Infrastructure Network Diagrams

Delineated are network diagrams which were designed to fit together precisely within our infrastructure. Most of the pictorial representations are self-explanatory. I tried to improve the quality of representations via e-Draw Max 6.1 and Visio 2013.  Being the Systems & Infrastructure Manager for the past years I have provisioned all possible redundancy solutions within our budgeted infrastructure right from production site to the disaster recovery site leveraging counterproductive threats and balancing risks.

Our Data Center is of Tier 4 world class methodology, designed to host mission critical servers and computer systems, with fully redundant subsystems (cooling, power, network links, storage etc) and compartmentalized security zones controlled by biometric access controls methods, CCTVs etc.  Components are fully fault-tolerant including uplinks, chillers, HVAC systems, everything is indeed dual-powered. DR Site is another integral part of our architecture.

Cluster of Business Applications

Cluster of Database Servers. Based on audit recommendations we had to move out few elements out of domain. Complete admin privilege was granted to non-IT selective staff. We are currently working with Microsoft for the Azure Cloud hosting for our website. Evaluation for which has been completed. appox. USD25k agreed for the services on Azure Cloud.

Under virtual infrastructure we have VMWare and Microsoft HyperV with almost 100 VMs hosted under it both production and development. Other Database servers and SAN dependency servers includes Citrix XenApps with OTP, MSExchange 2010, SharePoint 2010, Symantec Enterprise Vault, Microsoft GP, McAfee Anti-virus and Anti-spyware, Blackberry, In-house developed Apps and SharePoint 2010 Website.

Infrastructure Management Servers.

Most of the monitoring, alerting and auditing third party apps what we have are from ManageEngine viz. ManageEngine Service Desk, ManageEngine AD Audit Plus, ManageEngine AD Manager, ManageEngine Desktop Central, ManageEngine OpManager, NEXTThink Finder, McAfee Endpoint Encryption for laptops, RAIDar NAS Storage and Real-Time replication apps - DocAve from Avepoint.

Production Servers – BluePrint

Three-Tier SharePoint 2010 Architecture

Three-Tier SharePoint 2010 Architecture (workflow). SharePoint 2010 intranet services remains uninterrupted even if 4 servers listed above goes offline. SQL failover cluster takes care of switching over from passive mode to active mode. Application layer doesn't really matter even if that breaks down. We have indexing and crawling server and CA server at the middle tier. At web front end layer we have NLB enabled servers to distribute the load and redundancy.

SharePoint 2010 replication to the disaster recovery site is performed using a third-party tool from AvePoint titled DocAve. It works great.

Consolidated SQL Cluster Farm

- one of my objectives in the past was to consolidate the SQL environment so as to cut short the massive licensing cost (USD20k perpetual per SQL) of SQL Enterprise counts. I took this lead to achieve the target by migrating and upgrading the SQL mix environments from SQL 2005 32bit/64bit to SQL 2008R2 Ent. with Failover Cluster on Windows Server 2008 R2 Failover Cluster. 

Consolidated environment

Proposed architecture when we had MOSS 2007. We upgraded MOSS 2007 to SharePoint 2010. It was an in place upgrade.

Architecture Includes the following hardware and OS:

H/w used: 

Avaya VoIP Telephony Rack Switch

Citrix Access Gateway

HP BL460c G6

HP Blade System Enclosure C7000

HP DL360 G4p

HP DL360 G5

HP DL380 G4

HP DL380 G5

HP DL380 G7

HP DL380p Gen8

Quantum Scalari500 Tape Library

Tipping Point210E

HP 42U Rack

Avaya 42U Rack

OS: Microsoft Windows Server 2008 R2 Enterprise SP1 (32bit/ 64bit), Server 2003 Ent. R2

Symantec Backup eVault Error: Possible Causes

Error Code: V-79-57344-3844 - The media server was unable to connect to the Remote Agent on machine

Ref. Backup exec verison: Symantec Backup Exec 2010 R3 v13.0Rev.520464bit.

1. Check the version of beremote.exe (C:\Program Files\Symantec\Backup Exec\beremote.exe) on both backup exec server and on enterprise vault server (C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe).  If differs, must be the SAME version.

