Tuesday, 2 March 2010
Microsoft TMG Arrays Explained...
TMG arrays explained by someone (Richard Hicks of Celestix Networks & Microsoft MVP) who knows what they are talking about on ISAserver.org
Thursday, 25 February 2010
Barracuda Backup Service
I briefly mentioned the Barracuda Backup Service after attending the EMEA partner conference, but what if you want to know more.....
Well e92plus are hosting a technical training session on the HMS Belfast in London on Friday 19th March.
More information and registration for this event can be found here: http://www.e92plus.com/training-and-events/training-detail/10-03-19/Barracuda_Backup_Technical_Workshop.aspx
Well e92plus are hosting a technical training session on the HMS Belfast in London on Friday 19th March.
More information and registration for this event can be found here: http://www.e92plus.com/training-and-events/training-detail/10-03-19/Barracuda_Backup_Technical_Workshop.aspx
Celestix MSA voted ISAserver.org Readers Choice Award Winner
Congratulations to Celestix for their MSA Security Appliance on winning the ISAserver.org readers' choice award for hardware appliances.
Read more about it here: http://isaserver.org/news/ISAserver-Readers-Choice-Award-Hardware-Appliances-Celestix-MSA-Security-Appliance-Jan10.html
Read more about it here: http://isaserver.org/news/ISAserver-Readers-Choice-Award-Hardware-Appliances-Celestix-MSA-Security-Appliance-Jan10.html
Testing IAG SP2 Update 3 - Part 2
Here is some useful information from the MS UAG Blog about IAG SP2 Update 3.
The table in the link is very useful at summerising what is and isn't supported.
Socket forwarding is not supported by any 64 bit Windows operating system, as well as Mac & Linux machines. I have seen this with my Windows 7 64 laptop, which does not work with published RDP sessions, but can confirm that XP compatibility mode does work.
The Network Connector will not work with either 32 or 64 bit Windows 7 machines, as well as Mac & Linux machines. I can confirm this as a customer and I have tested this, although I have yet to test a Windows 7 in XP compatibility mode with the Network Connector, but I suspect it will work.
Although this update was meant to be the "fix" for Windows 7 and IAG, I'm afraid there are still limitations.
IAG is dead.... long live UAG!
The table in the link is very useful at summerising what is and isn't supported.
Socket forwarding is not supported by any 64 bit Windows operating system, as well as Mac & Linux machines. I have seen this with my Windows 7 64 laptop, which does not work with published RDP sessions, but can confirm that XP compatibility mode does work.
The Network Connector will not work with either 32 or 64 bit Windows 7 machines, as well as Mac & Linux machines. I can confirm this as a customer and I have tested this, although I have yet to test a Windows 7 in XP compatibility mode with the Network Connector, but I suspect it will work.
Although this update was meant to be the "fix" for Windows 7 and IAG, I'm afraid there are still limitations.
IAG is dead.... long live UAG!
Tuesday, 23 February 2010
Testing IAG SP2 Update 3 - Part 1
I managed to get my hands on SP2 Update 3 for IAG v3.7 a week or so ago.
So far I've only managed to deploy this to my live environment, but with some good and bad results!
My current IAG platform is a Celestix WSA 4000, and it has been Service Packed and updated pretty much as and when these updates have been available.
As I'm a little wary of these things, I use the Celestix Last Good Version (LGV) feature, which allows me to take a snapshot of my appliance and save this to a Linux partition on the appliance. It takes around 15 minutes to make this snapshot, and around 10 minutes to rollback... if required!
My appliance hosts a portal with various applications such as OWA, Intranet, RDP, etc, as well as an ActiveSync tunnel for our mobile devices.
After the update was applied, the portal worked perfectly with both Windows 7 32-bit and 64-bit machines, but it broke my ActiveSync tunnel!
One of my authentication methods is Active Directory and it is used for both the Portal and ActiveSync tunnel. The authentication using AD was perfect on the Portal, but it failed for the ActiveSync tunnel. All the mobile devices said the wrong password was being presented.
No changes were made to the mobile devices and this impacted both Nokia E71 and Apple iPhones. Changing the password on the device made no difference, but we knew that the AD authenication should be working correctly as the portal works.
Rolling the appliance back to SP2 Update 2 using the LGV feature, allowed all the mobile device to authenicate again, even though someof these devices did not have their password changed.
Since then, I've managed to get hold of another appliance to test with, so Part 2 will continue tomorrow.....
So far I've only managed to deploy this to my live environment, but with some good and bad results!
My current IAG platform is a Celestix WSA 4000, and it has been Service Packed and updated pretty much as and when these updates have been available.
