Sunday, April 23, 2006

Invensys Introduces World’s First 'Enterprise Control System'

Source:Yahoo News

Mon Apr 17, 8:00 AM ET

(PRWEB) - Foxboro, MA (PRWEB) April 17, 2006 -- Invensys today introduced the world’s first industrial system that goes beyond the plant or other industrial operations to provide a true enterprise view. The new InFusionTM enterprise control system combines industry-leading capabilities from across Invensys with advanced enterprise information and integration technologies from both Microsoft and SAP to dramatically reduce integration costs. With InFusion technology, most existing plant floor and enterprise systems can now be cost-effectively integrated into a common system. In conjunction with a suite of new performance services, Invensys’ InFusion system will help industrial enterprises more effectively align plant operations and maintenance departments with the business to optimize overall asset performance management.

Wednesday, April 19, 2006

VERCLSID.EXE

A recent Microsoft security update is causing problems on desktops. The desktops seem to freeze or hang when users click on My Recent Documents or My Computer or just using Explorer. The olny way to stop the process is to end the task using task mananger. There may even be multiple instances of the program running.

The verclsid.exe is a binary that was added to the system32 folder. It's supposed to check the DCOM class id of the executed or initiated program. This has a known problem. A work around that I used this morning was to rename the file:

  • Start a command prompt
  • go to the system32 directory
  • type in ren verclsid.exe verclsid.old
The new binary doesn't prevent remote access to the system so using online remote desktop control software over the web to connect to the affected system should in most cases still be a viable method to get access to the system to fix.

The microsoft security update is MS06-015 (908531). More information on the verclsid.exe can be found at Microsoft's site.

Friday, April 14, 2006

Paradyne 3160 Channelized Voice and Data

Paradyne 3160 setup in a channelized voice and data point-to-point configuration.

My company had had a telephone installation job. This was pretty much an ordinary install. The company that was having the phone system installed was a long time customer who had purchased two systems from us. The one system that was installed in their old building was done so about 10 to 15 years ago. The other, in their new warehouse and office location, was installed about 3 to 4 years. It was time to replace the old system.
The phone techs that were on site were pretty good so when I got the call at about 9:30PM and saw who it was, I was surprised and curious as to what the problem could possible be. It turns out that on one side of the point-to-point T1 connection an Adtran Total Access 750, that I installed years ago, was removed and replaced with a Paradyne for the new phone system. They were able to configure the two systems through the paradyne to the point were the voice was working but the data, IP, wasn't working. The other side of the T1 was an Adtran TSU 600 unit which was unchanged - 8 channels voice and the rest of the DS0s were for data.
The voice was working but the data was not. He was on server on the new unchanged side and could not reach any computer desktop in the main and the same held true for the main side to the remote. I tried assisting them remotely by trying to talk them through the screens. I didn't have desktop remote access over the internet to configure the unit. Access to the paradyne was through the front panel only at this time I had to take a trip in.
What techs almost had it right, and they tried.

The Paradyne, when configured for voice and data needs:
  • The port that connects to router must be set to V.35 (at least this is the most common configuration)
  • If port 1 then that port must be assigned to NET in the configuration. The same applies if port 2
  • Once the above is complete then additional options are available to configure the data channels.
  • In the channel configuration under voice, the channels that are for data must be set to RBS - this one is the gocha.

Monday, April 10, 2006

EliteSolutions

EliteSolutions Personal Remote Access

Elite Solutions Now EliteSolutions has got the right idea. Why drive to or spend a ton of hours over the phone trying to support computers remotely. Just get some software that lets the support personal remotely access the system and get to work and get done faster. This will free him or her up to get more done. This is the basic reason why elitesolutions uses online remote support software. This is snippet form their support homepage. It says it all. Good work Elite Solutions. "With rising costs for service calls many IT Companies will simply increase service rates and or find other billing techniques to offset those rising costs. At EliteSolution we believe that all other business alternatives need to be explored before raising services rates. At EliteSolution we recognize that the simple raising of rates is not always the best solution as often this does not ensure that a business will remain competitive."

Tuesday, April 04, 2006

VPN Client Administration - Remember the early days of VPNs

This article is from March of 2001.

