Questions? Feedback? powered by Olark live chat software

The Mindset Behind Aging Infrastructure

Today I was sitting at my desk in my cargo shorts and bunny slippers when one of my long term clients called to talk about their aging infrastructure.

TH and SlippersNow most of you know that I do my best thinking in bunny slippers, so he couldn’t have called at a better time. The conversation was light and pleasant with a lot of phrases like “treated me right”, “been great for my business”, “perfectly good gear”, and the famous: “if it ain’t broke, don’t fix it”.  But yet, here we were, on the phone discussing the life and times of 8-year-old server technology!

So, why were we discussing the infrastructure if it was “perfectly good gear”?

Simply put, reality had set in.  While the general feeling of nostalgia ruled the conversation, it belied the hidden issues that had been ongoing for the better part of 2 years.  They were spending a significantly larger amount of money on a monthly basis with our firm and other vendors just keeping the technology running.  Yet, this was not enough to make him want to pull the plug.  (I found that interesting, because I like saving money.)

Like I said, reality is a harsh mistress.  Customers were asking my client to produce reports and data that their systems simply couldn’t provide.  Running reports and data analysis brought the systems to their knees causing a real concern that they couldn’t keep up with the demands from their customers. This customer-facing challenge was enough to get the ball rolling and to start the conversation about how to get out of aging infrastructure and what kind of impact that would have on the business.

I am thankful for that demanding customer for getting my client to move out of ancient technology into the modern world.  However, as a professional, it leads me to ponder how easy it is for business owners and decision makers to get stuck in the technology rut. I have this conversation often and the reality is never as simple as the platitudes provided.  Most of the time, the reason people hesitate moving is simply… Change Is Hard!

With Change, a company has to change their software, systems, and licensing.  Sometimes this means training and new vendors.  New client tools, new Desktop PCs, new, new new….. New means that you can’t do everything the way you were used to.  It’s no longer the comfy leather recliner in the den.  It’s a new post-modern era sofa with leopard print…ok, bad analogy…but you get the idea.

Change Is Hard  – but it doesn’t have to be!  Really! tWhen was the last time you bought a new car and wished for the good ol’ days of crank-up windows? (I don’t know anybody that liked those things and the Drive-Thru was just painful!)  Upgrading to the nice new car smell is never a bad thing.

So, why does everyone think technology changes have to be akin to walking on hot coals or pokers in the eye?

Let’s change the conversation and the mindset.  Anticipate the future role of technology in your business with an open mind, good planning, great technology partners, and looking forward to better ways of doing things.  Time doesn’t stand still and neither should you.

Look FORWARD for your better tomorrow!

Buying the Right Technology… Classes of Gear for Business!

This quarter has been brisk helping clients with updates and upgrades to their hardware and systems.  In today’s world of IT, there are a plethora of choices.  Clients often ask me: “Keith, how do I know what to buy?  I know we need to upgrade, but vendors are quoting systems that simply leave me confused.” So, I thought it was time to help provide you (our loyal readers) the inside scoop on how to understand technology buying options and product lines.

Should I buy the Chevy or the BMW?

First, you have to understand that manufacturers of technology aren’t that much different than car manufacturers.   At some point or another, all of us have had to buy a car (or if you live in Texas … a Truck).  The first time we buy a car, we often are budget conscious and steer toward the lower models with cloth seats and few options.  Later in life, as we get more successful, we often choose more upscale models with more features and better options.  I don’t know about you, but I definitely prefer power windows, key-less entry, and push button start over my old manual, hand-crank windows.

Businesses do the same thing.  When they first start out, they often make poor technology choices in order to keep costs low.  Some of them realize that these choices are temporary, but many do not.  As their businesses grow, they still keep making the same poor technology choices without realizing that better options always exist.

Classes of Technology

The best way to think about your technology for your business is to truly understand the market. Traditionally, there are three main tiers of technology in the market place.  The lines have begun to blur in a few market-spaces, but ultimately the three tier rules still apply.

