Twittering for Non-Profits

Much fiddling with Twitter. One thing that is great about Twitter is that it more or less seems to pass the five minute test. Two resources to help get past Initial Euphoria, and move to Potential Productivity include O'Reilly's The Twitter Book.

There is also a pretty good on-line guide at FastForward,, albeit with a more corporate orientation. I admit that I cringe when I see tweets like "Insurance industry finds value in social media". Oh goody. But there is a lot of provocative theory there which suggests why Twitter might be a great way to leverage awareness of your non-profit "brand".

One thing that makes Twitter so cool is that they published their application programming interface (API) early on, thereby enabling third-party programmers to cook up all manner of search and ranking tools that can sample and mine the tweet stream. This is a terrific example of a company who took a simple idea, maintained control of the idea, and yet allowed others to add value to it. And Twitter the company was recently valued at 1 billion dollars. Not bad for a company with no revenue yet.

Here are several Twitter search tools... mostly shamelessly cribbed from The Twitter Book

What The Trend http://whatthetrend.com
Twitscoop http://twitscoop.com
Twopular http://twopular.com
Twitters own Advanced Search found as a link near the search box on the normal twitter search page.

For some examples of what non-profits are doing with Twitter, there is a discussion on Mashable. Other comments and ideas are on Beth Kanter's blog,"How Non-Profits Can Use Social Media"

Cloud Computing Redux

A year or so ago I railed against the cloud. Or rather, I railed against the paid cloud. Notwithstanding the fact that even then I was already paying for the cloud.

The subject came up during the Freedom To Connect conference. We were sitting around having lunch, several pretty hard-core networking types and somebody was grousing about cloud computing. "It's not secure!" "It's slow!" "What if you're not connected to the Internet?", (this at a conference of which the entire point was being connected all the time at ultra-high speed). But, I'm Cloud-Boy.

web site	hosted at my ISP
eMail	hosted at my ISP
virtual disk	iDisk hosted at MobileMe
project management	BaseCamp
time cards	Harvest
Calendar	Google Calendar
RSS reader	Google Reader
word processing	Google Docs (occasionally)
invoicing	QuickBooks via eMail

Then there are the mandatory online applications when dealing with the federal government:

• Employee withholding and tax payments
  
• Applying for federal grants at Grants.Gov
  
• NIH Commons for managing those grants once you've got them.
  
• Electronic Funds System for drawing down funds.

Unfortunately, our state of Vermont is far behind... they actually require paper for virtually every step of the grant application and management function. Hmm....I wonder if you can file for a gay marriage license online?

I guess the point is that you'd be nuts not to take advantage of some hosted applications, and even if you are dead set against the cloud, you might be using something in the cloud and barely realizing it.

As usual, the MobileMe suite of applications from Apple have a little extra. Theoretically at least, you can sync your Safari links, and dashboard applications. (I still can't get the dashboard apps quite right). The iDisk is effective in that it essentially mirrors one or more folders that are present on a particular machine, my desktop iMac for example, and replicates that disk to one or more other machines. (can work for Windows too...although I haven't tried it. ) The neat thing about the iDisk though is that there is still a local copy of the folders on each machine. This unloads many of the objections to Cloud Computing...the notion that if you aren't connected, you don't have access to your files. True disk transfer happens at "FTP" speeds, so sometimes it takes awhile to sync with the cloud.

Freedom to Connect -- Manifesto

I'm beginning to figure out that Freedom To Connect is a conference of people who espouse the following principals (with reservations by some).

1. Just as we first served homes with copper wire for electricity, and then copper wire for telephone service, we are now at an historical juncture where we should serve homes with fiber optic cable. It will actually cost less than either of the first two, because the poles and infrastructure are already in place for putting fiber into homes. Applications that would be supported by fiber include (but are by no means limited) to:

• The Smart Grid, or "infotricity" a two-way connection between the power company and home appliances, water heater, air conditioners, and furnace that would automatically smooth demand for electric power throughout the day. This would result in a projected saving of 25% of the current base power load and eliminate the need for new coal and nuclear power plants.
  
