Server Rack Configuration

Proper server rack configuration is key for every business as it provides the technological backbone. There are many options for racks, rack components, and the way they are configured. In this blog post, I will discuss the various options and best practices.

Server rack options?  There are a few options to choose from such as a 2 post rack, 4 post rack and rack enclosures.  2 post server racks are ideal for light equipment (E.g. patch panels, switches and firewalls.) They may also be used for heavier equipment when optional accessories are added such as Trays or conversion kits.  Keep in mind, most of those 2 post rack systems can only support up to 1000lbs. 2 post racks are also cheaper than 4 post rack systems.  4 post racks cost more money but can support more equipment.  The average 4 post rack system can support up to 3000lbs. You have the option of getting bare bone server rack which comes with no options and built in cable management or a 4 post rack enclosure which generally comes with features such as secure access and built in cable management.  2 post and 4 post racks also come in a variety of sizes such as 6U and up to 55U.  Most common rack size used in most small/medium sized business are 42U (6 ½ ft.) and 3.5 ft. deep (4 post.)

What kind of rack should my business use? This all depends on several items; Business size / amount of equipment; Future expansion – you always want to plan for future growth; Available real estate – Server room size may not allow for certain racks; Environment – Do you have a secure server room? Does you need rack enclosure with a lock because your business does not have a server room?  Remember, unauthorized access can cause damage to any business; Money – yes, in the end it comes down to how much money you may have available.  So why, why all this need for server racks? Two simple reasons, organization and equipment security.

What is a U? A U is a rack unit – A rack mounted size described as a number in U. Most server racks have 1U markings along the posts to make mounting hardware easier/efficient.

How should the server rack be installed.. You should always examine the environment where the server rack will be placed.  Find the cold/hot spots in the room and place the front of the rack facing the cold area to provide maximum cooling for your hardware. Ensure you also have enough space around the rack to conduct any service and don’t forget about doors/access panels that swing open. All server racks should be secured in some way. For 2 post rack systems, they should be bolted to the ground with a top ladder support heading out to the rear wall.  4 post rack systems can also be bolted to the ground but also come with screw out feet. Lastly, remember to ground your rack to an electrical panel or busbar.  This task should be handled by an electrician.

How should I install my rack mounted hardware?  This task can sometimes be confusing as there can be many devices to mount. Easiest solution is planning!  Inventory your equipment and determine the space needed.  I also recommend using Visio’s rack diagram as you can get a virtual view of your rack. Before you begin mounting big devices such as servers, you’ll want to mount any cable management options and power distribution units. When the time comes to mounting main devices, I follow one rule, heaviest items on the bottom.  No one wants to pick up 50lbs UPS and mount it to the top or even the middle. Example of mounted devices from the bottom up: UPS, Servers, Video/input, switches, patch panels.

What management options can I get with a server rack?  Some basic options include server rails, which allow you to pull out servers without having to completely remove them. Server rack trays/shelves can also be used for none rack mount compatible devices such as server towers. A must have in all server racks are cable management ducts. These can be installed on the side of racks or in between switches and patch panels. They provide a clean look and make management easier. 2 post server racks can also be fitted with 2 post rack adapters that allow full rack mount spec or 4 post systems to be mounted.

That’s all I have for now, hope this has helped those reading.

Exchange 2007-2010: Brief Overview of Changes

 

Exchange 2007

– Routing groups are tied with Active Directory sites and services

– Replication is done using Active Directory replicattion

– Bridgehead server role was eliminated and replaced with the Hub Transport seerver

– Outlook Web Access (OWA) was dramatically improved to similar to 32-bit version of Outlook

– Direct file access (Access shares on servers through OWA)

– OWA provides access to mailbox rules, out-of-office rules, provisioning of Mobile devices, access to digital rights managed content

– LCR – two databases replicated on separate drives on the same server

– CCR – users mailbox replication across servers and sites (fail-over and fail-back capabilities)

 

Exchange 2007 SP1

– Public folders available in OWA

– Standby Continuous Replication (SCR) allowed for offsite, over-the-wan replication of databases with 20 minute replication delays.

