Windows 7 DirectAccess overview May 31, 2009
Posted by Steve in Networking, windows 2008.Tags: Direct Access, network, Windows 2008 R2, Windows 7
comments closed
Windows 7 clients can gain remote access to network resources using a feature called DirectAccess. Microsoft see this as a game breaking technology that will change the way we work remotely. A Windows 2008R2 server acts as a gateway for DirectAccess clients providing access to servers on the internal LAN.
DirectAccess does away with the need for third party VPN clients or access gateways on client devices and simplifies data access from the end user.The end user experience is seamless and simple. The user simply turns on and connects to the internet, no additional user actions required. DirectAccess will automatically reconnect if the internet connection is dropped for any reason.
DirectAccess removes some of the more frustrating issues end users have when working remotely. Connections are over port 443 (a standard port) removing connection issues due to firewall rules on remote networks and routing issues due to subnet clashes. Intelligent routing means users can access internet services at the same time as company resources.
For Network Administrators the ability to manage computers outside the firewall will be a key driver for using this technology. NAP can be used to audit clients before allowing network access. Group Policy can be applied over the DirectAccess connection before the user gains full network access.
One of the biggest difference between DirectAccess and traditional VPN solutions is that the DirectAccess connection can be initiated from either end where VPN’s are initiated from the client only. The connection is established when the client device starts up and doesn’t require the end user to login and initiate a connection.
DirectAccess Requirements:
- Windows 2008R2 Server Active Directory Domain Controller Role
- Windows 2008R2 Server DirectAccess Role
- 2 Network cards configured
- 2 consecutive public static IPv4 addresses with public DNS names
- Digital Certificates with CRL attributes
- Windows 7 client joined to the domain
Firewall configuration details can be found on technet – DirectAccess requirements article.
DirectAccess really is in my opinion one of the best reasons to move to Windows 7 when it is released later this year. End users will love seamless access to company resources while Network Administrators will see real value in the management capabilities.
Microsoft have recently published some tools to help implement and manage Direct Access. Download the kit from here:
Direct Access Admin Kit
EBS 2008 Firewall Configuration May 27, 2009
Posted by Steve in EBS, Networking.Tags: EBS 2008, Forefront TMG
comments closed
Essential Business Server 2008 (EBS 2008) automatically installs and configures most of the components required to provide remote access. Details can be found in my EBS 2008 Remote Access article.
Forefront TMG is automatically configured during installation to allow the ports listed below to access services in the EBS 2008 environment. If you have an external router or firewall you will need to forward the following ports from that device to the WAN Adapter of the EBS 2008 Security Server:
- Port 25 TCP – SMTP
- Port 80 TCP – HTTP (EBS 2008 redirects inbound HTTP to HTTPS)
- Port 443 TCP – HTTPS (RWW, OWA and TS Gateway)
- Port 987 TCP – External secure Windows SharePoint Services intranet access
- Port 1723 TCP – PPTP (VPN) – optional as RRAS is not configured by default
Note that RDP access to server consoles is done via Terminal Services Gateway (over port 443) so do not allow inbound connections on port 3389 as it is a security risk.
Moving SQL Express or MSDE Databases May 26, 2009
Posted by Steve in SQL 2008.Tags: SQL, SQL 2008
comments closed
Many applications use Microsoft MSDE or SQL Express instances to store application specific data. The default file location is usually somewhere on the C: drive, which may seem harmless until they start consuming valuable disk space. It is possible to move the databases without reinstalling the applications using this method:
- Install SQL Management Studio Express (or use SQL Management Studio if you have it)
- Locate the physical files associated with the database by Right Clicking the database in SQL Management Studio and choosing properties. Note the database and log paths may be different.
- Stop any services and websites associated with the database
- Right Click the database and choose “Detach”
- Move the database and associated log file to a new location (.MDF and .LDF)
- In SQL Management Studio, right click Databases and choose “Attach” and choose the database file (.MDF)
- Restart the services and websites stopped above
Because the application itself communicates with the database engine, moving the location of the data files doesn’t require any reconfiguration of the application itself. I have used this method to successfully move WSUS, SCE, BackupExec and WSS databases. This method works for all versions of SQL not just MSDE or SQL Express.
Note that it is a good idea to keep Databases and Logs on independent sets of disks for performance and recoverability. It is also a good idea to ensure busy databases are not stored on the system disk.
Recent EBS 2008 issues and solutions May 24, 2009
Posted by Steve in EBS.Tags: EBS 2008
comments closed
Essential Business Server 2008 (EBS 2008) has in my experience been a very stable environment, but I have struck a few interesting issues. Here are solutions to some of the issues I have encountered:
Outlook prompts for authentication every few minutes
I found the solution to this was to change authentication on “AutoDiscover” in IIS on the Messaging Server. Details can be found on the Essential Business Server Team Blog
.NET Framework 3.5 will not install
To resolve installation errors with .NET 3.5 I downloaded the “.NET Cleanup tool” and removed all copies of .NET 3.5. I then restarted the server with the issue and reinstalled .NET 3.5 + service pack 1 sucessfully.
