What’s in Your Runbook?

At least once a year, the time comes to re-address the documentation around the IT department regarding disaster recovery. One of the things I’ve been working on improving over the last two years is our network runbook. We keep a copy of this binder in two places – in our document management system (which can be exported to a CD) and in hard copy, because when systems are down the last thing you want to be unable to access is the documentation about how to make things work again. 

Here’s a rundown of what I have in mine so far, it’s in 10 sections:

  1. Runbook Summary – A list of all servers with their IP address, main purpose, a list of notable applications running on each and which are virtual or not. I also include a list of which servers are running which operating system, a list of key databases on servers and finally copies of some of our important passwords.
  2. Enterprise AD – A listing of all corporate domains and which servers perform what roles. I include all IP information for each server, the partitions and volumes on each and where the AD database is stored. Functional levels for the domain and forest are also documented.
  3. Primary Servers and Functions – This is similar to the Enterprise AD section, but it’s for all non-domain controllers. I list out server information for file services, database servers and their applications and backup servers. I document shares, partition and volume information (including the size), important services that should be running and where to find copies of installation media.
  4. ImageRight – Our document management system deserves it’s own section. In addition to the items similar to the servers in the previous section, I also include some basic recovery steps, dependencies and the boot sequence of the servers and services. Any other information for regular maintenance or activities on this system are also included here.
  5. Email / Exchange – This is another key system that deserves it’s own section in my office. I include all server details (like above) and also completely list out every configuration setting in Exchange 2003. This will be less of an issue with Exchange 2007 or 2010 where more of the configuration information is stored in Active Directory. However, it makes me feel better to have it written down. I also include documentation related to our third-party spam firewall and other servers related to email support.
  6. Backup Details – A listing of each backup server, what jobs it manages and what data each of those jobs capture.
  7. Telecommunications – Details about the servers and key services. I also include information regarding our auto attendants, menu trees and software keys.
  8. Networking – Maps and diagrams for VLANs, static IP address assignments, external IP addresses
  9. Contacts & Support – Internal and external support numbers. Also include circuit numbers and other important identifying information.
  10. Disaster Recovery – Information about the location of our disaster recovery kit, hot line and website. A list of the contents of our disaster kit and knowledge base articles related to some of our DR tasks and hard copies of all our disaster recovery steps.

This binder is always in flux – I’m always adding and changing information and making notes, as well as trying to keep up with changes that other team members are making to the systems they work with most.  It will never be “done” but I’m hoping that whenever I have to reach for it, that it will always be good enough.

October is National Cyber Security Month

Personally, I think every month should be a month people pay attention to security online, but regardless, here are some resources and blog posts to help you think about being more secure as you navigate the world online.

First, Microsoft has a whole site dedicated to online safety, don’t miss out on some tips for creating more secure passwords and using public computers.  There are even some great brochures and sheets you can print out and share at the office or with clients.

Also, check out this post by Microsoft’s Worldwide Chief Security Officer, Robert Halbheer, on “Is the online world more dangerous?” He provides a link to another great handout that addresses some myths regarding online safety.

Finally, one of the most common ways that people are exposed to online security risks is by clicking on spam.  Check out a short post on managing spam by another sysadmin that works in the trenches, The UberGeekGirl.

When it comes down to it, managing your security and safety online is not all that different from managing it everywhere else.  You already keep track of your keys and your wallet, you lock your car and your house when you leave, and you don’t leave your credit information around for people to grab.  Just do the same online – keep track of your passwords, don’t stay logged onto web services on public computers, don’t click on links that look suspicious in emails or on social networking sites and look to do business with online companies that use secure websites for transactions. 

Keep safe everyone, no matter where you are.

ImageRight Hotfixes = Happiness!

My last post about ImageRight covered two defects that we were experiencing that will not show up in the release of version 5.3.  However, since they were critical to actually viewing and interacting with images in the system, last week we received the hotfix that address both of those items.

The fix updated five DLL files on the client side and was provided to us as a self-extracting executable file that needed to be ran on each desktop.  I’m not a fan of sending executable files to my end users to click on via email, since that encourages some email habits I’d prefer to avoid.  Thus, we (meaning my rockin’ programming co-worker) repackaged the hotfix as a MSI file that I could easily deploy via Group Policy.  I tested the fix on my desktop and we rolled it out to the rest of the staff the following morning for installation at the next desktop reboot. 

One little caveat that would have been nice to know ahead of time… Once a user has the fix installed, ANY .tif document they add to the system will cause a “red X” error on a non-fixed ImageRight client.

I discovered this after installing the fix on my machine and then adding in some expense reports for processing.  I then had to go over and install the hotfix on an accounting computer so my tasks could be processed.  Going forward, that user would create documents than everyone else in the office wouldn’t be able to view until they had the hotfix.  So it’s imperative that this particular fix be rolled out en mass, so users don’t see even more errors.

Overall, kudos to the ImageRight Support team and the developers for working hard to make sure that ImageRight continues to work for us.