The Three Tiers of Technology

  • SOHO
  • Mid-Tier/Business Class
  • Enterprise

SOHO – Small Office / Home Office – (run, run away)

SOHO technology is where a lot of business go horribly wrong.  SOHO technology options are readily available at Best Buy, Staples, Fry’s, Microcenter, or any of your other favorite retailers.  Unless you are a startup running out of your garage, you should *never, ever, ever, ever, ever* run your business on SOHO gear.  Feel free to buy this stuff for your home office, but don’t run essential business operations on something you purchase from retail.  The quality/support just isn’t there.

Mid-Tier/Business Class Gear – (fits like your favorite soft, fluffy bunny slippers)

Most SMB/Medium-sized business clients should live here.  Mid-Tier technologyoptions are unlimited from good quality manufacturers and will typically give you 3-5 years of lifetime with little to no trouble.  There are many technologies (like switches, firewalls, and routers) that might get your business 7 years of use for only a few hundred dollars more than its small business counterpart.  This technology (with a few exceptions) is only available online or direct from the manufacturer.  You should be working with a good SMB Vendor/Partner (be sure to confirm their technology architecture experience!) to help you get the best gear for your dollar.  For the savvy IT Manager or business owner, you can find a lot of Mid-Tier gear available on Amazon today.

Here is a list of some of the main Mid-Tier vendors to help you get your bearings (a lot of these overlap into the Enterprise arena as well)

Dell, IBM, Lenovo, Apple, HP, Cisco, TrendNet, APC, Cyberpower, Nutanix, NexSan, Tegile, VMware, Microsoft, Intel

**There are hundreds, if not thousands of mid-tier software choices, so I can’t even begin to list those.  This is why a good IT partner is essential ( if they are really good, they may introduce you to great refurb equipment with a three year warranty…and boost your budget!).

Enterprise Technology – (It’s not just for your Starship anymore)

As most businesses grow, they will find that there are aspects of their business that are more important than others.  These unique components will fall into the Enterprise class of hardware and software. Enterprise technology is designed to be state-of-the-art, have exceptional quality, and provide real support for the ultimate uptime solutions.  Businesses invest (yes, it is an investment) in Enterprise-class equipment and software for the most important processes in their organization. If you need uptime, features, or exceptional support, you should always buy Enterprise-class equipment and software.

Going Wrong with the Enterprise

Several of our small and medium business clients have gotten burned (before coming to us) in their IT purchases by going Enterprise too early.  They spend a lot of money on technology they don’t truly need.  Just like going too small, going too big can be costly and hard on the company as it grows.  The cost to maintain the systems can choke the growth of any business. A lot of Vendor Partners steer their customers to Enterprise class gear for the support even if the client is too small to need it.  Don’t get burned, get educated!

Going BIG!

If your business is 250+ employees, there should be a significant portion of your non-cloud infrastructure already at the Enterprise level.  Note the word ‘significant’.   Other than hospitals or banking, there are few industries that need every piece of equipment in their organization to be Enterprise-ready.  The cost savings of just keeping the non-essential portions of your IT infrastructure Mid-Tier can be substantial.

Why is it an Investment?!?!

If you aren’t investing in Enterprise infrastructure, you are investing in “people time” instead.  Where the technology falls short, you spend more money on time.  To put it simply:

      BAD TECHNOLOGY = LOST TIME = LOST CUSTOMERS = LOST PROFITS!

A good technology investment should save you time and money. 

A bad technology investment always costs more of both.

The price of keeping our systems and data secure (as well as our sanity) is unending vigilance!

The price of keeping our systems and data secure (as well as our sanity) is unending vigilance!

It is a given that the typical IT Shop in the small to medium business environment is busy to the max, as you work to keep things going, answer requests and jump on emergencies… much less scour the net looking to keep up with the ever changing security threat landscape.

Our Senior Security Engineer spent two tours with three letter agencies in D.C. doing for them what he now does for ECXSystems’ clients … provide timely warning of emerging threats, assisting in clean up and restoration.  One of the ways he stays current is to leverage his time thru using solid blog and newsletter sources that he trusts.

You would do well to follow up on this article in Knowbe4.com… and if you don’t have time, then be sure to contact us at http://ecxsystems.com/contactsale.html  Fill out the form and we will follow up and help you fix your phishing issue.

The Nightmare of Exploits Past. How Phishing Attacks Use Old Vulnerabilities!

A Must Read…

https://blog.knowbe4.com/your-win9x-nightmares-arent-finished-yet-how-phishing-attacks-use-old-vulnerabilities

Is Hyperconvergence in your future? – Part 2

….BUT, I like VMWare!

Of course you do!  As do I!  We all like to dance with who brung ya! (and swing with who swung ya)

Hyperconvergence as a product means to make Hyper-V and VMWare obsolete (if we let it).   The product offerings pushing Hyperconvergence will let you continue to use Hyper-V and VMWare if you like, but they make jumping ship very attractive.

For example, the Nutanix node-based compute solution is a 4 U box with compute and Disks included:

Nutanix includes their own Hyperviser called Acropolis – based on the Linux KVM solution.  Since the reason that Hyperconvergence is so attractive is the turn-key features that dominate the landscape.  Think autoprovisioning of compute, storage, and networking (called Prism).  We no longer have to think about these things as separate disparate technologies.

Need to expand, just add more nodes!

You can keep your VMWare or Hyper-V architecture…or just move them to Acropolis.  Thing is…you get to decide.  However, since Acropolis is included you might just ask yourself why you are continuing to pay for a Hypervisor.  After all, shouldn’t the next generation of technology be cheaper and better than the last?

See how Nutanix is pushing the reasons to switch HERE.

So what does this really mean for my environment?

For the average business, most of us won’t jump straight into hyperconverged platforms.  However, as our old environments age out or we have a need for expansion, this becomes the next logical choice.  Why buy 80TB of storage when you can get a full platform for just a little more?

Ultimately it provides the baseline for the migration to the next generation technology platform.

So, when faced with an aging system or you just need to look to the future….Think Hyperconvergence!  –  It’s here, fast, and ready to make you look good!

 

Is Hyperconvergence in your future? – Part 1

Hyperconvergence is not the name for a new German punk rock band or even the latest new Pharmaceutical being hawked on TV by the ever lengthy 90-second commercial.  So, how is hyperconvergence the next big thing and why should you care?

Up until a couple of years ago, most of us were being told that virtualization was the way of the future.  Well the future is here.  If at least 90% of your environment isn’t virtualized, you should call us immediately.  You are wasting money, time, and energy.

So if virtualization was the future, how is the next future thing Hyperconvergence?

Hyperconvergence is virtualization done better.  A hyperconverged platform provides the ultimate in software management and integration.  Imagine all of the pieces of your network managed simpler and better.  One single pane of glass for all of your infrastructure.

Now, imagine Enterprise class virtualization features without the VMWare tax, or if you want, you can continue to use VMWare.

In essence, hyperconvergence allows us to deploy an infinitely expandable environment without the hard separation between networking, compute, and storage.

What does this look like?

Most of us need to understand what the physical representation of this actually looks like.  For most of us, this will be a hardware chassis with drives and hardware blades in it.  The drives will act as converged storage while the blades offer the processing power.  The magic is in the software.

Hyperconvergence is currently being offered by both Nutanix and Scale computing.  Both are interesting and both look to completely displace VMWare.  The jury is out, but the future is here.

–Keith

Read More … – Part 2

Tomcat 5 / 6/ 7 /8 – Create and Install SSL Certificate

Hi Guys,

Due to all of the positive feedback on the original article, I decided to do a brief update to nail down and simplify the process.

General Steps

  1. Create a Key and Certificate Request
  2. Issue the Certificate from your favorite Registrar
  3. Merge the Certificate into a Tomcat File

Create a Key and Certificate Request

On your favorite Linux or Windows box, make sure you have OpenSSL.

I am making a directory called /home/keystore.  Seems fitting.

