Network Architecture « 318 Tech Journal

Archive for the ‘Network Architecture’ Category

Final Cut Server EOL’d – What do we do now?

Friday, December 9th, 2011

318 has been working to provide our clients with a strategy to replace Final Cut Server, now that FCS has been EOL’d by Apple. We are proud to announce a comprehensive strategy and solution in the form of CatDV Enterprise Server and Client, by Square Box Systems, LTD.

The first question should always be, “Do we need to implement a new solution?” In many cases, and at least for now, the answer may be “No, not yet.” There will come a time, however, when the needs of the workflow, software, hardware, or some other factor will necessitate a new Digital Asset Management (DAM) System implementation.

Once the decision has been made to deploy a new DAM, many additional questions will arise. How do we keep our metadata intact? Can we re-use our clip and edit proxies? How do we keep our current automations? 318 can work with you to address these issues. We are asking ourselves the same questions with an eye towards minimizing the hassles associated with migrating such a major piece of infrastructure.

318 has spent the last year evaluating many of the DAM solutions in the marketplace, with an emphasis on whether or not the solution is an appropriate replacement for Final Cut Server in terms of cost, functionality and scalability, and after many internal discussions, CatDV best matched these criteria. In terms of cost, CatDV is one of the most affordable solutions in the marketplace. In terms of functionality, CatDV matches or exceeds the functionality of Final Cut Server. In terms of scalability, CatDV far exceeds the capabilities of Final Cut Server.

The final link in the chain is migrating data and recreating workflows from Final Cut Server to CatDV. 318 has the facility and ability to migrate your metadata with a minimum of user intervention. We also have the ability to analyze your Final Cut Server workflows and re-create the functionality in CatDV, including shell scripting and highly customized workflow integrations for ingest and archive.

We are a CatDV authorized reseller, and have staff trained by CatDV personnel. 318 stands ready to spec, deploy, configure and maintain your CatDV solution and help you with the transition from your Final Cut Server to CatDV. Please don’t hesitate to contact us for a demo and discussion of what CatDV can do for your video workflows.

Finally, 318 is working with other vendors to continue expanding our portfolio of SAN and DAM solutions. Keep on the lookout for what will hopefully be a few other additions once our thorough vetting process has been completed! If you would like further information on any of this, please feel free to contact your Professional Services Manager or sales@318.com if you do not yet have one.

Tags: CatDV, final cut server
Posted in Editorial, Network Architecture, Xsan | Comments Off

Building a Mac and iOS App Store Software Update Service

Wednesday, November 9th, 2011

Let’s say you run a network with a large number of Mac OS X or iOS (or, more likely, both) devices. Software Update and the two App Stores (Mac App Store and iOS App Store) make keeping all those devices up-to-date a pretty straightforward process. They are a huge improvement compared with the rather old-fashioned practice of looking through applications, visiting the web site for each one and manually downloading updated versions. When updating two or more similar machines, of course, one only needed to download the updated version once, then copy it to each other machine. Better, but a process that when performed across a lot of machines requires a lot of work.

However, even though the App Store and Software Update Server in Mac OS X Server make things easier, there’s no simple way to download things once and distribute the downloaded files to multiple machines for items purchased on the App Store. When large updates come out (such as a new version of iOS), you’re essentially downloading huge amounts of data to each and every machine, and if machines are set to automatically download updates, you could even have a large number of them downloading simultaneously.

Of course you can run your own Software Update service in Mac OS X Server, but this requires that every client machine be configured to use the local server. This works well for machines under your control, but for all those people who bring in their own laptops this doesn’t help.

What’s worse is that there’s currently no way whatsoever to run a Software Update-like service for App Store purchases. Imagine if you have a lab of dozens or hundreds of Macs with Final Cut X or iPads (or iPhones, iPod Touches, whatever comes out next with iMovie or ). Any time there’s an update you’re potentially downloading over a gigabyte per machine in the case of Final Cut X or 70 megabytes or so in the case of iMovie. That can easily add up to a tremendous amount of traffic and the congestion, complaints and headaches which go with it..

What’s needed is an easy way to cache App Store downloads. While we’re at it, it would also be nice to transparently have machines use our own Software Update server. Let’s be even a little more ambitious and do this without needing Mac OS X Server. Aw, heck – let’s make it work on any reasonably Unix-like OS.