System Center Essentials and the Reappearing Declined Updates

I’ve been slowly spending time with System Center Essentials and one of the things that turned out to be the most time consuming task when first installing SCE is approving and declining the seemingly endless number of updates.  I’ve grouped out my servers and workstations by the operating system they are running, as well as a few other specialty groups for specific applications like SQL, Exchange, etc, that often have specific updates.  Then I went through and approved updates for each group and declined all the updates that were expired, superceded or didn’t apply to my environment for one reason or another.  (Yes, you can manually tweak which types of updates you download, but there still always seems to be something I don’t want in the list.)

All was good.  Then a few weeks later, all the updates that I declined had magically returned to my “unapproved” list.  How frustrating. 

On the Microsoft TechNet Forums I found a post from June 2010 that mentioned how the “Update cancelled or renewed subscriptions maintenance task” was likely buggy and the culprit for this problem.  Disabling this task would prevent declined updates from accidentally get tossed back into the “unapproved” list when each maintenance cycle came around.

To find the setting, open your SCE Console and select the “Updates” view.  On the right side of the Update Overview page, you’ll find a task list that includes and option to “Configure Windows Server Update Services Maintenance“.  Within these settings, you’ll want to uncheck the option to “Update cancelled or renewed subscriptions” which is supposed to “decline all updates for inactive subscriptions and change the status of all updates for subscriptions that have been renewed within the previous 30 days.” 

If you are interested in more details about what that option is supposed to do and what you might be missing out on by deselecting it, check out this blog post on the System Center Essentials Team Blog.

Coming Soon! – Chat with MVPs, Learn about IPv6 and Hang with PacITPros

October is starting out with a bang.  Here are a few upcoming events that you might want on your calendar.  Please visiting their listed sites for more information or to register.

October 5th – PacITPros Monthly Meeting – This month they welcome Chad Scott, Solution Architect with Infoblox who will be going over their DNS/DCHP/IPAM solution plus their newest solution of NetMRI from the recent acquisition of Netcordia.  Also featured will be Kenny Spade, Academic Developer Evangelist with Microsoft presenting on Windows Phone 7. This will be a sneak peak prior to the official launch date, so you will get to see the handset and OS in action.

Meeting location is at the Microsoft Office, 835 Market Street, Suite 700, San Francisco, CA 94103. Please RSVP at the www.pacitpros.org website.

October 14th – Chat About Microsoft Office and Windows with the MVP Experts, 10-11am PST -Would you like to learn more about the cool new features in Office 2010 and Windows 7 and what has changed since previous versions? Do you use Microsoft Office but would like to learn tips and tricks to be more productive at home, school or at work? Perhaps you are a new user who has questions on how to get started with Windows 7 or using the Office ribbon? Or would like to learn how to protect your computer from malware and viruses. Or perhaps you are just stuck and need answers. 

The Microsoft Most Valuable Professionals (MVPs) are here to help! The MVPs are the same people you see in the technical community as authors, trainers, user groups leaders and answerers in the Microsoft forums. For the first time ever we have brought these experts together as a collective group to answer your questions live.

MVPs will be on hand to take questions about Microsoft Office 2010 or Office 2007 products such as Word, Excel, PowerPoint, Outlook, Access, Project, OneNote and more. As well as the Windows 7 and earlier versions such as Windows Vista. In addition to Microsoft Office, the chat will cover Windows related topics such as upgrading, setup and installation, securing your PC, Internet Explorer, personalizing your computer desktop or having fun with Windows Live Essentials to share photos, make movies and more. All levels of experience are welcome from beginners and students to intermediate power users.

Please join this informative Q&A style chat and bring on your basic and your tough questions!

November 2-4th – The gogoNET LIVE! and CAv6TF IPv6 ConferenceWith IPv4 addresses predicted to be depleted within 18 months we all need to start becoming familiar with IPv6. The California IPv6 Task Force is pleased to present the gogoNET LIVE! IPv6 conference at San Jose State University to:

– Get the knowledge you need from experienced IPv6 professionals
– Learn IPv6 theory in workshops
– Make useful technical contacts in the IPv6 world

 This is the only local West Coast IPv6 event for the remainder of 2010 and it is right here in the Bay Area so take advantage of this opportunity to increase your knowledge on all things related to IPv6.  gogoNET LIVE! is a live version of the gogoNET social network that has close to 30,000 IPv6 professionals as members.

Be prepared, don’t fall behind – this is your chance to get on the cutting edge of IPv6 deployment. Visit http://gogonetlive.com for details and to register.

Getting Started with BitLocker on the QuickStart Blog

This month, I was asked to write a guest post for the folks at QuickStart Intelligence training center. I was excited that they remembered me fondly from their Windows training event this past April and was happy to help them out.
If you are looking to use BitLocker with a USB flash drive as your key storage, head over to their blog and check out what I’ve shared in Getting Started with BitLocker.

