Modern Network Architecture

October 29, 2012  5:17 PM

Windows 8 Metro UI vs Desktop Mode

James Murray James Murray Profile: James Murray
Network architecture

I’ve been using windows 8 for the last couple months.  Instead of putting it on a tablet I loaded the new software on an old laptop and this adds to the learning curve.   Windows 8 is obviously meant for a touch screen computer, not necessarily an old laptop.  Yet it is giving me part of the experience. Continued »

October 29, 2012  5:16 PM

Windows 8 Command Line

James Murray James Murray Profile: James Murray

I’ve been using windows 8 for the last couple months.  As a Seattle IT Consultant I’ve been trying to get some early time on the software before all my clients are using it.  Windows 8 is obviously meant for a touch screen computer, not necessarily an old laptop.  The last 21 plus years I’ve been using Microsoft systems.  Continued »

October 8, 2012  1:54 PM

Marketing in the Information age… a look back

James Murray James Murray Profile: James Murray

I was reading a blog recently called Channels com but never seem to go by Mitch Lieberman.  I’m not sure if I took the same message as the writer meant me to take, but if you are like me, it’s frustrating as a Seattle IT consultant to have business experts just drop everything in my lap.  Continued »

October 8, 2012  12:57 PM

Knowledge Management for Incident Managers

James Murray James Murray Profile: James Murray

Working as a Seattle business consultant specializing in technology I tend to be on the lookout new solutions for my clients.  I came across an interesting solution for among other things, Incident and problem managment.  Kana is an interesting if you are a Modern Network Architect.  Continued »

October 7, 2012  9:43 PM

Innovation Failure…

James Murray James Murray Profile: James Murray

As a Seattle IT Consultant I am called by new business startups, small businesses and businesses that have just seemed to stop growing.  Each business owner asking, Continued »

September 30, 2012  10:31 AM

Business consulting question: What is your core business?

James Murray James Murray Profile: James Murray

I work as a Seattle IT Consultant with lots of small business owners and I am asking this question. What is your core business? One of the problems I’ve noticed with business owners Continued »

September 29, 2012  3:58 PM

IT Cost Centers

James Murray James Murray Profile: James Murray

I’ve been speaking in front of several groups in the Seattle area recently discussing the cloud.  The concept of just what is IT.  As a Seattle IT Consultant I spend time Continued »

September 29, 2012  3:17 PM

DNS IT changes to 365

James Murray James Murray Profile: James Murray

So if you are like 5 million other companies you are using Microsoft 365.  As a Seattle IT Consultant, I became a partner back when BPOS was the only option for commercial Microsoft hosted email.  When I became a partner, I got my own account and the email has always worked well.  Then Microsoft moved my systems to 365 and I’ve spent the last year trying to get things working right.  I have to admit that after 20 years of IT, the idea of working this problem out with Microsoft has not attractive.  I’d rather go to the dentist than spend hours on a help desk line.  I think this comes from the early days of computing when a 6 hour wait time was considered good.  (When I worked on PeopleSoft, they had a 48 hour wait before they were required to follow-up on a problem)

So I was on the help desk with Microsoft and I found out that my DNS setting were not the recommended settings.  The technician also warned that the DNS settings would need to be changed soon or some features would no longer work.  He showed me how to test my DNS settings.  I thought I’d share what I learned.

Testing DNS Settings

To test your DNS settings logon to your admin portal as administrator.  Under the Admin section of the portal, go to domains.  In the domains section you should be able to test your DNS.  Under a button for testing DNS you will be able to test your DNS settings.  If there is a problem, a report will show up with a list of errors.

I’ve found that with companies that have been migrated from BPOS to 365, that there may be some errors on the default DNS settings with your original hosting provider.  I’ve included a more detailed list of steps on my info site.  Check it out to verify if your settings are correct.

September 17, 2012  8:42 PM

ITC/UC and future opportunities

James Murray James Murray Profile: James Murray

What is ITC

As a Seattle IT Consultant I worked closely with IT as it changed the modern workplace. Information Technology (IT) refers to the supporting technology for data over IP traffic.  As voice moved to data and became VoIP (voice over IP (internet protocol)) Continued »

September 9, 2012  2:09 PM

Modern Network Architecture – Forest or Tree(s)

James Murray James Murray Profile: James Murray

As a Seattle IT Consultant I have often found myself teaching technology classes for private businesses and for local colleges.  When I first started in Technology the concept of a Windows security boundary was very different.  Windows used the concept of a workgroup.  This was a distributed security model.  With Windows NT the idea of a centralized security model based on Windows domains.  The security in the future became a little confused because a lot of the distributed security thinking was integrated with the centralized model Windows was using.  I think it’s interesting that to really understand Microsoft security it helps to understand the similarities and differences between the way the early thinking about networks, DNS and TCP/IP.

NT 4.0 was a huge step in maturity when compared with Windows for Workgroups.  For small companies NT 4.0 was perfect.  Yet it didn’t take long for a small company to become a medium size company and then a large company.  Large and enterprise companies struggled with NT from the beginning.  This was because of the SAM.  The SAM (Security Account Manager) is a file that describes the security properties of the entire NT 4.0 domain.  This included access the security access to printers, servers, data and more on the network.  As the network grew, the SAM file grew.  This SAM file would eventually grow so bit and unwieldy that network speeds slowed.  Access to every object required a review of the SAM that slowed everything down.  The temporary fix was to create a new NT 4.0 domain and put have the objects in one versus another.  Two domains grew into 4 domains, then 8 domains and so on.  For a company like Boeing, the system was a nightmare of overhead.

Windows 2000 introduced the concept of a forest.  In Windows 2000, the domain was the security boundary still, but the forest used Kerberos to manage the security between the domains.  By Windows 2008, the forest was the security boundary.  Domains in NT were impossible to divide.  So in 2000, organizational units were created to divide up the domain.  When the security boundary was redefined as the forest rather than the domain, the domain became the delineator of the security boundary.

When I would teach the concept of a forest the question would always come up.  What is tree vs. What is a forest?  The problem in answering this question is well it really depends on the context the question is being asked.  Let’s assume though that we are talking about Windows 2008.  If we do then we can answer this question using the Microsoft definitions.

A tree is defined by a namespace.  Think of a namespace in the same way you would think of a DNS names space.  So the names space, or would be a name space.  All names spaces that started with, like and would be still part of the same names space as  So therefore would be part of the same tree.  These are also called contiguous names spaces because all these names spaces share the names space 

Now what if the company had two non-contiguous name spaces.  So lets say in addition to, the company also had a namespace called  This non-contiguous names space would be a second tree. and would be separate subdomains associated only with and would have nothing to do with the name space or sub domains. 

Now the simplest way to think about a forest is as a container for trees.  In other words the forest is a collection of trees.  Trees are a collection of domains.  Domains are a collection of Organizational Units.  The forest is the ultimate root for all security for the entire structure.  Network objects (users, computers, files, printers, etc.) are placed in the various locations within the tree structure based on the security requirements of the organization.

In our example we see:

Forest: <insert Your Company Name>

Tree 1:

Sub Trees:,

Tree 2:

Sub Trees:,

One of the questions I’m asked, then, is if there is only one tree in the forest is it still a forest or is it a tree?  I think at this point we have to ask another question.  What are we really describing?  We are describing a database structure using non-database language.  A database is made up of file, records, fields and field descriptions.  The tree infrastructure description is actually a metaphor that helps us understand the data structure, without becoming database experts.  So the question is interesting but unimportant.  Yet I’ll ask you, if you see a tree standing out alone in the desert, is it just a tree or is it also a forest?

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: