Geeks in Paradise | Brian Chee » August 2006

August 31, 2006 | Comments: (0)

Open Source AP:

TAGS: Toys and tools

The ANCL gang has now done a couple enterprise wireless shootouts and so far the obvious differences between the enterprise grade access points and consumer grade have mostly been in the realm of authentication, vlans, and tying those vlans to multiple SSID's. So while performance is also a consideration, we did not have the facilities available to us to do performance testing at that time. So while enterprise wireless hasn't stood still, the open source world seems to be catching up quickly.

So imagine my surprise when a Jesuit Priest introduced me to DD-WRT, an open source project that shoves Linux onto a Linksys WRT-54G and enables a bushel full of enterprise features, like:

• 802.1x authentication with peap/leap connectors
• vlan support
• multiple ssid support each with their own WEP/WPA key
• nfs support to bring in additional software features that wouldn't fit onto flash
• client bridge, client router, and AP
• Advanced routing (BGP for gawd sakes!)
• DNS Cache
• VPN passthru or pptp vpn support

I should in all good conscience point out that not all Linksys WRT-54G's are supported...version 5.0 from is notorious in that it only has 1/2 the ram of previous versions and it is supposedly impossible to shoe horn DD-WRT onto that version. This project has also forked many times with names like tofu, and HyperWRT where the authors have gone to other platforms (buffalo, etc) and one has gone onto a very popular embedded systems board from Soekris Engineering that has become the darling of the embedded Linux world.

Being a Linux geek, I just had to try this out. CompUSA just happened to have a couple older units left on the shelf and after much digging (with sales folks looking at me very oddly) I found a couple units to try out. Yup, not only does it work, it's also faster than the original firmware off my cable modem connection.

So if you're an SMB looking for enterprise features, maybe you might want to consider rolling your own AP by downloading DD-WRT or one of the forked versions.

Posted by Brian Chee on August 31, 2006 12:59 PM

August 30, 2006 | Comments: (0)

Roll your own NTP Server

TAGS: Industry Trends

It was in the mid 1990's that I had a conversation with some folks at Novell about their NDS (Netware Directory System) where network (as opposed to just file server) authentication became based upon directories instead of older flat file systems. The conversation wasn't so much about the system itself, but rather about an age old data base problem called "deadly embrace". Basically the problem surrounds how computer clocks aren't terribly accurate and we chatted about the possibility of NDS server clocks getting too far away from each other and no longer able to figure out who updated whom first.

Example:
Server A contains user Harry Truman, but so does Server B which is a backup directory server for the enterprise. However, the admin for Server A updates the password for Harry but unknown to them the clock of Server B is ahead by a couple of minutes. Just after the Harry Truman record gets updated, it's time for the servers to synchronize their databases. So does Server A or Server B have the correct password for Harry? The record in Server B is newer according to the clock. In reality, directory systems don't ONLY go by time stamp, but we have seen a case during our Identity Management Shootout where the migration of Active Directory records from Fergensmeir Corp to TCP/IP Corp didn't work because the clocks on the machines were too far apart.

The solution isn't tough to imagine, get more accurate clocks. However, cesium clocks (based upon the atomic decay of cesium, also called atomic clocks) haven't gotten inexpensive enough yet to become prevalent in even high end servers.  Even with new advances in single chip clocks, pricing hasn't dropped enough to make it economically viable solution for most corporations. The reality is that GPS already has super accurate Cesium clocks in them and through a mathematical formula can be accurate in the range of 40 nanoseconds or better. Truly accurate enough to eliminate the deadly embrace problem.

So I began the search to find a NTP (Network Time Protocol) server that would be inexpensive enough that even small business would be able to afford it. Failing this, I was looking at working with a Computer Science Grad student on modifying existing code to take advantage of a hardware hack that involved drilling a hole into an el'cheapo GPS. The biggest problem with this overall plan is that serial connections are inherently sloppy on timing and some sort of clock signal was needed to bring more accuracy to the clock feed from the GPS. The answer is the 1PPS (or 1 pulse per second) where we have the proverbial swinging pendulum with which to synchronize our clock with.

Fast forwarding this whole process, I'd like to bring your attention to a project started by Adrian Von Bidder and now maintained by Bjørn Hansen called pool.ntp.org where everyday folks setup time servers around the world to alleviate the load on the big popular time servers like time.microsoft.com. Interestingly enough, having local NTP servers available everywhere will also solve the deadly embrace problem I previously mentioned. So that's half the problem, but if an NTP server is going to cost upwards of $7,000/each this project is not going to get very many entries in the pool. The answer is another project by Philip M. White that utilizes a very inexpensive GPS from Garmin (under $100/each) that not only provides the serial time+location feed but also the all important 1PPS signal. Based upon the Garmin GPS 18 LVC (LVC is the barewire version) Mr. White outlines the process to build a very simple circuit to feed both the NMEA (National Marine Electronics Association) serial feed of time+location information and combining the 1PPS signal into a single serial interface.

