Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Dec 4, 2000 (Vol. 5, #56 - Issue #231)
Downtime at Sunbelt
This issue of W2Knews contains:
- EDITORS CORNER
- Downtime for Sunbelt - rare but true
- TECH BRIEFING
- GUEST COLUMN: The Three Event Log Management Categories
- NT/2000 RELATED NEWS
- What is NASDAQ's influence on Microsoft?
- Office 2000 Service Pack 2 released
- Do I need the new Intel Pentium 4 for NT/W2K?
- NT/2000 THIRD PARTY NEWS
- ZD-Benchmarks Show AutoPilot For W2K Shines
- Save Your Weekend - Here's how
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
HAVE YOU LOST CONTROL OF YOUR NETWORK?
Cyberslackers spend hours, consuming large amounts of network
bandwidth window-shopping & making purchases. This holiday season
analysts predict a GLOBAL BIG BANG in online shopping - 60% more
than last season. Don't be caught UNAWARE! Easily Monitor, Block,
Report & Manage employee Internet use. Take control! Download
SurfControl's FREE 30-day trial TODAY, complete w/ tech support:
Visit SurfControl for more information.
Downtime for Sunbelt - rare but true
Well, yesterday was the rare occasion where we had 4 hours of
downtime of our site in the middle of the day, OUCH! How did that
happen? Our local ISP is normally very reliable and has multiple
feeds from different backbones, but yesterday one major single
point of failure was exposed: their big CISCO 7500 router.
The device lost *all* its configurations and so the routing tables
were not accessible. In short, the device took a long, deep dive and
lemminged. Anyone asking for www.sunbelt-software.com or any of the
ISP's other customers (hundreds) could not get through. Yikes. Now
you might ask, "Well don't you have some other machines at another
location for redundancy?"
Yes we do. We have a second, completely independent server that
sits hosted in a protected co-location site in Texas, far removed
from an eventual complete hurricane wipeout of our Clearwater, FL
site. Both sites are identical with all the website data coming
out of SQL 7, a Cold Fusion driven interface and replicated with
Double-Take between the two sites to guarantee everything is always
updated and available.
So, how come the downtime? We first thought that it would take
the ISP just a few minutes to get back up. When that was more than
an hour we grabbed the car and drove over there to figure out what
the heck was happening. It?s only a 5 minute drive. After about
20 minutes we knew it might take a while before they would be
So at that point we decided to route everyone to our Texas site by
entering a new DNS record that would point to the TX site instead
of Clearwater. But how? No internet access from the office! So we
drove over to my home office with Cable modem and entered the Texas
site with Terminal Server and changed the DNS settings. However, the
Time To Live was an hour, so it took a while to propagate. All in
all, it took 4 hours to get back into the air. The lesson we learned?
Double-Take did its replication work admirably, but Sunbelt as a
website was were not set up correctly for the event that our
www.sunbelt-software did not resolve. So, what we will do is get
a DNS server in-house and set things up so that we have DNS round-
robin with Texas. Not a lot of work really but our ISP has not
gone down for 5 years so we had become lazy. [grin]. Next issue
I'll talk about a case study where Egghead.com uses Double-Take
and Radware for the high-availability of much bigger website. And
we'll have a white paper that shows how that works.
We learned we were still vulnerable when our ISP got wiped out,
despite the fact we had two geographically separate and replicated
sites. This weekend we are changing 60 NT workstations to W2K, with
latest version of O2K SP2, and when we're done with that, we'll
get that DNS server installed!!
(email me with feedback: [email protected])
The recent hacks on Microsoft's internal network are a reminder
that security breaches can happen to anyone. But there are steps
you can take, like subscribing to the new Security Administrator
newsletter from the editors at Windows 2000 Magazine. Protect your
systems and subscribe today!
Visit Win2000Mag for more information.
GUEST COLUMN: The Three Event Log Management Categories
Event log management may well be one of the most overlooked areas of
network management by system administrators. While event logs in W2K/
NT contain a wealth of information pertaining to network security,
health of system hardware, and status of software apps, many admins
find it too tedious to develop a strategy for harnessing this data.
