Unfortunately this isn't one of those success stores. But then again if I wrote about those I'd be hitting a few thousand posts a year, and plus they're really boring to write about.
We began the project by powering up some virtual machines and test importing the configuration from ISA 2006 to Forefront TMG 2010, and all appeared fine. The ruleset was there, the VPN configurations were there, and so on. Test data seemed to pass through nicely.
The migration went through and we put the box live, decommissioning the old ISA 2006 hardware. Everything seemed fine until larger quantities of traffic started passing through the box. The logging was showing a lot of packets getting dropped on the floor, but with no source, destination or protocol, active FTP and SIP traffic was also being problematic, and the box would randomly decide to stop passing everything, like the service had stopped. The irritating thing was that it simply wasn't consistent.
After poking into the configuration we started noticing that a lot of problems were evident in the configuration;
- The domain controllers computer set had entries that were flat out wrong and not present in the ISA configuration
- The Web Proxy Auto-Discovery Protocol (WPAD) file was wrong
- DNS was starting to go down VPN tunnels, but there were no DNS addresses configured on the interfaces
- And a whole host of other niggly issues
After fixing these the box was still randomly dropping things, but as the data flow increased (and not to extreme levels - we're talking a 10Mbit/s leased line here) so did the drop outs. At this point it was starting to become more than an irritation and more of a service affecting problem. I elected to rebuild it with non-R2 Windows Server 2008, and to manually create the configuration from documentation. Although I would've loved to have got to the bottom of the problem rolling back would've been as much of a pain at this point, and the customer was rightly beginning to get fidgetity.
So why non-R2 Windows Server 2008? A couple of reasons; All our other deployments of TMG 2010 are on non-R2 and are stable, we noticed our original test box for this project was non-R2, and there are also rumblings of other people having issues with R2 on a couple of technet threads. Although I'm not 100% convinced that R2 is to blame here frankly we didn't need R2, and I only wanted to do this the once as the whole job needed to be done out of working hours.
Since the OS rebuild and manual build of the configuration, touch wood, it seems to be a lot more stable. No more weird packets getting logged, no more weird FTP or SIP problems, no more random drop outs.
My thoughts on TMG 2010 aren't favourable at this point, but it's not just because of the problems. Ostensibly it feels like ISA 2006 with a few interesting bits bolted on, but unless you require ISA or TMG in your environment, I wouldn't recommend it. There's still no real IPv6 support, without SP1 it feels very wobbly, and for a few features that you might not need its an expensive upgrade.
Realistically you can pull off the same feature set with a different combination of products; a "real" firewall, and an internal proxy server, for example. This isn't to say that you shouldn't put TMG 2010 in anywhere. It does have some very useful features, but just look at your options carefully. Perhaps you don't need to upgrade. Perhaps you may find a better fit solution.
A little less than a month ago Patrick from Red-Track online marketing contacted me and wanted to know if I'd be interested in reviewing a TrainSignal training DVD, specifically one about Exchange 2010.
If you want the final word on the quality of the training head straight to the final paragraph, otherwise strap in; This is a long post.
I'll have to be honest, I had never heard of TrainSignal until that point, and I was wondering if it was a bit of a scam. However, several days later a set of DVDs arrive via UPS. What I received was a set of 3 DVDs, in a standard DVD case, and a little shipping note. Having not actually ordered them themself I don't know if I should've got a little "this is your training" letter, or if thats just it. I would say that a little note would have been nice, especially pointing out the interesting bits about DVD 3. To me this DVD would be the one that would most interest a lot of the busier, and perhaps younger, generation. It has pre-converted versions of all the training videos, for iPods/iPhones, and it also has audio-only versions. The README on DVD 1 and 2 didn't mention this at all, and it would've been nice.
In terms of the actual content of DVD 1 and 2, you get a DVD with a bunch of folders, one of which is a codec directory, a bunch of lesson directories, a notes directory that has a nice set of PDFs you can print to take notes on (very useful for a class environment) and another about the lab setup, along with the obligatory Windows autorun, and a small README. There are a few other files and folders, but you probably won't care too much about them.
The README itself says that the DVDs require Windows and Internet Explorer, however you can just dive into the directories and open up the AVI files using your favourite video player. In my case I watched some of the videos on my desktop, under Windows using IE, and then I switched to using VLC under OS X and later Ubuntu. If you're a "power user" understanding this won't be an issue for you, however on the off chance that a less experienced user receives these and has a non-Windows desktop it may've been nice to detail as such.
The actual content of the training videos is very professional, as you should expect. You have a voice over from J. Peter Bruzzese, and a video that has slides and screen capture, which is all clearly explained. The video starts off with an introduction and an explanation as to what you should expect from the series, and even better does tell you that if you've got experience with Exchange 2007 that you can just jump about a bit. I thought that was a nice touch. It could be argued that it's a bit redundant, however it's a nice nod to those who know the previous version nicely.
