Church IT Podcast Discussions Episode 1
JASON POWELL
Hello everybody. Welcome to the first official live podcast, church IT talkcast. We are recording this thing live now so it will be available to download later. Today is Friday, December 1, 2007, this is Episode 1. We are a bimonthly live interactive podcast with Church IT staff and volunteers, just to get together and discuss news, tips, tools, technology, best practices as they related to church organizations and what we can do to further God’s Kingdom. We meet live every first and third Friday of the month at 2:00 pm EST on www.talkshoe.com. Check out www.churchitpodcast.com We will be putting the pre and post show notes there. My name is Jason Powell, I’m the IT Director at Granger Community Church and I’ll be your host today. Let me hit the unmute button for everyone. Alright. We are live.
First, I’d like to say thanks to everybody for joining us. We had some lengthy delay problems, but this is still a beta product. We had tried the Skypecast before; some of you may have been involved in that; the audio was just terrible and there wasn't a nifty way to chat with everybody. Matt Wilson recommended this, I played with it, listened to some other talkcasts, like Leo LaPort and the TWIT podcast, also over hear on TalkShoe. I figured if he likes it, it would probably be a good option for us. You can type stuff into the chat window. If somebody has a question, dump it in there, it will color code threads.
[2:30] COOL TOOLS
I’d like to talk about the cool little tools that you use that help you as a church IT person. I’ll get the ball rolling, I’ve got a list here. One of my favorites is from www.sysinternals.com, it is their page defrag tool. If you are familiar with Windows, it does not have the greatest defragmenter tool. It does not defrag your page file, so over time your page file will get fragmented up and this free tool runs on boot-up and it will defrag your page file and I’ve noticed some pretty decent gains. We are looking at installing it as part of our ghost image, so anytime a machine is started, the page files are getting defragged. It’s cool. It is free, one executable file.
[4:08] One of the other tools we’ve been using is Op Manager from www.ManageEngine.com. Op Manager is for up to managing 20 network devices, it is also absolutely free, a simple install, you point it at the devices on your network that you’d like to monitor with SNMP stuff and away you go. We used it two weeks ago to do some narly trouble-shooting down to a device on a port on a switch that was having a major problem. We had our entire network down for about 20minutes due to a network cable. I should blog about this. Somebody had pinched a network cable and it flooded the network with enough traffic to lock up our main core switch. So, Op Manager is another sweet tool.
[5:11] Then just from a remote control standpoint, one of the things we use daily around here is Dameware, that’s www.dameware.com It is a great remote control tool, priced very well, we tried some VNC stuff, I just like the Dameware stuff better because it works right out of the box, install it, it knows your active directory, there’s nothing really to set or configure, it’s lightening fast. I use those on a day-to-day basis.
Who else has some cool tools?
[5:59] Andrew Mitry
I just install this neat, IPKVM that connects to our KVM switch in our server rack. It lets you connect it to the network, that way if you need to reboot a server, you can see the bios and everything coming up remotely. There are a couple of the out there, made by Avocent, about $500 on buy.com and it runs with a little java aps so it will work on Windows or Linux or Mac and it gets you right into your KVM switch across the network or VPN or wherever you are [at home].
JasonP
Excellent. How many ports does it have?
Andrew
Just one point then we connected it to our 8-port KVM and it lets you pass through to the monitor and mouse and keyboard so you can still access it as a normal KVM.
Jason
How is the lag? Any perceptible lag?
Andrew
Slightly, but for troubleshooting and when remote desktop isn't going to do it, it’s good enough.
Jason
We toyed around with doing something like that, right now our servers are maybe 20 steps away from where our office so that’s not been a huge deal, but in the near future our server racks will be moving 2 floors beneath us and that will be a challenge because I don’t like to walk a long distance. Andrew, let everybody know where you are from.
Andrew
I’m at Saint Mark Coptic Orthodox Church in Fairfax, VA. We are a church and school, I’m Director of Technology.
Jason
I call Andrew a Linux expert, you guys are doing some neat stuff with the open source Asterisk technology. That could be its own topic right there.
Any other tools?