• "Triple Play", cable TV, telephone and high-speed internet service.
  
• Telemedicine, Telehealth and Distance Learning applications via two-way interactive multipoint videoconferencing
  
• Security monitoring
  
• Tele-Presence -- viewing a neighbor or relative (located next door or across the globe) in their home to share photos, stories, grandchildren, whatever.
  
• etc. ad. infinitum.

2. The notion that wireless technology is somehow a substitute for FTTH should be disabused. It is a necessary and desirable supplement, but not a replacement for FTTH.

3. Many believe wireless is actually twice as expensive to install and manage rather than fiber for the following reasons:
a. Wireless towers and transmitters still must be served by a fiber connection. ("backhaul")
b. Wireless requires substantial density to provide effective coverage.
c. Wireless is subject to interference, (leaves, weather, etc).
d. Wireless technology is volatile and becomes obsolete quickly.

4. There are many definitions of "under-served" populations. However, DSL technology with something like 320KB up and 1.5 megabits down does NOT constitute "broadband" in any meaningful sense, nonwithstanding that it is an improvement over dialup.

5. A working definition of broadband would be, at a minimum symmetrical speeds of, say, 20 megabits, (both directions), at the equivalent of $60.00 per month or less.

6. Under lobbying pressure (corruption? payoffs?) no less than 15 states in the U.S. have actually passed laws that prohibit municipalities or citizen groups from creating and forming their own broadband utilities. Examples cited in our meeting this week (Lafayette LA, and Glagsgow KN), described debilitating litigation initiated by incumbent phone and cable companies to shut down efforts to provide muni wireless and fiber networks. After the dust settled, the incumbents reduced their rates by three quarters when they had to compete with the municipality. So, unfortunately, incumbents must be seen as the enemy, until proven otherwise.

======================

Personally, I think this has parallels with other current battles.

• We can't have single payer healthcare because it would hurt the insurance companies.
  
• We can't have high-speed broadband, because it would hurt the incumbent cable and telephone companies.
  
• We can't have realistic fuel-economy standards because it will hurt the car companies.
  
• We can't get loans, because the banks won't lend any of their multi-million dollar bailout money.
  
• We can't have affordable higher education, because it would hurt the educational institutions (and the athletic programs).
  
• We can't find out who is responsible for the policies of torture and rendition, because it would "damage" our government's credibility and reputation.

Oh well. Might as well go back to watching television.

Freedom to Connect - Day 1

Free to Connect (F2C) is being held at the American Film Institute's Silver theater in Silver Spring Maryland, a suburb of Washington DC It is an exemplary demonstration of how to hold a no-frills conference... skeleton (but highly competent) conference crew, judicious outsourcing of food and reception, in a compact venue which offers lots of opportunities to meet the other attendees and presenters. The presentations are being streamed on the web, and there is an interactive Campfire chat which is projected next to the PowerPoint slides and which can be monitored by the speakers so that questions can be taken from outside the conference. As might be expected, the interactive chat is a mixture of serious comments and snark. Its a little disconcerting to type and see your comment projected full screen twenty seconds later.

About 250 participants. We were invited to bring our wireless laptops, and looking at the audience during my own presentation it seemed that well over 70% of the audience machines were Macs. We used my own Macbook for my presentation and the colleagues in our session; two were PowerPoint presentations that we ran in Keynote after listened to catcalls as Parallels tried to boot up Vista. Balance seems to be a mixture of Dells, IBM/Lenovo and a few netbooks. Acer Aspire, etc.

David Weinberger is live-blogging.

