Veeam, known for being one of the leading providers of enterprise virtual backups have just announced they will be releasing a free backup tool for desktop users, providing automatic backups to a NAS or other hard drive.
Veeam Endpoint Backup FREE looks like it will be a great set and forget solution, allowing both simple file recovery or bare metal recovery. Using Mac OS X at home with Time Machine, I often wish there was a good free equivalent to recommend for Windows users. I’m sure there are options out there, but I really trust Veeam and it looks like it will be a nice simple product with no pressure to upsell to a paid version (there is none).
Don’t forget you still need an offsite backup – so team this up with a cloud backup, have another hard drive which you rotate offsite or buy a pair of NASes- setup replication and distribute among your family (those 50Mbps upload UFB plans have to be good for something right?).
If backing up to NAS, very good idea to setup another shared folder & separate user account on the NAS specifically for the backups to be saved to. Never ‘map’ this backup folder to My Computer, and your own user account should have read only access to the folder. Hopefully we will be able to configure a UNC path and credentials within Veeam directly. This is to help minimise the possibility of ransomware or other malware which might scan your network for files to delete. I haven’t heard of anything doing this yet, but there is definitely malware out there which deletes or encrypts files on mapped network drives.
First beta will be released in November and scheduled for release in early 2015.
Chorus have updated their maps in the last week to show UFB is now available in more areas in Greymouth.
It is still unclear which ISPs will be providing UFB in Greymouth – Snap is probably your best bet currently for home and basic business use; DTS can do business connections and apparently HD are offering both residential and business connections. I assume Spark will also provide access here soon if they aren’t already. New fiber-only ISP, MyRepublic looks interesting, but they said they need a few interested people to sign up at once before they would install the required equipment in Greymouth.
Ultrafast broadband really changes the whole way we can think about how we use technology at home and business. At a ~50 user site, the changes we are looking at immediately once UFB is installed include:
Moving our email (Exchange) over to Office 365, instead of having to maintain an email server on-site
Using Windows Updates directly from Microsoft instead of caching them all on a server locally
Switching from a traditional web content filtering + caching solution to a fast, NGFW (Next-generation firewall) to reduce potential points of failure and bottleneck
Shifting more phone lines across to Voice over IP
Making more use of online backup services
Providing better remote access for staff wanting to work from home
Caution is also required going into the future. If your phone line is switched over to being provided through UFB instead of Chorus copper, you will lose phone access during power cuts. One thing that Telecom (Spark) have been fantastic at in the past is providing an incredibly reliable phone network, even in a power cut corded phones would still work, and even with a cable/fiber cut you were still able to at least call people locally.
Of course this is less important for some people these days with most people having cell phones, but we know from the Christchurch earthquake that cellphones a) also need power and b) get overloaded so can’t be relied upon.
The good news is that Spark currently aren’t requiring you to give up your landline, this will change in the future. When it does change, make sure you buy a good quality UPS (uninterruptible power supply) which could at least keep your phone running for a few hours. Let’s hope that they come up with a good quality, affordable UPS at the time that Spark start switching people over.
We finally got our new Epson EB-4650 (unsure on exact model) projector connected to the network this week, allowing me to complete our Roomie Remote setup: controlling a projector, Marantz receiver, DVD and Freeview box.
Although Roomie Remote had a one-size-fits-all Epson projector definition, I couldn’t get it working with IP control.
Knowing the projector supports PJ-Link, I set out to see how easy it would be to implement the well documented PJ-Link protocol in Roomie.
Without further ado:
Back up your Roomie settings to Dropbox
Download plistEditor Pro (it is either trialware or shareware)
Open the Dropbox\Roomie\RoomieCodes.plist file. If it doesn’t exist, create one
Add in the code below. We only need to switch between LAN and HDMI1, so I haven’t tested the other inputs, but feel free to tweak the Gist below.
Save, restore the settings from Dropbox into Roomie
Create a new device, entering the projector IP and PJ-link port 4352, select ‘Generic’ – ‘PJ-Link Compatible’
I’m not sure why PJ-Link isn’t included in Roomie, but until it is this should let you control a decent number of auditorium/installation projectors over IP.
We can now leave our four remotes in the drawer where they belong, instead able to use one touch actions to power up the devices and choose the right inputs – all from an iPod touch or iPad.
P.S. This will only work for projectors not requiring PJLink authentication, I didn’t look into seeing how to do that.
Over the past six months I’ve been developing a Student Management System based on Dynamics CRM 2011 for one of the new Trades Academies. I’ll talk about why we chose Dynamics CRM in a later post, but this post is about the integration I built with the TextaHQ SMS Messaging service.
TextaHQ was attractive for no monthly fees, low per message cost and a two way API allowing SMS replies. When replies come back the gateway sends the reply to a Callback URL allowing us to save the message straight into CRM. Not so great if your server goes down for a few hours, but it does mean we don’t have to be running a service to poll for new messages like some APIs.
I would love to have published this up into a nice how to guide but probably not going to have time to do that for a while, so I thought I’d code dump for now instead.
