I'm really getting to love virtual machines, except at work when the machines are blade servers running I-don't-know-what as a base OS connected to HP Blade Switches running who-the-F-programmed-this-train-wreck Layer 2 multipath chassis. Ugh. But that's another story for another time (and you can purchase IOS capable HP blade server switches and slide them right into the HP chassis. The new blade servers are configured in this way and they work splendidly. And they run IOS so you know how to do things like set up span ports without having to navigate some bizarre telenet command tree).
I digress. Yesterday at my favorite client on the Outer Banks I set up a new proxy server using wonderful free-as-in-speech Linux and it works spendidly. The company owner wanted to change the front desk Point of Sale computers into something more like a kiosk but he wanted the computers to remain able to visit "critcal" websites such as the Dare County government page so the employees could remain able find critical information about, say, evacuations of the island if a hurricane were knocking at the door.
This could have been accomplished using Content Adivor built into Internet Explorer (yes, the front desk machines run Winders.. sigh) but this approach would have required them maintain a list of "allowed" websites on each machine and adjust them as needed. In addition it would have done nothing to stop someone from installing another web browser (go Firefox!!) not to mention that Content Advisor is so easily bypassed it is just sad. But we're not talking about geeks running the front desk, mind you. These are retireees who do little more than contstantly do e-mail when they are supposed to be working and watching endless YouTube videos of their grandchildren.
So why not just set up a proxy server? I could block ports 80 and 443 outbound and allow only the proxy where I could build multiple levels of whitelists that would restrict users to specific websites. But there was a problem. The only machine that DID NOT run Windows was the office manager's Intel iMac. To complicate matters further that mac already ran a copy of Squidman that I use as a reverse SSH proxy to do remote support. Squidman is great but I'm not a fan of how the config files are maintained so I didn't want to go making that an unnesessarily complicated mess using Squidman to do all the proxying.
The solution was easy - install a new virtual machine using the already-existing VMware Fusion (which is currently running a XP virtual machine for reasons that I won't get into because it bothers me greatly). A quick download of the Debian netinstall ISO and a few clicks of the mouse and I had a fully functional, bare-bones Linux install. From there it was a simple 'apt-get install squid' (and ssh for remote login) and a vi of the /etc/squid/squid.conf and whitelist files and, poof, a fully functional proxy server was running.
Now it is time to find out if I squid supports the oddball color printer and assuming they do I'll have a print server running momentarily.
Linux as a server is just so darn easy to work with. True I could set up the print server on either a windows box or perhaps the Mac.. but why? Anything on Linux is so easily remotely supportable I can't see a reason not to set things up that way.
Wednesday, December 31, 2008
Sunday, December 28, 2008
Wednesday, December 24, 2008
Life isn't all bad
Yeah, I have to work until at least 7 pm tonight but I'm here at my desk watching Koyaanisqatsi on the 2nd monitor via Hulu. It's not the worst way to pass the time.
Tuesday, December 23, 2008
Uzzah. A man who deserved better.
It's time to break out the NIV version and read up on my of my favorite cast of characters in the Old Testament: Uzzah. Or Uzzah the Unlucky, Uzzah the Torched by God, or any other names for a poor guy who instinctively tried to do what he brain told him was the right thing. It wasn't. God was unpleased.
The short story is Uzzah and his brother Ahio were told by God to move the Ark of the Covenant and they did, via ox cart. At some point along the trip the oxen stumbled and Uzzah, against divine instruction, reached out to steady the Ark so it would not fall of the cart. Bad move. God smoked him on the spot, instantly. This naturally freaked Ahio about a bit so the Ark never made it to David, its original destination (again, this is all from memory and quite dim) thus beginning a 3000+ year game of hide-and-seak that remains unsolved to this day. It could also be the Ark never existed in the first place and the story is a work of fiction. Whatever you believe is cool with me.
