Pages

Banner 468

Tuesday, 17 September 2013

All HP Laptop & Desktop drivers

0 comments
 
Readmore...
Friday, 6 September 2013

All laptop drivers

0 comments
 
Readmore...
Thursday, 5 September 2013

Install a Network Printer in Mac OS X

0 comments
 

Install a Network Printer in Mac OS X

Install a Network Printer in Mac OS X
What You Need to Print to a Networked MSL Printer
  • Computer running Mac OS X 10.5 or newer
  • Internet access
Note: Instructions are based on OS X 10.8. Minor differences exist for users of Mac OS X 10.7, 10.6, and 10.5.
Printing Instructions
  1. Select System Preferences from the Apple menu.
  2. Double-click on Print & Scan (Print & Fax).
  3. In the Print & Scan (Print & Fax) window, click on the plus sign button.
  4. Click on the IP tab in the Print Browser window.
    1. Set Protocol to HP Jetdirect - Socket.
    2. For Address, enter the IP address of the printer you want to add.  IP addresses of MSL printers are available on the printer list.
    3. Leave the Queue field blank.  The Name and Location fields are for your reference to keep track of your printers and differentiate between multiple ones.
    4. For Print Using, do not select Generic Postscript Printer.  OS X will try to locate an appropriate driver but if it cannot then It is recommended to download the correct driver from the manufacturer.  Click on the name of the printer on the printer list to be taken to the manufacturer's driver download page.
  5. Click Add. The lab printer will be added to your list of printers.
Readmore...

Mac OS X: How to manually add a Windows shared printer

0 comments
 

Mac OS X: How to manually add a Windows shared printer

In some situations, you may be unable to locate a Microsoft Windows shared (SMB) printer while adding a printer, yet you can still add the printer manually if you know the name or address of the Windows computer sharing the printer and the name of the shared printer.

Mac OS X v10.5 or later
  1. Choose System Preferences from the Apple menu.
  2. Choose Print & Fax from the View menu.
  3. Click the + button to add a printer.
  4. Press the Control key while clicking the "Default" icon (or any other icon on the toolbar), then choose Customize Toolbar from the contextual menu that appears.
  5. Drag the Advanced (gear) icon to the toolbar.
  6. Click Done.
  7. Click the Advanced icon that was added to the toolbar.
  8. Choose Windows from the Type pop-up menu.
  9. In the URL field, type the printer's address in one of the following formats:

    smb://workgroup/server/sharename
    smb://server/sharename

    Note: "workgroup" is the name of the Windows workgroup that the computer sharing the printer belongs to. "server" is the name of the computer sharing the printer (or its IP address). "sharename" is the shared Windows printer's share name. If the share name contains spaces, replace each space with "%20" (without quotation marks).

    Tip: You don't need a "workgroup" when specifying the IP address of the computer (such as when the printer is on a different subnet), or if your Mac belongs to the same Windows (SMB) workgroup.
  10. In the Name field, type the name you would like to use for this printer in Mac OS X.
  11. Choose the appropriate PPD or printer driver from the "Print Using" pop-up menu.
  12. Click Add.
     
Mac OS X v10.3 through v10.4.11
  1. Open Printer Setup Utility (located in /Applications/Utilities).
  2. Mac OS X 10.4.x: Choose Add Printer from the Printers menu, then hold the Option key while clicking the "More Printers" button.

    Mac OS X 10.3.x: Hold the Option key while choosing Add Printer from the Printers menu.
     
  3. Choose Advanced from the first pop-up menu.
  4. Choose "Windows Printer via SAMBA" from the Device pop-up menu.
  5. In the Device Name field, type the name you would like to use for this printer in Mac OS X.
  6. In the Device URL field, use one of the following formats to link to the printer:

    smb://user:password@workgroup/server/sharename
    smb://user:password@server/sharename
    smb://workgroup/server/sharename
    smb://server/sharename

    Notes: "user" is the name of a Windows user who has privileges to use the printer. "password" is the password of that Windows user. "workgroup" is the name of the Windows workgroup to which the computer sharing the printer belongs. "server" is the name of the computer sharing the printer or its IP address. "sharename" is the shared Windows printer's share name.

    Tip: You don't need a "workgroup" when specifying the IP address of the computer (such as when the printer is on a different subnet), or if your Mac belongs to the same Windows (SMB) workgroup.
     
  7. Choose the appropriate PPD or printer driver from the "Printer Model" pop-up menu.
  8. Click Add.
Readmore...

Device Servers Tutorial

0 comments
 

Device Servers Tutorial

Device Server Technology -
Understanding and Imagining its Possibilities

For easy reference, please consult the glossary of terms at the end of this paper.*
The ability to manage virtually any electronic device over a network or the Internet is changing our world. Companies want to remotely manage, monitor, diagnose and control their equipment because doing so adds an unprecedented level of intelligence and efficiency to their businesses. 
With this trend, and as we rely on applications like e-mail and database management for core business operations, the need for more fully-integrated devices and systems to monitor and manage the vast amount of data and information becomes increasingly more important. And, in a world where data and information is expected to be instantaneous, the ability to manage, monitor and even repair equipment from a distance is extremely valuable to organizations in every sector.
This need is further emphasized as companies with legacy non-networked equipment struggle to compete with organizations equipped with advanced networking capabilities such as machine-to-machine (M2M) communications. There’s no denying that advanced networking provides an edge to improving overall efficiencies.
This tutorial will provide an overview and give examples of how device servers make it easy to put just about any piece of electronic equipment on an Ethernet network. It will highlight the use of external device servers and their ability to provide serial connectivity for a variety of applications. It will touch on how device networking makes M2M communication possible and wireless technology even more advanced. Finally, as any examination of networking technologies requires consideration of data security, this paper will provide an overview of some the latest encryption technologies available for connecting devices securely to the network.

