Re: Citrix MetaFrame Running on VM box - Thanks for your response

[David Hekimian]

Before you go about reinstalling from scratch, I'd suggest setting up a VMware 
vSphere 4 box and install Citrix on it. You can download and install vSphere 4 
using a 60-day evaluation for free. vSphere 4 has been tuned for improving 
performance with MS SQL, MS Exchange, Citrix and several other specific 
workloads.

I'd also suggest installing the VMware Tools included with vSphere 4 and use 
the VMXNET 3 NIC as it will yield the best performance and lowest CPU overhead.

- David

  - Original Message - 
  From: Haralson, Joe (GE Comm Fin, non-GE) 
  To: NT System Admin Issues 
  Sent: Tuesday, June 02, 2009 1:43 PM
  Subject: RE: Citrix MetaFrame Running on VM box - Thanks for your response


  Thanks to all for your reply. We are looking to reinstall citrix from scratch 
on the VM Host. I will let you know how it goes.

  Joe Haralson
  ( Office: (847) 598-6737
  ( DC: : *8 837-6737
  7 Fax: : (847) 585-5695
  ( Cell: : (630) 337-8034
  * e-Mail: joe.haral...@ge.com 


  THIS E-MAIL IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH 
IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL 
AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. IF THE READER OF THIS MESSAGE 
IS NOT THE INTENDED RECIPIENT, OR THE EMPLOYEE OR AGENT RESPONSIBLE FOR 
DELIVERING THE MESSAGE TO THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT 
ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY 
PROHIBITED. ANY INADVERTENT RECEIPT BY YOU OF SUCH CONFIDENTIAL INFORMATION IS 
NOT INTENDED TO CONSTITUTE A WAIVER OF ANY PRIVILEGE. IF YOU HAVE RECEIVED THIS 
COMMUNICATION IN ERROR, PLEASE NOTIFY US IMMEDIATELY BY TELEPHONE, AND DELETE 
THE ORIGINAL MESSAGE FROM YOUR COMPUTER. THANK YOU.







--
  From: James Rankin [mailto:kz2...@googlemail.com] 
  Sent: Tuesday, June 02, 2009 6:49 AM
  To: NT System Admin Issues
  Subject: Re: Citrix MetaFrame Running on VM box


  If you P2V the server or indeed the template you are building from, you will 
see some issues. We have some boxes like this and once they go over ten users 
or so they get nasty.

  With a clean build you should get 30 or so

  However, some applications we use cause Citrix to run slowly, physical or 
virtual.


  2009/6/1 Haralson, Joe (GE Comm Fin, non-GE) 

Has anyone experience any issues with slowness after placing Citrix 
Presentation Server 4.0 on a VM Box? 




Joe Haralson
Network Infrastructure Team 




 




 



 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Multiple engineering offices and sharing large files

[David Hekimian]

Angus,

I've done quite a few projects extremely similar to this one. In many cases 
what first appeared to be an expensive solution was actually cost effective 
and justified after doing some back of the napkin math. Don't let the cost 
scare you away from investigating this solution!


In each of these situations we had the following:
- Multiple Locations with varying user counts (1 User to 250+ Users)
- Limited IT Support Personnel at HQ and none at Remote Sites
- Users in multiple locations working on the same project
- Users working long hours to meet project deadlines

The solution that was used for almost all of these customers was a 
combination of:

- Riverbed Steelhead Appliances
- Riverbed Steelhead Mobile
- NetApp Filers

Depending on the customer we either put the NetApp Filer at HQ or at a 
Collocation facility. Many of the customers didn't have the infrastructure 
to host their own Servers (Racks, Power, Cooling, etc) and since we are 
centralizing all the data it made sense to put it somewhere with a higher 
degree of availability. In a couple of cases we also deployed a 2nd NetApp 
Filer at another location to handle replication and provide fault tolerance 
in case of an outage.


The Riverbed Steelhead's enabled the entire project to work. One device 
needs to be installed at each location or for very small sites the Steelhead 
Mobile client can be used. In every case, we tested the performance and 
users found that accessing files across the WAN was just as fast and in 
*MANY* cases actually faster than opening them locally (In the cases where 
it was faster across the WAN then the LAN the mitigating factor had to do 
with disk speed. Coming across the WAN the data came from the faster NetApp 
Filer and on the LAN it was either older SCSI disk or SATA). What made this 
shine was the Steelhead Mobile component. This is where the actual Customer 
really fell in love with the solution. By deploying the Steelhead Mobile 
client on the end users PC/Laptop, the user could now work anywhere and have 
access to the latest versions of the files.