Session 2: Net politics and other applications
Ellen Miller, Sunlight Foundation,
Nathaniel James, Media and Democracy Coalition,
Larry Keyes, Telehealth via Broadband, and
Eva Sollberger, Stuck in Vermont Video Blog

4th set of presentations. Chris Savage is a lawyer, had a really interesting talk about the death of the Chicago School and how right now there is a unique opportunity to retool regulation to make it more consumer friendly.

Derek Slater - Google policy analyst. Talking about �Measurement Lab� an open platform for researchers to make measurements of internet bandwidth and for consumers to figure out what their internet speed is. There is so much we don�t know how the internet is performing. Could we fund some servers at the University that would host the Measurement Lab applications?

John Peha - FCC chief technologist. Mythology of Rural Broadband
1 in 3 households do not have access to wired broadband at any price.
Broadband has positive benefits for communities who have it, even for members of those communities who don�t subscribe.

Unserved communities don�t gain from broadband, and broadband installed elsewhere can actually degrade things in unserved communities.

Comment: Government should write the rules so that it easier to do the right thing than the wrong thing.

Technology neutrality is something to aim at.

The people who are comfortable with technology are the non-engineers they just use what works.

Comment: Technology neutrality is a false mantra.

Amy Wohl -- �recovering Chicago School economist.� When govt. attempts to fix mistakes by the market there is a lag.

---

The conference takes place on Monday and Tuesday. I arrived Saturday afternoon at Reagan airport and took the Metro to Silver Spring. Sunday, I ran around the mall. The Holocaust museum was jammed with school groups. I didn't quite know what to expect, I rather thought it would be like going to a cathedral in Europe, but it was more like the science museum. To get to the regular part of the exhibits you have to get a ticket and you are assigned a time. Because of the crowds mine wasn't until two hours later. I spent 90 minutes on the lower level looking at an exhibit of Nazi propaganda, and after that, I was done. Why people bring small children to this museum is beyond me.

I also went to the Native American museum, (outstanding kayaks) and the National Gallery. The Smithsonian museums are truly a national treasure..and they are all free.

Tom Friedman at the Freedom to Connect Conference

I'm at the Freedom to Connect conference, Thomas Friedman gives a keynote speech drawn from his latest book Hot Flat and Crowded. Notes:

Khakis, white shirt, tie. Looks shorter and younger than I expected. :-)
Turns out he lives in Bethesda, so it is just a quick ride on the Metro.
Based on his book Hot, Flat and Crowded.

Looks at the running chat -- �What the f*ck is that?�

Takes off shoes.
Someone immediately posts a photo on the interactive chat.

Motivation to write the book was that �we lost the groove of our country�.

New unit of measure -- the Americum == 300 million people living like Americans

First Law of Petro Politics:

Price of oil has an inverse proportion to the pace of freedom.

Moderated a panel between Al Gore and Bono.

According to the World Bank, 1.6 billion or 1/4 of all humanity have no access to electricity.

Loosing a species every 20 minutes. We are experiencing the biggest loss of biodiversity.

An incredible list of opportunities masquerading as a series of disasters.
Solution to the problems of climate change, poverty, (and everything else) is abundant cheap reliable energy.

The country which dominates energy technology will be the leader going forward. This country has to be the U.S.

You�ll know it is a revolution when somebody gets hurt.

American golfers get 41 miles per gallon, based on the number of miles walked per year (900) and the average amount of alcohol consumed. (22 gallons) (LK: does this statistic factor in the lower efficiency of ethanol?)

The difference between technology and commodity.
Wind, nuclear solar, etc. are technologies == the more used the price goes down.
Fossil-fuels are commodities. == the more used, the price goes up.

Change the leaders, not the light bulbs.

When we leave Iraq it will be the biggest transfer of air conditioners known to mankind.

BANANA = build absolutely nothing anywhere near anything

Smart grid --> Smart home --> appliances automatically day trade electricity --- stores power in electric car battery.

The future is here it is just not widely distributed yet.

I love being a reporter. It is a noble craft.

