Wednesday, March 4, 2009

Re-engineering the Network—from the Ground, Up

This post is a continuation of my series of posts related to the network re-engineering project I've undertaken at work. A lot of work has already been done, but there is still a lot that has yet to be done. If you need to get a quality, professional network in place, but don’t want to spend the money (or don’t have the money) to buy the requisite hardware, eBay is a great place to shop. I found much of the hardware that we required at up to 50% off, or more, most of it brand new.

Here’s the hardware that was bought for this project:

  • 3 Dell Dimension 2400 Desktop Mid-Towers (2004)
  • 2 Dell Inspiron 700 Laptops (2004)
  • 2 Custom PC Towers with FoxConn motherboards (Intel 865A chipset) (2004)
  • 1 Dell PowerEdge 860 1U Rack-mount Server (2006)
  • 1 Dell Dimension E520 Desktop Mid-Tower (2007)
  • 1 25U 19in. server rack
  • 1 Dell PowerConnect 5324 1U Rack-mount 24-port Gigabit Managed Ethernet Switch
  • 1 Gruber 48-port CAT 6 Patch Panel
  • 1 3U Rack-mount APC Smart-UPS 3000R
  • 1 Dell 110T PowerVault LTO Backup Tape Drive
  • 1 1U Rack-mount Belkin 8-Port KVM
  • 1 TalkSwitch VoIP PBX Phone System and 12 IP phones of various models
  • 1 Hewlett-Packard AMD-based x64 SFF Desktop (2009)
  • 1 Hewlett-Packard 7650n ScanJet Color Network Scanner w/ ADF

All of the client computers have been upgraded such that the machines contain no less than 1.5GB of RAM (most of the machine’s video cards are so old that they preclude using the Windows Vista Aero user interface anyway, so we won’t need as much memory). The 64-bit machine, however, was upgraded to have 4GB of RAM, as well as the PowerEdge 860 server (since I only have the 32-bit version of Windows SBS 2003).

The software we’ll be implementing is as follows:

  • Microsoft Windows Small Business Server (SBS) 2003 R2 Premium, which includes:
    • Microsoft Windows Server 2003
    • Microsoft Exchange Server 2003
    • Internet Security and Acceleration (ISA) Server 2004
    • Windows SharePoint Services 2.0 (which we'll be upgrading to 3.0 SP1
    • Windows Software Update Services (WSUS) 2.0 (which we'll be ugrading to 3.0)
    • Microsoft SQL Server 2005, Workgroup Edition (we'll be upgrading to Standard Edition, courtesy of Microsoft Volume Licensing)
  • Microsoft Office 2007 Professional Plus
  • Microsoft Windows Vista Business/Enterprise (with SP1)
  • Microsoft Desktop Optimization Pack (MDOP, from which we'll be using:
    • Microsoft SoftGrid Application Virtualization
    • Advanced Group Policy Management (AGPM)
    • Microsoft System Center Desktop Error Monitoring
    • Asset Inventory Service
    • Diagnostics and Recovery Toolset
  • Trend Micro Worry Free Business Security
  • Symantec BackupExec 12.5 (soon to be Acronis, too many problems with Symantec, more on that later)
  • ACT! by Sage 2008
  • UPS WorldShip 2009
  • Possibly Adobe CreativeSuite4
There are probably some items I forgot about, but you get the gist.

Where We’ve Been, Where We Are

At this point, we have laid down a new cable plant consisting of CAT 5e cable. We ran two different sets of wires for each drop location, one for data, one for voice.

This was done for a number of reasons. One, VoIP is still not quite there. I can recall on numerous occasions getting a phone call at work from someone who was (most likely) overseas, trying to peddle some wares. The call was so broken up and choppy that I simply told the caller, "Your call is breaking up. Try calling me back on a real landline and we can talk," at which point, I hung up. I don’t have time to waste constantly telling someone to please repeat themselves when I’m probably not going to be interested to begin with. (Usually it’s people calling trying to get me to outsource our IT—for what? Ten client workstations? Please.) Two, after doing other research, I came to the conclusion that while VoIP has made great strides over the last 4 years, it’s not ready for prime time and I don’t want to trust that it’ll work ok over the same network over which data travels. What if someone is downloading a 600MB CD (which would probably be me)? Will the call be dropped, or broken and chopped up? We can’t afford to have that poor of a level of service for our customers since a majority of our business is still conducted over the phone. So, for all of those reasons, we will have VoIP traffic running over its own network, internally. Once the voice traffic leaves the premises, it’ll be traveling over the POTS.

