AIAIO: Our Blog

I’ve wanted to replace our office firewall for awhile now. I currently use a manually maintained bash script to manage iptables. It’s worked fine for me for a few years, but it gets tedious.

In addition, the firewall is an old desktop (from around 2001) running CentOS 4. It’s certainly been powerful enough for our needs, but its big and bulky, and uses more energy than it needs to.

I needed to know what software I was going to run before investing in any new hardware. I found a list of firewall distributions and picked out Vyatta. Once I chose my software, I started looking at hardware.

Since I wanted to make the new firewall as energy efficient as possible, my choice from the beginning was an Atom based system. The trick was finding the right combination of parts to get the 4 NICs that I wanted to fit into a more reasonably sized case.

I began looking for mini ITX rack mount cases. It would be a nice change from the old desktop sitting next to the rack now. But they were so expensive. After seeing how small the compact cases were (smaller than the cisco router hooked up to our T1), I decided that I’d save some money, and get a small case that’s wall mountable.

In the end, I settled on the following parts list:

• Jetway JNC92-N330 – $110
• AD3RTLANG – Jetway 3 x Gigabit LAN Daughter board – $48
• picoPSU-150-XT + 102W Adapter Power Kit – $70
• M350 Universal Mini-ITX enclosure – $40
• 8GB 40 pin Embedded Disk Card 4000 – $89
• 2GB DDR2 Memory – $28

For a total (minus tax and shipping) of $385. Depending on what you want to install on the firewall, you may be able to save some money by getting a smaller flash card. I believe Vyatta, for example, would be fine with a 2 gig flash card.

It’s a dual core Intel Atom based system. Many of the Jetway motherboards support daughter boards. I needed one of those so I can use their 3 NIC add on board.

The picoPSU power supply is very cool. They’re very small and efficient (the one I got is up to 96%.) I was shocked at the size, actually. They plug directly into the motherboard’s ATX power supply socket, and eliminate the need to have dedicated space for a DC-DC ATX board inside the case.

I am a little worried about having Realtek NICs. I may need to set up a build environment for Vyatta, and compile the drivers for them. You should definitely research whether the NICs are supported in your distribution of choice before investing in the same parts I did.

I’m not afraid of a little bit of work. Since I know that there are linux drivers for the NICs I’m getting, I know I can get them to work with Vyatta (eventually) if they don’t work out of the box.

The parts should be here within a week, and then I’ll be able to see if they all play nice together.

As it turns out, keeping 25 computers on 24/7 so that people can remote in actually wastes a lot of electricity. I have been looking into ways to make our use of electricity much more efficient, so that we can both reduce our carbon footprint as well as knock a few bucks off the monthly electric bill.
I’m attacking this two ways. The first way is to get all the workstations to sleep when they aren’t in use. The second is to use current virtualization technologies to reduce the number of servers we have.
The idea is that most servers are underutilized, and that you can take better advantage of your hardware and reduce energy usage by running several virtual machines on every real physical machine. The server stuff is going to have to wait until after I’ve dealt with the workstations. But I am hoping to be able to invest any money I save from making the workstations more efficient into the server consolidation project.
The first step in putting the computers to sleep at night was actually enabling Wake on Lan on our Windows XP Dells. Wake on Lan is not enabled by default in the BIOS, nor is it enabled in the power management settings for the network adapter in Windows. In Windows, go into Device Manager, find your NIC, and go to its properties. There will be a power management tab. Make sure you also check off “only allow management stations to bring to bring the computer out of standby,” otherwise the computer will wake up for any network activity, not just a magic packet.
The second step was to figure out a way to make it easy for my users to wake their computers up if necessary. Remembering the MAC address of the NIC on the computer is not exactly practical.
I looked around for a nice little program to keep track of computer names/mac addresses, and I found something quite ideal for our network. We use Small Business Server 2003, and there is a product that integrates Wake on Lan features right into our SBS’s Remote Web Workplace. It will cost me some euros when the trial expires, but in my opinion it is worth it to integrate a Wake on Lan feature right into an application my users are already used to using. It’s called WOL4RWW, and is available from WESSTools.com. I’ve already tested this on a couple of computers and it works great.
After making my computers capable of sleeping and waking up, I needed to figure out a way to actually enforce settings that put these computers to sleep every night. There didn’t seem to be a built-in group policy in Server 2003/Windows XP. It looks like the easiest way to handle this is going to be to install a little piece of software called EZ GPO on the XP machines. This will allow me to manage their power settings remotely. I hope to find time to do this in the next week or two.
The last piece of the puzzle, which I haven’t looked into yet, is when Windows Update is going to run if the computers are sleeping all night.
After I’m done with setting up and testing the XP machines, I believe I can then handle Vista and Windows 7 machines via a GPO. After that, I will find a solution for our Macs.
If you’re interested in making sure your home computer or business network is as green as possible, you can find a wealth of information at the Energy Star website.

