Re: Copying large file

[jsmrekar]

You could also try an application called teracopy. It has fixed/copied some 
files that I was not able to copy. You will need to install it on your systems 
but then it is a simple item to use. Just drag and drop like before. It will 
pop up an interface for you to watch as the percentage increases plus other 
options.

Jack smrekar

 Ben Scott  wrote: 
> On Mon, Jan 31, 2011 at 9:30 AM, itli...@imcu.com  wrote:
> > I am trying to copy a 67Gb .bak file from a USB drive to a SAS
> > Raid-5 drive and I get an error after like 2 hours saying I couldn’t
> > copy the file???
> 
>   What is the **EXACT** error message you get?  Copy it verbatim.
> (Copy-and-paste if possible.)
> 
>   As others have suggested, try ROBOCOPY.  If nothing else, it gives
> better diagnostics than most things.
> 
>   Check Event Viewer for anything related to the disk subsystem or
> filesystem drivers.
> 
>   CHKDSK the source drive; make sure the filesystem is good.
> 
>   If you run out of ideas: Try "CHKDSK /R" on the source drive.  It
> will likely take several or more hours, but it will confirm the disk
> and the interface is good.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Audit service?

[Joe Morlino]

"Log Info" from 
http://www.rjlsoftware.com/software/utility/loginfo/default.shtml does this 
nicely but costs $99. 
I wrote a prototype system to audit changes in about 150 machines on a 
production line and about 200 office machines based on it. 
Worked great, client cut back due to economy and we never got to finish it.
Regards,
Joe Morlino
Islands Computer Services
Beaufort, SC   
  -Original Message-
  From: John Cook [mailto:john.c...@pfsf.org]
  Sent: Monday, January 31, 2011 8:03 PM
  To: NT System Admin Issues
  Subject: Re: Audit service?


  I think Spiceworks can provide some of this info (feel free to correct me if 
I'm wrong) and it's free. 
  John W. Cook 
  Systems Administrator 
  Partnership for Strong Families



--
  From: Kurt Buff  
  To: NT System Admin Issues  
  Sent: Mon Jan 31 19:19:29 2011
  Subject: Re: Audit service? 


  Sure!



  Try it, you'll like it. Win7 even has a 64bit version. 

  Lots of good info in there.



  On Mon, Jan 31, 2011 at 15:51, Erik Goldoff  wrote:
  > DirectX diagnostics, really ?
  >
  >
  > Erik Goldoff
  > IT  Consultant
  > Systems, Networks, & Security
  >
  > '  Security is an ongoing process, not a one time event ! '
  >
  >
  >
  > -Original Message-
  > From: Kurt Buff [mailto:kurt.b...@gmail.com]
  > Sent: Monday, January 31, 2011 6:46 PM
  > To: NT System Admin Issues
  > Subject: Re: Audit service?
  >
  > For hardware, a very nice tool is included in the OS: dxdiag
  >
  > You might be able to cobble something together with WMI or perhaps
  > even psinfo for the software.
  >
  > Kurt
  >
  > On Mon, Jan 31, 2011 at 15:05, Eric Brouwer  wrote:
  >> Greetings,
  >>
  >> Back in the day, I used to use a web based service that audited all our PCs
  >> when they logged in.  It would gather information such as hardware specs,
  >> installed software, IP info, etc.  I could then run reports that would show
  >> me changes since last month, new computers since last month, etc.  Any one
  >> know what this might have been called?
  >>
  >> Any one doing something similar now?  It used to be a great tool at budget
  >> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
  >> PCs, and have documentation to back up my recommendations.  It also helped
  >> with software compliance.  If I had 150 Office licenses, I made sure the
  >> report showed less.
  >>
  >> Thanks!
  >> Eric
  >>
  >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  >> ~   ~
  >>
  >> ---
  >> To manage subscriptions click here:
  >> http://lyris.sunbelt-software.com/read/my_forums/
  >> or send an email to listmana...@lyris.sunbeltsoftware.com
  >> with the body: unsubscribe ntsysadmin
  >
  > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  > ~   ~
  >
  > ---
  > To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  > or send an email to listmana...@lyris.sunbeltsoftware.com
  > with the body: unsubscribe ntsysadmin
  >
  >
  > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  > ~   ~
  >
  > ---
  > To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  > or send an email to listmana...@lyris.sunbeltsoftware.com
  > with the body: unsubscribe ntsysadmin
  >
  >


  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~   ~

  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin



--
  CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
  Consider the environment. Please don't print this e-mail unless you really 
need to.

  This email and any attached files are confidential and intended solely for 
the intended recipient(s). If you are not the named recipient you should not 

Re: Audit service?

[Ben Scott]

On Mon, Jan 31, 2011 at 6:54 PM, Jonathan Link  wrote:
> Sounds like Belarc?

  Be aware that Belarc Advisor is only free for non-commercial use.
If you're using it in a business, it's a payware license.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Audit service?

[John Cook]

I think Spiceworks can provide some of this info (feel free to correct me if 
I'm wrong) and it's free.
John W. Cook
Systems Administrator
Partnership for Strong Families


From: Kurt Buff 
To: NT System Admin Issues 
Sent: Mon Jan 31 19:19:29 2011
Subject: Re: Audit service?

Sure!

[cid:ii_12dde941dd024474]

Try it, you'll like it. Win7 even has a 64bit version.

Lots of good info in there.



On Mon, Jan 31, 2011 at 15:51, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
> DirectX diagnostics, really ?
>
>
> Erik Goldoff
> IT  Consultant
> Systems, Networks, & Security
>
> '  Security is an ongoing process, not a one time event ! '
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, January 31, 2011 6:46 PM
> To: NT System Admin Issues
> Subject: Re: Audit service?
>
> For hardware, a very nice tool is included in the OS: dxdiag
>
> You might be able to cobble something together with WMI or perhaps
> even psinfo for the software.
>
> Kurt
>
> On Mon, Jan 31, 2011 at 15:05, Eric Brouwer 
> mailto:ithelp.e...@gmail.com>> wrote:
>> Greetings,
>>
>> Back in the day, I used to use a web based service that audited all our PCs
>> when they logged in.  It would gather information such as hardware specs,
>> installed software, IP info, etc.  I could then run reports that would show
>> me changes since last month, new computers since last month, etc.  Any one
>> know what this might have been called?
>>
>> Any one doing something similar now?  It used to be a great tool at budget
>> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
>> PCs, and have documentation to back up my recommendations.  It also helped
>> with software compliance.  If I had 150 Office licenses, I made sure the
>> report showed less.
>>
>> Thanks!
>> Eric
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to 
>> listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscription

RE: Some thoughts for your DR Plan - now with Pics

[Jacob]

Hmm.. nothing a couple cases of compressed air cannot fixed. ;-)  I love the
photo of using a boat to get to the roof.

I feel your pain. I recovered from a disaster once (fire). It was a learning
experience.

Jacob

-Original Message-
From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Monday, January 31, 2011 1:14 PM
To: NT System Admin Issues
Subject: RE: Some thoughts for your DR Plan - now with Pics

Here are some pictures of the flooding, the lengths we went to to save some
critical servers and what a data centre/server room that's been under flood
water looks like after it has dried out.

http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1

I have to say that when I saw the data centre after the water had resided it
really hit home (strangely when I had walked around in knee deep water in
there it hadn't been as upsetting). 

I'd spent the last 3 years replacing every piece of IT infrastructure
Australia wide.  The Data Centre was new and we had just finished the IT
Infrastructure replacement project.  I'd been in discussions with carriers
in preparation for both a live DR location and also to move the Data Centre.
I didn't pick where it was put and I wanted to move it for two reasons.  One
was due to the poor carrier connectivity available in the area, and 2ndly
because there had been flooding in the area before.  Nothing to this extreme
but I still figured it could happen.

-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, 1 February 2011 4:48 AM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan

James,

Do you have any photos of your DC underwater that you could share?
This and your write-up will go a long way toward helping our management
understand the risks.

Thanks...


Roger Wright
___

"The internet is a great way to get on the net." - Bob Dole




On Sun, Jan 30, 2011 at 9:05 PM, James Hill 
wrote:
> We now have the majority of things restored and up and running.  Below 
> are just some initial thoughts and ideas that I wanted to share with the
list.
> It is in no way any form of DR plan nor is it meant to indicate what 
> we did or didn't have.  It's simply my experiences from our recent DR 
> experience written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard 
> myself as any form of DR expert nor am I the first to have been 
> through a real DR experience.  However if I am able to provide any 
> info that can assist others than I am more than happy to do so.
>
>
>
> · Don't ever think it can't happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince 
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to 
> this all our stores were able to continue to trade even though the 
> data centre was under water.
>
> · If you have something in your environment that isn't in your 
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may 
> not be able to assist as they are tending to their own personal issues 
> or physical access is simply not available.
>
> · Services you take for granted may simply be not available. 
> There were power outages (some for weeks) and communication network
outages.
> Phone systems quickly become overloaded in a Disaster, especially 
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for 
> relocation of office staff)
>
> o    Furniture for staff
>
> o    Computers and comms
>
> o    Power, can the circuits handle the extra load you will be adding 
> to the site?
>
> o    Bandwidth
>
> o    Air conditioning/heating
>
> · Have remote visibility of your data centre and its 
> surroundings
>
> o    A camera or two would have shown us the level of the water and we 
> could have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if 
> water is detected.
>
> · Exchange cached mode and offline files provide quick access 
> to much critical information.
>
> · Keep critical infrastructure/server build/networking 
> documentation in multiple places.
>
> o    I had a recent backup at my personal residence.  It was 
> invaluable in the early stages of our Recovery.
>
> · Data restores
>
> o    Do test restores regularly.  Environments change all the time and 
> maybe something hasn't been added to the backup list for that server.
>
> o    Ensure that you can retrieve critical data quickly.  Restores 
> take time.
>
> o    Tapes - do anything to avoid them, if you have to use them have 
> multiple tape drives available so that restores can be conducted more 
> quickly.
>
> o    Have backup backup servers.  Especially with the tape catalogues 
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> o    Have an offsite locatio

Re: Intel developing security 'game-changer'

[Kurt Buff]

I'm going to agree very strongly with Andrew here.

To bolster the case, I'll point you to some words of wisdom from the man who
write the first firewall implemented at the White House:
http://www.ranum.com/security/computer_security/editorials/dumb/

Dumb ideas one and two, specifically...

While what you say is true, Andrew (and I, of course) also understand that
risk, and that risk is not something covered by blacklists, at least
initially. It takes time to get the signatures out for a blacklist, just as
it takes time to get patches out for your AV/IDS/IPS/HIDS/Whatever. What's
worse is that the signature writers simply can't keep up.

However, the universe of 0-days for whitelisted apps is far smaller than the
universe of stupid/malicious apps.

And, in most cases, just because a 0-day hits you, it doesn't mean that your
machine is compromised. Why? Because all that usually gets you is an
elevated command prompt - and that in and of itself isn't such a big deal.

 *Wait for it..*


What I mean by "isn't such a big deal" is that (almost always) the reason
for an elevated prompt is to run a malicious app. If your system won't run
any but whitelisted apps, you've mitigated the impact of the 0-day, even if
you haven't completely negated it.

It's rare that a machine gets hit by a 0-day with a live human being on the
other end running native OS tools to exfiltrate data or do other malicious
things. The one relatively recent bit of maliciousness that I can remember
that did anything like that was the Slammer worm, and all that did was
propagate itself.

Is it 100%? Nope, and Andrew (nor anyone else taking this position) never
said that.

Is it easy to set up? Nope, and nobody ever said it was, either.

But, if I had to choose, I'd take whitelisting over blacklisting every
damned day.

Kurt

On Mon, Jan 31, 2011 at 16:12, Crawford, Scott wrote:

>  Inline, but here’s some opening comments J
>
>
>
> White-listing .exes does nothing to stop attacks like .wmf and .jpg
> vulnerabilities below.
>
>
>
>
> http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21526
>
>
> http://www.symantec.com/security_response/writeup.jsp?docid=2004-091516-5119-99&tabid=2
>
>
>
> While these may be currently patched and/or low risk, I think they server
> to illustrate my point. Note that AV signatures detect the badness in them
> before Microsoft patched the offending executable. Also note that under all
> but the most restrictive white-listing campaign, the code that processes
> .wmf and .jpg would be allowed.
>
>
>
> Again, please don’t misunderstand me. I’m not saying white-listing is
> without its advantages. I’m simply saying that it’s not a solution to stop
> malware. Impair it? Yes. Stop some of it? Yes. But, the primary reason it
> stops some and even most current malware is because it’s not very popular
> yet.
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, January 31, 2011 2:47 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Intel developing security 'game-changer'
>
>
>
> *>>There are MORE good files that I want to use than bad that I want to
> block. *
>
>
>
> Except that most of those good files won't get executed if you stop a more
> limited number of other executables from launching.
>
>
>
> My concern is infected data files that are associated with a white-listed
> .exe.
>
>
>
> You don't necessarily have to track every version of every known DLL that
> might ever get executed, if you can simply track the far more limited number
> of executables that would spawn them.
>
>
>
> Understood
>
>
>
> It would appear that you're looking at whitelisting in a very different way
> than is typically implemented.  What is your understanding of how a
> whitelisting solution would need to work?
>
>
>
> Yes, I am becoming aware that I’m looking at it very differently J. That
> is basically my point. The way it’s typically implemented is to specify an
> allowed list of executables using multiple ways of compiling that list –
> publisher, path, hash, filename, etc. This is basically the only practical
> way it can work. However, to be **truly* *stop all malware from executing,
> it would also have to include all documents/data files that a user would
> want to use.
>
>
>
>
>
> *>>**If there’s a chance that said application will make a mistake, then
> we also need something signature based to block the bad bits.*
>
>
>
> Except that the scenario you're presenting is exactly what we call Zero Day
> attacks.   Vulnerability is discovered in an approved app (no matter how you
> chose to identify "approved app") and it gets exploited.  How is a signature
> helping there when the attack is new?
>
>
>
> Antimalware signatures are generally produced much more rapidly than an
> application patch. So, while a zero day flaw may take a week (optimistic) to
> patch, the AV vendors could be blocking all .txt files containing the
> offending string of bits.
>
>
>
>
>
> If the vulne

Re: Audit service?

[Kurt Buff]

Sure!

[image: dxdiag.JPG]

Try it, you'll like it. Win7 even has a 64bit version.

Lots of good info in there.



On Mon, Jan 31, 2011 at 15:51, Erik Goldoff  wrote:
> DirectX diagnostics, really ?
>
>
> Erik Goldoff
> IT  Consultant
> Systems, Networks, & Security
>
> '  Security is an ongoing process, not a one time event ! '
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, January 31, 2011 6:46 PM
> To: NT System Admin Issues
> Subject: Re: Audit service?
>
> For hardware, a very nice tool is included in the OS: dxdiag
>
> You might be able to cobble something together with WMI or perhaps
> even psinfo for the software.
>
> Kurt
>
> On Mon, Jan 31, 2011 at 15:05, Eric Brouwer  wrote:
>> Greetings,
>>
>> Back in the day, I used to use a web based service that audited all our
PCs
>> when they logged in.  It would gather information such as hardware specs,
>> installed software, IP info, etc.  I could then run reports that would
show
>> me changes since last month, new computers since last month, etc.  Any
one
>> know what this might have been called?
>>
>> Any one doing something similar now?  It used to be a great tool at
budget
>> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
>> PCs, and have documentation to back up my recommendations.  It also
helped
>> with software compliance.  If I had 150 Office licenses, I made sure the
>> report showed less.
>>
>> Thanks!
>> Eric
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Intel developing security 'game-changer'

[Crawford, Scott]

Inline, but here's some opening comments :)

White-listing .exes does nothing to stop attacks like .wmf and .jpg 
vulnerabilities below.

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21526
http://www.symantec.com/security_response/writeup.jsp?docid=2004-091516-5119-99&tabid=2

While these may be currently patched and/or low risk, I think they server to 
illustrate my point. Note that AV signatures detect the badness in them before 
Microsoft patched the offending executable. Also note that under all but the 
most restrictive white-listing campaign, the code that processes .wmf and .jpg 
would be allowed.

Again, please don't misunderstand me. I'm not saying white-listing is without 
its advantages. I'm simply saying that it's not a solution to stop malware. 
Impair it? Yes. Stop some of it? Yes. But, the primary reason it stops some and 
even most current malware is because it's not very popular yet.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 31, 2011 2:47 PM
To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

>>There are MORE good files that I want to use than bad that I want to block.

Except that most of those good files won't get executed if you stop a more 
limited number of other executables from launching.

My concern is infected data files that are associated with a white-listed .exe.

You don't necessarily have to track every version of every known DLL that might 
ever get executed, if you can simply track the far more limited number of 
executables that would spawn them.

Understood

It would appear that you're looking at whitelisting in a very different way 
than is typically implemented.  What is your understanding of how a 
whitelisting solution would need to work?

Yes, I am becoming aware that I'm looking at it very differently :). That is 
basically my point. The way it's typically implemented is to specify an allowed 
list of executables using multiple ways of compiling that list - publisher, 
path, hash, filename, etc. This is basically the only practical way it can 
work. However, to be *truly* stop all malware from executing, it would also 
have to include all documents/data files that a user would want to use.


>>If there's a chance that said application will make a mistake, then we also 
>>need something signature based to block the bad bits.

Except that the scenario you're presenting is exactly what we call Zero Day 
attacks.   Vulnerability is discovered in an approved app (no matter how you 
chose to identify "approved app") and it gets exploited.  How is a signature 
helping there when the attack is new?

Antimalware signatures are generally produced much more rapidly than an 
application patch. So, while a zero day flaw may take a week (optimistic) to 
patch, the AV vendors could be blocking all .txt files containing the offending 
string of bits.


If the vulnerability is one that requires no new executables, then a zero-day 
attack is equally damaging to a whitelist or blacklist approach.

If the vulnerability is one that spawns a new executable, then a zero-day 
attack is not effective in a whitelist scenario, but just as damaging as always 
in a blacklist scenario.

I address the need for vendors to allow features and functionality to be 
enabled or disabled independently (in the very next paragraph)

Right. The ability to turn off javascript/macros in Word, Reader, IE, etc. is 
certainly a beneficial addition, but it doesn't prevent other forms of malware 
that may be present in a .doc or .pdf, just the malware that exploits the 
built-in execution engine.

, which would provide even more security.  In the meantime, blacklisting at the 
host level as the primary means of protection is a game of increasing risk with 
diminishing returns...


Agreed...for the time being. But, if we were to flip a magic switch and swap to 
a predominantly white-list based environment, the most common exploitation 
vectors would switch to exploiting white-listed .exes through buffer overflows 
or other methods of tricking an .exe to doing more than displaying data in a 
data file.

ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...




On Mon, Jan 31, 2011 at 2:36 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
"Application whitelisting is a good idea, because for every environment, there 
are less items that fall into the "known good" category than bad code that you 
don't want to run."

This assumption simply isn't true. Data = 1's and 0's = code. There are MORE 
good files that I want to use than bad that I want to block. If there was some 
magic bullet that ensured "data" files could never contain executable bits, 
then I would agree whole heartedly. But, I don't believe such bullet will ever 
exist. Therefore data = 1's and 0's = code and its up to the whitelisted .exe 
to interpret them correctly. If there's a chance that 

Re: Audit service?

[Jonathan Link]

Sounds like Belarc?  I know the school district I worked for was starting to
use this as I was leaving...

On Mon, Jan 31, 2011 at 6:05 PM, Eric Brouwer  wrote:

> Greetings,
>
> Back in the day, I used to use a web based service that audited all our PCs
> when they logged in.  It would gather information such as hardware specs,
> installed software, IP info, etc.  I could then run reports that would show
> me changes since last month, new computers since last month, etc.  Any one
> know what this might have been called?
>
> Any one doing something similar now?  It used to be a great tool at budget
> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
> PCs, and have documentation to back up my recommendations.  It also helped
> with software compliance.  If I had 150 Office licenses, I made sure the
> report showed less.
>
> Thanks!
>
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Audit service?

[Erik Goldoff]

DirectX diagnostics, really ?


Erik Goldoff
IT  Consultant
Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '



-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, January 31, 2011 6:46 PM
To: NT System Admin Issues
Subject: Re: Audit service?

For hardware, a very nice tool is included in the OS: dxdiag

You might be able to cobble something together with WMI or perhaps
even psinfo for the software.

Kurt

On Mon, Jan 31, 2011 at 15:05, Eric Brouwer  wrote:
> Greetings,
>
> Back in the day, I used to use a web based service that audited all our PCs
> when they logged in.  It would gather information such as hardware specs,
> installed software, IP info, etc.  I could then run reports that would show
> me changes since last month, new computers since last month, etc.  Any one
> know what this might have been called?
>
> Any one doing something similar now?  It used to be a great tool at budget
> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
> PCs, and have documentation to back up my recommendations.  It also helped
> with software compliance.  If I had 150 Office licenses, I made sure the
> report showed less.
>
> Thanks!
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Audit service?

[Erik Goldoff]

You could use the Microsoft tools, or a login script that runs variations of
PSINFO ( ok, that’s Microsoft now too ) to show hardware, software, and
hotfix info, piped out to a text file by computer name or user name.

 

Then there’s more feature rich, more expensive third party options,
Spiceworks comes to mind.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 31, 2011 6:06 PM
To: NT System Admin Issues
Subject: Audit service?

 

Greetings,

 

Back in the day, I used to use a web based service that audited all our PCs
when they logged in.  It would gather information such as hardware specs,
installed software, IP info, etc.  I could then run reports that would show
me changes since last month, new computers since last month, etc.  Any one
know what this might have been called?

 

Any one doing something similar now?  It used to be a great tool at budget
time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
PCs, and have documentation to back up my recommendations.  It also helped
with software compliance.  If I had 150 Office licenses, I made sure the
report showed less.

 

Thanks!


Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Audit service?

[Kurt Buff]

For hardware, a very nice tool is included in the OS: dxdiag

You might be able to cobble something together with WMI or perhaps
even psinfo for the software.

Kurt

On Mon, Jan 31, 2011 at 15:05, Eric Brouwer  wrote:
> Greetings,
>
> Back in the day, I used to use a web based service that audited all our PCs
> when they logged in.  It would gather information such as hardware specs,
> installed software, IP info, etc.  I could then run reports that would show
> me changes since last month, new computers since last month, etc.  Any one
> know what this might have been called?
>
> Any one doing something similar now?  It used to be a great tool at budget
> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
> PCs, and have documentation to back up my recommendations.  It also helped
> with software compliance.  If I had 150 Office licenses, I made sure the
> report showed less.
>
> Thanks!
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Audit service?

[Mike Sullivan]

Maybe Lansweeper?

http://www.lansweeper.com/

On Mon, Jan 31, 2011 at 3:05 PM, Eric Brouwer  wrote:

> Greetings,
>
> Back in the day, I used to use a web based service that audited all our PCs
> when they logged in.  It would gather information such as hardware specs,
> installed software, IP info, etc.  I could then run reports that would show
> me changes since last month, new computers since last month, etc.  Any one
> know what this might have been called?
>
> Any one doing something similar now?  It used to be a great tool at budget
> time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
> PCs, and have documentation to back up my recommendations.  It also helped
> with software compliance.  If I had 150 Office licenses, I made sure the
> report showed less.
>
> Thanks!
>
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Mike Sullivan
neog...@gmail.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Final: Cisco 1240AGs and HP 2600-PWR switches - got it all working

[Kurt Buff]

All,

My last email was not even close to correct, but I finally got it all
working on Friday.