Moving from Serial to Ethernet
An Introduction to Device Server Technology

For some devices, the only access available to a network manager or programmer is via a serial port. The reason for this is partly historical and partly evolutionary. Historically, Ethernet interfacing has usually been a lengthy development process involving multiple vendor protocols (some of which have been proprietary) and the interpretation of many RFCs. Some vendors believed Ethernet was not necessary for their product which was destined for a centralized computer center - others believed that the development time and expense required to have an Ethernet interface on the product was not justified.
From the evolutionary standpoint, the networking infrastructure of many sites has only recently been developed to the point that consistent and perceived stability has been obtained - as users and management have become comfortable with the performance of the network, they now focus on how they can maximize corporate productivity in non-IS capacities.
Device server technology solves this problem by providing an easy and economical way to connect the serial device to the network.
Device Server topology exampleLet's use the Lantronix UDS100 Device Server as an example of how to network a RAID controller serial port. The user simply cables the UDS100 's serial port to the RAID controller's serial port and attaches the UDS100's Ethernet interface to the network. Once it has been configured, the UDS100 makes that serial port a networked port, with its own IP address. The user can now connect to the UDS100 's serial port over a network, from a PC or terminal emulation device and perform the same commands as if he was using a PC directly attached to the RAID controller. Having now become network enabled, the RAID can be managed or controlled from anywhere on the network or via the Internet.
The key to network-enabling serial equipment is in a device server’s ability to handle two separate areas:
  1. the connection between the serial device and the device server
  2. the connection between the device server and the network (including other network devices)
Traditional terminal, print and serial servers were developed specifically for connecting terminals, printers and modems to the network and making those devices available as networked devices. Now, more modern demands require other devices be network-enabled, and therefore device servers have become more adaptable in their handling of attached devices. Additionally, they have become even more powerful and flexible in the manner in which they provide network connectivity.

Device Servers Defined

A device server is “a specialized network-based hardware device designed to perform a single or specialized set of functions with client access independent of any operating system or proprietary protocol.” 
Device servers allow independence from proprietary protocols and the ability to meet a number of different functions. The RAID controller application discussed above is just one of many applications where device servers can be used to put any device or "machine" on the network. 
PCs have been used to network serial devices with some success.  This, however, required the product with the serial port to have software able to run on the PC, and then have that application software allow the PC's networking software to access the application. This task equaled the problems of putting Ethernet on the serial device itself so it wasn’t a satisfactory solution. 
To be successful, a device server must provide a simple solution for networking a device and allow access to that device as if it were locally available through its serial port. Additionally, the device server should provide for the multitude of connection possibilities that a device may require on both the serial and network sides of a connection. Should the device be connected all the time to a specific host or PC? Are there multiple hosts or network devices that may want or need to connect to the newly-networked serial device? Are there specific requirements for an application which requires the serial device to reject a connection from the network under certain circumstances? The bottom line is a server must have both the flexibility to service a multitude of application requirements and be able to meet all the demands of those applications.

Capitalizing on Lantronix Device Server Expertise and Proven Solutions

Lantronix is at the forefront of M2M communication technology.  The company is highly focused on enabling the networking of devices previously not on the network so they can be accessed and managed remotely.

Lantronix has built on its long history and vast experience as a terminal, print and serial server technology company to develop more functionality in its servers that “cross the boundary” of what many would call traditional terminal or print services. Our technology provides:
  • The ability to translate between different protocols to allow non-routable protocols to be routed
  • The ability to allow management connections to single-port servers while they are processing transactions between their serial port and the network
  • A wide variety of options for both serial and network connections including serial tunneling and automatic host connection make these servers some of the most sophisticated Ethernet-enabling devices available today.

Ease of Use

As an independent device on the network, device servers are surprisingly easy to manage. Lantronix has spent years perfecting Ethernet protocol software and its engineers have provided a wide range of management tools for this device server technology. Serial ports are ideal vehicles for device management purposes - a simple command set allows easy configuration. The same command set that can be exercised on the serial port can be used when connecting via Telnet to a Lantronix device server.
An important feature to remember about the Lantronix Telnet management interface is that it can actually be run as a second connection while data is being transferred through the server - this feature allows the user to actually monitor the data traffic on even a single-port server's serial port connection while active. Lantronix device servers also support SNMP, the recognized standard for IP management that is used by many large network for management purposes.
Finally, Lantronix has its own management software utilities which utilize a graphical user interface providing an easy way to manage Lantronix device servers. In addition, the servers all have Flash ROMs which can be reloaded in the field with the latest firmware.

