Bill's Technology Blog

This evening I went to the Triangle Novell Users' Group meeting, which for a change was held at Inflow's Data Center in RTP instead of our usual meeting place at Alphanumeric Systems Inc.'s headquarters.

Inflow provides colocation and managed services, server space and engineering to support those servers, data backup services, hosting and business continuity. Currently they do not provide Novell services yet, but are planning to in the near future.

They have had multiple redundant SONET OC3s coming into the building. They have been in this location since 1999. They have 14 data centers in "Tier 2" cities.

Servers are now smaller and produce a LOT more heat than they did a few years ago. They are adding more HVAC capacity to their facilities. IBM "Blade Centers" use an amazing amount of power. A lot of buildings don't have the power capabilities to handle these kinds of machines.

Offers predefined and custom SLAs.

After the presentation we got an extensive tour of the data center.
Comments []

I attended the monthly Triangle Linux Users' Group meeting on 10/14/04, at which Aaron Joyner gave a presentation entitled "DNS: How it works. Why it works. How you can work with it."

My notes from this meeting are as follows:

Introductory overview of DNS...

DNS Server Software:
BIND
DJBDNS
MS DNS Server

History of the servers:
BIND, originally written at UCB, funded by ARPS through v. 4.8.3
Picked up by DEC (now Compaq)
After 4.9.1 picket up by Paul Vixie and Bob Halley
v.8 was released in 1997
Current version is 9.12
If anything older than BIND 9 is used, upgrade is recommended

History of DJBDNS
written by Dan Bernstein, author of qmail
Written because Dan was unhappy with the status quo
Considered by some to be easier to config

History of MS-DNS
Has a somewhat bad rep, but runs largely on DynDNS

DNS Client/Tools
Resolver Library
(nslookup): about to go away
host: preferred alternative to nslookup for simple queries
dig: if you want to know it all. Very verbose. Originally a debugging tool. Output is config file.

host
command outputs name or IP addy

dig
does recursion
very recursive

Recursive DNS query
All queries start with a cache (sometimes ".") The "." is called the DNS root. The root can be a security concern.
The hints file contains all of the names and addresses of root servers.
DNS queries proceed right to left through the name.
The pattern can be followed with dig using the +norec option, which forces you to walk step by step.

The domain example.com is reserved by IANA to be used for example purposes only.

DNS is usually sent out over UDP. If you have a DNS server, it should really be on a high bandwidth connection. If there is a bottleneck in your WAN, using a local caching server is a really good idea, although it is not the answer to everything.

Alternate Record Types:
MX records
mail exchange. If there is no MX record, the query will talk to the A record. How well it works depends on the mail server type used. Unlike most record types, MX records have a priority assigned to them. An MX record should not point to an address or a CNAME but rather to a host name (A record)
PTR records
pointer record. What you get when you ask for an inverse query. Getting increasingly important to have these right, for example if you are sending mail to AOL since they do reverse lookups to see if DNS record is right to help in the fight against spam.
CNAME
canonical name. It is a reference. For example if www and ftp uses the same record, ftp can be associated with a CNAME.
SRV records
server record.


How to set up a domain in BIND
/etc/named.conf - all the major options, such as the hints file, are located here
/var/named
/var/named/domain.zone
Various locations for config files, varies by distro

type hint contains the cache of all of the root servers.

rndc

rndc reload: common way to reload a server, however it throws away the cache
rndc reconfig: great way to reload the information in name/conf
rndc reload - won't throw away the cache


Views
Allows you to define different "views" of the DNS, based on IP/Subnet matching
Extremely simple

Dynamic DNS
documentation on the web. Look it up there, since we're out of time here.


For the presentation Aaron used his Bluetooth phone to control his slides on the projector. A few jokers in the audience tried to throw him off-balance by sending heckles via SMS to his phone during the presentation.

# posted by Bill Geschwind @ 1:08 AM

Comments []

The annual Carolina Technology Consultants Retreat was held on 10/14/04 in Murphy Hall on UNC's campus.

The Keynote Speaker was Dan Reed, the new Chief Information Officer of UNC. My notes from his speech are as follows:

IT: An Intellectual Lever

IT has become an intellectual lever for human endeavor
It's intended to be an intelligence amplifier
Most successful when invisible

Presentation outline:
Lessons from experience
Consilience examples
Technology enablers
Sociological lessons
ITS reorganization

Information consumes the attention of its recipients.

"Crackberry"

ITS Organizational Change

Principles:
customer focused
opportunity and need driven
nimble, adaptive practices and structures
open to engagement and possibilities

Implications:
organizational flexibility
rapid restructuring
strategic planning and response
empowering and valuing people


CIO's office:
Integrated financial management/budgets
Personnel and human resources
Public relations and communications
Campus and State coordination
Security and regulatory compliance
Strategic planning


Deputy CIO Search Status:
finalists selected; campus interviews are now being scheduled


Four high level components:
Deputy CIO/Associate Vice Chancellor
Associate Vice Chancellor for Planning/Special Projects
area advisory committees
Assistant Vice Chancellor

All slides are on ITS web site (under Dan Reid's homepage) here for example

Our campus is 3-5 years behind the state of the art


Next, of the two morning breakout sessions, I attended the presentation on Wireless Connectivity, which was presented by Chris Colomb, Todd Meath, Mark Ingram, David Rankin

Mark Ingram from Development Office started with a presentation on Blackberries

Uses Exchange and for a few years has had a Blackberry Enterprise server. Integrates with calendar. Blackberry synchs with Blackberry Desktop Manager. For future wants Advise interface for Blackberry. Enterprise server provides encryption and security. Integrates easily with Exchange. Device can be disabled from the management console if it is ever lost (left in a cab, etc.). Ease of use makes it best choice for his department. Wants to see a broader, campus-wide deployment of Blackberry Enterprise Server so he won't need to run his own email server.

Uses Virtual Office in NetWare 6.5. Can do file sharing. File sharing added to Intranet. Demoed Virtual Office. Ties in with Net Storage. This allows distributed access to avoid need for large email attachments. Touts ease of use. No need for VPN client.

According to Chris Colomb the Outlook Connector is a rapidly evolving application and new versions are put up on Shareware frequently. Current version is barely three weeks old.

Mark has several remote users who can get in just fine through an ISP and a VPN and can synch their Blackberries.

Todd Meath

Talked about Push-Pull data with Palm Pilots in Family Medicine. For Push still uses Avantgo, Epocrates drug database, and Campus Calendar. For Pull uses IR beaming. And uses Pendragon for Interactive data. Avantgo.com is still a free service. It's used to retrieve HTML data from any web server. Uses it for both static and highly dynamic data. Uses it to replace several printed documents. Cost savings for printing and lamination of pager numbers alone was $1200 annually. Printing savings of $9000 since 1999. Uses selected calendars from Campus calendar server. Uses groups, resources and other users. Enabled via web access to Campus calendar. Under Security set "Allow Global Agenda Viewing". All Entries must be set to Access=Public. "Email Agenda to a friend" creates an URL that is used to create an Avantgo Channel. It's not an active synchronization.

Uses IR Beaming to pull in speaker notes, presentations, applications, handouts, etc. Uses "Documents to Go" as reader/editor.

For future wants to see synching independent of PC.

Pendragon Internet Forms. It's web based; uses it to easily create and edit forms. It's Pull controlled. Easy to create interactive forms, no coding required. Can be synchronized via PC, IR, 802.11, cell modem. Data is encrypted and inserted into database. Uses a large scale version of the software. Pricey - $5000 (with educational discount). There is also a small scale version for a dedicated, standalone PC which costs $400.
Trouble spots: understanding the methods are available for device/needs. Understanding what "wireless" means: cellular, infrastructure (802.11), Bluetooth, IR. Understanding the limitations. Not all applications support non PC based Sync methods. Applications must be synched sequentially; can't synch all applications in a batch methods. Conduits installed onto Users' systems work well in supported environments. Outcomes diminished as user involvement increased. To solve this, IR is an inexpensive solution: removes standalone PC from the synching equation.


David Rankin was up next with a presentation about handheld computer security.
Presentation is a brief summary of findings on research he did this summer.
The facts: Use of handheld computers (PDAs) is increasing. Useful software on PDA platform increasingly available. PDAs are much more powerful - more memory, more storage, wireless communications.
The challenge: No organizational policies on support of PDAs. No organizations policies on PDA security. Unchecked and unsupported PDAs can be a security problem. A mobile threat vector; can easily bypass perimeter security defenses.
PDA vulnerabilities: Loss of PDA, Virus infection and transmission. Unencrypted corporate/university data. Unsecured wireless technologies. Physical loss of device is #1 security risk. Hardware is trivial, however data on it can be priceless. Research shows that 40% of lost PDAs are lost in taxicabs!! 20% are left in restaurants. Viruses are #2 threat. Majority of PDAs now run a slimmed down version of Microsoft software. Pocket Word & Excel are vulnerable to the same macro viruses as desktop versions of the software.
So, what's on a lost PDA? 85% meeting notes, 80% business names, addresses & email addresses 32% Organizational email and attachments 33% PIN numbers and passwords. ALL UNENCRYPTED!
What can YOU do about it? Establish support, management and security policies. Control PDA purchases. Control loss of PDAs, Password protection.(require a power on password as a minimum. If possible, incorporate biometrics. Include a routine to delete content after certain amount, for example 15, unsuccessful login attempts). Encrypt PDA data (include not only for integrated memory but also removable storage cards). Anti-virus software.
What more can you do? VPN for wireless communication, etc.
See here for more information.