So how do we do this? The App Stores and Software Update services use http for fetching files. So what we need to do is to capture those http requests and either redirect them to a local store of Software Update files or locally cached App Store files.

Just as an aside, it’d be tremendously difficult to create a local store of App Store files if for no other reason than the fact that there are currently more than half a million applications. Add to this the rate at which updates become available and your machine would probably never be finished attempting to download all of the applications! Considering this, we’re looking at running Apache and squid on our Unix-like machine and doing a little redirection magic on whatever device does NAT or routes for us.

Note: There’s no reason that the same machine can’t do both NAT/routing and Apache/squid, although in most environments we are assuming that the machine would simply be a proxy for Mac or iOS-based devices. To make this example end-to-end though, we’ll run the router on the host.

Our example uses a Mac OS X (non-Server) machine running Leopard which is doing both NAT and running our Apache and squid software. We’re simply using the Internet Sharing service, the public network interface is en0 (which we don’t use anywhere) and the interface which will serve our iOS and Apple clients is en1 and has the address 10.0.2.1.

Everyone has their own favorite way of installing software on Unix-like OSes and a discussion about which is best and why would certainly be outside the scope of this article. In these examples we’re using NetBSD’s pkgsrc for no other reason than the fact that it will compile packages from source with a base directory which is easily configurable (feel free to use ports or some other automated tool according to what platform you are using). Get pkgsrc (usually via cvs; we’ll assume it’s put into /usr which can be as simple as:

cd /usr ; setenv CVSROOT :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot ; cvs checkout -P pkgsrc

And then run /usr/pkgsrc/bootstrap/bootstrap like so:

cd /usr/pkgsrc/bootstrap/ ./bootstrap --prefix /usr/local --pkgdbdir /usr/local/var/db/pkg --sysconfdir /usr/local/etc --varbase /usr/local/var --ignore-case-check

This puts all files into /usr/local including logs and configuration files, so keeping your system clean is simple and keeping track of the differences between built-in and pkgsrc software is easy. Next, install pkgsrc’s www/squid and www/apache (and net/wget if your Unix doesn’t already have it):

cd /usr/pkgsrc/www/squid bmake update cd /usr/pkgsrc/www/apache22 bmake update cd /usr/pkgsrc/net/wget bmake update

Note that on systems like Mac OS X which come with GNU make by default, that pkgsrc uses bmake; if you have BSD make already, just use make. Another note is that /usr/local/sbin is not in Mac OS X’s path by default, so add /usr/local/sbin to /etc/paths if you’re going to use it.

Now that the software is installed in consistent locations we can configure it. The squid.conf file only needs one line to be changed; everything else is added. Find the line which says:

http_port 3128

And change it to:

http_port 3128 intercept

Then add the following lines:

maximum_object_size_in_memory 4096 KB cache_replacement_policy heap LFUDA cache_dir ufs /usr/local/var/squid/cache 16384 16 256 maximum_object_size 2097152 KB refresh_pattern -i .ipa$ 360 90% 10800 override-expire ignore-no-cache ignore-no-store ignore-private ignore-reload ignore-must-revalidate refresh_pattern -i .pkg$ 360 90% 10080 override-expire ignore-no-cache ignore-no-store ignore-private ignore-reload ignore-must-revalidate acl no_cache_local dstdomain 10.0.2.1 cache deny no_cache_local redirect_program /usr/local/bin/rewrite.pl

These settings are chosen to cache large files up to 2 gigabytes in size in a 16 gig cache on disk and to ignore cache directives with regards to .pkg and .ipa files. Adjust to your own liking. Of course, replace 10.0.2.1 with the private IP of your machine. The cache deny with that address is used to make sure that redirected Software Update files are not cached in squid which would just take up room which better used for App Store files.

The URL rewriting script (create /usr/local/bin/rewrite.pl) just changes Apple Software Update URLs to point to our server:

#!/usr/bin/env perl $|=1; while (<>) { s@http://swscan.apple.com@http://10.0.2.1/swscan.apple.com@; s@http://swcdn.apple.com@http://10.0.2.1/swcdn.apple.com@; s@http://swquery.apple.com@http://10.0.2.1/swquery.apple.com@; print; }

Next we configure Apache. The location you choose for the Software Update files can be anywhere (in our example, they’re on a FireWire attached drive mounted at /Volumes/sw_updates/) which needs to be allowed in the Apache configuration.