Things left to do:
   o- Get SSH running on the WAPs and switches
   o- Get a new VLAN up and running that supports RADIUS/IAS auth, for
better security and migrate laptops (and perhaps scan guns, we'll see
about that) to it.

But, for now, this all works well. Note, however, that "primary",
"default", "management" and "native", when applied to vlans, are
different terms in HP and Cisco worlds, and don't mean the same thing
or affect the same sets of behavior - at least AFAICT. Further note
that when below I say "management vlan", it emphatically does not mean
that I set the "management-vlan" up on the HP switches. The management
vlan I set up is just another vlan, except that I only use it to
manage the switches and WAPs, and that it doesn't extend to the 802.11
side of the WAPs - otherwise there's nothing special about it.

I had to take the following steps to make it all correct:

   o- Shut down vlan 1 on the HP switches (it's the default vlan on HP
switches, and is by default also the "primary" vlan - you want no
tagged or untagged ports in that vlan)

   o- Making the management vlan (99) "primary" on the HP switches

   o- Making the management vlan "native" on the Cisco WAPs

   o- Untagging the management vlan on the ports for the HP switches
to which the WAPs were connected (after a new WAP configuration was
uploaded)

   o- Tagging the management vlan for the port connections between the
HP switches (already in place)

   o- Tagging the production and guest vlans on each port for the HP
switches (as soon as a new WAP configuration was uploaded - they were
already tagged on the switch-switch connections)

   o- I also took the opportunity to change from passwords to secrets
for the login accounts for the WAPs, which caused some minor
inconvenience while updating the configs

   o- I had to pre-configure two settings for int dot11radio0 -
setting 'mbssid' and 'encryption vlan 115 mode ciphers tkip'
beforehand, so that I could do a 'copy ftp://
system:running-config' command cleanly - otherwise the WAP would bark
at me during the upload of the new config.

To ease the the last two points I did a copy/paste of the required
commands into the telnet session, ending with a 'write mem' then
logged out and back in again.

Unfortunately, I also had to physically verify accurate location and
frequency use of the WAPs, as some were mislabeled, and I needed to
avoid channel interference/overlapping, which took a great deal longer
than I anticipated. (Hey - climbing ladders on a kilt isn't for the
faint of heart!)

Finally, I set the WAP host names to reflect the location and last
octet of the IP address - for instance, 2ndflrS-NW-121.example.com.
This would reflect the 2nd floor South suite in the NW corner, and the
last octet of the IP address is 121.

Kurt


Sampe HP Switch config:
--Begin HP Switch Config--
hostname "HP PoE WAPs Server Rm #1"
max-vlans 10
time timezone -480
time daylight-time-rule Continental-US-and-Canada
ip default-gateway 192.168.99.1
sntp server (removed)
logging (removed)
snmp-server community "(removed)" Operator
snmp-server community "(removed)" Operator Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   ip address dhcp-bootp
   no untagged 1-9
   exit
vlan 99
   name "VLAN99"
   untagged 1-8
   ip address (removed)
   tagged 9
   exit
vlan 115
   name "VLAN115"
   tagged 1-9
   exit
vlan 120
   name "VLAN120"
   tagged 1-9
   exit
primary-vlan 99
password manager
password operator
--End HP Switch Config--

Sample WAP Config:
--Begin 1240AG Config--
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname (removed)
!
enable secret 5 (removed)
!
no aaa new-model
clock timezone -0800 -8
clock summer-time -0700 recurring
!
!
dot11 vlan-name VLAN115 vlan 115
dot11 vlan-name VLAN120 vlan 120
!
dot11 ssid Guest
   vlan 120
   authentication open
   mbssid guest-mode dtim-period 2
!
dot11 ssid Production
   vlan 115
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 (removed)
!
power inline negotiation prestandard source
!
!
username readonly password 7 (removed)
username Admin privilege 15 secret 5 (removed)
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 115 mode ciphers tkip
 !
 ssid Guest
 !
 ssid Production
 !
 antenna transmit right
 antenna receive right
 mbssid
 speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 power client 20
 channel 2412
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.115
 encapsulation dot1Q 115
 no ip route-cache
 bridge-group 115
 bridge-group 115 subscriber-loop-control
 bridg

RE: Audit service?

[Rod Trent]

ConfigMgr may be too much, but it does that.

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 31, 2011 6:06 PM
To: NT System Admin Issues
Subject: Audit service?

 

Greetings,

 

Back in the day, I used to use a web based service that audited all our PCs
when they logged in.  It would gather information such as hardware specs,
installed software, IP info, etc.  I could then run reports that would show
me changes since last month, new computers since last month, etc.  Any one
know what this might have been called?

 

Any one doing something similar now?  It used to be a great tool at budget
time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
PCs, and have documentation to back up my recommendations.  It also helped
with software compliance.  If I had 150 Office licenses, I made sure the
report showed less.

 

Thanks!


Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Audit service?

[Eric Brouwer]

Greetings,

Back in the day, I used to use a web based service that audited all our PCs
when they logged in.  It would gather information such as hardware specs,
installed software, IP info, etc.  I could then run reports that would show
me changes since last month, new computers since last month, etc.  Any one
know what this might have been called?

Any one doing something similar now?  It used to be a great tool at budget
time.  I'd sort my hardware, and budget to replace the "worst" 15-20% of
PCs, and have documentation to back up my recommendations.  It also helped
with software compliance.  If I had 150 Office licenses, I made sure the
report showed less.

Thanks!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: First Windows Server 2008 member server

[Ben Scott]

On Mon, Jan 31, 2011 at 3:19 PM, Brian Desmond  wrote:
> NTBackup has been renamed and reimagined as Windows Server Backup… It is
> substantially better in 2008 R2 compared to 2008.

  But still does not support tape drives.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Copying large file

[Ben Scott]

On Mon, Jan 31, 2011 at 9:30 AM, itli...@imcu.com  wrote:
> I am trying to copy a 67Gb .bak file from a USB drive to a SAS
> Raid-5 drive and I get an error after like 2 hours saying I couldn’t
> copy the file???

  What is the **EXACT** error message you get?  Copy it verbatim.
(Copy-and-paste if possible.)

  As others have suggested, try ROBOCOPY.  If nothing else, it gives
better diagnostics than most things.

  Check Event Viewer for anything related to the disk subsystem or
filesystem drivers.

  CHKDSK the source drive; make sure the filesystem is good.

  If you run out of ideas: Try "CHKDSK /R" on the source drive.  It
will likely take several or more hours, but it will confirm the disk
and the interface is good.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Some thoughts for your DR Plan - now with Pics

[Steve Ens]

With climate change doing what it is doing, it is a good time to get into
the server cleaning and recovery business.

On Mon, Jan 31, 2011 at 3:44 PM, James Hill wrote:

> It's a shame some of the equipment had been pulled out.  Seeing the SAN in
> muddy water, well, that's when you get a few extra grey hairs :)  It was
> taken out early and sent for cleaning.  In the long run though we didn’t'
> use it.
>
> And yes, we went through the roof to get those servers.  The water was
> about 12 foot deep inside at that stage, as you can see from the sea of
> floating stock.
>
> -Original Message-
> From: Sean Rector [mailto:sean.rec...@vaopera.org]
> Sent: Tuesday, 1 February 2011 7:43 AM
> To: NT System Admin Issues
> Subject: RE: Some thoughts for your DR Plan - now with Pics
>
> What he said.  Unbelievable!
>
> Sean Rector, MCSE
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, January 31, 2011 4:40 PM
> To: NT System Admin Issues
> Subject: Re: Some thoughts for your DR Plan - now with Pics
>
> Wow.
>
> Just...
>
> Wow.
>
> On Mon, Jan 31, 2011 at 13:13, James Hill 
> wrote:
> > Here are some pictures of the flooding, the lengths we went to to save
> some critical servers and what a data centre/server room that's been under
> flood water looks like after it has dried out.
> >
> > http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1
> >
> > I have to say that when I saw the data centre after the water had resided
> it really hit home (strangely when I had walked around in knee deep water in
> there it hadn't been as upsetting).
> >
> > I'd spent the last 3 years replacing every piece of IT infrastructure
> Australia wide.  The Data Centre was new and we had just finished the IT
> Infrastructure replacement project.  I'd been in discussions with carriers
> in preparation for both a live DR location and also to move the Data Centre.
>  I didn't pick where it was put and I wanted to move it for two reasons.
>  One was due to the poor carrier connectivity available in the area, and
> 2ndly because there had been flooding in the area before.  Nothing to this
> extreme but I still figured it could happen.
> >
> > -Original Message-
> > From: Roger Wright [mailto:rhw...@gmail.com]
> > Sent: Tuesday, 1 February 2011 4:48 AM
> > To: NT System Admin Issues
> > Subject: Re: Some thoughts for your DR Plan
> >
> > James,
> >
> > Do you have any photos of your DC underwater that you could share?
> > This and your write-up will go a long way toward helping our management
> understand the risks.
> >
> > Thanks...
> >
> >
> > Roger Wright
> > ___
> >
> > "The internet is a great way to get on the net." - Bob Dole
> >
> >
> >
> >
> > On Sun, Jan 30, 2011 at 9:05 PM, James Hill <
> james.h...@superamart.com.au> wrote:
> >> We now have the majority of things restored and up and running. Below
> >> are just some initial thoughts and ideas that I wanted to share with the
> list.
> >> It is in no way any form of DR plan nor is it meant to indicate what
> >> we did or didn't have.  It's simply my experiences from our recent DR
> >> experience written down for the benefits of others.
> >>
> >>
> >>
> >> Some or none of this may apply to you.  I certainly do not regard
> >> myself as any form of DR expert nor am I the first to have been
> >> through a real DR experience.  However if I am able to provide any
> >> info that can assist others than I am more than happy to do so.
> >>
> >>
> >>
> >> · Don't ever think it can't happen, it can.
> >>
> >> · You do need a DR location, a live one if possible. Convince
> >> management of this!
> >>
> >> · Build redundancy into your designs of everything.  Thanks
> >> to this all our stores were able to continue to trade even though the
> >> data centre was under water.
> >>
> >> · If you have something in your environment that isn't in
> >> your backup schedule, add it now, no matter how small it may be.
> >>
> >> · Consider that staff with specific duties in your DR plan
> >> may not be able to assist as they are tending to their own personal
> >> issues or physical access is simply not available.
> >>
> >> · Services you take for granted may simply be not available.
> >> There were power outages (some for weeks) and communication network
> outages.
> >> Phone systems quickly become overloaded in a Disaster, especially
> >> mobile/cell networks.
> >>
> >> · Make allowance for the following in your DR location(for
> >> relocation of office staff)
> >>
> >> oFurniture for staff
> >>
> >> oComputers and comms
> >>
> >> oPower, can the circuits handle the extra load you will be adding
> >> to the site?
> >>
> >> oBandwidth
> >>
> >> oAir conditioning/heating
> >>
> >> · Have remote visibility of your data centre and its
> >> surroundings
> >>
> >> oA camera or two would have shown us the level of the water and
> >> we could have saved

RE: Some thoughts for your DR Plan - now with Pics

[Michael B. Smith]

It's just about enough to make you cry.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Monday, January 31, 2011 4:43 PM
To: NT System Admin Issues
Subject: RE: Some thoughts for your DR Plan - now with Pics

What he said.  Unbelievable!

Sean Rector, MCSE


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Monday, January 31, 2011 4:40 PM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan - now with Pics

Wow.

Just...

Wow.

On Mon, Jan 31, 2011 at 13:13, James Hill  wrote:
> Here are some pictures of the flooding, the lengths we went to to save some 
> critical servers and what a data centre/server room that's been under flood 
> water looks like after it has dried out.
>
> http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1
>
> I have to say that when I saw the data centre after the water had resided it 
> really hit home (strangely when I had walked around in knee deep water in 
> there it hadn't been as upsetting).
>
> I'd spent the last 3 years replacing every piece of IT infrastructure 
> Australia wide.  The Data Centre was new and we had just finished the IT 
> Infrastructure replacement project.  I'd been in discussions with carriers in 
> preparation for both a live DR location and also to move the Data Centre.  I 
> didn't pick where it was put and I wanted to move it for two reasons.  One 
> was due to the poor carrier connectivity available in the area, and 2ndly 
> because there had been flooding in the area before.  Nothing to this extreme 
> but I still figured it could happen.
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, 1 February 2011 4:48 AM
> To: NT System Admin Issues
> Subject: Re: Some thoughts for your DR Plan
>
> James,
>
> Do you have any photos of your DC underwater that you could share?
> This and your write-up will go a long way toward helping our management 
> understand the risks.
>
> Thanks...
>
>
> Roger Wright
> ___
>
> "The internet is a great way to get on the net." - Bob Dole
>
>
>
>
> On Sun, Jan 30, 2011 at 9:05 PM, James Hill  
> wrote:
>> We now have the majority of things restored and up and running. Below 
>> are just some initial thoughts and ideas that I wanted to share with the 
>> list.
>> It is in no way any form of DR plan nor is it meant to indicate what 
>> we did or didn't have.  It's simply my experiences from our recent DR 
>> experience written down for the benefits of others.
>>
>>
>>
>> Some or none of this may apply to you.  I certainly do not regard 
>> myself as any form of DR expert nor am I the first to have been 
>> through a real DR experience.  However if I am able to provide any 
>> info that can assist others than I am more than happy to do so.
>>
>>
>>
>> · Don't ever think it can't happen, it can.
>>
>> · You do need a DR location, a live one if possible. Convince 
>> management of this!
>>
>> · Build redundancy into your designs of everything.  Thanks 
>> to this all our stores were able to continue to trade even though the 
>> data centre was under water.
>>
>> · If you have something in your environment that isn't in 
>> your backup schedule, add it now, no matter how small it may be.
>>
>> · Consider that staff with specific duties in your DR plan 
>> may not be able to assist as they are tending to their own personal 
>> issues or physical access is simply not available.
>>
>> · Services you take for granted may simply be not available.
>> There were power outages (some for weeks) and communication network outages.
>> Phone systems quickly become overloaded in a Disaster, especially 
>> mobile/cell networks.
>>
>> · Make allowance for the following in your DR location(for 
>> relocation of office staff)
>>
>> o    Furniture for staff
>>
>> o    Computers and comms
>>
>> o    Power, can the circuits handle the extra load you will be adding 
>> to the site?
>>
>> o    Bandwidth
>>
>> o    Air conditioning/heating
>>
>> · Have remote visibility of your data centre and its 
>> surroundings
>>
>> o    A camera or two would have shown us the level of the water and 
>> we could have saved much more equipment.
>>
>> · Add sensors to your data centre that shuts off the power if 
>> water is detected.
>>
>> · Exchange cached mode and offline files provide quick access 
>> to much critical information.
>>
>> · Keep critical infrastructure/server build/networking 
>> documentation in multiple places.
>>
>> o    I had a recent backup at my personal residence.  It was 
>> invaluable in the early stages of our Recovery.
>>
>> · Data restores
>>
>> o    Do test restores regularly.  Environments change all the time 
>> and maybe something hasn't been added to the backup list for that server.
>>
>> o    Ensure that 

RE: Some thoughts for your DR Plan - now with Pics

[James Hill]

It's a shame some of the equipment had been pulled out.  Seeing the SAN in 
muddy water, well, that's when you get a few extra grey hairs :)  It was taken 
out early and sent for cleaning.  In the long run though we didn’t' use it.

And yes, we went through the roof to get those servers.  The water was about 12 
foot deep inside at that stage, as you can see from the sea of floating stock.

-Original Message-
From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Tuesday, 1 February 2011 7:43 AM
To: NT System Admin Issues
Subject: RE: Some thoughts for your DR Plan - now with Pics

What he said.  Unbelievable!

Sean Rector, MCSE


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Monday, January 31, 2011 4:40 PM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan - now with Pics

Wow.

Just...

Wow.

On Mon, Jan 31, 2011 at 13:13, James Hill  wrote:
> Here are some pictures of the flooding, the lengths we went to to save some 
> critical servers and what a data centre/server room that's been under flood 
> water looks like after it has dried out.
>
> http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1
>
> I have to say that when I saw the data centre after the water had resided it 
> really hit home (strangely when I had walked around in knee deep water in 
> there it hadn't been as upsetting).
>
> I'd spent the last 3 years replacing every piece of IT infrastructure 
> Australia wide.  The Data Centre was new and we had just finished the IT 
> Infrastructure replacement project.  I'd been in discussions with carriers in 
> preparation for both a live DR location and also to move the Data Centre.  I 
> didn't pick where it was put and I wanted to move it for two reasons.  One 
> was due to the poor carrier connectivity available in the area, and 2ndly 
> because there had been flooding in the area before.  Nothing to this extreme 
> but I still figured it could happen.
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, 1 February 2011 4:48 AM
> To: NT System Admin Issues
> Subject: Re: Some thoughts for your DR Plan
>
> James,
>
> Do you have any photos of your DC underwater that you could share?
> This and your write-up will go a long way toward helping our management 
> understand the risks.
>
> Thanks...
>
>
> Roger Wright
> ___
>
> "The internet is a great way to get on the net." - Bob Dole
>
>
>
>
> On Sun, Jan 30, 2011 at 9:05 PM, James Hill  
> wrote:
>> We now have the majority of things restored and up and running. Below 
>> are just some initial thoughts and ideas that I wanted to share with the 
>> list.
>> It is in no way any form of DR plan nor is it meant to indicate what 
>> we did or didn't have.  It's simply my experiences from our recent DR 
>> experience written down for the benefits of others.
>>
>>
>>
>> Some or none of this may apply to you.  I certainly do not regard 
>> myself as any form of DR expert nor am I the first to have been 
>> through a real DR experience.  However if I am able to provide any 
>> info that can assist others than I am more than happy to do so.
>>
>>
>>
>> · Don't ever think it can't happen, it can.
>>
>> · You do need a DR location, a live one if possible. Convince 
>> management of this!
>>
>> · Build redundancy into your designs of everything.  Thanks 
>> to this all our stores were able to continue to trade even though the 
>> data centre was under water.
>>
>> · If you have something in your environment that isn't in 
>> your backup schedule, add it now, no matter how small it may be.
>>
>> · Consider that staff with specific duties in your DR plan 
>> may not be able to assist as they are tending to their own personal 
>> issues or physical access is simply not available.
>>
>> · Services you take for granted may simply be not available.
>> There were power outages (some for weeks) and communication network outages.
>> Phone systems quickly become overloaded in a Disaster, especially 
>> mobile/cell networks.
>>
>> · Make allowance for the following in your DR location(for 
>> relocation of office staff)
>>
>> o    Furniture for staff
>>
>> o    Computers and comms
>>
>> o    Power, can the circuits handle the extra load you will be adding 
>> to the site?
>>
>> o    Bandwidth
>>
>> o    Air conditioning/heating
>>
>> · Have remote visibility of your data centre and its 
>> surroundings
>>
>> o    A camera or two would have shown us the level of the water and 
>> we could have saved much more equipment.
>>
>> · Add sensors to your data centre that shuts off the power if 
>> water is detected.
>>
>> · Exchange cached mode and offline files provide quick access 
>> to much critical information.
>>
>> · Keep critical infrastructure/server build/networking 
>> documentation in multiple places.
>>
>> o    I had a recent backup at my personal residence. 

Re: Some thoughts for your DR Plan

[Kurt Buff]

Thank you. Much appreciated.

On Mon, Jan 31, 2011 at 12:42, James Hill  wrote:
> Go for it Kurt.  If you have any questions please let me know.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, 1 February 2011 3:44 AM
> To: NT System Admin Issues
> Subject: Re: Some thoughts for your DR Plan
>
> This is a good write up - lots of lessons learned.
>
> As I've said, we have an office in Brisbane.
>
> I've never visited it, but I am in several senses responsible for the IT 
> there, and it has always galled me that I haven't been able to do anything 
> for them beyond sending an LTO4 tape unit and a few tapes to them - they 
> ferry the tapes back and forth to the garage of one of the staff members on a 
> weekly basis...
>
> Do I have your permission to show this to management here? I think it might 
> prove a bit of an eye opener for them.
>
> Kurt
>
> On Sun, Jan 30, 2011 at 18:05, James Hill  
> wrote:
>> We now have the majority of things restored and up and running.  Below
>> are just some initial thoughts and ideas that I wanted to share with the 
>> list.
>> It is in no way any form of DR plan nor is it meant to indicate what
>> we did or didn’t have.  It’s simply my experiences from our recent DR
>> experience written down for the benefits of others.
>>
>>
>>
>> Some or none of this may apply to you.  I certainly do not regard
>> myself as any form of DR expert nor am I the first to have been
>> through a real DR experience.  However if I am able to provide any
>> info that can assist others than I am more than happy to do so.
>>
>>
>>
>> · Don’t ever think it can’t happen, it can.
>>
>> · You do need a DR location, a live one if possible.  Convince
>> management of this!
>>
>> · Build redundancy into your designs of everything.  Thanks to
>> this all our stores were able to continue to trade even though the
>> data centre was under water.
>>
>> · If you have something in your environment that isn’t in your
>> backup schedule, add it now, no matter how small it may be.
>>
>> · Consider that staff with specific duties in your DR plan may
>> not be able to assist as they are tending to their own personal issues
>> or physical access is simply not available.
>>
>> · Services you take for granted may simply be not available.
>> There were power outages (some for weeks) and communication network outages.
>> Phone systems quickly become overloaded in a Disaster, especially
>> mobile/cell networks.
>>
>> · Make allowance for the following in your DR location(for
>> relocation of office staff)
>>
>> o    Furniture for staff
>>
>> o    Computers and comms
>>
>> o    Power, can the circuits handle the extra load you will be adding
>> to the site?
>>
>> o    Bandwidth
>>
>> o    Air conditioning/heating
>>
>> · Have remote visibility of your data centre and its
>> surroundings
>>
>> o    A camera or two would have shown us the level of the water and we
>> could have saved much more equipment.
>>
>> · Add sensors to your data centre that shuts off the power if
>> water is detected.
>>
>> · Exchange cached mode and offline files provide quick access
>> to much critical information.
>>
>> · Keep critical infrastructure/server build/networking
>> documentation in multiple places.
>>
>> o    I had a recent backup at my personal residence.  It was
>> invaluable in the early stages of our Recovery.
>>
>> · Data restores
>>
>> o    Do test restores regularly.  Environments change all the time and
>> maybe something hasn’t been added to the backup list for that server.
>>
>> o    Ensure that you can retrieve critical data quickly.  Restores
>> take time.
>>
>> o    Tapes – do anything to avoid them, if you have to use them have
>> multiple tape drives available so that restores can be conducted more
>> quickly.
>>
>> o    Have backup backup servers.  Especially with the tape catalogues
>> available.  We saw cataloguing of tapes take 14 hours plus.
>>
>> o    Have an offsite location authorised as a delivery point with your
>> Offsite Tape holder.
>>
>> · Check your emotions at the door.  Remain calm and logical,
>> consider others needs.  The people that are true leaders(that doesn’t
>> necessarily mean all Managers) should be running the show.  Everyone
>> else will be looking to them for guidance.
>>
>>
>>
>> · Fire and water make fantastic servants, they are horrible masters.
>>
>>
>>
>> James.
>>
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> 

RE: Some thoughts for your DR Plan - now with Pics

[Sean Rector]

What he said.  Unbelievable!

