Kintera

I'm spending a few days in training for a program called Kintera (site). It's the best worst service I've ever used. Nothing has shown so much potential and covered so much ground and yet put together and supported so poorly. Still they've managed to gain significant marketshare with non-profits and government agencies. The business intelligence that can be harnessed from their product does seem limitless, though I wish it wasn't such a chaotic setup. Of course a program of this level needs someone competent running it. I'm not saying that's me because frankly it requires a level of business sense that I do not have yet. The marketing and accounting thought processes haven't sunk into my brain. But I suppose if I'm going to work on fixing the hack job that is our current Kintera setup, I'm going to have to learn how our operation runs top to bottom. I do enjoy challenges. I just hope I can tackle this one while handling all the other stuff I'm doing.

The Network Migration Staff Email

Since Holly played to my ego (post) ;) I've decided to post the email I sent to staff, changing a few things to keep the company anonymous. I like the email because I feel it struck the right balance of complexity and readability. Would love to hear some criticism for continued staff communication improvements. The email also gives you an idea of just how poorly this network was setup and just what the staff and I have been dealing with.

Hello All,

We will begin performing the server migration next week. Much of the work will be done without the need to shutdown our network, however, a key piece of it will create some downtime. On Friday, September 8, starting at 11 am, the network will be down. Most likely internet access will not be affected. While you may find that you have access to email and files, I ask you not to use them because we may interrupt you at any time causing the loss of data or you could interrupt us causing significant delay. Downtime should last no longer than that day.

Several changes will occur that will affect you. Please read about them carefully.

Email:
Email, run by the program Exchange, is being moved to one of the new servers. I will need to upgrade everyone’s Outlook to 2003. If you have Office 2000 or are unsure, please contact me so I can upgrade you as soon as possible. Outlook 2003 allows each desktop to cache email, which means if the network goes down you can still access your old email. Composed email will sit in the Outbox until the network is back up and then go out automatically.

Files and Folders:
Your data on the network is also moving to one of the new servers. This means that all the drives mapped on your systems will be eliminated since not only the location but the layout of our file structure will be changed. Take note of the following changes:

• All staff documents will be in an umbrella folder called Shared (similar to what we have now).
• Within Shared will be separate subfolders as follows (for this a graphic was made using Office's org chart tools):
• Departments – includes folders for each department, accessible only to the department staff, network administrator, and other approved personnel.
• Personal – includes each staff person’s private folder accessible only by that person, the network administrator, and other approved personnel. All personal folders will be listed by username.
  Projects – includes folders for temporary or ongoing projects that are not specific to any one department. Access will be determined by the project leaders.
• Filesto Share – a folder accessible to everyone to be used to share and transfer files instead of filling up mailboxes with attachments.
• Drive letters will also change. S will be for Shared; O will be the Departments folder; U will be for you, your personal folder; P will be the Personal folder. Yes, that does spell SOUP. I don’t know why.
• If you require any other drive mappings, they can be manually created or shortcuts to specific folders can be placed on your desktop.
• Your My Documents folder will be setup to redirect to the U drive. This way whenever you save anything to My Documents, it will automatically be saved on the network. Also, this means you don’t have to keep track of drive letters if you don’t want to. My Documents and U will be synonymous.

Network Printers:
Printers will be renamed to represent their function and/or location for easier reference. Network printers will be named Main1, Envelope1, Color1, and Development1. Your current network printer setting will not work. If automated printer installation is not successful, on Monday I will reinstall the printers on each computer

Login:
After the migration, some of you may notice a little black box appear briefly when you first login to your computer. This is a login script I have created to automate a few tasks like creating drive mappings and hopefully printer reassignments.

If you have any questions, and I’m sure you do, please feel free to contact me. I’d rather you ask me questions than work with what you don’t understand.

Thanks.

Staff Communications

Most technical people probably don't enjoy writing emails to staff. That statement is made with absolutely no background on the matter; I just assume most technical people don't like it because they feel most staff are clueless. I'm strange this way in that I enjoy communicating with staff about projects that affect the both of us. I find it a challenge explaining the complex elements involved while keeping it interesting, relevant, and understandable.