I’m fortunate that our Clydesdale is still running and functioning. That means that I can mess around with the PowerEdge 860 all I want. I have installed and configured Windows SBS 2003 R2 Premium. Perhaps, in a later post, I’ll go through the configuration process. Right now, this is an "experimental" setup. Basically, because I’m installing and uninstalling software, I plan on reinstalling the server when I’m ready to go to production so it is a clean and error free system. But since I have the process pretty much down, this should only take a few hours.

I had only one desktop computer left which is not in production. I really needed another machine. Here’s the problem: Windows Vista cannot be completely managed from Windows Server 2003. Mostly, this has to do with GP administration and management. Luckily, we qualified for a new desktop computer through UPS's Customer Technology Program. So we acquired a Hewlett-Packard small form factor (SFF) desktop machine sporting an AMD 64-bit processor (dual core). So this is becoming my management workstation, for now, and the remaining client that is left will be the test production client whose configuration will be that of all desktops in the organization (less specific drivers for each of the different machines we'll have in use).

Where We’re Going

My company is small, but that doesn’t mean that it can’t benefit from automation, especially when it comes to IT. So I have set the following goals:

  • An Active Directory-based domain
  • An internal e-mail server (Exchange Server 2003). Our ISP e-mail is showing its inadequacies.
  • Central Management and Administration
    • Group Policy
    • Application Virtualization
  • Implementation of a Secure, Managed Desktop
  • A lightweight helpdesk system (included with SharePoint Services)
  • Implementation of VPN access (if needed) and/or remote access via Terminal Services, mainly for remote administration

I feel these goals will accomplish a few things for me. I won’t always need to be in my office in order to work. This is important since I am currently only working part time while attending Kutztown University. The users can expect a consistent desktop experience. I can expect a consistent desktop experience—this means I know exactly what’s installed on the desktop, what the security topology is, and therefore, I know better how to diagnose and repair problems when they arrive.

Next Steps

I’ve been using the Microsoft Deployment Toolkit (MDT) 2008 to develop the deployment process. It’s been working quite well. Unfortunately, the documentation is geared more toward large corporate users (even though they say even small corporations will find the tool useful). The toolkit is useful, just there’s not much help. And when you first begin to use it, it’s quite overwhelming. However, over the last few weeks, I’ve really learned the ins and outs of this toolkit, some of which I’ll be sharing over the next few posts. So keep checking back for information on using the MDT 2008.

Tuesday, March 3, 2009

The State of My Company's Network Infrastruture

Ok, so I can’t blame my company for the state of their network. We are a very small company with limited resources. But, our network is getting ridiculously old. Let’s give a quick rundown of what this network is like.

  • A Compaq Proliant 5000 series server with:
    • 4 x 200 MHz, 256KB Cache, PentiumPro processors
    • 256MB ECC, Registered, Bufferd SD-RAM
  • CAT 3 cable plant
  • Microsoft Windows® 2000 Professional clients (one is still running Windows 98®!)
  • Microsoft Office 2000/2003
  • Trend Micro OfficeScan, Corporate Edition antivirus software
  • 8-port 10Mbit Hub
  • 4-port LinkSys Cable/DSL Router (one of the old ones)
  • 4-port LinkSys WRT54G Wireless Cable/DSL Router
That about sums it up. So this is a pretty old setup. But hey, it was pieced together from about 1992 until about 1999. We only recently (about two years ago) "upgraded" to Windows 2000 on the desktops. For some reason, Windows XP is not liked. I think it’s because it looks radically different from Windows NT/2000. But no matter the case, it’s a moot point now.

A Bit of Momentum

Well, we bought 5 new machines a few years back. I was trying to automate the installation of the client desktops, but it’s so difficult with Windows 2000 (without having Microsoft® SMS, which is too much for our size company anyway). Since it's nearly impossible to completely automate Windows 2000 (from the installation to client applications) without something like Microsoft® SMS, I didn’t get very far before the older client machines started dying, one by one. Eventually, all but one of the new machines were put into production loaded with Windows 2000 Professional (manually).

