Geeknick

Mobility Policy – Prevent Network and Application Server Denial of Service

Rolf Versluis — Sat, 24 Mar 2012 18:18:21 +0000

Mobile devices are in the workplace already. Because they are designed to hook into existing information systems, their users have the ability to quickly and easily access the wireless network, email servers, application servers, and file shares that would be available to any PC on the network. But unlike PC’s with their well documented vulnerabilities and widely deployed anti-virus suites, tablets and smartphones have no built in protection. If an organization wants to protect their information systems from mobile devices, it is important to look at both network level and endpoint level protection, just like with PC’s.

Unfortunately, it is difficult to enforce endpoint protection on mobile devices, both because of the variety of devices and because the organization does not own most of them. But the problem is real, since the open access to existing information systems by mobile devices could potentially cause an organization to have downtime of their network and application servers, in many cases translating into loss of revenue, public embarrassment, and liability.

For an example of what can happen, look to the history of malware on PC’s. The first issues that were evident were viruses that spread and were not malicious, but just annoying. This moved over time to viruses, Trojans, and worms that would rapidly spread, and would seek to harvest information such as bank account numbers or username password combinations.

At the present time, there are millions of PC’s around the world that have been infected by blended malware, have small apps on them that communicate back to master botnet controllers over the internet, and are a source of revenue for criminal organizations. These criminal organizations probably work in coordination with countries and would sell control of a portion of a botnet so the security services of that country could use the infected and controlled PC’s to attack real world systems.

Most organizations take steps to prevent infection from happening on the PC’s and servers under their control by deploying endpoint security applications, using firewalls and Intrusion Prevention Systems at the Internet perimeter, and maintaining good password and identity policies. But with mobile devices, there has not been the history and progression that there was in the PC world. Instead there has been an explosion of devices onto the scene, and a demand by end users and managers that the devices be given access to the data network.

Network level protection for mobile devices is both simpler and more difficult than with PC’s. It is simpler because mobile devices are accessing the internal network either through Wifi or from the Internet. There is no need to protect the entire LAN infrastructure as long as the internal wireless network is centrally controlled and all information has to flow through specific choke points. A wireless access control system can be put in place that is able to authenticate and profile mobile devices, and also has the ability to set up protected areas of the network. Devices that fully authenticate and pass muster are allowed full access. Ones that don’t are only allowed limited access to the Internet.

Endpoint protection is possible as well, but trickier. The major anti-virus companies all offer some version of mobile device malware protection, but not all types of devices are protected by all companies. There are also a number of Mobile Device Managements products and services available which provide a variety of useful management and App control functions.

A complete solution for preventing potential network and application server denial of service from mobile devices ends up having two main parts:

1. Protection at the network level by setting up multiple layers of access for mobile devices depending on authentication and device status.

2. Endpoint protection to prevent malicious apps from operating on mobile devices through either mobile device anti-virus or mobile device management suites.

This two pronged approach provides a solution for both company owned and end-user owned devices to maximize their availability to network resources while still maintaining the protection required for reliable and continued operation of internal application servers and network resources.

Author: Rolf Versluis

Posted at Geeknick.com

Mobility Policy – Prevent Network and Application Server Denial of Service is a post from: Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Cisco UCS is Different from Regular Blade Servers

Rolf Versluis — Fri, 20 Jan 2012 13:26:30 +0000

There has been a lot of press this week about Cisco UCS passing the 10,000 customer mark, which is an outstanding achievement. But I have found none yet that explains why it is getting so much traction. The basic reason is that when an organization uses more than two chassis worth of blade servers, the Cisco UCS solution cost less, is easier to manage, and has much less cabling, permitting better airflow for cooling. The system is able to do this because of a fundamentally different design than other blade servers.

Traditional blade servers have redundant power supplies and server blades in them. They also have system controllers, SAN cards, and LAN cards. These cards all connect the individual blades to the outside world, and since the blade server has to be reliable, the cards are usually redundant. That means each chassis has two controllers, two LAN, and two SAN cards.

Cisco did something fundamentally different with the UCS. They took the controller, LAN, and SAN connections and put them into a special box called a Fabric Interconnect. Each UCS chassis only has power supplies and server blades in it, and the dual Fabric Interconnects can connect anywhere from 8 to 16 chassis with good data throughput. That means that a company deploying Cisco UCS does not have to buy two controllers, two SAN cards, and two LAN cards for those 8 chassis, but just have to hook them up to the two Fabric Interconnects.