My latest email to staff was nice -- even my boss liked it. I broke it down into the four elements that are most important to them: email, files and folders, printing, and logging on. Despite dealing with a domain and exchange migration, installing new servers, rewiring the server room, and implementing a new backup unit and archiving system, all they really need to know is how this affects them, how they can help, and the benefits of it all. They don't need to be overwhelmed with detail because then I'm overwhelmed with questions or am entirely ignored. That's not to say my emails belittle their ability to understand. I figure if they really want to know they will ask, otherwise I will just tell them what they need to know now so they can continue doing their work with as little interruption as possible and with no surprises later. I've found that with a little effort in scheduling that last bit about "little interruption" is doable and very much appreciated. After all the work is done I will send out a summary email, possibly delving into some minutiae. At that point it's just information and they can choose to ignore it if they wish. The summaries help because they understand their inconveniences and efforts helped accomplish a larger project beneficial to them and the company. This also helps guarantee cooperation for the next project because they realize their energies are not spent in vain.

Communicate with staff with respect for their work and they will work with you. For example, I've been very impressed at how hard they have been trying to clean their personal and department folders to make the transfer easier for me. They reciprocate because I've helped them to understand that a lot of the work being done is so that their work is better accomplished. In the end that's what the IT infrastructure is for anyway.

Neglecting My Duties

I've been neglecting my blogging duties. What I wrote this week was crap. The setup to the migration has been sapping me of energy. I need to make sure everything is ready to go by Monday even though the migration is not until Friday. Tuesday through Thursday is training for a service the company and its affiliates use to manage the website. This training could not have come at a worse time but Labor Day weekend was the best time to do the migration because no one needs the network. It fits nicely around all the company fundraising events and important meetings. I will have to work on Saturday, most likely. I don't mind if I can get the job done properly. On Tuesday I want staff to come in and be 90% ready to go.

I'm having problems with the login script. Oh, sure, drive mappings are super easy but I would also like to work the printers within the script. All the old network printers need to be wiped out and new printers installed. They are the same physical printers, however, with different names and connected to a different server. I've tried a few things unsuccessfully. At one point I got as far as the login script searching for the printer but never finding it. Anyone have any success with something like this? Is there any other way to automate the installation of network printers?

Network Migration Update - Tangles

Spending a day reorganizing what we call a server room was quite entertaining. There were the multitude of cables, the dust, the heat, the garbage, and the careful balance between the acts of untangling and disconnecting. I've done this many times before and I always discover things. Today I found that one of the battery backup units was so buried under wire that no one had ever plugged anything into it. I wondered why it showed no load. Ha!

I didn't get rid of all the wire yet. I'm going to do that when I disconnect the network and replace all the existing ethernet cable between the switches, servers, and the patch panel. Currently it is a respectable collection of withered and damaged cables.

The new servers found their homes on a table, stacked one of top of the other, with the LTO backup drive on top. Once the office moves a rack will be setup to house them. Unfortunately the move keeps getting pushed back and there is no space for a rack now.

The new KVM switch (shop) works nicely. Response, though sluggish as usual for KVMs, is much improved over the last piece of ... um ... junk.

Tomorrow I write my masterpiece email explaining the server migration endeavor to the staff, why they should cooperate (which they have: 3 GB dumped, go staff!), and how their lives will change ever so slightly.

The boss told me he's against complex passwords. ¿Que? He wants them simple. ¿Que? He said I have to convince him. ¿Wtf? By complex I mean changing "rabbits" to "r@Bbit5". I swear that isn't so hard. They'll be typing the same thing for a year and will get used to it. Why is security such a taboo here?

Foo Fighters

New York, Aug 21 - Last night the Foo Fighters (shop) took precedence over non-profit tech blogging. It was yet another shameful example of America's distraction culture. However, the last minute decision to attend this blogger does not regret. There are few occasions that the Foo Fighters do acoustic; few in which one can sing along with Dave Grohl (info) and a few thousand inebriated buddies. The Beacon is a relatively small venue and for me it was standing room only. Work shoes are not meant for standing three hours straight but the show was worth the foot aches. The Foo Fighters are not great stage performers, at least not when doing acoustic, but their music doesn't require presentation. It is its own substance. It is almost spiritual, without the theology, especially when you can sing along with the aforementioned few thousand favorite inebriated buddies. There is power in their music.

In other news: the servers arrived yesterday. Two hot and sexy (at least for this non-profit) rack-mountable Xeons with RAID 5+1 and 2 GB RAM. The soon to be domain controller has already been loaded with OS, Backup Exec, and Symantec Antivirus. It's twin will get Exchange 2003 Standard on the day of the migration. Should be fun!