Add to /usr/local/etc/httpd/httpd.conf:

Options Indexes FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

</Directory>

ServerAdmin hostmaster@318.com

DocumentRoot “/Volumes/sw_updates”

ErrorLog “/usr/local/var/log/httpd/swupdate_error_log”

CustomLog “/usr/local/var/log/httpd/swupdate_access_log” common

</VirtualHost>

The log lines are purely optional. If you don’t add them, logs will still be written at /usr/local/var/log/httpd/access_log and error_log.

Next, we configure ipfw (in the case of Mac OS X or FreeBSD) to redirect all port 80 traffic transparently to our squid instance. If you’re using a different device for NAT/routing or different firewalling software such as ipfilter, see the examples listed below.

ipfw add 333 fwd 10.0.2.1,3128 tcp from any to any 80 recv en1

Note that on Snow Leopard and Lion you’ll need to make this change, too:

sysctl -w net.inet.ip.scopedroute=0

ipfilter would look like this for the same ipfw task from above (if you’re using Linux):

rdr en1 0.0.0.0/0 port 80 -> 10.0.2.1 port 3128 tcp

Again, the local private IP is 10.0.2.1 and the local private interface is en1; substitute your IP and interface.

Finally, we need to mirror all Apple Software Updates. A simple shell script can do this. Save this file somewhere (named mirror_swupdate.sh, for instance) and run it from cron now and then, perhaps once a night:

#!/bin/sh

location=$1 # This is the root of our Software Update tree mkdir -p $1 cd $1

for index in index-leopard-snowleopard.merged-1.sucatalog index-leopard.merged-1.sucatalog index-lion-snowleopard-leopard.merged-1.sucatalog do wget --mirror http://swscan.apple.com/content/catalogs/others/$index

for swfile in `cat swscan.apple.com/content/catalogs/others/$index | grep "http://" | awk -F">" '{ print $2 }' | awk -F"<" '{ print $1 }'` do echo $swfile wget --mirror "$swfile" done done
Invoke this with the top of the tree of your Software Update files as you’ve used in the Apache config, like so:

./mirror_swupdate.sh /Volumes/sw_updates

Expect this to run for a long time the first time you run this because you’ll be downloading around 60 gigabytes of updates. Every time it runs afterwards, though, files won’t be downloaded again unless they change (which they won’t; new updates will show up as new files).

Start squid and Apache, then tail your Apache log and run Software Update to test:

/usr/local/share/examples/rc.d/apache start /usr/local/share/examples/rc.d/squid start tail -f /usr/local/var/log/httpd/swupdate_access_log

At this point, you can redirect your software updates to the host. Updates for both the Mac App Store and iOS are also now cached. In the next article we’ll look at using some squid extensions to enable you to block applications from the App Stores or block updates in the event that an update is problematic.

Tags: blind proxy, iOS app store, iPad updates, iPod updates, itunes, Mac App Store, proxy, software update, software updates, swupdate
Posted in Mac OS X, Mac OS X Server, Mass Deployments, Network Architecture | Comments Off

Creating an Access List on a Cisco ASA

Tuesday, November 8th, 2011

Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a router. You can configure access lists on your ASA router to control access to a network: access lists can prevent certain traffic from entering or exiting a network. You can do this by port or IP address.

The access control list (ACL) methodology on the Cisco ASA is interface-based. Therefore, each interface must have a specified security level (0-100), with 100 being most secure and 0 being least secure. Once configurations are in place, traffic from a more secure interface is allowed to access less secure interfaces by default. Conversely, less secure interfaces are blocked from accessing more secure interfaces.

Some common commands used to configure Cisco ASA interfaces include:

nameif – used to name the interface
security-level – used to configure the interface’s security level
access-list – used to permit or deny traffic
access-group – applies an ACL to an interface

We can configure an access list to permit or deny traffic, based on a specific port or protocol. With deny-by-default, everything is automatically blocked and must be explicitly allowed (on Routers it is the opposite where everything is allowed and you have to deny ports or protocols to block them).