Conference: Freedom To Connect

Another plug for the Freedom To Connect conference to be held in Washington DC March 30th and 31. To crib from the home page.

F2C 2009 will tell the story of:

• on-line, network-enabled industry and culture, new jobs and sustainable growth
  
• Burlington VT, where muni fiber enables business, artistic endeavor, and new telemedicine
  
• how Lafayette LA�s community came together as it built its muni fiber network
  
• the twin cities of Cedar Falls and Waterloo, Iowa, where one twin has a muni net, and the other doesn�t
  
• how municipal CIOs are planning for Seattle, Portland and San Francisco municipal fiber networks
  
• city nets, wired and wireless, that didn�t work � what went wrong and what that teaches
  
• what Obama�s infrastructure and economic recovery plans mean for tomorrow�s network
  

Revisiting

After more than two years, a former and much loved non-profit client called for some help in sorting out their donor database. That's another story which may be worth telling, but I was interested in seeing how they have weathered the economic downturn, and how some of the networking decisions that we took some years ago have held up. They have a main office and several field offices scattered among three counties. They have about 55 employees.

1. By the time I had left, most of field offices had a broadband connection. That work was completed, and each office now has a DSL broadband connection, either from a local ISP, or from Fairpoint (the company who bought the Verizon landline and consumer data service in the three northern N.E. states). After working with it for a couple days, I'd say performance is OK.. although today, curiously, there was a twenty minute outage.
   
   
2. With broadband available, they how have remote access software going to EVERY computer in EVERY office, as well as their central file server. Much desktop maintenance that required an on-site visit, can now be accomplished over the wire.
   
   
3. Electronic mail accounts are hosted by the local internet service provider. People use Outlook or Outlook Express as their desktop eMail client....and access their eMail account when away from the office via webmail.
   
   
4. They refreshed their desktop hardware with Dell Optiplexes that were donated by a local large employer. Although the machines are hand-me-downs, they are more than adequate for eMail, web browsing, and running the database application. The donor also gave them several laser printers that were only a few years old. Everyone is running XP, with Office 2007. (Without prompting, they said that Office 2007 is fine.) They have Norton Anti-Virus which is managed from the file server. No less than three of the staff said, in casual conversation... "well, I do have a Mac at home". I nodded toward my Macbook, running Parallels, wondering if this turns out to be a longer term gig, if I will need to get a new Windows laptop.
   
   
5. Their Dell file server is probably going on five years; but it is built like a tank, with RAID drives, and the original HP backup tape system. They have HP Procurve 2124 ethernet switches, and HP continues to keep replacing them under a lifetime warranty, when the fans go bad. I think we've replaced two or three switches with this client, and a couple of them with other clients. It takes one phone call.
   
   
6. Several old battles were, well, old, if not forgotten. They have made their peace with a state-mandated performance data application which gave us all fits for years. The Executive Director attributes this success to attentive support from the state agency which mandated the system.
   
   
7. If there is one especially popular non-business application being used by the staff, it is streaming audio. In fact, today, the first indication that there was a glitch in the internet connection was when a staff member came in and asked why her "radio" wasn't working.
   

In short, it Just Works. I think this is attributable to the existing staff who have educated themselves over the years, and new staff who have come on board with full expectations of a functioning network and desktop workstation and how to use it. Add in some longstanding support from management who recognize the value of investing in technology and training, and the efforts of the current part-time network manager who keeps it all humming.

NPower - Network Documentation Template

NPower Seattle has a Network Documentation Template which is in Word. This is a great start for documenting your computer network. The file is called SBS2003template.doc which suggests it might have been modified by one supplied by Microsoft, and it includes inserted Visio files to show the networking diagrams. If you are a MS shop this will work out of the box. If not, you can easily modify it in OpenOffice, or Pages, or whatever. The object of documenting your network is not necessarily perfection...but to have something to give you a clue when things start going haywire.