My solution consists of three parts, the SMS Message entity, the plug-in assemblies for sending the messages and a ASP.NET form to save the messages back into CRM.
SMS Message Entity
A new ‘activity’ entity named SMS Message
Add a field named sendernumber – this is where the sender number of mobile replies will be put
These are the status codes I am using:
Draft (1) – Default Value
Pending Send (352,400,002) – Default Value
Cancelled (3) – Default Value
Setup the form – this is what mine looks like
Create a Web Resource called ‘smsconfig’ – an XML file. Format it like below with the URL and API key from your TextaHQ account
Contains a (rather bad) phone number cleaning method; a method to read the url & key from the configuration XML file; code for querying the ‘smsconfig’ web resource and the code to post the message to the gateway
Contains the definitions of the statuscodes I defined above
The code that should be triggered when the statuscode of the smsmessage entity is updated
Checks if the status code is in ‘Completed_Pending’ send state (user clicks ‘Save and Complete’ on the SMS Message activity’)
Retrieve the needed data from fields, check the message isn’t blank
If the regarding entity is a contact, sends the message to the contact
If the regarding entity is a course (you can delete this functionality if you like), it sends the message to all of the contacts enrolled in the course with a mobile phone
Updates the SMS Message record to the Completed – Sent status (or Open Failed if it doesn’t manage to send any messages)
We send the Guid of the contact the message is being sent to as well as the Guid of the creator of the message to allow as user data to the TextaHQ API – this data is stored with the message and if a reply comes back the data is fed back to us. That allows us to assign the reply back to the original sender and set it regarding the correct contact.
This cool bit of code lets you send SMS messages from workflows! It takes the following parameters
User to assign replies to (system user/owner)
Then returns a MessageSent boolean to let you know if it sent or not.
In fact, if you wanted you could actually just register this workflow activity and forget about the SendSMS.cs – but I needed SendSMS.cs to allow me to send a SMS message to a whole course full of students.
(You would just setup a workflow to trigger when statuscode of sms message is set to completed – pending, then send SMS with the appropriate variables, then if it manages to send update the status code to completed – sent or open – failed)
Registering Plug-in assembly
Build the plug-in assemblies and register – this is what the step looks like for me for SendSMS.cs
You should now in theory be able to send SMS messages. I’ve added a ‘Save and Complete’ button to the toolbar for SMS Message activities, and renamed it ‘Send SMS’.
Sorry I don’t have time to tidy this up and write a proper instruction, but there are some other good posts online which I used to help me get this far.
I would have liked to implement party lists to allow sending to multiple contacts, but don’t really need it at this stage.
Hopefully you might find some useful code snippets that you can adapt for use in your project.
One day I might release it all packaged up as a solution!
I’ll post my SMS reply processing ASP.NET form soon to complete the puzzle.
This isn’t a free tip, but works well for the networks I manage. One of the challenges for any Systems Administrator is keeping software up to date. I’m not so concerned about actually having the latest version of software so much as making sure if there are any security updates these are taken care of in a low effort way.
In your network documentation you should consider every application you have installed on your workstations and determine a software update strategy for each. Our Microsoft products are taken care of by Server Update Services, our Antivirus looks after itself and now we have Ninite for the rest.
If you haven’t come across Ninite before, it is a neat wee tool to install your favourite applications with a couple of clicks.
Ninite Pro adds some awesome features which allow this, such as a command line/silent mode, one touch software updates and caching software downloads. I subscribed to the $20/month plan for up to 100 computers.
There are lots of cool things you can do with the command line reference etc, but all I need is the update mode (which updates any of the Ninite supported software which you have installed on your computer), and to set it up to run on a regular basis. In my case, every time a computer is turned on.
Here is my standard configuration for Ninite
Setup a service account with a secure password for Ninite in Active Directory and document the password in LastPass. It will require permissions to install software on your workstations.
Setup a network share for Ninite and add permissions for the Ninite service account.
Put your copy of NiniteOne.exe in the share and create a Logs folder
Setup a Scheduled Task in Group Policy > Control Panel Settings > Scheduled Tasks
Run whether the user is logged on or not, run tasks as your service account. Configure for Windows 7. Currently investigating a better option for this. That would require storing the user credentials for Ninite service account in Group Policy which is actually easily accessible by malicious users.
Triggers – At system startup. You may wish to delay task for 10 minutes, I have it running immediately.
Actions – Start a program
\fileserverNinite$NiniteOne.exe /silent \fileserverNinite$Logs%ComputerName%.txt /updateonly /disableshortcuts
Conditions – Start only if the computer is on AC power
Test it out, when you restart your test workstation a log file should be created for the workstation in the Logs folder, and any software supported by Ninite should be updated and cached in the network folder for a quick install on other machines.
Given the non-stop barrage of security vulnerabilities being found and exploited in Java, every Systems Administrator should disable Java for Internet Explorer or have a really good reason not to. (Don’t worry, we can still cater for you if you have specific sites that require Java!)
