SCOM 2007 R2’s Audit Collection Services (ACS from now on) is very useful for meeting compliance (e.g. Sarbanes Oxley) and security audit requirements – working with financial companies often requires such compliance. It’s pretty simple to install in a domain environment – you run the installer to create a collection server, then activate the forwarder on the client servers.

When it comes to servers you really want to audit, those that are by definition more at risk from security breach because they are publicly accessible, it’s not so straightforward. Take for example that web server, or FTP host in your DMZ, certainly not domain joined and probably bombarded by daily brute force password attacks. Select the SCOM agent in the console and enable Audit Collection Services?

Today I was configuring a new FTP server based on IIS7 (well, 7.5 technically as it’s a Server 2008 R2 host), and I wanted an easy way to add and remove allowed IP addresses based on either an XML config file or a CSV import. Customers’ IP addresses are added or removed regularly, but I didn’t want to have to update their details twice, once on the server and once in the documents.

Recently I had cause to configure iSCSI multipathing on a test ESXi server. The production environment servers use iSCSI HBAs to connect to the back end storage, so multipathing them is a straight-forward setup.

It’s good practice to separate VMotion, virtual machine and iSCSI traffic, it also helps you manage those logical and physical connections.

Connect to your ESXi server using the vSphere Client and select the host. Go to the configuration tab and click “Add Networking…”. Select a new VMKernel connection type.

In this post I will be installing a TMG Array as a “back firewall” behind a hardware firewall. The Array will consist of two virtual servers, TMG01 and TMG02 which each have 3 NICs. One NIC will be dedicated to the LAN network, accessible internally. One NIC will be dedicated to the DMZ network, accessible to the outside world on a static mapped IP. The third NIC will be a dedicated intra-array communications NIC as per Microsoft’s recommendation.

vMA is available as a Virtual Appliance (OVF) from VMware. To install it on VMware Workstation 7, open Workstation and select Import or Export to import a new OVF, the URL for the latest OVF for vMA is on the vMA download page

As per this article on virtualkenneth.com, you need to edit the VMX file to change the SCSI card and OS type, otherwise you’ll have a kernel panic on boot.

Wordle.net is a great little site that’s been around for ages – but it gives quite a unique insight into the content of your blog – just shove the RSS feed in and out comes a nice word cloud. I found it interesting to compare this to the Tag cloud generated from how I tagged my posts – for example Exchange is the predominant word in the Wordle.net  cloud – but not in the tag cloud. Update and upgrade were some obvious ones, I expected install or installing to feature more heavily. There’s also a random Kevin in there!

Hardly seems newsworthy any more, with the Automatic Upgrade option on WordPress 2.7+, but I’ve just upgraded to WordPress 3.0.1

With the release of Exchange 2010 SP1, administrators can now use separate Mailbox Databases to store the Personal Archives of users – this is particularly useful if you have some larger, slower (and probably by virtue, older) storage that’s not really up to the I/O of your Exchange Server (that old SAN/NAS sitting in the corner of the server room?). It’s also useful if you just don’t have the capacity on your main storage.

Exchange SP1 has now been released, so I thought I’d document the upgrade process for my small Exchange 2010 organisation, consisting of one CAS/Transport/Mailbox server, and an Edge Transport server.

References

The starting point is always working out if you *need* to upgrade – what’s the business argument. For that you need to look at what’s new in Exchange 2010 SP1, the release notes and prerequisites. Finally, the installation instructions for upgrading from Exchange 2010 RTM to SP1.

This should be a simple update of some hotfixes, but there were a few tripping points along the way that I had to stumble past. As reference I used the CU2 update page and I also a Kevin Holman technet article.

So, I’m going to assume that a) you’re installing the update for a reason, like one of the bugs it fixes and b) you have taken a backup of your OpsManager databases.