Email Transition: Verizon to Fairpoint

All of a sudden I've lost eMail contact with lots of friends who had verizon.net eMail accounts as Verizon abandons their landlines in three New England States, and Fairpoint takes over.

There is an official site provided by Fairpoint which will help people transition... but it is for Windows only. The site checks to see what your browser and operating system are, and if you have Windows XP or Vista, and are using Outlook 2000 or later, you can download a little program (ActiveX control) which will change your settings.

If you don't use Internet Explorer, the automatic setting won't work. The manual instructions are on the next page of the web site. I had a friend go through this with a technician, and this is what he came up with.

User or Account Name:
Your new myfairpoint.net email address
Example: ([myusername]@myfairpoint.net)

POP Server: mail.myfairpoint.net (i.e. incoming mail)
SMTP Server: mail.myfairpoint.net (outgoing mail)

Account name - on incoming mail server
[myusename].myfairpoint.net

Check My Server Requires Authentication
Settings next to it. �Use Same Settings as Incoming Server�

The technician also suggested that you change the outgoing mail port change from 25 to 1025 (WTF?)

I do have Fairpoint phone mail, and this no longer picks up when I'm on the line. Sigh.

If you have anything non-windows, and non-IE (Linux, Macintosh, Safari, FireFox) , you have to use the manual instructions.

Tech Friday: Small Business Network

In a recent column �Jerry Pournelle talks about problems with the Microsoft Active Directory. �

Back in 1999 I set up the Chaosmanor domain with Active Directory on two machines running Windows 2000 Server. I knew at the time that I didn't need that complex a network, but a number of my readers did. In those days networking was hard, Active Directory was new, and many of my associates were curious about how well it would work. At worst this was another of those silly things I do so you won't have to.

Actually, it worked pretty well. Windows Server 2000 with Active Directory had some infuriating requirements, and it really wanted everything done precisely its way, but from 1999 until this year it served me well. When Windows Server 2003 came out I was tempted to upgrade to that, but there was never any powerful reason to do so, and as time passed it seemed less attractive. I had novels to write and other work to do. I was able to try several Linux-based on-line backup systems - Mirra was one of them - and those worked just fine. Of course machines were getting better, and my old servers were getting more obsolete each year.

Now he thinks that everything he knew about networking is wrong. In particular, like many of us, his experience carried over from older versions of Windows networking, which makes things a lot more complicated than they need to be these days. You can reads more about workgroups, domains and routers and alternatives to Windows networking in the column.

At Microdesign we are reevaluating our own network, that has a core server running Windows 2003 Small Business Server; i.e. relatively unchanged for the past five years. Nothing has really changed as far as our core requirements are concerned, except there are several of us working from different offices, and on occasion when traveling. We increasingly collaborate on projects with partners who are outside our company. Our requirements parallel many small businesses and non-profits with 2-50 computer users. Here are our "legacy" requirements:

1. Common file sharing area where multiple users/machines can access the same document
   
2. Absolute trustworthy security of those files
   
3. eMail and calender - available from anywhere on multiple devices
   
4. Shared printing, from multiple machines to single printers.
   
5. Reliable backup�

Those modest requirements suggest a file and print server based in the office, connected permanently to the internet, with printers shared off of the file server, and some kind of backup scheme (tape or additional hard drive). The network diagram which fulfills these requirements is essentially unchanged from the 1990's.

Even with a server-centric network our advice to clients has always been to use the facilities of an internet service provider for two applications; eMail and the outward-facing (public) web server for the organization. �We (still) recommend having eMail outside the organization to provide greater reliability, ubiquitous access via the web, and industrial-strength spam control. We recommend the organization's public web site be hosted outside the organization to provide 99.99% uptime, and to take advantage of higher bandwidth typically provided by an hosted provider.�

So, what has changed? Two things; disk storage and broadband. Broadband, or rather cheap broadband, has made it possible to reconfigure things so that the cloud �can now substitute or supplement a file server. With individual personal computers routinely having disk drives of 250 gigabytes or larger, the original�justification�for "server as giant hard disk" is falling away.�

Along with hardware improvements, there are now a host of inexpensive applications available on the internet that can supplement or replace software that used to require a file server. Basecamp is one example that can be used for project management and shared file storage.�

A more modern interpretation of the legacy network diagram puts the cloud at the center of the network.