So:

mkdir /home/keystore

Run the following:

First we need a Private Key.  This is yours and yours alone.

openssl genrsa -out /home/keystore/private.key 2048

So, the private key is critical.  It’s your unique identifier for this SSL cert.

Next, we need to generate the request to send to GoDaddy, InstantSSL, etc

(If you like this article, you can get an SSL through our GoDaddy Account –  I think we make $1)

Now, the command:

openssl req -new -sha256 -key /home/keystore/private.key -out /home/keystore/mydomain.csr

You are going to be prompted for all of the details as follows. For Wildcard, use *.mydomain.com. For other hosts, just use the hostname. ie mydomain.com (you will get www automatically)


-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Tyler
Organization Name (eg, company) [Default Company Ltd]:My Domain Inc
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:*.mydomain.com
Email Address []:support@mydomain.com

Press Enter on the Extra fields, no password needed.

Ok, once finished, take your CSR and submit to your provider. Once you submit, you wait and then you will get your certificate. You may have to check email to approve it.

Now the Easy Part!

Merge the Certificate into a Tomcat File

If you are a GoDaddy Customer, you will get two files. Other providers might send you on a wild goose chase for the Bundle file.

6e00664a60ac4578.crt  - This is the Actual Certificate
gd_bundle-g2-g1.crt   - This is your Bundle file with all the certificate chain data from GoDaddy

For simplicity and understanding, let’s rename the file:

mv 6e00664a60ac4578.crt mydomain.crt

Now, let’s make the Tomcat keystore container

openssl pkcs12 -export -chain -CAfile gd_bundle-g2-g1.crt -in mydomain.crt -inkey private.key -out keystore.tomcat -name tomcat -passout pass:changeit

Ok, you have everything you need. Now, setup Tomcat.
Installing the Certificate in Tomcat

Let’s copy the file to our tomcat installation configuration directory.  My tomcat was in /usr/local/tomcat5

cp keystore.tomcat /usr/local/tomcat5/conf

Now, we need to enable SSL.  So, we need to edit the server-wide server.xml file.  Find the section like this:

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

Replace it.  Mine looks like this:


<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="443"
maxHttpHeaderSize="8192" maxThreads="250" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS" keyAlias="tomcat"
keystoreFile="/usr/local/tomcat5/conf/keystore.tomcat"
keystorePass="changeit"
keystoreType="PKCS12" />

Lastly, find any other references to port 8443 in the server.xml file and replace them with just 443.

Now, restart Tomcat and enjoy your newly functioning wildcard certificate.

I hope this bridges the gaps on some of the other articles out there.

Please comment if it helps you.

Good Luck!

DBML and ConnectionString Pitfall

This one bit me good, and cost quite a bit of time before I figured it out.  Therefore, I thought it best to document my findings in case it comes up again.

The Issue

As with many bugs, the behavior didn’t show up until the application was deployed – it worked fine in the development environment.  My app uses Linq-to-SQL, and includes an IDE-generated DBML file to interface with my database.  The app was connecting to my local database just fine.  However, when the app was deployed, and all the changes to the connection string in the web.config file were updated, the connection to the database failed with the error “A network-related or instance-specific error occurred while establishing a connection to SQL Server”.  What??

The Solution

After digging and googling, I discovered something about the IDE behavior when it comes to Linq-to-SQL and DBML generation.  When the DBML file is first created, the IDE inserts an entry in the Settings.settings file, which contains the full connection string details.  Since this connection string matches the settings in my web.config and the app.config for my local projects, everything works fine.  The problem is masked by the fact that both the settings file entry and the config file entries are the same.  So, to fix this requires first changing the settings on the DBML file to not use the connection string in the Settings.settings file.

After that, the constructor for the repository needs to be updated to use the configuration manager to pull in the connection string from the config file, like this:

Once this is done, the app will pull in the connection string from the config file, and no more error!

Original post from http://www.sunergeosystems.com/2011/03/23/dbml-and-connectionstring-pitfall/

Tomcat 5 SSL – Install GoDaddy Wildcard Certificate JKS / PKCS12 ? What?

