Well as a lot of you know, I have been part time at Glad Tidings A/G Church for the past 3 years doing IT etc. Well, the Lord has made his decision and as of January 2nd, 2011 I will be Full-time at GT as the Technical Operations Manager. I look forward to all the things I will be able to do with respect to technology at GT and know that it was all in His time.
I'm also looking forward to going to the Church IT Round Table (CITRT) in Melbourne Florida in February. It will be a great time of exchanging ideas, collaboration and just meeting some friends again face to face. Also, my sister in law lives 4.5 miles from the church we are going to be having CITRT at, so my lovely wife Donna will also be accompanying me (some vacation time too).
More to follow soon.
Tuesday, December 28, 2010
Sunday, August 15, 2010
Migration complete
I'm finally getting around to writing about the conversion from SBS 2003 to SBS 2008. It went rather well considering everything. We had Mark Moreno fly in to assist on site rather than do it remotely, which made everyone feel a little better considering the data loss we incurred prior to the conversion when we were migrating data on our VMs.
With the help of my TechOps Team of volunteers, we got all the workstations and laptops off the old domain and onto the new one without too many issues. We went away from having our user folders on the server (backing up gigs and gigs of music and personal photos was consuming a lot of time and space) to locally on their assigned computer. Very few worked on more than their own computer and if they need to access that data from home they can use the Remote Web Workplace and remotely connect to their PC and do their work that way.
We installed Sophos Antivirus and it is now pushing out to all our workstations. We also installed a SonicWall CDP device to facilitate backup of all the servers (other than the SBS 2008 server itself) including Exchange 2007, our Financial Edge SQL database, sharepoint, and our data server, not to mention all client computers local my documents folders with the exception of music and photos (with a couple of ministry exceptions).
We've also implemented a Terminal Server for our Board members to access since we also added a Board area to our sharepoint companyweb for the exchange of meeting minutes etc. The Terminal Server is also used by employees that do not have a workstation at the church nor do they have a church provided laptop. We only are allowing VPN access to our network, using the SonicWall Global VPN Client, or NetExtender, from church owned laptops to help alleviate the introduction of any viruses or spyware / trojans. The persons that may use the Terminal Server have complete access to shares that they would have access to if they were at GT, and also have the complete Office 2007 Pro Suite to use.
As I may have mentioned in an earlier post, we installed an Intel MFSYS35 modular server chassis, with 6 1TB Sata/Sas hard drives, and a single MFS5000SI compute module with a single Intel Quad-Core Xeon L5420 2.5GHz (1333 MHz) 12 MB cache CPU and 32 Gigs of ECC Reg Ram. We then installed VMWare ESXi 4.x on it. Well here is what we are now running on it.
We now are running eleven (yes 11) virtual servers on it. They are, SonicWall EmailSecurity server (running on Server 2003 std), SonicWall ViewPoint server VM, SBS 2008 Premium server running Exchange 2007, Sharepoint services, AD & DNS, Std server 2008 (that came with the SBS 2008 Premium and runs our SQL 2008 server for our Financial Edge Account software), another Server 2008 std server handling our Data shares, Four (4) Enterprise 2008 servers running our TechOps Spiceworks admin server, as well as an Imaging server (still in the works), Terminal Server, and backup AD server / backup DNS server/ Printer Services server, and finally an Ubuntu Linux server for a few small websites.
We still have some bugs to work out though. Macs cannot use the Remote Web Workplace therefore they must use the SonicWall NetExtender VPN to access the servers. The problem with non church owned Macs. They cannot use the RWW, to access the Terminal Server, since it only works with Microsoft's Internet Explorer due to the ActiveX control needed. Therefore, we still need to figure a way to utilize NetExtender VPN but not allow direct access to the servers or shares but only allow those Macs to use the Microsoft Remote Desktop Client for Mac. This is still being worked on.
Other issues are accessing RWW from the SonicWall Guest Wireless system. I believe, that due to the inherent nature of how SonicWall created the Guest Wireless, and locked it down for security purposes, that we may never be able to get through that way. We don't hand out our WPA passphrase that allows access to our secure internal wireless network, and that is the problem with allowing iPhones or non church owned laptops access. It is quite a dilema. I believe something on the order of a radius based type wireless authentication is needed and I am researching that now.