The use cases for this are endless but for the Principle Architects / 
Engineers they found this to be the most valuable because it gave them time 
back. One customer really liked the idea of taking his laptop with him to 
the customer site, make changes on the fly, coordinate with his team back in 
the office on those changes and have a new set of prints made off his laptop 
at the local Kinko's. Before he would make the changes on the actually 
drawings, bring them back to the office to make changes on the computer, 
have a new set of prints made and go back out to the customer. Since the 
customers were usually far away (many hours by car or air travel) this meant 
he could spend more time with his family instead of working. In most of the 
companies I implemented this for it was the Principle Architects / Engineers 
who this impacted the most and they were the ones who ultimately 
justified/approved the purchases.


Pros:
- High Availability
- Centralized Data
- Reduces Backup Headaches
- Hourly snapshots to revert changes
- Simple to Replicate
- Improved performance for ALL data accessed not just for specific CAD file 
access (I-Mail, Web, File Sharing, etc.)

- Improved business response time to customers
- Gave business users flexibility in how and where they worked

Cons:
- Expensive vs traditional IT methods

I've had great success doing this for many small, medium and large shops.

Let me know if you have any questions,

- David

- Original Message - 
From: "Angus Scott-Fleming" 

To: "NT System Admin Issues" 
Sent: Friday, January 30, 2009 4:01 PM
Subject: Multiple engineering offices and sharing large files


Anybody here running a small-business network with multiple geographically-
remote (e.g. Arizona, Wyoming, Maine, Florida) offices for which the main
office and the remote office both need access to the same large files (e.g. 
CAD
drawings, large scientific datasets, GIS data)?  The files are way too large 
to

process over a VPN as Internet latency would clobber processing performance,
but the home office needs to have the same data that the field office has so
they can both work on the data, if not simultaneously, then on the same day. 
I

don't think a TS setup would be reliable enough for this situation as the
main=office's Internet connectivity isn't the most reliable.

Servers will probably be Windows SBS servers as I think SBS can handle the
number of users they have for Exchange (up to 250 users, right?).

I'm thinking some sort of 'rsync'. but I'd be interested in how others have
dealt with this.

Related to this, how do you deal with email in a situation like this?  I'm
showing my ignrance about Exchange here, but is it possible to have a 
primary
Exchange server in the main office and have each satellite office with its 
own

mail server that draws from the main office but stores mail locally so local
users can conti

Re: Network Traffic

[David Hekimian]

Carlos,

I'm with Martin on this one.

I've got a Packeteer and love it. It give me the monitoring I need and the
ability to shape the traffic.

Call your local Packeteer Salesman and have him bring one out for a 30 day
eval. He'll be happy to do it He knows once a Packeteer goes in for an
eval, it usually doesn't come out. Cost 8K-10K with maintanance.

- David

- Original Message -
From: "Martin Blackstone" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Friday, September 28, 2001 2:02 PM
Subject: RE: Network Traffic


> Then check it out. This thing is wonderful and great for throttling
> bandwidth to specific apps or users.
> It is just incredible. Check out their site, call a VAR and get a 30 day
> demo. I promise you at the end of 30 days you will keep it. Less than
> 10K
>
> -Original Message-
> From: Carlos Garcia-Moran [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 1:57 PM
> To: NT System Admin Issues
> Subject: RE: Network Traffic
>
>
> Well, My boss doesn't mind spending the cash (unless we talking about
> 20K or more, then It's paperwork HELL!) as long as I can prove the tool
> has some worth. He is big into monitoring :)
>
> -Original Message-
> From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 4:52 PM
> To: NT System Admin Issues
> Subject: RE: Network Traffic
>
>
> If you're willing to spend the $$$ take a look at Packeteer PacketShaper
>
> -Original Message-
> From: Carlos Garcia-Moran [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 1:50 PM
> To: NT System Admin Issues
> Subject: Network Traffic
>
>
> Heyas!
>
> Can anyone suggest a good tool for network traffic monitoring? We have
> all HP Procurve Switches and use TopTools, but it doesn't seem that good
> (unless im just missing some config options). For example we wanted to
> track down a user that was pegging our T @ 97% utilization (he had 15
> "family guy" downloads on morpheus at the same time) and TT did not tell
> us much. We finally tracked him down by using firewall logs...kind of
> time consuming
>
> Any good ideas
>
> Cheers
>
> Carlos Garcia-Moran
> Senior Network Engineer
> Athenahealth, INC
> 781.392.0157 Main
> 617.543.1701 Cell
> [EMAIL PROTECTED]
>
>
> Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
>
>
> Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
>
>
> Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
>
>
> Want to unsub? Do that here:
> http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first:
> http://www.ultratech-llc.com/KB/
>


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Re: Samba

[David Hekimian]

Jon,

Take a look at http://www.samba.org/ and read up on the flavor of *nix you
are going to run Samba on. Some are more Samba & Admin friendly then others.