[8:20] Andrew
We got the open source SSL VPN up and running and it has been great. The SSL Explorer. I’ll put it in the chat window. They have a paid version and an open source version, we have about 30 people and it is running nicely. It was a little tricky to get up but once we got it running, it’s nice.
Jason
Did you have to customize and what kind of stuff are people accessing off of your page?
Andrew
What’s cool about it is you can basically set up, it connects to Active Directory, and I should blog about this, you have to have your domain controller in the host file on the machine that you are installing it on, it won’t pick it up from DNS for some reason, that’s what took me so long to get it running. You can pick out users and groups and define applications that you want them to connect to, so right now the only application I have on there is remote desktop and I’m letting our finance team remote into their machines running Quickbooks from outside, so I am defining them on a user by user basis, so I say this user can access this machine via remote desktop. So when the user hits the SSL VPN, use their Active Directory log-in, connect, they see a shortcut for remote desktop and the SSL tunnel into the network and lets them remote desktop right into their machine and that is the only thing they can get to on the network.
Jason
Sweet. And free.
Andrew
And if you have internal web applications you can set up redirects to those without opening them to the outside. If you have Sharepoint running but you don’t want to deal with getting SSL certificates, you could let people get to it through the SSL VPN and that’s what’s doing all your security instead of having to do it on the Sharepoint side.
Jason
The rest of you feel free to ask questions.
We are still investigating the whole SSL VPN thing.
Michael
What’s the biggest advantage of that?
Andrew
We are creating two groups of people now, people who have church-issued machines for remote use and people who are using their own machines. When you issue a church machine remotely, of course you control the anti-virus and anti-spyware, you know the machine is clean. So you want to make sure the machines that have full access are clean. But now that we have a lot of people wanting to access using their own machines, this is only allowing them a secure connection, so even if their machine has that stuff, it is not going to have any direct access to what they are remoting into on our network.
Michael
So basically, if you don’t trust the machine that wants to access.
Andrew
And if you don’t want to have to deal with installing the VPN client. Like before, one of our finance guys is a volunteer and I installed our Cisco VPN client for him on his laptop and it crashed his machine, his work laptop. Apparently it was conflicting with his work VPN, I had to get him a way back into our network so he could complete his work.
Jason
We are in the same boat, if people want to VPN right now, we give them [Time Stamp00:13:46] directions and they have to install the Microsoft stuff on their machine, and then we are exposing ourselves to whatever they could have on their machine.
I’ve downloaded the SSL Explorer but I haven’t done anything with it yet.
Austin just asked if anyone has problems with Exchange over VPN. We haven’t. We switched to RCP over HTTP and that works so nice. I’d say if you haven’t investigated the RCP stuff, it’s a definite win for you and your end-users. Any laptops that we configure today, we immediately do that to staff laptops. So they can be sitting at Panera Bread or in India and they can hit the Exchange server and hop right through.
One thing we have found out, the RPC over HTTP stuff, if you mistype your password into the box, it will lock your account. It seems like if you put the wrong password in, you don’t get a second chance. Has anybody else experienced that?
Sp
What is your number set to?
Jason
Six maybe?
Sp
I’ve seen with a sniffer before where the RPC traffic will attempt it three times before it comes back invalid, so there’s three attempts. But if you’ve got it set at six…
Jason
We can usually tell, if somebody calls from outside saying they can’t access email, first thing we check is to see if account is locked-out.
Other cool tools?
Sp
I don’t use this on a daily basis but here at Sunset we have virtualized servers so when we have these V[?] files, virtualized hard drives, they can get pretty fragmented so I use Sys Internals contig, short for contiguous and it defrags really large files.
Jason
Great! I’ve seen that tool but it never crossed my mind to use it on a VM.
Sp
I would suggest first if your [?] are fragmented, defrag them first before you go inside the VM to start defrag. Very helpful.
Jason
Excellent [Time Stamp00:18:08] tip!
So you guys are using the Microsoft virtual server? Yep. We, way back in March, started experimenting with the free VM ware server stuff, so we are invested in that, but Microsoft is now delivering trial versions of server stuff right in a VHD, so if you want to play with Exchange 2007, you don’t have to install it, you go get the VHD, stick it in whatever box you have and tada! That’s awesome.
