31. July 2008 by admin.

The device security policies are configured within the same place as the other mobile device related settings, and that is under the Property page of the Mobile Services object in the Exchange System Manager.  When you click the Device Security button you get to the page where you configure the different Device Security Settings.

As the device security settings are global, it’s rather important you know the exact purpose of each setting. I’ve therefore listed all of them with a description in the table below.

In addition to the settings in the table, there’s also an Exceptions button (see Figure 3.) After clicking this button you can specify the users who you want to be exempt from the settings that you have configured in the Device Security Settings dialog box. This exceptions list can be useful if you have specific trusted users (or perhaps managers!) of whom you do not need to require device security settings.

Be sure you don’t configure a device security policy that is too strict, as this could end up with frustrated users erasing their devices all the time. Also remember a user in some situations could have problems contacting the IT department if his device has just been erased. Users are already used to four-digit numbers (among other things from their credit cards) so requiring a four-digit number would in most situations be a good idea. Actually the best solution would be to use a four-digit number in combination with a reasonably configured wipe device after failed attempts setting to make sure you don’t become unpopular.

So where are all the device security settings stored? Almost all the values configured under the device security settings page are stored in Active Directory, more specifically in an attribute called msExchOmaExtendedProperties, which can be found under CN=Outlook Mobile Access,CN=Global Settings,CN=Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com using a tool such as ADSI Edit.

If you select the msExchOmaExtendedProperties attribute and click the Edit button you get to the screen shown in Figure 5 below.

As you can see, all the device security related values are stored in a string prefixed PolicyData. The values are encoded between the <wap-provisioningdoc> tags. Because this is nothing else than a XML blob, you have the possibility of provisioning your own custom policies by specifying the required values in an XML format similar to this one. It would have been nice to be able to set these policies per user via the GUI but for now the only way to configure these settings on a per user basis is to configure the msExchOmaExtendedPropertiesattribute on each user, but that’s not exactly a friendly method is it? Good thing is I’ve heard Microsoft will make it possible to configure these settings per user, using GPOs or a similar approach; the bad thing is this won’t be before Exchange 12 RTMs.

When you have configured and enabled the device security settings on the server, the dialog box shown below will appear on the device during the next synchronization with the server.

After clicking OK you need to specify and confirm the PIN or password you want to use. The PIN or password needs to be entered every time the device is unlocked or after you have issued a cold reset. If an incorrect password is entered, perhaps because one of your kids was playing with the device or if you forgot to lock the keypad while the device was in your pocket, you’ll get a message similar to the one below:

The password you typed is incorrect. Please try again. 1/5 attempts have been made.

This of course depends on how many allowed attempts you have specified under Wipe device after failed option in your Device Security Settings (refer back to Figure 2).

After the second failed attempt you’ll be notified that several incorrect passwords have been entered. In order to confirm the login attempt is not due to accidental button presses, you’re asked to enter A1B2C3 or something similar (depends on how the mobile provider configured this in the specific build). When you have entered these characters you’ll once again have the option of specifying your device password. Should you for some reason manage to enter it incorrectly once again, you’re faced with the incorrect password dialog box again. Before the last available attempt you’ll be informed that all information on the device will be erased after the next unsuccessful password attempt. An erase (similar to a local wipe) will clear out all memory on the device, i.e. the device will be reset back to its factory defaults. Bear in mind though that data on the storage card in the device will remain intact. You can argue whether this is a good design decision or not, personally I think this is a major security risk factor, especially because you can configure the device to store e-mail message attachments on the storage card!

Note:
If you know for a fact that a device has been lost or stolen, you can also initiate a remote wipe to the device, a remote wipe wipes the device immediately. We’ll talk more about this possibility in part 3 of this article series.

If you want to change your PIN or password, you do so by clicking Start > Settings > Lock.

You’ll now need to enter your current PIN or password in order to access the change password feature, when you have done so, you’ll get to the screen shown below.

It’s also interesting to note that a locked device that is connected to a PC using a USB cable won’t be accessible either, instead you’ll be faced with the dialog box shown below.