System Centre Essentials reporting stops after applying hotfix KB948109
Microsoft have released Hotfix KB957755 to resolve this issue.
Exchange 2010 sneak peek May 19, 2009
Posted by Steve in Exchange 2007, Exchange 2010.Tags: Exchange 2010
comments closed
The internet is currently buzzing with snippets of information about Exchange 2010 which we can expect to see towards the end of the year (no official dates yet). Exchange is the foundation of Microsoft’s messaging and unified communications product suite and 2010 promises to be a significant jump in functionality. While the full list of features is yet to be confirmed, here is a quick overview of some of the new features we are likely to see:
Under the hood
Exchange 2010 includes improved database with lower disk I/O requirements allowing the use of lower cost disk. The database is more robust and builds on the replication capabilities already found in Exchange 2007. Exchange 2007 with Service Pack 2 (due out in the next few months) can work in a mixed environment.
eDiscovery
Exchange 2010 introduces email archiving and cross mailbox search capabilities to assist with compliance with legal requirements around eDiscovery. Search capabilities can be delegated outside of the IT department to more appropriate locations such as Human Resources.
Federation
Federation will allow users to view “free/busy” Calendar information across organisations, a great tool for people who regularly schedule meetings with partner businesses.
Administration
Common administration tasks can be delegated to end users including the ability to create and update distribution lists. Email tracking tools can also be used allow users to check if a message has been delivered or is delayed somewhere.
Cloud services
Exchange 2010 will be available both as onsite and cloud based solutions. One of the most interesting capabilities is the ability to split the infrastructure between the two solutions e.g. replicating data from onsite to the cloud as a DR solution.
Client improvements
Outlook 2010 is still in development but we can be assured that it will be required to leverage some of Exchange 2010′s functionality. Improvements to the web client will include presence for those who have OCS and improved support for Safari and Firefox web browsers. Windows Mobile clients will also receive improvements.
Voice to Text
One of the more useful features is the ability of Exchange 2010 to convert incoming voicemail messages to text. You will be able to read your voice mail, great for mobile users.
Exchange 2010 is an extremely important part of Microsoft’s next wave of server products and sets a clear path for Microsoft’s strategy on Cloud based services and unified messaging.
HP C3000 Blade Enclosure Onboard Administrator May 18, 2009
Posted by Steve in c3000.Tags: Blade, c3000, iLO
comments closed
A wide range of factors contribute to the cost of any IT Infrastructure solution. One of the hidden costs is the time it takes to identify and fix a fault and downtime or reduced performance that occurs during this process. I read recently that most outages are actually caused by the people whose job includes insuring uptime is maintained! Imagine for a minute the scenario where you are installing updates and accidently shutdown rather than restarting or a cooling fan fails in a server at a remote location. I’ll come back to these scenarios later.
The Onboard Administrator (OA) and Integrated Lights Out (iLO) technologies are two handy tools for administrators who need to keep systems running efficiently remotely. They provide remote management of all aspects of the C3000 or C7000 Enclosure and the Blades it houses. Both technologies can be accessed via a web interface, OA managing the enclosure itself and iLO managing individual blades.
OA allows complete configuration of the Blade Enclosure including presentation of the integrated DVD to specific blades, SNMP configuration, power management and configuration of various aspects of the enclosure. Email alerts can be configured to provide awareness of hardware faults or issues e.g. failed cooling fans and power warnings. OA also provides information on the enclosure configuration via a graphic blade view and inventory feature showing part numbers and serial numbers of all devices within the enclosure including Blades.
iLO provides a remote console allowing remote access to Blades and the ability to access the ROM based setup, controller ROM setups and even install an Operating System. iLO also features virtual power buttons making it possible to power Blades off and on remotely. OA includes a wizard to setup multiple iLO devices within the enclosure reducing setup time. Access via SSH and SSL are supported. A license key must be purchased to access some of the advanced features.
Advanced diagnostic tools are a key feature of these technologies. iLO features the ability to review a video of the servers last boot and last reported fault. These features combined with part and serial numbers help accelerate the troubleshooting and warranty replacement processes.
Getting back to the issues above, iLO can be used to hit the power button remotely and bring an accidently shutdown server back to life. A failed cooling fan is the sort of thing that can cause havoc if it isn’t replaced is often not visible to the administrator, and email alert from OA and then a quick check via the web interface and a replacement part can be ordered without needing to go onsite.
OA is included in both C3000 and C7000 series Blade Enclosures. iLO technology is included in a range of HP Server including DL series rack mount servers and ML series tower servers.
One Month of Blogging May 18, 2009
Posted by Steve in Uncategorized.comments closed
Today is one month since I launched this blog. The experience has been very satisfying and extremely addictive!
Visitors to my blog come from a number of sources the with Google just squeezing out Twitter as the top referrer. Some of the Google search terms are interesting and I can see a lot of people have questions about Digital Certificates and C3000 DVD drives. The most popular articles are related to HP C3000 Blades and Microsoft Essential Business Server.
The total number of visits has exceeded my expectations and definitely motivates me to keep this thing going. I’ve got a few ideas for future posts but if you have any suggestions send me a message on Twitter.
Thanks for visiting and come back again soon!