Device Servers for a Host of Applications

This section will discuss how device servers are used to better facilitate varying applications such as:
  • Data Acquisition
  • M2M
  • Wireless Communication/Networking
  • Factory/Industrial Automation
  • Security Systems
  • Bar Code Readers and Point-of-sale Scanners
  • Medical Applications

Data Acquisition

Microprocessors have made their way into almost all aspects of human life, from automobiles to hockey pucks. With so much data available, organizations are challenged to effectively and efficiently gather and process the information. There are a wide variety of interfaces to support communication with devices. RS-485 is designed to allow for multiple devices to be linked by a multidrop network of RS-485 serial devices. This standard also had the benefit of greater distance than offered by the RS-232/RS-423 and RS-422 standards.
However, because of the factors previously outlined, these types of devices can further benefit from being put on an Ethernet network. First, Ethernet networks have a greater range than serial technologies. Second, Ethernet protocols actually monitor packet traffic and will indicate when packets are being lost compared to serial technologies which do not guarantee data integrity.
Lantronix full family of device server products provides the comprehensive support required for network enabling different serial interfaces. Lantronix provides many device servers which support RS-485 and allow for easy integration of these types of devices into the network umbrella. For RS-232 or RS-423 serial devices, they can be used to connect equipment to the network over either Ethernet or Fast Ethernet.

An example of device server collaboration at work is Lantronix's partnership with Christie Digital Systems, a leading provider of visual solutions for business, entertainment and industry. Christie integrates Lantronix SecureBox® secure device server with feature-rich firmware designed and programmed by Christie for its CCM products. The resulting product line, called the ChristieNET SecureCCM, provided the encryption security needed for use in the company’s key markets, which include higher education and government. Demonstrating a convergence of AV and IT equipment to solve customer needs, ChristieNET SecureCCM was the first product of its kind to be certified by the National Institute of Standards and Technology (NIST).

M2M and Wireless Communications

Two extremely important and useful technologies for communication that depend heavily on device servers are M2M and wireless networking.
Made possible by device networking technology, M2M enables serial-based devices throughout a facility to communicate with each other and humans over a Local Area Network/Wide Area Network (LAN/WAN) or via the Internet. The prominent advantages to business include:
  • Serial Tunneling diagramMaximized efficiency
  • More streamlined operations
  • Improved service
Lantronix Device Servers enable M2M communications either between the computer and serial device, or from one serial device to another over the Internet or Ethernet network using “serial tunneling.” Using this serial to Ethernet method, the “tunnel” can extend across a facility or to other facilities all over the globe.
M2M technology opens a new world of business intelligence and opportunity for organizations in virtually every market sector. Made possible through device servers, M2M offers solutions for equipment manufacturers, for example, who need to control service costs. Network enabled equipment can be monitored at all times for predictive maintenance. Often when something is wrong, a simple setting or switch adjustment is all that is required. When an irregularity is noted, the system can essentially diagnose the problem and send the corrective instructions. This negates a time-consuming and potentially expensive service call for a trivial issue. If servicing is required, the technician leaves knowing exactly what is wrong and with the proper equipment and parts to correct the problem. Profitability is maximized through better operating efficiencies, minimized cost overruns and fewer wasted resources.
Traditional Service Model diagram
Remote Mgmt. Service Model diagram
M2M technology also greatly benefits any organization that cannot afford downtime, such as energy management facilities where power failures can be catastrophic, or hospitals who can’t afford interruptions with lives at stake. By proactively monitoring networked-enabled equipment to ensure it is functioning properly at all times, business can ensure uptime on critical systems, improve customer service and increase profitability.

Wireless Networking

Wireless networking, allows devices to communicate over the airwaves and without wires by using standard networking protocols. There are currently a variety of competing standards available for achieving the benefits of a wireless network. Here is a brief description of each:
Bluetooth
is a standard that provides short-range wireless connections between computers, Pocket PCs, and other equipment.
ZigBee
is a proprietary set of communication protocols designed to use small, low power digital radios based on the IEEE 802.15.4 standard for wireless personal area networking.
802.11
is an IEEE specification for a wireless LAN airlink.
802.11b (or Wi-Fi)
is an industry standard for wireless LANs and supports more users and operates over longer distances than other standards. However, it requires more power and storage. 802.11b offers wireless transmission over short distances at up to 11 megabits per second. When used in handheld devices, 802.11b provides similar networking capabilities to devices enabled with Bluetooth.
802.11g
is the most recently approved standard and offers wireless transmission over short distances at up to 54 megabits per second. Both 802.11b and 802.11g operate in the 2.4 GHz range and are therefore compatible.
For more in-depth information, please consult the Lantronix wireless whitepaper which is available online.
Wireless technology is especially ideal in instances when it would be impractical or cost-prohibitive for cabling; or in instances where a high level of mobility is required.
Wireless topology diagram
Wireless device networking has benefits for all types of organizations. For example, in the medical field, where reduced staffing, facility closures and cost containment pressures are just a few of the daily concerns, device networking can assist with process automation and data security. Routine activities such as collection and dissemination of data, remote patient monitoring, asset tracking and reducing service costs can be managed quickly and safely with the use of wireless networked devices. In this environment, Lantronix device servers can network and manage patient monitoring devices, mobile EKG units, glucose analyzers, blood analyzers, infusion pumps, ventilators and virtually any other diagnostic tool with serial capability over the Internet.
Forklift accidents in large warehouses cause millions of dollars in damaged product, health claims, lost work and equipment repairs each year. To minimize the lost revenue and increase their profit margin and administrative overhead, “a company” has utilized wireless networking technology to solve the problem. Using Lantronix serial-to-802.11 wireless device server “the company” wirelessly network-enables a card reader which is tied to the ignition system of all the forklifts in the warehouse. Each warehouse employee has an identification card. The forklift operator swipes his ID card before trying to start the forklift. The information from his card is sent back via wireless network to computer database and it checks to see if he has proper operator’s license, and that the license is current. If so, forklift can start. If not – the starter is disabled.

