Sorry for the lack of updates, but I haven’t had as much to blog about tech-wise. A month ago I did a 5 day SCCM 2012 course, and this week I’m doing a 5 day Lync 2010 course. They’re both great Microsoft products, and I’ll probably talk more about them both soon.

SCCM 2012 (which Microsoft want people to call ConfigMgr 2012) is quite a polished product, and I will be going live with it soon. The only missing part for me is Windows 8 and Server 2012 compatibility, which won’t be available until SCCM 2012 SP1. That’s currently in beta, but not expected to go RTM until very early next year.

Lync 2013, Exchange 2013, SharePoint 2013 and Office 2013 have all just gone live in TechNet and VLSC (Volume Licensing Service Center) which means there’s a lot of new stuff going on. KMS isn’t available for Office 2013 yet with an ETA of 6th November 2012, but as soon as it’s out I’ll get it working and blog about it due to it being a popular topic with Windows 8 and Server 2012.

Looking forward to writing some more exciting updates!

My Solution to Online Password Management

Today’s blogpost is about password management. I have (what I think) is a good solution that means you’ll only need to remember a few small details for all your online passwords.

An entirely unexciting topic for most – including myself. You’ve all heard and possibly uttered phrases such as ‘the longer the password the better’ and ‘use complicated passwords’ which are of course true. Here’s a blurb taken from Intel’s Supplier Password rules via https://supplier.intel.com/Auth/PasswordRules.asp :

In order to protect your security, Intel has certain rules for choosing passwords. Please read the following rules so that you will know how to choose a good password.
The following rules apply to all passwords:

  • The password must be at least 8 characters long.
  • The password must contain at least:
    • one alpha character [a-zA-Z];
    • one numeric character [0-9];
    • one special character from this set:
      ` ! @ $ % ^ & * ( ) – _ = + [ ] ; : ‘ ” , < . > / ?
  • The password must not:
    • contain spaces;
    • begin with an exclamation [!] or a question mark [?];
    • contain your login ID.
  • The first 3 characters cannot be the same.
  • The sequence of the first 3 characters cannot be in your login ID.
  • The first 8 characters cannot be the same as in your previous password.
  • Passwords are treated as case sensitive.

*yawn* Please don’t give up on this post yet, I do have a point to make! Now, the next commonly quoted rule is ‘never usethe same password on multiple sites’. So, how do you remember the wacky combination? XKCD has half the answer:

Via http://xkcd.com/936/

Great for a single password, but again how do we manage 100’s? Many people use databases such as KeePass, or notepad files inside encrypted zip files with another password on top. Cumbersome in my opinion, you don’t want to have to go checking for passwords each time you log in somewhere. There’s also other solutions that save the websites, usernames and passwords in a centralised location – a big risk in itself I say. So, here’s my two layer solution:

1) Have your own email domain, and use a different email address for every single site you sign up to. On top of that, make the email address something that always identifies with the site.

For example, I could buy the domain passwordssuck.com, set up Google Apps with it, and have a catch all. This means I can tell people I like an email address like “[email protected]” but also if I were to sign up for Blogger, I could use “[email protected]”.

Why do this? The first reason is spam. If you sign up to a site that gets compromised, or sells off email addresses, the most likely impact to you is getting a bunch of spam. If you no longer use the site, you can blacklist the email address you signed up with (in this example, [email protected]) and you’ll never see spam on that address again. If you still use the site, you’ll have to either live with the spam that gets by any spamfilters, or change your email address. I don’t like the idea of changing it, because for this overall formula (coming up!) to work, you just want to look at a site and immediately know what the login is.

The second reason – again if the site gets compromised, is that your email address and password combination are now useless anywhere else. Even if you used the same password anywhere, the email address to log in is a one off.

2) The password part. You need a formula. Once you remember the formula, you don’t need to remember anything else.

You can adjust this how you like, but I’ll give an idea of a decent formula (and no, this isn’t exactly what I use!). First, come up with two words. Let’s go with ‘keyboard’ and ‘mouse’. Now, let’s use some special characters. Now we have ‘K3yboard’ and ‘mou5e’ – these will never change.

Between our two words, let’s go back to the site we’re on. Blogger.com. What I’ll do is take the first and last letter of the domain. B and R. We’re going to put this in between our two chosen words. ‘K3yboardBRmou5e’ – but let’s get even trickier! Instead of B and R, we’ll go up two letters in the alphabet. B goes to D, and R goes to T.

Now we have ‘K3yboardRTmou5e’ as our final password. This means, when I go to blogger.com and think ‘hmm what’s my username/password’ it’s going to be “[email protected]” and password “‘K3yboardRTmou5e'”.

Youtube.com? That’d be “[email protected]” and “‘K3yboardAGmou5e'”

If someone obtained your credentials for Youtube, there’s no way these details will work anywhere else. If someone targets you specifically for some reason, they’re still going to need to know your formula. They have no idea which parts of your password are static, and which change, and even if they thought the AG was the bit that changed, they then need to work out what that means.

In summary, once you remember your formula, that’s the last thing you’ll need to remember. You don’t have to go down the full path of having a different email address for each site, but I’d put a bit more work into varying your password formula.