So, I'm wondering whether to replace my file server. The server is no longer the be-all end-all of my network. Like Jerry, I don't need a domain login mechanism. I barely use my printers, and those are attached directly to the local network. The small business server's eMail, and web hosting have always been done off-site. The server does offer SharePoint, which is a capable platform for Basecamp-like project management, but Basecamp is about $12.00 per month, and it took about five minutes to set up. And, now that we have been invaded by the Macintosh monster...there are more reasons to find, (or at least evaluate) a cross-platform solution for our application needs.

MobileMe - Synchronizing Macs

I've been intending to sketch out my whole synchronization scheme which keeps multiple applications synched between two Macs and the rest of the world, but it is so complicated that just documenting it has made me want to rethink. In the interim, I noticed yesterday that a bunch of changes that I had put into my address book on the MacBook didn't get synched to the iMac, and after a lengthy chat with Apple's MobileMe tech support the answer appeared to be nothing more than logging out of MobileMe on the laptop and then logging back in.

One trick with synching with MobileMe is to strip down the applications, so that you are only trying to sync one thing at a time when troubleshooting. Right now I've only got the contacts synching.

If one forgot that you can actually log into your MobileMe account from a web browser, one should be reminded of that helpful suggestion, as you can check whether your sync changes reach the the "cloud". Obviously (in hindsight) if you make a change in iCal on one machine, and do a sync, the changes should appear in the copy of your files in the cloud, before any other machine can sync and download the changes.

Windows vs. Linux - Open Source vs. Commercial

I got sucked in to a bit of back and forth on our local Linux/Unix list a couple days ago and wrote:

Ten years ago I was consulting for a multi-national education non-profit, and I discussed with the systems manager the notion of using open source...in particular I was talking about replacing their Windows 2000/NT servers, with Linux. This would have been a logistical wrench, not least because they had several client/server applications that used SQL-Server as the back end. His point was that as an educational institution, they got such good discounts on any proprietary software that the amount spent on the software was a miniscule percentage of their IT budget. So, there was no economic benefit, and certainly no performance benefit that justified such a change.

Later that year I was doing an inventory of their machines at one of the european sites and couldn't find the terminal server box. Turns out this was a Linux box running VMC or something and it had been bricked up in a wall during a recent renovation, and been merrily running, unseen, for several months.

So, the moral for me was, use what works. At the time I actually got them to go from running four O/S's in the organization to two, Windows, and the aforementioned Linux. We dumped Macs in one site, and Novell in another, and my advice to subsequent clients was to run one and only one OS in the organization.

I'm happy to say that they didn't all run Windows.

NAT with videoconferencing etc. etc.

The wiki documentation for Ekiga has a nice discussion of how to deal with routers when using SIP and H.323.�

Browsing with Google Chrome does indeed seem a little more rapid. I'm not sure I'll migrate from Firefox, but I like the clean look, and so far it seems to work flawlessly. ��

Newbie Guide to Asterisk Pitfalls

The good folks over at Nerd Vittles continue to hack away at Asterisk, and publish a terrific blog. Their May 12th posting is great. Asterisk Hell: A Minefield Navigation Guide for Newbies.

MaintainIT Project

The MaintainIT project has a focus on running public computers with an emphasis on small and rural libraries. This is a subproject of TechSoup the venerable and wonderful site for non-profit computing.