Sp
We are looking forward to Service Pack 1 for virtual server, it will support shadow copy so we can actually back-up the VHD while they are running.
Jason
Another thing I just read, if you are a Technet subscriber, and I would recommend that, the trial period for those VHDs is 500 days, and if you have an MSDN Subscription, it is unlimited. So you needed an extended period of time to play with these, there’s some good incentive to have a subscription. You are also able to download stuff way ahead of anybody else. I’ve had the full version of Vista and Office 2007 for several weeks now.
One of the other things I like, when I log into my Technet account, I don’t have to wait for CDs, I can force download any application and that will become more and more the case. If I break something, just click a download and here it comes, but it to CD and I’m up and going. There’s another cool tool, Tech net subscription. Worth the cost. And you get two free issues from Microsoft.
Next in line?
Sp
I use on a daily basis called Look at Lan, a quick, what’s up what’s down type of program, you can configure the poling interval whether it be one minute or 99 minutes. You can plug in your SNMP strings, it will go pull it and let you know, give you and annoying submarine sound that something is up or something is down. I’m do technology at [Time Stamp00:22:28] our church, I’m from Rockspring Church, WV and that’s a part time thing for me. I also work for a large consulting company on a government contract and they typically don’t have a lot of money for big tools, so we are scrounging for any tool I can to monitor the servers and stuff, so that’s one of the tools we use, along with Op Manager. I have been a big advocate of Dame ware in the past. You can also set mail traps, so if something goes up or down, you can configure it to let you know. www.lookatlan.com It’s a cool program. We’ve got a couple hundred servers, we’ve got it set to pull every 5 minutes to keep an eye on things.
Jason
Suppose a church wants to buy a new server, do you have a preference?
Sp
I worked in an IT shop that was all Compaq before HP bought them, I prefer HP just because the Smart Start CDs make things easy. I had a problem with the newer Dell, but they walked me through and gave me a free program, it’s a program called In Light. It was able to pop your XP CD, www.nlightos.com free program, download it, pop your OS CD in the drive, you copy the files, then you can do all kinds of stuff. You can put an SP here with it and it flips streams it into your source installation files, you can download hot fixes, patches and point those, so in essence you can keep up to date so when you do a new server install or OS install, just pop the CD in and do the install and you’re done. You can also do special drives, like the perk card, and also does an ISO file, you are able to load the ISO instead of CD files.
I prefer the HP, not as many problems.
We have 5 servers up and running at a temporary office location with our Internet connection.
Jason
Very cool.
Sp
Another cool is Montastic. It is a website that does monitoring from the outside, so we do have our monitoring on the inside using Open End MS, but on the outside, this is nice in case the Internet connection is down, we’re not getting any emails on our phones or anything. And it’s free, very simple to use.
Sp
We like free.
Jason
Free is good. Dime [?] DSN has some cool tools but they are not free, some are low cost. We really on our spam filter, Postini, as some degree a network monitor because of our email goes to Postini first, off site, they scrub it and shove it to our Exchange box here on site, and part of the package, there is monitoring built in there, so if they can’t reach our Exchange server, it sends text messages and emails to our phone, then if it still can’t reach us, they start spooling our account and we get more text messages, and typically that means something is going haywire.
We’ve been using Postini close to 2 years, in my opinion it is one of the best bangs for the buck we’ve purchased. We weren’t having terrible spam problems but we could see the writing on the wall. And at that time, we were having monster Exchange issues trying to move from an old Exchange 2000 box to a 2003 box, so we did the Postini thing and it really rocks. I don’t have to manage any filters or stuff like that, they handle it all, it’s doing anti-virus stuff at the same time before it gets to us. Then every day at noon, everybody gets an email from Postini that shows them what email got caught or flags it’s spam, so they can specify if they want it delivered or whatever. There are others like MX Logic, but we are satisfied with Postini unless somebody can do what they do for less money. I think we are paying $22 bucks a year per person. Worth it for me.
Any other cool tools?
Here’s another thing, I know several of you have blogs, maybe you don’t know everybody’s blog [Time Stamp00:36:24] address, lets list them in the chat window or call them our if you are not in the chat.
www.Jcjennings.blogspot.com
Matthew
Remote desktop.
