory allows for very fast communication between processes. There are significant drawbacks to shared memory; one obvious limitation is that all communicating processes must exist on the same box. Additional complexities with the implementation of shared memory means that it is typically relegated to lower-level, performance oriented systems, such as databases or backup systems.
In OS X, these settings MUST be tweaked if you are expecting to backup significant amounts of data with any semblance of speed or stability. I can confirm that both TiNa and NetVault use shared memory for IPC. Other products such as Retrospect or PresStore utilize other IPC methods, such as named pipes.
kern.sysv.shmall
shmall represents the maximum number of pages able to be provisioned for shared memory. It determines the total amount of shared memory that the system can allocate. To determine total system shared memory, multiply this value by the size of the page file. The page file size can be determined via `vm_stat` or `getconf PAGE_SIZE`. A typical page size is 4KB, 4096 bytes.
In OS X, Apple uses extremely conservative settings for shmall. At 1024, OS X defaults to only 4MB of shared memory.
kern.sysv.shmseg
shmseg represents the maximum number of shared memory segments each process can attach. Default in OS X is 8.
kern.sysv.shmmni
shmmni limits the number of shared memory segments across the system, representing the total number of shared memory segments. Default in OS X is 32.
kern.sysv.shmmin
shmmin is the minimum size of a shared memory segment, this should pretty much never need modification. Default is 1.
kern.sysv.shmmax
shmmax is the maximum size of a segment. Default in OS X is 4 MB, 4194304.
Simply add the strings that you don’t want to back up and it will no longer back up those locations. Remove the strings to re-add them at a later date.
In the UserPathsExcluded key, you can exclude paths that in relation to users home directories.
Software Update Services allow your server to cache updates from Apple and then redistribute them to clients within your organization. Now, this is going to greatly cut down on the amount of bandwidth consumed when new software patches are released. But if you have a large distributed organization you might want to have multiple Software Update Servers daisy-chained together in a cascade to download updates from each other and provide updates to sets of clients (maybe they’re geographically separated or you just have too many clients to provide updates to for just one server). Cascading the Software Update Services would further conserve bandwidth in your environment if you have multiple Software Update Servers.
In order to cascade Software Updates from one server to another you would first setup your first Software Update Server. Let’s say that we set it up as SUS1.domain.com and set it to run on port 8080. Next you would setup your second server (let’s call it SUS2.domain.com) and edit the “metaindexURL” key (by default it’s set to be swscan.apple.com) of the file, /etc/swupd/swupd.plist. So you would change the key to be SUS1.domain.com/content/meta/mirror-config-1.plist.
There are two types of services that launchd manages:
launch daemons can run without a user logged in. launch daemons cannot display information using the GUI. launch daemon configuration plist files are stored in the /System/Library/LaunchDaemons folder (for those provided by Apple et al) and /Library/LaunchDaemons (for the rest)
launch agents run on behalf of a user and therefore need the user to be logged in to run. launch agents can display information through the window server. As with launch daemons, launch agent configuration plist files are stored in the /System/Library/LaunchAgents and /Library/LaunchAgents. User launch agents are installed in the ~/Library/LaunchAgents folder.