Posted by: Travis Sarbin
Tested by: Myke Reinhold

Posted in Exchange, Microsoft | No Comments »

26. July 2008 by Myke.

Curse you Microsoft developers, developers, developers…developers, developers, developers.  Sorry that was my best Steve Ballmer impression. 
Okay, so we received an email from an associate of ours wanting to know what happened to Hyper-terminal in Vista.  Simple answer, Microsoft got rid of it.  So what are your options?  Well, you can always use Putty since it is free or you can trick Vista into using Hyper-terminal again.

Just extract two files hypertrm.dll and hypertrm.exe. You can put them anywhere on the disk, no installation required. All you need is an XP disk or a machine with XP and you can copy it and then load it onto a Vista machine.  Then just run hypertrm.exe, all done.

Posted in Technical Questions | No Comments »

22. July 2008 by Myke.

Okay boys and girls.  We have been asked to post how our current ExaGrid system is doing and what kind of deduplication stats we are seeing.  To say the least, myself and Travis have not seen this kind of backup in our entire careers and it is pretty damn awesome to say the least.

Deduplication Ratio - 8.63:1
Total backup data - 36TB
Space consumed - 4.1TB

To show that we have 36TB of data taking only 4.1TB is just crazy.  We have had nothing but success with this system.  And with the software package from CommVault, our backups at this location are going great.  We could not be happier.

Posted in Backups | No Comments »

22. July 2008 by Myke.

Multi-site Data Center Cross Protection:

• ExaGrid supports two-site or multi-site cross protection for up to 9 data center locations.
• Because ExaGrid only moves the byte-level changes from the local site to offsite systems, only about 1/50th of the data has to traverse the WAN.
• Eliminates or supplements off-site tape with live disk-based repositories for long-term off-site retention or disaster recovery.
• Simplified multi-site management — a user with appropriate privileges can manage the entire multi-site environment via a single web-based user interface, versus products that require each site or device to be managed separately.

Backup-Job-Aware Reporting:

• Advanced reporting correlates backup jobs stored on the ExaGrid with the backup application providing unprecedented visibility into the true status of the backup data.
• ExaGrid’s disk-based backup system is the only product that shows de-duplication ratio by backup job, allowing organizations to optimize the results of byte-level data de-duplication.
  • The ExaGrid system is the only product that shows replication status by backup job, ensuring that any remote site restores are executed from complete backup jobs, and that the most recent data possible is being used versus resorting to a guessing game during a critical recovery scenario.

High Capacity, Scalable Virtualized GRID Architecture:

• Store a 30TB full backup, plus weeks or months backup history/retention, in a single GRID system with a single management console (6 x 5TB ExaGrid servers = 30TB Virtualized GRID system). 
• Plug-and-play growth — new systems virtualize together automatically — no splitting data or losing de-duplication efficiency across separate systems.
• Performance scales with data growth since processing power, memory and bandwidth are added along with storage capacity.
• Automatic data load balancing across all servers in the GRID.
• Multiple 30TB GRID systems can be installed for increased capacity.

Best Performance for Shortest Backup Window and Fastest Data Restoration:

• Fastest backup performance due to post-process de-duplication. Write directly to disk without any on-the-fly processing to slow down backups.  (ExaGrid Backup throughput: up to 4.08TB/hour.)
• By keeping the most recent backup in its whole form and storing all previous versions as the byte-level changes (de-duplication), ExaGrid is the only vendor that offers rapid restore of backup jobs and fast tape copy for offsite tapes — unlike other solutions which require re-assembly of every backup job from millions, or even billions of small blocks tracked in large hash tables.  (ExaGrid Restore throughput: up to 2.6TB/hour.)