Let’s say we want to configure an ACL on an ASA to permit all FTP traffic from any host to 192.168.1.10. To do this, we must input the following ACL:

ASA(config)# access-list OUTBOUND permit tcp any host 192.168.1.10 eq ftp

Now let’s say we want to configure an ACL on an ASA to deny all FTP traffic from any host to 192.168.1.10. To do this, we must input the following ACL:

ASA(config)# access-list OUTBOUND deny tcp any host 192.168.1.10 eq ftp

Access lists are also used in defining rate limit’s when defining QOS settings. Here is a helpful guide to assist in choosing the right number to associate to an ACL:

Protocols with Access Lists Specified by Numbers

Protocol Range
IP 1-99, 1300-1999
Extended IP 100-199, 2000-2699
Ethernet type code 200-299
Ethernet address 700-799
Transparent bridging (protocol type) 200-299
Transparent bridging (vendor code) 700-799
Extended transparent bridging 1100-1199
DECnet and extended DECnet 300-399
XNS 400-499
Extended XNS 500-599
AppleTalk 600-699
Source-route bridging (protocol type) 200-299
Source-route bridging (vendor code) 700-799
IPX 800-899
Extended IPX 900-999
IPX SAP 1000-1099
Standard VINES 1-100
Extended VINES 101-200
Simple VINES 201-300

Tags: Access Lists, ASA, cisco, Networking
Posted in Network Architecture | Comments Off

OmniGraffle Tips & Tricks

Tuesday, December 1st, 2009

Here are some great OmniGraffle Tips and Tricks!

Tags: 318, graffle, OmniGraffle, Tips and Tricks
Posted in General Technology, Mac OS X, Mac OS X Server, Network Architecture, Scripts | Comments Off

ATTO Fibre Channel + Snow Leopard

Tuesday, November 24th, 2009

If you’re using the ATTO card along with Snow Leopard then the 2.41MP driver on their website is compatible with 10.6, but they have yet to update the website to reflect that it is. These are the drivers for 42ES coupled with the EMC Clarion system:
http://attotech.com/product.php?model=80

You may want to check with Tech Support, but it appears the latest 10.5 drivers will work with 10.6

Tags: ATTO, Snow Leopard, Storage
Posted in Mac OS X Server, Network Architecture | Comments Off

The VPN

Wednesday, September 23rd, 2009

Virtual Private Networks, abbreviated “VPN” is technology that that allows users to connect from one place to another securely. What makes it secure is that the connection between point A and point B is encrypted. An encrypted tunnel is built between Point A and Point B, and then data is passed through that tunnel.

VPN’s come in many different types (protocols). Some of the most common include the following:

PPTP

Often called “dial up VPNs”, it technically extends the functionality of PPP. It was originally started by Microsoft, US Robotics, Ascend Communication, 3Com, and ECI Telematics. Their first draft of their IETF document for the protocol extension was submitted in June, 1996. The protocol extension is supported by Linux, Mac and Windows workstations.

Current versions of all three operating systems include the VPN Client application pre-installed in the operating system. All three operating system server versions can also be setup to allow PPTP connections. A Microsoft Routing and Remote Access Server (RRAS) typically uses Microsoft Point to Point Encryption (MPPE) which is based on RSA RC4 and supports up to 128 bit encryption.

IPSec

IPSec is short for Internet Protocol Security. It works on Layer 3, and is often called “Site to Site VPN”. It is usually used to connect one LAN to another LAN, most times using two hardware VPN units at each side communicating with each other. It can also be used to connect a workstation to the corporate LAN, typically using proprietary software from the VPN manufacturer/developer (although you can sometimes use the built in software in the operating system – as is the case with Windows). The protocol can function in two modes (Transport and Tunnel) and provides end to end security by authenticating and encrypting the packets between parties. It can support up to 168bit encryption with 3DES.

SSL VPN

SSL VPN is a type of VPN that allows communication to happen over https via web browsers. The main advantage of SSL VPN is that no additional client software is required besides a web browser. Since no software needs to be installed on a computer, a user can access the corporate network via VPN from just about any computer (i.e, Public Computer, kiosk, etc.). The disadvantage is that because it tends to make the applications you would normally use a web type of application, you often lose some of the intended user experience of those converted applications.