Factory Floor Automation

For shops that are running automated assembly and manufacturing equipment, time is money. For every minute a machine is idle, productivity drops and the cost of ownership soars. Many automated factory floor machines have dedicated PCs to control them. In some cases, handheld PCs are used to reprogram equipment for different functions such as changing computer numerically controlled (CNC) programs or changing specifications on a bottling or packaging machine to comply with the needs of other products. These previously isolated pieces of industrial equipment could be networked to allow them to be controlled and reprogrammed over the network, saving time and increasing shop efficiency. For example, from a central location (or actually from anywhere in the world for that matter) with network connectivity, the machines can be accessed and monitored over the network. When necessary, new programs can be downloaded to the machine and software/firmware updates can be installed remotely.
One item of interest is how that input programming is formatted. Since many industrial and factory automation devices are legacy or proprietary, any number of different data protocols could be used. Device servers provide the ability to utilize the serial ports on the equipment for virtually any kind of data transaction.
Lantronix device servers support binary character transmissions. In these situations, managing the rate of information transfer is imperative to guard against data overflow. The ability to manage data flow between computers, devices or nodes in a network, so that data can be handled efficiently is referred to as flow control. Without it, the risk of data overflow can result in information being lost or needing to be retransmitted.
Lantronix accounts for this need by supporting RTS/CTS flow control on its DB25 and RJ45 ports. Lantronix device servers handle everything from a simple ASCII command file to a complex binary program that needs to be transmitted to a device.

Security Systems

One area that every organization is concerned about is security. Card readers for access control are commonplace, and these devices are ideally suited to benefit from being connected to the network with device server technology. When networked, the cards can be checked against a centralized database on the system and there are records of all access within the organization. Newer technology includes badges that can be scanned from a distance of up to several feet and biometric scanning devices that can identify an individual by a thumbprint or handprint. Device servers enable these types of devices to be placed throughout an organization's network and allow them to be effectively managed by a minimum staff at a central location. They allow the computer controlling the access control to be located a great distance away from the actual door control mechanism.
An excellent example is how ISONAS Security Systems utilized Lantonix WiPort® embedded device server to produce the World’s first wireless IP door reader for the access control and security industry. With ISONAS reader software, network administrators can directly monitor and control an almost unlimited number of door readers across the enterprise. The new readers, incorporating Lantronix wireless technology, connect directly to an IP network and eliminate the need for traditional security control panels and expensive wiring. The new solutions are easy to install and configure, enabling businesses to more easily adopt access control, time and attendance or emergency response technology. What was traditionally a complicated configuration and installation is now as simple as installing wireless access points on a network.
One more area of security systems that has made great strides is in the area of security cameras. In some cases, local municipalities are now requesting that they get visual proof of a security breach before they will send authorities. Device server technology provides the user with a host of options for how such data can be handled. One option is to have an open data pipe on a security camera - this allows all data to be viewed as it comes across from the camera. The device server can be configured so that immediately upon power-up the serial port attached to the camera will be connected to a dedicated host system.
Another option is to have the camera transmit only when it has data to send. By configuring the device server to automatically connect to a particular site when a character first hits the buffer, data will be transmitted only when it is available.
One last option is available when using the IP protocol - a device server can be configured to transmit data from one serial device to multiple IP addresses for various recording or archival concerns. Lantronix device server technology gives the user many options for tuning the device to meet the specific needs of their application.

Scanning Devices

Device server technology can be effectively applied to scanning devices such as bar code readers or point-of-sale debit card scanners. When a bar code reader is located in a remote corner of the warehouse at a receiving dock, a single-port server can link the reader to the network and provide up-to-the-minute inventory information. A debit card scanner system can be set up at any educational, commercial or industrial site with automatic debiting per employee for activities, meals and purchases. A popular amusement park in the United States utilizes such a system to deter theft or reselling of partially-used admission tickets.