TechNet Events Presents: Deploying Windows 7

This week’s “TechNet Events Presents” event in downtown San Francisco was on deploying Windows 7.  I’ve attended sessions, blogged and presented on some of these topics in the past year and it’s still a hot topic.  There is clearly still a need to talk about the benefits and challenges of moving to Windows 7 and the tools available to overcome those challenges.

With the job market and the economy in its current questionable state, many businesses are truly doing as much as they can with less.  Sometimes that means delaying projects – if Windows XP is still doing it’s job, the deployment of Windows 7 might be waiting in the wings.

If you are just beginning to think about rolling out Windows 7 you’ll want to know about some of the tools like ACT and MDT.  Also, don’t forget about App-V, MED-V or XP Mode which may help you keep some legacy applications in play while taking advantage of the new features in Windows 7.

Here are some links to tools and resources you might like to check out:

The Springboard Series Tour takes on Europe!

Just wanted to share some information I regarding the Springboard Series Tour, scheduled to begin in late October in Europe.  If you happen to be in any of the cities listed below, don’t miss out.


Microsoft Windows, Office and MDOP Deployment Workshops 
  • Amsterdam – 25 Oct
  • Stockholm – 27 Oct
  • Helsinki – 29 Oct
  • Reading – 1 Nov
  • Rome – 3 Nov
  • Vienna – 4 Nov
The Microsoft Get On the Bus Tour is taking a winter hiatus to bring you a new tour – the Springboard Series Tour: Microsoft Windows, Office and MDOP Deployment Workshops!  Amsterdam marks our first stop on a 6-city European tour, en route to TechEd Europe, in Berlin, Germany. Are you looking to plan, pilot or deploy Windows and Office? Our workshops will cover the Office 2010, key deployment strategies for Windows 7, the Microsoft Desktop Optimization Pack, as well as show you the value of getting trained and certified in these key products. 

Learn why Windows 7 has received rave reviews from IT organizations and is setting records as the fastest selling operating system in history, and find out why so many IT Pros are ready to deploy Office 2010. Give us five hours, and you will have a clear understanding of the tools, tips and tricks you need now to jumpstart the successful deployment and management of your Windows desktop environment today. Come join members of the Windows and Office US Product Teams, as well as local Microsoft Technology Evangelists for technical training, professional networking, and real world guidance. Don’t miss your chance to attend a workshop in the 2010 Springboard Series Tour, register today at http://www.springboardseriestour.com.

Get your Tour updates first! Follow us on Twitter, @MSSpringboard

Goodbye Live Communications Server 2005

If you happen to be a regular reader of Techbunny.com, you probably know that while I’m a big user of Microsoft products, I’m still happy to remove a MS product when something from a 3rd party will meet my needs. 

In this case, it was Live Communications Server 2005 that took the hit.  We have very few users that regularly “instant message” within the office and with our recent Shoretel upgrade, the conference bridge included basic IM services that could be integrated within our VoIP desktop software.  This would reduce the need for us to manage another server VM and free up those resources for other purposes.

I was concerned that removing LCS would be a chore, but it turns out it was quite easy with less than a dozen steps.  Find them here in TechNet.  I also love the great post-removal report that was generated, as I was able to add that to my change control documentation.

While the upcoming version of Microsoft Unified Communications looks like it will have some great collaboration features, sometimes it’s easier to just go with something you might already have handy through a third-party, especially if you don’t need a lot of bells and whistles.

BlackBerry BES Small Business Edition – Where to Go Next

We hadn’t planned for 16 users. Several years ago when given the task to provide BlackBerry and other mobile device support, it was only planned for executive and IT users.  I cycled through several products over the years, including ones that supported Palm devices, but spent the last couple years managing a single BlackBerry BES SBE server.  This version has a 15 user license limit, which was a non-issue up until recently. However, the broader adoption of mobile devices smart phones has lead to our office being more willing to supply those devices to other staffers and recently I’ve gotten the request that has put me over the mark for our existing server.
BlackBerry offers two options for those in my situation – A) Upgrade to the full BES edition (Enterprise) or B) Switch to BES Express.  (There is also a hosted service available, but I’m only considering in-house services at this time.) Some pros and cons are as follows:
  • PROS: Easier upgrade path from SBE, no need to wipe and reactivate devices. 
  • CONS: There is a cost of about $2600 depending on where you get your server license; only supports devices with enterprise data plans.
  • PROS: Free; supports up to 75 users when installed on the mail server, supports more users when installed on separate server; supports devices with enterprise or personal data plans.
  • CONS: No migration or upgrade path from SBE or PRO editions of BES, but can be run in conjunction with an existing server; devices will need to be wiped and reconfigured for the new server.
For my scenario, I can’t justify the additional expense of a server OS to run Express separately to support extra users, even if my goal is to eventually migrate my SBE users over time.  Keeping two Blackberry servers is simply overkill for 16 users.  Wiping devices is painful for end users and a headache I don’t plan to go looking for.
While there are upgrade costs associated with going to the Enterprise version, its a one time change that will likely be cheaper in the long run once the costs of my time and the extra management that comes with an additional server is taken into consideration.  Guess it’s time for me to place that software order…