Now, as you can imagine, this has caused lots of problems:

  1. Each system’s operating system configuration is slightly different (thankfully, the hardware is all the same)
  2. The machine is locked down with Local GPOs since we do not have a Windows 2000 Server Active Directory domain.
    1. The disadvantage here is that even local administrators have the GPO applied to their account, locking me out of the system (unless I undo the GPO while I work on the machine and then put it back on).
  3. As alluded to above, there is no real central administration and management of the workstations, making my job 10 times harder.
  4. I no longer have enough computers to have a good test network for the new infrastructure being planned (more on this later).

As for our Compaq Proliant server, we call it the Clydesdale. It’s a big old horse that just keeps going and going, even though it’s battered, bruised, and broken. It’s quite a worrisome thing, actually. Recently, we had to invest in some new (well, not new, but procured from eBay) fans since most of the fans on the server are shot. If the server loses power, sometimes it doesn’t start back up because of a missing (read, not working) fan. Next time it goes down, some new fans are going in that sucker. With those spare parts in hand, we’ll be ok until the migration is complete.

So it’s obvious that that server has got to go, and so it will. About three years ago this coming October, we bought a new Dell PowerEdge 860 server.

The Tipping Point

So the last critical client machine died and I replaced it with one of the new boxes with Windows 2000 Professional. No more than two months later, one of the executives says, "I'd like to run the new version of ACT!" Not only on his desktop, but also on the inside sales desktops. I thought, no problem. So I did my research. Turns out, after getting most everyone upgraded to Windows 2000, the latest version of ACT! does not run on Windows 2000. It requires at least Windows XP. And by this time (late 2007), Windows XP was going to be no longer supported by Microsoft® in 2009. This was the tipping point.

Up until this time, software was acquired as needed, paying full retail price (or finding legal copies on eBay or at computer shows). After doing some math, I proposed that now is the time we go all in. I learned that you have to play by their rules, or you end up losing big time.

A Philosophical Break

I prefer Microsoft® products. I don’t love Microsoft®—I’ve had my share of headaches when it comes to their products. But by and large, they work well. However, I don’t dislike Linux. I think it’s a great and viable OS, just not right for our company. I believe in using the right tool for the right job, and evaluate these criteria on a case-by-case basis.

There are studies that show that even with licensing costs, Microsoft® software has a lower TCO than Linux (because of having to find someone with the technical acumen to administrate it, and despite claims to the contrary, at some point in time, it will need administration and management). But more importantly, we have software in use that can only run on Microsoft® platforms that is critical to our business.

Not to belabor the point, but if you have the technical expertise and the system does what you need it to do, who can argue with free software? So I am not against Linux, it’s just not right for us in this instance.

Back to the Story

So after evaluating our options (Linux included), I decided it was best if we entered into a Volume License agreement with Microsoft®. A new project was born. More on that in my next post.

A Little More About Me

If you read my first post, you know that I am currently a student at Kutztown University. I have been fortunate in that my schedule has allowed me to take a full course load while still working two full days a week.

My Professional Life

First, I need to start with the legal stuff. Please read my disclaimer, to which a link can be found at the bottom of this blog in the footer. To summarize for purposes of this post, anything I write here are my own views and opinions and do not reflect the views and opinions of my employer. Again, click the link to read my whole disclaimer. It's sad—the state of this world, that we can't even do anything without having to cover our butts—but I digress.

Now that that’s out of the way, let’s get started. I work for a small manufacturer of temperature sensors used for industrial process control. The company was founded in 1985 and produces thermocouples and Resistor Temperature Devices (RTDs). Perhaps in another post I’ll explain all about thermocouples and RTDs and how they work.

Suffice it to say, the company was started well before the Internet that we know today became popular, even before computer networking became what it is today. Computers were at use since the very beginning. But, throughout the early and mid-1990’s, the computing infrastructure grew and eventually became networked.

In 1994, Microsoft® Windows NT 4.0 was released, and this is the network operating system still in use today. As you might have guessed, my company has no need to be on the bleeding edge of technology. Having said that, this network is quite old and no longer suits our purposes. That’s where I come in.

