Rules to Better Internet and Networks

Hold on a second! How would you like to view this content?
Just the title! A brief blurb! Gimme everything!
  1. Do you know how to setup a PPTP VPN in Windows 7?

    On the computer that you want to setup the VPN:
    1. Go to Start | Control Panel

    Figure 1 - Click on "View network status and tasks"  3.
    Figure 2 - Click on "Setup a new connection or network" 4.
     Figure 3 - Select "Connect to a workplace" 5.
    Figure 4 - Click "Use my Internet Connection (VPN)"   6.
    Figure 5 - Fill out "Internet Address" and "Destination Name" | Check "Don't Connect Now"  7. 
    Figure 6 - Enter your Username and Password 8.
    Figure 7 - Close the wizard without connecting   9.
    Figure 8 - Back in the Control Panel, click “Change adapter settings”   10.
     Figure 9 - Right click on your new VPN | Click "Properties"  

    11. Click on the Networking tab 
    12.
    Figure 10 - Click on "Internet Protocol Version 4 (TCP/IPv4)" | Click "Properties" 13.Click the Advanced… button
    14. 
    Figure 11 - Uncheck "Use default gateway on remote network"

    15. Click OK on all of the open dialogs | Double click on the new VPN 
    16.You will notice your username and password is missing – retype these into the VPN connection 
    17. Press Connect and your VPN should dial and connect

  2. Do you assume catastrophic failure before touching a server?

    ​​If you are going to install a service pack on a machine, moving a virtual server to another drive or doing any critical system level changes, make sure you back up your machine first. For virtualized machine, make sure you back up all related files, including vhd, avhd etc.​

    You should already assume there could be catastrophic failure after these kind of operations and you should always be prepared for them by having a full backup somewhere. This is especially important when you are working your production or critical servers.​

  3. Do you check your DNS settings?

    w3dt.net supplies a DNS report tool which can help administrator to troubleshoot DNS issues with domains, name servers, SOA, and other information. We need to get all green ticks except for:

    • Missing (stealth) nameservers
    • Missing nameservers 2
  4. Do you disable automatic Windows Update Installations?

    ​​Microsoft automatic updates can be dangerous. 

    Microsoft Update is a service that allows for the periodic patching of system files to address known issues with Microsoft products. Originally called Windows Update, it was specifically focused on Operating System patches for Windows. More recently however, it has been expanded to include all Microsoft products and the name has changed to Microsoft Update, allowing the automated patching of non-OS software such as Internet Explorer and Microsoft Office. 

    It is important to keep your machine up-to-date, but Windows Update Automatic installation can be somewhat intrusive to your work flow. There is nothing worse than getting Windows Updates installing during important presentation. You should set Windows Updates to be installed manually.

    Go to Control Panel | Windows Update | Change Settings and set updates to Download updates but let me choose whether to install them.

    Figure: Bad example – Install updates automatically
    Figure: Good example – Download updates but let user choose whether to install them

    If you have a system administrator who manages your organization’s infrastructure, it is recommended to get you system administrator to push this setting via group policy.

    Figure: Better example – Windows Updates setting is pushed to *ALL* users via group policy
  5. Do you have a consistent naming convention for each machine?

    When we configure networks we give all computers in the company a naming theme like Buildings, Cars, Countries, Colours, Fruits, or Vegetables. 

    At SSW we have adopted the animal kingdom.


    Figure: We na​​​me the PCs and label them​ - this one is "Great Pyrenees"

    While you are attaching the label, it is also a good idea to affix a business card to the underside of the computer. ​​​​​This way if you lose your machine, anyone who finds it can easily contact you. 

  6. Do you have servers around the world and use GEO based DNS IP’s?

    Having a very popular website is great. The only problem is where to host it. If you host it in your local country then it is very fast for your local market but what about the market on the other side of the world?

    The solution is to have 2 or more servers and direct users to the server that is the closest to them. This is possible with the help of Bind DNS server and a list of IP addresses and the country of origin.