UPDATED: February 19, 2015 – Tomcat 6 / 7 / 8 – SSL Certificate

This page has been updated and simplified, but the below is still a good reference and has a few details not in the new one.

Ok, have you ever had a day where you spent hours and hours only to feel the frustration of not reaching your goal.  I was *almost* there.

When you buy a Wildcard SSL certificate from GoDaddy and need to install it on Tomcat 5 or 6.  Don’t call GoDaddy.  I called only to be told follow the website instructions.  Ummm…yeah…I did that.  No go on that one. Riiigghhhhht…..

After 6 hours of living hell building a JKS keystore, here is what ultimately worked with the GoDaddy installation.  I will spare you the story of my pain.

Installation Environment

Tomcat 5 Installation on RedHat (CentOS) Linux with no self-signed certificate.  If you have a self -signed keystore, blow it away and start over.

Start with the CSR

Before you can get your GoDaddy Wildcard Cert, you need to generate a CSR and build a new keystore file for tomcat.  The keystore is in the JKS format and holds the chain of certificates.  The ones for your server and for your cert issuer.

I started by working in my home folder.  Let’s call it /home.

cd /home

Issue the following command to Create your keystore

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

You will be prompted for a password.  I used the default tomcat password of changeit.

My screens looked something like this.  Remember I am making a wildcard domain CSR.

Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:  *.mydomain.com
What is the name of your organizational unit?
[Unknown]:  Web
What is the name of your organization?
[Unknown]:  Mydomain.com
What is the name of your City or Locality?
[Unknown]:  Tyler
What is the name of your State or Province?
[Unknown]:  TX
What is the two-letter country code for this unit?
[Unknown]:  US
Is CN=*.mydomain.com, OU=Web, O=Mydomain.com, L=Tyler, ST=TX, C=US correct?
[no]:  yes

Enter key password for <tomcat>
(RETURN if same as keystore password):

This will create a file called tomcat.keystore.  Be sure this is referenced in every command moving forward otherwise, you will be affecting the file named .keystore in your home folder.  This then gets confusing.

Now, create the CSR so you can go through the GoDaddy SSL process.*

*If this article is helpful, you can buy it here if you haven’t already and benefit our company. It’s still GoDaddy!

keytool -certreq -keyalg RSA -alias tomcat -file mydomain.csr -keystore tomcat.keystore

You will be asked for the password again.  Remember the password is changeit

You will now have two files.

1. tomcat.keystore – back this file up somewhere just in case you screw up somewhere

2.  mydomain.csr – This is your plain text CSR to use on GoDaddy’s website to gen your wildcard SSL cert.  Copy and paste this to get your certificate file.

…..Wait….. After submitting..you will wait. ….just wait….zzzzzzzzzzzzzzzzzzzzzzzzzzz

Install the Certificate

Once you have completed your waiting, you will receive a zip file containing several files.  The file we need the most is mydomain.crt.  This contains your certificate.  Now, if you were to attempt to follow GoDaddy’s installation certificate problems you would find you don’t have the materials to perform option 1.

http://help.godaddy.com/article/5239

As a result you would try option 2 and fail miserably.  Here is where we get creative.

Let’s examine the command for “Option 1” and see what we need.

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit

Here is my checklist:

gd_bundle.crt – Don’t need it.  Found this out the hard way.  Just bear with me.

<name of your certificate> – this is mydomain.crt file – we have that. Check!

<name of your certificate private key file> – WTF?  Where do I get this?  See below.

keystore.tomcat – Oh yeah, we made that file earlier. Check!

sf_bundle.crt – You need this instead of gd_bundle.crt.  Needed to face lots of errors to figure that out.

