Matthew Buck’s Blog – Principal Engineer at RatwareUK

Using a Dell Optiplex fx160 with the Suse thin client pre-installed? Found a problem with SLED10 and rdesktop not connecting to a Server 2008 remote desktop connection? – Never fear, as we have had the same problem and our Linux Guru has investigated the best fix:

Along the way, we tried all sorts:

• Updating the rdesktop on SLED to 1.6 . SLED – didn’t like this.
• Installing Ubuntu Netbook Remix, which is a small OS which we though would fit nicely on the thin client’s 1GB of NVRAM – but we couldn’t rip out enough packages to get it small enough!

The solution: Ditch SLED. Its rdesktop doesn’t have the best resolution anyway. Install Debian LXde.

Here’s how!

Step One:

Download the following. You may find it easier to copy the second file to the USB stick from a Windows machine but you’ll need to use Linux or Mac for the first one;

• http://ftp.nl.debian.org/debian/dists/lenny/main/installer-i386/current/images/hd-media/boot.img.gz

• http://cdimage.debian.org/debian-cd/5.0.4/i386/iso-cd/debian-504-i386-netinst.iso

Put blank USB stick in Linux computer and make sure it isn’t mounted – you’ll probably need to use mount and umount to get this sorted.
Use dmesg to see what disk was just inserted – line near the end will mention something like /dev/sdX. Type:

zcat boot.img.gz > /dev/sdX

Unplug the drive and re-insert (or put into a Windows PC). Then copy debian-504-i386-netinst.iso to it
Plug into thin and boot. F12 usually selects boot device.

Step Two:

When you create the user Use full name = user and username = user
Select expert install.
Mostly just accept the default by pressing enter, except:

United Kingdom for country
British English keyboard
Don’t start PC card services

The next bit is the only non-obvious part of the whole process, IMO. Use guided partitioning and let it choose two partitions. Then before committing to disk delete both partitions and create one primary partition of 1GB – no swap is needed.

• Select default kernel (i686)
• Select targeted initrd
• Deselect all software tasks (Standard system is the only one selected by default)

You now have a bootable Debian in 371MB.

Step Three:

Login as root and do the following (# or $ is the command prompt, not something to type!)

# apt-get clean
# apt-get update
# apt-get install lxde

Just accept the warnings about swap space – you won’t be suspending to disk anyway.

# apt-get clean # apt-get install tsclient rdesktop # apt-get clean # reboot login as user

Open a terminal using the icon in the lower left of the screen $ xdg-desktop-icon install –novendor /usr/share/applications/tsclient.desktop . This will create you  a terminal server desktop icon!

Double-click the icon that appears in the top right.

Do the settings and save as CONNECT (or something similar). Don’t forget to set full-screen on the display tab. The TSClient window will go away.

(I had to reboot after this. Alt-F1 to get to command window followed by ctrl-alt-del should do it). You can check the connection using the quick connect button.

Step Four:

Now let’s configure the terminal server connection to autostart:

$ cd .config
$ mkdir autostart
$ nano -w autostart/tsclient.desktop

[Desktop Entry]
Type=Application
Exec=tsclient -x /home/user/.tsclient/CONNECT.rdp

Step Five:

Autologin and autorun didn’t work in combination for me. I’d suggest not using autologin but if you want to try it do this:

LOGOUT

On the login screen choose Actions (bottom of screen).

Configure the login manager Authenticate with root password.

Click OK a few times. On security tab enable automatic login and set the user.

Close and reboot (from the Actions button)

Now you have a thin OS installed on your flash drive which will boot automatically and start a terminal server desktop session to your Server 2008 without any fuss.

Security has always been an important part of computer networks and even more so now. Viruses and Malware are getting more sneaky. We’ve noticed them residing in vulnerable hosts, infiltrating bona fide websites and infecting users when browsing “legitimate” websites – even with more robust browsers such as Firefox.

Recently, RatwareUK changed our Anti-Virus provider from Sophos to ESET. We’ve been partnered with Sophos for a while and had never been fully satisfied with their network deployment routine from a technical perspective.

The Sophos Management Console appears a little too simplistic and with this simplicity comes a large operating directory and a hungry appetite for RAM – which you wouldn’t expect from a tiny interface. Also, when pushing the Sophos AV clients to network machines, we’d noticed that sometimes it just wouldn’t work and the event-logging mechanism doesn’t provide enough detail to diagnose the fault.

ESET, on the other hand, has proven to be superb, time and time again and even on older networks with multi-OS environments and system architecture. The installation procedure is more time-consuming and more in-depth. But it’s this detail and rigour which leaves the system admin thinking; “This is going to work, and if it doesn’t, I’ll understand enough about the procedures to resolve any errors”.

ESET is also cheaper and it claims excellent results in virus defence – http://www.eset.com/business/why-eset .

RatwareUK are now authorised ESET partners, with a range of experience in network security. If you have any questions and would like some consultancy (no obligation) , please contact us.