2.

Check if there is enough storage space on backup exec server

3. Make sure that the backup exec remote agent services are running on both SQL nodes.

4. DB Permissions needs to be checked. The backup service account needs to have db ownership rights on all the enterprise vault related databases.

Try considering redeployment of BE remote from symantec console to the destination server.

if for any reason the above deployment fails, consider manual re-installation of Symantec Backup exec remote agents:

(agent location)

32bit: C:\Program Files\Symantec\Backup Exec\Agents\RAWS32

64bit: C:\Program Files\Symantec\Backup Exec\Agents\RAWSX64

5. Enable troubleshooting: Click SGMon.exe (C:\Program Files\Symantec\Backup Exec\SGMon.exe) from backup exec server. Capture the following check lists:- JobEngine,RAWS; Backup exec server;Device and Media;Third Party debug output and then click start capturing debug output.

6. Run the backup schedule again. try to expand the enterprise vault backup selections again until the error pops up. 

You might get a tip to find out the error cause from the SGMon capture screen.

Windows Auditing to track user activity

Windows Auditing to track user activity

It is perhaps important to answer "who did it" without using a third party apps to point it. Windows has this feature where we need to proactively ensure that the setting are activated to produce the results.

Occasionally, someone deletes a particular important document or folder with a bunch of documents, resulting in a mission-critical data loss. Considering the described incident, few questions immediatelly arise:

§  At what date and time the incident took place?

§  Which backup should be used to restore the data?

§  Was that an accident or an intentional user action?

§  Or maybe that was some system failure that could happen again?

In Windows OSs, there is an Auditing subsystem built-in, that is capable of logging data about file and folder deletion, as well as user name and executable name that was used to perform an action. The Auditing is not enabled by default because any monitoring you use consumes some part of system resources.

Steps to enhance Auditing Objects

order to enable Auditing, log on to a computer that keeps shared folder structure with administrative permissions, click Start → Run and launch gpedit.msc MMC console. In a Computer Configuration node, open Windows Settings → Security Settings → Local Policies → Audit Policies folder:

Double-click Audit object access policy and select Success checkbox. Select Failure based on the org requirements. This policy enables file, folder and Windows Registry access attempts that were ended in a success.

Simply enabling policy option is not enough. It is also required to designate what folders exactly are to be watched. Usually, we require auditing shared documents and business application data folders (accounting, warehouse databases and so on) – i.e., resources accessible for editing by multiple users.

Since it's not possible to guess who has tampered with a data, we configure auditing for Everyone system group. Thus, information about any user having deleted a watched object is to be captured and stored to the event log. Open the required shared folder properties and switch to the Security tab. Click Advanced → Auditing and add Everyone to the list, then mark both Delete checkboxes:

It is highly possible that there will be too much events listed, so it is a good idea to configure the Security event log settings. To do this, click Start → Run and launch eventvwr.msc MMC console. Right-click the Security event log, select Properties and set the following options:

§  Maximum Log Size = 65536 KB (for workstations) or 262144 KB (for servers)

§  Overwrite events as needed.

Frankly, the log sizes recommended above are not calculated by any formula but are to be choosed depending on particular computer usage experience.

Finally, how do we find out the person (Windows 2003)?

When the situation comes to the question, log on to the required computer, click Start → Run and launch eventvwr.msc MMC console. Open Security event log for viewing. It is highly possible that not only the required events are logged. Right-click event log and select the View → Filter command. Consider the following events to be filtered:

§  Event Source:Security;

§  Category:         Object Access;

§  Event Types:      Success Audit;

§  Event ID:         560;

 

how do we find out the person (Windows 2008)?

When the situation comes to the question, log on to the required computer, click Start → Run and launch eventvwr.msc MMC console. Open Security event log for viewing. It is highly possible that not only the required events are logged. Right-click event log and select the Filter Current Log command. Consider the following events to be filtered:

§  Event Source:     Security;

§  Category:         Object Access;

§  Event Types:      Success Audit;

§  Event ID:         4663;

So user activities are very likely to be noticed in event logs because it generates tens and even hundreds successful Object Access records in a second. In fact, it's easy to recover the deleted stuff from previous day backup. We were always able to answer questions "Who did it?" and "When did it happen?" either using the above activity logs or via paid apps services ManageEngine –ADAudit Plus –(give a try if you have a budget for $1.3k annually).