- David


- Original Message -
From: "Jon Hill" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Friday, September 28, 2001 3:50 PM
Subject: Samba


> Looks like we're about to get a SAN.  One thing I'd like to do with it is
> migrate fileserving responsibility from a pair of HP9000s with
> direct-attached RAID arrays to an Intel Linux box that gets its storage
from
> the SAN.  Don't worry about scalability--those 9000s were seriously
> underworked.  This means migrating from HP's Advanced Server to Samba.
>
> I'm sure some of you have experienced Samba, but I haven't.  Any gotchas I
> should watch for?  We have an NT4 LAN (we'll soon upgrade the PDC to Win2K
> but we'll run in mixed mode for a very long time to come).
>
> Specific questions:
> * Can I still create network shares from Server Mgr.  Can I still use
> Server Mgr to manage permissions?
> * Can I still modify file-level permissions via Windows Explorer?
> * Any issues related to long file names?  Advanced Server handles LFNs
> very poorly, imho, especially with respect to batch files.
>
> As always, your help is tremendously appreciated.
>
> jon
>
> Want to unsub? Do that here:
> http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first:
> http://www.ultratech-llc.com/KB/
>


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Re: Exodus

[David Hekimian]

David,

I would take another look at your contract. My Master Services Agreement
with Exodus allows me to cancle if either party goes into chapter 11 (as
well as other things).

- David


- Original Message -
From: "David Miller" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Tuesday, September 25, 2001 10:39 PM
Subject: RE: Exodus


> Yes, we co-lo there. Unsure but planning has begun. Just remember you have
a
> contract with them that they can not breach even under chapter 11 (in
> theory). The concern we have is if peering relationships get pulled when /
> if they go in to chapter 11 and are no longer paying them. Also remember
> that most of there 3 Billion in debt is unsecured which means they may be
> able to reemerge from chapter 11 fairly quickly (in theory). The question
is
> do you want to hang on for the ride and risk downtime.
>
> David Miller
> IT Manager
> vJungle
> Desk: 425-605-2432
> Cell: 425-766-7638
>
>
> -Original Message-
> From: Steve Casas [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 4:20 PM
> To: NT System Admin Issues
> Subject: RE: Exodus
>
>
> Speaking of which, does anyone else co-lo there? If you do, are you moving
> to another facility?
>
>
> Steve
>
>
>  -Original Message-
> From: Bill Higgins [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 12:59 PM
> To: NT System Admin Issues
> Subject: Exodus
>
> we do... and we are scrambling to build out a 2nd Data Centre and fail
over
> to it...
>
> do you have the news article about Exodus... trying to find it...
>
> -Original Message-
> From: Ratini Heidi - IL [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 12:17
> To: NT System Admin Issues
> Subject: RE: IIS PERMISIONS !!
>
>
> Anyone have any servers on Exodus?  They went Chapter 11 today.
>
> -Original Message-
> From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 11:13 AM
> To: NT System Admin Issues
> Subject: IIS PERMISIONS !!
>
>
> I have a website that has a message board. I have set permisions on the
Hard
> Drive and on the MMC to allow read and write etc It still prompts to
> enter a password and username. WHY? I have tried like crazy to have it not
> do that but it does. here is the site just click on the forums link to
check
> it out. Thanks
>
> http://66.45.36.187/BelchingToadClan/
>
> Tiffany Belcher
> Web Developer - Network Administrator
> [EMAIL PROTECTED]
>
> Want to unsub? Do that here:
>
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
> e=0&lang=english
>
> Want to unsub? Do that here:
>
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
> e=0&lang=english
>
> Want to unsub? Do that here:
>
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
> e=0&lang=english
>
> Want to unsub? Do that here:
>
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
> e=0&lang=english
>
> Want to unsub? Do that here:
>
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0&lang=english
>


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Re: InoculateIT opinions

[David Hekimian]

Steve,

Seriously take a look at TrendMicro's virus scan offering - OfficeScan
Corporate Edition. I've used Symantec's Norton Antivirus, CA's InoculateIT,
McAfee's VirusScan and countless others..