This is what Jim Goldman of CNBC would like you to believe. But if you have a PC, at least it only costs $140.

Hmm, so many directions I could go in here. Do I talk about the best OS for the job? The best software toolkit for the job? The best IDE? No, I think I’d rather talk about…screwdrivers.

I’ve been looking for some new tools for working on my computers for awhile now. I’m of the opinion that most precision screwdriver sets and computer toolkits available in stores are of questionable quality. Well, I was recently trying to open up my Nintendo Wii in order to fix the buzzing noise it was making, and I discovered that I couldn’t open it without a tri-wing screwdriver. Upon looking for a nice tri-wing screwdriver, I discovered Wiha Tools. They have a huge selection of screwdrivers. The ones that caught my eye had ESD handles for working with sensitive electronic equipment. They also have the largest selection of precision screwdrivers I’ve ever seen.

Anyway, I decided to give them a go. They have so many precision screwdriver sets that I couldn’t decide which one I wanted, but I did put together a custom set to replace my larger tools. If you need a custom set for computer cases, this is a good place to start. Here’s what I got:

• Drive-Loc VI ESD Handle
• Tri-Wing #0 x #1 blade
• Slotted/Philips 1/8 x #0
• Slotted/Philips 5/32 x #1
• Slotted/Philips 1/4 x #2
• 1/4 Nut Driver
• 3/16 Nut Driver
• Torx T10xT15
• Canvas storage pouch

All these items can be found here. I would like to note that if you not looking to put together a custom set, you can probably find their stuff cheaper on Amazon. I just ordered my set, if the quality is good, I will be buying a nice precision set from them as well. If I just spent over $80 on a set that I don’t like, you will hear about it.

Oh, and one more thing about Wiha tools..they’re made in Germany, and as we all know, Germans always make good stuff.

TouchDown – This Microsoft Exchange client is my primary email program. Without this piece of software, I would have purchased another Windows Mobile phone. I don’t have anything against Windows phones, they’re just lagging behind in the phone wars right now. I may switch back in a few years. But so far I am loving my Android Dev Phone 1.

Locale – This program lets you change your phone settings based on situations. You can create situations based on criteria such as location, battery status, date, time, and who is calling you. Right now the only rule I have is to turn the ringer on whenever I’m within a few blocks of home. It makes sure I won’t miss any of those middle of the night wake up calls when a server is down. I plan to add more rules, but this single one has reduced one of the biggest worries of my job…missing a call when I’m needed.

There are also plugins for Locale that allow you to send SMS or tweets based on situation changes. I’m already annoying my girlfriend with SMS messages that automatically go out when I get home :) This is one of those programs that you can’t believe you lived without once you start using it.

ConnectBot – I have to have an SSH client on my phone. With this one I can even do pretty well in emacs :)

There are a few other applications that I like, like AK Notepad, Yellowbook and The Weather Channel, but I can live without those.

About a year ago I read this blog post about Windows Vista’s file copy performance, and how most people seem to perceive it as slower than Windows XP. It seems in many cases that perception of performance is just as important as a real measurable performance gain.

So why did a blog post that I read a year ago suddenly pop into my head? Well, every time I go to troubleshoot a system in the office, whether it be a mac or pc, the system just feels so much slower than the systems I use. I was waiting for someone else’s laptop to boot, and it seemed so slow that I just wanted to smash the thing. If you were to run some synthetic benchmarks on the machines I use and compare them with the other systems in the office, there would probably be less than a 10% difference. In fact, my laptop would probably be slower than some of the desktops. My laptop is a 2.2 gig dual core AMD, I believe the newer desktops and the laptop in question use 2.2 gig core 2 duos. As a general rule of thumb, most users do not notice a speed difference in computers when the difference is 10% or less. So why do I perceive my computer as being 2, maybe even 3 times faster? Hard disk performance.

Hard drives are the slowest part of a computer. This is why I’ve been using RAID 0 setups on my desktops for a good 4 or 5 years now. My laptop has a decent SSD in it as well. Now, depending on what you’re doing, having a fancy hard disk set up may not actually speed up what you’re doing. Once MS Word, or whatever you’re using is loaded up into memory, hard drive performance becomes much less important…borderline irrelevant.

This is where user perception becomes relevant. A computer with a faster hard drive subsystem will boot faster. Programs will launch faster. The computer will FEEL faster and more responsive, even if it still takes the same amount of time to encode some video files or spell check a word document. If you’d like to see this taken to the extreme, take a look at this youtube video of a computer with a 24 disk SSD RAID set-up.

So what are the effects of a computer that feels faster? Well, based on my personal experience, I believe it can have just as big of an effect on productivity as a computer that can actually run the programs faster once they’re in memory. A computer that feels fast to a user, keeps the user happy, keeps the overall experience of using the computer positive. When someone has to wait over a minute for outlook to open, it sours the whole computing experience, and can easily frustrate the user to the point where they’re less productive.

