Erik’s Weblog

You may have seen an advertisement on TV for Vonage, or perhaps a telecomm integrator is pitching you a new VoIP PBX. Maybe you’ve got comcast “digital voice” or one of the equivalent business grade systems from incumbent carriers like AT&T, something like IP Flex or Business VoIP. Or perhaps you talk to your oversees friends for free using Skype, MSN or iChat. The fact is, VoIP is everywhere, but it remains confusing.

The good news is that it’s conceptually very simple. First, let’s break down the acronym. Voice over Internet Protocol. Now, that was easy! VoIP just means any technology used to transmit voice communications over the Internet. Unfortunately, from here on out it gets more complicated.

In order to understand VoIP, it’s also important to understand the “old way”, known as the Public Switched Telephone Network, or PSTN for short. This technology is based the same stuff invented by Alexander Graham Bell in 1876, although over time it has morphed, become digitized, and a very advanced system of switches put in place. The key characteristic of the PSTN is that it always allocates a “pair of wires”, digital or analog, between you and the person you are talking

You also need to understand a bit about the Internet. The Internet is a packet-switched network, with providers establishing peering points and routing via the BGP protocol. The interesting thing about being packet switched is that between any two hosts on the Internet there is a multitude of possible routes. Bear in mind that only one route will be in use at a time. The key point here is that you don’t have much control over which route will be used. In addition, all traffic between those two points is broken into individual packets, each of which might take a different path across the Internet.

So, put the two together and the issues become apparent. With analog telephony, you have a guaranteed path, and guaranteed performance. With VoIP, you have a dynamically allocated path based on breaking the transmission into tiny packets. This dynamically allocated path means variability, and quality voice communications require consistency.

There are lots of techniques to try to improve the consistency of Internet packet delivery, such as private networks, high compression codecs, Class of Service tags, Quality of Service, traffic shaping and many others. When implemented correctly CoS tagging and end-to-end QoS rules in conjunction with the wider signal bandwidth of a VoIP telephone can result in better than PSTN voice quality (typically measured using a Mean Opinion Score or MOS). However, since the Internet is not necessarily designed for voice transmission, VoIP signals are often not properly QoS’d and VoIP on the whole has gotten a band rap. This is why you’ll see Comcast offering “Digital Voice” and AT&T offering “BVoIP using CoS” and trying to convince you they aren’t selling that “crappy VoIP stuff”.

Don’t buy the BS, it’s all VoIP, it’s just more likely that they’re doing it right.

So. What’s in it for you? In short, everything and nothing. Practically, it means that voice calls around the world need not cost any more than across the office. In addition, since everything is handled digitally, you can easily route VoIP through a computer and get some benefits from communications convergence. Since VoIP runs over the internet, you can also move your “home phone” from one location to another with no hassles at all. You can even run a VoIP phone over Wifi (or on your iPod), making a cheap approximation of a cell phone without any contracts! Finally, VoIP falls outside the traditional regulatory domain of PSTN communications so you can save a few pennies in regulatory fees and tariff charges as well.

How do you know if it’s right for you? In short, you’ll need to try it out. Be aware that VoIP services that match the quality of PSTN services are likely to be price competitive. As usual, the “you get what you pay for” rule often applies, so beware of anything that seems too good to be true. The key to getting value from VoIP is to determine exactly what your needs are, try out the proposed system in production, and determine exactly how much money you’ll save. From a business standpoint, without a clear ROI case, VoIP is probably not something to get excited about. Luckily, that case is usually easy to make!

Stay tuned for the next article about VoIP at your local office instead of across the internet.

Useful References

• Added 2009-02-13: This post at VoIPSchool has a great breakdown of some of the types of VoIP services out there.

While I was browsing around the web, I found Craig Burton’s post about the state of blogging software. He’s right, 100%. If you’re trusting some free web service with the only copies of your blog content, you definitely run the risk of losing it all. See this true story if you need more convincing.

However, it really only gets worse. Lots of paid services make it very difficult to get a useful snapshot of your data out, as well. For instance, while NetSuite provides a “full data export”, it doesn’t include any custom fields or custom tables. Given some of your most important data is likely to be in your customizations, will you be able to get your business back up and running quickly if that’s the data you have? Granted, they do run out of an enterprise-grade data center and make backups, but what if they go out of business?