In previous columns, we have discussed protocol issues and alternatives facing ISPs that offer remote access VPN services, ranging from
authentication to addressing. Here, in the final installment of this series we open Pandora's box—VPN client administration.
Lisa Phiffer VP Core Competence, Inc. [March 15, 2001]

For the most part, Virtual Private Networking is a new technology, playing the same old remote access security tunes. Distributing desktop software, configuring it properly, and keeping it up-to-date is a time-consuming, never-ending administrative chore.
ISPs that offer residential Internet access are all too familiar with support costs associated with dial-up networking, mail client, and web browser configuration. Fortunately, these applications are factory-installed on most Windows PCs and include auto-update features. But remember the old days, when subscribers had to install and configure third-party
TCP stacks?
In some respects,
IPsec clients stand today where TCP stacks stood a decade ago. In 1998, at InternetWorld IW Labs, we started testing early IPsec gateways with paired client software. These clients operated as "shims" or virtual adapters, inserting themselves into the middle of packet processing. Client install/remove problems were commonplace. Configurations exposed esoteric security parameters like crypto algorithms and secret keys to end-users. Centralized client policy and software administration tools were virtually non-existent. Multi-vendor interoperability was—well, drafty, at best. The bottom line—VPN client administration took a bigger-than-anticipated bite out of ISPs return on investment.
With maturity comes reliability Fortunately, IPsec clients have matured considerably during the past three years. Base standards stabilized. Testing against reference implementations improved interoperability. Software kinks were resolved with time and field experience. However, testing complex network software with every permutation of Windows OS, service pack, and modem/adapter is a challenge.
Today, many remote access vendors—including
Check Point, Nortel Networks, and Indus River—continue to refine their own IPsec clients. But an increasing number of equipment manufacturers—including Cisco, Lucent, 3Com, and Nokia—outsource IPsec client development by OEMing SafeNet's Soft-PK.
Today's IPsec clients are not bullet proof, but compatibility issues are declining. A study conducted by Lucent NetCare cited overall VPN product immaturity as a significant barrier to deployment, but found that technology issues—top challenges just three years ago—had been surpassed by organizational issues in 1999. This study predicted that process and procedural issues would continue to grow in importance as VPNs become more integrated into network infrastructures.
Simplified installation More robust software is one more nibble into the technical support cost cookie. Streamlined client installation and update is another. Today's IPsec clients require fewer parameters. Through smart defaults, canned policies, and automated policy updating, client installation has become easier and less error-prone. Let's consider a few examples.
eTunnels mails each user a one-time URL to download VPN-On-Demand client software. Each time this IPsec client connects to the company VPN, it must first use SSL to obtain security parameters from the eTunnels Network Server (eNS). Centralized control, simple authentication, and topology assumptions greatly simplify client configuration, but at the cost of flexibility.
IPsec gateways like the Cisco VPN 3060 and
Symantec PowerVPN Server automatically pushes administrator-defined policies to IPsec clients each time they connect. Users simply enter gateway hostname and credentials. However, stronger authentication presents the same old challenge: IKE shared secrets are easily mistyped and X.509 certificates are not intuitive to the average end-user.
Check Point's VPN-1 offers automatic version checking to assist in managing client software distribution. Should software updates be automatically pushed for consistency, or applied ad hoc? If ad hoc, how do you ensure client-gateway version synchronization? These procedural decisions still fall to the VPN administrator.
Scalable policy administration In any large deployment, efficient management and monitoring tools are essential. Policy-based management systems simplify administration of site-to-site VPNs. But sheer volume and frequency of change make remote access administration a tougher nut to crack.
ISPs that offer managed remote access services set the bar even higher. These providers require highly scalable client management systems that support multi-level security policies, delegated user administration, and version control for hundreds of customers, each having perhaps thousands of users.
Vendors like Check Point and
WatchGuard market tools specifically designed for managed VPN providers. For example, Check Point's Provider-1 multi-domain policy server can compartmentalize users, rules, and logs for each customer, with automated policy backup and restore. WatchGuard's NOC Control Center provides real-time and historical monitoring, logging, notification, and reporting for managed customer VPNs from one central console.
Over the next few years, we expect to see considerable evolution in large enterprise and carrier-class policy management systems. This past week, Check Point introduced its Next Generation management interface, equipped with a visual policy editor, automated client updates, and predefined policies. Cisco also announced its VPN Security Management (VMS) system—an integrated manager that spans 3000 series concentrators, 7000 series routers, and PIX firewalls.

Read more ...