Sean Rector, MCSE


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, January 31, 2011 4:40 PM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan - now with Pics

Wow.

Just...

Wow.

On Mon, Jan 31, 2011 at 13:13, James Hill  wrote:
> Here are some pictures of the flooding, the lengths we went to to save some 
> critical servers and what a data centre/server room that's been under flood 
> water looks like after it has dried out.
>
> http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1
>
> I have to say that when I saw the data centre after the water had resided it 
> really hit home (strangely when I had walked around in knee deep water in 
> there it hadn't been as upsetting).
>
> I'd spent the last 3 years replacing every piece of IT infrastructure 
> Australia wide.  The Data Centre was new and we had just finished the IT 
> Infrastructure replacement project.  I'd been in discussions with carriers in 
> preparation for both a live DR location and also to move the Data Centre.  I 
> didn't pick where it was put and I wanted to move it for two reasons.  One 
> was due to the poor carrier connectivity available in the area, and 2ndly 
> because there had been flooding in the area before.  Nothing to this extreme 
> but I still figured it could happen.
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, 1 February 2011 4:48 AM
> To: NT System Admin Issues
> Subject: Re: Some thoughts for your DR Plan
>
> James,
>
> Do you have any photos of your DC underwater that you could share?
> This and your write-up will go a long way toward helping our management 
> understand the risks.
>
> Thanks...
>
>
> Roger Wright
> ___
>
> "The internet is a great way to get on the net." - Bob Dole
>
>
>
>
> On Sun, Jan 30, 2011 at 9:05 PM, James Hill  
> wrote:
>> We now have the majority of things restored and up and running.  
>> Below are just some initial thoughts and ideas that I wanted to share with 
>> the list.
>> It is in no way any form of DR plan nor is it meant to indicate what 
>> we did or didn't have.  It's simply my experiences from our recent DR 
>> experience written down for the benefits of others.
>>
>>
>>
>> Some or none of this may apply to you.  I certainly do not regard 
>> myself as any form of DR expert nor am I the first to have been 
>> through a real DR experience.  However if I am able to provide any 
>> info that can assist others than I am more than happy to do so.
>>
>>
>>
>> · Don't ever think it can't happen, it can.
>>
>> · You do need a DR location, a live one if possible.  
>> Convince management of this!
>>
>> · Build redundancy into your designs of everything.  Thanks 
>> to this all our stores were able to continue to trade even though the 
>> data centre was under water.
>>
>> · If you have something in your environment that isn't in 
>> your backup schedule, add it now, no matter how small it may be.
>>
>> · Consider that staff with specific duties in your DR plan 
>> may not be able to assist as they are tending to their own personal 
>> issues or physical access is simply not available.
>>
>> · Services you take for granted may simply be not available.
>> There were power outages (some for weeks) and communication network outages.
>> Phone systems quickly become overloaded in a Disaster, especially 
>> mobile/cell networks.
>>
>> · Make allowance for the following in your DR location(for 
>> relocation of office staff)
>>
>> o    Furniture for staff
>>
>> o    Computers and comms
>>
>> o    Power, can the circuits handle the extra load you will be adding 
>> to the site?
>>
>> o    Bandwidth
>>
>> o    Air conditioning/heating
>>
>> · Have remote visibility of your data centre and its 
>> surroundings
>>
>> o    A camera or two would have shown us the level of the water and 
>> we could have saved much more equipment.
>>
>> · Add sensors to your data centre that shuts off the power if 
>> water is detected.
>>
>> · Exchange cached mode and offline files provide quick access 
>> to much critical information.
>>
>> · Keep critical infrastructure/server build/networking 
>> documentation in multiple places.
>>
>> o    I had a recent backup at my personal residence.  It was 
>> invaluable in the early stages of our Recovery.
>>
>> · Data restores
>>
>> o    Do test restores regularly.  Environments change all the time 
>> and maybe something hasn't been added to the backup list for that server.
>>
>> o    Ensure that you can retrieve critical data quickly.  Restores 
>> take time.
>>
>> o    Tapes - do anything to avoid them, if you have to use them have 
>> multiple tape drives available so that restores can be conducted more 
>> quickly.
>>
>> o    Have backup backup servers.  Especially with the tape catalogues 
>> available.  We saw catalog

Re: Some thoughts for your DR Plan - now with Pics

[Kurt Buff]

Wow.

Just...

Wow.

On Mon, Jan 31, 2011 at 13:13, James Hill  wrote:
> Here are some pictures of the flooding, the lengths we went to to save some 
> critical servers and what a data centre/server room that's been under flood 
> water looks like after it has dried out.
>
> http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1
>
> I have to say that when I saw the data centre after the water had resided it 
> really hit home (strangely when I had walked around in knee deep water in 
> there it hadn't been as upsetting).
>
> I'd spent the last 3 years replacing every piece of IT infrastructure 
> Australia wide.  The Data Centre was new and we had just finished the IT 
> Infrastructure replacement project.  I'd been in discussions with carriers in 
> preparation for both a live DR location and also to move the Data Centre.  I 
> didn't pick where it was put and I wanted to move it for two reasons.  One 
> was due to the poor carrier connectivity available in the area, and 2ndly 
> because there had been flooding in the area before.  Nothing to this extreme 
> but I still figured it could happen.
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, 1 February 2011 4:48 AM
> To: NT System Admin Issues
> Subject: Re: Some thoughts for your DR Plan
>
> James,
>
> Do you have any photos of your DC underwater that you could share?
> This and your write-up will go a long way toward helping our management 
> understand the risks.
>
> Thanks...
>
>
> Roger Wright
> ___
>
> "The internet is a great way to get on the net." - Bob Dole
>
>
>
>
> On Sun, Jan 30, 2011 at 9:05 PM, James Hill  
> wrote:
>> We now have the majority of things restored and up and running.  Below
>> are just some initial thoughts and ideas that I wanted to share with the 
>> list.
>> It is in no way any form of DR plan nor is it meant to indicate what
>> we did or didn't have.  It's simply my experiences from our recent DR
>> experience written down for the benefits of others.
>>
>>
>>
>> Some or none of this may apply to you.  I certainly do not regard
>> myself as any form of DR expert nor am I the first to have been
>> through a real DR experience.  However if I am able to provide any
>> info that can assist others than I am more than happy to do so.
>>
>>
>>
>> · Don't ever think it can't happen, it can.
>>
>> · You do need a DR location, a live one if possible.  Convince
>> management of this!
>>
>> · Build redundancy into your designs of everything.  Thanks to
>> this all our stores were able to continue to trade even though the
>> data centre was under water.
>>
>> · If you have something in your environment that isn't in your
>> backup schedule, add it now, no matter how small it may be.
>>
>> · Consider that staff with specific duties in your DR plan may
>> not be able to assist as they are tending to their own personal issues
>> or physical access is simply not available.
>>
>> · Services you take for granted may simply be not available.
>> There were power outages (some for weeks) and communication network outages.
>> Phone systems quickly become overloaded in a Disaster, especially
>> mobile/cell networks.
>>
>> · Make allowance for the following in your DR location(for
>> relocation of office staff)
>>
>> o    Furniture for staff
>>
>> o    Computers and comms
>>
>> o    Power, can the circuits handle the extra load you will be adding
>> to the site?
>>
>> o    Bandwidth
>>
>> o    Air conditioning/heating
>>
>> · Have remote visibility of your data centre and its
>> surroundings
>>
>> o    A camera or two would have shown us the level of the water and we
>> could have saved much more equipment.
>>
>> · Add sensors to your data centre that shuts off the power if
>> water is detected.
>>
>> · Exchange cached mode and offline files provide quick access
>> to much critical information.
>>
>> · Keep critical infrastructure/server build/networking
>> documentation in multiple places.
>>
>> o    I had a recent backup at my personal residence.  It was
>> invaluable in the early stages of our Recovery.
>>
>> · Data restores
>>
>> o    Do test restores regularly.  Environments change all the time and
>> maybe something hasn't been added to the backup list for that server.
>>
>> o    Ensure that you can retrieve critical data quickly.  Restores
>> take time.
>>
>> o    Tapes - do anything to avoid them, if you have to use them have
>> multiple tape drives available so that restores can be conducted more
>> quickly.
>>
>> o    Have backup backup servers.  Especially with the tape catalogues
>> available.  We saw cataloguing of tapes take 14 hours plus.
>>
>> o    Have an offsite location authorised as a delivery point with your
>> Offsite Tape holder.
>>
>> · Check your emotions at the door.  Remain calm and logical,
>> consider others needs.  The people that are true leaders(that d

RE: Some thoughts for your DR Plan

[Erik Goldoff]

Thank you, I will pass on this information to those DR/BC professionals I
know.

Unfortunately some of the best learnings come from pain. Your write-up may
save others a bit of grief.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Monday, January 31, 2011 3:42 PM
To: NT System Admin Issues
Subject: RE: Some thoughts for your DR Plan

 

Absolutely Erik.  I want to help others as much as possible as it really is
a horrible thing to have to go through.

 

We have recovered very quickly imo and the systems we did have in place
helped us to do that.  But we could have avoided huge amounts of pain if we
had better DR systems and plans in place.

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Monday, 31 January 2011 9:54 PM
To: NT System Admin Issues
Subject: RE: Some thoughts for your DR Plan

 

I’m sorry you had to experience this, but glad you didn’t experience
personal catastrophic harm.

 

I belong to the Southeastern Continuity Planners’ Association here in
Georgia ( www.scpa-us.org ) and I’d like to share the content of your
message below, but wanted to ask your permission first.  What say you ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Sunday, January 30, 2011 9:06 PM
To: NT System Admin Issues
Subject: Some thoughts for your DR Plan

 

We now have the majority of things restored and up and running.  Below are
just some initial thoughts and ideas that I wanted to share with the list.
It is in no way any form of DR plan nor is it meant to indicate what we did
or didn’t have.  It’s simply my experiences from our recent DR experience
written down for the benefits of others.

 

Some or none of this may apply to you.  I certainly do not regard myself as
any form of DR expert nor am I the first to have been through a real DR
experience.  However if I am able to provide any info that can assist others
than I am more than happy to do so.

 

· Don’t ever think it can’t happen, it can.

· You do need a DR location, a live one if possible.  Convince
management of this!

· Build redundancy into your designs of everything.  Thanks to this
all our stores were able to continue to trade even though the data centre
was under water.

· If you have something in your environment that isn’t in your
backup schedule, add it now, no matter how small it may be.

· Consider that staff with specific duties in your DR plan may not
be able to assist as they are tending to their own personal issues or
physical access is simply not available.

· Services you take for granted may simply be not available.  There
were power outages (some for weeks) and communication network outages.
Phone systems quickly become overloaded in a Disaster, especially
mobile/cell networks.

· Make allowance for the following in your DR location(for
relocation of office staff)

oFurniture for staff

oComputers and comms

oPower, can the circuits handle the extra load you will be adding to the
site?

oBandwidth

oAir conditioning/heating

· Have remote visibility of your data centre and its surroundings

oA camera or two would have shown us the level of the water and we could
have saved much more equipment.

· Add sensors to your data centre that shuts off the power if water
is detected.

· Exchange cached mode and offline files provide quick access to
much critical information.

· Keep critical infrastructure/server build/networking documentation
in multiple places.

oI had a recent backup at my personal residence.  It was invaluable in
the early stages of our Recovery.

· Data restores

oDo test restores regularly.  Environments change all the time and maybe
something hasn’t been added to the backup list for that server.

oEnsure that you can retrieve critical data quickly.  Restores take
time.

oTapes – do anything to avoid them, if you have to use them have
multiple tape drives available so that restores can be conducted more
quickly.

oHave backup backup servers.  Especially with the tape catalogues
available.  We saw cataloguing of tapes take 14 hours plus.

oHave an offsite location authorised as a delivery point with your
Offsite Tape holder.

· Check your emotions at the door.  Remain calm and logical,
consider others needs.  The people that are true leaders(that doesn’t
necessarily mean all Managers) should be running the show.  Everyone else
will be looking to them for guidance.

 

· Fire and water make fantastic servants, they are horrible masters.

 

James.

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Some thoughts for your DR Plan - now with Pics

[James Hill]

Here are some pictures of the flooding, the lengths we went to to save some 
critical servers and what a data centre/server room that's been under flood 
water looks like after it has dried out.

http://cid-0aa8d56800097048.photos.live.com/play.aspx/DR%20Pics?ref=1

I have to say that when I saw the data centre after the water had resided it 
really hit home (strangely when I had walked around in knee deep water in there 
it hadn't been as upsetting). 

I'd spent the last 3 years replacing every piece of IT infrastructure Australia 
wide.  The Data Centre was new and we had just finished the IT Infrastructure 
replacement project.  I'd been in discussions with carriers in preparation for 
both a live DR location and also to move the Data Centre.  I didn't pick where 
it was put and I wanted to move it for two reasons.  One was due to the poor 
carrier connectivity available in the area, and 2ndly because there had been 
flooding in the area before.  Nothing to this extreme but I still figured it 
could happen.

-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Tuesday, 1 February 2011 4:48 AM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan

James,

Do you have any photos of your DC underwater that you could share?
This and your write-up will go a long way toward helping our management 
understand the risks.

Thanks...


Roger Wright
___

"The internet is a great way to get on the net." - Bob Dole




On Sun, Jan 30, 2011 at 9:05 PM, James Hill  
wrote:
> We now have the majority of things restored and up and running.  Below 
> are just some initial thoughts and ideas that I wanted to share with the list.
> It is in no way any form of DR plan nor is it meant to indicate what 
> we did or didn't have.  It's simply my experiences from our recent DR 
> experience written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard 
> myself as any form of DR expert nor am I the first to have been 
> through a real DR experience.  However if I am able to provide any 
> info that can assist others than I am more than happy to do so.
>
>
>
> · Don't ever think it can't happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince 
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to 
> this all our stores were able to continue to trade even though the 
> data centre was under water.
>
> · If you have something in your environment that isn't in your 
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may 
> not be able to assist as they are tending to their own personal issues 
> or physical access is simply not available.
>
> · Services you take for granted may simply be not available.  
> There were power outages (some for weeks) and communication network outages.
> Phone systems quickly become overloaded in a Disaster, especially 
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for 
> relocation of office staff)
>
> o    Furniture for staff
>
> o    Computers and comms
>
> o    Power, can the circuits handle the extra load you will be adding 
> to the site?
>
> o    Bandwidth
>
> o    Air conditioning/heating
>
> · Have remote visibility of your data centre and its 
> surroundings
>
> o    A camera or two would have shown us the level of the water and we 
> could have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if 
> water is detected.
>
> · Exchange cached mode and offline files provide quick access 
> to much critical information.
>
> · Keep critical infrastructure/server build/networking 
> documentation in multiple places.
>
> o    I had a recent backup at my personal residence.  It was 
> invaluable in the early stages of our Recovery.
>
> · Data restores
>
> o    Do test restores regularly.  Environments change all the time and 
> maybe something hasn't been added to the backup list for that server.
>
> o    Ensure that you can retrieve critical data quickly.  Restores 
> take time.
>
> o    Tapes - do anything to avoid them, if you have to use them have 
> multiple tape drives available so that restores can be conducted more 
> quickly.
>
> o    Have backup backup servers.  Especially with the tape catalogues 
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> o    Have an offsite location authorised as a delivery point with your 
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical, 
> consider others needs.  The people that are true leaders(that doesn't 
> necessarily mean all Managers) should be running the show.  Everyone 
> else will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible mast

RE: Some thoughts for your DR Plan

[James Hill]

This is something I've done personally for a while and no it's not encrypted.  
I had a few important files that were specific to the IT design.  Obviously the 
preference is to have this information at another location that is secure (so 
not a personal residence) but having this info saved a great deal of time.  
Particularly the network documents(IP Address info for example) and password 
info (service accounts, websites etc).

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, 1 February 2011 6:51 AM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan

One thing that I noticed, I have a question about.  Is your backup encrypted at 
all?  You mentioned that you had a recent backup at your personal residence, is 
this part of your standard for maintaining an offsite backup, or was it an 
accidental happenstance?



On Sun, Jan 30, 2011 at 9:05 PM, James Hill 
mailto:james.h...@superamart.com.au>> wrote:
We now have the majority of things restored and up and running.  Below are just 
some initial thoughts and ideas that I wanted to share with the list.  It is in 
no way any form of DR plan nor is it meant to indicate what we did or didn't 
have.  It's simply my experiences from our recent DR experience written down 
for the benefits of others.

Some or none of this may apply to you.  I certainly do not regard myself as any 
form of DR expert nor am I the first to have been through a real DR experience. 
 However if I am able to provide any info that can assist others than I am more 
than happy to do so.


* Don't ever think it can't happen, it can.

* You do need a DR location, a live one if possible.  Convince 
management of this!

* Build redundancy into your designs of everything.  Thanks to this all 
our stores were able to continue to trade even though the data centre was under 
water.

* If you have something in your environment that isn't in your backup 
schedule, add it now, no matter how small it may be.

* Consider that staff with specific duties in your DR plan may not be 
able to assist as they are tending to their own personal issues or physical 
access is simply not available.

* Services you take for granted may simply be not available.  There 
were power outages (some for weeks) and communication network outages.  Phone 
systems quickly become overloaded in a Disaster, especially mobile/cell 
networks.

* Make allowance for the following in your DR location(for relocation 
of office staff)

oFurniture for staff

oComputers and comms

oPower, can the circuits handle the extra load you will be adding to the 
site?

oBandwidth

oAir conditioning/heating

* Have remote visibility of your data centre and its surroundings

oA camera or two would have shown us the level of the water and we could 
have saved much more equipment.

* Add sensors to your data centre that shuts off the power if water is 
detected.

* Exchange cached mode and offline files provide quick access to much 
critical information.

* Keep critical infrastructure/server build/networking documentation in 
multiple places.

oI had a recent backup at my personal residence.  It was invaluable in the 
early stages of our Recovery.

* Data restores

oDo test restores regularly.  Environments change all the time and maybe 
something hasn't been added to the backup list for that server.

oEnsure that you can retrieve critical data quickly.  Restores take time.

oTapes - do anything to avoid them, if you have to use them have multiple 
tape drives available so that restores can be conducted more quickly.

oHave backup backup servers.  Especially with the tape catalogues 
available.  We saw cataloguing of tapes take 14 hours plus.

oHave an offsite location authorised as a delivery point with your Offsite 
Tape holder.

* Check your emotions at the door.  Remain calm and logical, consider 
others needs.  The people that are true leaders(that doesn't necessarily mean 
all Managers) should be running the show.  Everyone else will be looking to 
them for guidance.



* Fire and water make fantastic servants, they are horrible masters.

James.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: un

Re: Some thoughts for your DR Plan

[Jonathan Link]

One thing that I noticed, I have a question about.  Is your backup encrypted
at all?  You mentioned that you had a recent backup at your personal
residence, is this part of your standard for maintaining an offsite backup,
or was it an accidental happenstance?



On Sun, Jan 30, 2011 at 9:05 PM, James Hill wrote:

>  We now have the majority of things restored and up and running.  Below
> are just some initial thoughts and ideas that I wanted to share with the
> list.  It is in no way any form of DR plan nor is it meant to indicate what
> we did or didn’t have.  It’s simply my experiences from our recent DR
> experience written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard myself as
> any form of DR expert nor am I the first to have been through a real DR
> experience.  However if I am able to provide any info that can assist others
> than I am more than happy to do so.
>
>
>
> · Don’t ever think it can’t happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to
> this all our stores were able to continue to trade even though the data
> centre was under water.
>
> · If you have something in your environment that isn’t in your
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may not
> be able to assist as they are tending to their own personal issues or
> physical access is simply not available.
>
> · Services you take for granted may simply be not available.
> There were power outages (some for weeks) and communication network
> outages.  Phone systems quickly become overloaded in a Disaster, especially
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for
> relocation of office staff)
>
> oFurniture for staff
>
> oComputers and comms
>
> oPower, can the circuits handle the extra load you will be adding to
> the site?
>
> oBandwidth
>
> oAir conditioning/heating
>
> · Have remote visibility of your data centre and its surroundings
>
> oA camera or two would have shown us the level of the water and we
> could have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if
> water is detected.
>
> · Exchange cached mode and offline files provide quick access to
> much critical information.
>
> · Keep critical infrastructure/server build/networking
> documentation in multiple places.
>
> oI had a recent backup at my personal residence.  It was invaluable in
> the early stages of our Recovery.
>
> · Data restores
>
> oDo test restores regularly.  Environments change all the time and
> maybe something hasn’t been added to the backup list for that server.
>
> oEnsure that you can retrieve critical data quickly.  Restores take
> time.
>
> oTapes – do anything to avoid them, if you have to use them have
> multiple tape drives available so that restores can be conducted more
> quickly.
>
> oHave backup backup servers.  Especially with the tape catalogues
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> oHave an offsite location authorised as a delivery point with your
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical,
> consider others needs.  The people that are true leaders(that doesn’t
> necessarily mean all Managers) should be running the show.  Everyone else
> will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible
> masters.
>
>
>
> James.
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Intel developing security 'game-changer'

[Andrew S. Baker]

*>>There are MORE good files that I want to use than bad that I want to
block. *

Except that most of those good files won't get executed if you stop a more
limited number of other executables from launching.

You don't necessarily have to track every version of every known DLL that
might ever get executed, if you can simply track the far more limited number
of executables that would spawn them.

It would appear that you're looking at whitelisting in a very different way
than is typically implemented.  What is your understanding of how a
whitelisting solution would need to work?



*>>If there’s a chance that said application will make a mistake, then we
also need something signature based to block the bad bits.*

Except that the scenario you're presenting is exactly what we call Zero Day
attacks.   Vulnerability is discovered in an approved app (no matter how you
chose to identify "approved app") and it gets exploited.  How is a signature
helping there when the attack is new?

If the vulnerability is one that requires no new executables, then a
zero-day attack is equally damaging to a whitelist or blacklist approach.
If the vulnerability is one that spawns a new executable, then a zero-day
attack is not effective in a whitelist scenario, but just as damaging as
always in a blacklist scenario.

I address the need for vendors to allow features and functionality to be
enabled or disabled independently (in the very next paragraph), which would
provide even more security.  In the meantime, blacklisting at the host level
as the primary means of protection is a game of increasing risk with
diminishing returns...