Google Docs, for instance, can’t be backed up without a bunch of sketchy thirdy party scripts such as this browser hack or this command line application.

All that said, the key here is risk analysis. Most folks don’t back up their home computers, so using a SAAS service that runs out of a datacenter (hopefully!) is probably better than leaving stuff sitting around on a single hard drive at home or the office.

Here’s some of the factors to consider:

• Does the provider offer an SLA or otherwise warrant their ability to provide your service. What compensation does it offer? Probably not a alot…
• Does the provider have on-site redundancy? It’s not inappropriate to check if they’re using RAID and what level it is.
• Does the provider make backups of your data? On what schedule? Are they stored off-site? What’s their recovery time objective for restoring that data in the event of a disaster?
• Can you make a backup of your data? Is that backup usable? If you can’t test the restore, you probably shouldn’t trust it. In some cases, the sheer size of this makes it impossible, but in most cases it shouldn’t be. A simple URL you can click to download a full copy of the entire system locally is worth a lot. The free password management site Clipperz does a great job of this.
• Is there an exit strategy to an alternative product? Data is great, but what you really want is to keep using your data, and to do that will require an application.

What other questions should you ask of a prospective SAAS cloud application? What other applications out there are doing a good job, or a bad job of providing an exit strategy?

Network Attached Storage, or NAS. You’ll see a lot of storage industry pros debating about what it really is, and why their flavor of NAS is better than their competitors. The term NAS comes from the fact that originally a NAS allowed “storage devices” which speak SCSI to be attached to a “network”, speaking ethernet.

But really then, what is it? Actually, it’s just a file server, the same thing you get when you right-click on a folder and select “share” on your windows system. However, a good NAS appliance will have some or all of the following:

• Multi-protocol capability -  CIFS, NFS, and iSCSI are all pretty basic anymore. However, if you need concurrent access to a filesystem from both NFS and CIFS look very closely at how the system mandles permissions and how it will effect you.
• Snapshot capability – This allows you to store point-in-time snapshots of your shares. Windows XP and Vista have shell integration for this and vista even has this capability built-in.
• Redundancy – A NAS will typically use some form of RAID to insulate you from data loss due to hard drive failure. Remember that hard drive failure is by no means the only way to lose data, however!

So why should you buy a NAS instead of just re-purposing that old machine gathering dust in the closet? Well, firstly, maybe you shouldn’t. There are several open source NAS appliances out there, and they work very well for many people. They are cheap, they work, and since they’re open source they’re documented and repairable by your local linux wizard.

However, you’ll still likely miss out on a few key differentiators:

• Performance and Scalability – Enterprise-grade NAS appliances are designed to serve thousands of clients concurrently without a hiccup. This means NetApp, Sun 7000, BlueArc, EMC Celerra and some others. Anything running windows storage server and/or having less than a full tray of disks probably won’t be anything to write home about. But don’t assume an expensive unit will meet all your expectations just because it’s expensive. Demand a real demo of the actual product you’re considering buying running your applications. Unless you’re buying a lot of them, good luck, but you might be able to negotiate a 30-day money back if nothing else by trying.
• Hardware Integration – Enterprise-grade NAS products will have tightly integrated software and hardware. They will know when a drive has failed and turn on a nice red light on that drives carrier. NetApp, at least, will even phone home and have another drive delivered to your door automatically if the unit is under contract.
• Reliability – Enterprise-grade NAS products are engineered to meet strict uptime guidelines. They boot fast, they are designed not to crash, and they have had thousands of hours of R&D and testing put into their data protection techniques. They are also designed to support fully redundant operation and their recovery methodology is well known.
• Support – Real NAS products are sold with support contracts. There is an aftermarket support industry, and a training and certification programs for folks who operate them. This makes it easier to keep them running and find folks to help do it.

In general, like in most things in life, you get what you pay for. The key is knowing if you need what you’ll get. Hopefully this overview has helped you to understand that a bit better. Comments welcome, of course.

Downloadable NAS Appliances:

• OpenFiler
• FreeNAS
• Nexenta

I’ve moved the this blog from work to my own site in preparation for decommissioning some systems. Hopefully everything will follow, as I’ve got a bunch of permanent redirects in place. If not, http://erik.labianca.org/blog is my new official location.