Some of the biggest challenges they face in their attempts at
utilizing event log information are as follows:
- Decentralization of event log entries (each NT/2000 server and
workstation maintains its own set of logs) makes multi-computer
- Manual collection of event log entries on a scheduled basis
takes too many human hours to implement.
- Event logs fill up rapidly (especially when full-auditing has
been enabled), either resulting in lost records or additional
administrative overhead (see number 2)
- Little or no reference information on common auditing categories
makes it difficult to filter security logs.
- No intrinsic reporting tools are available for presenting
event log information to management.
- No intrinsic mechanisms exist to monitor event log activity
in real time.
Fortunately, there are variety of third-party solutions available
that can help you streamline your event log management strategies.
Most of these tools focus on one or more of the following three
categories. Let's explore each category in more depth.
- Event Log Archiving Tools
Archiving tools establish schedules for automatically collecting
and storing event log entries. These tools may place event log
records in ODBC databases (such as Microsoft Access or SQL Server),
or store them as a collection of EVT or text files.
When stored independently as files, administrators can open up
individual archived logs if they need to investigate activity that
happened weeks or months in the past. Some law enforcement agencies
prefer obtaining security evidence in EVT format only, since they
consider this format to be less susceptible to tampering.
Additionally, some tools in this category can consolidate multiple
computer logs into central databases, setting up an arena for cross-
network, multi-computer analysis.
- Event Log Reporting/Analysis Tools
Reporting and analysis tools assist the administrator in spotting
trends or isolating certain types of activity (often security related) on their network. Most tools in this category contain built in, or "canned" mechanisms for generating reports as a benefit to the network administrator. Reports can be detailed (e.g. showing every related event that occurred in a log source), or comprehensive for broader trend analysis. In sum, these tools know what to look for inside event logs and subsequently save the system admin time.
- Event Log Monitoring Tools
Monitoring tools typically deploy "agents" to watch over selected
event logs within a network, and are capable of generating notifica-
tions when certain predefined criteria are met. Common notification
forms are SMTP email, TAPI/pager notification, NT/2000 popup alerts,
and console messages. Often, event log monitoring tools are popular
with larger organizations that need instant, real-time alerts to
activity occurring on the network.
Not all Microsoft Windows NT/2000 networks are the same, especially
when it comes to size and budget. However, it's important to implement an event log management strategy utilizing tools from one or more of the above categories, based on the needs of your network. Such a comprehensive strategy helps to strengthen the security and bolster the health of your network, and allows you to be a more proactive, as opposed to reactive, sys admin.
Here are two links to useful event log management tools. Some of these combine elements of all three categories above, and others are stand-alone modules that focus on just one function.
(This article was written especially for W2Knews by Andy Milford,
CEO of Dorian Software Creations).
NT/2000 RELATED NEWS
What is NASDAQ's influence on Microsoft?
The market is now at about 50% of its peak on March 10, 2000.
Back in those times we lived in the times of the 'Internet Bubble'
and 'irrational exuberance'. But Alan Greenspan regularly hiked the
interest rates and, (though I'm not suggesting a causal relationship)
in April this year, the bubble burst and the current meltdown started.
Next thing you know, a bunch of so called 'pre-announcements' came
through from the tech sector. It means a company warns they will not
make the numbers that Wall Street expects them to make. To make
matters worse, last week Gateway said that their Thanksgiving weekend
sales stank and were 30% below last year's. Their Q4 will see a loss.
That sent even more shock waves through the market. The U.S. election
mess is not helping either.
So, how is Microsoft fairing through all this? Pretty well actually.
Sure, in the last week their stock dove with all the others but
is still around $55. This is unlike some of the dotcom flameouts
that lost 80 to 90% of their stock value in the last 6 months.
Gateway blames overall world conditions instead of problems that
are specific to itself. But Compaq and Dell denied that their
sales were as bad as Gateway's. It may well be that PC's have
reached a saturation level especially in the USA with 53% of the
households owning a PC now. Handhelds are the new growth market.