As things progress and we make more changes I'll post more info.
With the help of my TechOps Team of volunteers, we got all the workstations and laptops off the old domain and onto the new one without too many issues. We went away from having our user folders on the server (backing up gigs and gigs of music and personal photos was consuming a lot of time and space) to locally on their assigned computer. Very few worked on more than their own computer and if they need to access that data from home they can use the Remote Web Workplace and remotely connect to their PC and do their work that way.
We installed Sophos Antivirus and it is now pushing out to all our workstations. We also installed a SonicWall CDP device to facilitate backup of all the servers (other than the SBS 2008 server itself) including Exchange 2007, our Financial Edge SQL database, sharepoint, and our data server, not to mention all client computers local my documents folders with the exception of music and photos (with a couple of ministry exceptions).
We've also implemented a Terminal Server for our Board members to access since we also added a Board area to our sharepoint companyweb for the exchange of meeting minutes etc. The Terminal Server is also used by employees that do not have a workstation at the church nor do they have a church provided laptop. We only are allowing VPN access to our network, using the SonicWall Global VPN Client, or NetExtender, from church owned laptops to help alleviate the introduction of any viruses or spyware / trojans. The persons that may use the Terminal Server have complete access to shares that they would have access to if they were at GT, and also have the complete Office 2007 Pro Suite to use.
As I may have mentioned in an earlier post, we installed an Intel MFSYS35 modular server chassis, with 6 1TB Sata/Sas hard drives, and a single MFS5000SI compute module with a single Intel Quad-Core Xeon L5420 2.5GHz (1333 MHz) 12 MB cache CPU and 32 Gigs of ECC Reg Ram. We then installed VMWare ESXi 4.x on it. Well here is what we are now running on it.
We now are running eleven (yes 11) virtual servers on it. They are, SonicWall EmailSecurity server (running on Server 2003 std), SonicWall ViewPoint server VM, SBS 2008 Premium server running Exchange 2007, Sharepoint services, AD & DNS, Std server 2008 (that came with the SBS 2008 Premium and runs our SQL 2008 server for our Financial Edge Account software), another Server 2008 std server handling our Data shares, Four (4) Enterprise 2008 servers running our TechOps Spiceworks admin server, as well as an Imaging server (still in the works), Terminal Server, and backup AD server / backup DNS server/ Printer Services server, and finally an Ubuntu Linux server for a few small websites.
We still have some bugs to work out though. Macs cannot use the Remote Web Workplace therefore they must use the SonicWall NetExtender VPN to access the servers. The problem with non church owned Macs. They cannot use the RWW, to access the Terminal Server, since it only works with Microsoft's Internet Explorer due to the ActiveX control needed. Therefore, we still need to figure a way to utilize NetExtender VPN but not allow direct access to the servers or shares but only allow those Macs to use the Microsoft Remote Desktop Client for Mac. This is still being worked on.
Other issues are accessing RWW from the SonicWall Guest Wireless system. I believe, that due to the inherent nature of how SonicWall created the Guest Wireless, and locked it down for security purposes, that we may never be able to get through that way. We don't hand out our WPA passphrase that allows access to our secure internal wireless network, and that is the problem with allowing iPhones or non church owned laptops access. It is quite a dilema. I believe something on the order of a radius based type wireless authentication is needed and I am researching that now.
As things progress and we make more changes I'll post more info.
Sunday, April 25, 2010
Migration from SBS 2003 to SBS 2008
Well, it looks like we are finally on schedule to convert from SBS 2003 to SBS 2008. There have been some issues that we have wanted to work out, the main one being that we are using an externally routable domain name as our internal domain, not good practice. So, we are going to create the server NEW using a .local domain therefore eliminating DNS issues etc that have plagued us in the past. To do this though will require alot of help from my volunteers, and backend work and direction from Mark Moreno at C&M Support Services. We will be starting this transition on Thursday May 13th at 5pm and plan to have it completed by Saturday May 15th at 5pm or sooner. We will have to touch all domain workstations to move profiles etc, and also all laptops, macs, and iphones to get this all working correctly, smoothly and efficiently. I am confident that we can accomplish this task with the TechOps team.
I will post more info as we hash out the exact route we are taking to do this.
I will post more info as we hash out the exact route we are taking to do this.
Subscribe to:
Posts (Atom)