If you have any feedback on the above, or think it’s a terrible idea for any reason please let me know!

Integration fundamentals – What to Avoid

An opinion piece here, so please poke holes and post criticisms below.
Lately I have been going through a lot of system changes at work. That is to say, more than normal, and most at the early stages. We’ve been stuck in a state of limbo, mainly because the several systems we want to upgrade or change all talk to each other in one way or another. I’ll first briefly outline one house of cards, and then move to what should have been done better, generally speaking (or typing as the case may be).

We are on Exchange 2007, and want to go to Exchange 2010. That’s not too difficult you may think, you can build your whole new Exchange environment and move a few mailboxes over for testing, then just do a mass mailbox migration over the weekend and everything’s great.

This would be true, if several other systems weren’t leveraging off of Exchange 2007. Firstly, voicemail. Our phone system will pass unanswered calls through to the Unified Messaging Exchange 2007 server, which means we need the same functionality in Exchange 2010. How do we even test this? We need to contact our PBX support, and pay for changes back and forth out of hours. It’s not something we can easily do without business impact. Then, the PBX has no official support for Exchange 2010, so if something doesn’t work or goes wrong we’re fairly stuck.

Then, we’ve got the same problem with faxing. It goes from our PABX via Unified Messaging. Both of these services are considered business critical.

At the same time, we want to change our PBX system. So we’ve got the above problems in reverse, but on top of that we use OCS 2007 R1 which also needs to get upgraded. So now, we need to deploy a new PBX system, integrate it with a new Exchange environment, which in turn is integrated with Lync to replace OCS, and that talks to the phone system for both making/receiving calls and precense.
Now, because we want to change our PBX system we may need to also change our switch infrastrucutre because if we keep what we have, and went with a provider such as Cisco, they would say that they won’t support what issues happen with vocie quality if the switches aren’t theirs. Our switch infrastructure is up for renewal anyway.

I could go on about this with several other systems that are tied in, but hopefully the above is starting to paint a picture.

When integrating systems, think about how the OSI 7 layer model works. Refresher: each network layer can talk above and below it, regardless of what it is. This means that anything that gets changed in your network environment should work, if it meets the standards. You can swap a network card over, and everything else above it will work exactly the same way as before (drivers pending). You can swap a centralised switch, and it will continue to pass the packets of data around like the old switch did. Your application can talk to anything else on the network when anything below it gets swapped over. Hopefully that shows what I’m trying to say…

Where possible, use standard protocols or single supplier solutions. If you’ve got something that needs to send alerts out, go for simple SMTP emails. Everything supports it, and little to no work should be required when you have to change something. If they won’t support standards like SQL databases of either the latest version or the version before, you should hear alarm bells ringing.
If you need two seperately supplied systems to talk to each other, get each company to show proof they support the other, and will in the future. There’s no use 3 years later saying that company X would say it would work.

This should be the case for any system implemented – think about the future and what would happen, and what might go wrong if you have to swap out any part of it.

How I started in I.T.

I thought this would be a good discussion point. I’m sure we have some readers who have a passion for I.T. but may not know where to start for their career, and there’d be some interesting stories on how some of us managed to get our way into the industry.

Personally, growing up I wasn’t really sure what I wanted to do – but I did know that I liked computers, and spent a lot of time on them from a very young age. My Dad was a computer technician in the hardware and building PC’s sense – so I sort of assumed I’d do that. After doing some work experience with him, and being put on a production line (he was higher up than that) being told to sort out a box of screws to different sizes, I decided I probably didn’t want to be a computer technician after all.
After finishing high school, I then had an opportunity to do two weeks work at my Dad’s new place of employment, where he was the systems builder and tester. I was excited to be earning $13 an hour back in mid 1999 but the job was pretty much just building PC’s out of components, installing an image and testing that the basics worked. Again, it put me off being a computer technician, but I had no idea what else to do.

I then decided I’d do a TAFE course in Diploma of I.T. It would take 3 years to do, and from what I can remember, the first lessons I had were: Programming (something I knew I didn’t want to do), Networking (Interested in this but was too basic so lost interest), Flow Charts (this wasn’t what the course was called, but that’s all it seemed to be and was incredibly boring) and I don’t even remember the other two. I didn’t last long, dropped out and gave up on my IT career as I still didn’t really know what I wanted.

Jump forward 6 months, and I ended up applying for a call centre job. It paid well for a 19 year old ($28k back in late 2000) and thought I might as well give it a try and see how it went. 3 months into this job, and IT role came up in the company, to support the call centre itself. I considered applying, but missed the deadline and thought I won’t bother because I have no experience. The job came up again, as no suitable applicants had applied yet. This time I thought that I might as well give it a shot, and actually got it! From then on, my career continuted to be in I.T.

That’s how my I.T. career started, and despite my efforts, I landed a job. Part of it was dumb luck, part passion of a hobby, and partly being able to demonstrate the right skills and knowledge requierd. I had no qualifications or formal training either!

So, what can I tell you from all this? Aim to do what you want, and if you don’t know – just try something else. You might find a job you like, but even if you don’t it will open up more opportunities, contacts and experiences to help your career along.

Hopefully some of you can share your stories below as myself and others would love to read.