L2TP

L2TP is short for Layer 2 Tunneling Protocol. It doesn’t do any encryption on it’s own, and is often used in conjunction with IPSec (L2TP/IPsec VPN). The biggest thing to remember about L2TP is that it allows more types of applications to communicate through the VPN connection that otherwise are not supported in a standard IPSec implementation.

In a nutshell, deciding which VPN protocol to implement depends on your budget, the hardware that you have, what will be connecting (workstation/user, or LAN to LAN) and the ease of use. Please feel free to contact us, and we will be happy to help plan out your VPN infrastructure, or answer any questions that you may have.

Tags: L2TP, PPTP, SSL, VPN
Posted in Mac OS X, Mac OS X Server, Network Architecture, Security, Windows | Comments Off

Google Apps and BlackBerry

Friday, May 15th, 2009

Google Apps has taken another step towards the capacity for enterprise integration. Google Apps Connector for BlackBerry Enterprise Server will be available in July. Google was fairly quick to release a product that allowed for interaction with the iPhone and has recently added an ActiveSync option to connect to their mail services, allowing for the synchronization of contacts, mail and calendars to devices running Windows Mobile and the iPhone. This additional step simply completes offering up Google Apps to the major smartphones on the market. And with recent directory services integration offerings, Google Apps seems more than ever like a viable option in the enterprise space.

As partners of Research in Motion, Microsoft and Apple, 318 would be happy to work with you to formulate a unified strategy for managing, application development and application delivery for your mobile enterprise – no matter the platform.

Tags: activesync, blackberry, google apps, rim, smartphone
Posted in Mac OS X, Mass Deployments, Network Architecture, Web Development | Comments Off

Citrix Receiver for iPhone

Wednesday, May 13th, 2009

Deploying the iPhone into the enterprise has a number of pain points. Two that we continue to hear are a lack of full disk encryption and developing software. For environment who cannot obtain enterprise developer accounts, we also continue to work through problems with regard to application provisioning. Many companies are also getting tired of trying to deploy applications to too many operating systems. One answer we’ve taken for some of this is to introduce web-based applications with small wrappers around them that are specific to each application/device. But Citrix has stepped up and released Citrix Receiver for iPhone and Dazzle.

Within the Citrix product line you will now be able to provision a thin client-based application and achieve the agility that business units want without the commitment to a specific platform. This means that if your users want Windows Mobile or an iPhone you can publish an application, tailored to their screens and with Dazzle, you can give them the option to choose which applications they want to access, making application provisioning easier for many environments. Because a thin client leaves all of its data on the server, the lack of full disk encryption becomes less of an issue with the iPhone as you can choose to sandbox your business critical data into thin client environments. And finally, you can go to market with solutions that can enhance your business faster in many cases, by leveraging existing efforts and resources.

Overall, we’re happy to add Citrix Receiver in our own portfolio of product offerings. We can now go into any development opportunity with even more options: begin a new application (fat client), deploy a mobile-specific web-based application or bring a thin client solution to the table. From an application lifecycle, being able to look at the iPhone in a similar fashion to how we look at Microsoft Windows and Mac OS X is key to maximizing the capacity an organization towards their the business potential.

Tags: citrix, iPhone
Posted in Mac OS X, Network Architecture, Web Development | Comments Off

10, 40, 100 and 1,000 Gigabit Ethernet

Thursday, April 30th, 2009

Bob Metcalfe should be proud. from 3 whole megabits at inception in 1973, ethernet has gone to 10 megabits then 100 and to the desktop is currently sitting at predominantly gigabit speeds. But in the data center, a push towards 10 gigabit ethernet deployments has been going on since 2002. One of our favorite products is the Cisco Catalyst 4948, which has two 10 gigabit ports and 48 gigabit ports, allowing for a couple of servers at 10 gigabit or stacking as a core switch in a medium sized organization.

Of course, as an industry addicted to speed, 10 gigabit ethernet simply isn’t going to be enough; 40 gigabit and 100 gigabit ethernet products are already being announced, although primarily in stacking switching fabrics together. While the standard for 40 gigabit network has not exactly been ratified, we’ve been seeing a number of products coming out onto the market and standardization by the IEEE is expected in 2010 for 40 and possibly 100 gigabit networking.