“We listened carefully to our customers and added several important new capabilities that greatly improve the way they execute and manage their backups,” said Marc Crespi, VP of product management, ExaGrid Systems, Inc. “This latest product version allows customers to deploy multi-site cross protection for up to 9 data center locations, simplifying multi-site data center backup and improving disaster recovery capabilities.  Also, with the addition of backup-job-aware reporting, ExaGrid provides unprecedented visibility into the true status of backup data at every stage of its lifecycle within the system.  These enhancements, combined with ExaGrid’s post-processing data de-duplication and scalable GRID architecture, provide customers with the shortest backup window and fastest restores possible even as their data grows.”Taneja Group Technology Validation Report:

Download the complete Taneja Group report about the ExaGrid Disk-based Backup System via: http://www.exagrid.com/why_exagrid/industry_analyst_perspectives.asp. Availability:

The latest version of ExaGrid Disk-based Backup System is expected to ship within the next 30 days.

Posted in Backups | 1 Comment »

21. July 2008 by Myke.

I would first like to say that not only did I say it but so did Travis. Comcast is filtering traffic and they should not be doing so as it is not their business. Especially when they do not let you know but say to you, “It is your equipment, not ours that is causing your issues”.

So let me start by dancing around in the best white boy routine possible…running man…sprinkler…tug-o-war…lawnmower…while “Play that Funky Music White Boy” is playing in the background. Second I would like ot say to Comcast, “Please do not try and lie to the technical community out there that was faithful to you for years. We promoted you and used you for personal and business accounts. Now I am no longer your customer and I have also taken a total of 38 folks with me in the last 6 months. Enjoy your sanctions/punishments by the FCC.”
FCC Chief Says Comcast Violated Internet Rules

Several readers sent in word that the FCC chairman, Kevin Martin, is calling for sanctions and enforcement actions against Comcastfor resetting BitTorrent traffic. “Mr. Martin will circulate an order recommending enforcement action against the company on Friday among his fellow commissioners, who will vote on the measure at an open meeting on Aug. 1… Martin, a Republican, will likely get support from the two Democrats on the commission, who are both proponents of the network neutrality concept. Those three votes would be enough for a majority on the five-member commission.”

FCC chairman says Comcast punishment will serve as warning to other Internet providers

Na na na na na na, stick your head in doodoo.

You can find this story from the following two links. Please read and enjoy, and always remember…Qwest - The spirit of service…and the best Internet available.

FCC Chief Says Comcast Violated Internet Rules

FCC chief hopes Comcast sanction serves as warning

Just for grins, here is another story about the FCC gut check to Comcast.

FCC - Have a Comcastic day

UPDATE: TorrentFreak.com - Comcast Uses Hacker Techniques

Posted in Rant | No Comments »

21. July 2008 by Myke.

In today’s IT world, we have an ever growing trend. Data growth. With the
need to store more and more electronically, companies are running out of room.
In the oil and gas industry we have a huge need for storage space with documents,
maps, charts, readings and so on. So what is a company to do? Do we keep throwing
storage space at it or do we draw the line and create a solid retention policy?
Well, the answer is both actually. With the average cost of SAN storage at
$7000 per TB we can financially let some data keep growing. With a
retention policy, it will need to be razor sharp so it has the ability to cut
through all retention regulations.

At our company we had a 250% increase in storage requirements from December
2006 to December 2007. With this growth, we added iSCSI SAN storage that was
going to handle growth and be run on an existing GB network. We chose LeftHand Networks
because of their ability to expand with ease and the management
interface was very straight forward. On top of the abilities of the solution
their support was top notch and very hands on. With the growth of storage came the second
step, backing up this data. We needed a solution that would allow us to store
data locally on disk and off-site on tape. We also needed a solution that would
keep us in line with any and all retention regulations. The solution we chose
is a combination of Exagrid and CommVault.
The choice of Exagrid and CommVault was inline with our LeftHand
Networks decision. We chose them for their ability
to expand with ease, management interface was straight forward and their support
was first class. We now have a solution that allows our users to store data
as needed for all projects and the IT department can
back up the data using disk-to-disk-to-tape. this now gives us the ability
to restore data for end users straight from disk and any litigation requirements
we run into we have data off-site on tape using the GFS strategy

