why it’s so important and desirable to have configured graceful shutdown for servers and hypervisors.

Why it’s so important and desirable to have configured graceful shutdown for DB servers and hypervisors.

From my experience it’s completely nonsense that almost all Mongolian companies are so neglect to UPS issues. Servers should be mandatory configured for graceful shutdown by USB or PCNS cards. Otherwise for long black outs there is no difference between UPS backed or not RACK systems – servers will be just cut off mercilessly damaging database files, file system, boot sectors, virtual hard disks and so on. 

In case of proper configuration and on battery event SmartUPS (or very few BackuUPS) will send

Read the rest

Obvious, but neglected. How and why it’s important to properly configure your Outlook?

 

It’s very common that business users experience multiple issues with own company email addresses and mailboxes.

The basic recommendation is :

1. stop using ISP public smtp relays like smtp.univision.mn and so on (use only own mail hosting smtp servers)

2. stop using non-SSL or non-TSL connection for email (plaintext credentials can be easily intercepted, later misused or used for spam, or to discredit you, blackmail you, steal your correspondence, ransomware)

3. if your mail hosting (something like “anyone@magicnet.mn”) doesn’t like provide smtp server then you should configure your Outlook to use credential for other your mailbox, for example

Read the rest

The main misunderstandings about AD/Active Directory:

 

1. The majority of Mongolian companies start to use AD just as a prerequisite for other Microsoft solution (for example for MS Dyn Nav). so that AD is considered just like part of other solution, not as a stand-alone very important security solution itself.

2. Other wrong common mistake – AD requires Microsoft licenses or that only licensed windows OS can integrated to AD. Piracy doesn’t have any direct impact on AD functionality (although not hotfixed and updated cracked OS can have problems even without AD).

3. Another mistake – AD is not free. Wrong. If you have

Read the rest

How to update Dell firmware from Lifecycle Controller with error “The updates you are trying to apply are not Dell-authorized ..

Recently i have tried to update my R720 PE Dell servers firmware (suspecting that multiple SATA hdd damages are due to wrong not updated RAID controller firmware, btw wrong suspect), but got below error:
At first i thought that it’s temp ftp.dell.com server problem, later that it’s due some problems with DNS for ftp.dell.com in Mongolia. But everything was easier, just in wrong outdated iDRAC version (and integrated into it LC/lifecycle controller) so that LC couldn’t properly get firmware from Dell ftp.
So just go to Dell site:
  • enter your server
Read the rest

iDrac or vPro access to local NIC

 

Often i’m asked why idrac/vpro is not accessible from OS on the same computer?. When you share one NIC between OS NIC and idrac/vpro management card (for example on Dell optiplex you have only one NIC with enabled vpro and at the same time use this NIC for windows server) you usually cannot even ping from windows server own vpro/idrac interface. So for Dell PE servers it’s better if you assign for idrac interface own dedicated port. As for vpro you can only add extra NIC for OS usage and use builtin NIC only for vPro.
So if you

Read the rest

My top of sysadmin tools

  1. free Putty
  2. free Winscp
  3. Webresearch (personal knowledge base)
  4. Microsoft DaRT from MDOP, former ERD disk (very easy to add to WDS, or replacing boot.wim on USB with Win7 or win8) For repair, locksmith to reset built-in administrators password, to backup files from not booting disk and so on. To prevent non-authorized access by ordinary users during booting, place pxelinux with password before WDS network bootloader.
  5. Acronis tools (usually on USB, or as WDS image) mainly for cloning, partitioning, backups
  6. Hiren tools (mhdd, victoria, memtest to diag freshly purchased HDDs, RAM)
  7. Separate tiny Memtest (i prefer as a pxelinux option in
Read the rest

Specifics of IT security in Mongolia

I want to address this post to my IT collegues. Last years in all my IT trainings i try to attract attention to lopsided approach to IT security in our country. In my opinion the most of us try to embrace as much as possible new IT technologies without at least understanding of basic classic conceptions. Almost all new solutions ignore and sacrifice security aspects for functionality. For example i don’t know any homebred business solution which supports Microsoft Active Directory integration, each solution uses own database user list, no windows logins (at least as an option if requested). Without … Read the rest

Compromise – decisions for SMB. Value for money of such decisions.

It’s common that many innovative IT technologies are not affordable for majority of Mongolian SMB companies or small branches due to the fact of high price for IT equipment (even in case of almost zero price for illegally used software). Companies who provide VMS/video management solutions (video servers), companies like Interactive, Navision and other vendors are forced to use Desktop computers as a server for implementations of own products at customer site of small companies who cannot afford to invest too much into hardware immediately. How justified such decisions? Surely all of service providers try at first to suggest professional … Read the rest

Personal data mining tools, comparison

I’m going to compare several commonly used tools like OneNote, Evernote vs Macropool Webresearch. In browser you can bookmark only URL address, but then you cannot save your current opinion and comments to page or to concrete part of page. You may open needed resource by URL page and it can be changed, deleted, re-designed – so you can spend more time to find what you need.

Pros of locally installed Webresearch:

  1. Folders structure for saving documents. OneNote, Evernote just dump everything in one huge heap. To find something, you need provide to each note a tag, category, or you
Read the rest

SMB, IT Security challenges, common mistakes and the practical recommendations. Save and earn money on IT tuning

I would like to invite you to free IT seminar with topic “SMB, IT Security challenges, common mistakes and the practical recommendations. Save and earn money on IT tuning” on 19 of September 2014, Friday, from 10.00 – 14.00.

Venue of seminar:

Geomon Engineering LLC

601, UMJ office, Peace Avenue-36, Ulaanbaatar, Mongolia (behind Peace Tower)

To register please fill the following form.

The brief agenda is :

  1. Virtualization, how to build IT infrastructure for SMB without overheads (How to properly consolidate all obsolete services on one physical server)
  2. AD/Active Directory for doubters. Why it is so important for security
Read the rest