Unfortunately it is notoriously hard to do. Microsoft had a go but US CERT found Microsoft’s method didn’t block it completely. US CERT’s KB article provides a registry file which blocks the invocation of Java Web Start for non-trusted sites.
I’ve converted the registry file into xml files ready for importing into Group Policy registry preferences. You’ll need two, one in a user policy and one in a computer policy.
For your convenience you can download them below.
Then just add any business sites that require Java to your trusted sites list. If you want to do it through Group Policy check out Alan Burchill’s article on IE Site Zone mapping but in my experiences only a couple of people have needed sites with Java and I add them on a per-user basis.
This is a low effort, maximum gain security tip for your organisation (just make sure you test that it actually is disabling it as it should!)
SIP Trunking is a great option to lower the cost of your phone calls. We installed a new Avaya IP Office 500 phone system at the beginning of last year, so of course I was keen to get VoIP setup quickly through 2talk to cut the cost of calls going over our ISDN lines.
The Avaya system doesn’t seem to be particularly common in New Zealand so I couldn’t find much in the way of resources about setting up a SIP trunk on the IP 500.
A year on and we have used SIP Trunking with 2talk for the majority of our outgoing calls. Here is a configuration guide with the settings I’m using. If you know a better way of doing it, please let me know!
2talk & Firewall Configuration
Make sure your 2talk account is setup for SIP trunking, with your firewall configured to forward SIP traffic through to the phone system.
We are using the 2talk Plus SIP Trunking service, (trunk.plus.2talk.co.nz which uses the IP 188.8.131.52). Works great in that we can lock down the firewall to that one IP, helping prevent SIP fraud and spam.
Our firewall forwards the following traffic through to the phone system:
TCP 5060, UDP 5060
UDP 49152 – 53246
IP Office Line Configuration
1. Fire up the IP Office Manager and add a new SIP Line to the line groups. Here are the settings I used:
(Note, leave the ITSP domain name as 2talk.co.nz if you aren’t using 2talk Plus)
2. Transport Tab
3. Under SIP URI, add at least a URI for your pilot number.
Click add, set the Local URI & Contact to your pilot 2talk number, such as, 03281XXXX.
Display name can be set to whatever you like, I have it set to Use Internal Data.
A sidenote on Line Groups
We have a bunch of ISDN & SIP channels. All of our lines are set to incoming group 0. ISDN lines are set to outgoing group 0, my pilot SIP URI is set to outgoing group 1, and the rest of the SIP URI’s are set to outgoing group 9.
This lets us route calls nicely – we want all incoming calls to be dealt with the same using Incoming Call Routing, so they all use the same group. Outgoing calls, by default I want to send those over VoIP, so our primary ARS puts outgoing calls over line group 1. Emergency calls, 0800 numbers etc, go over line group 0, ISDN.
Either add URIs in the same method for your other 2talk phone numbers, or if you are running IP Office 5.0 or higher you can setup a wildcard URI as pictured above to accept calls for any number.
5. Under the VoIP tab I have the call initiation timeout set to 2.
IP Office ARS Configuration
We have IP Office configured so we don’t have to dial any number to get an outside line – just dial the phone number straight away. This is possible because we use extension numbers starting with 7, and there are no local numbers in Christchurch beginning in 7. We also have the ISDN lines setup as a failover if VoIP is down.
To simply things I would suggest one of the following; either get the users to dial a different prefix to make a call if it isn’t working normally, or you can set up an automatic failover to PSTN using two ARS routes as shown below.
User initiated manual failover
If you dial 9 to get out, set that shortcode to go over VoIP. Then, setup another short code ‘8N’ (or similar), which forces calls over a normal phone line, so if VoIP is down people can just dial 8 to get out instead of 9. This won’t be an option for some people though, so I’ll share our configuration below.
For PSTN, set it up like this, with line group 0 being the outgoing line group of your PSTN or backup phone lines
Setup the Out of Service Route on the Main ARS to go to the PSTN ARS plan.
Setup the main outgoing call shortcode, i.e. ? to Dial to the VoIP ARS line group (i.e. 50)
Now, if VoIP stops working for whatever reason the calls will go out over PSTN. Unfortunately they will take longer to go through and there will be some horrible beeps in the process which I haven’t worked out how to disable yet!
Background: SBS 2003 Premium is running on one box. Performance is becoming poor due to increasing SQL demands, so we need to run it on a separate server. Can achieve this by purchasing A) SBS Workgroup 1 Processor Edition, or B) SBS 2008 Premium Edition & 25 CALs, (which entitles you to run SQL on a separate server) for about the same cost. But, I would prefer not to rebuild the SBS 2003 box at this stage.
After several hours of research I came across two opinions on whether we could buy SBS 2008 Premium, use the ‘second’ server part of it for a new server while leaving the existing server untouched.
So you’ve got your shiny new 7914 sidecar, configured all the buttons, go to boot it up and find that all the buttons just light up red!
I’ve seen many forum posts with people confused about how to get their 7914 working, and I have also had problems, so here is a guide on how to do it.