Jun 18 2008 7:25PM GMT
Posted by: Troy Tate
Powershell,
administration,
howto,
DataCenter,
DataManagement,
Development,
Exchange,
Microsoft Windows,
Microsoft,
troubleshooting,
Networking,
Security,
policy enforcement,
reporting,
tools
Microsoft has some great virtual labs which can give an administrator some quick education over a lunch hour or a short period of time. One of these virtual labs is the 10 Cool Powershell Scripts lab. If you have not started with Powershell, then this may help you get moving in the same direction that Microsoft is moving… back to the command line!
Enjoy & keep your skills fresh.
Jun 17 2008 2:28PM GMT
Posted by: Troy Tate
Network Admission Control,
Exchange 2007,
Outlook Web Access,
OWA,
Security,
certificate authority,
digital signatures,
Thawte,
Verisign
We are currently going through design and implementation of an Exchange 2007 environment in my organization. Our current e-mail architecture is varied and does not have any version of mail services newer than 6 years old. So, we are learning a lot about Exchange and how it can fit our environment of over 2,200 users globally.
Part of our requirements includes providing access to downlevel clients (Windows 2000 and below) as well as access to remote users. This will be easily accomplished through Outlook Web Access (OWA). As you know, OWA login is usually done on a page with an https or secure sockets layer (SSL) address. The SSL encryption is provided by a certificate hosted on that server. The certificate can be self-signed by the server, signed by an authorized certificate authority (CA) in the organization or by a trusted third-party provider like Verisign or Thawte.
If the certificate is self-signed by the server or by an organizational CA, then somehow the clients need to know about the trusted root or they need to accept the warning that the browser gives when they login to the website. You want the users to understand what trust means or take the question out all together. I vote for the latter. Remove doubt that the certificate is from a trusted source.
For the external OWA connections, we are purchasing certificates from a recognized third-party. I have gone through several iterations of getting certificates though since this is my first time getting these for an Exchange environment. There is a particular “flavor” of certificate known as a subject alternative name (SAN) or unified communications certificate. A great article on this can be found here. (Take note of the root website here. It is one of the best and most readable Exchange resources you will find since it comes from the Microsoft Exchange product team.)
So, I am now in the process of getting these SAN certificates and will be implementing them this week so the errors will go away when users login to these portals since they know and trust the root certificate authority.
The next challenge is to address this same issue on internal private OWA servers. We will be implementing a two-tier enterprise CA architecture using an offline root and a single enterprise CA. We will be publishing this through Active Directory so the clients recognize this as an internal trusted root. We are then positioned to use this CA for other uses: digital signatures, S/MIME, 802.1x, device authentication and other uses.
As you can tell, this has been a lot of education and work for my company. We have had some help in these efforts since this is entirely new to us and we have to implement it successfully the first time. I will let you know how things go.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Jun 17 2008 2:05PM GMT
Posted by: Troy Tate
administration,
awareness,
howto,
CIO,
Database,
DataCenter,
DataManagement,
Development,
Exchange,
Linux,
Microsoft Windows,
Mobile,
Networking,
IT education,
LAN,
network analysis,
WAN,
Oracle,
SAP,
Security,
SQL Server,
Storage,
Virtualization,
metrics,
Performance,
research,
web,
website
Check out this digital online library for IT professionals. Bet you can’t read just one!
Thanks for your time. Let’s be good network citizens together & practice safe networking!
May 13 2008 4:06PM GMT
Posted by: Troy Tate
howto,
CIO,
DataCenter,
DataManagement,
email,
Microsoft Windows,
Networking,
LAN,
WAN,
Security,
antivirus,
malware,
Monitoring,
anti-virus,
metrics,
reporting,
research,
tools
An acquisition or merger is not a frequent event for my organization. However, it seems like in the past year or so we have worked on a number of these activities. So, it seems like it may be time to create a formalized checklist for the IT department items that need to be addressed during an acquisition.
To get the ball rolling, I am listing some items that I consider to be important to the infrastructure/security folks like me. I know this list is not exhaustive or complete. It is a work in progress and will need to be refined for each event since they are all different. Some of these may be done in the due-diligence but the rubber hits the road during the implementation.
So, without further ado:
Absorbing a new acquisition - to do list (general & incomplete)
- Private WAN connectivity - 30-90 days or more lead time depending on location
- flexible IP addressing scheme to absorb devices on new network(s)
- Internet firewall changes - ports, source addresses, NAT, etc.
- DNS ownership and management
- changing DNS nameservers - use a dig tool to get information concerning current configuration - MenAndMice
- Network hygiene - how clean are the devices and what personnel habits need to be changed?
- Device inventory - what effort will it take to do this?
- Software licensing inventory
- What about handling loss of staff & knowledge?
- Documentation of processes, procedures, configurations?
- Phone list sharing
- E-mail addressbook sharing
- E-mail system integration
- ERP process integration
- Resource access permissions
- Financial reporting integration - accounts payable, receivable, tax, etc.
- Staff reporting structure
- Other HR activities - benefits, payroll, etc.
I welcome your insight and experience on the many other activities you feel is important to address during a merger/acquisition.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Apr 10 2008 6:39PM GMT
Posted by: Troy Tate
anti-virus,
blogging,
online identity,
spam,
Security,
antivirus,
malware,
Monitoring,
email
McAfee, Inc. Launches Global S.P.A.M. Experiment
Fifty Volunteers around the World Say ‘Yes’ to a Diet of Spam for 30 Days - Started April 1, 2008
McAfee, Inc. announced the launch of its global S.P.A.M. (Spammed Persistently All Month) Experiment. For the month of April, 50 participants from around the world - ranging from homemakers, government executives, and students to retirees - will surf the Web, make online purchases and register for promotions. Participants have been provided with a clean laptop without spam protection and a new email address. Beginning today, they will blog about their experiences daily at this website.
S.P.A.M. Experiment participants are from ten countries spanning the globe, including Australia, Brazil, France, Germany, Italy, Mexico, the Netherlands, Spain, the United Kingdom and the United States.
Let’s be good network citizens together & practice safe networking!