    The beauty of this solution is that it is not application specific. Anything like VoIP or game servers can be directed to their local server.
    Follow the directions found in this article http://peen.net/2006/03/08/geo-dns to setup your Bind config file. The only problem is that the PHP script supplied in that article does not work correctly. It cannot convert the number based IP to the real IP and subnet. Because of this I had to create my own little app to make the file for Bind to use. You can find it and get the source code.

    You can download a free list of IP to country’s from http://software77.net/cgi-bin/ip-country/geo-ip.pl

    How it works:
    Once you have made your acl files you can use views in the bind configuration to specify which zone file to use for each group of IP’s. Each zone file would have the relevant IP information for that target segment of the world.

    Imagine you have 3 zone files: one for europe, one for the america’s and one for the rest of the world. You simple edit named.conf.local to include the acls for europe and the america’s. E.g.:

    include "/etc/bind/named.conf.options";
    include "/etc/bind/acl-europe_east.inc";
    include "/etc/bind/acl-europe_sout.inc";
    include "/etc/bind/acl-europe_west.inc";
    include "/etc/bind/acl-europe_nort.inc";
    include "/etc/bind/acl-america_cari.inc";
    include "/etc/bind/acl-america_cent.inc";
    include "/etc/bind/acl-america_nort.inc";
    include "/etc/bind/acl-america_sout.inc";

    Next you create separate views. One for europe, one for the america’s and one for everyone else.
    view "europe" {
     match-clients {
      europe_east;
      europe_nort;
      europe_sout;
      europe_west
     };
     zone "peen.net" {
      type master;
      file "/etc/bind/europe/db.peen.net";
     };
    };

    view "americas" {
     match-clients {
      america_cari;
      america_nort;
      america_sout;
      america_cent
     };
     zone "peen.net" {
      type master;
      file "/etc/bind/americas/db.peen.net";
     };
    };

    view "others" {
     match-clients { any; };
     zone "peen.net" {
      type master;
      file "/etc/bind/others/db.peen.net";
     };
    };
  7. Do you know how to add a printer?

    ​​When you are connected to the SSW network, you may complete the following procedure.

    Go to \\printer

    add-printer-1.png
    Figure: Printers listed in Printer Server

    Double click on Printer to connect/add the printer. Follow prompt to finish adding printer (printer driver installation).

    Available Printers are:

    1. Printer_HP3390 (Mono laser printer)
    2. Printer_HPCM2320 (Colour laser printer)

    Congratulations, you have now successfully added the printer. You may now begin to print.

    add-printer-2.png
    Figure: Printers successfully added and shown in Devices and Printers
  8. Do you know how to migrate DNS records?Unpublished

    The easiest way to migrate your DNS record is do it through AXFR migration. Most DNS service providers allow AXFR migration/transfer.

     

  9. Do you know how to setup a PPTP VPN in Windows 10?

    On the computer that you want to setup the VPN:
    1. Click on the Network icon which can be found at the bottom right hand corner of your screen and click on Network SettingsWin10Network.jpg 
    2. Navigate to VPN and click on Add A VPN Connection
      windows10vpn.png  
    3.  Enter the VPN details (VPN Name and VPN Server/IP Address)
      windows10pptpsetup.png
    4. Enter your VPN account details in the selection box (remember to click on "Remember my sign-in info")
      windows10vpndetails.png
    5. Your VPN is almost ready to use, however you want to disable "use default gateway on remote network". Unfortunately GUI has been removed from Windows 10, however this is easily done through PowerShell. Open up a PowerShell and run
      Get-vpnConnection
      Windows10VPNPowerShell.png
    6. Enable Split Tunneling on the VPN connection created with PowerShell command (replace [vpnname] below with SSW)
      Set-vpnConnection -Name "[vpnname]" -SplitTunneling $True
    7. You are now ready to use the VPN connection. Select the VPN connection that you have just created and click on connect
      windows10connectvpn.png
    8. The VPN will now attempt to connect and if successful, the VPN status will change to Connected
      windows10vpnconnected.png

     

  10. Do you know not to delete expired domain users?

    When an employee leaves or a domain account expires, disable the account, never delete it, as:

    • Some LOB application such as CRM maintain a reference to the AD domain user GUID
    • During the migration or restoration of CRM, users stored in the database are verified against AD and problems may occur if they no longer exist
  11. Do you know not to login as Administrator on any of the networks machines?

