Great small business firewall from Cisco

So as a result of Cisco getting more and more into the small business world, they have finally decided to position a small business firewall in the market for the smallest of small businesses. The Cisco SA 500 series of security appliances. This is from the Cisco Small Business Pro line.

The Cisco SA 500 series comes in a variety of models, the SA 520, 520W and 540. The 520W is particularly nice because it provides built-in wireless functionality as well. The 540 is basically the version that supports the most throughput and is the higher end version of the bunch.

From using the SA 520, it is apparent from the start that it is meant to be user friendly. The entire device is configured via the GUI and there is no command line to worry aobut. If you just need a small appliance to drop into a very small business for basic Internet access and firewalling capability, this is a great solution. On top of all that it has VPN and VLAN support so you can do some business-like configuration of the device instead of just throwing in a home based router/firewall.

-RP

How to monitor free space on a LUN?

Hi folks! So further to my last post, once you’ve decided on free space for your LUN, how the heck do you monitor it?

There are a few scripts out there that will do this for you and a few free programs that will show you the free space. But how do you get it to check and then email you an alert if you go past your set threshold? Veeam of course!

The good people at Veeam have a product called Veeam Monitor, which will not only monitor your storage but also monitor a myriad of other VMware related things. Features such as hardware monitoring and performance analysis will also help you with your VMware administration duties.

You can check out the free version of Veeam Monitor here and if you like it you can then opt to purchase the full product.

-RP

How much free space is needed on a LUN for VMware?

Hi folks! One of the common questions you might find in the virtual world with VMware is how much free space do I leave on a LUN? When is it not enough?

A common mistake is to think you only need enough free space for the size of the VM itself and not much more. Well if you do that you’ll quickly find out the hard way that you should have allocated more. You see VMware needs space for things such as snapshots and space for emergency situations where you might need the space for shuffling things around from LUN to LUN.

The general consensus for free space on a VMware LUN is 10% to 20% free space. This isn’t just for snapshots, but also to account for any emergencies you might have to deal with on a VM where you need the free space. So if you don’t have  10% to 20% free space, then essentially you should treat the disk as full for all intents and purposes. 20% can be considered on the conservative side but it doesn’t hurt to be cautious.

I have heard people say 10% to 15% is good enough but only if you have very strict snapshot policies to ensure that you are monitoring the disk space closely.

-RP

Windows Mobile 6.5 to challenge BlackBerry and iPhone

Hello again! Windows Mobile 6.5 is released! And the world went crazy……ummm…yeah….no, not really. I think Windows Mobile 6.5 has been released without much fanfare actually. It’s not like all the hype around the iPhone or the BlackBerry Storm.

I think what has happened is Microsoft has seen declining market share surrounding their mobile products for one good reason……they’re not that great. I can list countless good things about BlackBerries and iPhones, with only a few downsides. But I’ve had no end of issues with the many Windows Mobile based phones I’ve owned in the past. As a matter of fact, it was my horrific experience with Windows Mobile that actually pushed me right into BlackBerry’s waiting arms a long time ago.

Now hopefully this new version is a lot better so the Windows Mobile users out there can get a better experience, but they always claim things are better with the next version and it never really has been that great. If Microsoft wants to really get serious about this, they better really focus on what makes BlackBerry and iPhone so successful and see if they can do something about it.

For now, I will continue to recommend either BlackBerry devices or iPhones to my corporate customers based on their needs as those two devices are both proven in my opinion.

-RP

Will iPhone steal market share from BlackBerry?

Hi folks! As per my previous blog post, iPhone will soon be available at the major carriers across Canada. What does this mean to us?

Well obviously some might think this will foster competition but unfortunately the carriers haven’t been one to really compete with each other. They typically have prices that are in lock step with one another. One would almost think that they get together in the background and have meetings on setting their pricing the same.

No, I think the big thing here isn’t going to be a major shift in pricing, but a major shift in marketshare. What we will see is with the iPhone more readily available it will start to encroach on BlackBerry’s territory. Of Course the BlackBerry is still scene as the corporate smartphone leader but I think with this increased availability it will be hard for corporate types to resist taking a small peak at what else is out there.