Next up was Chris Colomb who gave a talk on devices supported. Does not want to enforce proprietary device. Supports standards. Life of wireless devices is usually shorter than even laptops and other devices. Phones are getting smarter. PDAs as they are now may not be around much longer. Mentioned Cingular Express mail pilot program. Currently only available for Treo 600. Future is here today with the CWI program. Mentioned calendar synchronization program, after which wireless capabilities already in student calendar will be available for faculty/staff calendar as well.

Palm encryption software: Teal Lock, Splash ID, PDA Defense.



After lunch I attended the breakout session about Teleworking, which was moderated by Ken Yow and featured several panelists. My notes from this session are as follows:

Teleworking training: Carol Vandenboom, Training Coordinator, Enterprise Applications

Teleworking Training Plan:
Pre-training activities
Introduction memos with links to websites, policy draft, FAQ, etc. to present information about what teleworking is and how it works/what works and what doesn't
Actual training

Teleworker's Curriculum
Understand policies and guidelines
Explore communications
Plan workloads & schedules
Address telework issues
distractions, such as children, family that makes noise with TV, chatty neighbors, etc.
Career opportunities: "outta sight outta mind"
what if you hate it?
insurance, taxes, who pays for what?
Plan for success

Manager's Curriculum
Create a concerns list
Manage teleworkers
Manage workloads
how to supervise work and productivity
Explore communication
Build a telework team
How to schedule and plan meetings. What about impromptu meetings?
Address telework issues
Plan for success

Combined Group Curriculum
Answer questions concerning the Telework Policy - Lisa Lipscomb
Identify HR Deliverables - Lisa
Discuss security issues - Andrew Lee
Review the concerns list

Non-Teleworking curriculum
Create a concerns list
Jealousy?
Explore communication
Plan for success
Post training
Teleworking tips for managers & teleworkers
Teleworking websites
Teleworking articles


Manager's Perspective, presented by Ken Yow, Manager, ITS On-Site Support, User Services and Engagement (USE)

There is a written telework policy!

Positives:
improvement in morale (no-cost benefit)
seemingly getting 8+ hours per day
Happy employees work harder
Flexible hours no set work schedule
Varies by manager
No problems, so far, with deadlines being methods
Truly using results oriented evaluation techniques (it's done on time or it's not)

The managers need to get comfortable with the concept of telework before it will happen. The managers won't be able to get to 'watch' the employee.

Negatives:
Scheduling meetings can be difficult
Getting full picture of problems can become difficult


Teleworker's Perspective
Sharon P. Glover, Systems Accountant, Enterprise Applications, Coesus Team

Office setup
Space. Do you have space? Is it converted to office use?
Equipment? Bring machine from office or use own? Tech Support?
Completed off-campus use agreement
Family Impact
Family needs to understand that work time is work time and shouldn't be interrupted
Encountered more problems with in-laws than immediate family. Treated her as 'errand runner,' so had to set boundaries and learn how to say "No" to family and in-laws.
Communication
Had seven team members, 6 of whom telework. Decided that all come in to office on Wednesdays to take care of meetings and other stuff that requires physical interaction.
Used same phone greeting as in the office so that teleworking appears transparent to customers
Organizing for Productivity
Organize tasks that require uninterrupted concentration to do at home and tasks that require interaction or don't require so much focus for office day
Efficient Use of Resources


Telework Statistics
presented by Ken Yow

Total number of original participants: 61
Current number of teleworkers - about 30 (based on ISP reimbursements; may be a bit higher)
Number that started after the original group - 4
Average% of hours per week teleworked - 30%



The final session of the day was a presentation about spam management, and it too featured several panelists.