*ASB *(My Bio via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Mon, Jan 31, 2011 at 2:36 PM, Crawford, Scott wrote:

>  “Application whitelisting is a good idea, because for every environment,
> there are less items that fall into the “*known good*” category than bad
> code that you don’t want to run.”
>
>
>
> This assumption simply isn’t true. Data = 1’s and 0’s = code. There are
> MORE good files that I want to use than bad that I want to block. If there
> was some magic bullet that ensured “data” files could never contain
> executable bits, then I would agree whole heartedly. But, I don’t believe
> such bullet will ever exist. Therefore data = 1’s and 0’s = code and its up
> to the whitelisted .exe to interpret them correctly. If there’s a chance
> that said application will make a mistake, then we also need something
> signature based to block the bad bits.
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, January 31, 2011 12:25 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Intel developing security 'game-changer'
>
>
>
> Here are my full thoughts on the subject, as a security mechanism:
>
>
>
>
> http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx
>
>
>
> No, it is not a panacea, because no security mechanism ever is.  Yes, there
> are drawbacks, but focusing on these technologies will provide a bigger bang
> for the buck and allow us to mitigate the weaknesses sooner.  Either way,
> your ROI is greater in most scenarios which use whitelisting vs
> blacklisting.
>
>
>
> Also, check out the following:
> http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html
>
>
>
>
>
> *ASB *(Find me online via About.Me )
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
>  On Mon, Jan 31, 2011 at 12:48 PM, Crawford, Scott 
> wrote:
>
> “No one here has suggested panacea”
>
>
>
> Perhaps not, but that’s not my perception. I see lots of statements like
> “I’m still of the opinion that the only real solution is white-listing. -
> MBS”  Maybe I’m misreading that, but that hints at a panacea and I’m simply
> saying that it’s not.
>
>
>
> All of your other points – I agree.
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, January 26, 2011 4:35 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Intel developing security 'game-changer'
>
>
>
> No one here has suggested panacea, but consider how effective it would be
> in a white-listing environment to add most apps to the list in the event of
> a zero-day to an EXISTING app.  You wouldn't have to do anything for an app
> that wasn't already allowed in your environment.
>
>
>
> It is akin to the change in firewall rule-set made in ages gone by from
> Allowed-by-Default to Denied-by-Default.
>
>
>
> Likewise, look at all the environments that have moved towards some form of
> locked down user desktop and see how much of a benefit has resulted.
>
>
>
> Reducing problems by 50-80% off the bat, with little overhead, is always
> desirable.
>
>
>
> *ASB *(My Bio via About.Me )
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
> On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott 
> wrote:
>
> My point

RE: Some thoughts for your DR Plan

[James Hill]

Hi Roger,

I'm working on getting these up now.  I have some "after" photo's of our data 
centre.  Unfortunately they were taken with a phone camera but they more than 
get the point across.

James.

-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Tuesday, 1 February 2011 4:48 AM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan

James,

Do you have any photos of your DC underwater that you could share?
This and your write-up will go a long way toward helping our management 
understand the risks.

Thanks...


Roger Wright
___

"The internet is a great way to get on the net." - Bob Dole




On Sun, Jan 30, 2011 at 9:05 PM, James Hill  
wrote:
> We now have the majority of things restored and up and running.  Below 
> are just some initial thoughts and ideas that I wanted to share with the list.
> It is in no way any form of DR plan nor is it meant to indicate what 
> we did or didn't have.  It's simply my experiences from our recent DR 
> experience written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard 
> myself as any form of DR expert nor am I the first to have been 
> through a real DR experience.  However if I am able to provide any 
> info that can assist others than I am more than happy to do so.
>
>
>
> · Don't ever think it can't happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince 
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to 
> this all our stores were able to continue to trade even though the 
> data centre was under water.
>
> · If you have something in your environment that isn't in your 
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may 
> not be able to assist as they are tending to their own personal issues 
> or physical access is simply not available.
>
> · Services you take for granted may simply be not available.  
> There were power outages (some for weeks) and communication network outages.
> Phone systems quickly become overloaded in a Disaster, especially 
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for 
> relocation of office staff)
>
> o    Furniture for staff
>
> o    Computers and comms
>
> o    Power, can the circuits handle the extra load you will be adding 
> to the site?
>
> o    Bandwidth
>
> o    Air conditioning/heating
>
> · Have remote visibility of your data centre and its 
> surroundings
>
> o    A camera or two would have shown us the level of the water and we 
> could have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if 
> water is detected.
>
> · Exchange cached mode and offline files provide quick access 
> to much critical information.
>
> · Keep critical infrastructure/server build/networking 
> documentation in multiple places.
>
> o    I had a recent backup at my personal residence.  It was 
> invaluable in the early stages of our Recovery.
>
> · Data restores
>
> o    Do test restores regularly.  Environments change all the time and 
> maybe something hasn't been added to the backup list for that server.
>
> o    Ensure that you can retrieve critical data quickly.  Restores 
> take time.
>
> o    Tapes - do anything to avoid them, if you have to use them have 
> multiple tape drives available so that restores can be conducted more 
> quickly.
>
> o    Have backup backup servers.  Especially with the tape catalogues 
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> o    Have an offsite location authorised as a delivery point with your 
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical, 
> consider others needs.  The people that are true leaders(that doesn't 
> necessarily mean all Managers) should be running the show.  Everyone 
> else will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible masters.
>
>
>
> James.
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
T

RE: Some thoughts for your DR Plan

[James Hill]

Go for it Kurt.  If you have any questions please let me know.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, 1 February 2011 3:44 AM
To: NT System Admin Issues
Subject: Re: Some thoughts for your DR Plan

This is a good write up - lots of lessons learned.

As I've said, we have an office in Brisbane.

I've never visited it, but I am in several senses responsible for the IT there, 
and it has always galled me that I haven't been able to do anything for them 
beyond sending an LTO4 tape unit and a few tapes to them - they ferry the tapes 
back and forth to the garage of one of the staff members on a weekly basis...

Do I have your permission to show this to management here? I think it might 
prove a bit of an eye opener for them.

Kurt

On Sun, Jan 30, 2011 at 18:05, James Hill  wrote:
> We now have the majority of things restored and up and running.  Below 
> are just some initial thoughts and ideas that I wanted to share with the list.
> It is in no way any form of DR plan nor is it meant to indicate what 
> we did or didn’t have.  It’s simply my experiences from our recent DR 
> experience written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard 
> myself as any form of DR expert nor am I the first to have been 
> through a real DR experience.  However if I am able to provide any 
> info that can assist others than I am more than happy to do so.
>
>
>
> · Don’t ever think it can’t happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince 
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to 
> this all our stores were able to continue to trade even though the 
> data centre was under water.
>
> · If you have something in your environment that isn’t in your 
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may 
> not be able to assist as they are tending to their own personal issues 
> or physical access is simply not available.
>
> · Services you take for granted may simply be not available.  
> There were power outages (some for weeks) and communication network outages.
> Phone systems quickly become overloaded in a Disaster, especially 
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for 
> relocation of office staff)
>
> o    Furniture for staff
>
> o    Computers and comms
>
> o    Power, can the circuits handle the extra load you will be adding 
> to the site?
>
> o    Bandwidth
>
> o    Air conditioning/heating
>
> · Have remote visibility of your data centre and its 
> surroundings
>
> o    A camera or two would have shown us the level of the water and we 
> could have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if 
> water is detected.
>
> · Exchange cached mode and offline files provide quick access 
> to much critical information.
>
> · Keep critical infrastructure/server build/networking 
> documentation in multiple places.
>
> o    I had a recent backup at my personal residence.  It was 
> invaluable in the early stages of our Recovery.
>
> · Data restores
>
> o    Do test restores regularly.  Environments change all the time and 
> maybe something hasn’t been added to the backup list for that server.
>
> o    Ensure that you can retrieve critical data quickly.  Restores 
> take time.
>
> o    Tapes – do anything to avoid them, if you have to use them have 
> multiple tape drives available so that restores can be conducted more 
> quickly.
>
> o    Have backup backup servers.  Especially with the tape catalogues 
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> o    Have an offsite location authorised as a delivery point with your 
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical, 
> consider others needs.  The people that are true leaders(that doesn’t 
> necessarily mean all Managers) should be running the show.  Everyone 
> else will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible masters.
>
>
>
> James.
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ 

RE: Some thoughts for your DR Plan

[James Hill]

Absolutely Erik.  I want to help others as much as possible as it really is a 
horrible thing to have to go through.

We have recovered very quickly imo and the systems we did have in place helped 
us to do that.  But we could have avoided huge amounts of pain if we had better 
DR systems and plans in place.

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Monday, 31 January 2011 9:54 PM
To: NT System Admin Issues
Subject: RE: Some thoughts for your DR Plan

I'm sorry you had to experience this, but glad you didn't experience personal 
catastrophic harm.

I belong to the Southeastern Continuity Planners' Association here in Georgia ( 
www.scpa-us.org ) and I'd like to share the content of 
your message below, but wanted to ask your permission first.  What say you ?

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Sunday, January 30, 2011 9:06 PM
To: NT System Admin Issues
Subject: Some thoughts for your DR Plan

We now have the majority of things restored and up and running.  Below are just 
some initial thoughts and ideas that I wanted to share with the list.  It is in 
no way any form of DR plan nor is it meant to indicate what we did or didn't 
have.  It's simply my experiences from our recent DR experience written down 
for the benefits of others.

Some or none of this may apply to you.  I certainly do not regard myself as any 
form of DR expert nor am I the first to have been through a real DR experience. 
 However if I am able to provide any info that can assist others than I am more 
than happy to do so.


*  Don't ever think it can't happen, it can.

*  You do need a DR location, a live one if possible.  Convince 
management of this!

*  Build redundancy into your designs of everything.  Thanks to this 
all our stores were able to continue to trade even though the data centre was 
under water.

*  If you have something in your environment that isn't in your backup 
schedule, add it now, no matter how small it may be.

*  Consider that staff with specific duties in your DR plan may not be 
able to assist as they are tending to their own personal issues or physical 
access is simply not available.

*  Services you take for granted may simply be not available.  There 
were power outages (some for weeks) and communication network outages.  Phone 
systems quickly become overloaded in a Disaster, especially mobile/cell 
networks.

*  Make allowance for the following in your DR location(for relocation 
of office staff)

oFurniture for staff

oComputers and comms

oPower, can the circuits handle the extra load you will be adding to the 
site?

oBandwidth

oAir conditioning/heating

*  Have remote visibility of your data centre and its surroundings

oA camera or two would have shown us the level of the water and we could 
have saved much more equipment.

*  Add sensors to your data centre that shuts off the power if water is 
detected.

*  Exchange cached mode and offline files provide quick access to much 
critical information.

*  Keep critical infrastructure/server build/networking documentation 
in multiple places.

oI had a recent backup at my personal residence.  It was invaluable in the 
early stages of our Recovery.

*  Data restores

oDo test restores regularly.  Environments change all the time and maybe 
something hasn't been added to the backup list for that server.

oEnsure that you can retrieve critical data quickly.  Restores take time.

oTapes - do anything to avoid them, if you have to use them have multiple 
tape drives available so that restores can be conducted more quickly.

oHave backup backup servers.  Especially with the tape catalogues 
available.  We saw cataloguing of tapes take 14 hours plus.

oHave an offsite location authorised as a delivery point with your Offsite 
Tape holder.

*  Check your emotions at the door.  Remain calm and logical, consider 
others needs.  The people that are true leaders(that doesn't necessarily mean 
all Managers) should be running the show.  Everyone else will be looking to 
them for guidance.



*  Fire and water make fantastic servants, they are horrible masters.

James.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-softwar

RE: http://aws.amazon.com/

[Charlie Kaiser]

I've done a bunch of work with the AWS stuff. While it is a good system and
allows for some pretty cool fast provisioning, it's not without its pain
points. When you combine it with the S3 storage and a backup app like
Cloudberry, it can let you do a lot of cool things.
If you are working on web-type stuff that has to be tested from outside,
it's invaluable. You can set it up, firewall it, and let your developers and
anyone else pound on it with no risks to your inside network.
As with any new technology, there are gotchas and plenty things that need to
be done correctly to avoid coffin corners down the road. Doing domain stuff
can be a bit tricky due to time/Kerberos/reboot issues, but I've done it
successfully.
If all your access is internal, and you already have a VM infrastructure,
you probably won't gain much. It is neat to be able to spin up a
high-performance server in seconds without worrying about hitting your
underlying infrastructure too hard. But that comes with a $ price, too.

For me, the bottom line is that it is definitely worth a look to see if it
solves a problem...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Monday, January 31, 2011 1:00 PM
> To: NT System Admin Issues
> Subject: RE: http://aws.amazon.com/
> 
> My boss' boss floating it to use because a developer got their boss's ear.
My reply was
> "what business requirement does this meet?". We do already have a VMWare
lab manager
> which I think does essentially this already.
> 
> 
> 
> Bottom line is I was directly asked to comment on it, but I have no direct
link in the chain
> of this product getting used or not. I am however in good seats with
people that can
> influence this or not (else that doc wouldn't have made it to me at all).
> 
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 // (Cell) 503.267.9764
> 
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Monday, January 31, 2011 11:28 AM
> To: NT System Admin Issues
> Subject: Re: http://aws.amazon.com/
> 
> 
> 
> What was the nature of the request?
> 
> 
> 
> AWS is great for giving access to developers who need to put things
together quickly (for
> prototypes, etc) which will need broad external access.  Allows you to
focus more on
> requests that are fleshed out and heading for production, or that require
quick turn-
> up/tear-down times.
> 
> 
> 
> 
> 
> ASB (My Bio via About.Me  )
> Exploiting Technology for Business Advantage...
> 
> 
> 
> 
> 
> 
> 
> On Mon, Jan 31, 2011 at 1:46 PM, David Lum  wrote:
> 
> This just got put in my lap for comments and thoughts. Kneejerk says "why
- we already
> have infrastructure here.". Although throwing our developers into this
gets them off
> "my" environment that, while appealing, isn't the right reason to consider
such an action.
> 
> 
> 
> Thoughts/comments about the service?
> 
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 // (Cell) 503.267.9764
> 
> 
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: First Windows Server 2008 member server

[Brian Desmond]

NTBackup has been renamed and reimagined as Windows Server Backup... It is 
substantially better in 2008 R2 compared to 2008.


Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 2:00 PM
To: NT System Admin Issues
Subject: RE: First Windows Server 2008 member server

Nothing yet.  Just installed it for the first time and was playing around with 
backups and couldn't find NTBackup.  Started some reading and got really sick 
to my stomach.  Thought I would get some medicine from the list before I 
continued making myself sick.



From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Posted At: Monday, January 31, 2011 2:58 PM
Posted To: itli...@imcu.com
Conversation: First Windows Server 2008 member server
Subject: Re: First Windows Server 2008 member server

Data Proctor Express.  I'm pretty sure it will work with Backup Exec as well.  
What have you tried?
On Mon, Jan 31, 2011 at 1:54 PM, itli...@imcu.com 
mailto:itli...@imcu.com>> wrote:
What backup software are you using?



From: Eric Wittersheim 
[mailto:eric.wittersh...@gmail.com]
Posted At: Monday, January 31, 2011 2:40 PM
Posted To: itli...@imcu.com
Conversation: First Windows Server 2008 member server
Subject: Re: First Windows Server 2008 member server

I have a w2k8 server with a LTO3 drive on it.
On Mon, Jan 31, 2011 at 1:36 PM, itli...@imcu.com 
mailto:itli...@imcu.com>> wrote:
Hadn't read much on this but they really don't have support for my LTO tape 
drive?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT: System Administrator - 2 years contract - Minneapolis, MN

[Sam Cayze]

I was asked to pass this on.  Contact info below, please don't contact me.
I hear the pay is around upper $30's/hour.
-Sam

___



*Title: **System administrator***

*Required Skills *

A four-year college degree is required for this position or demonstrates
skills and/or experience with critical and strategic thinking, planning,
project management, expert problem solving, excellent writing skills, and
excellent human relations skills.

· VMWare and Windows Server operating system certifications or
demonstrated skills and/or experience engineering and managing same.

· 5 years hands-on experience in a moderate to large system shop or
demonstrated abilities in administering operating systems on IBM and Dell
platforms.

· Expert problem solving and remediation skills.

· Ability to document resolutions to problems and communicate
resolutions to others.

· Ability to collaborate with other unit staff members as well as
employees in other ISD units and offer solutions to their problems.

· Excellent communication skills (technical, standards, procedural,
and user documentation).



*Desired Skills *

* *

Technical skills:

· Expert knowledge and experience in using a standardized testing
methodology and adherence to standards and procedures for testing and
distribution of software.

· Expert knowledge and experience administering operating systems or
enterprise wide software.

· Expert knowledge of Dell and IBM servers

· Experience and ability to document design requirements

· Knowledge and experience with VMWare and Microsoft Server design
and configuration.

· Experience and ability to develop testing methodologies and
develop, implement and document test plans



Planning, analytical, and problem solving skills:

· Ability to identify and document business and technical
requirements and develop solutions to meet those requirements.

· Experience and ability to analyze and develop architectural
designs for VMWare and Windows Operating Systems, server hardware and
software configuration requirements or other high level technical analytical
or design experience.

· Ability to assess and document risk for new technologies.

· Ability to lead teams to identify problems and develop resolutions
is required for this position.



Project Management skills:

· Ability to quickly become knowledgeable of the existing DOR
systems and the ability to apply that knowledge to make better delivery of
systems and services.

· Ability to lead large projects that could affect the entire
agency. Includes knowledge and experience using a project management
methodology, developing project plans and schedules, leading teams or other
participants on the project, chairing meetings, and developing project
documentation.

· Facilitation skills to lead meetings to identify requirements,
designs, and configuration settings.



Leadership, training and mentoring skills:

· Ability to provide guidance and direction to senior technical
staff.

· Ability to mentor, coach and train other staff on technical
matters.

· Ability to teach and transfer knowledge to DOR technical staff.



Communication and documentation skills:

· Ability to interact technically with unit staff and vendors.

· Ability to develop written technical reports, planning documents,
status reports, policies and procedures.

· Ability to document technical designs, standards, policies,
procedures

· Completion of the Microsoft Certified Systems Engineer (MCSE)



Please email an updated Word copy of your resume to p...@sdksoft.com with
expected pay rate and contact information if you'd like to consider this
position. It would be nice if you could let me know either way about your
interest in this position.



Thank you,



Prem

Technical Recruiter,

SDK Software, Inc.

11320 86th Avenue N,

Minneapolis, MN 55369

p...@sdksoft.com

952-486-7224

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: http://aws.amazon.com/

[David Lum]

My boss' boss floating it to use because a developer got their boss's ear. My 
reply was "what business requirement does this meet?". We do already have a 
VMWare lab manager which I think does essentially this already.

Bottom line is I was directly asked to comment on it, but I have no direct link 
in the chain of this product getting used or not. I am however in good seats 
with people that can influence this or not (else that doc wouldn't have made it 
to me at all).
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 31, 2011 11:28 AM
To: NT System Admin Issues
Subject: Re: http://aws.amazon.com/

What was the nature of the request?

AWS is great for giving access to developers who need to put things together 
quickly (for prototypes, etc) which will need broad external access.  Allows 
you to focus more on requests that are fleshed out and heading for production, 
or that require quick turn-up/tear-down times.




ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...




On Mon, Jan 31, 2011 at 1:46 PM, David Lum 
mailto:david@nwea.org>> wrote:
This just got put in my lap for comments and thoughts. Kneejerk says "why - we 
already have infrastructure here...". Although throwing our developers into 
this gets them off "my" environment that, while appealing, isn't the right 
reason to consider such an action...

Thoughts/comments about the service?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: First Windows Server 2008 member server

[itli...@imcu.com]

Nothing yet.  Just installed it for the first time and was playing
around with backups and couldn't find NTBackup.  Started some reading
and got really sick to my stomach.  Thought I would get some medicine
from the list before I continued making myself sick.

 

 



From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
Posted At: Monday, January 31, 2011 2:58 PM
Posted To: itli...@imcu.com
Conversation: First Windows Server 2008 member server
Subject: Re: First Windows Server 2008 member server
  

Data Proctor Express.  I'm pretty sure it will work with Backup Exec as
well.  What have you tried?

On Mon, Jan 31, 2011 at 1:54 PM, itli...@imcu.com 
wrote:

What backup software are you using?

 

 



From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
Posted At: Monday, January 31, 2011 2:40 PM
Posted To: itli...@imcu.com
Conversation: First Windows Server 2008 member server
Subject: Re: First Windows Server 2008 member server
  

I have a w2k8 server with a LTO3 drive on it.

On Mon, Jan 31, 2011 at 1:36 PM, itli...@imcu.com 
wrote:

Hadn't read much on this but they really don't have support for my LTO
tape drive?

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: First Windows Server 2008 member server

[Eric Wittersheim]

Data Proctor Express.  I'm pretty sure it will work with Backup Exec as
well.  What have you tried?

On Mon, Jan 31, 2011 at 1:54 PM, itli...@imcu.com  wrote:

>  What backup software are you using?
>
>
>
>
>  --
>
> *From:* Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
> *Posted At:* Monday, January 31, 2011 2:40 PM
> *Posted To:* itli...@imcu.com
> *Conversation:* First Windows Server 2008 member server
> *Subject:* Re: First Windows Server 2008 member server
>
>
> I have a w2k8 server with a LTO3 drive on it.
>
> On Mon, Jan 31, 2011 at 1:36 PM, itli...@imcu.com 
> wrote:
>
> Hadn’t read much on this but they really don’t have support for my LTO tape
> drive?
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: First Windows Server 2008 member server

[itli...@imcu.com]

What backup software are you using?

 

 



From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] 
Posted At: Monday, January 31, 2011 2:40 PM
Posted To: itli...@imcu.com
Conversation: First Windows Server 2008 member server
Subject: Re: First Windows Server 2008 member server
  

I have a w2k8 server with a LTO3 drive on it.

On Mon, Jan 31, 2011 at 1:36 PM, itli...@imcu.com 
wrote:

Hadn't read much on this but they really don't have support for my LTO
tape drive?

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[Paul Hutchings]

I've spent most of this afternoon installing the second site in a three site (2 
data, 1 FOM) P4000 setup.

There's been a few "WTF?!" moments mostly around the CMC and reporting, but 
it's kind of neat to have your live data in two locations and be able to lose 
one and have it fail over damned near seamlessly (vsphere HA isn't great).

I suspect Oliver's decision may be made when he sees how much even a pretty 
basic FC switch costs.

Paul

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: 31 January 2011 18:44
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

I don't have any experience with FC, but I do love my LeftHand units - we 
started with two units and currently have three, with two-way replication 
between them. Not cheap, but cheaper than a lot of them, and they've been 
acquired by HP.

Never had an ounce of trouble with them - a RAM stick went bad on one of them, 
and HP hotfooted a replacement to me with no issues. No downtime, either, 
because of the two way replication. I shut down the affected unit as soon as I 
got the RAM, replaced the stick, fired it back up, and nothing so much as 
hiccuped.

Needed to seriously update the software when adding in the third unit, but a 
support rep held my hand over the phone, and that went smoothly, too.

Awesome stuff.