The Fabric Interconnects are the connection from the Unified Computing System to the rest of the datacenter. It has 10G ethernet ports to connect to the core LAN, and 8GB Fibre Channel ports that connect to the SAN. Everything outside the system is compatible with almost any brand of switch or storage. In many cases the organization also deploy Cisco Nexus switches, but it is not required.

Cisco designed other things into the Unified Computing System that makes it attractive for people that manage many racks of servers. All the fixed hardware information of the blades are programmable, so applications that are tied to MAC addresses or other specific features of a server can be migrated from one server to another, even if server virtualization is not being used. If the server is running a hypervisor, the network card can be set up to virtually split up the blade’s dual 10G ports into multiple connections, which is necessary to properly operate a virtual environment.

The other major technical accomplishment that permits this revolutionary design is the full adoption of FCoE, or Fibre Channel over Ethernet, within the confines of the Unified Computing System. All the storage and network traffic from the blades to the Fabric Interconnects goes over FCoE, which is a combination of regular Ethernet, and Fibre Channel traffic encapsulated within jumbo Ethernet frames. The storage traffic gets where it needs to go because Cisco uses Quality of Service mechanisms to prioritize the Fibre Channel traffic. At the Fabric Interconnects, the Ethernet and Fibre Channel are decoupled, and the storage traffic gets onto the Fibre Channel SAN just like it would from any other server.

There are actually storage manufacturers that are shipping FCoE interfaces on their storage arrays, allowing organizations to move away or not deploy a separate Fibre Channel SAN at all. This is the Unified Fabric that Cisco Nexus switches are optimized for, and permits even better performance and further cost savings.

Cisco has reached 10,000 customers for the UCS because they created a new design with proven technology that significantly lowers the cost deploying multiple blade server chassis. They also made the system easier to manage, and added lots of little details that add up to a product that is notably better than the chassis blade systems that had traditionally been deployed.

Here is a video that I made last year explaining the big picture differences of the Cisco Unified Computing System:

Author: Rolf Versluis

Posted at Geeknick

Cisco UCS is Different from Regular Blade Servers is a post from: Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Backup Your Mac to Hidden Location with Rsync

Rolf Versluis — Wed, 21 Dec 2011 04:29:15 +0000

This last weekend I almost lost all the pictures. We have four kids, and have tons of pictures. I had set up the user accounts on our Mac on an external mirrored drive, connected by Firewire. This was mostly good, but this weekend all the applications just refused to connect because of some kind of weird permissions issue. I went through all sorts of stuff to get it working, but at the end of the day I just created a new account and copied all the files over to internal drive on the Mac, then changed ownership of all the files, and thought I was good to go.

That was until my wife went to make a Christmas book for her grandmother. Some of the pictures were missing, and all were blurry. The full sized photos were gone. I ended up having to restore everything from Time Machine, which is good for those kinds of things, so everything turned out ok. But I have always been worried about what would happen if the Mac and the connected drives were stolen. I could use an online backup service…but I don’t like to do that. There had to be a better way.

I found that you could use the unix application rsync to create a little script that would back up every file to a remote rsync server. I did not have one of those, but I did have a USB drive connected to my home wireless router, so I figured I could set is up to copy the files to that. No go. rsync does not work very well connecting to a samba server on the other end. I had to set up a real rsync server.

There was an old PC in the basement that I had set up a copy of Ubuntu linux on last year. Setting up ubuntu is ridiculously easy, especially on a PC that is a few years old. Just go to ubuntu.com, download the latest copy, put it on a USB stick, and boot to it. It sets up everything automatically.

As I researched this, I found out I could very easily set up an rsync server on the linux box and copy over files from the Mac, but it was too easy. It was too easy because rsync is not secure. All the files were sent over my wireless unencrypted. I don’t like doing things unencrypted, not protected by passwords. When security is so easy to add in to a system, it is worth taking a few extra minutes to do things right.

What I discovered was that you could set up rsync to operate over secure shell (ssh), which is encrypted. Furthermore, there is a feature built into ssh that allows trusted computers to login without having to use a username or password by using public/private key encryption. So this is what I set up. There is a simple two line script I put on the Mac that I set to run once a week, and it copies over just the changed files from the Mac to the linux box hidden in the basement. I have moved over to a 802.11n system, so the wireless runs nice and fast, good for transferring all those gymnastics pictures and videos.