Doug Douillard: Dental School

Using GFI Spam management on top of Exchange 2003
Uses blacklisting, whitelisting, keyword matching, header checking to identify spam.
Searches headers for malformed MIME, multinumber email address, etc. to identify spam. Searches also in body of message.
Uses Bayesian filter to learn as it goes
Has public folders available to which users can drag and drop messages to identify messages to blacklist, whitelist, etc. They don't use this feature at Dental school to avoid misuse.
Has a spamblock list so that admins can review messages to add to filter.
Admin tools lets you view messages, traffic for one day, and more. Keeps info in a SQL database.
Has options for listservs, footers with disclaimers, web interface, etc.
Users in Dental school have given positive feedback.
Costs $1500/year.
Has been running it for the last six months. Has approx. 760 Exchange accounts.
The setup that they have didn't require any user training


Larry Fritsche - Business School

Pharmaceuticals and health care are currently the most prolific spammers, surpassing even porn. Mortgages and gambling are way off as well. Spam is so prevalent because it works.
Can Spam Act is ineffective. Only about 4% of spam is actually compliant. Don't rely on government to take care of this situation.
Has about 2500 full time active Exchange accounts, as well as grad student accounts.
Spam filtering process: IIS, Banned subnets and IPs. Next, goes through GFI mail Essentials and Antigen. Then goes through Exchange 2003 Intelligent Mail Filers.
In GFI a suite of filters is applied, such as Spamhaus, Subject content, blacklist, message content, embedded only, Bayesian, etc.
Antigen is an antivirus product that contains a spam component, but that is only an added feature and shouldn't be relied on exclusively.


Customer service:
You must know your customers
Are your med students studying Viagra and Cialis
Is someone researching marketing and pornography?
Did your Korean student expect a valid email from a family member or employer?
Privacy - How sensitive are your customers to inspection?
Regulations? Hippa, Sarbox, etc.
Pilot your solutions
Communicate


Primary Decisions
Delete, Quarantine or Deliver? - Products that rate spam are the most flexible
How much admin control do you need? - Antigen vs GFI vs Exchange/Brightmail
Initial cost vs. ongoing? - Brightmail vs. GFI
Outsource? - Valid option but NOT recommended

Best Practices/Tips
Eliminate or greatly reduce the risk of false positives
Costs - Prepare your customers and IT staff for the labor involved. For example, Spam has a labor cost no matter what options your choose
Evaluate the vendor AND the product - Check their business and technical status
Monitor your systems and stay in touch with your customers


Chris Colomb - ITS Messaging

Evolution of Spam
Cantor & Siegel "How to make a fortune of the Information Superhighway" - and spammed 6000 newsgroups
Open relays
Open proxies
Trojan/zombie PCs - when viruses and spam collide
current estimate: 50 - 100 million of these compromised hosts
ROKSO - Registry of Known Spam Operations
200 known spam operations responsible for 90% of spam


How does UNC handle Spam
spam@unc.edu & spam reporting
Source based blocking
Spam blocking: our dynamic block list
updated four times a day (now every hour)
several hundred entries per update
from 7800 entries in May 2003 to 1.6 million entries today
proactive additions based on traffic analysis
Content based locking
Heuristic spam filtering - At 99% effective spam filtering about 5000 spams would go through at UNC


Internal Challenges
http://mail.unc.edu/spam - Spam filter. Uses spamassasin. Marcus Cox is the principal implementer of this product.
New feature: Whitelist sender: way to deal with false positives
Hope to roll this out to general users soon. Main holdup has been a lack of hardware.
New, revised webmail coming soon. http://webmail2.isis.unc.edu


Ken Bradley - ITS Security

You get spam because you are on some sort of list
signed up for promotions or email lists.
downloading applications and registering them
try using a different email account for this kind of thing
'strafing' web pages. Harvesting web pages for email addresses.
Has been used by 12 year old script kiddies.
Avoid by not putting your email addy in web pages or reformatting it, for example by using 'name at x dot y'
Impossible to avoid all of it. Spam will happen!
Spam can be minimized by using rule sets and filters available in email clients.

Comments []

Yesterday I attended the monthly Triangle NT User's Group meeting. Even though the email advertising the meeting made it sound like we would be treated to an interesting presentation, the presenter once again failed to show up. The pizza was delivered and the few people in attendance got to eat. Afterwards we waited until one hour after the supposed starting time and since the presenter still had not shown up we all went home. This meeting was just sad!
Comments []

The other day I attended the monthly North Carolina System Administrators' meeting, at which Tim Crofton, Manager for Security Consulting from NEC Unified Solutions, Inc. gave a presentation entitled "Crossing the Bridge Before you come to it. Securing Your Infrastructure."

