From all of us in the Coretek family, we would like to take a moment to extend our deepest gratitude to each of our customers, partners, to each other, and to you; please know that we are deeply appreciative of every precious opportunity to which we are entrusted, and that we will do everything possible to continue to deserve your loyalty and trust.
Thank you.
We hope that you and your family have a wonderful Thanksgiving!
Tags: Coretek Services, Plenty, Thanksgiving
The Challenge
I’ve seen it happen; people sometimes hand out the corporation’s wireless security passphrases to allow visitors access to the internet. Without the right equipment and design, this opens the internal network to the guest.
Even though they’ve been warned that this behavior may put their infrastructure at risk, employees often want and need to give this access to their visitors. It’s even more scary when policies are not in place to change pass phrases at regular intervals; possibly permitting the guest to retain the pass phrase for years without being noticed (obviously, I’m not talking about two factor authentication devices here).
One Solution
Several methods are available to allow guest access to the internet from your wireless network without sacrificing security. Some require purchasing secondary wireless devices, and/or configuring VLANs throughout the network infrastructure. Or if you’re lucky enough to have a Ruckus Wireless Controller, it’s built in. Active Directory users can create their own guest passes on an easy-to-use webpage.
The Configuration
Within the Ruckus ZoneDirector, click the Configure tab. Under the WLANs tab, create a new WLAN. After the naming and description option, the Ruckus software allows three types of WLAN Usages (Standard, Guest Access, and Hotspot Service). For Guest Access WLANs, the access is based on Guest Access Policies and access controls which are defined in Guest Access area of the Configuration tab. Within here, you can define Authentication, compose your Terms of Use, and even Redirection of website requests. Guest Pass Generation Authentication permissions can based either on a local database, or Microsoft’s Active Directory. Most important within this section is Restricted Subnet Access. The Ruckus setup acts as a proxy for guests thus easing the configuration by avoiding complex VLAN configurations throughout the networking infrastructure.
Problem solved!
Tags: Ruckus, wireless security, WLAN Usages, ZoneDirector
The Challenge
A little while back, I was working on a project that involved migrating from Novell NetWare and eDirectory to Windows Server 2008 R2 and Active Directory, with a large handful of eDirectory login scripts that were to be edited throughout the migration process. We mostly just wanted to keep track of the changes in the scripts as the migration occurred, but we also wanted to rapidly re-validate the scripts in case other changes were being made by other staff members. I had access to a licensed software tool that mostly accommodated this purpose; but it was cumbersome, and I wished for something simpler and more effective.
By the time I had moved on to my next customer engagement, I was once again faced with the need for such a piece of software. However, this time it would be on a much larger scale; this time I would be needing the tool to inspect and track around 20 different eDirectory trees, with up to hundreds of login scripts per tree.
The Wager
Around the same time, Donte (fellow Coreteker extraordinaire) was working on a similar customer project, and commiserated with me on the phone one evening about the lack of an efficient, affordable, effective eDirectory login script mass-export tool. We decided on that call that we would have a little personal bet to find one that was better than the tools we had; and guess what…
The Winner
…I win!
At some point, I suddenly remembered a set of lectures I had attended in the past by Peter Kuo of DreamLAN Consulting, and recalled that they had produced a tool for management of Novell login scripts. I managed to locate their “xSCRIPT” tool on Novell’s Cool Solutions; and though it appeared that it was created over a decade ago as part of the “NDS Toolkit”, I decided to contact them to see if it was still available and supported.
Fortunately, Peter immediately responded. He informed me that while xScript is still available, he wondered if I would be interested in a newer LDAP-based version that is faster, more flexible, and more robust. I was certainly interested!
The Deets
It is called the Login Script Tools Gadget, and is part of a larger LDAP Gadget suite of products. Peter provided a trial version to allow me to prove that it was the perfect tool for the job. The price is amazing at around $50 per eDirectory tree! Even better, since the customer had more than 15 eDirectory trees, we were permitted to purchase a “Site” license, at around $500 (still amazing).
We have installed it, used it, and loved it. It has been a lifesaver in the trenches of the migration from NetWare to Windows Server!
And now my next problem… I need to try and remember what I had bet Donte, in order to collect whatever my prize is…
Now you know the back-story, and the information about the helpful software; in a future post, I’ll reveal some of the cool ways we used it.
Enjoy!
Symantec recently posted an item to their Endpoint Virtualization Community Blog, calling attention to a couple very nicely-done instructional videos done by fellow Coretek team member, Jeff Blakely (a.k.a. VirtualizationGuy on YouTube).
Of course, we couldn’t be more proud of this recognition of Jeff’s talent by such a valued partner as Symantec; but we knew it all along.
Check out the Symantec blog item here:
Thanks Symantec, and thanks Jeff!
Tags: Server Virtualization, Symantec, Symantec Workspace Virtualization
