Well it's been over a year since my last post, been busy. I now have a 1 day a week part time TechOps assistant, Matt, who is able to get a lot of the strange request tasks etc. done that I just can't seem to get to. He got our Sacred Grounds Cafe Digital Signage app working and they now have their menus displayed on 2 55" flat screen 1080p TVs, way cool.
We've had the new VOIP Switchvox phone system up and running for over a year now and all is working well. We are going to be adding an IP paging system and more phones to allow for paging the church areas in case of intrusion etc.. It is all part of our Reducing the Risk initiative.
Mark Moreno was in back in May and we are working on taking us out of SBS 2008 and moving us to individual server (all virtual of course) for AD / DNS / DHCP, Exchange 2013, SQL Server 2012 and all will be based on 2012 servers, using Microsoft System Center 2012 to manage the clusters.
We are also implementing our disaster recovery system through C&M Support Services, as well as our Antivirus and machine management software from N-Able.
I was able to get 2 more compute modules with dual cpus and 48GB ram off eBay for much less than I was going to purchase a new module, so we are able to do the work on the VMs that we want to do.
I also got a couple of Ruckus 7982's and replaced the 7363's in the Worship Center with them increasing our capacity from approximately 500 to 1000 connections. I also replace the 7363 in the Atrium with a 7962 for better coverage.
I'm also working on getting a new 50/50 Comcast Fiber feed into the church so that we can increase the quality of our Wowza livestream service on Sundays and also give us the bandwidth to stream our service to our new location in Kutztown when we open that up in 2014. We are still looking at encoders and decoders as well as if we will use Zixi service or what to get the best quality. Thanks to all my colleagues on the Church IT Network I have been getting a lot of feed back on what hardware and service to use and not use.
Well, that's all for now. More to come when I have time. Back to my free Networking course at Coursera.org (great place).
Monday, July 29, 2013
Tuesday, May 8, 2012
May 2012
I was experimenting with Zero-IT on our new Ruckus Wireless system, and had some glitches. I wanted to use it so I could see user names that are logged in etc., but for some reason it wasn't displaying them but it was working. Here it was because I was not using Dynamic PSK. Thanks to Greg Kamer from Mirazon, for pointing me in that direction. I truly forgot that I wanted to have an assigned passphrase that was generated by the system so that not just anyone could log in. Now users will use their AD credentials and based on the group they are in they will be assigned to the proper WLAN, like GTStaff will be in GTAOG-Internal, while CheckIn will be in GTAOG-Checkin. Works great.
On Sunday I had two kiosk failures at the same time :-( Not very happy especially with only one backup, a Dell Duo touch. I had my volunteer, Mike, look at them and found that it was a weird wifi issue on the Lenovo mini (I configured it for Zero-IT and it works like a charm). The other one Mike removed the drivers, reinstalled new ones and it still didn't work. We swapped USB ports again (which I did on Sunday but the drivers must have been blown up) and it detected it and worked :-). Now he is doing updates and all will be well again. Getting all the checkin's on Zero-IT will be good because once we do that we will know which one is on what AP and what is going on. Ruckus is so cool, I can't wait for 9.4 and more cool updates coming soon.
I'm getting ready for the Switchvox install that should take place either next week or the following. Digium has released the D70 phones so we should be receiving them shortly. I can't wait to get into it.
I'm getting ready for the Switchvox install that should take place either next week or the following. Digium has released the D70 phones so we should be receiving them shortly. I can't wait to get into it.
Wednesday, April 25, 2012
New for 2012
Well it's been a long time since I posted last. Where should I start. Well we have finally redone our wireless network here at GT. We replaced the SonicPoints from SonicWall with a new state of the art Ruckus Wireless system thanks to Mark Moreno from C&M Support Services Inc. We now have 11 active Ruckus 7363 APs with an 1125 Zone Director running them and it is GREAT. Great connectivity, lots of users online etc.
Mark also helped me redo our VLan scheme to take into consideration the new Ruckus Wireless as well as the new VoIP phone system from Digium, Switchvox that we will be installing in May 2012. We will be replacing our old Toshiba system along with the old Amanda voice mail (running on a 486 no less and DOS), with a new Digium Switchvox A355 and Digium D70 phones. We are using our same wiring infrastructure with Voice VLaning on it. The Digium D70 phones have builtin Gigabit switches so that works great with our HP Procurve 2848 networking infrastructure.
We also installed PowerDSine POE Midspans to get Power Over Ethernet to all the Ruckus WAPs and all the Digium VoIP phones as well. This was a less expensive investment than purchasing new 24 or 48 port POE Gigabit switches. The midspans are 10/100/1000 capable so they pass thru the gigabit with no problems while still providing POE to the devices.
Also I just got back from CITRT 2012 which was help at Watermark Community Church in Dallas Texas. What an AWESOME time. The best Round Table event so far. Great to see friends that I only get to talk to online or via twitter, and also to network and learn from them too. Can't wait to see what is done for next year.