Medical Applications

The medical field is an area where device server technology can provide great flexibility and convenience. Many medical organizations now run comprehensive applications developed specifically for their particular area of expertise. For instance, a group specializing in orthopedics may have x-ray and lab facilities onsite to save time and customer effort in obtaining test results.  Connecting all the input terminals, lab devices, x-ray machines and developing equipment together allows for efficient and effective service. Many of these more technical devices previously relied upon serial communication or worse yet, processing being done locally on a PC. Utilizing device server technology they can all be linked together into one seamless application. And an Internet connection enables physicians the added advantage of access to immediate information relevant to patient diagnosis and treatment.
Larger medical labs, where there are hundreds of different devices available for providing test data, can improve efficiency and lower equipment costs by using device server technology to replace dedicated PCs at each device. Device servers only cost a fraction of PCs. And, the cost calculation is not just the hardware alone, but the man-hours required to create software that would allow a PC-serial-port-based applications program to be converted into a program linking that information to the PC's network port. Device server technology resolves this issue by allowing the original applications software to be run on a networked PC and then use port redirector software to connect up to that device via the network. This enables the medical facility to transition from a PC at each device and software development required to network that data, to using only a couple of networked PCs doing the processing for all of the devices.

Additional Network Security

Of course, with the ability to network devices comes the risk of outsiders obtaining access to important and confidential information. Security can be realized through various encryption methods. 
There are two main types of encryption: asymmetric encryption (also known as public-key encryption) and symmetric encryption. There are many algorithms for encrypting data based on these types.
AES
AES (Advanced Encryption Standards) is a popular and powerful encryption standard that has not been broken. Select Lantronix device servers feature a NIST-certified implementation of AES as specified by the Federal Information Processing Specification (FIPS-197). This standard specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be used to protect sensitive information.  A common consideration for device networking devices is that they support AES and are validated against the standard to demonstrate that they properly implement the algorithm. It is important that a validation certificate is issued to the product’s vendor which states that the implementation has been tested. Lantronix offers several AES certified devices including the AES Certified SecureBox SDS1100 and the AES Certified SecureBox SDS2100.
Secure Shell Encryption
Secure Shell (SSH) is a program that provides strong authentication and secure communications over unsecured channels. It is used as a replacement for Telnet, rlogin, rsh, and rcp, to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. AES is one of the many encryption algorithms supported by SSH. Once a session key is established SSH uses AES to protect data in transit.
Both SSH and AES are extremely important to overall network security by maintaining strict authentication for protection against intruders as well as symmetric encryption to protect transmission of dangerous packets. AES certification is reliable and can be trusted to handle the highest network security issues.
WEP
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs) which are defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN, however LANs provide more security by their inherent physical structure that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.  However, it has been found that WEP is not as secure as once believed. WEP is used at the data link and physical layers of the OSI model and does not offer end-to-end security.
WPA
Supported by many newer devices, Wi-Fi Protected Access (WPA) is a Wi-Fi standard that was designed to improve upon the security features of WEP. WPA technology works with existing Wi-Fi products that have been enabled with WEP, but WPA includes two improvements over WEP. The first is improved data encryption via the temporal key integrity protocol (TKIP), which scrambles keys using a hashing algorithm and adds an integrity-checking feature to ensure that keys haven’t been tampered with. The second is user authentication through the extensible authentication protocol (EAP). EAP is built on a secure public-key encryption system, ensuring that only authorized network users have access. EAP is generally missing from WEP, which regulates access to a wireless network based on the computer’s hardware-specific MAC Address. Since this information can be easily stolen, there is an inherent security risk in relying on WEP encryption alone. 

Incorporating Encryption with Device Servers

In the simplest connection scheme where two device servers are set up as a serial tunnel, no encryption application programming is required since both device servers can perform the encryption automatically. However, in the case where a host-based application is interacting with the serial device through its own network connection, modification of the application is required to support data encryption.

Applications Abound

While this paper provides a quick snapshot of device servers at work in a variety of applications, it should be noted that this is only a sampling of the many markets where these devices could be used. With the ever-increasing requirement to manage, monitor, diagnose and control many and different forms of equipment and as device server technology continues to evolve, the applications are literally only limited by the imagination.
Readmore...
Sunday, 1 September 2013

Articles & Tutorials

0 comments
 


Readmore...

Configuring an Exchange 2013

0 comments
 

Introduction

In part 7 of this multi-part article series revolving around Exchange 2013 hybrid deployment based migrations to the new Office 365 or more precisely Exchange Online, we converted our custom managed domain to a federated domain, so that users will be able to authenticated against Office 365 using their UPN login.
In this part 8, we will continue where we left off in part 7. That is we will install and configure the Windows Azure Active Directory (WAAD Sync tool on our Windows Server 2012 domain-member server and start object synchronization from our on-premises Active Directory to the Office 365 tenant.
Note:The WAAD Sync tool was formerly known as the Directory Synchronization tool (DirSync tool).
Let’s get going...