So, the process is as follows:

Give your linux box a static IP address so you can ssh to it. If you are fancy, give it a name on your internal DNS server. I am not that fancy.
Set up the mac to be able to ssh to the linux box with signatures by generating a keypair, doing a secure copy to the non-root user account on the linux box (call it backupuser or something like that), and putting it in the trusted keys file. See this website on ssh keygen mac to see how it is done.
Make a directory on the linux box to store the backup files. I store mine on the external USB drive, so I created a directory called /media/Volume/USBdrive/mac_backup and gave the ownership of the directory to backupuser on the linux box.
After you do this, you want to make sure that the USB drive mounts when the linux box is rebooted. Mine didn’t, so I had to make an entry in the /etc/fstab file to make sure it mounted on boot.
Create a rsyncd.conf file in the /home/backupuser directory. This is the tricky part – do not configure the main box’s rsync server or its rsync.conf file. This is going to be a mini-rsync server that is kicked off when the mac does a ssh to the backupuser account on the linux box. Here is what the rsyncd.conf file should look like:

[mac_backup]
path = /media/Volume/mac_backup
read only = false
use chroot = false

Then create the script in a text file on the Mac and name it something like rsync_backup_script.txt . It should contain something like this (the \ is for where I had to fit it onto this page, don’t actually type the \ and do put everything on the same line):

#!/bin/bash
rsync -azv --delete --exclude '.DS_Store' --rsh="ssh -l backupuser"\
/Users/ backupuser@192.168.5.5::mac_backup

The rsync command copies any new or changed files from the Mac to the linux box. It also deletes any files on the backup that have been deleted on the Mac.
Make the script executable. There is some way to do this with the GUI, but I just open the terminal on the mac, navigate to the directory with the file, and type:

sudo chmod u+x rsync_backup_script.txt

Now test everything! You could just go for it and execute the script by entering on the command line:

./rsync_backup_script.txt

If that does not work you then need to step through the parts of the process – make sure you can ssh without using a password, check the file permissions on the linux box, check the rsyncd.conf file, and even enter the command on the Mac terminal line by itself to make sure everything works.
It will take hours for the first backup if your system is anything like mine. The script is set up to compress any files it can, and in future backups it will only transfer the changes.
After you know that the script works, automate it. You can do this by having iCal run the script every week, or make a crontab entry. I prefer the crontab entry. Go to the command line again, and type:

crontab -e

This edits the file with vi. So type, in order:

i
00 01 * * 2 sh /Users/username/Documents/rsync_backup_script.txt
[escape key] :qw

This will automate the script to run every Tuesday morning at 1 am.

This is not limited to backing up Mac’s. You can do the same thing with Windows boxes by installing Cygwin on the Windows machine and going through a similar process. Just create another directory on the backup drive, create a second profile in the rsyncd.conf file that uses a different profile name and points to the new drive location, and you are off and running.

If you do have to use your backup, you can use the opposite command to copy the files back to the Mac. Hopefully you won’t have to do that, though! Something like this should work:

rsync -azv --rsh="ssh -l backupuser" backupuser@192.168.5.5::mac_backup /Users/

That is the complete exercise. I have gone through the files on the linux box and made sure they are there, so I am happy. The box has no screen or keyboard connected to it, and it looks like a chunky old PC that no one wants. The noisy 1TB mirrored hard drives in the external array are a little noisy, which is another good reason to keep it hidden away.

Of course I still make a USB copy every once in a while and take it to work, but that is the backup to the backup to the backup. Hopefully I will have good copies of my files available for many years to come.

Posted at: Geeknick

Author: Rolf Versluis

Backup Your Mac to Hidden Location with Rsync is a post from: Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

How To Add Cisco Smartnet Support Contracts to your Cisco.com Account

Alex Obeso — Mon, 14 Nov 2011 19:02:28 +0000

One of the most common questions I am asked is the following: “How do I gain additional access to resources and support on Cisco.com when I am entitled to such access by virtue of having active Smartnet contracts?” Just because you or your company buys Cisco support contracts does not mean your Cisco.com (CCO) account is automatically updated with more access. Below is a quick overview of the process of elevating your Cisco.com access by associating your Smartnet contract(s) to your Cisco.com login.

In order to successfully complete this procedure, you must know your Cisco.com account name and password, as well as the Cisco Services contract number you wish to add. If you are not yet registered on Cisco.com with a username and password you must complete that process first. If you do not know your Smartnet contract number(s), you can generally obtain them from your Cisco reseller.