I know, it seems obvious… but when you’ve got one of those stupid print jobs stuck in the queue and they won’t go away… using the services manager to restart the print spooler apparently a pretty effective remedy in many cases. More later if I find out anything less lame.

So everybody knows by now that Oracle just jumped into the virtualization fray with their new Oracle VM product. If you’ve been under a rock, go to the oracle website to check it out. Given that I’m cheap and currently using VMWare’s free offering, I jumped at the chance to check out a supposedly ‘enterprise ready’ Xen implementation for free. The 1/3 the overhead claim is just gravy!

Anyway, as cool as Oracle Enterprise (Unbreakable?!) Linux may be, I’m running CentOS and am perfectly happy with it. Oracle VM wants a dedicated machine for the management station, which I can arrange for with a little tweaking. However, I build most of my machines up from ‘minimal’ installs. I read in the Oracle documentation that I would need libaio installed to make things go, which I did without any trouble.

However, I also needed to install the ‘bc’ package in order for the install script to work. I had to install the oracle XE .rpm by hand in order to figure this out. Note to Oracle. Get with the program and put a dependency on the ‘bc’ package! You’ll also need to install vixie-cron if you built up from minimum, as Oracle VM expects to be able to install a cron.d script.

In addition, it wasn’t entirely obvious from the documentation that’ll need a jdk installed. Well, you will. I’m using jdk-6u2-linux-i586.rpm, you can likely download it from java.sun.com.

Next, while the installer does tell you that the oc4jadmin default password is ‘oracle’, when I was asked for it I kept trying to use the passwords I’d already provided for all the other services. This didn’t work well, so bear in mind you’ll need to supply the ‘oracle’ default password at that state.

So, to recap:

yum install libaio vixie-cron bc
rpm -Uvh jdk-6u2-linux-i586.rpm
sh ./runInstaller.sh


Follow the prompts, remembering to supply 'oracle' as the oc4jadmin password.

Maybe this will save somebody the couple hours of messing around I wasted trying to get this to run! It does appear as if the install has completed, and I’m able to see the console, so look forward to an actual report soon.

I’ve been trying to find these blasted mounting clips for the stock intel socket lga775 heatsink/fan units for the better part of the last month.

If you’ve ever tried to install them, or even worse, remove the heatsink after a not-perfect installation, you’ll know why I need replacements. They break easily! Well, after spending a few hours looking at complete new replacement heatsink units and noting that half of them use these pins in the first place, I renewed my search and finally found a forum post link directly to the intel site where they sell them in packs of 4!

Voila, Kit Fasteners for LGA775 fan heatsinks (set of 4)

Now, if only their store would work … grrrrrr.

So I’ve been following the Scobleizer every now and again via Google Reader, and he just won’t stop going off about facebook. I signed up a while back, but without a community and not finding anybody on there I knew, I gave it up. However, he’s right. Facebook applications are pretty darn cool, and might even motivate me to finish tweaking my blog and actually publish on a regular basis. The google reader application is cool at least. So, there you have it. Now if I could just find 1/2 as many people I know on facebook as I have found on MySpace I’ll be pleased!

Prescript: I wrote this over a month ago and still haven’t found an authoring plugin I like so it still looks terrible. See my next post and give me ideas or just call me lazy, thanks!

Based on http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/

First, install windows 2003 R2 and install the identity management for unix option. Open control panel, select add remove programs, click add/remove windows components. It will grind a while and give you a list of possible services. You’ll need to expand ‘Active Directory Services’ and check the ‘Identify Management for Unix’ service. You will need to be in the schema admins group to do this.

In order to test, you’ll want go to the ‘Unix Attributes’ tab on a user and activate them as a unix user. You’ll need to pick a NIS domain (you’ll probably only have one if you haven’t done this before) and add a unix ID and home directory. Typically the default values will be fine to get you started.

Now, log into your unix machine. Make sure it can resolve the dns name of your active directory server(s).

Run authconfig.

Check [] Use LDAP
Check [] Use LDAP Authentication
Check [] Use Kerberos
Check [] Local authorization is sufficient

You can check [] Cache Information if you want. I wouldn’t until you know things work, as nscd can get out of sync with server and cause confusion.