One VERY important item to remember is that this system requires that you have a UART 8250 based serial port, anything else will skew the results and invalidate the accuracy of your clock source. Keep in mind that serial port are notoriously sloppy since it's an asynchronous interface and doesn't normally need to be that accurate. So by staying with a known quantity like the 8250 UART, the authors can predict a normalized delay for the circuitry.

So I've got an Garmin 18 LVC on order and will be hitting a local electronics store for the simple components needed for the interface. I'll update this post once I get it built, and include pictures of my version of the unit. From all indications, this circuit should be well within the realm of just about anyone that can do simple electronics soldering.

/brian chee

Posted by Brian Chee on August 30, 2006 06:52 PM

August 30, 2006 | Comments: (0)

Updates to SonicWall CDP Article

TAGS: Testing notes

Originally published in InfoWorld on August 17, 2006

SonicWall CDP Product Line

This relatively new product line originally from Lasso systems, the CDP provides data protection over a couple different market categories ranging from SMB to the low end of the enterprise market.

What SonicWall is working towards is to provide high reliability data backup with optional offsite storage in an environmentally controlled data center.

The reality is that product features change quickly and sometimes I miss a data point during the fact check with the vendor. Here are a few feedback points brought up by several readers after this article published:

These answers are from the SonicWall CDP product manager and have NOT been personally confirmed.

1.         Does the baremetal restore software actually backup the changes on exchange and SQL live or must the system be stopped and then backed up?

A: Although SonicWALL BMR Server for Windows takes care of hard disk and file system-level consistency via snapshot technology, it could not guarantee application-level consistency. We recommend you to suspend complex servers such as Microsoft SQL, Oracle or Microsoft Exchange before pressing the Proceed button on the last page of the Create Image wizard, or before starting a scheduled task. Once the imaging process starts, you can resume server operations. It is not necessary to suspend the applications for the duration of the imaging process.

If your database is compatible with Microsoft Volume Shadow Copy Service (VSS), then you can check the Enable VSS support box in Backup Options to ensure completion of all transactions before the backup process starts. Then the database will be ready to access immediately after recovery.

2.         Cost of tossing the old unit to upgrade, there was mention of a future upgrade program that wasn't ready to be put into the story. Is it public yet or still a bit off?

A: First we recommend that a customer should budget 2-3 years for their CDP purchase before needing an upgrade. Key considerations are: data growth based on history of past few years, company growth, employee growth, and other initiatives that would impact data size. We plan to institute a formal upgrade plan in the near future. In addition the next generation of CDP will have expandable capacity, so CDP can grow as the customer grows.

3.         Do you have a cost comparison on offsite storage costs? I know that environmentally controlled storage is pretty expensive, but just how much is it nowdays?

A: You are right in that other competitor’s offsite costs can be expensive, and they do not offer the benefit of instant backup, instant recovery. A customer should not have to recover a 50 Gb SQL database over the wire if there is not a disaster event. Recover it locally in minimal time. The same goes for an end-user recovering a file. CDP is a huge productivity saver, reducing downtime from hours to minutes.

A price comparison chart for “environmentally controlled storage� is below. These companies are primarily Offsite Service providers that have high overhead. They also tend to be server-based, and do not protect laptops or workstations without the purchase of additional products. They are difficult to use (require IT Admin) and will have an additional charge for agents to backup Exchange, SQL, etc. Finally many of them work like a cell phone bill – buy a monthly package but you get charged for overage. CDP sells Gb packages, and sends an Alert to the customer before exceeding the quota. No surprises.

Price comparison for offsite storage from 5 to 100 Gb

SonicWALL MSRP $5.88 to $4.41 per Gb

Competitor 1 MSRP $19 to $15 per Gb

Competitor 2 MSRP $24 to $12 per Gb

I also had several comments on the high price of the offsite storage. SonicWall has informed me that the pricing has dropped radically and can be found by contacting SonicWall or your SonicWall reseller.

To the readers that helped keep me honest, my sincerest gratitude. It is my hope that I can publish articles that interest you and are as technicaly correct as possible. However, being human mistakes creep in. So keep those emails coming, and if you have ideas on what kinds of things you'd like to see covered, drop me an email.

 

/brian chee

Posted by Brian Chee on August 30, 2006 01:24 PM

August 09, 2006 | Comments: (0)

Put your laptop bag on a diet!

TAGS: Toys and tools

iGo by Mobility Electronics This guy and I have similar problems...we both travel and both have way too many power adapters for all the essential bits of kit we need to stay connected. So while it sounds like I'm pitching a product for these guys, it really has become an essential piece of my normal laptop bag. This is one piece of kit I won't leave home without. I normally carry around a Motorola BlueTooth headset, a 60gb iPod, my Blackberry, and of course my Lenovo X41 PenTablet. I used to have to also carry around 4 different power adapters, a small power strip, and an inverter for my rental car. Here's what I carry now: The extra added benefit has been leaving the car inverter at home...I just swap the cable opposite the blue light for the plane/car adapter and I'm done. All this also goes nicely into a nylon zipper case. In my case I use the A29 tip for my Blackberry, the A10 for my bluetooth headset, and A61 for my iPod. Though I'm tinkering with the idea of finding a tip that can recharge my Bluetooth serial dongle too, since that's become a part of my standard kit. So while it is a bit heavier than the orginal IBM power adapter, overall it's much lighter since I'm only carrying one transfomer instead of 4-5. So as you get ready to pack your bags for Interop New York..checkout the iGo at www.igo.com or head to a local Radio Shack to look at one in person.