As I'm a little wary of these things, I use the Celestix Last Good Version (LGV) feature, which allows me to take a snapshot of my appliance and save this to a Linux partition on the appliance. It takes around 15 minutes to make this snapshot, and around 10 minutes to rollback... if required!
My appliance hosts a portal with various applications such as OWA, Intranet, RDP, etc, as well as an ActiveSync tunnel for our mobile devices.
After the update was applied, the portal worked perfectly with both Windows 7 32-bit and 64-bit machines, but it broke my ActiveSync tunnel!
One of my authentication methods is Active Directory and it is used for both the Portal and ActiveSync tunnel. The authentication using AD was perfect on the Portal, but it failed for the ActiveSync tunnel. All the mobile devices said the wrong password was being presented.
No changes were made to the mobile devices and this impacted both Nokia E71 and Apple iPhones. Changing the password on the device made no difference, but we knew that the AD authenication should be working correctly as the portal works.
Rolling the appliance back to SP2 Update 2 using the LGV feature, allowed all the mobile device to authenicate again, even though someof these devices did not have their password changed.
Since then, I've managed to get hold of another appliance to test with, so Part 2 will continue tomorrow.....
Wednesday, 17 February 2010
Two factor authentication tokens on iPhone
I've been playing with the iPhone recently and I've been very impressed with the amount of applications you can get for the phone.
The other day after some prompting from the UK Vasco Technical Account Manager, I installed a Vasco Digipass for the iPhone. (Thanks Dan)
So now I have a demo Digipass on my phone, where I can use it for demonstration purposes. It was fairly straight forward, you need to download the app from the Apple AppStore and tap in a couple of codes to make it work. Obviously I need a Vasco server installed somewhere and install the relevant DPX file on it, so the token can be used.
Off the back of this success, I took the opportunity to install a Celestix HOTPin client on my iPhone as well.
Again, just download the iPhone client software from the Apple AppStore. You will need to ensure that the Celestix HOTPin server is running somewhere. Currently it can run on the Celestix WSA appliance, which negates the need for an additional server hardware. Once the server component is configured and users added to the system, it is ready to go.
I used the HOTPin client on the iPhone to communicate with my Celestix WSA appliance which is hosting the HOTPin server. It downloads the client.dat file onto the iPhone and the client then allows the phone to generate the one time passwords.
The Vasco token required a bit more information to set up and they have the advantage of being able to provide your users with hard tokens, software tokens, mobile phone tokens and OTP via SMS, all through a single server element and manage them from one console.
The Celestix is a more cost effective solution as the HOTPin server software can run on the Celestix WSA appliance and there is no server software cost as such. The only down side is that there is no hard token option, so you may encounter some friction from users as they will not want the HOTPin client installed on their own personal mobile devices, although you have the option for a software client on Windows or using OTP vis SMS.
Although both solutions support receiving the one time password via SMS, what happens if your users are in a mobile telephone blackspot?
- Posted using BlogPress from my iPhone
The other day after some prompting from the UK Vasco Technical Account Manager, I installed a Vasco Digipass for the iPhone. (Thanks Dan)
So now I have a demo Digipass on my phone, where I can use it for demonstration purposes. It was fairly straight forward, you need to download the app from the Apple AppStore and tap in a couple of codes to make it work. Obviously I need a Vasco server installed somewhere and install the relevant DPX file on it, so the token can be used.
Off the back of this success, I took the opportunity to install a Celestix HOTPin client on my iPhone as well.
Again, just download the iPhone client software from the Apple AppStore. You will need to ensure that the Celestix HOTPin server is running somewhere. Currently it can run on the Celestix WSA appliance, which negates the need for an additional server hardware. Once the server component is configured and users added to the system, it is ready to go.
I used the HOTPin client on the iPhone to communicate with my Celestix WSA appliance which is hosting the HOTPin server. It downloads the client.dat file onto the iPhone and the client then allows the phone to generate the one time passwords.
The Vasco token required a bit more information to set up and they have the advantage of being able to provide your users with hard tokens, software tokens, mobile phone tokens and OTP via SMS, all through a single server element and manage them from one console.
The Celestix is a more cost effective solution as the HOTPin server software can run on the Celestix WSA appliance and there is no server software cost as such. The only down side is that there is no hard token option, so you may encounter some friction from users as they will not want the HOTPin client installed on their own personal mobile devices, although you have the option for a software client on Windows or using OTP vis SMS.
Although both solutions support receiving the one time password via SMS, what happens if your users are in a mobile telephone blackspot?
- Posted using BlogPress from my iPhone
Tuesday, 16 February 2010
Computer Engineer Barbie
After an online vote, Barbie has a new profession.... Computer Engineer.
More information about it here
More information about it here
Subscribe to:
Posts (Atom)