– Geo-cluster is possible for remote CCR

 

Exchange 2010

– Server Licensing

– Standard supports 5 database stores

– Enterprise supports up to 150 stores

– User Licensing (non-relating/exclusive to server licensing)

– Enterprise license provides unified messaging, per-user journaling for compliance support, and use of Exchange Server hosted services for message filtering

– No more Recovery Storage Groups (RSG)

– No more STM databases

– OWA enhanced features available to other browsers

– Database Availability Group (DAG, Basically CCR, No more LCR, CCR, SCR)

– Remote execution of EMS commands

Windows 2008 Server – Easily Secure your FTP server

Today, it’s all about security. If you aren’t practicing good security, you are probably going to be held accountable for the information that sneaks into your network, and especially the information that can find its way out of your network.

Script kids and hackers alike all begin their first “hacking” by targeting what’s easy – The poor, unsuspecting FTP server. All day long, doing its job of blindly sharing and accepting files. Here are the four key parts of FTP (and its cousin Telnet) that make it insecure.

  • Clear-text transmission: all communications are done in clear text, including usernames and passwords
  • Weak client authentication: both FTP and Telnet authenticate users through usernames and passwords, which, time and time again, have proven to be unreliable authentication methods. There is no support for more advanced authentication methods such as public/private key, Kerberos or digital certificates
  • No server authentication: this means that users have no way to be sure that the host they are communicating with really is the FTP server and not an attacker impersonating the server
  • No data integrity: problem here is that, assuming the same scenario as above, anyone could alter and corrupt the data being transmitted between the server and the client without being noticed

So you have your brand new shiny server with tons of disk capacity, and a clean install of Windows 2008 Server. You’re tasked with setting up the new company FTP site. If you have experience with setting up IIS and FTP services on Windows 2000/2003 server, then you know exactly how easy it is to setup FTP service. With Windows 2008 server, securing your FTP server became just as easy. And the benefits, immense!

Windows 2008 Server utilizes the method FTPES aka FTP Explicit mode. In explicit mode, an FTPS (FTP Secure) client must “explicitly request” security from an FTPS server and then step-up to a mutually agreed encryption method (usually the minimums are defined on the server). It currently isn’t packaged onto the Windows 2008 server install media, but information and the download can be found here http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1619
Without this extra handshaking and communication, your server-to-FTP client communication is susceptible to snooping and hijacking. With these simple steps, your server avoids the pitfalls listed above, that plague many FTP servers out on the web.

Securing your new Windows 2008 based FTP server comes down to these steps:

  • Make sure your users and clients have a current FTP client that supports the few FTPSecure methods.
  • Install IIS7 on your Windows 2008 Server
  • Install the required Microsoft extras (all available on the “roles” menu) for Microsoft FTP Publishing Service for IIS 7.0.
  • Install the Microsoft FTP Publishing Service for IIS 7.0 update. Now you’re nearly 80% complete
  • Create and apply security ACL’s to your FTP repository. The top 10 rules that very much still apply today are published at http://www.windowsecurity.com/articles/Secure_FTP_Server.html
  • Create a self signed server certificate, or purchase a server Certificate and import.

Tada, you’re done! Now your Windows 2008 FTP server is protected. From beginning to end, Connection, Authentication, Authorization, Data Request, Data transfer. It’s all encrypted.

The 10-step guide to a Disaster Recovery plan

Problem: You need a plan for responding to major and minor disasters to let your company restore IT and business operations as quickly as possible.