Keep in mind, this is all in the consumer markets. The commercial
markets are not affected as much, but PaineWebber worried that it
could spill into commercial. That means good news for us, as you
will see prices drop for hardware in Q1 due to high inventory
levels. Very soon it will be the time to get those new servers you
needed. You can start planning now. And since 70% of the new servers
in 2001 will get W2K preinstalled on them, I suggest you choose that
Office 2000 Service Pack 2 released
Last Tuesday, MS released SP2 for O2K. It was waited for impatiently, as SP1 did not have such a good reputation. SP2 has around 200 patches for security and bug fixes, and is only a small 9MB download.
If you get the System Admin version it's 30MB. An important note is
that you can ONLY install it on top of SP1 (they call it 'Service
Release' instead of Service Pack for inexplicable reasons). I tried
it just for fun, and SP2 refuses to install when you do not have
SR1 installed first. Make sure that you test it first, as there IS
NO UNINSTALL with this SP2.
There are quite a few fixes that are relatively insignificant like
spelling errors. But a few of the bigger ones are performance issues
and memory leaks. Outlook has the most fixes (and needed it). More
details of O2K SP2 and the downloads, are at:
Here is the list with bugfixes:
Do I need the new Intel Pentium 4 for NT/W2K?
Well, I can be really short about that question. No, unless you are
deeply involved in either graphics or multimedia. The typical cube-
dweller like us will not see any significant benefits from this chip.
And frankly, this is exactly what Intel has been telling everyone
all along but that message might not have been heard.
The P4 was released a few weeks ago and was redesigned to speed the
delivery and creation of multimedia, better graphics, voice and video
performance. The new P4 gets you faster rendering of multimedia stuff
by anticipating what chunks of data will be needed next, think large
graphics files or streaming video. It did not get much smarter though
when you look at the Operating System or Office 2K.
Intel now has two P4 flavors: 1.4 and 1.5 GHz. Reports have come out
that they are running office apps at about 10% faster than the older
P3 1Ghz silicon so I see no burning need for you to upgrade. The new
buzzwords Intel is using for the P4 wizardry are 'Hyper Pipelined
Technology'(HPT) and 'Advanced Dynamic Execution'(ADE) which
respectively allow the P4 chip to handle more processes at the same
time, and juggle more data simultaneously.
The upshot? A CPU that has better multitasking features and some
built-in intelligence that tries to see what you will do next. I'm
waiting for the next buzzword for the P5: ESP [grin]. For the moment,
I'm going to play with my new Dell Dual 933 that arrived this week.
Tell you more about this puppy next week!
THIRD PARTY NEWS
ZD-Benchmarks Show AutoPilot For W2K Shines
When the new AutoPilot for Windows 2000 was released a month after
thorough field testing, we had not really taken the time to find
out HOW MUCH it would speed up the systems. So, we took a few brand
new Dell boxes we already had sitting in a stack for the W2K upgrade
this weekend. We took a single CPU 933 and a Dual CPU 933 and let
the Ziff-Davis WinBench 99 loose on them with very good results.
(PS, these benches are great: http://www.winbench.com)
As you know perhaps, AutoPilot has a series of different modules
that you can turn on and off for further tuning. What we first did
was run the Bench just as is, without AP. Then we ran it with *all*
AP modules turned on, and next with each module just by itself. Next
we looked at the results of each module and took the three that
showed the best results and turned those ON and the rest OFF. Keep
in mind that each WinBench tests different kinds of things so we
tuned AutoPilot to get the best results. We found that we got the
highest numbers with the following three AutoPilot modules turned
ON: "Pentium Pro, Priority, and Working Set" on a brand new Dell
933 with W2K Pro Build 2195 factory installed.