Associating your Cisco.com id to your contract numbers:

Navigate to http://www.cisco.com and log In using your Cisco.com account:

One you have logged-in, select the Account menu option on the top-right part of the main Cisco.com landing page:

At the account screen, click on “Go Now” below in Profile Manager section:

At the Cisco.com Profile Manager Screen, Select “Additional Access” tab:

Under “Additional Access” tab, Select “Add Service Contract numbers to profile for support access” link:

When prompted, enter contract number(s) you would like to associate to your Cisco.com account. If you want to add multiple contract numbers at once, separate them with commas as in the below example. When done, click the “Submit” button:

After “Submit” has been processed on a valid contract number(s), you will see a result screen similar to the below:

The request will be processed by Cisco services staff and you will receive a confirmation via email within the specified time-frame (typically less than six hours) that the association has been done!

Author: Alex Obeso

Posted at Geeknick

How To Add Cisco Smartnet Support Contracts to your Cisco.com Account is a post from: Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Stop Lugging Your Laptop Everywhere by Converting to Virtual Desktops

Rolf Versluis — Tue, 04 Oct 2011 01:21:41 +0000

Just like many of you I have heard the predications, analyst reports, and media hullabaloo about the coming of the Post-PC era, and how Virtual Desktop Infrastructure is going to cure baldness, eradicate cancer, and have dogs and cats living together in harmony. In order to test this out, I had my engineers move my primary desktop to Windows 7 running on VMware VIEW. After 4 months of use, I am now a fanatical convert, and we are moving everyone else at our company over to virtual desktops as well. My daily interaction with my PC is faster, easier, and I have no concerns about running backups anymore. Everything works better with VDI, as long as I have some kind of device and a network connection.

I was getting very tired of my laptop. It was a three year old laptop that I had converted to Windows 7 last year. Performance was pretty good because I had bumped the RAM up to 4GB, and put Windows 7 on a new hard drive. There were many problems I had with my laptop, however:

I had to lug my laptop everywhere I went, carrying a backpack everywhere.
Whenever I wanted to work, I had to find a place to plug in, because even though I was on my third battery, battery life was less than an hour.
I could not get the VPN to work whenever my laptop came out of Standby, so I always had to shut down and fully boot my laptop whenever I wanted to use it.
It took 5-10 minutes for the laptop to boot whenever I wanted to get anything done.
Applications were slow, especially Outlook, and I had to use a VPN for most applications to work properly.
I had to make sure I had the laptop connected to the backup drive at least once a week for a five hour stretch to complete a backup.

I realize I could have purchased an expensive new laptop, contracted for an online backup service, and done other things to address some of my issues, but that would not have addressed everything. I still would have been lugging a backpack with a laptop from home to work and back, worried about it getting stolen, and had to take it on vacation with my family.

Instead, I parked my existing laptop at home, got a $500 Wyse terminal for the office, bought a $500 Samsung Galaxy Tab 10.1 and a Targus bluetooth keyboard for mobile computing, a Verizon 4G/3G Mifi WIFI device, and started my new way of working. I have gained one to three hours of work productivity every day, am more reachable, and have no concerns about loss of data to theft or industrial espionage.

The productivity increases come in small increments throughout the day. The laptop I used to pack up in the morning and take with me stays at my house – I just grab my tablet, paper notebook, and drive off. When I get to the office I grab a cup of coffee, walk to my desk, touch the button on the Wyse PCoIP terminal, and login to my Windows 7 desktop; the login takes less than 10 seconds. I usually leave Outlook and my CRM application running, but if I had closed them, it takes just a couple of seconds for the application to start. If I have to get up to leave my desk for more than a few minutes, I touch the button again to log out to comply with our security policy. By lunchtime I have already gained at least 30 minutes of productive time by not having to shutdown, lug, and boot a laptop.

When I am out visiting customers, suppliers, or otherwise having meetings, and have some extra time, I use my tablet. Most of the time I use the native Email, Calendar, and Contact applications to keep up to speed. Sometimes I need to access full Outlook to look at other people’s calendars, so I use the Android VMware VIEW PCoIP client to access my virtual desktop. It does matter if I have logged out at the office or not, because the VIEW server takes care of switching the login to whatever device I am currently using. It is fast and usable, even on the tablet. The battery life on the table is 15 hours – I have no worries about using it whenever I want!