Activating Active Directory Synchronization

The first preparation step we want to complete before concentrating on installing and configuring the WAAD Sync tool on the respective domain member server in our on-premises environment is to activate directory synchronization for our Office 365 tenant. This can be done by logging on to the Office 365 portal followed by clicking on the “users and groups”. and from here click “Set up” to the right of “Active Directory synchronization” in the top of the page as shown in Figure 1 below.
Image
Figure 1:
Users and groups page in the Office 365 portal
Under “Set up and manage Active Directory synchronization”, click on the “activate” button in “step 3”.
Image
Figure 2:
Clicking on the activate button
You will now be asked whether you really wish to activate directory synchronization from your on-premises environment to Office 365. Since this is exactly what we want to do, click “activate” once again.
Image
Figure 3: Do we really wish to activate directory synchronization?
Although we just activated directory synchronization, this will not occur instantly. As you can see in Figure 4, we need to wait up to 24 hours before it’s activated.
Image
Figure 4: Activation in progress

Creating the WAAD Sync Service Account

While we wait for directory synchronization to complete, let’s create the service account that should be used for configuring directory synchronization. We should create this account in the Office 365 tenant. To do so, click “users and groups” and then hit the “plus” sign as shown in Figure 5.
Image
Figure 5: Clicking “plus” sign
Enter the name and UPN logon for the account and click “next”.
Image
Figure 6: Naming the account and giving it a UPN logon name
On the “settings” page, make sure to assign the account “Global Administrator” permissions. Also, specify the email address that should be used if there’s a need to someday reset the password for this account.
Click “next”.
Image
Figure 7: Assigning the account Global Administrator permissions
Since the account should not be used to access any Office 365 services, leave all of them unticked and click “next”.
Image
Figure 8: No need for any licenses
Now specify the email address to which the temporary password should be sent and click “create”.
Image
Figure 9: Send results in email
On the “results” page, click “finish”.
Image
Figure 10: Results page
Now log off the portal and log on again using the new accounts credentials.
Image
Figure 11:
Logging on to the portal with the new account
You will be asked to specify a new password for the account. Do so and click “save”.
Image
Figure 12: Specifying a new password for the new account
Now you need to decide whether the new account, which can be considered a service account should follow the Office 365 password expiration policy meaning you need to change the password for the account every 90 days or if you rather want to set the password to never expire.
I’ll do the latter.
Since this can’t be done via the Office 365 portal, we need to connect to the Office 365 tenant using Windows PowerShell.
When connected to the Office 365 tenant, we can check the “PasswordNeverExpires” value with the following command:
Get-MsolUser –UserPrincipalName “svc-dirsync@clouduserdk.onmicrosoft.com” | fl
Image
Figure 13:
Value of the “PasswordNeverExpires” attribute for the new service account
To change this value to “True”, we can use the following command:
Set-MsolUser –UserPrincipalName “svc-dirsync@clouduserdk.onmicrosoft.com” –PasswordNeverExpires “true”
Image
Figure 14: Changing the password never expires attribute to “true”
Ok let's see whether active directory synchronization has been activated. As you can see in Figure 15, this is the case so we can move on to the next action, which is to install and configure the WAAD Sync tool.
Image
Figure 15: Active directory synchronization is now activated