Month Two Review

The month two review seemed like such a hopeless prospect last month (post). Though tension still looms, things have calmed some in the office. It's become apparent that at least half of the friction between my boss and I is due to his inability to communicate with humans. That understanding doesn't generate harmony but it helps to know his intentions aren't always meant to antagonize. For example, a scheduled web demo I set up to review a competitor product to the one we use now was called off by him. His intention, stated poorly, was to make sure I did not overburden myself. Because he insisted on cancellation before asking me the purpose of the demo, he diminished my role as IT Manager even if little malice was intended. Hence friction (post).

While the laundry list of accomplishments last month don't appear this month there are a few big successes. Much of this month went into prepping and testing for the migration and though the prepping has yet to be done, it has begun with the cleaning of network folders. A large part of this is communicating with the staff and getting them to understand. Therefore an email was sent briefly explaining the migration process, purpose, and staff's role in the overall project.

Using software called ShowSize (site), I printed lists of folders and subfolders, about two levels down, in size order to visually depict which folders need the most attention by the user. This helps tremendously because staff don't have to randomly go through every folder, saving them time, and they attack the very source of the problem, guaranteeing a significant reduction in stored data. I offer three options: 1) If the files are regularly used, leave them there. 2) If the files will never be needed, please delete them. 3) If some files need to be permanently archived, send me the list and I will move them off the network and on to a CD. Quotas have not been set so these options fit their comfort level and since I make myself available to their inquiries the users have shown their willingness to work with me.

Eventually I will explain my goals for uniform drive mappings, network folder names, usernames, and complex passwords. Change is always hard. There will be complaining but I feel if an IT Manager can be firm, limit the impact on the user, be receptive to suggestions, and show/convince them of the benefits, staff will minimize grumbling. With the spam filter implementation and an email service that has been more dependable, I think I have earned the clout needed for staff cooperation.

Migration equipment was finalized and ordered (post). Much of it has came in and the servers are schedule to arrive on Monday. This is when the fun begins. Sadly I stuck with Symantec Backup Exec. My disdain for Symantec is no secret (post). While their sales staff is great (of course), their support is a notch above IBS (info). Techsoup delivered but I did experience a couple of hiccups, as expected. Only one Windows server title is allowed for purchase through TechSoup so I purchased another Windows 2003 Standard license with Microsoft charity licensing through CDW. Though still a tremendous bargain, my intentions of getting 6 licenses went out the door. Additionally our purchase of Acrobat Standard through TechSoup was refused by Adobe for no clear reason.

My greatest accomplishment was implementing the SpamStopsHere spam filter (post). The setup monopolized a couple of weeks. Though it is not perfect (a little too strong due to a custom filter I created to thwart image-based spam), with the commenter's suggestion to use SMTPtracker (post) I anticipate catching 95% of junk mail. I hesitate to install SMTPtracker now because it needs .NET 1.1 on the server. Despite the reduced burden from the lower levels of spam and improved stability from patches and a defrag, the Exchange box still seems on the edge. I will set it up on the new server.

I look forward to the migration, which hopefully will happen at the end of this month. Though more comfortable about the work situation, it still feels like my long-term prospects here are poor. I hope to set up this non-profit so it is updated and stable enough to run without major overhauls for a few years. If I can create the proper foundation now, that should be quite possible. Then, at least, I can leave having accomplished something.

Acronis True Image Workstation 9.1

On this site I frequently make requests for information or opinions on hardware/software. I think it's only fair I share when I discover something, good or bad. Frustrated with Symantec's Ghost 2003 (info) (they have a newer version now that I have not used), I went looking for an alternative. I found one that was relatively cheap and therefore much easier to take a gamble on. It's called Acronis True Image (site) and I do recommend it.

Ghost does what it needs to very well, which is ghosting or cloning a disc. No problem there. But I've always found pain in booting off of a Ghost disc and transferring a drive image to a network drive. I was overjoyed with Acronis because they seem to feel as I do: just because something is meant for enterprise-level doesn't mean it has to be complicated. Creating an Acronis boot disc does not involve figuring out what type of NIC you are using, it just works with your network, and it's got a more versatile GUI so it takes less time to work with.