It took a few weeks to optimize the tablet experience. I really like the Samsung Galaxy Tab 10.1. Other people at the office use the Apple Ipad 2, and that works well also. In additional to the standard Android applications, I also use the Cisco AnyConnect client to get a VPN connection back to the office for when I need to access the internal Wiki, Sharepoint or Email archive server. I upgraded to Quickoffice HD to be able to view and edit Word, Excel and Powerpoint documents. For accessories, I use a Bluetooth keyboard for some serious typing, and I also use a 4G/3G WIFI mobile access point so I don’t have to try to find free WIFI. In fact I am typing this as we are driving from Atlanta to Panama City, and I am glad I checked my email because there was a customer service issue that needed attention, and I was able to ask the rigth people to look into it!

At home, even though I still have my old laptop, I prefer to use our big screen Apple Mac. I login to the same virtual desktop that is running on our company servers in the datacenter, with everything open that I was using when I ran out of the office at the last minute. If I really need to work, I will use my old laptop, running the Windows VMware PCoIP VIEW client, which works really well. I have DSL at home, and it is good enough bandwidth to give me a good working experience. All my files are kept on the Windows share in the datacenter, and I use the VDI client because application perforance is faster than on my laptop.

The setup at the datacenter is very similar to what we deploy at our customers. We have two racks at the Quality Technical Services datacenter in Atlanta. One rack is full of our Cisco Unified Computing System blade servers, Nexus 5000 and Nexus 2000 switches, Fibre Channel connected NetApp with a SAS shelf and SATA shelf. The Cisco B series chassis are about half full with Cisco blades running VMware ESX, VMware VIEW, and Nexus 1000V. We run all our production applications on the Cisco UCS, including the Cisco Hosted Voice service. The second rack has a second NetApp storage array that provides a backup to the primary array through the use of Snapshots and Replication. The second rack also has the full Cisco High Definition Video Conferencing Infrastructure system as well as some of our network security, services monitoring, and private network connectivity systems.

Based on the positive experience I have had using desktop virtualization, we are going to go from our pilot phase into full production in the next few months. For desktop clients, we are going to use a combination of existing PC’s, Pano Logic, Wyse, and Samsung clients. For mobile clients, we are going to use a combination of Cisco CIUS, Samsung Galaxy Tab, and Apple iPad. In addition to using VMware VIEW, we are also going to deploy Citrix XenDesktop and Citrix XenApp. I have found that sometimes on the table I really only need to access one application, like Powerpoint or our CRM application. Citrix XenApp provides the ability to remotely access just the one application without needing to login to a full Windows desktop. I expect VMware to have that capability as well at some point in the future, but right now Citrix is the one with the ability to stream a single application to any client that can run the Citrix receiver.

There are some things we are going to have to do on the infrastructure and server side for full desktop virtualization productivity as well. We have enough storage capacity and spindles. But I am still concerned about performance, so we have ordered more memory for servers, and we are going to run the Atlantis Computing application to improve desktop performance.

At the end of the day I am very happy with the improved productivity and availability provided by my switch to working on a virtual desktop. The technology is ready to go for all users to switch over now, and it addresses all the issues I was having using an old laptop and then some.

Author: Rolf Versluis

Posted at Geeknick

Stop Lugging Your Laptop Everywhere by Converting to Virtual Desktops is a post from: Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

High Definition Video Conferencing Infrastructure Design

Rolf Versluis — Sat, 17 Sep 2011 00:21:35 +0000

High Definition video conferencing is quickly making its way into the workplace in both the conference room and especially onto individual user desktops. This is not the same type of video conferencing from a few years ago – it is completely different and better. The new video conferencing systems work simply and reliably, and make it as easy to place a video call to someone inside the organization or out just like making a phone call. What enables this ease of use are advanced network video infrastructure systems that control all the video endpoints, manage conferences, and connect over the Internet.

The leader in fully managed large scale video conferencing systems is Cisco Systems, for the same reasons that Cisco is the leader in larger Unified Communications and data network systems. All the systems are designed to work together, be manageable, secure and reliable. One of the main reason older style Standard Definition video conferencing systems were not used very much is that they were low resolution, had reliability issues, and too technical. Cisco has changed all that with the integrated video conferencing infrastructure, which is named Cisco TelePresence.There are four main applications that the Cisco Telepresence system uses to make video conferencing a seamless experience. These applications can be installed in in the primary datacenter. For people just starting out with video, many of these same functions can be done by Cisco’s video hosting service, Cisco Callway, and after the usefulness of HD desktop video is demonstrated, the video endpoints can be hooked into the Cisco infrastructure system. The four main elements are:

Cisco TelePresence VCS Control - Cisco VCS Control
Cisco TelePresence VCS Expressway - Cisco VCS Expressway
Cisco Telepresence Management Suite - Cisco TMS
Cisco TelePresence Codian Multipoint Conference Unit - Cisco Codian MCU

Video Conference System (VCS) Control is the master controller of all the video endpoints internal to the organization. When this device is in place, all Cisco, Tandberg, Polycom, and other standards compliant video devices register to the VCS Control application. As long as the video endpoint uses SIP or H.323, it can register to the VCS Control system. When this is done, there are a number of benefits for the video user:

Users can call other users through the main directory using any method of dialing they want, including E164, SIP URI, H.323 address, or IP address.
Allows H.323 and SIP video devices to conference with each other by providing interoperability.
Connects to Cisco Call Manager via SIP trunk for video calls between systems.

Video Conference System (VCS) Expressway is the application that sits outside the firewall and is responsible for making HD video calls between organizations transparent and straightforward. The VCS Control and VCS Expressway boxes work together to send and receive video calls and conduct conferences with outside organizations over the Internet. Just like VCS Control, VCS Expressway can receive calls from devices that use either the SIP or H.323 standard.

The Cisco TelePresence Management Suite (TMS)is the control and management system that brings all the other elements of the video solution together. It allows for centralized control of all video endpoints, even non-Cisco video endpoints. It allows users to set up pre-scheduled conference calls. It also is the headend for the Cisco Movi video conferencing client for PC’s and Mac’s. The Cisco TelePresence Management Suite is an important part of any video conferencing deployment in order to provide the reliability and control that are required for a high-visibility system. It has many features that make HD video conferencing manageable and easy to use. Some of them are:

Scheduling of conference calls across all types of devices with automatic allocation and reservation of conferencing resources.
Scheduling via web, Exchange, or Domino server.
Maintains directories and phone books for ease use in calling and scheduling.
Manage devices including endpoints, gatekeepers, MCUs, and other infrastructure from both Cisco and third parties.
Provides conference monitoring, diagnostics, and alarms.

Codian MCU 4500. Cisco has many different Multipoint Conferencing Units (MCU’s) that are used to mix video and audio together. The best models to start out with are the MCU 4500 and 4501 models, sometimes known as the Codian MCU’s. Video conferencing bridges are essential for having Standard Defintion and High Definition conferences. When placed at the datacenter and tied into the Cisco TMS and VCS control systems, the 4500 series MCU’s provide conferencing resources that can be brought into any video conference that needs them. There are other size MCU’s that have many of the same features as well. The MCU 4200, MSE 8420, and MSE 8510 offer different combinations of price and concurrent conferences.

Some conferencing endpoints have built in MCU’s. These resources can also be used for conferences, but only when those specific endpoints are involved in the conference as well, and provided there is enough network bandwidth to support the mixing of multiple video streams on that device. That is why it is best in most cases to have a more powerful MCU at the datacenter where the WAN headend and high speed internet connections are located.

The management, control, and conferencing devices and applications that make up the Cisco Enterprise TelePresence infrastructure system are essential to using HD Video Conferencing in larger environments. Thanks to their open system design, these components can be put in place and can integrate with existing Standard Definition and High Definition video system to make them more manageable and user-friendly. In order to take advantage of all the benefits that HD desktop video conferencing provide, it is essential to provider a user experience that is simple, reliable, and useful.

High Definition Video Conferencing Infrastructure Design is a post from: Geeknick

Desktop Video Conferencing Works Just Like a Phone Call Desktop video calls and video conferencing are here and work...

Related posts brought to you by Yet Another Related Posts Plugin.

Desktop Video Conferencing Works Just Like a Phone Call

Rolf Versluis — Thu, 15 Sep 2011 02:21:07 +0000

Desktop video calls and video conferencing are here and work well. These are High Quality and High Definition video calls from desktop to desktop with the convenience of a phone call. Video calls can be made to people inside and outside the organization without concern, and calls are completed by either dialing a 10 digit number or entering an email address. There are some different options and capabilities, and the Cisco desktop video devices provide a good way to illustrate.

