Recently I had the opportunity to attend a Microsoft TechNet event (themed “Heroes Happen Here”…catchy!).  Being in the Infrastructure IT Pro track, the focus of our presentation was on Windows Server 2008 and all the great new enhancements Microsoft has brought to the table with this release.  Now, given some of the predicaments Microsoft’s buggy software has put me in in the past, I’m mainly a Linux guy.  But this release looked good…REALLY good.  The number of enhancements to Terminal Services (Goodbye Citrix), the settings you can push out by group policy, the logging capabilities, and the cherry on top Hyper-V make this look like a really strong release!

If you haven’t seen any of the new features Server 2008 brings, here are some of my favorites:

• Server 2008 Core-Now you can install the server with no GUI, no .NET, no IIS…Just a command prompt out of the box.  From there you can use a very intuitive command line interface or the graphical remote management tools from your desktop to administer the server.  The performance enhancements from chunking the GUI alone are HUGE!
• Remote Administration-Microsoft has followed Linux/BSD and put a protocol in place for a remote command shell from a server.  This one has me a little nervous because it seems like something that could be compromised and used maliciously, but if Microsoft can get the security on it right it will be a big improvement.
• Terminal Services-Admittedly, Microsoft has stolen a lot from Citrix here.  Terminal server now includes seamless application windows, so the user doesn’t have the effect of a Terminal Server (the application starts from an icon on their desktop and even though it runs on the terminal server appears to the user as though it’s running locally).  Also, they’ve incorporated a web gateway for TS users to access their applications from.

So seeing all this (not to mention the fact they sent us home with a big binder of software including server 2008, SQL 2008 and Windows Vista Ultimate), I decided to drink the Kool-Aid and upgrade my home server to play around with some of the new features.  I figured it would be a good test and fairly safe as I mainly use it to host my personal email on Exchange 2003 and share files with friends over FTP.  As you might guess, this is where the shoe begins to drop…

The upgrade itself was fairly easy.  I had to do the usual adprep /forestprep and adprep /domainprep to load the new schema extensions for Active Directory, and remove FrontPage Extensions from IIS.  No big surprises there and the installer was actually quite helpful in telling me what was wrong and how to remediate the problem each step of the way.  I fed it my product key and off it went.  Truthfully I didn’t even watch the upgrade process, just let it run on its own and came back the next morning to find my nice shiny install of Server 2008 waiting for me to log in.

So I log in, get the desktop, and figure that everything is good to go.  After all, I haven’t gotten any cryptic Microsoft error dialogs yet right? So I took a minute before work to check a few things.  The Active Directory was there and in place, I could connect via FTP, everything seemed all right.  I did notice the Exchange System Manager MMC wouldn’t load, but figured it was a common issue and something that would be easy to correct.  I went off to work feeling good about the project.

I came home from work later that day to sit down and check my email.  My Outlook client refused to connect to the Exchange server.  Hmmm…I remote in to discover that all of the Exchange services were stopped.  no big deal right? Exchange is finicky and those services trip up sometimes.  I try to fire up the information store service and it bombs immediately failing to start.  The other services were all the same.  So I start poking around on the Internet and find people saying Exchange 2k3 won’t run on Server 2008.  Not a big deal…I figured I have an MSDN account and a 64 bit processor in my server, I’ll just rebuild using Exchange 2007! Wrong again.  Exchange 2007 won’t upgrade on Server 2008 either…A detail they conveniently forgot to mention in their presentation hyping how great this OS is.

So now my server is happily running FreeBSD, Postfix, and Spamassassin…And life is good again.

So today I want to gripe a little about Cisco, the company sysmins everywhere love to hate.     I guess it was easy for them during the Internet boom; They could build networking hardware that was difficult to configure and manage because they were the only game in town.   I’m sure this was great when the Internet mostly consisted of Gopher connected to university libraries and about a dozen dinosaur pictures on the web.  People didn’t mind waiting 3 days for their connections while the engineers got approval to pay Cisco’s huge phone support fees to figure out why their interface wouldn’t come up or trying to sort whether the problem was with the telco, the hardware, the engineer, the janitor, or Monica Lewinsky. 

Fast forward to today.  I went to install an 1801 router bridged to a DSL connection.  Pretty easy day 1 stuff right? Not anymore.   I start configuring the device, logging in with the default username and password of cisco and cisco, and figure “hey, I’ll change it later after I get the connection up”.  I walk away to take a lunch break after doing about 20 minutes of good solid programming, returning to find that you can use the cisco ID ONCE.  If your session times out and you didnt’ change it, time to go back to defaults.  Thank goodness I hadn’t written my changes to flash yet, or I would have gone through the long, arduous ROMMON defaulting process, costing my customer more time and money.  a quick reboot to the router and I was ready to start over.