1. Review Your Backup Strategy

  • Full daily backups of all essential servers and data is recommended.
  • Incremental and differential backups may not be efficient during major disasters, due to search times and hassle
  • If running Microsoft Exchange or SQL servers, consider making hourly backups of transaction logs for more recent restores
  • Store at least one tape off site weekly, and store on-site tapes in a data-approved fireproof safe
  • Have a compatible backup tape drive

2. Make Lots of Lists

  • Document Business Locations
  • Addresses, phone numbers, fax numbers, building management contact information
  • Include a map to the location and surrounding geographic area.
  • Equipment Lists
  • Compile an inventory listing of all network components at each business location. Include: model, manufacturer, description, serial number, and cost
  • Application List
  • Make a list of business critical applications running at each location
  • Include account numbers and any contract agreements
  • Include technical support contact information for major programs
  • Essential Vendor List
  • List of essential vendors, those who are necessary for business operations
  • Establish lines of credit with vendors incase bank funds are no longer readily available after disasters
  • Critical Customer List
  • Compile a list of customers for whom your company provides business critical services
  • Designate someone in the company to handle notifying these customers
  • Draw detailed diagrams for all networks in your organization, including LANs and WANs

3. Diagram Your Network

  • LAN Diagram: Make a diagram that corresponds to the physical layout of the office, as opposed to a logical one
  • Wireless access using Wi-Fi Protected Access security (WPA2) in order to operate in a new location

4. Go Wireless
5. Assign a Disaster Recovery Administrator

  • Assign Primary and Secondary disaster recovery administrators.· Ideally, each admin should live close to the office, and have each other’s contact information. Administrators are responsible for declaring the disaster, defining the disaster level, assessing and documenting damages, and coordinating recovery efforts. When a major disaster strikes, expect confusion, panic, and miscommunication. These uncontrollable forces interrupt efforts to keep the company up and running. By minimizing these challenges through planning with employees, efficiency increases. Assign employees into teams that carry out tasks the Disaster Recovery Administrator needs performed.

6. Assemble Teams

Damage Assessment/Notification Team

  • Collects information about initial status of damaged area, and communicates this to the appropriate members of staff and management
  • Compiles information from all areas of business including: business operations, IT, vendors, and customers

Office Space/Logistics Team

  • Assists in locating temporary office space in the event of a Level Four disaster
  • Responsible for transporting co-workers and equipment to the temporary site and are authorized to contract with moving companies and laborers as necessary

Employee Team

  • Oversees employee issues: staff scheduling, payroll functions, and staff relocation

 

 

Technology Team

  • Orders replacement equipment and restores computer systems.
  • Re-establishes connection to telephone service and internet/VPN connections

Public Relations TeamSafety and Security Team

  • Ensures safety of all employees during the recovery process.
  • Decides who will and who will not have access to any areas in the affected location.

Office Supply Team

7. Create a Disaster Recovery Website

  • A website where employees, vendors, and customers can obtain up-to-date information about the company after a disaster could be vital.· The website should be mirrored and co-hosted at two geographically separate business locations.
  • On the website, the disaster recovery team should post damage assessments for business locations, each location’s operational status, and when and where employees should report for work.
  • The site should allow for timestamped-messages to be posted by disaster recovery administrators. SSL certificates should be assigned to the website’s non-public pages.

8. Test Your Recovery Plan

  • Most IT professionals face level one or level two disasters regularly, and can quickly respond to such events. Level three and four disasters require a bit more effort. To respond to these more serious disasters, your disaster plan should be carefully organized.· Plan to assign whatever resources you do have control over in such situations. Test the plan after revisions, and discuss what worked and what didn’t.

9. Develop a Hacking Recovery Plan

  • Hacks attacks fall under the scope of disaster recovery plans.
  • Disconnect external lines. If you suspect that a hacker has compromised your network, disconnect any external WAN lines coming into the network. If the attack came from the Internet, taking down external lines will make it harder for the hacker to further compromise any machines and with luck prevent the hacker from compromising remote systems.
  • Perform a wireless sweep. Wireless networking makes it relatively simple for a hacker to set up a rogue Access Point (AP) and perform hacks from the parking lot. You can use a wireless sniffer perform a wireless sweep and locate APs in your immediate area.

10. Make the DRP a Living Document

  • · Review your disaster recovery plans at least once a year. If your company network changes frequently, you should probably create a semi-annual review. It’s best to know that an out-of-date disaster plan is almost as useless as having none.
  • WAN Diagram: Include all WAN locations and include IP addresses, model, serial numbers, and firmware revision of firewalls