Installing and Configuring the WAAD Sync Tool

When directory synchronization has been activated, let’s switch back to the server on which we wish to install the WAAD Sync tool. You can download the latest version of the WAAD Sync tool from the Office 365 portal. More specifically under “users and groups” > “Set up” and here click the “download” button under “step 4”.
Image
Figure 16: Downloading the WAAD Sync tool
From there launch the WAAD Sync tool setup wizard. On the “Welcome” page, click “Next”.
Image
Figure 17: WAAD Sync tool setup wizard – Welcome page
Accept the license terms and click “Next”.
Image
Figure 18: Accepting the license terms
On the “Select Installation Folder” page, click “Next”.
Image
Figure 19: Select installation folder page
Let the installation finish. This can take a few minutes.
Image
Figure 20: WAAD Sync tool is being installed
When installation has completed, click “Next”.
Image
Figure 21:
Installation complete
On the “Finished” page, make sure “Start Configuration wizard now” is ticked then click “Finish”.
Image
Figure 22:
Finish page
The WAAD Sync tool Configuration wizard will now launch. On the “Welcome” page, click “Next”.
Image
Figure 23:
WAAD Sync tool Configuration wizard
On the “Windows Azure Active Directory Credentials” page, enter the credentials for the service account we created in the previous section and click “Next”.
Image
Figure 24:
Entering the credentials for the WAAD Sync service account
On the “Active Directory Credentials” page, enter the credentials of an account with domain administrator permissions in the on-premises Active Directory.
Note:
This does not need to be a dedicated service account as these credentials aren’t saved.
Click “Next”.
Image
Figure 25:
Entering the credentials of a domain administrator
We’re now taken to the Exchange hybrid deployment page. If the DirSync Configuration setup wizard detects Exchange 2010 SP1 (or later) servers in the on-premises Active Directory we will be able to tick “Enable Exchange hybrid deployment”.
Note:
If the setup wizard doesn’t detect any Exchange 2010 SP1 (or later) servers, the tick box will be greyed out. Since we, in this article series, are dealing with an Exchange hybrid deployment based configuration based on Exchange 2013 servers, we wish to tick this option.
When ticking the “Enable Exchange hybrid deployment” box, we allow the WAAD Sync tool to perform write-back from Office 365 to the on-premises Active Directory for specific attributes. This is in order to allow support for features such as archive on-premises mailboxes in the cloud, off-board mailboxes from the cloud to on-premises Exchange servers, have on-premises filtering software take advantage of user made safe and blocked senders in the cloud and UM online voice mail.
With Exchange hybrid deployment enabled, write-back will be performed for the following attributes:
Write-Back   attribute
Exchange   "full fidelity" feature
SafeSendersHash
  BlockedSendersHash
  SafeRecipientHash
Filtering Coexistence: Writes back on-premises filtering and online safe and blocked sender data from clients.
msExchArchiveStatus
Online Archive: Enables customers to archive mail in Microsoft Online.
ProxyAddresses
  (LegacyExchangeDN as X500)
Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.
msExchUCVoiceMailSettings
Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 or later integration to indicate to Lync Server 2010 or later on-premises that the user has voice mail in online services.
Table 1: Write-back attributes when hybrid deployment is enabled
When you have ticked “Enable Exchange hybrid deployment”, click “Next”.
Image
Figure 26:
Ticking enable “Hybrid Deployment”
Now we reach the new “Password Synchronization” page, where we have the option to enable password synchronization from the on-premises Active Directory users to the user objects in the Office 365 tenant. With password synchronization we can achieve SSO as in “same sign-on” not SSO as in “single sign-on”, which is possible with ADFS based federation between the on-premises environment and the Office 365 tenant.
Since we use ADFS based federation in this article series, make sure “Enable Password Sync” is unticked and click “Next”.
Image
Figure 27:
Password synchronization page
Wait for the WAAD Sync tool configuration wizard to complete the configuration.
Image
Figure 28:
Completing configuration
When configuration has completed, click “Finish”.
Image
Figure 29:
Configuration complete
Now make sure “Synchronize directories now" is selected and then click “Finish”. This will initiate the first synchronization from the on-premise Active Directory to the metaverse and the export from the metaverse to the Office 365 tenant.
Image
Figure 30:
Finished page
You will receive the warning shown in Figure 31, which includes a link to a TechNet page that explains how you can verify synchronization works properly. Click “OK”.
Image
Readmore...

IIS Application Request Routing

0 comments
 

Introduction

In this article series, the author is exploring the use of IIS Application Request Routing to publish Exchange 2013 services such as Outlook Web App out to the Internet. In the first part we looked at what IIS Application Request Routing is, how it works, and went through its installation steps. In this article we will start configuring it to work with our Exchange environment.

Achieving High Availability and Scalability

As we saw in the first article of this series, IIS Application Request Routing (ARR) is a proxy-based routing module that forwards HTTP requests to content servers based on HTTP headers, server variables and load balance algorithms. A typical ARR deployment is illustrated in the diagram below:
Image
Figure 2.1: Example of an ARR Deployment
While ARR provides high availability and scalability for the content servers, the overall deployment is not highly available or scalable because ARR is a single point of failure and the scalability of the content servers is limited by the maximum capacity of the ARR server used.
In order to overcome these challenges, you should consider using multiple ARR servers with load balancers. ARR can be deployed in active/passive mode to only achieve high availability or in active/active mode to achieve both high availability and scalability. Load balancers’ layer 3 and layer 4 functionality compliments ARR's strength in making routing decisions based on layer 7, such as HTTP headers and server variables. At the same time, ARR does not provide fault tolerant deployment features for itself and must rely on other technologies and solutions to achieve high availability for the ARR tier, as shown below:
Image
Figure 2.2:
Example of an ARR Deployment with Load Balancers

Configuring Application Request Routing v2.5

Now that ARR is installed, we can start configuring it to publish our Exchange services such as Outlook Web App (OWA).
The first step is to create a farm with all the Exchange 2013 CAS servers that will be responsible for serving OWA requests. To do so:
  1. Launch IIS Manager;
  2. Right-click on Server Farms and select Create Server Farm...:
Image
Figure 2.3:
Application Request Routing Server Farms
  1. Give the server farm a friendly name and click Next:
Image
Figure 2.4: Specify a Web Farm Name
  1. Specify the servers’ addresses you want to add to the farm (you can also use the FQDN of the servers). Advanced settings lets you change the TCP ports that will be used as well as the weight each server has, which we do not need to configure in this scenario. You can also specify upfront if you want any of the servers to be added as offline. This can be useful when you are setting up ARR for servers that are not yet fully configured or operational.
Image
Figure 2.5:
Adding Servers to the Farm
  1. Click Finish to complete the creation of the farm;
  2. In the Rewrite Rules message box, click Yes. This will make ARR automatically create and configure the rewrite rules we will be using later on:
Image
Figure 2.6:
Rewrite Rules Automatic Creation
Once the farm has been created, it is time to configure it. If you click on Servers, you will get an overview of the status of all the servers in the farm:
Image
Figure 2.7:
Server Status
If you click on the name of the farm itself, in this case Exchange – OWA, you are presented with several options to configure and manage the farm. Let us go through all the available options:
Image
Figure 2.8:
Farm Configuration and Management Options

