Monday, September 20, 2010

Into the certification saddle again. Soothing cream at the ready...

Finally, I've made time and found energy to concentrate on updating my IT certification.  I'm in sore need of it - my MCSE is in NT4, My CCNA has been out of date for god only knows how long, and the Citrix was Metaframe XP2.  Ye-es, I'm out of date.  And what I have been conscious of is that the tech knowledge that I have on tap is not perhaps all it should be, and because of that I enjoyed my last job less.  (I'm currently "resting", by the way.  More on this later.)


So I'm hitting the books again.  I'm working towards updating my MCSE to 2003 level rather than 2008 (I've barely touched 2008 so far), figuring I can take the upgrade exam later if I really want to.  I also had a set of books for the core four exams, so that helped too.  I'm also using practice exams from www.transcenders.com, who have never failed me in the past.  In my experience, the transcenders are bloody hard - if you're passing all the practice exams well, the real thing is a relative cakewalk.

So that's the core of what I do dealt with.  How about the nice-to-haves?

Cisco stuff?  It's been good knowledge to have, and occasionally it's useful.  I wouldn't say I've ever used it regularly, and the 2003 networking side seems to have been expanded enough to include enough of the additional TCP/IP stuff I got out of taking it last time around.

I've done quite a bit of VMWare stuff in my last job, so thought that maybe the VCP program would be useful.  But you have to attend the course, or you can't even take the exam.  This boils my piss for several reasons.

VMWare say - Oh, you have to do the coursework tooIt's a pre-requisite, you know. 

I say - Balls. Absolute, unalloyed, bollocks. 

This is about money, pure and simple.  This is about nice cosy tie-ins with training providers, where employers with money to spare (and how many of them are there these days?) cheerfully hand over three thousand bucks so that one of their employees can spend five days having the manual read to them.

I've been managing VM farms for yonks, and left most of them in a better state than when I arrived.  There's not a lot they haven't chucked at me.  What am I going to learn in the four days that it takes the new boy in the corner whose organization might be going virtual next year to get up to speed?  (No offence to the new boy - I've been him before)

Who's to say too, that I don't learn best self-studying?  And haven't VMWare figured anything from Microsoft, Cisco's approach?  Have they not figured that one of the reasons organizations stick with Microsoft and Cisco is because it's easy to get support?   That having a good, accessible certification program that's not treated as just another cash cow is in fact, actually an insurance for tomorrow? 

Like this tomorrow, for example, where Microsoft and Citrix offer virtualization products too.  Hyper-V is covered in the MCITP certification, there's a separate CCA for XenServer. 

And unlike VMWare, and the father-and son sack race at Mr Burn's house, attendance is not mandatory.

I wonder what virtualization solution I'll be implementing next?

Tuesday, August 11, 2009

Adding a VMWare node, and my big one for the year...

So I got the go-ahead to add another VMWare node to our infrastructure. This makes sense in lots of ways - I've only got two nodes at the moment and they're oversubscribed really - I couldn't run all my VM's on one box if the other fell over. I've also got another reasonably powerful, new box sitting around from our stalled Email project, so my only cost right now is in licences.

So I went to the reseller, and said simply - I want to add a new node. I'll add right now, I'm no VMWare guru. I can do what I need to with ours, I've built a fair few virtual machines on both ESX and VmWare free - we have a touching aquiantance, let's say. Our existing infrastructure is ESX 3 nodes, Virtual Center / Server 2.

Which they don't sell anymore - we're onto ver 4 - VSphere. Which doesn't work quite as wholeheartedly as the reseller led me to believe. My own silly fault for not going religiously through the upgrade section on the VMWare website, which would have pointed this out to me. This is, of course, an omission on my part of which my boss is going to remain blissfully ignorant.

The next fly in the ointment is that our existing estate is out of support. So I went back to our reseller and got a quote to renew it (without which I can't upgrade our existing nodes to VSphere and restore harmony to the universe.) Then, I thought, I'll cover my arse properly this time. So I raised a support ticket with VMWare themselves to confirm that this support contract covered everything I needed. Not too difficult, but that was a month ago, and I'm still waiting for an answer.

Anyway, licensing fun and my biggie aside, the installation's been incredibly easy. I created another VM datastore on our HP SAN, pointed the new and both old nodes towards it. The new node's picked everything up, the older ones won't pick up the new storage until they're rebooted. So now I have three datastores on the same SAN. I know I could have added extents to my existing datastores, but given the expansion in our VMWare holding that's likely over the next couple of years, I don't see that as a problem. I've got two Citrix XenApp VM's purring away on my new VSphere node, I can import VM's from the other two if required - I just can't use VMotion or HA, and I'm having to administer it for now through the VSphere client.

Which is all well and dandy, but if that's what I wanted then I could have got Citrix XenServer for nothing. Come on, VMWare, get your arse in gear.

Yeah, do stuff...

The latest dictat from up high is that we, the IT department, are to start selling laptops to students. This is because that another institution, revered by our CEO, does so.

Well, not quite. They actually provide a room for their hardware supplier to knock out stuff to students. That's it. Us being small, provincial, and in a different county from their supplier, our CEO reasons we can do the same thing ourselves, being as they've probably pissed themselves laughing down the phone when he mentioned it. (Likely sales, I'd guess, might amount to ten laptops a year.)

Quite apart from it not saying - not once, I've checked - on my resume that I am, ever have been, or have any desire to be a shopkeeper - I have a few objections, here.