The short story is Uzzah and his brother Ahio were told by God to move the Ark of the Covenant and they did, via ox cart. At some point along the trip the oxen stumbled and Uzzah, against divine instruction, reached out to steady the Ark so it would not fall of the cart. Bad move. God smoked him on the spot, instantly. This naturally freaked Ahio about a bit so the Ark never made it to David, its original destination (again, this is all from memory and quite dim) thus beginning a 3000+ year game of hide-and-seak that remains unsolved to this day. It could also be the Ark never existed in the first place and the story is a work of fiction. Whatever you believe is cool with me.
Monday, December 22, 2008
In full swing
The first of three family-related events is in the history books for this holiday season. One down, two to go. Wish me luck!
Also I've started my week of primary on-call (global) that runs through the 28th. Ugh. Ick. Nasty. Let's hope and pray for a quiet week.
Also I've started my week of primary on-call (global) that runs through the 28th. Ugh. Ick. Nasty. Let's hope and pray for a quiet week.
Saturday, December 20, 2008
New Apples.
Looks like we're going to be blessed with new Mac minis and iMacs at this years Macworld. I'm excited! I've been needing to replace my G4 Mac mini file/print/media server for quite some time and I think not having the ability to upgrade the unit past 10.5.x is going to provide the jolt required to open my tight-fisted wallet that is IF we recieve a bonus this year and IF we have enough bonus money "left over" (the earmarks are long and varied this bonus year).
The new Mac minis are rumored to share the same graphics processor as the Macbook Pros which would be provide a huge boost to performance. Plus being an Intel mini I could easily run other operting systems in parallel using Parallels or VM Ware Fusion.
I really have to think about upgrading my white MacBook first, though. I'd like to replace my MacBook (which I would send to my parents) with a 15" MacBook Pro but I don't think I'd have the "extra" $2500.00 in the bonus pile. Shoot. What a drag.
The company where I work is moving towards a cool concept called "Open Networks" where the users LANs are going to be opened up wild-west style, perhaps (and I really don't think they'll do this for obvious reasons) with IPs directly routable to the Internet. The data centers themselves would be where the data security layer would reside, not the "edge" between the Inernet and B2B networks.
Why? Fairly simple. Most people have high-speed Internet these days as do all compaines we do business with. Instead of requiring a B2B or individual VPN connection to the network simply jump on at the core of the network via the shortest path at the carrier hotels around the globe. From there access the applications you need via VPN that latches itself to the global data center. It sound totally psychotic, I know, but there is a bit of beauty in the chaos that reveals itself when you constantly try to troubleshoot and fix connectivity problems between the company and the B2B partners. This kind of network would greatly simply connectivity.
All that said I'm not sure when such a dramtatic shift would take place. But when it does employees could also drink from the well of hysteria and provide our own hardware to use at work if we so choose. But there's one exception to the rule - the hardware would have to be capable of running the company build supported operating system. Hello VM Ware Fusion. I could crank up my VM Ware Winders build and I would be good to go.
Plus I could have, and do today, have multiple Ethernet connections at my desk. I have a standard LAN connection that everyone else has and I also have an outside line via a DSL router. We use that line for testing external VPNs, simulating B2B connections, that kind of thing. My primary Ethernet connection would use the DSL connection and I'd bound the VM Ware Winders session to the 2nd Ethernet connection to the company LAN.
But wait, you say, how the hell are you going to have to LAN ports on a Macbook Pro? Ah, good question. It has been proven the Macbook Air Ethernet adpapter works quite well with other Intel Macs. So I'd do it that way. I could, but won't, attach an Airport Express to the DLS line. I'm already dipping my toes well into the "DO NOT DO" pool having a machine directly attached to the outside world and the company LAN at the same time but attaching an access point, even when I know what I'm doing and why, would rase the hackles of security and they would have no qualms walking me out the door for that regardless of how secure the connection may be. It's just something you don't do around these parts. Or, rather, it's something you do only once. Damn pesky AirMagnet sensors.