Caching

By default, everything that passes through ARR is cached in memory for 60 seconds (note that disk caching is also enabled by default). This means that if two users request the same resource within 60 seconds, ARR does not need to go back to the same resource provider to get it that second time.
Unselect the Enable disk cache option to disable the disk cache and click Apply:
Image
Figure 2.9:
Disabling Disk Cache

Health Test

In this page we can configure health settings and set the properties for URL testing and live traffic testing. The Live Traffic test leverages the live requests, allowing ARR to mark a server as unhealthy based on configurable conditions. However, we cannot use this test to determine if an unhealthy server has become healthy because ARR does not forward live requests to servers that are currently unhealthy.
URL Test tests a specified URL against one or more of the following conditions:
  • A response was received within the configured timeout period;
  • The HTTP status meets the configured acceptable status codes;
  • The body of the response contains the specified text configured in the response match.
When load balancing requests across multiple servers, as we will see shortly, if any of these conditions fail for a server, that server is marked as unhealthy and is not used to serve user requests.
As this feature is limited to using a single URL, it is recommended to create a test page with the overall health of the server (this can come from Operations Manager for example) as ARR can be configured to look for specific words in that test page.
Alternatively, if the URL is set to the FQDN of the ARR server, the test is performed against all servers configured in the farm. As such, we can easily configure ARR to check the OWA webpage across all servers in the farm by using this method:
Image
Figure 2.10:
Application Request Routing - Health Tests
Response match is an optional test to make sure that the body of the response contains the expected string. If you customized your OWA logon page, for example, you can insert here a word that you expect to see every time a user successfully navigates to OWA.
The Minimum servers option specifies the minimum number of healthy servers that you must have to appropriately service the expected volume of traffic. When there are less healthy servers than the specified number of minimum servers, the health of the servers is ignored to continue to provide services to users.
Using Verify URL Test we can send a GET request using the value specified in the URL to all application servers defined in the server farm. In my scenario, only two servers were tested as the third was added as being offline, and the second server failed the test because it does not exist:
Image
Figure 2.11:
Verifying URL Test Results

Load Balance

Here we configure how to route user requests to the servers in the farm. The default option is Least current request, which is probably the most used one as normally administrators want to send requests to the server that currently has the least number of requests. You will see in the next section how ARR tracks the number of requests for each server.
Image
Figure 2.12:
Application Request Routing - Load Balancing Options

Monitoring and Management

In this section we can monitor and manage the servers in our farm. ARR provides useful statistics regarding servers such as their health status, how many requests each server has received and responded to, how many requests failed, etc. We can already see that, due to the health test we configured, the second server is marked as being Unhealthy, making ARR not sending any user requests to it.
We will come back to this section after we configure everything in order to check how everything is working.
Image
Figure 2.13:
Application Request Routing - Monitoring and Management
We can also take servers offline or simply configure them to not accept new connections (similar to draining a server in a cluster):
Image
Figure 2.14:
Options for Managing Servers
Both management and monitoring options are discussed in more detail in the next articles of this series.

Proxy

This section allows us to configure how packets are forwarded to the servers in the farm. For example, we can add the X-Forwarded-For information to requests to allow us to see who the actual client was (useful when troubleshooting):
Image
Figure 2.15:
Application Request Routing - Proxy Options
Here, change the time-out (seconds) value to 180 and the Response buffer threshold (KB) to 0. Setting the timeout to 180 should prevent clients from disconnecting and reconnecting unexpectedly. However, this setting needs to be tested for each deployment. This setting is particularly important if you are configuring ARR for Outlook clients with Exchange 2010.

Routing Rules

This is where we configure our server farm to use the URL Rewrite functionality (that we will see in the next article) as well as SSL offloading (enabled by default).
SSL offloading is often used to help maximize the resources on the application servers, since they do not have to spend cycles in encrypting and decrypting requests and responses. However, when this feature is enabled, all communication between the ARR server and the application servers are done in clear text, even for HTTPS requests from clients to the ARR server. For this scenario, we will not be using SSL offloading, so uncheck the Enable SSL offloading box and then click Apply to save the changes:
Image
Figure 2.16:
Application Request Routing - Routing Rules

Server Affinity

In this final section we can configure “sticky sessions”. If we want users to go to the same server they used on their first connection, we can enable Client affinity and ARR will put a cookie in their session to help it determine to which server the user should go to on subsequent connections/requests. As we are not interested in client affinity, leave this setting disabled.
Image
Figure 2.17:
Application Request Routing – Server Affinity
If you are using ARR to publish RPC over HTTP (Outlook Anywhere) in Exchange 2007/2010, you should also make the following change:
  1. Under the IIS root, open Request Filtering:
Image
Figure 2.18: IIS Request Filtering
  1. Under the Actions pane, click Edit Feature Settings...:
Image
Figure 2.19:
Edit Feature Settings
  1. Increase the Maximum allowed content length to 2147483648 (2GB):
Image
Readmore...