Kurt

On Mon, Jan 31, 2011 at 08:13, Oliver Marshall  
wrote:
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get 
> rid of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we 
> just use for dumping scrap data on) what are peoples thoughts of iSCSI 
> SANs vs FibreChannel SANs? We are planning on having two physical 
> hosts (probably Dell PE710s running either Hyper-V or ESXi) with a 
> lump of shared storage on a SAN but we are at odds here as to whether we 
> should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: First Windows Server 2008 member server

[Eric Wittersheim]

I have a w2k8 server with a LTO3 drive on it.

On Mon, Jan 31, 2011 at 1:36 PM, itli...@imcu.com  wrote:

>  Hadn’t read much on this but they really don’t have support for my LTO
> tape drive?
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Intel developing security 'game-changer'

[Crawford, Scott]

"Application whitelisting is a good idea, because for every environment, there 
are less items that fall into the "known good" category than bad code that you 
don't want to run."

This assumption simply isn't true. Data = 1's and 0's = code. There are MORE 
good files that I want to use than bad that I want to block. If there was some 
magic bullet that ensured "data" files could never contain executable bits, 
then I would agree whole heartedly. But, I don't believe such bullet will ever 
exist. Therefore data = 1's and 0's = code and its up to the whitelisted .exe 
to interpret them correctly. If there's a chance that said application will 
make a mistake, then we also need something signature based to block the bad 
bits.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 31, 2011 12:25 PM
To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

Here are my full thoughts on the subject, as a security mechanism:

http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx

No, it is not a panacea, because no security mechanism ever is.  Yes, there are 
drawbacks, but focusing on these technologies will provide a bigger bang for 
the buck and allow us to mitigate the weaknesses sooner.  Either way, your ROI 
is greater in most scenarios which use whitelisting vs blacklisting.

Also, check out the following:  
http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html




ASB (Find me online via About.Me)
Exploiting Technology for Business Advantage...




On Mon, Jan 31, 2011 at 12:48 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
"No one here has suggested panacea"

Perhaps not, but that's not my perception. I see lots of statements like "I'm 
still of the opinion that the only real solution is white-listing. - MBS"  
Maybe I'm misreading that, but that hints at a panacea and I'm simply saying 
that it's not.

All of your other points - I agree.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, January 26, 2011 4:35 PM

To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

No one here has suggested panacea, but consider how effective it would be in a 
white-listing environment to add most apps to the list in the event of a 
zero-day to an EXISTING app.  You wouldn't have to do anything for an app that 
wasn't already allowed in your environment.

It is akin to the change in firewall rule-set made in ages gone by from 
Allowed-by-Default to Denied-by-Default.

Likewise, look at all the environments that have moved towards some form of 
locked down user desktop and see how much of a benefit has resulted.

Reducing problems by 50-80% off the bat, with little overhead, is always 
desirable.



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...



On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
My point is that neither signatures, nor white-listing are a panacea. The fact 
that we've been sig based for so long while malware continues to be effective 
leads many to think that white-listing would solve all our woes. I'm simply 
saying that many *current* vulnerabilities circumvent a white-list so it can't 
be a panacea...unless of course you white-list each individual data file.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, January 26, 2011 1:55 PM

To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

Just as network anomaly detection devices don't eliminate the use of 
signatures, whitelisting solutions can still make use of several mechanisms for 
avoiding bad stuff.

It is the complete RELIANCE on signatures that is troublesome.

Oh, and btw, I try to avoid Adobe Acrobat altogether.  There are plenty of 
viable alternatives at the moment...



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...



On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
Unless you're going to white-list every doc/jpg/pdf/mp3 you're going to open, 
that's not a panacea either.  Documents = 1's and 0's = code. The only 
difference is what layer its executed at.  Assume you white-list 
AdobeReader.exe. The next time a flaw is found that is exploited through a 
malformed PDF, it will march right through your white-list.

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Wednesday, January 26, 2011 1:38 PM

To: NT System Admin Issues
Subject: RE: Intel developing security 'game-changer'

I'm still of the opinion that the only real solution is white-listing.

But that raises its own set of issues.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andrew S. Baker [mailto:asbz...@gm

Re: http://aws.amazon.com/

[Andrew S. Baker]

What was the nature of the request?

AWS is great for giving access to developers who need to put things together
quickly (for prototypes, etc) which will need broad external access.  Allows
you to focus more on requests that are fleshed out and heading for
production, or that require quick turn-up/tear-down times.


 *ASB *(My Bio via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Mon, Jan 31, 2011 at 1:46 PM, David Lum  wrote:

> This just got put in my lap for comments and thoughts. Kneejerk says “why –
> we already have infrastructure here…”. Although throwing our developers into
> this gets them off “my” environment that, while appealing, isn’t the right
> reason to consider such an action…
>
>
>
> Thoughts/comments about the service?
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 *// *(Cell) 503.267.9764
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[jesse-r...@wi.rr.com]

I've setup and installed both FC and iSCSI SANs.  I think iSCSI is a great
cost alternative to FC.  Performance on iSCSI has been very good in my
scenarios (generally running 15-20 VMs).  FC provides better
performanceonly when doing constant sequential reads which may eclipse the
1GB bandwidth limitation of iSCSI.  However, during normal operations, this
seems to be extremely rare.

Ive used HP23xxi G2 model iSCSI SANs, HP 23xxfc G2 fiber channel SANs, Dell
MD3200i, and even IOmega iSCSI ix4-200d(crap performance and reliability
but good for very CHEAP iSCSI storage).  Performance-wise the Dell MD3200i
provided the best real world IO of the SANs I've worked with.  Controller
caching seems pretty important.  The more the merrier.

JR


Original Message:
-
From: Oliver Marshall oliver.marsh...@g2support.com
Date: Mon, 31 Jan 2011 17:05:11 +
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: iSCSI SANs vs FibreChannel SANs


I think I just get stuck staring at the pretty line graphspretty
coloursss...


--
G2 Support
Network Support : Online Backups : Server Management

Email:  oliver.marsh...@g2support.com
Web:http://www.g2support.com


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: 31 January 2011 17:02
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

In my opinion, and my experience with ESXi, there's nothing to do in the
console anywyay...

What things are you thinking about?
On Mon, Jan 31, 2011 at 11:54 AM, Oliver Marshall
mailto:oliver.marsh...@g2support.com>> wrote:
Yeah I really like ESXi but somehow the lack of a.windows-like OS puts
me off of it. Something about having a "real" desktop there to do things on
in case we need it.

Is that mad (or a sign of impending madness)  ?


--
G2 Support
Network Support : Online Backups : Server Management

Email:  oliver.marsh...@g2support.com
Web:http://www.g2support.com


From: Jim Holmgren
[mailto:jholmg...@xlhealth.com]
Sent: 31 January 2011 16:51

To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

Bear in mind that Equalogic = Dell, so your source for the MD3220i should
be the same as your source for EQL.

Re:  HyperV vs ESXi - can't say much for HyperV as I've no real experience
with it, but I do know firsthand that EQL does work very nicely with ESXi.

Jim

From: Oliver Marshall
[mailto:oliver.marsh...@g2support.com]
Sent: Monday, January 31, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

Thanks all. Good to know. I'll spec out the prices for the MD3220i (which
appears to the be the UK model) and also speak to Equalogic too.

Next upHyperV or ESXi :)




--
G2 Support
Network Support : Online Backups : Server Management

Email:  oliver.marsh...@g2support.com
Web:http://www.g2support.com


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: 31 January 2011 16:44
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

iSCSI will work just fine for hosting a VM environment, as well as some
other workloads.

If you already have a FC infrastructure, then that's not a bad reason to go
there, but iSCSI is very mature and stable and good performance if you
don't purchase the cheapest equipment you can find.

First, as others have pointed out, you need to size up your needs...



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...



On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall
mailto:oliver.marsh...@g2support.com>> wrote:
Well, there will be maybe 3 VMs running on each host, most likely VM will
have a redundant 'spare' running on the other physical host. The largest
will be about 400GB+ of space running Exchange 2010 for about 100 users.
Then perhaps a DC and a file server, and the latter will just be acting as
a witness server for the Exchange DAG servers.

I like the idea of iSCSI franky but experience of the s*** end of the
market has put me off. Saying that the cost of the FC based setup puts me
off even more :)

Olly


From: John Cook [mailto:john.c...@pfsf.org]
Sent: 31 January 2011 16:26

To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
found that while the fiber has better throughput (we also have an old 2Gb
EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
aren't cheap) and of course you need some marginal capability in
configuring said switch.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352)

Re: http://aws.amazon.com/

[Kurt Buff]

What's the business case for this, and what are the risks?

So far, I don't see enough of a business case vs. the risks.

What's worse is that I don't think that all of the risks have been
thought through or even discovered yet.

Give it about 5 or so years, and we might have a better idea of what
this entails.

Remember the old Texas aphorism: "You can tell the pioneers by the
arrows in their backs"

Kurt

On Mon, Jan 31, 2011 at 10:46, David Lum  wrote:
> This just got put in my lap for comments and thoughts. Kneejerk says “why –
> we already have infrastructure here…”. Although throwing our developers into
> this gets them off “my” environment that, while appealing, isn’t the right
> reason to consider such an action…
>
>
>
> Thoughts/comments about the service?
>
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 // (Cell) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iSCSI SANs vs FibreChannel SANs

[Kurt Buff]

+1 - Go with the Essential package. Worth every penny.

Kurt

On Mon, Jan 31, 2011 at 09:50, John Cook  wrote:
> You can get VMWare Essentials for $1000 to manage multiple hosts and for 
> another $500 you can get the Plus package which gives you a lot more 
> functionality.
>
>  John W. Cook
> System Administrator
> Partnership For Strong Families
> 5950 NW 1st Place
> Gainesville, Fl 32607
> Office (352) 244-1610
> Cell     (352) 215-6944
> MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
>
> -Original Message-
> From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
> Sent: Monday, January 31, 2011 12:42 PM
> To: NT System Admin Issues
> Subject: RE: iSCSI SANs vs FibreChannel SANs
>
> On Hyper-v vs. ESX/ESXi my take has always been that vsphere is more mature, 
> and if your hardware is on the HCL you just drop in the ISO and away you go.
>
> With Windows you might get lucky "out the box" or you might be having to 
> download Broadcom NIC drivers (and teaming software) or Intel NIC drivers 
> (and teaming software).
>
> Not to mention technical support - could be wrong here and happy to be 
> corrected but I don't think you can buy a cheap support agreement on hyper-v 
> like you can vsphere?
>
> On a technical level, at that sort of size/scale I'm sure either would do the 
> job admirably.
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
> attached to or with this Notice is intended only for the person or entity to 
> which it is addressed and may contain Protected Health Information (PHI), 
> confidential and/or privileged material. Any review, transmission, 
> dissemination, or other use of, and taking any action in reliance upon this 
> information by persons or entities other than the intended recipient without 
> the express written consent of the sender are prohibited. This information 
> may be protected by the Health Insurance Portability and Accountability Act 
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized 
> use or disclosure of this information could result in civil and/or criminal 
> penalties.
>  Consider the environment. Please don't print this e-mail unless you really 
> need to.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iSCSI SANs vs FibreChannel SANs

[Kurt Buff]

But, ESX is in the process of being deprecated, for several reasons - with
all of which I agree.

Kurt

On Mon, Jan 31, 2011 at 08:58, James Rankin  wrote:

> You'd probably rarely have to go into the console itself. Doing things like
> Dell hardware updates and the like isn't something you do a hell of a lot
> of. That's probably the only time I find myself digging in ESX consoles.
> Admittedly though ESX itself is a little friendlier than ESXi
>
>
> On 31 January 2011 16:54, Oliver Marshall 
> wrote:
>
>> Yeah I really like ESXi but somehow the lack of a…..windows-like OS puts
>> me off of it. Something about having a “real” desktop there to do things on
>> in case we need it.
>>
>>
>>
>> Is that mad (or a sign of impending madness)  ?
>>
>>
>>
>>
>>
>> --
>>
>> G2 Support
>>
>> Network Support : Online Backups : Server Management
>>
>>
>>
>> Email:  oliver.marsh...@g2support.com
>>
>> Web:http://www.g2support.com
>>
>>
>>
>>
>>
>> *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com]
>> *Sent:* 31 January 2011 16:51
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>>
>>
>>
>> Bear in mind that Equalogic = Dell, so your source for the MD3220i should
>> be the same as your source for EQL.
>>
>>
>>
>> Re:  HyperV vs ESXi – can’t say much for HyperV as I’ve no real experience
>> with it, but I do know firsthand that EQL does work *very* nicely with
>> ESXi.
>>
>>
>>
>> Jim
>>
>>
>>
>> *From:* Oliver Marshall [mailto:oliver.marsh...@g2support.com]
>> *Sent:* Monday, January 31, 2011 11:48 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>>
>>
>>
>> Thanks all. Good to know. I’ll spec out the prices for the MD3220i (which
>> appears to the be the UK model) and also speak to Equalogic too.
>>
>>
>>
>> Next up….HyperV or ESXi J
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> G2 Support
>>
>> Network Support : Online Backups : Server Management
>>
>>
>>
>> Email:  oliver.marsh...@g2support.com
>>
>> Web:http://www.g2support.com
>>
>>
>>
>>
>>
>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
>> *Sent:* 31 January 2011 16:44
>> *To:* NT System Admin Issues
>> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>>
>>
>>
>> iSCSI will work just fine for hosting a VM environment, as well as some
>> other workloads.
>>
>>
>>
>> If you already have a FC infrastructure, then that's not a bad reason to
>> go there, but iSCSI is very mature and stable and good performance if you
>> don't purchase the cheapest equipment you can find.
>>
>>
>>
>> First, as others have pointed out, you need to size up your needs...
>>
>>
>>
>> *ASB *(My Bio via About.Me )
>> *Exploiting Technology for Business Advantage...*
>>
>>
>>
>>
>>
>> On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall <
>> oliver.marsh...@g2support.com> wrote:
>>
>> Well, there will be maybe 3 VMs running on each host, most likely VM will
>> have a redundant ‘spare’ running on the other physical host. The largest
>> will be about 400GB+ of space running Exchange 2010 for about 100 users.
>> Then perhaps a DC and a file server, and the latter will just be acting as a
>> witness server for the Exchange DAG servers.
>>
>>
>>
>> I like the idea of iSCSI franky but experience of the s*** end of the
>> market has put me off. Saying that the cost of the FC based setup puts me
>> off even more J
>>
>>
>>
>> Olly
>>
>>
>>
>>
>>
>> *From:* John Cook [mailto:john.c...@pfsf.org]
>> *Sent:* 31 January 2011 16:26
>>
>>
>> *To:* NT System Admin Issues
>>
>> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>>
>>
>>
>> I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
>> found that while the fiber has better throughput (we also have an old 2Gb
>> EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
>> aren’t cheap) and of course you need some marginal capability in configuring
>> said switch.
>>
>>
>>
>>  *John W. Cook*
>>
>> *System Administrator*
>>
>> *Partnership For Strong Families*
>>
>> *5950 NW 1st Place*
>>
>> *Gainesville, Fl 32607*
>>
>> *Office (352) 244-1610*
>>
>> *Cell (352) 215-6944*
>>
>> *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4*
>>
>>
>>
>> *From:* Richard Stovall [mailto:rich...@gmail.com]
>> *Sent:* Monday, January 31, 2011 11:22 AM
>> *To:* NT System Admin Issues
>> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>>
>>
>>
>> Not a direct answer, but another shared storage option you could consider
>> for that setup is an MD3XXX.
>>
>> On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
>> oliver.marsh...@g2support.com> wrote:
>>
>> Hi Chaps
>>
>>
>>
>> We’re buying some bits to build a basic VM platform so that we can get rid
>> of some old rack servers here.
>>
>> Being new to decent SANs (we have some crappy iscsi hardware that we just
>> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
>> FibreChannel SANs? We are planning on having two physical hosts (probably
>> Dell PE710s runnin

Re: iSCSI SANs vs FibreChannel SANs

[Kurt Buff]

Not mad, but not something to worry about, either.

ESXi is basically a small busybox implementation of Linux, and you don't
manage it at the hardware's console. You have a management application
installed on your desktop, and if you go with a capable (that is, non-free,
and featureful) version, you'll likely have a Windows server running their
VServer app as well - the VServer installation can itself be a VM or on
standalone hardware.

Think of ESXi as an appliance, just like a SAN - you don't normally go
futzing around at the console on the SAN either - you manage it through the
management app, once it's up and running.

Kurt

On Mon, Jan 31, 2011 at 08:54, Oliver Marshall <
oliver.marsh...@g2support.com> wrote:

> Yeah I really like ESXi but somehow the lack of a…..windows-like OS puts me
> off of it. Something about having a “real” desktop there to do things on in
> case we need it.
>
>
>
> Is that mad (or a sign of impending madness)  ?
>
>
>
>
>
> --
>
> G2 Support
>
> Network Support : Online Backups : Server Management
>
>
>
> Email:  oliver.marsh...@g2support.com
>
> Web:http://www.g2support.com
>
>
>
>
>
> *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com]
> *Sent:* 31 January 2011 16:51
>
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> Bear in mind that Equalogic = Dell, so your source for the MD3220i should
> be the same as your source for EQL.
>
>
>
> Re:  HyperV vs ESXi – can’t say much for HyperV as I’ve no real experience
> with it, but I do know firsthand that EQL does work *very* nicely with
> ESXi.
>
>
>
> Jim
>
>
>
> *From:* Oliver Marshall [mailto:oliver.marsh...@g2support.com]
> *Sent:* Monday, January 31, 2011 11:48 AM
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> Thanks all. Good to know. I’ll spec out the prices for the MD3220i (which
> appears to the be the UK model) and also speak to Equalogic too.
>
>
>
> Next up….HyperV or ESXi J
>
>
>
>
>
>
>
>
>
> --
>
> G2 Support
>
> Network Support : Online Backups : Server Management
>
>
>
> Email:  oliver.marsh...@g2support.com
>
> Web:http://www.g2support.com
>
>
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* 31 January 2011 16:44
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> iSCSI will work just fine for hosting a VM environment, as well as some
> other workloads.
>
>
>
> If you already have a FC infrastructure, then that's not a bad reason to go
> there, but iSCSI is very mature and stable and good performance if you don't
> purchase the cheapest equipment you can find.
>
>
>
> First, as others have pointed out, you need to size up your needs...
>
>
>
> *ASB *(My Bio via About.Me )
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
> On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Well, there will be maybe 3 VMs running on each host, most likely VM will
> have a redundant ‘spare’ running on the other physical host. The largest
> will be about 400GB+ of space running Exchange 2010 for about 100 users.
> Then perhaps a DC and a file server, and the latter will just be acting as a
> witness server for the Exchange DAG servers.
>
>
>
> I like the idea of iSCSI franky but experience of the s*** end of the
> market has put me off. Saying that the cost of the FC based setup puts me
> off even more J
>
>
>
> Olly
>
>
>
>
>
> *From:* John Cook [mailto:john.c...@pfsf.org]
> *Sent:* 31 January 2011 16:26
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
> found that while the fiber has better throughput (we also have an old 2Gb
> EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
> aren’t cheap) and of course you need some marginal capability in configuring
> said switch.
>
>
>
>  *John W. Cook*
>
> *System Administrator*
>
> *Partnership For Strong Families*
>
> *5950 NW 1st Place*
>
> *Gainesville, Fl 32607*
>
> *Office (352) 244-1610*
>
> *Cell (352) 215-6944*
>
> *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4*
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Monday, January 31, 2011 11:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> Not a direct answer, but another shared storage option you could consider
> for that setup is an MD3XXX.
>
> On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell

Re: Some thoughts for your DR Plan

[Roger Wright]

James,

Do you have any photos of your DC underwater that you could share?
This and your write-up will go a long way toward helping our
management understand the risks.

Thanks...


Roger Wright
___

"The internet is a great way to get on the net." – Bob Dole




On Sun, Jan 30, 2011 at 9:05 PM, James Hill
 wrote:
> We now have the majority of things restored and up and running.  Below are
> just some initial thoughts and ideas that I wanted to share with the list.
> It is in no way any form of DR plan nor is it meant to indicate what we did
> or didn’t have.  It’s simply my experiences from our recent DR experience
> written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard myself as
> any form of DR expert nor am I the first to have been through a real DR
> experience.  However if I am able to provide any info that can assist others
> than I am more than happy to do so.
>
>
>
> · Don’t ever think it can’t happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to this
> all our stores were able to continue to trade even though the data centre
> was under water.
>
> · If you have something in your environment that isn’t in your
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may not
> be able to assist as they are tending to their own personal issues or
> physical access is simply not available.
>
> · Services you take for granted may simply be not available.  There
> were power outages (some for weeks) and communication network outages.
> Phone systems quickly become overloaded in a Disaster, especially
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for
> relocation of office staff)
>
> o    Furniture for staff
>
> o    Computers and comms
>
> o    Power, can the circuits handle the extra load you will be adding to the
> site?
>
> o    Bandwidth
>
> o    Air conditioning/heating
>
> · Have remote visibility of your data centre and its surroundings
>
> o    A camera or two would have shown us the level of the water and we could
> have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if water
> is detected.
>
> · Exchange cached mode and offline files provide quick access to
> much critical information.
>
> · Keep critical infrastructure/server build/networking documentation
> in multiple places.
>
> o    I had a recent backup at my personal residence.  It was invaluable in
> the early stages of our Recovery.
>
> · Data restores
>
> o    Do test restores regularly.  Environments change all the time and maybe
> something hasn’t been added to the backup list for that server.
>
> o    Ensure that you can retrieve critical data quickly.  Restores take
> time.
>
> o    Tapes – do anything to avoid them, if you have to use them have
> multiple tape drives available so that restores can be conducted more
> quickly.
>
> o    Have backup backup servers.  Especially with the tape catalogues
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> o    Have an offsite location authorised as a delivery point with your
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical,
> consider others needs.  The people that are true leaders(that doesn’t
> necessarily mean all Managers) should be running the show.  Everyone else
> will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible masters.
>
>
>
> James.
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Copying large file

[Crawford, Scott]

Yeah, I'd monitor a copy with procmon and see if there's any correlation to 
when its failing.

From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 11:57 AM
To: NT System Admin Issues
Subject: RE: Copying large file

Having the same problem on all my 2003's.  Not the same USB drive and not the 
same file.  Just large files?  I have read a bunch of KB's and they all go in 
different directions.



From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Posted At: Monday, January 31, 2011 11:21 AM
Posted To: itli...@imcu.com
Conversation: Copying large file
Subject: RE: Copying large file

RichCopy's an option too.  Is it possible that the drive is damaged?

From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 8:52 AM
To: NT System Admin Issues
Subject: RE: Copying large file

Xcopy

From: Haritwal, Dhiraj [mailto:dhiraj.harit...@ap.sony.com]
Posted At: Monday, January 31, 2011 9:48 AM
Posted To: itli...@imcu.com
Conversation: Copying large file
Subject: RE: Copying large file

Which command are you using to copy? Simple Copy command or Copying from 
explorer. Incase from Copy command, try with Robocopy.