According to the speaker, NEC Unified Solutions is a subsidiary of NEC America and was formed in Jan 04. It is a business and professional consulting organization. On 10/28 they are going to hold an open house at their Blue Ridge Road offices.

Following are the notes that I took during this meeting:

Overview:
Network risk basics
Risk and Vulnerabilities
Risk Assessment


- Over the years, hacker tools have become more sophisticated and the technical knowledge required has decreased drastically.

- No business is without risk.

Loss factors
- Most organizations don't know they're being hacked.
- 55% of respondents report unauthorized access by insiders
- 26% reported theft of proprietary information.
- 80% of all illegal access occurs within the organization by an employee.
(Source: FBI computer security institute)

- happens when employees are fired and access is not removed.

- Convergence between different systems is taking place - becomes issue for security.


Asset protection considerations:
- Paranoid is good
- Technology alone will not make you safe
- Identify your weakness
- Know your enemy
- Always be ready for the worst case scenario


Before staging your strategy:
- Define what is important to protect
- Categorize threats
- Identify vulnerabilities
- vulnerabilities are not just technical. Social engineering, etc.
- Identify the risk
- Build a roadmap


Issues to keep in mind:
- Recognize that traditional TCP/IP risk management principles apply.
- Establish acceptable levels of risk for the environment.
- Don't forget that you are living in a common and open environment.
- Recognize that enterprise infrastructure risk exposes the environment.
- Identify pre-existing environment vulnerabilities.


Where do you start?
- Design a plan!! around pre-existing industry recognized standards for managing technology risk, related to your business...
ISO 17799
BS 7799
GLB
Sarbanes & Oxley
HIPAA
EHNAC
Common Sense!!!

- Adopt a risk management model
--Monitor -Validate & Test - Implement - Monitor etc.

- Identify vulnerabilities:
- Perform a network security assessment to canvas the entire enterprise
- includes social engineering, war driving, information security policies and procedures, security architecture and infrastructure, authentication, etc.
- People, process, systems, networks, applications, physical protections

- Presenter thinks that grinding hard disks is more cost effective and preferable to data wiping (!!)

- Often it's the low tech and not the high tech systems that are the most exploitable.

- Most important part of designing plan is to provide for security awareness.


Assessment approach
- Look at the enterprise as a "system"
- Remember that security is a "process"
- Don't overlook business culture weakness
- Don't forget that you can control system configuration...but you cannot control people.
- Don't focus only on technology alone.
- Don't cross the bridge until you come to it.


- Review all policies, templates and procedures
- Review all system management practice
- Check all configuration settings based on policies
- Port scan all TCP/IP devices
- Discover vulnerabilities


Assessment tools
- use a combination of:
commercial tools
freeware
manual processes


Do it yourself or hire someone?
Hire someone:
advantage: experience, better toolkit, assessment will most likely be more comprehensive and timely
disadvantage: Cost

DIY:
advantage: you gain some experience and insight
disadvantage: Cost, you may need to hire someone anyways due to regulatory compliance directives.

- If you do it yourself, make sure to have written buy-in from management all the way up the food-chain. Otherwise you leave yourself vulnerable to criminal prosecution.


What you should get when it's all said and done:
- Make sure deliverables include a vulnerability reduction plan.

-Security gap analysis
- vulnerability reports
- recommendations
--turn this into a vulnerability reduction plan.


VoIP phones (soft phones) are **just as vulnerable** as other TCP/IP devices

Integrate a "holistic" plan approach

- Configure firewall logging
- Device security
- practice robust log management
- monitor voice server integrity (in case of VoIP)
- exercise control over eavesdropping, if possible.

If all fails: find out what went wrong:
- Do forensics

Vulnerability reduction strategy


Remember: Nothing is more expensive than an incident!!


Comments []

Yesterday I attended the Triangle Novell User's Group meeting which was supposed to be about Linux Management using ZenWorks 6.5. Unfortunately this was the first Triangle NUG meeting at which the presenter did not show up, since he had his car broken into while stopping for dinner in Durham and had his laptops and other equipment stolen. So, instead of having the planned presentation we tried to fill up the presentation time as best as follows with things such as a very detailed Treasurer's Report and other housekeeping matters, and one of our members talked in detail about a distributed identity management solution he was implementing for one of his clients.