New for 2011
Well it's been a few months since my last post. Being full time now is great, and there is so much that needs to be accomplished. We made it to Florida for both CITRT 2011 (FANTASTIC event, can't tell you how much I learned and how great it was seeing all the other CITRT'rs there), can't wait for Dallas in 2012 :-)
Being the Technical Operations Manager at GT is awesome. There are so many things to get done that I'm never bored for things to do. I love computers, electronics etc, so it all just works for me.
I'm going to have Mark Moreno back again this year to deal with upgrades to our Intel MFSYS35 chassis (installing 2 more compute modules, converting from total VMWare to VMWare with Hyper-V cluster).
Tuesday, December 28, 2010
A New Chapter Begins
Well as a lot of you know, I have been part time at Glad Tidings A/G Church for the past 3 years doing IT etc. Well, the Lord has made his decision and as of January 2nd, 2011 I will be Full-time at GT as the Technical Operations Manager. I look forward to all the things I will be able to do with respect to technology at GT and know that it was all in His time.
I'm also looking forward to going to the Church IT Round Table (CITRT) in Melbourne Florida in February. It will be a great time of exchanging ideas, collaboration and just meeting some friends again face to face. Also, my sister in law lives 4.5 miles from the church we are going to be having CITRT at, so my lovely wife Donna will also be accompanying me (some vacation time too).
More to follow soon.
I'm also looking forward to going to the Church IT Round Table (CITRT) in Melbourne Florida in February. It will be a great time of exchanging ideas, collaboration and just meeting some friends again face to face. Also, my sister in law lives 4.5 miles from the church we are going to be having CITRT at, so my lovely wife Donna will also be accompanying me (some vacation time too).
More to follow soon.
Sunday, August 15, 2010
Migration complete
I'm finally getting around to writing about the conversion from SBS 2003 to SBS 2008. It went rather well considering everything. We had Mark Moreno fly in to assist on site rather than do it remotely, which made everyone feel a little better considering the data loss we incurred prior to the conversion when we were migrating data on our VMs.
With the help of my TechOps Team of volunteers, we got all the workstations and laptops off the old domain and onto the new one without too many issues. We went away from having our user folders on the server (backing up gigs and gigs of music and personal photos was consuming a lot of time and space) to locally on their assigned computer. Very few worked on more than their own computer and if they need to access that data from home they can use the Remote Web Workplace and remotely connect to their PC and do their work that way.
We installed Sophos Antivirus and it is now pushing out to all our workstations. We also installed a SonicWall CDP device to facilitate backup of all the servers (other than the SBS 2008 server itself) including Exchange 2007, our Financial Edge SQL database, sharepoint, and our data server, not to mention all client computers local my documents folders with the exception of music and photos (with a couple of ministry exceptions).
We've also implemented a Terminal Server for our Board members to access since we also added a Board area to our sharepoint companyweb for the exchange of meeting minutes etc. The Terminal Server is also used by employees that do not have a workstation at the church nor do they have a church provided laptop. We only are allowing VPN access to our network, using the SonicWall Global VPN Client, or NetExtender, from church owned laptops to help alleviate the introduction of any viruses or spyware / trojans. The persons that may use the Terminal Server have complete access to shares that they would have access to if they were at GT, and also have the complete Office 2007 Pro Suite to use.
As I may have mentioned in an earlier post, we installed an Intel MFSYS35 modular server chassis, with 6 1TB Sata/Sas hard drives, and a single MFS5000SI compute module with a single Intel Quad-Core Xeon L5420 2.5GHz (1333 MHz) 12 MB cache CPU and 32 Gigs of ECC Reg Ram. We then installed VMWare ESXi 4.x on it. Well here is what we are now running on it.
We now are running eleven (yes 11) virtual servers on it. They are, SonicWall EmailSecurity server (running on Server 2003 std), SonicWall ViewPoint server VM, SBS 2008 Premium server running Exchange 2007, Sharepoint services, AD & DNS, Std server 2008 (that came with the SBS 2008 Premium and runs our SQL 2008 server for our Financial Edge Account software), another Server 2008 std server handling our Data shares, Four (4) Enterprise 2008 servers running our TechOps Spiceworks admin server, as well as an Imaging server (still in the works), Terminal Server, and backup AD server / backup DNS server/ Printer Services server, and finally an Ubuntu Linux server for a few small websites.
We still have some bugs to work out though. Macs cannot use the Remote Web Workplace therefore they must use the SonicWall NetExtender VPN to access the servers. The problem with non church owned Macs. They cannot use the RWW, to access the Terminal Server, since it only works with Microsoft's Internet Explorer due to the ActiveX control needed. Therefore, we still need to figure a way to utilize NetExtender VPN but not allow direct access to the servers or shares but only allow those Macs to use the Microsoft Remote Desktop Client for Mac. This is still being worked on.