Could this new Draytek 2820 VOIP product be a further nail in the coffin for conventional telephony methods? Recently I implemented one of these, and at approximately £400 + VAT (including a couple of IP Phones), I have a fully functional local exchange, providing the usual functions such as; auto attendant, voicemail, hunt groups, call-logging, music-on-hold, conference calling etc. On each of the IP Phones you can set the voice compression method and from the IP-PBX you can swiftly implement upstream QOS, governing the VOIP system. After 2 months of constant use, I’m told that there is “no difference” to the quality of a conventional telephone line and no difference in the features of a conventional local PBX.

The Draytek is serviced by a 10Mbps/700Kbps Internet connection provided by Virgin Media, with a failover WAN2 USB Modem providing Orange 3G. It’s in a server room so it’s powered by an existing UPS, just like your conventional phone system should be.

The SIP provider is Draytel. They provide a host of telephony services. In this case; providing 5 simultaneous SIP Trunks (5 lines) including 2500 UK land line minutes for just £19.99 + VAT per month. That’s a better deal than BT and you aren’t tied to their ridiculous local exchange programme, which prohibits you from taking your phone number when moving your office. When this client moves, they’ll simply ensure broadband is present and then plug their Draytek router in. No reconfiguration, no costs, no downtime – phone and Internet moved simultaneously.

This small router provides support for up to 30 extensions, the next model up provides 100. Are products like this going to signal the death of conventional telephony?

I’ve been speechless for a while, because Dell have outdone themselves with their new thin client – the Optiplex FX160. Basically, thin clients don’t need hard drives. They run a local operating system such as Windows XP Embedded from solid state flash media. This flash media may only be around 2GB in size – just large enough to hold the operating system image. This makes the thin client very fast and very robust.

The 160’s are supplied with an embedded image providing a cut-down XP desktop with immediate support for Remote Desktop Connection, VMWare and Citrix. A quick modification to the image via a deployment server and you’re booting straight into your virtual environment. The units are fast, ultra-small and have a really low carbon footprint. Once more, this new thin client and a strategy of virtualisation takes away the need to “rebuild” systems on failure. There’s less to go wrong and no maintenance required. There’s more consolidation, security and control.

Dell Optiplex FX160 is now RatwareUK’s thin-client deployment of choice and a perfect partner when virtualising a network and desktop streaming. At approximately £270 + VAT per unit, this product is extremely cost-effective.

If I could have a pound for every time I’m meeting a new client and they ask “Can we have a wireless network, instead of a wired one?” we’d be a) rich and b) doing a serious mis-service. If everyone was as familiar with the words “virtualisation” as they are with “wireless” we’d be very happy. I guess it’s because people have wireless networking thrown at them by TV adds, ISPs and their savvy, computer-addict children. Why can’t people request virtualisation?

Today RatwareUK decided that, unless there was a specific technical circumstance against it, virtualisation was from now on, going to be the preferred solution we push to SMEs. VMware, memory and processing power have come a long way since I used to run Linux through a VM window on my home PC almost a decade ago. Now VMware is a credible and widespread solution, providing a multi-server deployment on minimal hardware and revolutionising IT support, security and provisioning. Within an SME context it consolidates everything and gets rid of the need for complex restoration processes and the constant up-hill support battle present on a multi-OS client environment. Virtualisation kills the need for complex group policy work, scripting and client upgrading. It pools your resources and configuration into one place.

I’m unsure what’s next for virtualisation. Maybe transferring your virtual machine solution from your office, to your hosting company’s cloud?

IT professionals have simply ignored Vista. Windows 7 could now change everything.

I was thinking the other day about Windows 7.  It was only released in the back end of October, however, with Vista being such a flop, it dawned on me that Windows 7 will, by virtue, be the biggest change in business user experience since 2001. That’s almost a decade. You may dismiss this and believe that Vista bridges the gap between XP and Windows 7 and this isn’t really big news, but it doesn’t and it is big news.

Think about it. Although new domestic PC sales have pushed Vista as the “number one” OS and ditched XP, most business IT professionals have refused to deploy Vista. An ideology so stubborn that it has caused Dell Commercial to continue selling XP Professional, alongside Vista to this day. In the history of Microsoft, this has never happened before. Also, the statistics for operating system market share state that XP peaked at 76.1% in 2007. That’s 76.1 percent of the world’s computers running Windows XP. In 2008 this market share is said to have grown to over 80%. This is telling, especially considering it’s two years into Vista’s release, and I bet this percentage is even greater when you consider just commercial networks on their own.

I was chatting with my colleague and we recall commissioning just one Vista machine since its release in 2006. And guess what? This was by accident! (We messed up the order with Dell). Adding insult to injury, we refused to join it to the domain and booted it straight into a terminal server window, providing a 2003 style user-experience. XP is just so much nicer for the “domain experience”.

So although you may have been using Vista at home for some time, don’t forget that at work your PC is more than likely XP Professional. And, as first reviews of Windows 7 are extremely positive and the door has finally closed on the Vista debacle. Techies all over the world are lifting their noses out of their Cisco manuals and evangelizing Windows 7. As XP completely bypassed Vista in the commercial world. A huge change is definitely upon us.