Posted by Brian Chee on August 9, 2006 01:11 PM

August 06, 2006 | Comments: (0)

Keep the thieves at bay.

TAGS: Toys and tools

I would like to wish the bozo's that stole one of my fellow editor's laptop a long trip down a short flight of stairs. However, we can't always get what we wish for and instead have gone with a more preventative method of keeping our laptops safe.

Pacsafe's original product line is the Pacsafe which consists of a steel mesh bag that closes securely around a bag and then closed with a steel cable that could be secured in a car's trunk, or around just about anything secure to prevent your stuff from walking away. Our problem was that thieves were targeting rental cars in a major shopping mall and breaking into them.

 

This is PacSafe's Daysafe backpack with steel mesh woven in. A logical extension of their original product, either product should make it considerably harder for some thief from ruining your day.

 

Posted by Brian Chee on August 6, 2006 02:56 PM

August 06, 2006 | Comments: (0)

I got the whiteboard blues

TAGS: Toys and tools

I may live in the ivory tower, but I've also spent many years in both the private sector and the federal government; and I can tell you that everyone has had problems of copying down whiteboard work and missing a key point of the meeting or class. One of my favorite pieces of kit over the years has been the Mimio Stick by Virtual Ink of Cambridge, Mass. It's a foldering plastic doodad that sticks to the upper left corner of a white board (or the top of a flip chart) and using markers in an ergonomic holder you just go to town. The system seems to use infrared to tell the system which color pen holder you're using, and also when you have a pen down condition. Then it uses ultrasonics to get xy positioning on the white board up to 4foot by 8foot. The other cool thing is that you can also add a piece of software that turns the pens into a mouse and also can do handwriting recognition. While not cheap, they're a heck of a lot cheaper than a traditional smart board. Now, combine that with "Wall Talker" in place of a traditional white board and you have a meeting room that screams collaboration. Wall Talker is basically a wall paper that can either be a projection surface, a whiteboard or both. They even have both wood and aluminum edging to give it a finished look, and trays for markers. I've been up to the developers area at the Spirent Honolulu offices and the short walls in that area are covered with the stuff. Programmers can markup the walls with impunity so that project status is seen by all the programmers as they head to their cubes...Here's a scan of the brochure I snagged from a wall paper supplier in Honolulu...just find a wall paper or design firm..I'd wager they've probably heard of the stuff. Grab a scan of the WallTalkers brochure.

My other big problem is that we are really trying hard to make sure that we don't leave our inconvenienced team members out and have been looking for ways of improving the collaboration tools while also fulfilling our ADA requirements. To this end we're looking at creating the classroom/meetingroom of the very near future. With walls covered by WallTalker, and drawings captured by Mimio Capture, we then make sure that everyone both in the classroom and off campus get to see and save the whiteboard images and the audio from the instructor. To this end we're looking at a project from Microsoft Research called ConferenceXP. Sounding similar to work done at Argonne National Labs designed for supercomputer education (Access Grid), ConferenceXP creates a peer to peer collaboration environment that combines functions that services like WebEx/MS-LiveMeeting have, but on a smaller scale. So while the base system is designed for multicast, this group seems to have recently adding in functions that allow folks to also participate via unicast.

Posted by Brian Chee on August 6, 2006 12:18 PM

August 02, 2006 | Comments: (0)

Ipswitch WS-FTP Pro 2007

TAGS: Toys and tools

We all know we should backup more often, but the question for the road weary warrior is whether you backup to that external USB hard drive and risk getting that stolen with the laptop or fight the battle on the recurring cost of a backup service. Especially when you have a perfectly good server back at the office. Ipswitch's WS-FTP Pro 2007 combines that FTP utility with some really spanky directory/file sync/compress/encrypt functions while making those files easier to find with both a local and remote file search capability.

During testing the only bump I ran across was that the remote file system auto-detect didn't figure out the Mac OSx machine quite right and mangled some installer files on my first download. Manually changing this to a UNIX file system fixed this issue. All in all a mighty fine file transfer utility that has grown up right along side the user community.

I give this package four thumbs up and am fine with a strong buy recommendation...

 

The familiar Windows Explorer feel is an old friend on the WS-FTP home page

You don't have to compromise anymore, do a backup to your office server with the backup wizard.

Encrypt confidential data with PGP or just PGP sign the file so that folks are absolutely sure it came from you.

If you like icons, change the view just like on Windows Explorer

Posted by Brian Chee on August 2, 2006 07:42 PM