Other issues are accessing RWW from the SonicWall Guest Wireless system. I believe, that due to the inherent nature of how SonicWall created the Guest Wireless, and locked it down for security purposes, that we may never be able to get through that way. We don't hand out our WPA passphrase that allows access to our secure internal wireless network, and that is the problem with allowing iPhones or non church owned laptops access. It is quite a dilema. I believe something on the order of a radius based type wireless authentication is needed and I am researching that now.
As things progress and we make more changes I'll post more info.
With the help of my TechOps Team of volunteers, we got all the workstations and laptops off the old domain and onto the new one without too many issues. We went away from having our user folders on the server (backing up gigs and gigs of music and personal photos was consuming a lot of time and space) to locally on their assigned computer. Very few worked on more than their own computer and if they need to access that data from home they can use the Remote Web Workplace and remotely connect to their PC and do their work that way.
We installed Sophos Antivirus and it is now pushing out to all our workstations. We also installed a SonicWall CDP device to facilitate backup of all the servers (other than the SBS 2008 server itself) including Exchange 2007, our Financial Edge SQL database, sharepoint, and our data server, not to mention all client computers local my documents folders with the exception of music and photos (with a couple of ministry exceptions).
We've also implemented a Terminal Server for our Board members to access since we also added a Board area to our sharepoint companyweb for the exchange of meeting minutes etc. The Terminal Server is also used by employees that do not have a workstation at the church nor do they have a church provided laptop. We only are allowing VPN access to our network, using the SonicWall Global VPN Client, or NetExtender, from church owned laptops to help alleviate the introduction of any viruses or spyware / trojans. The persons that may use the Terminal Server have complete access to shares that they would have access to if they were at GT, and also have the complete Office 2007 Pro Suite to use.
As I may have mentioned in an earlier post, we installed an Intel MFSYS35 modular server chassis, with 6 1TB Sata/Sas hard drives, and a single MFS5000SI compute module with a single Intel Quad-Core Xeon L5420 2.5GHz (1333 MHz) 12 MB cache CPU and 32 Gigs of ECC Reg Ram. We then installed VMWare ESXi 4.x on it. Well here is what we are now running on it.
We now are running eleven (yes 11) virtual servers on it. They are, SonicWall EmailSecurity server (running on Server 2003 std), SonicWall ViewPoint server VM, SBS 2008 Premium server running Exchange 2007, Sharepoint services, AD & DNS, Std server 2008 (that came with the SBS 2008 Premium and runs our SQL 2008 server for our Financial Edge Account software), another Server 2008 std server handling our Data shares, Four (4) Enterprise 2008 servers running our TechOps Spiceworks admin server, as well as an Imaging server (still in the works), Terminal Server, and backup AD server / backup DNS server/ Printer Services server, and finally an Ubuntu Linux server for a few small websites.
We still have some bugs to work out though. Macs cannot use the Remote Web Workplace therefore they must use the SonicWall NetExtender VPN to access the servers. The problem with non church owned Macs. They cannot use the RWW, to access the Terminal Server, since it only works with Microsoft's Internet Explorer due to the ActiveX control needed. Therefore, we still need to figure a way to utilize NetExtender VPN but not allow direct access to the servers or shares but only allow those Macs to use the Microsoft Remote Desktop Client for Mac. This is still being worked on.
Other issues are accessing RWW from the SonicWall Guest Wireless system. I believe, that due to the inherent nature of how SonicWall created the Guest Wireless, and locked it down for security purposes, that we may never be able to get through that way. We don't hand out our WPA passphrase that allows access to our secure internal wireless network, and that is the problem with allowing iPhones or non church owned laptops access. It is quite a dilema. I believe something on the order of a radius based type wireless authentication is needed and I am researching that now.
As things progress and we make more changes I'll post more info.
Sunday, April 25, 2010
Migration from SBS 2003 to SBS 2008
Well, it looks like we are finally on schedule to convert from SBS 2003 to SBS 2008. There have been some issues that we have wanted to work out, the main one being that we are using an externally routable domain name as our internal domain, not good practice. So, we are going to create the server NEW using a .local domain therefore eliminating DNS issues etc that have plagued us in the past. To do this though will require alot of help from my volunteers, and backend work and direction from Mark Moreno at C&M Support Services. We will be starting this transition on Thursday May 13th at 5pm and plan to have it completed by Saturday May 15th at 5pm or sooner. We will have to touch all domain workstations to move profiles etc, and also all laptops, macs, and iphones to get this all working correctly, smoothly and efficiently. I am confident that we can accomplish this task with the TechOps team.
I will post more info as we hash out the exact route we are taking to do this.
I will post more info as we hash out the exact route we are taking to do this.
Subscribe to:
Posts (Atom)