Dhiraj




From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 8:01 PM
To: NT System Admin Issues
Subject: Copying large file

I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5 drive and 
I get an error after like 2 hours saying I couldn't copy the file???
OS:

Windows Server 2003, Standard Edition SP2

Memory:

4096 MB

Processor:

8 * Intel Pentium III Xeon processor


I have read a copy of KB's but they were just saying to take SP1...Well I am on 
SP2???


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway..

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: DNS latency

[Stephen Wimberly]

Thanks gang!  A couple of those tools were _exactly_ what I needed!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iSCSI SANs vs FibreChannel SANs

[Kurt Buff]

I don't have any experience with FC, but I do love my LeftHand units -
we started with two units and currently have three, with two-way
replication between them. Not cheap, but cheaper than a lot of them,
and they've been acquired by HP.

Never had an ounce of trouble with them - a RAM stick went bad on one
of them, and HP hotfooted a replacement to me with no issues. No
downtime, either, because of the two way replication. I shut down the
affected unit as soon as I got the RAM, replaced the stick, fired it
back up, and nothing so much as hiccuped.

Needed to seriously update the software when adding in the third unit,
but a support rep held my hand over the phone, and that went smoothly,
too.

Awesome stuff.

Kurt

On Mon, Jan 31, 2011 at 08:13, Oliver Marshall
 wrote:
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server 2003 Pauses

[Garcia-Moran, Carlos]

I was planning on opening up an MS case, just wanted to see if anyone had any 
spots to look into or suggestions on tools to use, last two times we called MS 
they were slow and useless

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Monday, January 31, 2011 1:32 PM
To: NT System Admin Issues
Subject: RE: Terminal Server 2003 Pauses

If I had to guess you've got a memory issue of some sort. PSS is very adept at 
tracking these things down so given the option I'd suggest booking a case and 
getting some help.

PTEs, Non-Paged/Paged Pool depletion, etc would be where I'd start.

Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com]
Sent: Monday, January 31, 2011 12:26 PM
To: NT System Admin Issues
Subject: RE: Terminal Server 2003 Pauses

Not to our knowledge, I'll talk with one of my compatriots, there's around 200+ 
guests on the same two switches for all the guest traffic, the VM's themselves 
don't show any saturation or errors.

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]
Sent: Monday, January 31, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: Terminal Server 2003 Pauses

I would look at the network.  Any changes to the switches, VLANS, etc??

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax

From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com]
Sent: Monday, January 31, 2011 12:55 PM
To: NT System Admin Issues
Subject: Terminal Server 2003 Pauses

Hey All;

We have five TS 2003 SP2 server's exhibiting the same odd issue lately, they 
freeze up for like 30 secs to a minute, or seem very slow in responding. CPU , 
Memory and HD are fine from what we could see, I've used process explorer and 
TCPview. These are pretty static server's we don't do any OS updates or app 
updates and when we do we test for a while. They VM guests's and I looked at 
the cluster + hosts but don't see any issues there.

I'm a little puzzled, any suggestions where else to look?

Thx!

Carlos Garcia-Moran
Server / Storage Engineer
Sprague Energy
www.spragueenergy.com
P: 603-430-5355
C: 857-234-0343
F: 603-430-7219



_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and delete
the original message and any attachments from your system.
_
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or re

RE: Terminal Server 2003 Pauses

[Brian Desmond]

If I had to guess you've got a memory issue of some sort. PSS is very adept at 
tracking these things down so given the option I'd suggest booking a case and 
getting some help.

PTEs, Non-Paged/Paged Pool depletion, etc would be where I'd start.

Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com]
Sent: Monday, January 31, 2011 12:26 PM
To: NT System Admin Issues
Subject: RE: Terminal Server 2003 Pauses

Not to our knowledge, I'll talk with one of my compatriots, there's around 200+ 
guests on the same two switches for all the guest traffic, the VM's themselves 
don't show any saturation or errors.

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]
Sent: Monday, January 31, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: Terminal Server 2003 Pauses

I would look at the network.  Any changes to the switches, VLANS, etc??

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax

From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com]
Sent: Monday, January 31, 2011 12:55 PM
To: NT System Admin Issues
Subject: Terminal Server 2003 Pauses

Hey All;

We have five TS 2003 SP2 server's exhibiting the same odd issue lately, they 
freeze up for like 30 secs to a minute, or seem very slow in responding. CPU , 
Memory and HD are fine from what we could see, I've used process explorer and 
TCPview. These are pretty static server's we don't do any OS updates or app 
updates and when we do we test for a while. They VM guests's and I looked at 
the cluster + hosts but don't see any issues there.

I'm a little puzzled, any suggestions where else to look?

Thx!

Carlos Garcia-Moran
Server / Storage Engineer
Sprague Energy
www.spragueenergy.com
P: 603-430-5355
C: 857-234-0343
F: 603-430-7219



_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and delete
the original message and any attachments from your system.
_
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: What does a $1,000,000,000 recall look like?

[Andrew S. Baker]

Ouch...  That's gonna leave a mark...


*ASB *(My Bio via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Mon, Jan 31, 2011 at 1:15 PM, Jonathan Link wrote:

>  If you're an early adopter of Sandy Bridge, be aware that there is a flaw
> in the chipsets that will degrade SATA performance on 3Gbps SATA ports,
> ultimately resulting in complete device disconnect.
>
> Read on for more info:
> http://techreport.com/discussions.x/20326
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server 2003 Pauses

[Garcia-Moran, Carlos]

Not to our knowledge, I'll talk with one of my compatriots, there's around 200+ 
guests on the same two switches for all the guest traffic, the VM's themselves 
don't show any saturation or errors.

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]
Sent: Monday, January 31, 2011 1:16 PM
To: NT System Admin Issues
Subject: RE: Terminal Server 2003 Pauses

I would look at the network.  Any changes to the switches, VLANS, etc??

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax

From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com]
Sent: Monday, January 31, 2011 12:55 PM
To: NT System Admin Issues
Subject: Terminal Server 2003 Pauses

Hey All;

We have five TS 2003 SP2 server's exhibiting the same odd issue lately, they 
freeze up for like 30 secs to a minute, or seem very slow in responding. CPU , 
Memory and HD are fine from what we could see, I've used process explorer and 
TCPview. These are pretty static server's we don't do any OS updates or app 
updates and when we do we test for a while. They VM guests's and I looked at 
the cluster + hosts but don't see any issues there.

I'm a little puzzled, any suggestions where else to look?

Thx!

Carlos Garcia-Moran
Server / Storage Engineer
Sprague Energy
www.spragueenergy.com
P: 603-430-5355
C: 857-234-0343
F: 603-430-7219



_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and delete
the original message and any attachments from your system.
_
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and delete
the original message and any attachments from your system.
_

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Intel developing security 'game-changer'

[Andrew S. Baker]

Here are my full thoughts on the subject, as a security mechanism:

http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx

No,
it is not a panacea, because no security mechanism ever is.  Yes, there are
drawbacks, but focusing on these technologies will provide a bigger bang for
the buck and allow us to mitigate the weaknesses sooner.  Either way, your
ROI is greater in most scenarios which use whitelisting vs blacklisting.

Also, check out the following:
http://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html


 *ASB *(Find me online via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Mon, Jan 31, 2011 at 12:48 PM, Crawford, Scott wrote:

>  “No one here has suggested panacea”
>
>
>
> Perhaps not, but that’s not my perception. I see lots of statements like
> “I’m still of the opinion that the only real solution is white-listing. -
> MBS”  Maybe I’m misreading that, but that hints at a panacea and I’m simply
> saying that it’s not.
>
>
>
> All of your other points – I agree.
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, January 26, 2011 4:35 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Intel developing security 'game-changer'
>
>
>
> No one here has suggested panacea, but consider how effective it would be
> in a white-listing environment to add most apps to the list in the event of
> a zero-day to an EXISTING app.  You wouldn't have to do anything for an app
> that wasn't already allowed in your environment.
>
>
>
> It is akin to the change in firewall rule-set made in ages gone by from
> Allowed-by-Default to Denied-by-Default.
>
>
>
> Likewise, look at all the environments that have moved towards some form of
> locked down user desktop and see how much of a benefit has resulted.
>
>
>
> Reducing problems by 50-80% off the bat, with little overhead, is always
> desirable.
>
>
>
> *ASB *(My Bio via About.Me )
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
>  On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott 
> wrote:
>
> My point is that neither signatures, nor white-listing are a panacea. The
> fact that we’ve been sig based for so long while malware continues to be
> effective leads many to think that white-listing would solve all our woes.
> I’m simply saying that many **current** vulnerabilities circumvent a
> white-list so it can’t be a panacea…unless of course you white-list each
> individual data file.
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, January 26, 2011 1:55 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Intel developing security 'game-changer'
>
>
>
> Just as network anomaly detection devices don't eliminate the use of
> signatures, whitelisting solutions can still make use of several mechanisms
> for avoiding bad stuff.
>
>
>
> It is the complete RELIANCE on signatures that is troublesome.
>
>
>
> Oh, and btw, I try to avoid Adobe Acrobat altogether.  There are plenty of
> viable alternatives at the moment...
>
>
>
> *ASB *(My Bio via About.Me )
>
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
> On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott 
> wrote:
>
> Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to
> open, that’s not a panacea either.  Documents = 1’s and 0’s = code. The only
> difference is what layer its executed at.  Assume you white-list
> AdobeReader.exe. The next time a flaw is found that is exploited through a
> malformed PDF, it will march right through your white-list.
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, January 26, 2011 1:38 PM
>
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Intel developing security 'game-changer'
>
>
>
> I’m still of the opinion that the only real solution is white-listing.
>
>
>
> But that raises its own set of issues.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
>
> *Sent:* Wednesday, January 26, 2011 2:35 PM
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Intel developing security 'game-changer'
>
>
>
> Since a whole lot of allegedly legitimate software acts just like malware,
> they'd have their work cut out for them.
>
>
>
> Try installing a host-based IPS on your system in monitoring mode, and look
> at what it would block -- and why.
>
>
>
> There are certain classes of zero-day that can be blocked by software or
> hardware.  There are others that cannot be, simply because of what passes
> for functionality these days.
>
>
>
> Oh, and I agree with Ben and Jonathan...
>
>
>
> *ASB *(My Bio via About.Me )
> *Explo

Re: What does a $1,000,000,000 recall look like?

[Matthew W. Ross]

Oops.

Thank goodness this was found fairly early in the product cycle! Also, thank 
goodness Intel is wise and rich enough to admit and recall the defective parts.

Truly feeling sympathy pains for mass early adopters out there,


--Matt Ross
Ephrata School District


- Original Message -
From: Jonathan Link
[mailto:jonathan.l...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 31 Jan 2011
10:15:22 -0800
Subject: What does a $1,000,000,000 recall look like?


>  If you're an early adopter of Sandy Bridge, be aware that there is a flaw
> in the chipsets that will degrade SATA performance on 3Gbps SATA ports,
> ultimately resulting in complete device disconnect.
> 
> Read on for more info:
> http://techreport.com/discussions.x/20326
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server 2003 Pauses

[greg.sweers]

I would look at the network.  Any changes to the switches, VLANS, etc??

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax

From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com]
Sent: Monday, January 31, 2011 12:55 PM
To: NT System Admin Issues
Subject: Terminal Server 2003 Pauses

Hey All;

We have five TS 2003 SP2 server's exhibiting the same odd issue lately, they 
freeze up for like 30 secs to a minute, or seem very slow in responding. CPU , 
Memory and HD are fine from what we could see, I've used process explorer and 
TCPview. These are pretty static server's we don't do any OS updates or app 
updates and when we do we test for a while. They VM guests's and I looked at 
the cluster + hosts but don't see any issues there.

I'm a little puzzled, any suggestions where else to look?

Thx!

Carlos Garcia-Moran
Server / Storage Engineer
Sprague Energy
www.spragueenergy.com
P: 603-430-5355
C: 857-234-0343
F: 603-430-7219



_
This e-mail, including attachments, contains information that is
confidential and may be protected by attorney/client or other privileges.
This e-mail, including attachments, constitutes non-public information
intended to be conveyed only to the designated recipient(s). If you are not
an intended recipient, you are hereby notified that any unauthorized use,
dissemination, distribution or reproduction of this e-mail, including
attachments, is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify me by e-mail reply and delete
the original message and any attachments from your system.
_
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Copying large file

[Jonathan Link]

So what does robocopy do with them?



On Mon, Jan 31, 2011 at 12:57 PM, itli...@imcu.com  wrote:

>  Having the same problem on all my 2003’s.  Not the same USB drive and not
> the same file.  Just large files?  I have read a bunch of KB’s and they all
> go in different directions.
>
>
>
>
>  --
>
> *From:* Crawford, Scott [mailto:crawfo...@evangel.edu]
> *Posted At:* Monday, January 31, 2011 11:21 AM
>
> *Posted To:* itli...@imcu.com
> *Conversation:* Copying large file
> *Subject:* RE: Copying large file
>
>
>   RichCopy’s an option too.  Is it possible that the drive is damaged?
>
>
>
> *From:* itli...@imcu.com [mailto:itli...@imcu.com]
> *Sent:* Monday, January 31, 2011 8:52 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Copying large file
>
>
>
> Xcopy
>
>
>
> *From:* Haritwal, Dhiraj [mailto:dhiraj.harit...@ap.sony.com]
> *Posted At:* Monday, January 31, 2011 9:48 AM
> *Posted To:* itli...@imcu.com
> *Conversation:* Copying large file
> *Subject:* RE: Copying large file
>
>
>
> Which command are you using to copy? Simple Copy command or Copying from
> explorer. Incase from Copy command, try with Robocopy.
>
>
>
> Dhiraj
>
>
>
>
>
>
>
>
>
> *From:* itli...@imcu.com [mailto:itli...@imcu.com]
> *Sent:* Monday, January 31, 2011 8:01 PM
> *To:* NT System Admin Issues
> *Subject:* Copying large file
>
>
>
> I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5 drive
> and I get an error after like 2 hours saying I couldn’t copy the file???
>
> *OS:*
>
> Windows Server 2003, Standard Edition SP2
>
> *Memory:*
>
> 4096 MB
>
> *Processor:*
>
> 8 * Intel Pentium III Xeon processor
>
>
>
> I have read a copy of KB’s but they were just saying to take SP1…Well I am
> on SP2???
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>  --
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway..
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Copying large file

[itli...@imcu.com]

Having the same problem on all my 2003's.  Not the same USB drive and
not the same file.  Just large files?  I have read a bunch of KB's and
they all go in different directions.

 

 



From: Crawford, Scott [mailto:crawfo...@evangel.edu] 
Posted At: Monday, January 31, 2011 11:21 AM
Posted To: itli...@imcu.com
Conversation: Copying large file
Subject: RE: Copying large file
  

RichCopy's an option too.  Is it possible that the drive is damaged?

 

From: itli...@imcu.com [mailto:itli...@imcu.com] 
Sent: Monday, January 31, 2011 8:52 AM
To: NT System Admin Issues
Subject: RE: Copying large file

 

Xcopy 

 

From: Haritwal, Dhiraj [mailto:dhiraj.harit...@ap.sony.com] 
Posted At: Monday, January 31, 2011 9:48 AM
Posted To: itli...@imcu.com
Conversation: Copying large file
Subject: RE: Copying large file

 

Which command are you using to copy? Simple Copy command or Copying from
explorer. Incase from Copy command, try with Robocopy.

 

Dhiraj

 

 

 

 

From: itli...@imcu.com [mailto:itli...@imcu.com] 
Sent: Monday, January 31, 2011 8:01 PM
To: NT System Admin Issues
Subject: Copying large file

 

I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5
drive and I get an error after like 2 hours saying I couldn't copy the
file???

OS: 

Windows Server 2003, Standard Edition SP2

Memory: 

4096 MB

Processor: 

8 * Intel Pentium III Xeon processor

 

I have read a copy of KB's but they were just saying to take SP1...Well
I am on SP2???

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 



This email is confidential and intended only for the use of the
individual or entity named above and may contain information that is
privileged. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this email is strictly
prohibited. If you have received this email in error, please notify us
immediately by return email or telephone and destroy the original
message. - This mail is sent via Sony Asia Pacific Mail Gateway..

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[John Cook]

You can get VMWare Essentials for $1000 to manage multiple hosts and for 
another $500 you can get the Plus package which gives you a lot more 
functionality.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

-Original Message-
From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Monday, January 31, 2011 12:42 PM
To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

On Hyper-v vs. ESX/ESXi my take has always been that vsphere is more mature, 
and if your hardware is on the HCL you just drop in the ISO and away you go.

With Windows you might get lucky "out the box" or you might be having to 
download Broadcom NIC drivers (and teaming software) or Intel NIC drivers (and 
teaming software).

Not to mention technical support - could be wrong here and happy to be 
corrected but I don't think you can buy a cheap support agreement on hyper-v 
like you can vsphere?

On a technical level, at that sort of size/scale I'm sure either would do the 
job admirably.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Intel developing security 'game-changer'

[Crawford, Scott]

"No one here has suggested panacea"

Perhaps not, but that's not my perception. I see lots of statements like "I'm 
still of the opinion that the only real solution is white-listing. - MBS"  
Maybe I'm misreading that, but that hints at a panacea and I'm simply saying 
that it's not.

All of your other points - I agree.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, January 26, 2011 4:35 PM
To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

No one here has suggested panacea, but consider how effective it would be in a 
white-listing environment to add most apps to the list in the event of a 
zero-day to an EXISTING app.  You wouldn't have to do anything for an app that 
wasn't already allowed in your environment.

It is akin to the change in firewall rule-set made in ages gone by from 
Allowed-by-Default to Denied-by-Default.

Likewise, look at all the environments that have moved towards some form of 
locked down user desktop and see how much of a benefit has resulted.

Reducing problems by 50-80% off the bat, with little overhead, is always 
desirable.



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...




On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
My point is that neither signatures, nor white-listing are a panacea. The fact 
that we've been sig based for so long while malware continues to be effective 
leads many to think that white-listing would solve all our woes. I'm simply 
saying that many *current* vulnerabilities circumvent a white-list so it can't 
be a panacea...unless of course you white-list each individual data file.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, January 26, 2011 1:55 PM

To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

Just as network anomaly detection devices don't eliminate the use of 
signatures, whitelisting solutions can still make use of several mechanisms for 
avoiding bad stuff.

It is the complete RELIANCE on signatures that is troublesome.

Oh, and btw, I try to avoid Adobe Acrobat altogether.  There are plenty of 
viable alternatives at the moment...



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...



On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
Unless you're going to white-list every doc/jpg/pdf/mp3 you're going to open, 
that's not a panacea either.  Documents = 1's and 0's = code. The only 
difference is what layer its executed at.  Assume you white-list 
AdobeReader.exe. The next time a flaw is found that is exploited through a 
malformed PDF, it will march right through your white-list.

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Wednesday, January 26, 2011 1:38 PM

To: NT System Admin Issues
Subject: RE: Intel developing security 'game-changer'

I'm still of the opinion that the only real solution is white-listing.

But that raises its own set of issues.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, January 26, 2011 2:35 PM
To: NT System Admin Issues
Subject: Re: Intel developing security 'game-changer'

Since a whole lot of allegedly legitimate software acts just like malware, 
they'd have their work cut out for them.

Try installing a host-based IPS on your system in monitoring mode, and look at 
what it would block -- and why.

There are certain classes of zero-day that can be blocked by software or 
hardware.  There are others that cannot be, simply because of what passes for 
functionality these days.

Oh, and I agree with Ben and Jonathan...



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...



On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin 
mailto:seanmarti...@gmail.com>> wrote:
Most important statement

"If Intel has hardware technology that can reliably stop zero-day attacks, that 
would be a huge win in the war against malware," Olds said. "The key is that 
it's reliable. It has to have the ability to discern legit software from 
malware. But if they can pull this off, it would give them quite a competitive 
advantage vs. 
AMD."

- Sean

On Wed, Jan 26, 2011 at 9:37 AM, David Lum 
mailto:david@nwea.org>> wrote:
What say you, Alex, et all.

http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85

Hype?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~ 

Re: Some thoughts for your DR Plan

[Kurt Buff]

This is a good write up - lots of lessons learned.

As I've said, we have an office in Brisbane.

I've never visited it, but I am in several senses responsible for the
IT there, and it has always galled me that I haven't been able to do
anything for them beyond sending an LTO4 tape unit and a few tapes to
them - they ferry the tapes back and forth to the garage of one of the
staff members on a weekly basis...

Do I have your permission to show this to management here? I think it
might prove a bit of an eye opener for them.

Kurt

On Sun, Jan 30, 2011 at 18:05, James Hill  wrote:
> We now have the majority of things restored and up and running.  Below are
> just some initial thoughts and ideas that I wanted to share with the list.
> It is in no way any form of DR plan nor is it meant to indicate what we did
> or didn’t have.  It’s simply my experiences from our recent DR experience
> written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard myself as
> any form of DR expert nor am I the first to have been through a real DR
> experience.  However if I am able to provide any info that can assist others
> than I am more than happy to do so.
>
>
>
> · Don’t ever think it can’t happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to this
> all our stores were able to continue to trade even though the data centre
> was under water.
>
> · If you have something in your environment that isn’t in your
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may not
> be able to assist as they are tending to their own personal issues or
> physical access is simply not available.
>
> · Services you take for granted may simply be not available.  There
> were power outages (some for weeks) and communication network outages.
> Phone systems quickly become overloaded in a Disaster, especially
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for
> relocation of office staff)
>
> o    Furniture for staff
>
> o    Computers and comms
>
> o    Power, can the circuits handle the extra load you will be adding to the
> site?
>
> o    Bandwidth
>
> o    Air conditioning/heating
>
> · Have remote visibility of your data centre and its surroundings
>
> o    A camera or two would have shown us the level of the water and we could
> have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if water
> is detected.
>
> · Exchange cached mode and offline files provide quick access to
> much critical information.
>
> · Keep critical infrastructure/server build/networking documentation
> in multiple places.
>
> o    I had a recent backup at my personal residence.  It was invaluable in
> the early stages of our Recovery.
>
> · Data restores
>
> o    Do test restores regularly.  Environments change all the time and maybe
> something hasn’t been added to the backup list for that server.
>
> o    Ensure that you can retrieve critical data quickly.  Restores take
> time.
>
> o    Tapes – do anything to avoid them, if you have to use them have
> multiple tape drives available so that restores can be conducted more
> quickly.
>
> o    Have backup backup servers.  Especially with the tape catalogues
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> o    Have an offsite location authorised as a delivery point with your
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical,
> consider others needs.  The people that are true leaders(that doesn’t
> necessarily mean all Managers) should be running the show.  Everyone else
> will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible masters.
>
>
>
> James.
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[Paul Hutchings]

On Hyper-v vs. ESX/ESXi my take has always been that vsphere is more mature, 
and if your hardware is on the HCL you just drop in the ISO and away you go.

With Windows you might get lucky "out the box" or you might be having to 
download Broadcom NIC drivers (and teaming software) or Intel NIC drivers (and 
teaming software).

Not to mention technical support - could be wrong here and happy to be 
corrected but I don't think you can buy a cheap support agreement on hyper-v 
like you can vsphere?