At the end of the meeting we drew for door prizes, as always, and I won a very nice Leatherman tool, so this meeting most definitely was not a total loss.
Comments []

Yesterday I attended the North Carolina System Administrator's meeting, at which Tom Limoncelli, co-author of "The Practice of System and Network Administration" gave a presentation entitled "Where the Heck is my Flying Car." This meeting for a change was not held at the usual location of Dreyfus Auditorium in RTP, but rather at Red Hat's corporate headquarters in Raleigh.

The flyer advertising this meeting read as follows: "It's 2004 and we still don't have moving side-walks or flying cars, and computers aren't nearly as cool as they were on The Jetsons. Tom has visited many sites in the last few years and observed a lot of really bad IT practices. He will discuss what he saw and some recent epiphanies he's had about "best practices" in system administration. The second half of the talk will be about his current project to update a small company's IT infrastructure. It has forced him to rethink what constitutes the "basic infrastructure" of an IT organization, and how big companies are held back when they forget the basics. He's also working on a new book about "time management for sysadmins," and will be treating us to some excerpts! Tom Limoncelli is Director of IT Services at Cibernet Corp. A sysadmin and network wonk since 1987, he has worked at Dean for America presidential campaign, Lumeta Corp, Bell Labs, Lucent, AT&T, Mentor Graphics and Drew University. A frequent speaker at Usenix and LISA conferences, he holds as B.A. in C.S.

The slides he used at this presentation can be found here.

The salient points that I got out of this presentation are as follows:

- 20 years ago there were a few good IT shops and a lot of bad ones. Now there are a few good IT shops, a lot of bad ones, a huge amount of really bad ones. This happened because very small sites started appearing, and small sites tend not to have IT teams.

- The problem arose because admins had become slack on the fundamentals of what they are doing.

- There are no hard and fast rules about what constitute best practices. Unlike the construction industry, there are no "codes" that need to be followed and no "inspectors" to make sure that the codes are enforced.

- The state of "best practices" was discussed. Vendors put forth "best practices" for the use of their products. They can range from Sun Microsystems, who has best practices that nobody really follows to Microsoft who can be downright fascist about their insistence that they get followed.

- Other sources for "best practices" are SAGE's Short Topic Booklet Series, Tutorials (for example from LISA), books, Sysadmin Book of Knowledge (BoK) and the Sysadmin Capability Maturity Model.

- Next, he presented lessons learned from rebuilding a small IT site. The first task was to get the fundamentals right. Then move from the old way of thinking in terms of MTTR (Mean Time to Recall) to the new model of using SLAs (Service Level Agreements). Component failure needs to be decoupled from outages. Redundancy in hardware and software needs to be built in, so that users are not affected by failure. Make sure that basic stability is there; test backups. He illustrated these concepts by outlining the steps he took to bring a small company up to speed.

Following his presentation he read a few excerpts from his upcoming book about Time Management.
Comments []

I attended the recent Triangle Novell Users' Group meeting, at which Lori Fair and Charles Taite of GWAVA talked about their company's products. The main points that I got out of this presentation are as follows:

- The company that makes Gwava is focused on email security, with a particular focus on Groupwise. The products of the company are Gwavix, which is a product for Linux, Guinevere, which is a product for Windows, Gwava, which is for Groupwise, and Wasp is an upcoming product for NetWare. These products are used together to in a layered approach to provide a complete virus and spam protection strategy.

- It provides a protocol scanner on the perimeter, which scans port 25 (SMTP), port 80 (HTTP) and port 21 (FTP).

- Novell deployed Gwava on their own internal network in March of 2003, and ever since it has been catching dozens of viruses every month.

- Email is scanned not only via SMTP port 25, but also via IM, web based services such as Hotmail, etc.

- The 4th product, Wasp, provides web access agent server protection, and is designed to secure web access, which is a way to access Groupwise via the web from any PC with a browser anywhere. It runs as an NLM on the server. It can block specified file formats from being uploaded to groupware, which is a process called fingerprinting.

- Wasp and Gwava integrate with 8-9 different anti-virus vendors. It can run with up to 4 different virus scanning NLMs running simultaneously on the same server.

- Gwava 3 came out in May of 2004. New features include:
- A SQL back end, which is based on SQL Light
- All new notification model
- Test order multi-fires, meaning the order in which scanners are run can be specified
- Enhanced logging
- Support for protected memory, for use in clustering environments
- Support for Etrust 7.x
- Support for SAVI, which is a new Sophos API
- Spam tagging
- Multi-spam thresholds
- Smart blocker

- Gwava runs on Groupwise 5.5 and up.