By knowing the options and making an informed choice, using HD video calls in place of some face to face meetings can give many people much more time in a day.In order to be able to conduct video calls with the most people, the device has to be able to use multiple standards. This allows for calls between different vendor’s equipment. The standards are not that complicated, but it is important the the devices support SIP and H.323. The image size is important also, because although right now most devices support 720p, just like HD television, as time goes on more video calls will be at 1080p. One thing to look out for is the actual screen size and quantity of frames per second that are supported by the device. The four most common are:

w448p - 768 x 448 at 30 frames per second.
720p30 – 1280 x 720 at 30 frames per second.
720p60 – 1280×720 at 60 frames per second.
1080p30 – 1920 x 1080 at 30 frames per second

The higher the resolution and the higher the quantity of frames per second, the better the pictures looks. As long as the devices have compatible modes, they will negotiate to the best resolution. The downside of a higher resolution video call is that it uses more network bandwidth, so in some cases system are limited when they make calls over the Internet or wide area network to remote offices.As an example, the Cisco E20 video phone is an inexpensively priced video phone, and it’s highest resolution is w448p. The call looks good, but it is not near the quality of the higher end Cisco desktop video devices like the EX-60 or EX-90. The EX devices normally come with the option to conference at 720p30, and require an additional capabilities license to use the higher definition 720p60 and 1080p30 video resolutions. Other manufacturers have similar limitations and licensing options, so always ask about additional options that are available and ask about the video modes before making a purchase.

There is a big difference between video calls and video conferences. Video calls involve two endpoints and are straightforward point to point calls. Video conferences involve mixing video and audio streams using a codec, which gets more complicated. The location that has the codec ends up having two way video streams from each of the other endpoints. There has to be enough capability to mix the streams and enough network bandwidth for a good quality video conference. Some video devices have a built in codec. For example, the Cisco EX-90 can be licensed to conduct four party video conferences at High Definition with its built in codec. The Cisco EX-60 does not have this capability. External codecs can be used either from a hosted service like Cisco Callway or a video infrastructure system like the Cisco Video Infrastructure.In addition to dedicated desktop devices, a PC or Mac can be used as a High Definition video device. The video quality of a call using the Cisco Movi client at 720p30 is completely different than the jerky, low resolution calls made with Skype of Google Talk. The Cisco Movi client is a great client, and it does not operate independently, so it has to part of a larger system that the user logs into. Most of the workstation clients are like this, so the systems should either be deployed as part of a hosted system like Cisco Callwayor as part of a video infrastructure deployment.

The desktop HD video conference devices that are making their way into the organizations are fully capable of having calls with room size High Definition and Standard Definition systems as well. Many businesses have video conference rooms built out with larger cameras and screens, and now that HD video calls are more common these rooms will be used more often. In order to ensure the video calls and conferences both inside and outside the organization work well, part of the budget planning may involve purchasing more network bandwidth.

Desktop High Definition Video calls and conferences are growing in importance as more and more of these systems are installed. When budgeting and planning the use of these systems, work with an expert that has experience and knows the details of the systems so your organization can realize the full potential of these new systems.

Author: Rolf Versluis

Posted at Geeknick

Desktop Video Conferencing Works Just Like a Phone Call is a post from: Geeknick

Great Reasons for SIP Trunking to Business Phone Systems There is a relatively new technology that is used to...

Related posts brought to you by Yet Another Related Posts Plugin.

Great Reasons for SIP Trunking to Business Phone Systems

Rolf Versluis — Wed, 24 Aug 2011 20:45:23 +0000

There is a relatively new technology that is used to bring voice calls into a business phone system that provides lower monthly costs and a higher level of reliability. It is called SIP trunking, and it is worth looking at how it can benefit your business. The only catch is that your organization has to be using a VoIP phone system in order to take advantage of all the benefits, however, in many cases the monthly cost savings from converting to SIP trunking can pay for all of the costs to upgrade to a VoIP phone system!

Most organizations that have more than fifty phone users have a type of business phone system called a Private Branch eXchange, or PBX. This system allows users to call each other easily, and to share the circuits that are provided by the phone company for outside calls. The circuit that connects the business to the phone company is usually a type of voice T1 called an ISDN PRI, which can have 23 concurrent calls on it, and costs typically $600/month. A T1 can also be used for other purposed, including providing data connections in the form of Internet or a private Wide Area Network called MPLS. Because all business locations require voice service as well as data service, most typically have multiple T1 connections coming into each of their sites.One of the large benefits of SIP trunking is cost savings.