Get GoDaddy Bundle files here: https://certs.godaddy.com/anonymous/repository.seam

Getting your Private Key File

There are lots of ways to extract your private key, but I found the best way to be a  GUI Java app called KeyStore Explorer.  This is a super great tool.  http://www.lazgosoftware.com/kse/

1.  Download and install Keystore Explorer.  If you need java, goto java.com and install it first.

2.  Upload your tomcat.keystore file to your windows box.  This is a binary file.  Treat it as such.

3.  Open your tomcat.keystore file in Keystore Explorer.  Find the tomcat alias entry we craeated.  right click and Export -> Export Key Pair.  Do NOT enter a password.  Simply put the name of the file.  I called mine mykey.p12

4.  Copy this file back to your /home folder.

You now have a PKCS12 file with both your public and private key in there.  However, we still aren’t quite there.  We need to extract the Private key for the command above.

openssl pkcs12 -in mykey.p12 -nocerts -out privateKey.pem

Press Enter when prompted for the Import password.  When prompted for the PEM Pass phrase, I used changeit.

NOW WE ARE COOKIN!

Now we have a Private Key file that we can use in our OpenSSL command above.  The top of the file will look something like this:

[root@www tools]# head privateKey.pem
Bag Attributes
localKeyID: B7 5F 05 B7 5F FD 6C 33 EE F2 83 02 CE 13 2A 14 55 A2 BD 24
friendlyName: tomcat
Key Attributes: <No Attributes>
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E73EA2AB27EAE14C

RXEBrTW9KRqyYAA0JtTRek/YL3+8mW2xyoBhdjs9W0lNVL6FpefAArsyvMD0tjgK
jKhadkcV5xUjiK5KDamDk0MWpXY2OYSScKJZDFkjc9eAvFlCZVD2+yltND/5WGNJ

————————–

Now in order to get the file clean enough to use as our import, we need JUST the key.  So, edit the file and delete the lines before:

—–BEGIN RSA PRIVATE KEY—

Now the top of your file looks like this:

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E73EA2AB27EAE14C

RXEBrTW9KRqyYAA0JtTRek/YL3+8mW2xyoBhdjs9W0lNVL6FpefAArsyvMD0tjgK
jKhadkcV5xUjiK5KDamDk0MWpXY2OYSScKJZDFkjc9eAvFlCZVD2+yltND/5WGNJ

—————————————

Save and let’s get finished.

Finally – Importing your Certificate

Let’s go back and get us a working keystore for our SSL installation for Tomcat.  We now have everything we need.

openssl pkcs12 -export -chain -CAfile sf_bundle.crt -in mydomain.com.crt -inkey privateKey.pem -out keystore.tomcat -name tomcat -passout pass:changeit

Ok, notice we are NOT referencing tomcat.keystore, but instead we created a new PKCS12 Keystore called keystore.tomcat.

Now, let’s see if it works.

Installing the Certificate in Tomcat

Let’s copy the file to our tomcat installation configuration directory.  My tomcat was in /usr/local/tomcat5

cp keystore.tomcat /usr/local/tomcat5/conf

Now, we need to enable SSL.  So, we need to edit the server-wide server.xml file.  Find the section like this:

<!– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –>
<!–
<Connector port=”8443″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ debug=”0″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” />
–>

Replace it.  Mine looks like this:

<!– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –>
<Connector port=”443″
maxHttpHeaderSize=”8192″ maxThreads=”250″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ debug=”0″ scheme=”https” secure=”true” SSLEnabled=”true”
clientAuth=”false” sslProtocol=”TLS” keyAlias=”tomcat”
keystoreFile=”/usr/local/tomcat5/conf/keystore.tomcat”
keystorePass=”changeit”
keystoreType=”PKCS12″ />

Lastly, find any other references to port 8443 in the server.xml file and replace them with just 443.

Now, restart Tomcat and enjoy your newly functioning wildcard certificate.

I hope this bridges the gaps on some of the other articles out there.

Please comment if it helps you.

Good Luck!

Information Technology – Cost Center or Investment?

Have you ever wondered why IT costs seem to run amuck?

Have you ever wondered why everyone seems to view IT as nothing but ongoing trouble?

Why does every IT expenditure costs thousands and seem to take days to implement?

Have you ever noticed how business owners and management get majorly frustrated whenever their IT doesn’t work?

Let’s take a look at this shall we.