My Role

Since my company is a small company, I wear many hats, and not all of them have to deal with IT. I’ve served in the following roles at one time or another (sometimes all at the same time) over the last 5 years:

  • Inventory Control
  • Shipping/Receiving
  • Production Manager
  • Purchasing
  • Information Technology

So I’ve been quite busy. These days, however, my focus has been squarely on IT.

I am basically the CTO and/or CIO, but I settle for the title IT Manager. I am responsible for anything that has something to do with computers. That means that I maintain the website (I did not create it, but I maintain it since I don’t have time to redesign it—which it sorely needs.), maintain the network, and write software when it is needed. I am also the in-house desktop publisher. So as you can see, I have a lot on my plate.

Looking Ahead…

So looking ahead, I will be writing about exactly what’s going on with our network infrastructure. I will be making periodic posts on my progress. I won’t only blog about work, however, but until at least June or July, expect a lot of my posts to center around that. Besides, I will have some valuable information to share with others—I promise. So for the sake of trying to keep these posts somewhat short, I’ll be ending this one. The next one will give more information on the network re-engineering effort. Until then, so long.

Monday, March 2, 2009

Biting the Bullet

Why I'm starting a blog

I've finally bitten the bullet. Unlike many people, I don't belong to any social networking sites, and until now, I haven't blogged. I never got into MySpace, or Facebook, or any of the others that are out there simply because I don't have time. By the time I got around to thinking about social networking, it has become quite obvious how dangerous social networking can be: from you yourself posting inappropriate content, to your "friends" doing that for you. Many employers now look for you on social networking sites trying to gain a glimpse of who you really are. No thanks. I've got nothing to hide, but I don't want a reason to have something to hide either. Blogging has been around for quite a few years as well. Blogging could be almost as dangerous with all the comment spam, not to mention flippantly posting something that you might otherwis think better of later. But, comment spam can be controlled by not allowing comments (but then, what's the point of blogging?). As for inadvertantly (or regretfully) posting something? Well,you could delete the entry (as long as its whithin a few hours). But the better advice is to simply think before you post. So with that in mind, I've started tihs blog.

I'm so busy, however, that I never have time just to sit down and write for my own desire, let alone anyone else's reading pleasure, which is another reason I never really started a blog prior to now. Not that I have any more time now than I did before, but if you never make the time, you never will. Having said that, blogging is an important endeavor. It enables me to allow my voice to be heard by anyone who wishes to listen. I hope that even if you don't agree with everything I write, you will at least approach what I write with an open mind. I'm willing to listen to other perspectives as well. And if I'm wrong, please be gracious and let me know, as I love to learn as opposed to stumble in ignorance.

But, more importantly, my blog will act simply as an information repository. In today's world where we are constantly bombarded by information, it is becoming increasingly more difficult to remember all those snippets of interesting things I read or hear about without writing them down somewhere. So this blog is as much (if not more so) for my benefit as it is for anyone else's—to help me remember those things I would otherwise forget. If anyone finds some useful information in what I have to write, that's great! I'm glad I could help.

Why is your blog called Discovering Code?

This blog will not have one central topic or theme. This is a blog about discovery, and then trying to remember those things I have discovered. Not everything I blog about will necessarily be related to programming, though much of it will be, as that is my passion. My interests are wide and varying, however—from software engineering to computer engineering, to new hardware arriving on the scene, as well as topics related to science in general. I'm an avid Popular Science reader. In short, there may be many things of interest here to many different readers.

What can you expect from me?

While I would like to say, "Check back often for my latest entries," I can't guarantee how often I will actually post articles on my blog. So please, do check back, but don't expect something new everyday or even every week. I would like to at least write something here once a month.

Who are you anyway?

That's a very good question, and I'm glad you asked. I am currently a student at Kutztown University, enrolled in the Computer Science Software Engineering program. The goal is to (finally) complete my Bachelor's Degree with a Minor in Mathematics, and then continue on to obtain my Master's Degree. My favorite programming language is C#. I have an interest in extending my knowledge in the arena of ASP.NET. Another interest I have, related to programming, is that of compiler theory and construction as well as computer engineering and operating system design (Kutztown University does not have a computer engineering program). I also have a keen interest in most sciences, especially astrophysics, astronomy, and chemistry.

Anyway, that's a little about me and why I'm starting this blog. Like I said, please check back from time-to-time, hopefully I will have posted something useful, if not interesting at the very least.