Jason
We are approaching 38 minutes, we had some problems getting in at 2:00, but hey, we’ve got 13, not bad for the first time.
What about time spot? Is this a good time to do this? Should we do it during the evening, for volunteers who work other jobs during the day, or keep it during the day so we don’t interfere with family time? What are your thoughts?
Sp
2:00 pm is cool.
Jason
Several are writing in that 2:00 is good. Ok, we’ll keep it at 2:00 for now. It is being recorded so people could listen to the podcast whenever they want to. I need to figure out how often we want to do this, is every week too often, I think every two weeks might be good.
Sp
Two weeks sounds about right.
Jason
Ok, I’ve got to be aware of how much time we are using. I think this is an awesome resource. I enjoy talking to other church IT guys, the Roundtable was awesome. It’s cool and helpful to get together and talk.
Matthew
What have you guys been talking about? Sorry I was late.
Jason
Page Defrag tool, the Op Manager, Dame ware, Postini.
Dave mentioned the Process Explorer. We are going to be implementing that into our next ghost to replace Task Manager because the Sys Internals Process Explorer spanks the Task Manager.
Sp
They got another program that combines the Process Explorer, the Smile Mon and Reg Mon [??] in one. I’ll see if I can put it in the window. It’s called Process Monitor, takes all three of those and puts it in one. You [Time Stamp00:44:40] can filter through if you don’t want all three.
Jason
I know things have changed since Microsoft gobbled up that stuff. You can go to Sys Internals and have fun. It’s free, almost everything is a single small executable so you are not installing DLLs all over your machine and the stuff is pretty sweet. We used the file monitor once when we were having an iTunes CD burning problem. I keep getting hits on my blog from Apple where I talked about that but I don’t know if they’ve fixed it yet or not. I hope they are working on it. That’s a big oversight. Whatever they can do to help people to purchase and use their product, I’m assuming they will continue to work on it.
Sp
For the folks that are using Outlook and they want to integrate their blog reads into Outlook, a program called Intra V News www.intravnews.com free for personal, non-profit stuff, a little program that loads up in Outlook and starts grabbing your RSS feeds into a personal folder and you can organize them and keep what you want and read and all that good stuff.
Sp
I use Outlook 2007, it’s got an RSS.
Jason
Same here.
Sp
I tried to use that with the OS 2007 RSS feed and sometimes it seems like it wouldn’t update or had lots of errors. Maybe they fixed that.
Sp
Yeah, there were some problems, but the Gold version seems to be better. In order to force a grab you can still press Send/Receive, you can actually modify the time period and how often.
Jason
I’ve got feeds into my 2007 but I just don’t check them very often. Speaking of feed readers, I was a staunch blog lines, use blog lines, then Google reader came out and I really like the latest version, but is it really slow? It doesn’t matter which machine I’m on, it’s just slow. You click and wait.
David Russell
When Google Reader launched, I had the same issues, when it came out I thought maybe they would clean it up, and apparently they really improved the last update. I haven’t checked it out. I use Newshutch from www.newshutch.com I’ve only used them a couple months, it works well for me and I haven’t had any issues with it. Plenty fast, one vote for them.
Jason
I had not heard of that one. David, give us some background on what you do.
David
I’m caught between two loves, my first passion is web design and development, that’s pretty much my mission here, with that I split IT duties with our media pastor, Dave Clark, our other geek on staff, so we are in charge of managing our server. We’re not where I want us to be as far as utilization, we’re looking into dual collaboration stuff and really a lot of what you are talking about Jason is where we need to be going. We use BitDefender [? Not sure what he said] across our network from Norton and love the anti-virus solution and it promised a good spam solution but we’re wrestling with it. Too many [Time Stamp00:51:58] false positives. That’s where we’re at, I appreciate what you do in the blogs. Andrew is right down the road from me.
Jason
And you are a guitar player too right?
David
A little.
Jason
Awesome.
Other exciting stuff? I think we will wrap up here soon.
Sp
Is there anybody on here that is experienced with RSS feeds as far as, I got registered for the podcast with Apple, but I’d like to see some statistics but I screwed up. It’s working on Apple fine, but I’m not getting good statistics.
Sp
Are you using feedburner to deliver the feed?
Sp
I’ve got the RSS feed on our web server, the hosting part, not at our office, I don’t have direct control of it. I gave that to Apple, then I created the feedburner.
David Russell
Ok, so people connecting through iTunes are being delivered with the original feed, not the feedburner feed. One option you can so is set up an access file on the server and change the location of the actual feed so that when people subscribe using iTunes, if they get that feed, you can set up a redirect where you redirect from the old feed link to feedburner and then set up a new feed link wherever else and just change that new feedburner as well. So that anyone on the old URL is being redirected to feedburner and anyone new as well. That’s one way to get around it right now through an HP access redirect.
Sp
Thanks, I appreciate that.
Jason
Other general questions. Michael, was it you asking about financial software?
Michael
What kind of financial software does everyone use?
Matt
We use Quickbooks. The Enterprise edition with the 10 user license and we have about 5 people simultaneously connected and it is pretty good.
Jason
Travis mentioned they are using Shelby financials and he has an unhappy [Time Stamp00:56:33] face, apparently he would not recommend that. We are using Great Plains, now called Microsoft Dynamics, but I’ve heard great things about Quickbooks and the online version. I think there’s a really sweet online version of Quickbooks for a great price and it would handle a lot of what you need. Andy, our integration specialist, is more familiar with that stuff. I’ll refer you to him.
Michael
Would you not recommend Great Plains then?
Jason
I don’t know enough about it to be able to say, I don’t use that application. From an installation standpoint, it is pretty hairy and we’ve had some issues installing and configuring it. It’s not simple, we have a 3 page document on how to install it. Really nasty. That’s what made us turn our physical box into a virtual box. We were in a position where our physical SQL box, this big monster dual processor, 4 gig of RAM, we were gonna write our own church management software, that fell through, we went to Fellowship One, but we were like here’s this awesome platform we could be using to put more VMs and stuff on, but nobody had documentation on how the Great Plains was installed on the box, so we just did a physical to virtual migration on it and so now SQL lives inside this little VM on some other server and we took that hardware and did some good stuff with it.
Michael
Our financial person had experience with ACS so that’s what we went with. I did the install but I have no experience using it, hard to say.
Jason
Our finance people seem to say it does what they need it to do. I guess that’s good.
Awesome. We are at the one hour mark and it is Friday. I’m going to end the recording but the line will still stay open as will the chat, so you can still chat. Otherwise I’m going to add these URLs to the blog post and we’ll see you two [Time Stamp01:00:56] weeks from now. Oh, that might be Christmas, watch my blog on that. Thank you all for coming today for Episode One and I’ll look forward to chatting with you again for Episode Two.
Post show notes ... please contribute edits
PageDefrag - free single .exe file that will defragment your windows paging file and registry ... can make significant improvements on PC's that have not had their page files defragged. No, most defrag tools do NOT defrag the paging file as it must happen before windows loads. We're planning to put this into the next ghost image for all our PC's at GCC.
OpManager - network monitoring tool that is free for up to 20 devices
Dameware mini-remote control -
Advocent IP KVM -
SSL Explorer -
RPC over HTTPS Outlook connection -
Microsoft Virtual Server 2005 - upcoming service pack will include VSS for live backups of the VM
Contig - another free tool from sysinternals that will defrag large single files ... like those found in virtual server environments.
Microsoft now offering fully ready server installs via trial .VHD file downloads
Microsoft TechNet subscriptions
Look at Lan - free network monitoring tool
Nliteos.com - make your own slipstream CD's
Server manufacturer suggestions
monstastic - free network monitoring tools
dyndns.org -
Postini - anti-spam, anti-virus, "network" monitoring
process monitor - another sysinternals tool (we're going to replace windows taskmanager with process explorer in our next ghost image at GCC)
intravnews.com - RSS reader plugin for Outlook
Outlook 2007 - built-in RSS reader
reader.google.com
newshutch - RSS reader
bitdefender anti-virus
Financial Software Packages
Uploading ....