Dell have launched a brand new product range aimed at the serious professional and entrepreneur. It’s the Dell Latitude Z.

Aimed at professionals and equipped with enhanced mobile capabilities, this is the most exciting development from Dell in the last 12 months – I want one. Customers can view an independent article about the product here – V3.CO.UK

RatwareUK are Dell Premier Partners and we’re authorised to quote cheaper than Dell Online! Please contact us if you would like a price.

OK. I thought I’d stop twittering and do a blog post. I’m going to talk about a gateway solution we recently deployed for a customer – Untangle. I’m impressed. In brief, Untangle is a free, open source gateway solution designed to untangle the complex patch work quilt security solution that many network managers find themselves dealing with after a few years of running an expanding domain.

Installation

It’s essentially an out of the box Linux solution which can be installed on a relatively low specification machine with two network cards, bridging your LAN with the internet. In order to implement it on one of our networks, I took an old PC, jammed some more RAM into it, bought two new network cards and began the install:

The installation took approximately 20 minutes on our machine and required no Linux knowledge at all. If you understand the concept of network bridging, you’ll also fly through the setup wizard which asks you which network card is WAN facing, etc.

Configuration & Usability

Like many security devices that sit on your LAN, I expected that setup would be straightforward but that inevitably I would spend about a week tweaking the settings, ironing out all the false positives and getting Untangle running smoothly. This took me by surprise. I wasn’t – it took about 5 minutes and even better than this it has been running itself for a month!

The interface is graphical and the configuration again requires no Linux knowledge. It works on a drag-and-drop concept, where you can download and drop network devices onto a virtual rack. Some components you have to pay for, but the main and most useful ones are free.  I won’t bore you with the list, you can check it out here – Untangle Overview .

The interface is accessible from either the Untangle computer or via HTTP.  I’ve found it works much quicker via the web interface and obviously you’ve got full control over it from anywhere. I’m finding the Spam Blocker and Web Filter the most useful components, however this is because our requirement for these features is greater than anything else. Logging in today, the spam blocker has scanned 22,286 emails in 24 hours. 21,210 of these were rejected connection, some were quarantined and only 81 were passed through to mailboxes.

Users on the domain have also taken to their new spam quarantine like a duck to water. Each day, they receive an email digest linking to their Untangle quarantine. From there they can control their own whitelist/blacklist and release legitimate email caught up in the system. As Spam Blocker uses Spam-Assassin, Untangle learns automatically as it goes along. The process is so simple, out of approximately 70 users, I’ve had 2 queries on how to use the quarantine.

Conclusion

A very powerful, easily deployable and manageable security solution suitable for any SME network. I’m so impressed I have ditched Sophos Pure Message, providing the network with a better solution, with a saving of over £1,500 per year in subscription costs. It’s so good, I’m even thinking of decommissioning the networks hardware firewall, a Draytek 3300v.

Untangle is free (most of the components) and Untangle provide free updates. It is well worth some time to test it out.

Hello again. I felt guilty about not blogging here in a while and using twitter too much, so I thought I’d do a quick blog containing some pictures of the work we’d been busy with recently…

The above as pictured is unfinished, however it shows our ability to provide a high end, complete infrastructure install. The building was being renovated, so we installed 66 CAT5e points, one Avaya IPO phone system and two Dell PowerEdge servers providing virtualisation and redundancy. The complete package, all wrapped up in a RatwareUK custom server cabinet.

Network Installation

IT Relocation Case Study

Before I start, please understand that this is not a politically motivated post. I’m purely interested in the mechanics behind the Golden Shield Project or what’s known as the Great Firewall of China.

Since 2003, the Chinese government has imposed a mass censorship program on china’s internet activity; essentially cherry-picking and blocking communications in and out of the country.  Unfortunately, this series of firewalls stand between China and the rest of the Internet.

RatwareUK first met this problem some time ago, when one of our customers who deal with China were experiencing some serious and unexplained email lagging. On inspection, it’s reported that China uses various censorship methods, such as:

• Access to certain IP addresses denied. This causes issues, for example, where a blocked website resides on a virtual hosting server, all websites on that server are blocked. Quickly you’ve got a lot of blocked sites!
• DNS filtering and redirection (to prevent IP addresses from being found).
• URL filtering (to prevent access to websites with a specific domain name).
• Packet filtering (terminate packets with a specific keyword contained within).
• Connection blocking (if a previous TCP connection is blocked, future attempts from both sides are blocked for a period of time).

Chinese users can get around these issues, by using proxies, VPNs and other encryption methods. However, it does make the average user in China completely restricted to the authorities’ prescribed information.

You can see whether your website/domain name is outright blocked in China by using this handy tool – http://www.websitepulse.com/help/testtools.china-test.html . If it’s not blocked though, don’t be surprised if any communications with China are slow, as your data is filtered through some serious hardware!