For example, an organization that has ten locations, each with a voice T1 and an internet data T1, can reduce their costs significantly. An Internet T1 is about $600/month also, whereas an MPLS T1 costs less at about $450/month. It is possible to reduce a $12,000/month cost to about $7000/month by putting in place SIP trunking and MPLS private network instead of voice T1’s and internet T1’s. This leaves $5000 per month that can be used to fund the purchase of equipment and installation services for a VoIP system. If the system is financed over a 3 year period, that provides a budget of about $180,000 for a new phone system.

Another advantage of SIP trunking is reliability. The calls are sent over the data network to a voice gateway that can terminate the SIP call. It is an IP connection. If the first location the call is sent to is not available, then a second and even third location can receive the call. That means if a remote office is not reachable due to power outage or natural disaster, the calls can still be sent to someone on the phone system who is reachable. This allows the organization to continue to provide customer service to the caller and not merely deliver a busy signal, which is what the caller would get if the call were directed to a voice T1 terminated by a PBX that was turned off.

SIP trunking can also be used to consolidate unused circuits from the phone company. With traditional voice T1 circuits, If a location requires that more than 23 concurrent calls be completed, a second T1 has to be added, bringing the total to 46 concurrent calls. The increased capacity is only available for that location. It is very different with SIP trunking. In most cases the SIP trunk is priced for aggregate concurrent calls for the entire organization, which means utilization is higher and monthly costs lower.

Just like any other new technology, there are many details that have to be addressed in a SIP trunk deployment. When it is combined with a phone system changeover, there are more details and potential issues. For most organizations, the cost savings and improved reachability and productivity from a new phone system make it a worthwhile changeover. SIP trunking combined with a VoIP phone system is something that should be on every organization’s roadmap.

Here is a brief video explaining the benefits of SIP trunking, and this is a link to an article about VoIP phone system upgrade.

Great Reasons for SIP Trunking to Business Phone Systems is a post from: Geeknick

SIP Trunking Overview Video Presentation This video is a condensed version of the popular SIP...
IP Telephony Upgrade from PBX Video Whiteboard This is a brief overview from a block level diagram...

Related posts brought to you by Yet Another Related Posts Plugin.

SIP Trunking Overview Video Presentation

Rolf Versluis — Mon, 01 Aug 2011 12:35:28 +0000

This video is a condensed version of the popular SIP Trunking seminars.

For a brief explanation of SIP trunking, read Michael Cavanaugh’s excellent post on SIP Trunking.

This link is an example Cisco voice gateway configuration that includes SIP trunking and security.

Author: Rolf Versluis

Posted at Geeknick.com

SIP Trunking Overview Video Presentation is a post from: Geeknick

IP Telephony Upgrade from PBX Video Whiteboard This is a brief overview from a block level diagram...
Cisco LAN Upgrade 2011 Video Whiteboard Overview Here is a video I made that talks about the...
Cisco Server System Architecture Video Whiteboard Overview Brief overview of how Cisco servers are different from other...

Related posts brought to you by Yet Another Related Posts Plugin.

Next Generation Firewalls

Mike Lundy — Fri, 15 Jul 2011 18:17:05 +0000

Regardless of what you call them, Web Application firewalls, Layer 7 firewalls, Next Generation firewalls etc there is a new breed of firewall appliances on the market designed to protect organizations and their data from the ever growing Internet threats. As we have discussed before data theft, web site hacking and denial of service attacks have become big business. These threats are no longer from some script kitty with a DSL account but are now parts of organized crime rings with the money and technology to pose a serious threat to any organization. Couple that with end users who demand more freedom to work away from the traditional office and you have a serious issue when it comes to effective corporate security. Your edge firewall with flashing lights is no longer an effective security strategy.

While current generation firewalls have had some ability to be application aware, they do not have the inspection capabilities to deal with the large number of applications that exist and typically do not handle port hopping techniques or inspection of encrypted traffic well. Next generation firewalls are designed to deal with these environments and more. Using sophisticated layer 7 inspection capabilities these devices no longer simple perform packet by packet or flow by flow inspection, they are application aware and understand how the application operates and therefore are able to detect actions that are considered abnormal.

Next generation firewalls also give the organization much more granular control over user access based on time of day, application, userID etc allowing the organization to allow, block, or throttle a users’ access. In addition, the user may only be granted access to certain functions within the application. This level of control and inspection gives the organization the control and security needed while allowing the users access to their resources while outside the office. If you are interested in how these solutions can benefit your organization, contact Adcap Network Systems for more information.
www.adcapnet.com

Next Generation Firewalls is a post from: Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.