- What makes Gwava unique is that it contains 2 types of scanners: an MTA scanner and a post-office scanner. The MTA scans in real time, whereas the post office scans on demand or via a scheduler and performs a full scan of the post office database.

- The product provides two scanning modes, namely Live, in which messages are blocked or deleted, and Surveillance, in which violations are logged without blocking. Both modes can be combined with each other.

Following the presentation, a live demo of the product was presented. During the demo it was shown that with fingerprinting, the files themselves, rather than the filename extensions, are scanned to determine the format of the file.

Another write up of this meeting should be up on the Triangle Novell Users' Group web site shortly.
Comments []

About a month ago I polished and updated the article that I wrote about using Novell ZenWorks to install and run SpyBot Search and Destroy for SpyBot version 1.3 and submitted this article to Novell. On August 11th Novell published this article in the ZenWorks Cool Solutions portion of their web site as a Cool AppNote. A link to the article is here. Novell was nice enough to send me a $100 gift certificate to amazon.com, which has long since been spent.
Comments []

Continuing to catch up on my backlog of meeting summaries, I attended the August 12th meeting of the Triangle Linux Users' Group, at which Jeff Johnson, who has been instrumental in the ongoing development of RPM, the Red Hat Package Manager, gave a presentation about RPM and Patch Management. This presentation went into great detail about the underlying architecture of RPM and was geared more towards programmers and people interested in tweaking RPM than general users and network administrators and admittedly was way over my head for me as a relative Linux newbie. Since it became clear pretty soon into the meeting that it was way over my head, I did not end up taking the same detailed notes that I usually take during these meetings. Oh well, maybe I'll get more out of the next meeting...
Comments []

I have once again fallen a little behind on writing up the users' group meetings I have attended recently. Next up is the Triangle NT Users' Group meeting of August 10th, at which Microsoft was going to present their Virtual Server. Unfortunately the presenter was not able to make it and we had no presentation on Microsoft Virtual Server. To make up for the fact that the Microsoft presenter didn't show up, one of the principals of TNTUG attempted to put together a demo of Managing Web Sites using FrontPage, however he was experiencing all kinds of problems with his equipment and had a hard time getting his virtual machines running properly. After watching him for what seemed like half an hour trying to get his presentation set up I left, since this was not what I came for and turned out to be a waste of time. I do give credit to the person trying to improvise a demonstration on the spot, which I'm sure is not easy, but this meeting was still a grave disappointment.
Comments []

I attended the July meeting of the Triangle Novell Users' Group, at which Michael Parillo, Category Specialist in the Nterprise Resource Management Team of Novell held a presentation about Novell Patch Management using Patch Link. The main points that I got out of this presentation are as follows:

- Patch Link takes patches from multiple vendors and tests them in multiple scenarios and then attaches notes about usability, gotchas, etc.

- Red Carpet Enterprise is the roughly equivalent patch management solution for Linux.

- Patch Link goes to the vendors, uploads the patches to the patch link update server and the patches go from there to client machines.

- The patch server and patch cache can be secured inside a firewall. It puts the resources near the users.

- It uses an agent based architecture. The agent resides on the machine and reports to the server. The agent knows what is running on the machine and only requests the appropriate patches.

- There is an email notification function for urgent updates.

- Patch Link contains a reporting function, which reports which vulnerabilities are present on a machine.

- For security it uses HTTPS, SSL and 128 bit encryption.

- Patch management can be performed from anywhere by way of a web browser.

- ZenWorks for Desktops 6.5 includes Patch Link 5.0. Patch Link 6.0 has been released, and will be updated in ZenWorks once the code has been released to Novell.

- Patch Link is subscription based. ZenWorks 6.5 contains a 90 day trial for Patch Link for up to 100 users.

- Patch Link makes sure that a patch remains installed and is not overwritten for various reasons.

After the presentation, Michael presented a live demo of Patch Link. During the demo the following points were made:

- Patch Link agent does not require a client.

- It runs on a Microsoft server, and requires IIS for its web server. Talks are in progress to make it available for other servers as well.

- The admin interface can show the number of machines that are patched and the number that are not patched, and can show which machines are missing patches. Errors will be shown as well.

- It uses port 80 or port 443.

- Suggested retail price before Novell discounts is $18/node.

The PowerPoint presentations that Michael used for his presentation are available here.
Comments []

Since I have fallen behind quite a bit on logging the users' group meetings I have attended recently, it is now time to catch up a bit. I attended the July Triangle Linux Users' Group meeting, at which John Gorski, a Systems Engineer from SGI gave a presentation outlining his company's current hardware offerings and the role that Linux is playing on his company's products. The main points that I got out of his presentation are as follows:

- SGI has realigned itself to focus on the area of high performance computing, data management and advanced visualization. The five markets that they are now targeting are defense, energy, science, manufacturing and media.