Remote Server Administration Tools for Windows 8 and Pin to Start Admin Tools

Its an ease-to-use feature for the infra admins.. try this out.

 

Download "AD Remote Admin Tool - Windows6.1-KB958830-x64-RefreshPkg"  works for windows 7 64bit Edn. However , for Windows 8 you need to download "AD Remote Admin Tool - Windows6.2-KB2693643-x64" select the appropriate file for OS editions.

 

In windows 8 you need to download and install to activate AD remote administration.

 

 

Go to Control Panel>>Programs and Features>>Turn Windows Features on or off>>and select the required AD features.

 

to view Administrative Tools as Tiles on Windows 8 a quick procedure is to click windows key and let the Tiles be displayed first

 

select settings and then click Tiles. Now glide the 'Show Administrative Tool' button to include this feature (pin to desktop). This will show up all the administrative tools as tiles on your desktop. You can now decide which tile needs to be unpinned from the Start and customize the way you need your windows be friendly with you.

 

Kindergarten Graduation Day Debut Speech by Venus

Venus Rinith

DMIS kindergarten graduation day debut speech by Venus  - (Age: 5 ½ years)

    Rehearsal at home

Lil Masters

How to Change the Product Key in Windows 8

First hurdle after windows 7 to windows 8 in-place upgrade which I came across is the licensing factor. Fairly there are easy mechanisms to tackle this as well which I have mentioned below:  

Unfortunately, if you try and activate a PC using a generic volume license key (GVLK) through Microsoft's Activation Servers

Microsoft provides two fairly easy mechanisms to perform this task: one from the command line and the other from the GUI. Today we're going to tackle both methods.

Run the command prompt using elevated admin permission. With your valid Multiple Activation Key (MAK) at the ready, login to the Windows 8 PC using an account that has administrative privileges. Be sure the PC is connected to the Internet, otherwise the activation portion of this exercise is doomed to fail. However, even if you don't have Internet access you can still change the product key now and activate it later. But for now, it's time to get this show on the road.

First, move the cursor to the lower left hot corner and perform a right-click. Click Command Prompt (Admin) from the popup menu.

Click Yes if you're prompted by the UAC to Elevate.

At the command prompt type: slmgr.vbs -ipk {MAK Product Key gets entered here} then press Enter.

(An example of this command line is slmgr.vbs -ipk AAAAA-BBBBB-CCCCC-DDDDD-EEEEE )

Click OK when prompted that the product key was installed successfully.

If you enter an incorrect product key, a dialog box will pop up stating that the product key is invalid.

If you happen to stumble upon this invalid product key message don't fret. Double check that you have a valid MAK and then try the command line again.

Once you have a valid MAK in the system, it's time to activate. Type slmgr.vbs -ato and then press Enter. Click OK to acknowledge that Windows 8 has been activated.

Using the GUI to Change the Product Key in Windows 8

One method down! Now here's how to do the same process from the GUI.

First, move the cursor to the lower left hot corner, right click, and then click Run (alternately, press the Windows and R keys at the same time).

In the Run dialog box that appears, type slui.exe 3 then click OK. The Change Product Key GUI will open.

Enter the new MAK product key in the text box. If the product key is valid, you'll see a message below the text box that reads, "Your product key works! Continue when you're ready."

Press the Activate button.

The screen will change and display "Activating Windows".

After a few seconds (occasionally a bit longer), you should see a screen letting you know that everything went swimmingly. Click Close.

That's it -- you're finished! You now can quickly and easily change a Windows 8 PC from using a GLVK to a MAK.

Win 8 HOT STUFF..!

I started using windows 8 (beta version) since Sept. 2012. After reviewing the new OS, I would rate this as HOT STUFF and fantabulous on the placards. I have come across lot of them saying 'windows 8 is a crap'. But, in reality is not. The point is, one should actually know how to use it.  Improvised technology released with a new version is always the better than the previous is what I would say in general. "You have to adapt the technology, it's shortcuts and its transition methodology..!"