Monthly Archive for April, 2009

Windows 7 will be fun

Published by Bret Fisher on Apr 20, 2009 in Microsoft and Tech. 2 Comments Tags: , , , , , .

Only a handful of software that isn’t a game could end up on the “fun to use” list.  I think Windows 7 is on it.  I’ve been  using it as the main OS on an increasing amount of computers since the pre-release of the public beta (build 7000) since December 08.  I’ve now got 5 out of 7 work/home machines using it, most on build 7077 (which isn’t perfect).  Waiting on RC build this month. It’s so enjoyable to use (compared to XP and Vista) that I have that “can’t wait” feeling for RTM.

From the responsiveness of the interface, awesome boot and return-from-sleep times, to the overall look, the new “best taskbar eva”, to little things like knowing the difference between a “default audio device” (speakers) and your “default communications device” (headset or webcam/mic)…. it’s got a lot going for it.  I’m starting to get more comfortable with the “library” concepts (old Play To option in Windows 7 Media Playerhabits of caring exactly where your file is located on disk die hard).  Though, I’m still not a huge IE8 fan compared to Firefox (and now my new fav: Chrome… yes I said it.  Just give it’s minimalism a week and you won’t miss the bloat of Firefox’s add-ins).

Just tried the “play to” option in Media Player to push music from my office to the living room PC, which is plugged into the house audio receiver. Couldn’t be easier.  Love the simple and effective management window.

Next is to decide how I will implement a HomeGroup, which removes the need for me to manage share permissions, user passwords, etc. on the various home computers.

DPM 2007 with SP1: how it works

Published by Bret Fisher on Apr 19, 2009 in Microsoft and Tech. Closed Tags: , , , , , , , , .

Best video I’ve seen to date on the harry details on how the backups work throughout the day and week.  Cleared up tons of questions I had around the difference in workloads like SQL, Exchange, SharePoint, Hyper-V, and File Servers.

Watch the 23min High Quality WMV, or the TechNet Edge page with other viewing options.

DPM with Firestreamer Virtual Tape Library for Tape-less Offsite/remote long term backups

Published by Bret Fisher on Apr 19, 2009 in Microsoft and Tech. 2 Comments Tags: , , , , , , , .

firestreamer So far DPM 2007 with SP1 works well with Firestreamer Media Changer 3.95.8.  It acts like a fake/virtual tape library with 5 drives and 200 tape slots.  Those “tapes” can be anything that accepts native windows storage… USB, local drives, CIFS network locations, etc.  We’re using a small NAS as the endpoint, and the Filestreamer interface lets you create tape files of any size, which will look/act like tapes in one of the 200 tape slots inside the DPM interface.  This allows you “operational” backups on DPM disk and long term “Disaster Recovery” backups that are pushed over the LAN to somewhere else.  Perfect. 

So far I’ve had one error.

The number of free tapes in the Tape Library Firestreamer Media Changer is less than or equals the threshold value of 40. You must add tape to the library and mark it as free in order to prevent future backups from failing. (ID 3305)

If you get an error about free tape threshold, be aware that DPM seems to have a fixed “free tape” threshold of 20%.  On the Firestreamer Media Changer, since it has 200 tape slots, that number is 40.  The error in DPM itself isn’t an issue assuming you have planned out how many tape file you need (and what size to make them), but if you want to keep your alerts screen clean, be sure to add enough virtual tapes to Firestreamer so that it never dips below 40 free.

ISA 2006 from Edge Firewall to 3-Leg Perimeter

Published by Bret Fisher on Apr 16, 2009 in Microsoft, Networking and Security, Solution Writeups and Tech. 2 Comments Tags: , , , , , , .

ISA FirewallWhat if you want to take your simple 2 NIC “Internal/External” firewall and add a DMZ to it on the fly?  We recently tried this on a production firewall no less and hoped it would work.  It did after a few bumps. 

The big problem with changing your Network Template is that ISA wants’ to slick your config and start over, so you’ll end up with two options: Try to make a 3 NIC config work in  your original design by adding in networks and network rules, or applying a new network template and then bringing your config back in via import.  After failing the former (likely my lack of skills), we chose the later.

Mileage may very, but here’s some notes on what we did:

  • Obviously you need the 3rd NIC installed first.
  • Add the Subnets to the new NIC’s IP config for your DMZ aka “Perimeter” network in Windows.
  • Export your firewall config, including all settings, make a copy of the XML file, and open for editing.
  • We’re going to remove the network section of the XML file to prevent issues later.  Once you’ve chosen a new network template, you’ll want to import the config back in, minus the network related stuff (which is what the network template will change for  you).
  • Search the XML file for the open and closing NetConfig tags:
  • <fpc4:NetConfig StorageName="NetConfig" StorageType="1">
  • </fpc4:NetConfig>
  • Remove everything between these two tags and save the file.
  • Run through the network template wizard for 3-leg perimeter.  If clicking finish generates errors, work through them and come back to try again.  Our single error was because we had web listeners using HTTP compression, so we removed all objects from “General > Define HTTP Compression > Return Compressed Data” and added them back in later after re-import.
  • Once template wizard works, notice the lack of rules in your firewall policy and missing objects.  About now your thinking “OMG you screwed me!”, so import your augmented config and they should all be back. 
  • You’ll likely have a few dupe firewall rules if you chose a template firewall policy other then “block all”.  Sort your rules by the various columns to look for dupes.  We had dupes for “Allow Internal Routing” and “VPN Clients to Internal Network”.
  • Lastly go through your rule list and ensure the From/To columns are filled in.  You’ll want to restart the firewall service at this point to be sure it can start properly, and if it fails it’s likely a rule that won’t work in the new network config.  Check event logs for hints.  We had several rules we deleted and recreated based on new network names.

    • Who Am I?

    Read a little about me.
    Subscribe

    Twitter Updates