On a technical level, at that sort of size/scale I'm sure either would do the 
job admirably.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[Raper, Jonathan - Eagle]

+1

We're presently running somewhere around 100 VMs on an IBM Blade Center, all on 
iSCSI over 1.0 Gig Ethernet through a Cisco 3750 stack to our EMC NS20. we have 
4 Gig ports per blade - two for network traffic, and two for iSCSI traffic back 
to the SAN.

We serve approximately 400 end users the following apps over this environment: 
Exchange 2007 (one CAS and one Mailbox), light duty SQL, eClinicalWorks EMR 
(Front end and ancillary servers, but not the primary database server) and 
other applications.

While we might get better performance out of Fiber Channel, our biggest 
bottlenecks seem to be RAM, CPU, and disk -- in that order. RAM and CPU are 
inherent limitations of the physical ESX hosts. Whenever we decide to refresh 
our physical host infrastructure, I'm sure that will help considerably. At tha 
point we'll probably be looking at 10 Gig ethernet.

Price to performance, my gut leans toward iSCSI over Ethernet instead of FC, 
but in the end it depends on your exact needs. The following links below from 
some of our peers (myself included, in the first article) may help. The second 
article talks specifically about your initial question of iSCSI vs Fibre 
Channel. Also, don't be confused by the difference in disks, versus the 
diference in SAN. You can have Fibre Channel disks in a SAN that is connected 
via iSCSI.

http://www.biztechmagazine.com/article/2009/11/san-plan

http://www.biztechmagazine.com/article/2008/11/sans-rest-us

Hope this helps,

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com


From: Andrew S. Baker [asbz...@gmail.com]
Sent: Monday, January 31, 2011 11:43 AM
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

iSCSI will work just fine for hosting a VM environment, as well as some other 
workloads.

If you already have a FC infrastructure, then that's not a bad reason to go 
there, but iSCSI is very mature and stable and good performance if you don't 
purchase the cheapest equipment you can find.

First, as others have pointed out, you need to size up your needs...


ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...




On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall 
mailto:oliver.marsh...@g2support.com>> wrote:
Well, there will be maybe 3 VMs running on each host, most likely VM will have 
a redundant ‘spare’ running on the other physical host. The largest will be 
about 400GB+ of space running Exchange 2010 for about 100 users. Then perhaps a 
DC and a file server, and the latter will just be acting as a witness server 
for the Exchange DAG servers.

I like the idea of iSCSI franky but experience of the s*** end of the market 
has put me off. Saying that the cost of the FC based setup puts me off even 
more :)

Olly


From: John Cook [mailto:john.c...@pfsf.org]
Sent: 31 January 2011 16:26

To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

I have 3 MD3000/3200i SANs and they work wonderfully. That being said I found 
that while the fiber has better throughput (we also have an old 2Gb EMC AX150 
fiber SAN) It was a lot more expensive to set up (Fiber switches aren’t cheap) 
and of course you need some marginal capability in configuring said switch.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Monday, January 31, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

Not a direct answer, but another shared storage option you could consider for 
that setup is an MD3XXX.
On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall 
mailto:oliver.marsh...@g2support.com>> wrote:
Hi Chaps

We’re buying some bits to build a basic VM platform so that we can get rid of 
some old rack servers here.
Being new to decent SANs (we have some crappy iscsi hardware that we just use 
for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs 
FibreChannel SANs? We are planning on having two physical hosts (probably Dell 
PE710s running either Hyper-V or ESXi) with a lump of shared storage on a SAN 
but we are at odds here as to whether we should go iSCSI or FC.

Any comments or suggestions?

Olly


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this

RE: iSCSI SANs vs FibreChannel SANs

[Oliver Marshall]

I think I just get stuck staring at the pretty line graphspretty 
coloursss...


--
G2 Support
Network Support : Online Backups : Server Management

Email:  oliver.marsh...@g2support.com
Web:http://www.g2support.com


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: 31 January 2011 17:02
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

In my opinion, and my experience with ESXi, there's nothing to do in the 
console anywyay...

What things are you thinking about?
On Mon, Jan 31, 2011 at 11:54 AM, Oliver Marshall 
mailto:oliver.marsh...@g2support.com>> wrote:
Yeah I really like ESXi but somehow the lack of a.windows-like OS puts me 
off of it. Something about having a "real" desktop there to do things on in 
case we need it.

Is that mad (or a sign of impending madness)  ?


--
G2 Support
Network Support : Online Backups : Server Management

Email:  oliver.marsh...@g2support.com
Web:http://www.g2support.com


From: Jim Holmgren 
[mailto:jholmg...@xlhealth.com]
Sent: 31 January 2011 16:51

To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

Bear in mind that Equalogic = Dell, so your source for the MD3220i should be 
the same as your source for EQL.

Re:  HyperV vs ESXi - can't say much for HyperV as I've no real experience with 
it, but I do know firsthand that EQL does work very nicely with ESXi.

Jim

From: Oliver Marshall 
[mailto:oliver.marsh...@g2support.com]
Sent: Monday, January 31, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

Thanks all. Good to know. I'll spec out the prices for the MD3220i (which 
appears to the be the UK model) and also speak to Equalogic too.

Next upHyperV or ESXi :)




--
G2 Support
Network Support : Online Backups : Server Management

Email:  oliver.marsh...@g2support.com
Web:http://www.g2support.com


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: 31 January 2011 16:44
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

iSCSI will work just fine for hosting a VM environment, as well as some other 
workloads.

If you already have a FC infrastructure, then that's not a bad reason to go 
there, but iSCSI is very mature and stable and good performance if you don't 
purchase the cheapest equipment you can find.

First, as others have pointed out, you need to size up your needs...



ASB (My Bio via About.Me)
Exploiting Technology for Business Advantage...



On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall 
mailto:oliver.marsh...@g2support.com>> wrote:
Well, there will be maybe 3 VMs running on each host, most likely VM will have 
a redundant 'spare' running on the other physical host. The largest will be 
about 400GB+ of space running Exchange 2010 for about 100 users. Then perhaps a 
DC and a file server, and the latter will just be acting as a witness server 
for the Exchange DAG servers.

I like the idea of iSCSI franky but experience of the s*** end of the market 
has put me off. Saying that the cost of the FC based setup puts me off even 
more :)

Olly


From: John Cook [mailto:john.c...@pfsf.org]
Sent: 31 January 2011 16:26

To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

I have 3 MD3000/3200i SANs and they work wonderfully. That being said I found 
that while the fiber has better throughput (we also have an old 2Gb EMC AX150 
fiber SAN) It was a lot more expensive to set up (Fiber switches aren't cheap) 
and of course you need some marginal capability in configuring said switch.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Monday, January 31, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

Not a direct answer, but another shared storage option you could consider for 
that setup is an MD3XXX.
On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall 
mailto:oliver.marsh...@g2support.com>> wrote:
Hi Chaps

We're buying some bits to build a basic VM platform so that we can get rid of 
some old rack servers here.
Being new to decent SANs (we have some crappy iscsi hardware that we just use 
for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs 
FibreChannel SANs? We are planning on having two physical hosts (probably Dell 
PE710s running either Hyper-V or ESXi) with a lump of shared storage on a SAN 
but we are at odds here as to whether we should go iSCSI or FC.

Re: iSCSI SANs vs FibreChannel SANs

[Jonathan Link]

In my opinion, and my experience with ESXi, there's nothing to do in the
console anywyay...

What things are you thinking about?

On Mon, Jan 31, 2011 at 11:54 AM, Oliver Marshall <
oliver.marsh...@g2support.com> wrote:

>  Yeah I really like ESXi but somehow the lack of a…..windows-like OS puts
> me off of it. Something about having a “real” desktop there to do things on
> in case we need it.
>
>
>
> Is that mad (or a sign of impending madness)  ?
>
>
>
>
>
> --
>
> G2 Support
>
> Network Support : Online Backups : Server Management
>
>
>
> Email:  oliver.marsh...@g2support.com
>
> Web:http://www.g2support.com
>
>
>
>
>
> *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com]
> *Sent:* 31 January 2011 16:51
>
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> Bear in mind that Equalogic = Dell, so your source for the MD3220i should
> be the same as your source for EQL.
>
>
>
> Re:  HyperV vs ESXi – can’t say much for HyperV as I’ve no real experience
> with it, but I do know firsthand that EQL does work *very* nicely with
> ESXi.
>
>
>
> Jim
>
>
>
> *From:* Oliver Marshall [mailto:oliver.marsh...@g2support.com]
> *Sent:* Monday, January 31, 2011 11:48 AM
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> Thanks all. Good to know. I’ll spec out the prices for the MD3220i (which
> appears to the be the UK model) and also speak to Equalogic too.
>
>
>
> Next up….HyperV or ESXi J
>
>
>
>
>
>
>
>
>
> --
>
> G2 Support
>
> Network Support : Online Backups : Server Management
>
>
>
> Email:  oliver.marsh...@g2support.com
>
> Web:http://www.g2support.com
>
>
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* 31 January 2011 16:44
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> iSCSI will work just fine for hosting a VM environment, as well as some
> other workloads.
>
>
>
> If you already have a FC infrastructure, then that's not a bad reason to go
> there, but iSCSI is very mature and stable and good performance if you don't
> purchase the cheapest equipment you can find.
>
>
>
> First, as others have pointed out, you need to size up your needs...
>
>
>
> *ASB *(My Bio via About.Me )
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
> On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Well, there will be maybe 3 VMs running on each host, most likely VM will
> have a redundant ‘spare’ running on the other physical host. The largest
> will be about 400GB+ of space running Exchange 2010 for about 100 users.
> Then perhaps a DC and a file server, and the latter will just be acting as a
> witness server for the Exchange DAG servers.
>
>
>
> I like the idea of iSCSI franky but experience of the s*** end of the
> market has put me off. Saying that the cost of the FC based setup puts me
> off even more J
>
>
>
> Olly
>
>
>
>
>
> *From:* John Cook [mailto:john.c...@pfsf.org]
> *Sent:* 31 January 2011 16:26
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
> found that while the fiber has better throughput (we also have an old 2Gb
> EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
> aren’t cheap) and of course you need some marginal capability in configuring
> said switch.
>
>
>
>  *John W. Cook*
>
> *System Administrator*
>
> *Partnership For Strong Families*
>
> *5950 NW 1st Place*
>
> *Gainesville, Fl 32607*
>
> *Office (352) 244-1610*
>
> *Cell (352) 215-6944*
>
> *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4*
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Monday, January 31, 2011 11:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> Not a direct answer, but another shared storage option you could consider
> for that setup is an MD3XXX.
>
> On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with t

Re: iSCSI SANs vs FibreChannel SANs

[James Rankin]

You'd probably rarely have to go into the console itself. Doing things like
Dell hardware updates and the like isn't something you do a hell of a lot
of. That's probably the only time I find myself digging in ESX consoles.
Admittedly though ESX itself is a little friendlier than ESXi


On 31 January 2011 16:54, Oliver Marshall wrote:

> Yeah I really like ESXi but somehow the lack of a…..windows-like OS puts me
> off of it. Something about having a “real” desktop there to do things on in
> case we need it.
>
>
>
> Is that mad (or a sign of impending madness)  ?
>
>
>
>
>
> --
>
> G2 Support
>
> Network Support : Online Backups : Server Management
>
>
>
> Email:  oliver.marsh...@g2support.com
>
> Web:http://www.g2support.com
>
>
>
>
>
> *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com]
> *Sent:* 31 January 2011 16:51
>
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> Bear in mind that Equalogic = Dell, so your source for the MD3220i should
> be the same as your source for EQL.
>
>
>
> Re:  HyperV vs ESXi – can’t say much for HyperV as I’ve no real experience
> with it, but I do know firsthand that EQL does work *very* nicely with
> ESXi.
>
>
>
> Jim
>
>
>
> *From:* Oliver Marshall [mailto:oliver.marsh...@g2support.com]
> *Sent:* Monday, January 31, 2011 11:48 AM
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> Thanks all. Good to know. I’ll spec out the prices for the MD3220i (which
> appears to the be the UK model) and also speak to Equalogic too.
>
>
>
> Next up….HyperV or ESXi J
>
>
>
>
>
>
>
>
>
> --
>
> G2 Support
>
> Network Support : Online Backups : Server Management
>
>
>
> Email:  oliver.marsh...@g2support.com
>
> Web:http://www.g2support.com
>
>
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* 31 January 2011 16:44
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> iSCSI will work just fine for hosting a VM environment, as well as some
> other workloads.
>
>
>
> If you already have a FC infrastructure, then that's not a bad reason to go
> there, but iSCSI is very mature and stable and good performance if you don't
> purchase the cheapest equipment you can find.
>
>
>
> First, as others have pointed out, you need to size up your needs...
>
>
>
> *ASB *(My Bio via About.Me )
> *Exploiting Technology for Business Advantage...*
>
>
>
>
>
> On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Well, there will be maybe 3 VMs running on each host, most likely VM will
> have a redundant ‘spare’ running on the other physical host. The largest
> will be about 400GB+ of space running Exchange 2010 for about 100 users.
> Then perhaps a DC and a file server, and the latter will just be acting as a
> witness server for the Exchange DAG servers.
>
>
>
> I like the idea of iSCSI franky but experience of the s*** end of the
> market has put me off. Saying that the cost of the FC based setup puts me
> off even more J
>
>
>
> Olly
>
>
>
>
>
> *From:* John Cook [mailto:john.c...@pfsf.org]
> *Sent:* 31 January 2011 16:26
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
> found that while the fiber has better throughput (we also have an old 2Gb
> EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
> aren’t cheap) and of course you need some marginal capability in configuring
> said switch.
>
>
>
>  *John W. Cook*
>
> *System Administrator*
>
> *Partnership For Strong Families*
>
> *5950 NW 1st Place*
>
> *Gainesville, Fl 32607*
>
> *Office (352) 244-1610*
>
> *Cell (352) 215-6944*
>
> *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4*
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Monday, January 31, 2011 11:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> Not a direct answer, but another shared storage option you could consider
> for that setup is an MD3XXX.
>
> On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> htt

Re: iSCSI SANs vs FibreChannel SANs

[Andrew S. Baker]

iSCSI will work just fine for hosting a VM environment, as well as some
other workloads.

If you already have a FC infrastructure, then that's not a bad reason to go
there, but iSCSI is very mature and stable and good performance if you don't
purchase the cheapest equipment you can find.

First, as others have pointed out, you need to size up your needs...


*ASB *(My Bio via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall <
oliver.marsh...@g2support.com> wrote:

> Well, there will be maybe 3 VMs running on each host, most likely VM will
> have a redundant ‘spare’ running on the other physical host. The largest
> will be about 400GB+ of space running Exchange 2010 for about 100 users.
> Then perhaps a DC and a file server, and the latter will just be acting as a
> witness server for the Exchange DAG servers.
>
>
>
> I like the idea of iSCSI franky but experience of the s*** end of the
> market has put me off. Saying that the cost of the FC based setup puts me
> off even more J
>
>
>
> Olly
>
>
>
>
>
> *From:* John Cook [mailto:john.c...@pfsf.org]
> *Sent:* 31 January 2011 16:26
>
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
> found that while the fiber has better throughput (we also have an old 2Gb
> EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
> aren’t cheap) and of course you need some marginal capability in configuring
> said switch.
>
>
>
>  *John W. Cook*
>
> *System Administrator*
>
> *Partnership For Strong Families*
>
> *5950 NW 1st Place*
>
> *Gainesville, Fl 32607*
>
> *Office (352) 244-1610*
>
> *Cell (352) 215-6944*
>
> *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4*
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Monday, January 31, 2011 11:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> Not a direct answer, but another shared storage option you could consider
> for that setup is an MD3XXX.
>
> On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[Jim Holmgren]

+1 on EQL shelves for VMWare.  Great lower-cost alternative for the right 
environment.  EQL and VMWare play very nice together.  

 

I really like that you get all the ‘bells and whistles’ included with the 
purchase – no licensing of separate options.  

 

Jim

 

 

Jim Holmgren

Senior Manager, Infrastructure Services

XLHealth Corporation

The Warehouse at Camden Yards

351 West Camden Street, Suite 100

Baltimore, MD 21201 

410.625.2200 (main)

443.524.8573 (direct)

443-506.2400 (cell)

www.xlhealth.com

 

 

 

From: Martin Blackstone [mailto:mblackst...@gmail.com] 
Sent: Monday, January 31, 2011 11:35 AM
To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

 

+1

Seems lots of folks who have existing FC environments might be tempted to 
continue down that path, but if you don’t, and you’re looking at a primarily VM 
environment, ISCSI would probably fit your needs fine. Remember, you can also 
upgrade to 10GB Ethernet if you REALLY need that level of bandwidth (which you 
probably don’t).

 

 

From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Monday, January 31, 2011 8:26 AM
To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

 

I have 3 MD3000/3200i SANs and they work wonderfully. That being said I found 
that while the fiber has better throughput (we also have an old 2Gb EMC AX150 
fiber SAN) It was a lot more expensive to set up (Fiber switches aren’t cheap) 
and of course you need some marginal capability in configuring said switch. 

 

 John W. Cook

System Administrator

Partnership For Strong Families

5950 NW 1st Place

Gainesville, Fl 32607

Office (352) 244-1610

Cell (352) 215-6944

MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

 

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Monday, January 31, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

 

Not a direct answer, but another shared storage option you could consider for 
that setup is an MD3XXX.

On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall 
 wrote:

Hi Chaps

 

We’re buying some bits to build a basic VM platform so that we can get rid of 
some old rack servers here. 

Being new to decent SANs (we have some crappy iscsi hardware that we just use 
for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs 
FibreChannel SANs? We are planning on having two physical hosts (probably Dell 
PE710s running either Hyper-V or ESXi) with a lump of shared storage on a SAN 
but we are at odds here as to whether we should go iSCSI or FC.

 

Any comments or suggestions?

 

Olly

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finall

Re: iSCSI SANs vs FibreChannel SANs

[Jonathan Link]

What are your current crappy iSCSI devices?

On Mon, Jan 31, 2011 at 11:32 AM, Oliver Marshall <
oliver.marsh...@g2support.com> wrote:

>  Well, there will be maybe 3 VMs running on each host, most likely VM will
> have a redundant ‘spare’ running on the other physical host. The largest
> will be about 400GB+ of space running Exchange 2010 for about 100 users.
> Then perhaps a DC and a file server, and the latter will just be acting as a
> witness server for the Exchange DAG servers.
>
>
>
> I like the idea of iSCSI franky but experience of the s*** end of the
> market has put me off. Saying that the cost of the FC based setup puts me
> off even more J
>
>
>
> Olly
>
>
>
>
>
> *From:* John Cook [mailto:john.c...@pfsf.org]
> *Sent:* 31 January 2011 16:26
>
> *To:* NT System Admin Issues
> *Subject:* RE: iSCSI SANs vs FibreChannel SANs
>
>
>
> I have 3 MD3000/3200i SANs and they work wonderfully. That being said I
> found that while the fiber has better throughput (we also have an old 2Gb
> EMC AX150 fiber SAN) It was a lot more expensive to set up (Fiber switches
> aren’t cheap) and of course you need some marginal capability in configuring
> said switch.
>
>
>
>  *John W. Cook*
>
> *System Administrator*
>
> *Partnership For Strong Families*
>
> *5950 NW 1st Place*
>
> *Gainesville, Fl 32607*
>
> *Office (352) 244-1610*
>
> *Cell (352) 215-6944*
>
> *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4*
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Monday, January 31, 2011 11:22 AM
> *To:* NT System Admin Issues
> *Subject:* Re: iSCSI SANs vs FibreChannel SANs
>
>
>
> Not a direct answer, but another shared storage option you could consider
> for that setup is an MD3XXX.
>
> On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
> oliver.marsh...@g2support.com> wrote:
>
> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>  --
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity to
> which it is addressed and may contain Protected Health Information (PHI),
> confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient without
> the express written consent of the sender are prohibited. This information
> may be protected by the Health Insurance Portability and Accountability Act
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
> unauthorized use or disclosure of this information could result in civil
> and/or criminal penalties.
> Consider the environment. Please don't print this e-mail unless you really
> need to.
>
> This email and any attached files are confidential and intended solely for
> the intended recipient(s). If you are not the named recipient you should not
> read, distribute, copy or alter this email. Any views or opinions expressed
> in this email are those of the author and do not represent those of the
> company. Warning: Although precautions have been taken to make sure no
> viruses are present in this email, the company cannot accept responsibility
> for any loss or damage that arise from the use of this email or attachments.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
>
>Network Support
> Online Backups
> Server Management
>
>  Tel: 0845 307 3443
>
> Email: oliver.marsh...@g2support.com
>
> Web: http://www.g2suppor

RE: iSCSI SANs vs FibreChannel SANs

[Martin Blackstone]

+1

Seems lots of folks who have existing FC environments might be tempted to 
continue down that path, but if you don’t, and you’re looking at a primarily VM 
environment, ISCSI would probably fit your needs fine. Remember, you can also 
upgrade to 10GB Ethernet if you REALLY need that level of bandwidth (which you 
probably don’t).

 

 

From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Monday, January 31, 2011 8:26 AM
To: NT System Admin Issues
Subject: RE: iSCSI SANs vs FibreChannel SANs

 

I have 3 MD3000/3200i SANs and they work wonderfully. That being said I found 
that while the fiber has better throughput (we also have an old 2Gb EMC AX150 
fiber SAN) It was a lot more expensive to set up (Fiber switches aren’t cheap) 
and of course you need some marginal capability in configuring said switch. 

 

 John W. Cook

System Administrator

Partnership For Strong Families

5950 NW 1st Place

Gainesville, Fl 32607

Office (352) 244-1610

Cell (352) 215-6944

MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

 

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Monday, January 31, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

 

Not a direct answer, but another shared storage option you could consider for 
that setup is an MD3XXX.

On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall 
 wrote:

Hi Chaps

 

We’re buying some bits to build a basic VM platform so that we can get rid of 
some old rack servers here. 

Being new to decent SANs (we have some crappy iscsi hardware that we just use 
for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs 
FibreChannel SANs? We are planning on having two physical hosts (probably Dell 
PE710s running either Hyper-V or ESXi) with a lump of shared storage on a SAN 
but we are at odds here as to whether we should go iSCSI or FC.

 

Any comments or suggestions?

 

Olly

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

  _  

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.



This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[John Cook]

I have 3 MD3000/3200i SANs and they work wonderfully. That being said I found 
that while the fiber has better throughput (we also have an old 2Gb EMC AX150 
fiber SAN) It was a lot more expensive to set up (Fiber switches aren’t cheap) 
and of course you need some marginal capability in configuring said switch.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Monday, January 31, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: iSCSI SANs vs FibreChannel SANs

Not a direct answer, but another shared storage option you could consider for 
that setup is an MD3XXX.
On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall 
mailto:oliver.marsh...@g2support.com>> wrote:
Hi Chaps

We’re buying some bits to build a basic VM platform so that we can get rid of 
some old rack servers here.
Being new to decent SANs (we have some crappy iscsi hardware that we just use 
for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs 
FibreChannel SANs? We are planning on having two physical hosts (probably Dell 
PE710s running either Hyper-V or ESXi) with a lump of shared storage on a SAN 
but we are at odds here as to whether we should go iSCSI or FC.