The barrier from 100 and is expected to take a little less time than the 7 to 8 year window between when 10 gigabit was released and an expected 40/100 gigabit ethernet. Terabit networking is expected by 2015, which means that those 10, 40 and 100 gigabit interfaces will not be outdated all that quickly, providing a nice return on the investment.

Overall, 10 gigabit and up can be fairly costly (although with a 40 gigabit release, expect 10 gigabit products to come down in price a bit). However, it can increase the performance of a network environment exponentially when used in the proper locations and with a comprehensive strategy in place. 318 has experience with 10+ gigabit networking and can help in devising such a strategy. Feel free to contact us and we will be happy to review options and potential uses for your organization.

Tags: 10 gigabit ethernet, 100 gigabit ethernet, 40 gigabit ethernet, terabit ethernet
Posted in Network Architecture | Comments Off

VMware vSphere 4 is Here!

Thursday, April 23rd, 2009

At a VMUG meeting in Minneapolis in December, VMware employees mentioned that Virtual Infrastructure would be getting a new name, vSphere. A few days ago, VMware officially announced vSphere, the successor to the Virtual Infrastructure (VI) product line. VMware is hailing vSphere as the first true cloud-based operating system, hoping to capitalize on the hype that surrounds cloud computing.

VMware has had products available for years that allow administrators to cluster resources and place virtual machines on a virtualized abstraction layer that spans multiple hosts, pooling RAM, CPU and other system resources. When we had heard there was a raging debate about whether a private cloud was possible, we immediately though of all of our successful implementations of the VI product. vSphere is designed from the ground up to sit on low cost and energy efficient computing resources and allow for the flexible deployment of systems onto the cluster. This allows organizations ranging from small businesses to enterprise, from education to government to deploy new data protection and high availability resources, to pool IT assets in a manner not previously available.

The key components of vSphere all not all new. ESX and ESXi are the hypervisor. These sit on the physical machines (aka the Hosts) and build the virtualization layer. Sitting on top of the hypervisors is vCenter Server, which allows for the actual provisioning, monitoring, physical to virtual conversion process and centralized management. The vCenter Update Manager keeps all of the ESX systems updated (as well as some of the VMs themselves to help reduce the surface space of update management). The VMware High Availability piece gives failover between hosts. VMsafe is a another component that provides security APIs; while offerings from 3rd party developers are fairly immature expect this to grow rapidly as the virtualization industry moves into its next stage.

vSphere was built for microprocessers. The Nehalem and its successor, Westmere, are designed with collaboration from VMware; as such, they are built for virtualization. When you are looking to plan for a potential upgrade to vSphere, it’s important to keep in mind that each member of a vSphere cloud is going to run at the speed of the slowest host. Therefore, you will have tiers of VMware virtualized clouds, each with a class of system in it (for larger environments). The Nehalem and Westmere are designed for 8GB of RAM, so you’ll want to make sure to put plenty of memory into the cluster nodes, which have a deminishing return on investment (in terms of memory) around 120GB (so don’t be afraid of going hog wild on the memory front, those VMs need it!).

Overall, our tests of vSphere have shown a considerable performance gain for the guest operating systems running on hosts with newer hardware. Older assets have a lower impact on performance, but still have a slight upgrade. The biggest management features that we’re finding useful are an upgraded vCenter (for converting those physical systems over to virtual hosts), enhancements to Vmotion and automation. With the latest tools it is fairly straight forward to automate nearly every task using vCenter, including the deployment of new virtual machines based on templates, restarting a virtual machine and migrating them using Vmotion.

While the vSphere product may seem overwhelming at first, it begins to bring into focus a contained and mature VMware based infrastructure. There are a lot of new features; but there is bound to be a lot of marketing spin and while I’m sure it can, out of the box vSphere will not do your laundry. In order to help guide you through the planning phases of the next generation of the data center (which is after all, the true target of vSphere 4), 318 is here to provide the experience you need with regards to VMware licensing, architecture and of course support – be it with the guests, the hosts, the storage layer or the virtualization layer itself!