Well, the results were very encouraging to say the least. AP never
caused any numbers to really go down, and in a few cases it made a
tremendous postivive difference. Here are some WinBench 99 numbers
that show a significant increase in the disk speeds (which are the
slowest component of each computer obviously)
NO AP WITH AP
Business Disk WinMark 99 (1000 Bytes/Sec) 3230 3960
Disk Playback/HE:AVS/Express 3.4 (1000 Bytes/Sec) 4610 12,000
Disk Playback/HE:FrontPage 98 (1000 Bytes/Sec) 11,400 28,100
Disk Playback/HE:MicroStation SE (1000 Bytes/Sec) 7930 14,900
WinBench 99/Disk Playback/HE:Overall 5820 11,700
Similar apps like Premiere and SoundForge also saw increases of
50 to 100% in disk playback. We like these numbers as you will
understand. Need an application accelerator for Windows 2000?
Save Your Weekend - Here's how
Four o?clock on Friday, HR has just hired 20 new people and the
paperwork just hit your desk! You need to setup all 20 Windows
NT/2000 accounts, Exchange mailboxes, home directories and home
shares, Terminal Server profiles and a myriad of group and Exchange
distribution list assignments by 8:00 AM Monday. There goes your
What if you could create everything these 20 new employees needed,
while enforcing user and group naming conventions and password
security in less than seven (7) minutes and still be able to leave
work early to beat the commuter rush home?
With Trusted Enterprise Manager (TEM) from MDD Inc. you could do
that... or even one better. Why not delegate the creation of new
users accounts to HR, Office Administrators, or even the Helpdesk
to Trusted Managers?
- Trusted Managers do not need the years of technical training
and certifications that you have.
- Trusted Managers did not need an understanding of how the
network is structured and how all the pieces fit together.
- Trusted Managers did not have to be relied on to follow the
carefully defined conventions you have created to keep order
and manageability on your network.
- Trusted Managers can be delegated specific and granular admin
permissions necessary to create new user accounts, but also
denied any other admin permissions on the network.
- Trusted Managers can be forced to follow the naming conventions
for users, groups and distribution lists.
- Trusted Managers user templates guarantee that each user is
assigned to the proper groups, Exchange distribution lists,
and receives the proper home directory permissions?
- Trusted Manager created users are automatically pointed to
standard login scripts.
- Trusted Managers entire user creation process consists of
simply selecting template user accounts based on department
and typing the user?s full name.
I know it sounds too easy and you are afraid they will still find
a way to mess it up. Not to worry, after Trusted Managers have
created new users, you are able to run comprehensive reports on
their actions and the new accounts to confirm that everything
was created correctly.
Sound too good to be true? All this and more is available with
Trusted Enterprise Manager. TEM 3.1 allows you to take any of
your existing Windows NT/2000 Groups and link them to Exchange
Distribution List, so they can be managed simultaneously. Copying
an existing user and the associated group membership to a new user
will automatically add the new user to the corresponding Exchange
Distribution Lists. Membership changes will automatically be
reflected in both directories.
All of this can be accomplished in a matter of seconds. TEM 3.1
enhances this benefit by allowing delegation of this feature to
trusted non-domain administrators. Coupled with user share
creation and naming convention enforcement, TEM 3.1 can transform
a laborious task into a couple of mouse clicks.
TEM 3.1 has had an impressive positive impact with thousands of
NT/2000 Enterprise Administrators, who use it everyday to automate
tasks, delegate administration, strengthen security, centralize
auditing and generate real-time reports. See for yourself and
download the latest TEM 30-day eval version. Fast install & Powerful
features. We have a System Engineer ready for your phone walkthrough.
This Week's Links We Like. Tips, Hints And Fun Stuff
Northern Light Technology has a good page about virus protection:
Here is a site that combines almost all Tech E-zines and the option
to subscribe to them:
The internet mapped, and also in 3D. Pretty cool stuff actually!
A good CISCO white paper about building secure networks from the ground up:
PRODUCT OF THE WEEK
This time we have pretty much ALL the books you need to get W2K
certified, and all discounted big time. Have a look and get what
you need for your next exam over at the Sunbelt BookClub!