The videos will take you through the configuration, how to build a similar lab setup, and outlines a real world scenario. It's this scenario that the rest of the videos are based around. To me I think thats a very important thing to have done. A number of the other training videos I've had to sit through have been very abstract, and forced. It prevents you from really connecting with the content, and you don't always learn.
Having setup 2 production Exchange 2010 organisations in the last year, one of which is using what many will consider an "advanced feature" (Database Availability Groups), and another that was running from the Beta, I found the pace to be very slow and I actually watched all of the videos at an accelerated rate. By the end I had managed to ramp upto 2.2x speed, only dipping slower to listen in on the bits that I've not yet used or I was concerned may've been lacking. I'm not suggesting that you do this, but if you do know Exchange 2010 I'd suggest that you select the videos you want to watch carefully.
However, it's I have no doubt that it's extremely accessible if you're completely new to Exchange, or if you're coming to it from Exchange 2003 or prior.
The videos end with an outline of the Exchange 2010 certification exam. My concern with that would be that some may rely on that a little too much. It would've been nice to hear a statement outlining that you should really check to see if there have been any ammendments, or so forth.
The only other concerns that I've got are that it is pre-service pack 1, it brings up remote file servers (which I thought had been dropped from Exchange 2010, despite being left in the GUI), and I found the video on Database Availability Group to be a little lacking.
Now, in Peter's defence I've only recently setup DAG, and it is very much a feature that you should do research into before deploying. But it would've been nice to see a mention about running multiple networks, and more DAG customisation. In constrast the other "advanced" section on Unified Messaging was detailed enough to bring you upto date on what you need to know, common issues, and what you may need from your phone guys.
Ultimately J. Peter Bruzzese is a knowledgable, well spoken instructor. The training is good quality, although you certainly want to ensure that you know what you're buying. If you have been working with Exchange 2010 in production for some time, and have been playing with it during beta, you may want to look elsewhere. This is definitely training for those with little to no experience of Exchange since 2003, or prior, or none at all. However, if you have other staff who have little experience with Exchange 2010 then I heartily recommend TrainSignal's Exchange 2010 training. You won't be disappointed.
I've recently taken on a new role at work, and as part of that I've now got a big thing for change management and documentation.
I should cover a bit of background. At work we're a bit different from normal IT departments. Mostly because we're not a department, although we are treated as such by many of our customers. Ultimately we look after multiple, distinct, systems in multiple areas of business, in multiple locations - none of which are inter-linked at all. This makes it exceptionally important to document and to pass on information. It's unacceptable for us to say "X has gone to lunch, he's the only guy who knows your system... Can it wait?".
One thing that we've always done is to document everything on our online helpdesk software. Even if the customer phones it in, it has to go into the helpdesk. This is great for change management and finding culpability, but it's terrible for keeping configuration files, and information on the overall architecture of systems. Over the last year we've been supplementing this with a wiki (the excellent Dokuwiki to be exact) to help record this sort of information. Combined with regular group briefings (read: informal chats) it's generally been working reasonably well, especially now we're coming to the end of a major re-organisation of the data in there.
My main issue with what we currently have is keeping up to date configuration files for routers, switches, daemons, and so on. Particularly in combination with lots of rapid changes. Its all well and good to have procedures stating that "you must 'check in' the most recent change", but if it's too busy and it gets forgotten then you're screwed. I really want to automate this process. There are some tools out there for this; Kiwi's Cattools, Ziptie (abandoned, which I realised far too late after dicking about with it for an hour and wondering why some things didn't work), RANCID.
These'll work fine to varying degrees, but here's my niggling problem - I'd love to be able to stick something else next to whatever system we deploy, in order to push configuration changes back. With RANCID I can do this, but we've still got very much of an anti-*ix sentiment, and although it is changing very slowly, in the short-to-medium term it would cause the same problem that I'm trying to get rid of - knowledge partitioning. Hiring someone else with the knowledge we need isn't an option at the moment (we've just taken on an additional member of staff who doesn't have the knowledge or skills).
It's got me thinking. What trick am I missing here? I know I should be just worried about configuration files right now, but the part of me that loves hacking something together really wants to find or to put something together to solve both problems in one go. However, realistically this isn't something I have the time to do right now.
How do you do it?
- Sep 05, 2010 by the_angry_angel
- Geek, Personal, Work and Experience
All in all for the last 5 years I've worked exclusively from home, and prior to that it was on and off depending on circumstances, and so on. During this time I've often been asked the same sort of questions over and over again;
- "Is it lonely?"
- "How hard is it to motivate yourself? I don't think I could get stuff done!"