Also, let’s not forget that in addition to the perception that the entire computing experience is faster, faster load times is a measurable productivity increase, and in business setting, that equates to money. Let’s say a user saves 2 minutes a day by having a fast hard disk subsystem. That’s 10 minutes a week, over 8.5 hours a year. In my opinion, that by itself is a large enough productivity increase to warrant investing an extra $300 in the hard disk subsystem of a computer.

Now I’d be wary of using RAID 0 in a business setting, just because of the increased risk of data loss. I’ve used it on my own desktop, but I’m well aware of the risks, and didn’t keep anything on my computer that I couldn’t live without. That still leaves SSDs. Most articles you read come to the conclusion that SSDs are not quite ready for primetime. They’re too expensive per gigabyte, and their capacities are too small. I don’t agree with that. Most business users do not need the ability to keep a terabyte of data on their work computers. In fact, nobody at our office needs that ability. 128 Gig SSDs will be more than sufficient for most people, whether they’re running vista, windows 7 or OS X. I say bring on the SSDs, they are already worth the investment and will pay for themselves.

We love open source solutions, but that doesn’t mean that there isn’t room for commercial software here at Ai. In fact, everyone here uses commercial software on a daily basis. I thought for today, I’d cover our servers.

Windows Server – 80% of the Ai servers I manage run linux. But we do have a couple of windows servers as we need them to run Microsoft Exchange, Quickbooks, and our phone system software. We use Windows Active Directory for authentication on our LAN, even on the linux servers. We also use and love the Volume Snapshot Service.  Unlike an LVM set-up on a linux fileserver, Windows just takes care of everything. I don’t have to worry about where Windows is storing its filesystem snapshots. It’s a very nice supplement to our backup plan. It saves me a ton of time when someone accidentally deletes or overwrites a single file.

Microsoft Exchange – I don’t believe we’ll be on Exchange forever, but for now, it has one killer feature that we need. Calendar delegation. I’ve yet to see a cheaper solution that has robust calendar delegation features. If google adds that feature to google apps, we may have a future there. Oh, and if you read my last post, you’d also know that I love push email :)

Shoretel – We use a Shoretel phone system. I bet not many people here realize that their voicemail is stored on a Windows Server :) When we finally outgrew our old Bizfon, I looked into both Asterisk and ShoreTel. I would have loved to build a custom solution with Asterisk, but simply didn’t have the time. Our good friend Lou over at Brightstack gave us such a good deal on the Shoretel system that it was impossible to turn down. However, if you are ever looking for an Asterisk solution, I highly suggest you give Inter7 a ring. I found their prices to be very reasonable, and their sales guy was extraordinarily helpful. I’ve also been using some of their qmail related open source software on my servers for many years now.

JIRA – JIRA is our bug and issue tracker. It’s made by Atlassian. We used Mantis for many years, but outgrew it. We tried and liked FogBugz as well, but JIRA turned out to be much more cost effective for us.

There you have it. Ai uses commercial software too. Shhhh, don’t tell anyone.

I don’t know how I missed it, but Nitrodesk released a major update to their Touchdown software yesterday. New in version 2, push email! I made the switch from Windows Mobile to Android back in January, and push email was the biggest feature that I missed. Now that I have push again, there’s nothing I used my old Windows phone for that I can’t do on my Android Dev Phone 1.

There are also a few other business friendly features in the new version. Remote wipe is nice. They also added ‘Supress Delete from Server’ and ‘Surpress Mark-Read from Server’. I’m guessing these are welcome features to people who have used Blackberrys even though I won’t use them myself. You can see the complete list of new features in version 2 here.

Touchdown cost me $24.99 and it has been worth every penny. It’s nice to see a solid Microsoft Exchange client on such a young platform.

I decided for my first blog post that I would mess around with Windows Live Writer to see how it works with Movable Type.

Setup was easy. I followed the instructions here to create a WLW Manifest file for Live Writer. I was initially unable to log in, but that was my own fault. I didn’t realize that I had a separate API password for logging in via the RPC script. If you don’t know your API password, log into Movable Type, and go to your profile page. It’s at the bottom.

After spending a few minutes messing around with Live Writer, I have to say that I like it. It’s nice to be able manage my blog posts in a single place, whether I’m online or offline. It does a very good job rendering our blog’s CSS, although your mileage may vary here. The program is nice and simple, I didn’t have to spend any time figuring out how things work. With the exception of the authentication error, I was up and running very quickly.

I’ve only run into one glitch so far. The “post draft to blog” action is grayed out. I guess that feature hasn’t been made to work with Movable Type yet. While this won’t be a problem for me, I can see that being a useful feature for others. So for now it seems my drafts can only be kept on my local computer.

I haven’t used any other programs like this, so I’m not sure what else is out there. But for now, this is all I need.