-RP

iPhone in Canada, coming to Bell and Telus

Hi folks! As some of you may know, Rogers is the only wireless provider that offers the iPhone in Canada. For a long time now customers of Bell and Telus have been hoping for Apple’s prize fighter of a smart phone to come to their networks.

Well it looks like the wait is going to finally be over. Bell and Telus are rumoured to have inked a deal with Apple regarding providing the iPhone. I haven’t heard any details on the types of plans that will be involved but I have heard that Internet speeds will be up to 21 mbps.

So for those of you that do have smartphones with Bell or Telus, this might be your chance to upgrade. If you were considering upgrading to a new smartphone, just wait a little longer and you can have a shiny new iPhone!

-RP

Another way to P2V NT

Hello again folks! This is an update to a previous blog post. So I was P2V’ing another Windows NT server the other day and I was able to get P2V to work with an older version of VMware converter.

VMware converter version 3.0.3 is the version I used and it installed into Windows NT just fine (reboot required). Then I was able to launch the application and connect to my ESXi server and launch the conversion of the physical machine.

This means I was able to do a hot clone of Windows NT 4. I hate working with NT boxes but at least we have an easy method to virtualize them. A lot of NT servers out there are on ailing hardware that is not on warranty so having a method to hot clone them is always a good thing!

-RP

Oversubscribing your Internet

Hi folks, I wanted to talk about your Internet bandwidth in your client networks! These days most people have either cable or DSL for their Internet access. It’s very rare that you see anyone with just dial-up access. Even wireless Internet services have become popular.

However, the one thing I see over and over again are people oversubscribing their Internet. I think what happens is that non IT people are used to the high speeds that cable and DSL provide at home, and instantly assume that will be good enough for their business. They get all hooked up and then as their business grows and more people join their company, things start to slow down. They don’t realize that the bandwidth on the line is shared amongst all their users.

This problem is now exacerbated because most people have smartphones that also get IP’s from the server via wireless connectivity and they also communicate out through the Internet. I have seen this cause numerous issues with customers and running out of licenses on their firewalls.

People need to analyze their Internet needs and average bandwidth usage and size the Internet pipe appropriately to their business. This doesn’t take much time and their are a lot of freely available tools you can use to help you figure these things out. If you aren’t comfortable doing this on your own, give a quick call to your local IT consulting company and in short order they should be able to help you out.

Don’t yell at your service provider for slow Internet, it might not be their fault.

-RP

Differences between Cisco ASA 5505 base and security plus versions

Hello folks! One of the common questions I’ve been getting as of late is what are the differences between all the models of Cisco ASA 5505 firewalls available. This question has been asked of me numerous times, and it’s actually quite easy.

Here are the differences between the base model and the security plus version

• 10000, instead of 25000 maximum firewall connections
• 10 instead of 25 site-to-site vpn tunnels
• 3 vlans total allowed, instead of 20 allowed
• No vlan trunking, vs trunking
• No high-availability vs stateless active/standby failover
• The security plus version allows for unlimited users on the LAN accessing the Internet through the ASA

If you need more SSL VPN licenses you would need to purchase that separately. Also if you want to use the ASDM gui to manage the device then you want to make sure you purchase the version with “K9” in the SKU, not “K8“.

-RP

IT Certification Standards for Testing

Hello again folks, time for another rant! This time it’s about certifications! Everyone who knows me knows that I am a big proponent of certifications combined with experience. Combined together I think they make for a great way to show an employer or a potential client your capabilities.

There’s nothing like being able to give a prospective client a nice client referral list with real world examples of projects you’ve done along with a list of your certifications. This gives the client confidence in the solutions you are proposing. Unfortunately a lot of people decide to take shortcuts and de-value the certifications we work for so hard. Well one of the ways we could curtail this is if we came up with set standards for certifications.

If we moved to a model of exam testing that was done only X amount of times a year across the world in accredited Universities, then we could guarantee less cheating and brain dumping because everyone would be writing the exams at the same time. Then every time a new exam time came, the exam would be different, just like real University. I’m not sure how well this would work, but I think it would go a long way to helping the industry out. It would help bring more value to our certs. Something to think about.

-RP