Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

As promised.. the saga of the network roll-out

June 26th 2006 in Uncategorized

Alternate title – “The weekend miracle” (shaddup Wayne) [;)]


Imagine this.. a network teetering on the edge of failure – one terminal server dead – the other already teetering on the edge of death and having barely survived a virus infection; a slew of seriously old hardware (including Windows 95 boxes with 16 meg of RAM).  Hubs where there should be switches.. switches that are barely capable of doing what is asked of them.  Single network points shared out between three or four pieces of equipment via dinky little 10Mbps 4 port hubs…


Imagine pulling together hardware sufficient to rebuild an entire network infrastructure in the space of a week – all that would remain of the old network is one server, one switch, the printers and two computers.  Who did that?  Dean did that [:)]


New stuff rolled out over four intense days


A new terminal server, new UPS, new switch, new hubs, 17 new computers and 10 others reassigned.  A disaster recovery plan.  Implementing WSUS.  Upgraded and new software, licensing checks and purchasing what’s missing; designing log-in scripts to automate what is a complicated software infrastructure as much as possible, all software being pushed out as published applications to the desktops (we’re running Windows SBS2003). 


The network uses Worldox, Hotdocs, Lawdocs and OpenPractice, all tightly integrated as well as sundry other software.  Some users are running Office2002, some are running Office2003 and the two different versions require different *.dot and *.ini files to suit the different environments and integrate with the document management system.  Therefore, Dean and I had to effectively design two networks, one to suit Office2002, and one to suit Office203.


Want to know how complicated this got?  We went from zero GPOs and security policies to this – all designed in a few days (more to come below picture):


 


Some have asked for before and after screenshots and pictures of the work in progress.  Here we go…. remember, all this was done by just two people over four very intense days…


Before shot: cabling cabinet (what a mess) – I still can’t believe the previous IT company deemed this acceptable.


 


Dean hard at work:


 


After: cabling cabinet – note the black box – that is a new UPS to protect the switches,


 


Ripping out the old network


These pictures were taken Sunday afternoon/evening – remember, only two people did all this… a really super karate black-belt fit bloke and, well, me.. who gets puffed walking up a slight incline [;)] BTW, those few PCs you see in the second photo were the ones that were going to undergo hard drive reformatting before being donated to staff… all the rest were trashed…


 


 


I think the funniest part of the weekend was when a lawyer turned up at the office at 8.00pm on the Sunday night, took one look at that mess, and said “We *are* going to be ready to go Monday, yes?”  He was chased out of the office by threats of having to help move all that stuff [;)] 


Building the new network ….. vvrroomm…


Lots of boxes…. lots and lots and lots of boxes… 17 computers, 17 monitors, one server, a UPS, 3 x Maxtors, 17 x 500M memory sticks, SCSI card for domain controller, 16 port KVM, DVD drives, all sorts of lovely toys…


 


We like mess… mess is good


 


 


Hard at work


Sorry gang, no photos of me ’cause I’m the one wielding the camera [:D] If you’re *real* lucky (or unlucky, depending on the perspective) Dean may have a photo or two of me getting my hands dirty too.


Dean was getting ready for the17 PCs roll-out when this shot was taken, I think, on the Saturday after two days of preparation/designing – that’s my laptop on the left, Dean’s on the right.  Dean’s using a kick-ass 16 port Belkin KVM switch that I tried really hard to persuade him to let me keep… alas, I’m left with my dinky little 4 port KVM.  Poor Dean, he looks like he’s been working awfully hard, check out that midday shadow on his cheeks [6]


 


There was a method to all that cable madness….


 


I’ll let Dean blog about the technical details of designing the new network and building the terminal server … I seriously considered reproducing the user log-in script that has been written to cover various scenarios, operating environments and software versions, but will let him have the pleasure if he so chooses.  Dean handled building the terminal server, designing the GPOs, log-in script and all other server side stuff, as well as commissioning the new Cisco managed switch… What did I do?  I did the grunt work getting all the PCs on the network, taking care of all the software installations and handled the software integration side of things and its inevitable problems – remembering we were moving from a pure Citrix terminal services environment to local installations in house and terminal services when off site.


It was wonderful how smoothly things went thanks to Dean’s careful preparation and design time.  After a PC was added to the domain Office 2003 or XP was automatically installed on the computer, as was Access if it was assigned.  Shortcuts appeared on each PC desktop for all assigned applications that could not be installed automatically so it was simply a matter of double clicking each shortcut to install – all shortcuts (except for IE7 Beta 2) disappeared from the desktop automatically as soon as the software was successfully installed.  The PCs were assigned various combinations of OfficeXP or 2003, Phillips Digital dictation and transcription software, VNC, IE7 Beta 2, Hotdocs, LawDocs, OpenPractice, Worldox, RealForm, 21st Century DOLI forms, NitroPDF and QuickTime.


The assign Applications to Client Computers Wizard rocks!!