There are many versions of Acronis True Image. I have only used Workstation 9.1 (shop) and I use it for two things: 1) cloning and archiving drive images (especially templates for common PC models) 2) live incremental backups for manager's PCs. There are several other functions that come with True Image Workstation 9.1, like managing and deploying images, but I have not used them. I'm sure I've under utilized True Image but I only have a few specific needs and it does those quite well. This for $80 per license retail is quite the bargain.

Of course there is non-profit pricing -- I wouldn't have it any other way! With a year's support which is mandatory when purchasing directly through Acronis, it came out under $80. On CDW (shop) I saw it for $70 but could not tell if any support was included.

Call Acronis if you are interested, have questions, or want non-profit pricing. I often find companies that are going up against industry standard software are VERY pleased to speak with potential customers. Like EMC and Yosemite, Acronis was very receptive to my inquires.

The Equipment Arrives

The hardware started arriving this week and I am overjoyed. One KVM switch (shop) has successfully eliminated two monitors, keyboards, and mice from my office. The other (shop) is waiting for the new servers to arrive. The current KVM switch used for the servers was built in the late 19th Century and must have cost almost $4. I believe its power source is coal.

The LTO drive also arrived. I settled on a rack-mountable Quantum (shop). Thankfully it came with a SCSI cable, terminator, and two tapes. Usually I get everything barebones, no matter what I pay. I suppose the cable and terminator don't cost what they used to but it was nice to see them and two tapes included. I bought a box of 20 tapes anyway.

TechSoup (site) and CDW (site) sent the licenses nice and fast. Microsoft and Symantec (antivirus) delivered the media just as quick. I'm still deliberating on which backup software I should use. With no real-world experience with either Yosemite (post) or EMC's Retrospect (post), I dread I will remain with Symantec. I'm really bummed about this but I don't want to gamble with the company's security. My testing went fine but virtual servers can't be considered a solid test environment. This is all new to me anyway so I'm sure I didn't take testing as far as I could have. Plus I have limited time. This is when I wish I weren't a one man operation.

Much is piling up on me all of a sudden but since the hardware is here and the servers are only days away, I hope to commit to the migration at the end of the month. Much progress in under two months!

Putting Myself Out of Work

People ask me this from time to time. They wonder if I do my job too well if I'm not putting myself out of work. If all the problems are fixed, who would need me? I rarely worry about this. I work in the hopes that I will make myself obsolete some day. It's the only way I can guarantee I'm doing the job right. There are a couple of reasons I don't sweat the future under this philosophy.

1) New stuff always comes out. Stuff gets old. New problems always crop up. New projects are always around the corner in a company that strives to grow. Therefore I'm always needed. I don't want to work in a stagnant company anyway.

2) Once problems are fixed, staff, management, and technical personnel find other projects to put their new found free-time into. When people don't have to routinely focus on the same set of problems, they find new ways to grow and branch out, leaving me with new challenges.

It's fun working with a small company, especially a non-profit, as it branches out. At my last job, once the basic computer problems were settled and network stability became the norm, the social workers were suddenly more mobile, working from the road, conferences, meetings, branch offices, vacations, and their homes. While I never conducted an analysis, it appeared to me the staff was getting more done with less stress. I felt great about that and never found myself at a loss for work. Maybe I'm in a fantasy land but I can't imagine ever running out of things to do in a company that wants to grow.

Someone to Watch Over NP

A consultant shared his opinion with me, that small non-profits shouldn't waste their money on in-house technical people; that a maintenance contract with a consulting company like his is enough. I have a lot of problems with this logic assuming it is not solely driven by self-interest. To meet short-term goals such a circumstance may make sense but so much is ignored in such a recommendation.

When I speak of in-house technical people, I'm referring to a manager-type that can make informed technical and business decisions, not just a helpdesk-type person. While the latter is very important, a small IT department will force all staff to fill multiple hats. A young, inexperienced, purely technical helpdesk person, for example, is not going to be able to make decisions effectively and non-technical supervisors don't know enough to query decisions made by them. So you wind up with situations like the one I mentioned in the last post (post) and the more common, more innocent scenarios like the one Michael Stein commented on (post).