In my experience, most IT shops constantly ask the wrong questions as to what they are supposed to do and often define themselves as the solution for everyman.  IT professionals aim to please their customers and often leverage whatever technology is at hand to solve whatever immediate problem presents itself.  Think handyman with software and USB drives instead of hammer and nails.

Because they take the approach of being the handyman and just fixing the issue, the real value of IT often gets overlooked or misrepresented.  This creates frustration among all of the players from management, employees, customers, and even the IT folks themselves.

IT Costs Run Amuck? Trouble? Frustration?

You can almost always contribute this to lack of investment in time, energy, planning, and maintenance.  Customers spend tens of thousands of dollars to get into a new system..for example Microsoft Exchange.  After spending all this money, they just want to walk away and enjoy the fruits of their labor.  Unfortunately, this is just the beginning.  Let’s use the analogy of a fleet of cars.

If you are a service company and you have to have employees driving cars all around the state, you have enormous costs after the initial cost of the car.  You have to change tires, do constant engine maintenance, pay for gasoline, oil changes, insurance and more….  However, the average company accepts these costs as an investment in growing their business.  Without the cars, the company’s growth would be hampered.

If management was to take the same view of IT, perhaps the comparisons would begin.

If we didn’t have this new Exchange system, how much time would we lose?

If the servers were down, how much productivity is lost?

If the Internet is unavailable, how much business do we lose?

What sort of investment in time and money would allow us to move forward with the least amount of expense, but maintain the best operating environment for our investment?

Companies have to change the dialogue to STOP the frustration.  Define WHAT IT really is to the company.  IT is NOT a Cost Center.  IT is an investment.  IT ENABLES the company to do things never before possible.  An accountant 50 years ago would have had to have dozens of clerks for their asset management/tax business for only a dozen or so companies.  Today, that same accountant can manage hundreds of clients with only a handful of bookkeepers and a few computers.  IT ENABLES the company and the customer.

Companies must change the internal dialogue to limit the responsibility of IT and work to create an ongoing re-investment back into their own business.

Does IT runaway spending exist?  Of course it does?  How do you identify it….well, that’s a post for another day.

Switching to RAID

I got some new hard drives for Christmas and wanted to switch to a RAID setup.  My motherboard comes with the Intel Onboard RAID and I was planning on using it to setup a simple mirror.

BSOD for Christmas

I had already installed Windows 7 with my SATA II drives in IDE mode.  First I tried to install the intel Matrix drivers, they wouldn’t run saying there was no compatible hardware.  Looking at my motherboard documentation  (ASUSRock x58 Extreme), it recommended enabling the RAID in the bios before  installing windows or the intel drivers.

A quick f2 on boot and I changed the SATA mode to RAID. Save and continue,  The windows 7 logo appeared, good it saw the harddrive.   everything was going along normally then blue screen and automatic reboot.  This isn’t going to  be an easy switch.

Don’t waist your time running the windows 7 startup repair or trying to trick the intel drivers to install, all you have to do is change one registry setting.  With some googling I found this forum thread for switching to RAID mode:

So switch back to IDE mode, reboot into windows 7 open up regedit from the start menu and go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV

Change REG_DWORD “Start” from 3 to 0
Reboot switch back to RAID in BIOS and you can now boot. You can now install the INTEL Matrix drivers and go on with your life.    Now in the process of googling I decided to research the performance of the onboard RAID with the mirroring in Windows 7.

Circling Back

Since I was already researching, I decided to look at the performance of the onboard RAID vs the built in Windows 7 mirroring.  Bad news.  Windows 7 beats the motherboard controller almost everytime with very close performance and better cpu utilization, plus its portable if you switch motherboards.  The only advantage to going the hardware route is that you don’t have to use the dynamic disk mode which some sysadmins see as flaky.

So all that hard work is for naught, I’m just going to use the windows 7 mirroring and not the  “fakeraid” built into my motherboard.  Note If I was mirroring my boot drive, I might go the motherboard route,  as the dynamic disk mode has sometimes decided to flake out and kept people from booting.