 


The end result….


Server room “before” shot – the nearly dead, cheap ‘n’ nasty white box terminal server is the white box on the left.. the well specc’d domain controller is the black box, and you can barely see two dinky little emergency UPS on the floor near the wall.. the original UPS’s batteries died – probably because they were five years old and nobody bothered to tell the company that such batteries have a 3 year life span.  I have never wanted to sue IT outsourcing companies as badly as I have wanted to sue the two that have taken care of this network.  The sides of the old batteries were so badly bulged we could not get them out without breaking the rivets holding the UPS body skeleton together.  The old UPS  was trashed and we purchased a new one because of evidence of overheating.  Thanks to my hubby and his rivet gun, dismantling the UPS body skeleton and putting it back together again was not a problem, but there was a small plastic bumper that had melted on the back of the primary circuitboard.  That was enough for me to say I was not willing to leave the old UPS in commission.


The black UPS boxes actually belong to me; one has been reassigned to protect the Cisco switches, the other has gone home with me, and is now protecting my small home network.


 


Next photo is the server room after we were finished – sorry its not the best picture – I think Dean has a better one – working from right to left we have the new UPS, the original domain controller, the new terminal server that Dean built over the weekend, and the original document management systems indexing server (which people kept forgetting about because it was off in a different room)  One day some auditors came in to do their yearly check of our accounts, and were plonked into the same room as the indexing server because it had a spare desk.  A junior auditor pulled the power cable for the indexing server out of the wall because he wanted the power point for his laptop – he thought the server was not running.. um, no, the monitor had been turned off (quietly whack junior auditor upside of the head).  The Maxtor eternal drive on the shelf is part of our disaster recovery protocol.  There are also sundry bit and pieces like a KVM (yes, a third one), the ADSL modem, the tape drive for night tape backups.


The server room has since been moved, again, and I’ve improved things even further – unfortunately I can’t get the servers off the floor, or replace them with racks, but the hardware is now in an area on its own that the staff are not allowed near, and I’ve used a couple of large melamine sheets, and careful positioning of furnishing like cupboards and filing cabinets to minimise the amount of dust gathering around (and therefore getting into) the servers.  I’ll post a picture later when I get a chance.


The new disaster recovery system is three 300Gig Maxtor external hard drives and Acronis.  Nightly images of the server are dumped to one of the Maxtor hard drives.. the other two driver are in the possesion of myself and one other staff memberand the drives are rotated on a daily basis – if the worst happens and a server dies or is stolen, we can recreate the network within hours.


 


The staff were greeted by the following desktop when they turned on their sparkling new computers for the first time….


 


Alas, the Welcome Baby was retired just today, to be replaced by a boring corporate logo… but don’t you worry.. I have *plans* to spice things up every so often… ah, the power of being a network admin…


All in all, I lost 5 kilos in 4 days and put in 25+ hours overtime in two days … we filled a 4 cubic metre miniskip to the brim with trash and old computers and monitors and I went through $150 worth of petrol with my car filled to the brim, driving back and forth between office and miniskip (which had been dumped on my front lawn).  Hubby was tasked with unloading the car while I had a quick drink or bite to eat, and 16 year old son was tasked with taking the hard drives out of the old PCs before the old PCs were put into the miniskip for disposal.


5 comments to...
“As promised.. the saga of the network roll-out”

Dave

… funny … that kind of work requires beer … I see no beer … WHERE’S THE DAMN BEER????????? You CANNOT expect such a system to have long-term success in operation without proper levels of intoxication during the install …



sandi

< > I do not drink beer, I drink very expensive 18 year old whiskey… and Dean, I think, is a Cointreau man…



Dave

So, where was it? And when??? The system’s success hinges on it.

Edit Sandi: There ain’t none left… its all gone – sadly, when I  took young Dean to a restaurant on the Friday night, all we drank was water… I’m becoming respectable in my old age Sad



Dave

Respectable? I’m not so sure about that. Old??? Ummm … no comment in this comment about that … ;-)

Edit Sandi:  You only get away with that ’cause I luvs ya.. and you can tell your lovely wife that I said that ;-)



Steve Foster

Why no rack for all the lovely server equipment?

Costs a bit more to buy, but is much more space efficient, and it’s easier to add more equipment later.


What the heck were they doing storing such data on something so easy to lose???http://australianit.news.com.au/articles/0,7204,19588463^15306^^nbv^,00.html
“The details of 3500 customers from 18 banks, including names and account numbers, were lost when a classified computer dossier on Russian mafia “phishing” scams was misplaced by the Australian High Tech Crime Centre in April last year.”
The memory stick was [...]

Previous Entry

I’ve got an email here that says, basically, “what the hell makes you better than the ‘IT outsourcing companies’ you want to sue – you’re a stuck up b*tch with an ego the size of the USA continent”.
Another message: “Am I the only one who thinks that building a network of this size should not [...]

Next Entry