Comcast Service Agreement - BEWARE

I received an updated version of the Comcast Service Agreement for end-users. This is for our residential cable broadband service. This currently costs $67.00 per month, which includes the rental of a modem, and the applicable taxes. Speeds are 6 megs down and either 384 or 768 up...depending on who you are talking to. Comcast makes it clear that this is residential, i.e. consumer service as opposed to business service. So, you are really expected to consume.

Prohibited Users of HSI. You agree not to use HSI for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "Web hosting" or other similar applications for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network.
You agree to indemnify, defend and hold harmless Comcast and its affiliates, supplies, and agents against all claims and expenses (including reasonable attorney fees) arising out of any breach of this Section including, but not limited to, any claims based on or arising out of any material violation of any applicable law.

Ports are blocked for the above-named services. But now at the end, it gets more interesting...

ADDITIONAL PROVISIONS APPLICABLE TO HIGH-SPEED INTERNET SERVICE
Comcast will provide you with dynamic Internet protocol ("IP") address(es) as a component of HSI, and these IP address(es) can and do change over time. You will not alter, modify or tamper with dynamic IP address(es) assigned to you or any other customer. You agree not to use a dynamic domain name server or DNS to associate a host name with the dynamic IP address(es) for any commercial purpose.

So, this would seem to preclude business or commercial use of applications for typical home-based businesses, i.e. VoIP telephone, Videoconferencing applications, and Virtual Private Network connections.

This sucks. Imagine if you had a telephone system that not only changed your phone number on a random basis, but prohibited you from discovering the changed number and letting people know what the changes are. This is essentially the service provided by DYNDns and similar services. Even though there is no technical reason that Comcast couldn't provide permanent fixed public IP addresses in the first place, Comcast specifically states that they won't provide them, and they specifically prevent you from applying any technological means to compensate.

For my own home office, I've decided to try the Comcast commercial offering. For another ten dollars or so per month, I'm supposed to get 6 megs/768kb, 4 Exchange accounts on their servers, web server account, and of course a fixed IP address. I'm assuming this comes with an improved service level agreement.

When I asked about what was available for bandwidth, they mentioned that in towns where they are competing with Verizon FIOS (fiber to the home), they offer 16 megabits down. But only when they are competing. :-)

Setting up remote premise VoIP or Videoconferencing

The Trixbox Wiki has a number of digestible pages of advice on how to successfully deploy a VoIP application. Here are recommendations for remote sites.

Formula for the best remote telecommuter Experience

1. Use T1 internet access at the main location, not DSL or Cable.It�s worth the additional expense in order to ensure good, steady performance at your main location.
   
2. If your routers and/or firewalls support QoS features, activate them. Give priority to the SIP and RTP protocols. Consider replacing equipment that lacks VoIP-aware QoS features. See Also: How do I use QoS on my network?
3. Consider using one of our Suggested Routers with QoS on both ends of your connection.
4. If your QoS solution allows you to limit total bandwidth, set the limit to slightly less than the line speed of your internet connection. Use a DSL line speed test to determine where you should set your limits. Setting it about 5-10 Kb below your maximum speed will keep the packet buffers from filling up on your DSL/Cable modem. This will yield better overall performance.
5. Consider having two internet connections� one for your existing data application, and one for your VOIP phone and trixbox Pro servers. You can use this approach in your main location, as well as your remote locations. If you use this approach, you may not need any QoS capable equipment.
6. If possible, connect your main office and your remote office using the same internet provider. Usually performance on the same provider�s network is superior to the performance when traffic needs to traverse multiple internet backbone networks.
7. If possible, remove NAT devices between the trixbox Pro system, and the remote telecommuters.
8. If you must use a NAT configuration, consider using a �DMZ Host/Server� configuration rather than port forwarding. This uses less CPU power in the router/firewall and yields optimal performance.

   1. At the main location, the setting will forward all unknown packets to your trixbox Pro server.
   2. At the remote locations, the setting will forward all unknown incoming packets to the IP Phone.
   3. Reserve the phone�s IP address in DHCP or give the phone a static IP Address on your private network in the remote location so the IP Address does not change. If you use a static IP Address, pick one outside of your dynamic DHCP IP Address range.