So with all of this in place, now comes the hardest job of the whole project,
the retention of the data. We have data that is duplicated up to 25 times between
local user hard drives, servers and user home drives. So how do you get rid
of the duplicated data and find the best possible copy? We have decided to
assign groups to each area of data and they are now in charge of consolidating
data and getting it in line with our retention policy. We have also put in
place a data retention policy that our legal department has and all employees
are aware of. The one place that users like to store data at is in their email.
this is a huge area of concern so we have placed a data retention policy on
our Exchange servers as well. Any email that hits the 61 day mark is automatically
deleted. this allows our lawyers and IT department to let anyone know that
asks, we do not keep email older than 60 days.

Okay, so now we have our hardware solution and our company policy in place.
Now we must enforce it and move forward. Data storage is a growing need for
every company but it can and will be taken care of. You will always have a
need to expand storage but you can slow it down with the proper policies.

Bottom line - It does not make financial or legal sense to store information
indefinitely. Disposition is key to managing growing volumes of unstructured
and semi structured data, and the technologies required for a proper disposition
system underpin an efficient information management ecosystem. A solid disposition
policy can reduce the cost of legal discovery.

Off the record - If you and your company are going to say that you have a
retention and disposition policy, you better have it in writing. Along with
having these policies in writing you should have records and documentation
that demonstrates how the policy is implemented.

Posted in Storage | No Comments »

21. July 2008 by Myke.

Well we have been rocking and rolling with this backup solution for a few weks now and it has totally changed how we backup data. the data deduplication that the Exagrid hardware/software does has been amazing.

Check out these stats:

All Data
Deduplication Ration - 3.78:1
Total backup data - 12,441.08GB
Space consumed - 3,292.32GB

Misc Data
Deduplication Ration - 5.81:1
Total backup data - 4,413.62GB
Space consumed - 760.00GB

NAS Data
Deduplication Ration - 3.17:1
Total backup data - 8,027.46GB
Space consumed - 2,532.32GB

Our amount of tapes has dropped by 65% and our backup times are cut down by almost 75%. So now we are saving on backup times, amount of tapes being used and stored off-site and we will have about 12 weeks of backups on-site on hard drive. That means we can do restores from hard drive and in a worst case scenario we can request a tape from 13+ weeks ago.

Next step is to launch this as our remaining sites.

Posted in Backups | No Comments »

21. July 2008 by Myke.

The new “Heavyweight Hard drive Champion of the World” is, Western Digital’s Velociraptor 300GB 10K drive. This is a much needed drive since the 150GB Raptor X. Every drive manufacturer out there started to go after the Raptor X but WD never really responded. Well I can speak from first hand knowledge, this drive is awesome and fast.

Before I tested this drive the, fastest drive I had tested was Samsung’s HD103UJ 1TB drive. I understand that these two drives cannot be compared side by side or spec by spec but the only test we ran was speed. The WD drive is only 300GB, but it is selling for about $299 which is the same price as the 150GB Raptor.

So the drive is fast but one other very cool feature is the size of the drive, 2.5″. Plus we cannot complain about the price either. The drive is currently selling for $299.99 over at Newegg.com.

Single Drive Test Results

HDTach Burst (MB/s) - 255.1
HDTach Random Access (ms) - 7.1
HDTach Average Read (MB/s) - 104.6
HDTach Average Write (MB/s) - 96.7
PCMark05 Overall - 9457

RAID Test Results

HDTach Burst (MB/s) - 229.9
HDTach Random Access (ms) - 7.2
HDTach Average Read (MB/s) - 100.8
HDTach Average Write (MB/s) - 93.5
PCMark05 Overall - 8471

The one thing that folks need to understand is that this drive is not built to placed in a laptop. This is a desktop or server drive only. The power requirements would trash a laptop.

Of course if you are looking for storage and not speed, then the Samsung is still the top dog.