Firstly, we're an HP shop. And as anyone who's ever had the desire to dig through the HP website can find out, becoming an HP reseller ain't a piece of cake. It requires things of their partners like certified hardware techs, which in turn would require the institute to bother investing in its people. I can understand why they don't, because confronted with a continual stream of half-baked ideas like this one (to which our corporate culture is that it's not OK to raise obstacles, as they interfere with the deep, deep, blue-sky thinking going on upstairs), most of the IT staff, when confronted with the prospect of being actually certified would either:

a) apply for another job straightaway
b) refuse to take the course as they'd have to repay the money in two months when the job they've just applied for is due to start
c) go sick from shock

So being an HP reseller is probably out, then. But he's adamant that we've got to have it, so at some point we'll have to find a way of doing it. Selling ten laptops a year from someone else, jeopardizing our relationship with HP - one which saved us a third of the cost of replacing our network infrastructure with (lower-spec) Cisco gear eight months ago. And I don't even want to know what sort of a deal they gave us on the couple hundred new PC's we ordered at the same time.

I will bet, however, it was worth more than the profit margin on ten laptops. And I haven't even discussed the prospective joy I feel at students coming into my office to make a warranty claim on whatever half-assed arrangement we ultimately inherit. I could go on and say something else, but you get the picture.

Monday, August 10, 2009

It's been a while...

A long time since I posted last. It's been a long time too, since I last built a Citrix farm, but even though the name's changed and we're three versions on from the last time I built one, the good bits about the install are still good and the bad bits are still crap. Although I think we can add the main GUI for the install list to the bad pile: it looks like Mr Citrix's three year old got hold of the crayons.

One of the other niggles I've always had with Citrix has been building the new farm directly onto SQL during the install process, and I can report that hasn't changed. It doesn't seem to matter how careful I am setting up and testing ODBC connections, even whether or not I set the ODBC connection up using the SA account (not recommended, just out of experimental curiosity to see if it was a rights issue) - I'll always get an error.

And when you get that error, you'll get it again if you try and confirm the farm membership using CHFARM, at least if you go straight from a failed SQL install to another attempted SQL install. The solution here's to run CHFARM, set up a local Access based farm, then run the CHFARM operation again, having first taken care to flatten your SQL database. I don't know why it should be that way - it just always has been...

Wednesday, March 4, 2009

Will the madness stop?

I haven't blogged for a while, mostly because it's just been utter chaos here : all the fun associated with the start of a new academic year and some fairly major moves and changes. I'm still having fun with my accounting application via citrix, and I'm now just about ready to give up on it and install a VPN solution instead for the affected users, rather than carrying on with NFuse. This of course, means more digging around the uncharted depths of our ancient PIX firewall, where hundreds of obsolete, uncommented entries do their level best to confuse me into tears every time I look at it.

I've started looking seriously now at the problems, threats and opportunities that implementing Exchange 2007 is going to pose, and I'm quietly confident. It looks like there's some good bolt-on functionality with Outlook Anywhere and Sharepoint, and that could - I repeat could - let me get the goal of some kind of Portal off the ground without as much pain as I was thinking it might be.

Our mail scanning server then, has chosen something of an inopportune time to start pissing me off. We're running a standalone server in the DMZ which runs IMSS 7, and today it's decided it doesn't want to do anything much unless I restart the IMSS SMTP service every five minutes and bugger around with hold queues. I'll bounce it again tonight, and hope the fairies fix it, because I haven't got a clue.

Monday, February 9, 2009

Weirdness solved; A dumb request.

Solved the networking weirdness that had befallen some of our servers since upgrading our networking infrastructure. We'd implemented HP's LACP solution,understanding that it would work with the HP server NIC teaming thing to give us a really high-speed, fully teamed solution. Apparently not, for some reason. The 802.whatever that the NICs would have been picking up automatically - the team type being set to auto - just doesn't seem to work reliably.

So I broke the teams on the problem boxes, then set the trunk type on the switch to "trunk" instead of LACP - you can trunk two different ports on two different cards within the chassis, giving you redundancy - then recreated the teams to NLB with Fault Tolerance, then unchecked the TCP onloading box, which seems, from reading around, to be giving loads of people shit. It's apparently corrected in the latest NIC drivers, but just to be sure, you know. Problem gone, performance not quite as good, theoretically, but there's so many other throttles right now I can't tell. So that's good.

What's not good, however, is a reputable database provider asking us to add an entire class B network to our firewall ACL, then another class C network. That's right. Dear gullible fool, please open 65000+ addresses to your ACL list. The reply was neccesarily short and to the point, as you'd expect...

Wednesday, February 4, 2009

Fun and games, Google and Novell's different Wednesdays.

Trying to sort the routing this morning for the new exchange server, with the help of our friendly local firewall guy. I've never learned any PIX, and on the evidence of this morning I think I probably got the good end of the deal there. It's a bit of fun, eh? Anyway, the upshot is it's sorted now, and I've learned a valuable lesson: When you make a change to your firewall - TAKE OUT THE REDUNDANT ENTRIES. This will then save the time and sanity of your replacement as he tries to reverse engineer the inner machinations of your DMZ (tell me you have one of those) via IP addresses which may or may not either be: a) still be in use b) assigned to a different machine or best of all and my personal favourite; c) assigned to a machine of the same name which has since been rebuilt and now has a completely different function. And you can add comments on PIX entries too, so take a second and put 'em in. The lifespan of networking equipment is considerably longer than the tenure of the average IT worker, so I'm sure karma will come into this somewhere down the track.

Google, I see, are writing off $768 million, due to the decline, fall, and plummet from space of AOL. They want out completely, and I think the only thing they can be blamed for there is taking too long to bite the bullet. The sooner the excresence that was America Online gets wiped from the face of the earth, the better.

Novell would probably like to be able to afford to write off something else other than another tranche of workers, but they can't. Be nice if the job losses could stop now, please.