TrendMicro does workgroup AV right! From a centralized managemnet console
(web based) to deploy to new users, set policies on the local client (Set
whether the user can disable OfficeScan or not, etc.),  and automatic
updates of virus definitions and deployment to desktops.

Also, Look at TrendMicro's NeatSuite. It a combination of OfficeScan,
ScanMail and InterScan Viruswall for about the same price as just 1 of the
products.


- David

- Original Message -
From: "Steve Frenzl" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Friday, September 28, 2001 11:50 AM
Subject: InoculateIT opinions


>
> My company is looking for a workgroup AV and I was curious what the
> opinions were of Inoculate. From past threads, the consensus seems to be
> that Norton is better than Mcafee but I don't remember seeing Inoculate
> discussed. Any input is appreciated.
>
> Steve Frenzl
> Systems Administrator
> Farmer Automotive Group
>
>
> Want to unsub? Do that here:
> http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first:
> http://www.ultratech-llc.com/KB/
>


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Re: Known vulnerabilities w/ NTP?

[David Hekimian]

Sean,

You should really set up your Firebox to be your NTP time server. Then point
all your internal servers to its private ip address. That way you are not
exposing your entire network and only have to worry about your Firebox being
vulnerable.

Also its much better netiquette to point 1 device to a public time server
and serve yourself from your own "time server" then it is to point all your
device to a public time server.

- David

- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 27, 2001 5:05 PM
Subject: RE: Known vulnerabilities w/ NTP?


> I did use the ntp service on my Firebox so I think I'm alright. I also
only
> allow incoming connections from 3 different time servers and used nat to
one
> server. I should be good to go. Thanks for the help.
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

>
>
> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 27, 2001 3:57 PM
> To: NT System Admin Issues
> Subject: RE: Known vulnerabilities w/ NTP?
>
>
> I know of none for NT.
> I run an NTP service in my DMZ to pull the time off a specific NTP server
on
> the net.
> I then allow one NTP server internally to access my DMZ one.
> but , hey, I am paranoid.
> if the firebox has a ntp service available on it from the vendor, use that
> one. It is more likely to be "invulnerable"
>
> regards
> Dean
>
> -Original Message-
> From: Sean Martin [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 28 September 2001 11:21 a.m.
> To: NT System Admin Issues
> Subject: Known vulnerabilities w/ NTP?
>
>
> Hey folks,
>
> This may be slightly off-topic, so please accept my apologies.
>
> I was just wondering if you "old-tim" ummm."experienced" folks
knew
> about any vulnerabilities with opening the NTP service UDP & TCP 123
through
> my firewall to one designated server.
>
> I've found some vulnerabilities listed but they seem to only effect the
> listed platforms below. Any for NT and/or WatchGuard Firebox II?
>
> Hewlett-Packard:
> HP9000 Series 700/800 running HP-UX releases 10.XX and 11.XX.
>
> Red Hat:
> Red Hat Linux 6.2 and earlier (for xntpd).
> Red Hat Linux 7.0 (for ntpd).
>
> NetBSD:
> NetBSD prior to 1.4.
> NetBSD 1.4 and 1.5.
> NetBSD-CURRENT prior to 2001-04-05.
>
> FreeBSD:
> FreeBSD 3.x (all releases).
> FreeBSD 4.x (all releases).
> FreeBSD 3.5-STABLE and 4.2-STABLE prior to the correction date 2001-04-06.
> FreeBSD ports collection prior to the correction date 20001-04-06.
>
> Caldera:
> OpenLinux 2.3 (All packages previous to xntp-3.5.93e-5)
> OpenLinux eServer 2.3.1 and OpenLinux eBuilder (All packages previous to
> xntp-3.5.93e-5)
> OpenLinux eDesktop 2.4 (All packages previous to xntp-4.0.97-2)
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> Want to unsub? Do that here:
> http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first:
> http://www.ultratech-llc.com/KB/
> ***
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***
>
> Want to unsub? Do that here:
> http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first:
> http://www.ultratech-llc.com/KB/
> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> Want to unsub? Do that here:
> http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first:
> http://www.ultratech-llc.com/KB/
>


Wa