Tags: esx, esxi, virtualization, vmware, vsphere
Posted in Network Architecture | Comments Off

Using LCR for Exchange 2007 Disaster Recovery

Thursday, April 16th, 2009

Local Continuous Replication (LCR) is a high availability feature built into Exchange Server 2007. LCR allows admins to create and maintain a replica of a storage group to a SAN or DAS volume. This can be anything from a NetApp to an inexpensive jump drive or even a removable sled. In Exchange 2007, log file sizes have been increased, and those logs are copied to the LCR location (known as log shipping) and then used to “replay” data into the replica database (aka change propagation).

LCR can be used to reduce the recovery time in disaster recovery scenarios for the whole database, instead of restoring a database you can simply mount the replica. However, this is not to be used for day-to-day mailbox recovery, message restores, etc. It’s there to end those horrific eseutil /rebuild and eseutil /defrag scenarios. Given the sizes that Exchange environments are able to get in Exchange 2003 R2 and Exchange 2007, this alone is worth the drive space used.

Like with many other things in Windows, LCR can be configured using a wizard. The Local Continuous Backup wizard (I know, it should be the LCR wizard) can be accessed using the Exchange Management Console. From here, browse to the storage group you would like to replicate and then click on the Enable Local Continuous Backup button. The wizard will then ask you for the path to back up to and allow you to set a schedule. Once done, the changes will replicate, but the initial copy will not. This is known as seeding and will require a little PowerShell to get going. Using the name of the Storage Group (in this example “First Storage Group”) you will stop LCR, manually update the seed, then start it again, commands respectively being:

Suspend-StorageGroupCopy –identity “First Storage Group”

Update-StorageGroupCopy –identity “First StorageGroup”

Resume-StorageGroupCopy –identity “First StorageGroup”

Now that your database is seeded, click on the Storage Group in the Exchange Management Console and you should see Healthy listed in the Copy Status column for the database you’re using LCR with. Loop through this process with all of your databases and you’ll have a nice disaster recovery option to use next time you would have instead done a time consuming defrag of the database.

Tags: Continuous Backup, Exchange 2007, LCR, Storage Group, Update-StorageGroupCopy
Posted in Kerio, Network Architecture, Windows | Comments Off

EMC Celerra NX4 Defaults

Wednesday, April 15th, 2009

The EMC Celerra NX4 comes with a number of IPs (and other settings) set from the factory. The IP addressing, by default, is as follows:

Primary Internal Network – 128.221.252.100
Backup Internal Network – 128.221.253.100
Netmask 255.255.255.0
IP of Storage Processor A – 128.221.252.200
IP of Storage Processor B – 128.221.253.201
Gateway IP of Storage Processor A – 128.221.252.104
Gateway IP of Storage Processor B – 128.221.253.104

Tags: Celerra NX4, default IP address, EMC, SAN
Posted in General Technology, Network Architecture, Xsan | Comments Off

File Replication Pro Story About 318

Wednesday, March 25th, 2009

The File Replication Pro folks have published a customer success story outlining some of the ways we’re using their product. Check it out and if you have any questions about what we’re doing with it feel free to drop us a line!

Tags: File Replication pro, FRP
Posted in General Technology, Linux, Mac OS X, Mac OS X Server, Network Architecture, Windows | Comments Off

Mac OS X Server: Cascading Software Updates

Thursday, August 7th, 2008

Software Update Services allow your server to cache updates from Apple and then redistribute them to clients within your organization. Now, this is going to greatly cut down on the amount of bandwidth consumed when new software patches are released. But if you have a large distributed organization you might want to have multiple Software Update Servers daisy-chained together in a cascade to download updates from each other and provide updates to sets of clients (maybe they’re geographically separated or you just have too many clients to provide updates to for just one server). Cascading the Software Update Services would further conserve bandwidth in your environment if you have multiple Software Update Servers.

In order to cascade Software Updates from one server to another you would first setup your first Software Update Server. Let’s say that we set it up as SUS1.domain.com and set it to run on port 8080. Next you would setup your second server (let’s call it SUS2.domain.com) and edit the “metaindexURL” key (by default it’s set to be swscan.apple.com) of the file, /etc/swupd/swupd.plist. So you would change the key to be SUS1.domain.com/content/meta/mirror-config-1.plist.

Posted in Mac OS X, Mac OS X Server, Mass Deployments, Network Architecture | Comments Off