- SGI's main legacy product was a line of machines using MIPS processors running on a proprietary UNIX called IRIX. They are now moving to a product line called Altix, which runs on Itanium 2 processors using Linux.

- In the field of High Performance Computing, SGI boasts many firsts, including a Linux system running with 512 processors in a single OS image.

- SGI chose the Intel Itanium 2 over the competing 64 bit AMD Opteron processor since its architecture derives its performance through frequency as opposed to the Opteron, which derives its performance through parallelism.

- The Altix server family consists of three lines, the 3700, which is a supercomputer, the 3300, which is en entry level machine, and the 350, which is designed as a departmental/workgroup server.

- The shared memory architecture of the Altix was discussed, in which memory appears as one global shared memory space.

- The roadmap for scaling the architecture was presented. It started in 2003 with 64 processors. In mid 2004 512 processors were achieved. The goal for mid 2005 is to scale the architecture to 16384 processors.

- SGI is moving towards a highly modular architecture, called the NUMAflex architecture. It contains the following modules:
C-Brick - CPU and memory
R-Rick - Router
I-Brick - I/O module
D-Brick - Disk expansion
X-Brick - XIO-expansion
G-Brick - Graphics expansion
M-Brick - Memory expansion
This provides an 'expansion on demand' growth path. One size does not fit all. This provides a flexible scalability for systems to match problem requirements.

- The Altix 350 starts at $12,195. It can be clustered to 1000s of processors. The drives and power supply are hot swappable, but Linux does not support this yet.

- A point was made that High Performance is NOT synonymous with High Uptime.

- The Altix 350 is a very suitable as a departmental server, a database server (supports most databases) and throughput cluster.

- SGI bought Cray in 1996 and later sold it to Terra for cheap.

- The Linux OS options available for SGI hardware were discussed. There is an SGI Advanced Linux environment, which currently supports Red Hat Advanced Server, and soon will support SuSe Linux Enterprise Server. SGI Open Source Enhancements are run on top of this, and the "SGI Pro Pack" is run on top of that.

- Next, data management was discussed. Problems of data management are becoming increasingly more complex. SGI storage technologies and SAN solutions were discussed, using the SGI SAN 2000 as an example.

- Lifecycle management was also briefly discussed.
Comments []

I attended the June 29th meeting of the Triangle Novell Users' Group meeting, at which Valdis Paupe from Xiotech spoke about his company's storage products. After introducing his company and before discussing the technology behind his company's Magnitude line of storage products, he talked about SAN Technologies in general. He touched upon the evolution of SANs from Direct Attached Storage (DAS) via 1st generation SANs, in which all storage was contained in one big box to today's 2nd generation SANs, which feature distributed storage, and in the case of his company's products allow for arrays of drives with mixed capacities and speeds. He then talked about the advantages of Fiber Channel, mentioning that they are the media of choice for SANs. Fiber Channels can come in various configurations, such as point to point, which supports up to 2 nodes, arbitrated loop, which supports up to 126 nodes, and switched fabric, which can support thousands of nodes.

Next he talked about disaster recovery, which has evolved from the traditional back up. With a SAN the data path fro backup can be LAN free and the tape library can be attached directly to the SAN fabric. The next step is serverless backup, which is currently a bleeding edge which has not been catching on. In this technology, the data goes directly from disk to tape without moving through a server. Saying that it is entirely server less is a bit of a misnomer, since serverless backup does involve a control server to drive the backup. Serverless backup is now part of the SCSI protocol.

The next topic that he touched upon was Server Management, and he demonstrated how the time needed for certain server management tasks can be cut down from hours to minutes using a SAN. Using drive virtualization, drives of different capacities and speeds can be used in the same SAN, and if drive virtualization is used with hot spares, the hot spare needs to be the largest drive in the array. Using a Xiotech Magnitude SAN, all servers can be booted directly from the SAN.

Following these four presentations, he gave a live demonstration of one of his Magnitude SANs, showing how RAID arrays could be changed and rebuilt on the fly, servers can be backed up and restored on the fly and servers can be upgraded with a minimal amount of time.
Comments []

Take a look at http://bike.owns.com/. This page contains a description of a Kawasaki motorcycle with an integrated web server. Thanks to Holden for sending me this link.
Comments []