I feel, however, that any in-house tech is better than a removed, immediately unavailable consulting firm. Before my arrival, the current company I work for relied heavily on consultants for everything from server crashes to workstation slowdown. It worked fine for a short while but I sensed some of the staff were becoming unglued with no one attending to their individual/departmental needs. Much of the minor work can be done more effectively by in-house technical staff who would eventually gain experience with common company issues, whether technical or functional.

Plus, as I mentioned earlier, there is self-interest with consultants that cannot be ignored. That's not to say they are deceptive but they are human and they are running a business for which a significant portion of revenue could come from reselling. Can one really trust the salesman to make unbiased suggestions? Even if the product they suggest works fine for you, are you sure it is the best that you could have done.

I don't discount consultant opinions, I depend on them, but I also look for alternatives and other opinions where non-technical administrators would not. Any IT Manager would do the same. The overarching, company-wide impact of certain decisions need to be considered by a technically capable person who is working in the interest of the company. It may not be realistic for every non-profit to invest in an experienced IT Manager but they should find someone who doesn't just sell to them but can advocate for them; someone who doesn't just focus on an individual project but will look at the whole business; someone who doesn't just consider the company occasionally but thinks about the company's goals every day. That's what an IT Manager is for.

Blissful Ignorance is Not Acceptable

A perfect example of a non-profit with little respect for itself as a business is one that I have consulted with lately. Out of neglect, pride, politics, and favoritism, the non-profit has boxed itself into a nightmare. Years of neglecting their IT infrastructure and personnel has left them with what is probably the worst patchwork of computers I have ever seen. Inventory has been non-existent, therefore there is much suspicion that the sole technology person has stolen hardware. Procedures have never been in place, nor documentation, so solutions to problems are haphazard and quite often illogical. Many resources have been created in-house to save money but as a result very little has been done well and staff spend more time learning quirks of systems than just doing the work. Backups? No one even knows if there are backups. With so little oversight and concern by administration, the technology person has made himself indispensable by making all systems dependent on him.

There is so much distrust of this technology person (I hesitate to call him a manager) that the organization is afraid to fire him. I advised calling in a consulting group with experience in this situation. With so much ignorance of the physical circumstance of their network, no one but the technology person would know admin passwords for their systems.

I blame management for a situation like this. Blissful ignorance is not an acceptable managerial technique. Whether one belittles the tech by treating him like a plumber or fears him for being a rocket scientist, administrators need to have some control, some knowledge, some proactive goal for their IT department. It is business imperative to have an IT initiative. Letting one individual run amok and bring your organization to its knees is unacceptable and unnecessary.

Towards Spam Filtration Perfection

Staff was so delighted to be relieved of the spam burden I received a round of applause at the all-staff meeting today. It was nice. Tweaking the spam filter has monopolized me for the last couple of weeks. At this point it might be a touch too strong but overall spam has been reduced by as much as 90-95%. I'm not exaggerating. The stats are interesting too. Over 80% of all the mail coming to us, including nonexistent addresses, is spam. No wonder the server was crawling! Here's the current setup:

SpamStopsHere (site) is an offsite spam filter. Our MX Record (info) has been set to exclude our email server, pointing only to three SpamStopsHere servers that reroute mail to us. Our firewall is setup to only accept SMTP traffic from SpamStopsHere servers. In this way no spammer can bypass the SpamStopsHere service.

There are several settings to help fine-tune the system. Most every option has been activated at this point, including two custom filters I created. The most obvious filters, like blacklists and phrase and IP matching, are set to reject the emails with a custom message explaining why the message was rejected and what the sender can do about it. Many of the settings, especially initially, are configured to forward flagged emails to one in-house email address I created. This allows me to review what is being caught, which has helped with the tweaking and allowed me to forward legit emails to the right staff. Once I'm comfortable with this setup I will probably set everything to reject and put the burden on the sender.

I created one of my custom filters to catch image-based emails that seem to be increasingly used by spammers. I did this by catching anything with the code "src=cid" in the source. Of course this has caused a lot of false-positives because so many people embed images into their newsletters, signatures, etc., through mail programs that use that code. Still thousands of actual spam messages have been caught as well. I might still get rid of this custom filter and setup SMTPTracker (site) as a commentor suggested (post). It's free for non-profits. The combination, I hope, will reach spam filtration perfection.

Sick

Been out of it for a few days. Ailments do not discriminate between the non-profit IT manager or otherwise. I don't like being hit so hard having just started a new job, even if it's been tough. I'll be back up soon.