9. For mission critical remote employees, consider using a fractional T1 internet service at the remote office instead of a Cable/DSL connection.

Tech Friday: Troubleshooting Windows Firewall

Tech Friday is the day when we get bogged down in technicalities.

Dynamic DNS Redux

Today I've been doing some further research on Dynamic DNS, and indeed I found out that Wednesday, I was actually playing with the Unix/Linux version of the the DynDNS updater. They have a more conventional Windows client available with a nice graphic interface. It still does the same thing as the earlier one does, and it can install as a Windows service.

Firewall Issues

The Windows XP SP2 firewall can be managed locally on the XP Workstation through the Control Panel applet, via the local Group Policy, or via a domain group policy. When running into problems with the firewall, often the first problem is to figure out just where the settings are coming from. Microsoft has provided a handy guide on troubleshooting the Windows firewall, using familiar tools like netstat and netsh. For example, the following command will display the firewall status, and show where the settings are coming from. Note the returned results in my case show that the workstation is controlled from the Domain under the Group Policy.

C:\netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable

Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
1052 UDP IPv4 C:\WINDOWS\system32\spoolsv.exe
26675 TCP IPv4 (null)
67 UDP IPv4 (null)
135 TCP IPv4 C:\WINDOWS\system32\inetsrv\inetinfo.exe
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
38293 UDP IPv4 (null)
443 TCP IPv4 C:\WINDOWS\system32\inetsrv\inetinfo.exe
443 UDP IPv4 (null)
445 TCP IPv4 (null)
37674 UDP IPv4 (null)
37675 UDP IPv4 (null)
37674 TCP IPv4 (null)
2869 TCP IPv4 (null)
1900 UDP IPv4 C:\WINDOWS\system32\svchost.exe
2967 UDP IPv4 (null)
990 TCP IPv4 F:\Program Files\Microsoft ActiveSync\rapimgr.exe

Additional ports open on Local Area Connection:
Port Protocol Version
-------------------------------------------------------------------
427 UDP Any


C:\

The Microsoft network troubleshooting white paper describes several additional troubleshooting tactics and is recommended.

For a cookbook approach to the Windows command line, check out the Administrator's Pocket Consultant series title Microsoft Windows Command-Line by William R. Stanek.

Dyn DNS clients

Looking for a client for Dynamic DNS. This is a program that goes out and pings the DynDNS web service and tells it what your current IP address is.

DynDNS runs a service that will tell you what your current public IP address. This is handy...in any web browser just type http://checkip.dyndns.com.

DynDNS recommends using software clients to do updates, although the functionality is embedded in most home routers.

...[I]n practice we have found that router based clients just don't provide the same level of reliability and user experience as software clients. For this reason, our current recommendation is that customers use a software client whenever possible, even if their router has a DDNS client built into it and even if that DDNS client has been certified by us.

Using the command line version of inadyn, I tried the following which does a one-time update:

C:\DynDNS_Client>inadyn --username myname --password mypass --alias mydnsname.gotdns.com

This returns the following:

INADYN: Started 'INADYN version 1.96.2' - dynamic DNS updater.
I:INADYN: IP address for alias 'mydnsname.gotdns.com' needs update to '24.61.26.209'
I:INADYN: Alias 'mydnsname.gotdns.com' to IP '24.61.26.209' updated successful.

Now, of interest here is that the one time update does not simply execute and then return to the command line....in fact it creates a loop that executes repeatedly. By default this appears to be one minute, and what happens is that program first does an ip address update. On subsequent passes, it first sends a query to checkip.dyndns.org and compares the results with the stored IP. If they are different then it will perform another update. This is more evident if you add --verbose 5 to the command line; you'll get a printout as the program goes through the steps.

So, I'm going to try installing this as a software service on my XP workstation; and disabling it in the router.