Posted in General Hardware, Storage | No Comments »

21. July 2008 by Myke.

“Na na na na, na na na na, hey hey, goodbye” - My ode to Arcserve

We have been limping along and dragging bloody stumps for some time now using Arcserve as our backup solution. Well not anymore kids, we now have a great solution in place. We have moved our company over to a disk-to-disk-to-tape solution using Exagrid (disk based backups), CommVault (backup software) and Quantum (tape libraries). This has changed our backups so dramatically it is almost unbelievable. The speeds, the success rates and ease of deployment/restore are amazing. This will change how any and all backups are setup and all restores are done for our company. I cannot tell you how many sleepless nights I have had over the last few years working with unstable and not very effective backup solutions. I can honestly say that backups will be a second thought now. If you are a small, medium or large business, this is the solution for you. I have worked with many solutions as a consultant and this is by far the greatest and most reliable to date.

Imagine that you want to backup a server…and all you have to do is point and click and the agent is deployed (no restart required) and then that evening your backup runs without issue. Now I do not want to overload you with technical blah blah but the way this solution is running, our backups are faster and more efficient and the restores are so “Dummy” proof that you can almost let your end users do their own restores. Of course we will not do that as this will cause some serious confusion and of course the training time. I will post some pictures and diagrams later.

I have not even got to the greatest part of all yet. SUPPORT! How many times have you called and either got the south-side of India or the north-side of India? I hate those calls man, I mean I really hate those calls. And for the love of God, stop pretending your name is Bob or Erik or Tammy. We know your names are tough for us in the USA but trying to use a common American name only pisses us off even more. Sorry I got a bit carried away again. All three of our vendors have support here in the USA! That rocks man.

I will keep you all posted as we grow with this new solution and how much it helps us out on a daily basis.

New solution numbers
Backup times - cut down by an average of 53% (this will continue to get faster as we work out some backup issues, not the fault of the system but from us learning and debugging)
Backup space - cut down by an average of 75% (this is due to Arcserve kicking back improper space usage and the fact that the Exagrid system has a de-duplication ability and CommVault will not keep backing up the same file over and over unless it really has changed)

Here are a few articles that will also be helpful:

http://www.exagrid.com/backup_applications/CommVault_Galaxy.asp

http://www.commvault.com/qualified/exagridsystems.asp

http://www.cio.co.uk/whitepapers/index.cfm?whitepaperid=4566

http://travis.sarbin.net/2008/06/13/mid-deployment-report-commvault-exagrid

Posted in Backups | No Comments »

21. July 2008 by Myke.

So I had a scheduled pick-up time of 8AM to 10AM today and to my surprise, :-), they never showed up. I even called and they said, no problem sir he is going to be there before 10AM. Well, since he never showed up I decided to go drop off the hunk of junk modem to them personally. I get there and walk right up and turn it over to the lady behind the counter. She was so wonderful she wanted to know why I was returning it. I explained that even working with their technicians they could not explain why the speed was cut by 70% over the last 3 to 5 months. Then she proceeds to tell me…”I see in the notes of your account that the last tech who worked with you explained that your PC’s were the issue. Did you get that resolved? Because that might help to get new PC’s to handle the 6MB Internet.”..Please hold your laughter in folks. I kid you not, she said that word for word. I did not yell at her and I did not blow a head gasket in their office. I told her that with 15 years in the computer industry I think I would know if my PC could handle 6MB Internet or not. I also explained that since moving to Qwest DSL 12MB I have seen speeds that are pushing over 12MB for downloads and 900K uploads. I told her to just return the damn modem so I could leave.

Dear Comcast: The worst mistake you can make is to blame the customer for your wrong doing. I know that the FCC will have you head soon enough. I am not too worried as I have a real ISP now and everything is wonderful. I can speak on my behalf and 19 others in the last 1 month that have switched from Comcast over to Qwest because of my stories and others just like it. If you want to earn business then do as you claim and stop blaming the customer. If you decide to e-mail me again about talking to me so you can get to the bottom of the issue…don’t. I will post every single email you send me so the world can see how dumb you really are.

Posted in Rant | No Comments »