This time I changed the user ID and password having learned from my previous mistake.  I assigned my public static IP and my default route to the appropriate FastEthernet interface and was ready to start configuring my internal connectivity.  I try to assign an IP to one of the 8 other interfaces on the unit, only to be greeted by an error stating this was a Layer 2 port and couldn’t be assigned an IP.   Of course! Why would I want a router that could be attached to TWO networks at once? Isn’t the basic definition of a router to route traffic between TWO or more networks? A quick trip to Experts Exchange revealed you have to take a port and place it in a separate VLAN, assign that VLAN an IP, and change the access mode of the port.  I’m sure this is all in the name of security, to prevent traffic from the outside hitting your other internal hosts attached to the router, but to me this seems like trying to cram features that should be performed on the firewall into the router.  Cisco makes firewalls…Good ones too…why would they want to discourage people from buying them???

So after that snafu, I finished my setup and tested my configuration.  Worked like a charm on the first try.  I decided to ahead and enable telnet access so I could pop back into the router from the internal network later and finish a few things (Yes I know I should be using SSH but I need  a quick and dirty solution that I can hit from any workstation).  I did the usual line vty 0 4 config and added a login statement.  Swing and a miss! Seems now Cisco adds an access list by default preventing telnet traffic from hitting the router. 

The point of all this…Cisco owes me one for putting up with this crap.  Yes I applaud them for trying to make their products more secure, but security is an all or nothing game.  If they’re so worried about security they are making things take twice as long to set up, why not use a more regular patching cycle to plug gaping security holes faster? I encourage everyone to check out this article.  Notice the HUGE gap between patch releases.  Can you imagine the chaos this is going to cause when admins try to apply 6 months worth of fixes to their hardware at once? It’s more incentive to NOT do it (Are you listening Oracle???).

In addition Cisco owes me $375 for failing the CCNA 3 times.  In what real world scenario could you possibly be expected to program routers at 4 sites with automatic routing updates in under 7 minutes? Despite the fact that I have designed complex voice routing, connectivity, and failover solutions using cisco hardware, I can’t call myself a qualified technician because I can’t meet the purely ridiculuous requirements of their exam.  If it was just me I could buy that I’m just a crappy test taker (despite having passed all my MCSE exams, Security+, Linux+, and CEH tests on the first try), but EVERYONE has problems with this test, including guys who are a lot smarter than me. 

So in conclusion, these are my arguments that Cisco owes the IT community as a whole better products.  The next time a vendor comes peddling cisco, take a look at some of the other options on the market before taking the plunge.

To answer the first question, I was inspired by a friend of mine who started his own blog (shameless plug for him: www.digitalbush.com). He seems to use it as a creative outlet for whining about his job and throwing ideas on writing code out for the world’s scrutiny, and I thought it was a pretty sweet idea. While I’m not a coder by trade, I am a voice and data engineer for an IT consulting company, and I think we share many of the same frustrations.

As for the name, I adapted it from a speech a client gave me once. On one of my first trips to their office, I had set up a PC and user profile in a slightly different manner than the others machines were. Quite proud of myself, I expected to get some praise for making things easier for the users, streamling their processes, and so forth. Instead, I got a 30 minute lecture on how the users there are (you guessed it) robots and monkeys, who unless they see the same output every time at every workstation have no idea what to do. The speech struck me as quite humorous and a reflection on the IT industry as a whole. As IT professionals, we fear change, but we know it’s unavoidable. How many of us have appliances on our network with firmware 2-3 years out of date, just because, despite fixing several security vulnerabilities and bugs in the product, we’re afraid the upgrade is going to mess up that one feature the CEO uses? Or even worse, we leave servers unpatched and vulnerable because we’re afraid of causing downtime? I think it’s a sad statement when Microsoft releases Windows Server 2008 and publicly admits they don’t expect anyone to migrate to it anytime soon, despite the great new feature sets it brings to the table. All this is a long, roundabout way of imploring my fellow IT professionals to control the technology, not let the technology control you. In the end, you’ll be glad you did when your networks are stable, secure, and feature rich.

Future posts will contain more specific ranting and musing about Microsoft, Cisco, Linux, Dell, wireless, and pretty much anything else I can think of. Stay tuned.