Select [ Next ]

Enter your AD server dns name in the server. For example, adserver.corp.example.com
Enter your AD base DN in the Base DN field. For example, dc=corp,dc=example,dc=com

Select [ Next ]

Enter your local dns name, in ALL CAPS in the realm field. For example, corp.example.com.
Enter your server name:88 in the KDC field. For example adserver.corp.example.com:88
Enter your server name:749 in the admin server field. For example adserver.corp.example.com:749
Check [] Use DNS to resolve hosts to realms
Check [] Use DNS to locate KDCs for realms

Select [ Finish ]

Now a lot of things are set up, but of course we’re not quite done. We’ll need to add lines to /etc/ldap.conf in order to allow us to query ldap. Ideally, you’ll have created an account specifically for this purpose (Domain Users group seems to work). I use linux_auth but it truly doesn’t matter.

echo “binddn linux_auth@corp.example.com” >> /etc/ldap.conf
echo “bindpw secret” >> /etc/ldap.conf

you will also need to uncomment or add the RFC2307 AD mappings from the /etc/ldap.conf file. You can also just run this:

cat >> /etc/ldap.conf < <-ENDDOC
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
ENDDOC

Test your config exactly like Scott's directions say. Using your regular user account for the test should be fine. If you get the error kinit(5): KDC reply did not match expectations while getting initial credentials, it's because you didn't log in using the kerberos realm, which is in ALL CAPS! Scott's directions aren't real explicit about this and I spent a while figuring it out. Maybe you won't have to.

kinit user@CORP.EXAMPLE.COM

It will ask for your password and should just return blank if it was successful. You can then use klist to check and see if you got a TGT.

getent passwd user

You'll see something like this:

user:x:10000:10000:User:/home/user:/bin/sh

Now we're almost done. We just need to use samba to join the computer to the domain. you'll need the following in your smb.conf

  workgroup = CORP
  security = ads
  realm = corp.example.com
  use kerberos keytab = true
  password server = adserver.corp.example.com

Then you need to destroy any old kerberos tickets

kdestroy

Then authorize kerberos with a domain admin account to join active directory

kinit Administrator@CORP.EXAMPLE.COM

Then finally join the domain

net ads join

That will grind for a little while and you’ll be all set. You should get something like this:

[root@vpc-dev0 ~]# net ads join
Using short domain name — CORP
Joined ‘VPC-DEV0′ to realm ‘CORP.EXAMPLE.COM’

Finally, you’ll need to get everybody home directories. I always use autofs, something like this:

echo /home /etc/auto.home >> /etc/auto.master
echo *       -rw,bg,intr,hard,rsize=32768,wsize=32768,tcp,vers=3       nfsserver:/vol/work/users_unix/& >> /etc/auto.home
chkconfig autofs on
service autofs start

So now the final test… try to log in with ssh!

I always forget the settings that get solid results connecting to my CentOS/Fedora systems under Putty. Here’s the whole nine yards, maybe someone else will be able to use ‘em as well.

Get putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. I use the installer.

Get puttycyg from http://web.gccaz.edu/~medgar/puttycyg/. Unpack the .exe files over your putty folder. This will be c:\program files (x86)\Putty if you use the installer on x64 windows. You’ll want to replace the originals.

Drag pageant.exe into your startup folder.

Download bitstream vera from http://ftp.gnome.org/pub/GNOME/sources/ttf-bitstream-vera/1.10/

Unpack the zipfile somewhere. Select all the .ttf files, right click, select install.

Start putty (you did make a quicklaunch icon, right?)

* Under keyboard, select ‘Linux’ under ‘The function keys and keypad’
* Under window, set lines of scrollback to something nice, like 10000
* Under appearance, change the font to BitSteam Sans Vera Mono, any size you like. I use 9.
* Under behavior, check ‘full screen on alt-enter’
* Under translaction set character set to UTF-8
* Under colors, adjust ANSI Blue to something like 100,100,255 (it’s too dark to read by default
* Under connection, set seconds between keepalives to 600
* Under connection-data, set terminal-type string to ‘linux’
* Under SSH-Auth, check ‘Allow Agent Forwarding’

Finally… go back to session, click ‘Default Settings’, and ‘Save’.