The first question I can understand. Sometimes you do need to see someone else, physically there in front of you, but to be frank, I've never been a great social animal, which probably helps massively. Second I speak with the other guys that I work with quite a lot during the day (unless I've got my head stuck in a particularly complex project or issue). We use Skype, our VoIP phone system and an internal IRC server to communicate. We joke, we talk movies, share stupid links occasionally, everything you'd get in a normal office - just with a bit of geographical distance. Often people find this quite hard to grasp when I explain this.
To a certain extent I can understand the view point of the second question; It can be hard sometimes. However (and this is the big secret to working at home) if you love your job, to the point that you'd probably be doing the same sort of things if you were unemployed, then working from home shouldn't be any harder for you than working in an office. If you're not in the same boat as me, which is loving your job, then you're right getting motivated would be frakking hard work.
However, there is a bit of a downside with working from home, and that is simply balancing work and home life. I won't pretend that I have the answers to this one, because honestly I don't. I'm very bad at separating what I'm told should be 2 different ways of life. However, part of the problem is that I do have to do a reasonable amount of stuff outside of the normal 9-5 hours. Sometimes it's hard to perform maintenance on systems when the customers you're working for don't always have the financial, or other, capacity to build highly available systems.
So why the post? Partially I felt that I didn't really have anything interesting to write about from work. There's some stuff about the "new" IBM IMM (Integrated Management Module) that I've only just had the opportunity to play with, since we've not put any new servers in for sometime. At the end of the day by standard IMM is nice, but you really need the Virtual Media Key to make the most of it (which provides remote presence, and remote media features) - which for about £200 is totally worth it and necessary if you've used other fully featured remote management/lights out cards in the past.
The other reason is that I was reading an old copy of .NET magazine that I've half-inched from Chris where the 37Signals partner David Heinemeier Hansson has a page (once you remove the images) article about the worth ethic being 37Signals. One of which is that he believes workaholics should be fired, and he explains why. Great article and interesting to see how creative companies work. I just struggle to see many people in my line of work, and similar ones, that aren't workaholics, simply because they really love what they do. But does that make us workaholics?
- Jul 12, 2010 by the_angry_angel
- Personal, Mobiles and Android
I've recently acquired a new phone to replace my aging iPhone 3G: The Samsung Galaxy S (or the GT-i9000 everywhere outside of the UK [apparently]). This is my first dip into the Android world, and I've got mixed feelings about it.
In the past I had Windows Mobile devices for work, around the 5 series, and in many ways Android reminds me very much of that experience. Now hear me out before you start tracking me down and attempting to kill me: Applications vary wildly on quality and the operating system gives you a reasonable amount of flexibility at the expensive of battery life and in some instances a complexity of use.
After 2 years of almost exclusive iPhone use I'm starting to remember what the appeal was of the original iPhone, despite the somewhat draconian strangle hold Apple has over the platform. From time to time I yearn for a dictator to swoop down and with an ironfist make every useful application I've installed follow some sort of coherent usability and style guidelines. I long for someone to clear the piles of crap from the Application Marketplace, or at least create some clever system where they don't bubble to the surface.
Despite this I do still love the Android platform, but it just feels like it's not quite finished - yet. The default mail application needs some love (or better yet, to merge the changes from k9), the browser needs a little tweaking, and so on and so on. I'm not yet regretting the move to Android, and I'm not sure that I will for sometime to come, if at all. The fact that I now have a mass storage device in my pocket at all times, which is also a hackable unix box underneath is very comforting.
As for the Samsung Galaxy S, it's a great bit of hardware on paper. In real life I feel it does need more RAM, and the battery really does need to be better. With some faffing it's acceptable. This is in part down to some of the applications that are bundled, and in part down to the massive screen and GPS, but even with just bluetooth on in the car it really does drain more quickly than I've become accustomed to. If anything it's another reminder of the Windows Mobile days of yore. The build quality is one place where I really feel like I've been spoiled by Apple. I've become very used to aluminium laptops[1] and phones that feel solid. On a favourable day I would describe the Galaxy S, as "classic phone" or "classic Samsung", and on an unfavourable day as "cheap". It's a bit of a let down considering the outstanding specs on the rest of the phone.
The one thing that is the "killer app" for this phone is the inclusion of Swype as standard. Whilst not exclusive to the Galaxy S, or even Android, I can tell you that this; Swype should become the defacto standard for input. The fact that the iPhone is inflexible enough to allow modifications to this extent places the nail in Apple's coffin as a mobile phone supplier for me.
If you've got any phone with Swype included in the default ROM I highly recommend that you enable it and have a play. If you're unlucky enough not to have a compatible phone trawl the nearest city until you find someone with one so you can understand why I feel it's so great. It may sound completely nuts, or like a gimmick, but it's really not.
[1] Having had accidents with laptops, ranging from dropping off tables to having rackmount servers and IBM thinkcentres landing on them, only my previous Apple Macbook Pro survived to live another day. To me this makes the case for decent build quality.