Any comments or suggestions?

Olly

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iSCSI SANs vs FibreChannel SANs

[Lock, Philip]

We are also looking at storage here , but the biggest question is what
are you putting on it and how big amount of data are you looking at?

 

Philip Lock
Network Systems Manager
Moulsham Street, CM2 0JQ
Tel: 01245 293023
www.chelmsford.ac.uk  

 

 

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] 
Sent: 31 January 2011 16:13
To: NT System Admin Issues
Subject: iSCSI SANs vs FibreChannel SANs

 

Hi Chaps

 

We're buying some bits to build a basic VM platform so that we can get
rid of some old rack servers here. 

Being new to decent SANs (we have some crappy iscsi hardware that we
just use for dumping scrap data on) what are peoples thoughts of iSCSI
SANs vs FibreChannel SANs? We are planning on having two physical hosts
(probably Dell PE710s running either Hyper-V or ESXi) with a lump of
shared storage on a SAN but we are at odds here as to whether we should
go iSCSI or FC.

 

Any comments or suggestions?

 

Olly

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


This e-mail & any files and attachments transmitted with it are confidential 
and may be legally privileged.  They are intended solely for the use of the 
intended recipient.  Any views or opinions presented are solely those of the 
author/sender and are not necessarily shared or endorsed by Chelmsford College 
or any associated or related company.  If you are not the intended recipient, 
be advised that you have received this e-mail in error and that any use, 
dissemination, forwarding, printing or copying of, or any action taken or 
omitted in reliance on this e-mail or any file or attachment transmitted with 
it is strictly prohibited & may be unlawful. We may monitor all email 
communication through our networks.
 If you have received this e-mail in error please notify Chelmsford College by 
e-mailing:postmas...@chelmsford-college.ac.uk.
If you contact us by email, we may store your details to facilitate 
communication.
We take reasonable precautions to ensure our emails are virus free. However, we 
cannot accept responsibility for any virus transmitted by Chelmsford College 
and recommend that you subject any incoming email to your own virus checking 
procedures.
-- 
Scanned by iCritical.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: iSCSI SANs vs FibreChannel SANs

[Richard Stovall]

Not a direct answer, but another shared storage option you could consider
for that setup is an MD3XXX.

On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
oliver.marsh...@g2support.com> wrote:

> Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iSCSI SANs vs FibreChannel SANs

[Jonathan Link]

Some variables to consider:
Size of the environment
Applications to be housed in shared storage
Utilization of applications above.

That being said, I'm very happy on my EqualLogic PS5000.  It might even have
a bit more power than we need, but at the time we bought ours some of the
other solutions for the SMB market weren't ripe...  I'll be evaluating
either a Drobo or Synology unit as a secondary/backup array...

On Mon, Jan 31, 2011 at 11:13 AM, Oliver Marshall <
oliver.marsh...@g2support.com> wrote:

>  Hi Chaps
>
>
>
> We’re buying some bits to build a basic VM platform so that we can get rid
> of some old rack servers here.
>
> Being new to decent SANs (we have some crappy iscsi hardware that we just
> use for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs
> FibreChannel SANs? We are planning on having two physical hosts (probably
> Dell PE710s running either Hyper-V or ESXi) with a lump of shared storage on
> a SAN but we are at odds here as to whether we should go iSCSI or FC.
>
>
>
> Any comments or suggestions?
>
>
>
> Olly
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Copying large file

[Crawford, Scott]

RichCopy's an option too.  Is it possible that the drive is damaged?

From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 8:52 AM
To: NT System Admin Issues
Subject: RE: Copying large file

Xcopy

From: Haritwal, Dhiraj [mailto:dhiraj.harit...@ap.sony.com]
Posted At: Monday, January 31, 2011 9:48 AM
Posted To: itli...@imcu.com
Conversation: Copying large file
Subject: RE: Copying large file

Which command are you using to copy? Simple Copy command or Copying from 
explorer. Incase from Copy command, try with Robocopy.

Dhiraj




From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 8:01 PM
To: NT System Admin Issues
Subject: Copying large file

I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5 drive and 
I get an error after like 2 hours saying I couldn't copy the file???
OS:

Windows Server 2003, Standard Edition SP2

Memory:

4096 MB

Processor:

8 * Intel Pentium III Xeon processor


I have read a copy of KB's but they were just saying to take SP1...Well I am on 
SP2???


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway..

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Copying large file

[Crawford, Scott]

Any idea how much of the file was copied?  You can see the offset that's being 
read and written with ProcMon. That will let you know how far into the file it 
is, which might lend a clue.

From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 8:31 AM
To: NT System Admin Issues
Subject: Copying large file

I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5 drive and 
I get an error after like 2 hours saying I couldn't copy the file???
OS:

Windows Server 2003, Standard Edition SP2

Memory:

4096 MB

Processor:

8 * Intel Pentium III Xeon processor


I have read a copy of KB's but they were just saying to take SP1...Well I am on 
SP2???


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

iSCSI SANs vs FibreChannel SANs

[Oliver Marshall]

Hi Chaps

We're buying some bits to build a basic VM platform so that we can get rid of 
some old rack servers here.
Being new to decent SANs (we have some crappy iscsi hardware that we just use 
for dumping scrap data on) what are peoples thoughts of iSCSI SANs vs 
FibreChannel SANs? We are planning on having two physical hosts (probably Dell 
PE710s running either Hyper-V or ESXi) with a lump of shared storage on a SAN 
but we are at odds here as to whether we should go iSCSI or FC.

Any comments or suggestions?

Olly

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Tom Miller]

I use Group Policy Preferences under:
 
User Configuration | Preferences | Control Panel Settings | Printers.  From 
here I add a shared printer which has already been created on a Print Server.   
I've also use IP instead of shared.  Almost all of our printers are defined on 
print servers, since soon we'll be using a product called Equitrac to manage 
printing, and print servers or IP printing is required for that.  
 
Just be sure your print server has a 32-bit driver for your XP clients.  And 
don't forget to associated the GPO with the applicable OU.  I've forgotten to 
do that in the past.
 
Sorry I cannot help with USB method, though, since we don't use that here.

>>> Kelli Sterley  1/31/2011 9:26 AM >>>
Tom - what does your policy settings look like? I am also trying to push 
network printers to xp using a GP but it is not working either.
Kelli

On Mon, Jan 31, 2011 at 8:53 AM, Tom Miller  wrote:


When you write local, do you mean connected via USB or IP? I push printers to 
XP via GP, but all printers here - desktop included - are IP based as we use 
meter readers.

>>> James Hill  1/30/2011 5:12 PM >>> 


Have you enabled GPP logging? There is a GPO to enable it for printing. Might 
be a good place to start.

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Saturday, 29 January 2011 1:26 AM
To: NT System Admin Issues
Subject: Group Policy Preferences installing a local printer

I'm having some trouble with this. After some fits and starts it appears that 
all of my Windows 7 clients are receiving the local printer I want them to 
have, however, when they physically attach the printer, it installs itself with 
a new name. It's not a huge deal, but something I was hoping to avoid. I also 
had turned on the preference setting allowing users to install devices of the 
printer class, so I think that's what's actually happening when a user plugs in 
the printer for the first time, and it appears that this policy is only for 
Windows 7 (maybe Vista, but that's moot since we don't have Vista).


My real issue is with Windows XP. No printers are installed. And yes, i do have 
the Group Policy extenstions for XP installed on these workstations. I have 
been successfully managing the local administrators group and user, and even 
went so far as to verify that the settings were intact on the XP machines. Is 
installing local printers only applicable to Vista and Windows 7?


Any ideas, hints, guides? GoogleFu got me this far, but I haven't been able to 
find definitive answers to my XP question.


Thanks,

Jonathan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Copying large file

[itli...@imcu.com]

Xcopy 

 

From: Haritwal, Dhiraj [mailto:dhiraj.harit...@ap.sony.com] 
Posted At: Monday, January 31, 2011 9:48 AM
Posted To: itli...@imcu.com
Conversation: Copying large file
Subject: RE: Copying large file

 

Which command are you using to copy? Simple Copy command or Copying from
explorer. Incase from Copy command, try with Robocopy.

 

Dhiraj

 

 

 

 

From: itli...@imcu.com [mailto:itli...@imcu.com] 
Sent: Monday, January 31, 2011 8:01 PM
To: NT System Admin Issues
Subject: Copying large file

 

I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5
drive and I get an error after like 2 hours saying I couldn't copy the
file???

OS: 

Windows Server 2003, Standard Edition SP2

Memory: 

4096 MB

Processor: 

8 * Intel Pentium III Xeon processor

 

I have read a copy of KB's but they were just saying to take SP1...Well
I am on SP2???

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 



This email is confidential and intended only for the use of the
individual or entity named above and may contain information that is
privileged. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this email is strictly
prohibited. If you have received this email in error, please notify us
immediately by return email or telephone and destroy the original
message. - This mail is sent via Sony Asia Pacific Mail Gateway..

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Copying large file

[Haritwal, Dhiraj]

Which command are you using to copy? Simple Copy command or Copying from 
explorer. Incase from Copy command, try with Robocopy.

Dhiraj




From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Monday, January 31, 2011 8:01 PM
To: NT System Admin Issues
Subject: Copying large file

I am trying to copy a 67Gb .bak file from a USB drive to a SAS Raid-5 drive and 
I get an error after like 2 hours saying I couldn't copy the file???
OS:

Windows Server 2003, Standard Edition SP2

Memory:

4096 MB

Processor:

8 * Intel Pentium III Xeon processor


I have read a copy of KB's but they were just saying to take SP1...Well I am on 
SP2???


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway..

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Kelli Sterley]

Tom - what does your policy settings look like?  I am also trying to push
network printers to xp using a GP but it is not working either.
Kelli


On Mon, Jan 31, 2011 at 8:53 AM, Tom Miller  wrote:

> When you write local, do you mean connected via USB or IP?  I push printers
> to XP via GP, but all printers here - desktop included - are IP based as we
> use meter readers.
>
> >>> James Hill  1/30/2011 5:12 PM >>>
>
>  Have you enabled GPP logging?  There is a GPO to enable it for printing.
> Might be a good place to start.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Saturday, 29 January 2011 1:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Preferences installing a local printer
>
>
>
> I'm having some trouble with this.  After some fits and starts it appears
> that all of my Windows 7 clients are receiving the local printer I want them
> to have, however, when they physically attach the printer, it installs
> itself with a new name.  It's not a huge deal, but something I was hoping to
> avoid.  I also had turned on the preference setting allowing users to
> install devices of the printer class, so I think that's what's actually
> happening when a user plugs in the printer for the first time, and it
> appears that this policy is only for Windows 7 (maybe Vista, but that's moot
> since we don't have Vista).
>
>
>
> My real issue is with Windows XP.  No printers are installed.  And yes, i
> do have the Group Policy extenstions for XP installed on these
> workstations.  I have been successfully managing the local administrators
> group and user, and even went so far as to verify that the settings were
> intact on the XP machines.  Is installing local printers only applicable to
> Vista and Windows 7?
>
>
>
> Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been
> able to find definitive answers to my XP question.
>
>
>
> Thanks,
>
> Jonathan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

XenApp 6 logon issues

[James Rankin]

Anyone else seeing issues with XenApp 6 systems whereby logons to published
desktops are simply not working after the server reaches a load of about
6000? We have the other servers in the app pool configured to show a full
load through the load evaluators so we can stress-test two new physical
servers, but as soon as the load on these two servers hits 6000 or so
(roughly 60-70 user sessions), logons keep hanging until we remove the "full
load" load evaluator from one of the other servers in the pool, and then
everything seems to work OK again.

Should we be using the load evaluators in this way to simulate full loads on
some of the servers? Personally I would have just removed them from the
application pool.

TIA,

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

*IMPORTANT: This email is intended for the use of the individual
addressee(s) named above and may contain information that is confidential,
privileged or unsuitable for overly sensitive persons with low self-esteem,
no sense of humour or irrational religious beliefs. If you are not the
intended recipient, any dissemination, distribution or copying of this email
is not authorised (either explicitly or implicitly) and constitutes an
irritating social faux pas.

Unless the word absquatulation has been used in its correct context
somewhere other than in this warning, it does not have any legal or no
grammatical use and may be ignored. No animals were harmed in the
transmission of this email, although the kelpie next door is living on
borrowed time, let me tell you. Those of you with an overwhelming fear of
the unknown will be gratified to learn that there is no hidden message
revealed by reading this warning backwards, so just ignore that Alert Notice
from Microsoft.

However, by pouring a complete circle of salt around yourself and your
computer you can ensure that no harm befalls you and your pets. If you have
received this email in error, please add some nutmeg and egg whites, whisk
and place in a warm oven for 40 minutes.*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Jonathan Link]

Logging may solve part of my issue, XP workstations not receiving the
printer (although my searching has indicated others have problems with this,
too).

However, I don't see how logging won't resolve my biggest issue, that the
printer installs itself as a new device when physically connected.  The
printers I want are already there, and remain their when the printer is
connected.

On Sun, Jan 30, 2011 at 5:12 PM, James Hill wrote:

>  Have you enabled GPP logging?  There is a GPO to enable it for printing.
> Might be a good place to start.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Saturday, 29 January 2011 1:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Preferences installing a local printer
>
>
>
> I'm having some trouble with this.  After some fits and starts it appears
> that all of my Windows 7 clients are receiving the local printer I want them
> to have, however, when they physically attach the printer, it installs
> itself with a new name.  It's not a huge deal, but something I was hoping to
> avoid.  I also had turned on the preference setting allowing users to
> install devices of the printer class, so I think that's what's actually
> happening when a user plugs in the printer for the first time, and it
> appears that this policy is only for Windows 7 (maybe Vista, but that's moot
> since we don't have Vista).
>
>
>
> My real issue is with Windows XP.  No printers are installed.  And yes, i
> do have the Group Policy extenstions for XP installed on these
> workstations.  I have been successfully managing the local administrators
> group and user, and even went so far as to verify that the settings were
> intact on the XP machines.  Is installing local printers only applicable to
> Vista and Windows 7?
>
>
>
> Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been
> able to find definitive answers to my XP question.
>
>
>
> Thanks,
>
> Jonathan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Group Policy Preferences installing a local printer

[Jonathan Link]

I mean connected via USB.
On Mon, Jan 31, 2011 at 8:53 AM, Tom Miller  wrote:

> When you write local, do you mean connected via USB or IP?  I push printers
> to XP via GP, but all printers here - desktop included - are IP based as we
> use meter readers.
>
> >>> James Hill  1/30/2011 5:12 PM >>>
>
>  Have you enabled GPP logging?  There is a GPO to enable it for printing.
> Might be a good place to start.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Saturday, 29 January 2011 1:26 AM
> *To:* NT System Admin Issues
> *Subject:* Group Policy Preferences installing a local printer
>
>
>
> I'm having some trouble with this.  After some fits and starts it appears
> that all of my Windows 7 clients are receiving the local printer I want them
> to have, however, when they physically attach the printer, it installs
> itself with a new name.  It's not a huge deal, but something I was hoping to
> avoid.  I also had turned on the preference setting allowing users to
> install devices of the printer class, so I think that's what's actually
> happening when a user plugs in the printer for the first time, and it
> appears that this policy is only for Windows 7 (maybe Vista, but that's moot
> since we don't have Vista).
>
>
>
> My real issue is with Windows XP.  No printers are installed.  And yes, i
> do have the Group Policy extenstions for XP installed on these
> workstations.  I have been successfully managing the local administrators
> group and user, and even went so far as to verify that the settings were
> intact on the XP machines.  Is installing local printers only applicable to
> Vista and Windows 7?
>
>
>
> Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been
> able to find definitive answers to my XP question.
>
>
>
> Thanks,
>
> Jonathan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Policy Preferences installing a local printer

[Tom Miller]

When you write local, do you mean connected via USB or IP?  I push printers to 
XP via GP, but all printers here - desktop included - are IP based as we use 
meter readers.

>>> James Hill  1/30/2011 5:12 PM >>>

Have you enabled GPP logging?  There is a GPO to enable it for printing.  Might 
be a good place to start.
 
From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Saturday, 29 January 2011 1:26 AM
To: NT System Admin Issues
Subject: Group Policy Preferences installing a local printer
 

I'm having some trouble with this.  After some fits and starts it appears that 
all of my Windows 7 clients are receiving the local printer I want them to 
have, however, when they physically attach the printer, it installs itself with 
a new name.  It's not a huge deal, but something I was hoping to avoid.  I also 
had turned on the preference setting allowing users to install devices of the 
printer class, so I think that's what's actually happening when a user plugs in 
the printer for the first time, and it appears that this policy is only for 
Windows 7 (maybe Vista, but that's moot since we don't have Vista).

 

My real issue is with Windows XP.  No printers are installed.  And yes, i do 
have the Group Policy extenstions for XP installed on these workstations.  I 
have been successfully managing the local administrators group and user, and 
even went so far as to verify that the settings were intact on the XP machines. 
 Is installing local printers only applicable to Vista and Windows 7?

 

Any ideas, hints, guides?  GoogleFu got me this far, but I haven't been able to 
find definitive answers to my XP question.

 

Thanks,

Jonathan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Some thoughts for your DR Plan

[Erik Goldoff]

I’m sorry you had to experience this, but glad you didn’t experience
personal catastrophic harm.

 

I belong to the Southeastern Continuity Planners’ Association here in
Georgia ( www.scpa-us.org ) and I’d like to share the content of your
message below, but wanted to ask your permission first.  What say you ?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Sunday, January 30, 2011 9:06 PM
To: NT System Admin Issues
Subject: Some thoughts for your DR Plan

 

We now have the majority of things restored and up and running.  Below are
just some initial thoughts and ideas that I wanted to share with the list.
It is in no way any form of DR plan nor is it meant to indicate what we did
or didn’t have.  It’s simply my experiences from our recent DR experience
written down for the benefits of others.

 

Some or none of this may apply to you.  I certainly do not regard myself as
any form of DR expert nor am I the first to have been through a real DR
experience.  However if I am able to provide any info that can assist others
than I am more than happy to do so.

 

· Don’t ever think it can’t happen, it can.

· You do need a DR location, a live one if possible.  Convince
management of this!

· Build redundancy into your designs of everything.  Thanks to this
all our stores were able to continue to trade even though the data centre
was under water.

· If you have something in your environment that isn’t in your
backup schedule, add it now, no matter how small it may be.

· Consider that staff with specific duties in your DR plan may not
be able to assist as they are tending to their own personal issues or
physical access is simply not available.

· Services you take for granted may simply be not available.  There
were power outages (some for weeks) and communication network outages.
Phone systems quickly become overloaded in a Disaster, especially
mobile/cell networks.

· Make allowance for the following in your DR location(for
relocation of office staff)

oFurniture for staff

oComputers and comms

oPower, can the circuits handle the extra load you will be adding to the
site?

oBandwidth

oAir conditioning/heating

· Have remote visibility of your data centre and its surroundings

oA camera or two would have shown us the level of the water and we could
have saved much more equipment.

· Add sensors to your data centre that shuts off the power if water
is detected.

· Exchange cached mode and offline files provide quick access to
much critical information.

· Keep critical infrastructure/server build/networking documentation
in multiple places.

oI had a recent backup at my personal residence.  It was invaluable in
the early stages of our Recovery.

· Data restores

oDo test restores regularly.  Environments change all the time and maybe
something hasn’t been added to the backup list for that server.

oEnsure that you can retrieve critical data quickly.  Restores take
time.

oTapes – do anything to avoid them, if you have to use them have
multiple tape drives available so that restores can be conducted more
quickly.

oHave backup backup servers.  Especially with the tape catalogues
available.  We saw cataloguing of tapes take 14 hours plus.

oHave an offsite location authorised as a delivery point with your
Offsite Tape holder.

· Check your emotions at the door.  Remain calm and logical,
consider others needs.  The people that are true leaders(that doesn’t
necessarily mean all Managers) should be running the show.  Everyone else
will be looking to them for guidance.

 

· Fire and water make fantastic servants, they are horrible masters.

 

James.

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Some thoughts for your DR Plan

[Andrew S. Baker]

Good morning, James

Thanks for this overview... This type of real-world feedback is always
helpful.


*ASB *(My Bio via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Sun, Jan 30, 2011 at 9:05 PM, James Hill wrote:

> We now have the majority of things restored and up and running.  Below are
> just some initial thoughts and ideas that I wanted to share with the list.
> It is in no way any form of DR plan nor is it meant to indicate what we did
> or didn’t have.  It’s simply my experiences from our recent DR experience
> written down for the benefits of others.
>
>
>
> Some or none of this may apply to you.  I certainly do not regard myself as
> any form of DR expert nor am I the first to have been through a real DR
> experience.  However if I am able to provide any info that can assist others
> than I am more than happy to do so.
>
>
>
> · Don’t ever think it can’t happen, it can.
>
> · You do need a DR location, a live one if possible.  Convince
> management of this!
>
> · Build redundancy into your designs of everything.  Thanks to
> this all our stores were able to continue to trade even though the data
> centre was under water.
>
> · If you have something in your environment that isn’t in your
> backup schedule, add it now, no matter how small it may be.
>
> · Consider that staff with specific duties in your DR plan may not
> be able to assist as they are tending to their own personal issues or
> physical access is simply not available.
>
> · Services you take for granted may simply be not available.
> There were power outages (some for weeks) and communication network
> outages.  Phone systems quickly become overloaded in a Disaster, especially
> mobile/cell networks.
>
> · Make allowance for the following in your DR location(for
> relocation of office staff)
>
> oFurniture for staff
>
> oComputers and comms
>
> oPower, can the circuits handle the extra load you will be adding to
> the site?
>
> oBandwidth
>
> oAir conditioning/heating
>
> · Have remote visibility of your data centre and its surroundings
>
> oA camera or two would have shown us the level of the water and we
> could have saved much more equipment.
>
> · Add sensors to your data centre that shuts off the power if
> water is detected.
>
> · Exchange cached mode and offline files provide quick access to
> much critical information.
>
> · Keep critical infrastructure/server build/networking
> documentation in multiple places.
>
> oI had a recent backup at my personal residence.  It was invaluable in
> the early stages of our Recovery.
>
> · Data restores
>
> oDo test restores regularly.  Environments change all the time and
> maybe something hasn’t been added to the backup list for that server.
>
> oEnsure that you can retrieve critical data quickly.  Restores take
> time.
>
> oTapes – do anything to avoid them, if you have to use them have
> multiple tape drives available so that restores can be conducted more
> quickly.
>
> oHave backup backup servers.  Especially with the tape catalogues
> available.  We saw cataloguing of tapes take 14 hours plus.
>
> oHave an offsite location authorised as a delivery point with your
> Offsite Tape holder.
>
> · Check your emotions at the door.  Remain calm and logical,
> consider others needs.  The people that are true leaders(that doesn’t
> necessarily mean all Managers) should be running the show.  Everyone else
> will be looking to them for guidance.
>
>
>
> · Fire and water make fantastic servants, they are horrible
> masters.
>
>
>
> James.
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin