Voodoo Networks

Or more accurately, the “joy” of virtual companies.

Most of the companies that we do Managed IT Services for have domains for their Windows systems, which is a real help when trying to manage all the systems.

But one of our clients doesn’t have a domain architecture. We can’t complain about the previous IT guys not setting one up as we did the technology design for the company. It’s a completely virtual company – they only own their laptops, monitors and a couple of printers. The rest of their systems are in the cloud – hosted Exchange, file storage, CRM, Fax & Phone services, etc. And the design was intentional. They have employees that work from home, coffee shops, wherever they have an internet connection. And it’s working great for them. (And it was quick too – from nothing to up and running and producing cash flow in less than 30 days – pretty quick if you ask me. Most of those 30 days were getting contracts setup with their main backend system provider.)

However it does lead to some issues that you could fix more easily on a domain / server / LAN based system.

A great example that I’m working on this weekend is moving them from the AV system that they had been using to a new system that we provide. Using the new systems Enterprise console you are usually able to do a quick deployment of the new AV software as well as distribute a package that removes the existing AV software.

Sounds great in practice. And it usually works great too. But for some reason it just wasn’t working for me at this company.

After perusing the support forums and KB for the product, and trying about 10 different suggested “fixes”, we finally found that the issue was UAC on the Windows 7 laptops that was causing the problem. Now if we’d been using a domain based architecture, the fix would have been simple. Use a GPO to give the needed permissions to install the software. And boom, you’re done.

However, in the absence of a domain, we ended up testing a couple of methods. First was simple – logging into the workstation and reducing the UAC level to basically nothing, then rebooting and pushing the AV package. That worked great, but wasn’t exactly the best way to go. There is also a method of doing this view registry hacks, which we haven’t tried yet (that’s todays project).

The second method that we tried was pushing a built MSI of the software out to the clients, and using our scripting engine to do the installation. That worked for the initial installation, but until I get into the office this morning and check, I won’t know if that actually runs the software removal job getting rid of the old software.

All in all, not that big a deal, and one that we’ll face again I’m sure. But sometimes it does make you wish for the old school domain method of building new businesses. Or for a better security method than UAC.

Stayed tuned for the second new division of Voodoo. We’re just waiting on getting the website up and running before we really talk about it. Hopefully by the end of the weekend.

But in the meantime, I had wanted to let everyone know about a really cool feature of Voodoo MSP services.

Being part of the Voodoo Networks has benefits, and one of the best is the free consulting that we provided each of our new clients. Eight hours of Voodoo consulting is included with every new contract for MSP services.

What can you do with that consulting time?

Pretty much anything. We really want to use it to help you with your technology planning, but if that isn’t something that you want to concentrate on, we can help you with network issues, desktop consulting, finding new vendors setting up a new system, software installs, pretty much anything.

And this isn’t the low man on the totem pole consulting, this is a high level consultant with experience in IT management, system architecture and high level network consulting.

We hope you take advantage of this consulting time to figure out the best path forward for your company, with regards to technology. Or at the very least get rid of that annoying bloatware on your new computer.

After reading a brief list of tips and tricks for traveling through airports on Lifehacker.com the other day, I came up a few tips of my own. Probably nothing new, but here are my tips for traveling these days:

1) Wear a shirt with a pocket. After checking in, place your ID and your boarding pass / ticket in that pocket so it’s right to hand for going through security. Much easier than digging through pants pockets. And it keeps the boarding pass neater too.

2) While checking in, or before getting in the security line, everything else you are carrying in your pockets (plus your watch) goes into a zipped pocket on your carryon. Make sure that getting your laptop(s) out for security won’t cause your wallet / phone / watch / etc to fall out.

3) Wear slip on shoes.

4) Once past the ID check, grab 2 tubs. One for your laptop (most airports require a separate tub for your laptop), and one for your shoes / belt / jacket / toiletries.

5) Try not to get too annoyed by the people who have done none of the above and are trying to figure out what to do next. Being annoyed only ruins your trip.

6) Speaking from experience tip: Don’t put anything valuable into the xray machine until there you are sure that you can walk through the metal detector without delay (lost a laptop that way before – guy in front of me buzzed repeatedly, and his partner was long gone with my pc when I made it through).

7) Best order for putting tubs through the xray machine is clothing, laptop, carryon bag. That way you can be well into getting your belt and shoes on before your laptop and carryon show up. Carry on bags always take longer to look at going through the xray.

As for actually being on the plane, I like to leave my wallet in the carry on, after I replace my ID in it. Much better than sitting on it for hours in the worlds most uncomfortable chairs.

I do tend to keep a credit card out now for drinks / snacks / wifi payment. I like to use a greendot prepaid card for that purpose. Then it’s not a big deal if I lose it somewhere – I’m out a few bucks, but no worries about my real accounts.

In my carry on I keep my netbook in a neoprene sleeve. In the sleeve (inside or in it’s pocket) I keep the stuff that I want on the flight – netbook, pen, moleskin, candy bar, mints). I carry that sleeve, along with my noise reducing headset onto the plane out of my carry on. Carry on goes into luggage compartment, the rest fits into the seat pocket. Takes all of 5 seconds to get situated.

Getting into a good routine that fits into what is expected or needed when traveling makes it so much easier to get through airports and flights. I don’t rack up the miles that I used too, but I still fly every 10 days or so, and having a good solid plan and habits make the whole thing go much easier.

Wow – that was a long time away from posting.

I’d like to say that I have a good excuse, but other than a couple of pretty busy months, I don’t really have a good one.

But now that I’m back and posting again, expect to see regular updates, answers to questions and general commentary.

It’s good to be back.

Took a bit of time yesterday to run up to Long Beach and walk around the Energy Management Conference exhibit hall. I would have liked to attend the conference sessions, or perhaps speak at the conference, but I didn’t realize that I’d be around for it. Oh well, maybe next year.

Anyway, there were quite a few interesting concepts and ideas out there for not only monitoring power usage, but also for reducing power usage and power spending. Daylight tracking sunlights, ice based cooling systems (makes ice during the night with lower cost power, then uses the ice during the day instead of running A/C compressors), that sort of thing.

Also in attendance at the show where a few consultants who do power profiling of your business and buildings. I like the idea of that, and truthfully never really thought of doing it as a business (at least until yesterday) but being in the IT field, with a solid background in building systems, I think that Voodoo may start offering a service along those lines. Though I’d rather just do the work to fix the problems that other auditors find. And help people make better choices from the early stages of a project.

As usual though, the exhibitors that interested me the most where the control systems guys. Slowly but surely they are moving away from weird proprietary control schemes to straight IP based controls. I can’t wait until they all get to the point where IP is the control scheme, and you don’t need proprietary software to control the systems. They are so close to that now (at least some of them) that I’m excited for what I will see coming in the next year. I think that someone will finally get there. And as soon as they do I’m ready to start deploying it.

Though that does bring up the issue of security on converged networks. Something that we’ll get to shortly.

Inspired by working onsite at a contract in Los Angeles this week.

I’ve worked on a lot of other peoples networks. And while it can be entertaining, it’s rarely fun. Usually you are expected to jump in and fix the random problem that they are having within minutes, which is never a reality (except in the case of very obvious things like the power cord being unplugged).

Thankfully I’m not dealing with that this week, though I am having some fun with trying to figure out why certain things have been done, and more importantly, why things haven’t been done.

For example, the company that I’m onsite at have 2 large internet connections, one each to different carriers. What you normally would do with that – and I’m sure that was the intention here – is apply for an Autonomous System (AS) number, apply for a bank of IP addresses from ARIN, then setup those two connections to be redundant to each other, both inbound and outbound, by advertising your AS number and IP address range over the Internet.

Simple, right?

Well, actually it’s not all that simple, but it’s a pretty straightforward thing to do. In fact it’s pretty much the default configuration for large networks connected to two or more ISP’s.

Well, things aren’t quite setup like that here. They have the big Internet connections. They have an AS number. And they qualified for and got a class C bank of IP addresses from ARIN. But then things sort of fell apart. They attempted to setup the dual homing, and their internet went down. So they rolled back off of that to having two separate internet connections with all of their inbound traffic coming in one, and all of their outbound traffic going out the other. There is some failover, but only for web browsing – if the connection goes down that their external servers are on, then they will have no ability for their customers to reach them over their secondary line.

So now I’ve mentioned this and been asked to fix it.

Which is where the fun really starts.

It’s really not that bad to make a change like this, just time consuming. You have to make a lot of phone calls, make some changes to the way that your routers are configured, add some translations into your firealls and then wait around until all that propagates across the Internet. Once your new IP addresses are available across the Internet, you now have to update the DNS entries for your servers. Then when that information propagates, you can go back and fix the translations on your firewall. And then stop using the ISP supplied IP addresses that you have been using up to this point.

That is a bit simplified, but it covers the basics. Like I said, it’s not complicated, just time consuming. But if something does go wrong it can be even more time consuming to fix.

I’m in the process of writing up the detailed plan of how I’m going to make the changes to get this running correctly. Hopefully all goes smoothly.

And hopefully when their normal network admin gets back from vacation he’s not too confused by what I’ve done……

There are lots of things that scare people about the Internet. Nigerian scammers, hackers, LOLCats. You know, the usual stuff.

While there is no perfect defense from any of those, especially the lolcats, implementing a firewall on your internet connection is a big step in the right direction.

A firewall is, in it’s most basic form, something that prevents network traffic from going to certain places. Think of it as a combination filtering and direction control system. Firewalls are available as software for a single computer, or as a combination hardware and software device for networks.

The most common firewall, at least for smaller companies, is a hardware based firewall that is built into your Internet router. It is generally setup to allow all traffic from the internal network (inside your company) out to the Internet, and block all traffic from the Internet that is trying to get into your companies network. It does this by watching where network traffic originates, makes a decision if it will allow that traffic to pass, and either lets it through or drops it. The firewall also keeps track of the traffic that it allows out, so that the return information can get back to the computer on the inside that requested it.

These firewalls also give you the ability to allow traffic from the Internet to come in to your network. Why would you want to do that? Well, if your email server is in your office, or you webserver is, then you’d need to tell the firewall to allow appropriate traffic from the Internet in to those servers. If you aren’t sure if you need to do that, or are sure you do, but don’t feel comfortable doing so, please contact a professional to do the work for you. It’s pretty straightforward, and shouldn’t take long at all in a small office setting.

Firewalls are also available as software for your computer. Both Windows and OS X have built in firewalls that can be used to allow traffic from your network to get to your computer, or can be used to stop your computer from communicating with the network.

There are also 3rd Party software packages from companies like McAffee or Symantec that you can install on your computer. Be aware of the issues that can come up if install one of these pacakages on your computer and it’s also running the native Windows firewall – lots of very weird issues can come from having both of them active at the same time.

A firewall won’t protect you from bad decisions made online, like sending your bank account info to Nigeria, or browsing LOL Cats, but it will definitely help to prevent unauthorized access into your network from the Internet. And given how secure even very small, low cost firewalls can be, there is no reason that you shouldn’t have one between your systems and the Internet.

Starting out with a short answer to a question I was asked at lunch the other day:

If you are moving into a new office space, should you install Ethernet cabling or just run everything over a wireless network?

Well, as one of my engineers told me years ago, wired is the future of wireless. And I agree for the most part.

Before anyone jumps down our throats about that answer, let me provide a bit of background. We are, deep down, a networking company. Sure, we do servers, desktops and other systems. But the core of our expertise was originally networking. Big fat networks that spanned the globe, running very high uptimes and supporting tens of thousands of users. As part of that background, we were involved in starting what has become known as connected real estate. There is a large network equipment company that you may have heard of that has taken that and run with it. We know that the did because we invited them to be part of the first network of that type that we built and they like the idea so much they even filmed promo videos from it.

Those networks weren’t just wired. There was plenty of wireless in them too – on the edge as well as backup interconnections between buildings. We also wired up about 60 shopping malls, a ferry run, a petro chemical plant or two and several financial and government buildings. And they all had a wireless component. A big wireless component. Overall we deployed thousands of individual Access Points, covering millions upon millions of square feet of space.

So if we have all of this background in wireless, then why would I suggest wired?

Because, for new installations, nothing beats the flexibility of putting in a wired networked. If you don’t have to worry about ripping out walls, or carpet, or any other kind of structural mods, then by all means go with a wired network.

Wired networks are faster than wireless, more secure and far more flexible. You can use them for desktops, printers, CCTV systems, VoIP systems and a lot more. Many of those “extra” components that go on the network run power over ethernet, so you don’t even have to run a power line to things like phones, cctv cameras or security devices. Just an ethernet cable.

On the other hand, if you are putting in a network in a building that you can’t or don’t want to run wires in, for whatever reason (cost, difficulty, historic buildings, etc) then be all means go wireless. Just make sure that your wireless network is selected, installed and configured correctly, or you’ll have nothing but issues with it. We’ll cover that in an upcoming post.

So, the answer to the question is wired. Unless it’s wireless.

Hope that helps you out.

Welcome to the Voodoo Networks blog.

We’ve been up for a while, but no posts. Too busy doing other work. But that is changing now. While this is just a notice to let you know that there is actually something coming, we also want to let you know what kinds of things to expect in the near future from us.

So in no particular order, here you go:

Answers to questions about networking or computer systems.

Wired and wireless network design and troubleshooting tips.

Green computing information.

Short reviews of systems or components.

How to articles on network systems and monitoring.

That’s what we are thinking about right now, but we are completely open to other content ideas. Just let us know, either via comments in the blog, email info@voodoonetworks.com or on Twitter (http://www.twitter.com/voodoonetworks).

Watch this space for updates.