    We've seen this happen too many times - a user wants to do something on a network server machine, and because the user hasn't got a profile setup on that machine, he end up using the Administrator password to log on as administrator. 

    ​This is not a good thing because:​

    1. We cannot tell who currently is logged in remotely, so if another developer wants to change something on the server, we can't work out who is on it.
    2. This is particularly the case where a lot of the servers don't allow multiple concurrent users, so we need to know who to disconnect or kick to free up a remote connection license.
    3. A lot of applications are installed as 'administrator', and no one end up remembering what they installed, and thus the administrator profile is loaded with applications that most people don't use.
    4. If you check in/check out files from Source Safe, it may end up using the administrator account - which means we can't work out who made a change in source safe.

    So log on using your own domain account.

  12. Do you know what to do when running out of disk space?

    This is how you free up more disk space on servers:​
    1. Check sql backups
    2. Check sql logs
    3. Use TreeSizePRO to find disk spaces issues
    4. Use ​CCleaner to automatically clean any temporary or junk files on the server
  13. Do you know when to scale out your servers and when to keep it as a standalone server?

    You should use virtualized standalone servers because:

    • If one server goes down it does not affect other servers (e.g. a centralized SQL server fails and brings down: CRM, TFS, Reports, Web Server)
    • You can just copy the VPC to another computer and it just works, no need to worry about reconfiguring the SQL connection string or web services
    • You can just backup the VPC

    However, you should scale out your servers if:

    • You want the best performance (e.g. A different server for SQL backend and Web frontend)
    ​​
  14. Do you send notification if you cannot access essential services?

    Some of the network services, like TFS/Exchange/Database are essential for our business and people will not be able to work if any of these services is down or inaccessible.
    When such thing happens, the first thing you need to do is to send notification to SysAdmins so they can start investigating the problem, and you should cc your project manager because those issues will stop you getting tasks done.

  15. Do you use ANAME record?

    What is ANAME record? ANAME record is an alias record that allows you to map the apex record or any other record within your domain to a target host name, essentially a CNAME record for the apex record. ANAME record is especially useful for when you have multiple domain names and your website is hosted by a provider that changes it's IP Address, this does happen quite regularly with WPEngine. Many DNS service provider does not support ANAME record, however,​ DNSMadeEasy has made this service available.

    Configuring ANAME is as easy as configuring CNAME. Let's have a look at DNS records for adamcogan.com.au, DNS records contains apex record for adamcogan.com.au and a www.adamcogan.com.au. The apex record uses ANAME, while CNAME for www.adamcogan.au - now we will never have to worry about updating these records, they will follow the DNS records of adamcogan.com. DNSMadeEasy also provides Real-Time Stats are available showing how frequently your​ DNS records are requested. Let DNSMadeEasy as your delegated DNS!

    ANAME_adamcogan.com..au.jpg
    Figure: DNSMadeEasy - DNS Records for adamcogan.com.au points to adamcogan.com
    Read more about Do you use ANAME record?
  16. Is your wireless hardware reliable

    When purchasing new network hardware you should always choose the most reliable option. ​

    LinkSys
    1.    Linksys is the best.
    Google Answers helped in our decision - Linksys is the safer choice based on user ratings. http://answers.google.com/answers/threadview?id=2588 


    Netgear
    2.    Netgear is OK.
    The hardware works, the drivers work, and the support is excellent. However they tend to be “simple” devices. They generally lack advanced features and are aimed more toward the home user market. 


    DLink
    3.    DLink is NOT recommended. We will never buy this brand ever again
    They tend not to last longer than the warranty period


    It is recommend keeping the firmware on all routers up to date  in order to mitigate against security vulnerabilities​.

    More Links:

    •    http://compnetworking.about.com/cs/wirelessrouters/tp/80211ghome.htm
    •    http://reviews.cnet.com/4566-3265_7-0.html?tag=srch&orderby=-7eRating&qt=&sort=edRating7+desc​​