So that's the plan, stan. And it's a great plan, I think. No more unnecessary dual laptops. Gone. Poof. A nice, bright 24" Apple LED display built just for the Macbook line sitting atop my desk. Me easily and seemlessly moving in and out of the company data networks, no more shutting down every application just to test an Internet-facing application or connection. No more lugging around dual laptops on school days. What's not to love?
Will my dream turn into reality? Quite frankly all signs point to "no". Being the first out of the gate with a company-build desktop as a virtual machine on my own laptop isn't going to be easy. But great projects that benefit me never are. That's what makes them fun.
It's time to kick some Wii Tennis butt. Later.
The new Mac minis are rumored to share the same graphics processor as the Macbook Pros which would be provide a huge boost to performance. Plus being an Intel mini I could easily run other operting systems in parallel using Parallels or VM Ware Fusion.
I really have to think about upgrading my white MacBook first, though. I'd like to replace my MacBook (which I would send to my parents) with a 15" MacBook Pro but I don't think I'd have the "extra" $2500.00 in the bonus pile. Shoot. What a drag.
The company where I work is moving towards a cool concept called "Open Networks" where the users LANs are going to be opened up wild-west style, perhaps (and I really don't think they'll do this for obvious reasons) with IPs directly routable to the Internet. The data centers themselves would be where the data security layer would reside, not the "edge" between the Inernet and B2B networks.
Why? Fairly simple. Most people have high-speed Internet these days as do all compaines we do business with. Instead of requiring a B2B or individual VPN connection to the network simply jump on at the core of the network via the shortest path at the carrier hotels around the globe. From there access the applications you need via VPN that latches itself to the global data center. It sound totally psychotic, I know, but there is a bit of beauty in the chaos that reveals itself when you constantly try to troubleshoot and fix connectivity problems between the company and the B2B partners. This kind of network would greatly simply connectivity.
All that said I'm not sure when such a dramtatic shift would take place. But when it does employees could also drink from the well of hysteria and provide our own hardware to use at work if we so choose. But there's one exception to the rule - the hardware would have to be capable of running the company build supported operating system. Hello VM Ware Fusion. I could crank up my VM Ware Winders build and I would be good to go.
Plus I could have, and do today, have multiple Ethernet connections at my desk. I have a standard LAN connection that everyone else has and I also have an outside line via a DSL router. We use that line for testing external VPNs, simulating B2B connections, that kind of thing. My primary Ethernet connection would use the DSL connection and I'd bound the VM Ware Winders session to the 2nd Ethernet connection to the company LAN.
But wait, you say, how the hell are you going to have to LAN ports on a Macbook Pro? Ah, good question. It has been proven the Macbook Air Ethernet adpapter works quite well with other Intel Macs. So I'd do it that way. I could, but won't, attach an Airport Express to the DLS line. I'm already dipping my toes well into the "DO NOT DO" pool having a machine directly attached to the outside world and the company LAN at the same time but attaching an access point, even when I know what I'm doing and why, would rase the hackles of security and they would have no qualms walking me out the door for that regardless of how secure the connection may be. It's just something you don't do around these parts. Or, rather, it's something you do only once. Damn pesky AirMagnet sensors.
So that's the plan, stan. And it's a great plan, I think. No more unnecessary dual laptops. Gone. Poof. A nice, bright 24" Apple LED display built just for the Macbook line sitting atop my desk. Me easily and seemlessly moving in and out of the company data networks, no more shutting down every application just to test an Internet-facing application or connection. No more lugging around dual laptops on school days. What's not to love?
Will my dream turn into reality? Quite frankly all signs point to "no". Being the first out of the gate with a company-build desktop as a virtual machine on my own laptop isn't going to be easy. But great projects that benefit me never are. That's what makes them fun.
It's time to kick some Wii Tennis butt. Later.
Subscribe to:
Posts (Atom)
