Broadview Has Moved!

Broadview Networks is pleased to announce that we have moved! Our new offices are located at 1-1530 Taylor Avenue.

The New Virtual Frontier - Desktop Computing Goes VM

Tighten control of corporate assets and simplify desktop management with VMware Virtual Desktop Infrastructure (VDI). This comprehensive desktop virtualization solution lets you replace traditional PCs with virtual machines that you can manage from the data center.

Windows Server 2008 Feature Focus: Read Only Domain Controllers

Read only domain controllers in Windows Server 2008 allow for Branch Office domain services without the risks commonly associated with Domain Controllers in remote locations with less physical security.

Windows Vista Service Pack 1

The release of Windows Vista Service Pack 1 marks the point where business users and consumers can benefit from the refinements and improvements in the Windows Vista operating system. With minor improvements to existing features, the primary focus of SP1 relates to quality improvements that address reliability, security, compatibility, and performance.

Broadview Media- DNS and Your Networks

Domain Name System is the underlying concept that provides a distributed hierarchy of authority to translate Internet domain names that are convenient for people to remember to the corresponding numerical IP addresses that are used for computers to communicate with one another. This article is a primer on DNS and how it works in common networks.

After 5 years on Pembina Highway, the Broadview Networks offices have relocated to a larger and more functional facility located at 1-1530 Taylor Avenue in Winnipeg, MB.

The move to this location was welcome news to everyone at Broadview as the team was bursting at the seams of the former office site. With growth in every department over the last year and staff numbers rising to more than 20 across the Sales, Administration, Technical Services and Broadview Media teams, the old office became restrictive. The new office facility is much larger and gives all of our business units more space to operate, including dedicated meeting rooms for client meetings. Technical Services now boasts a more accessible bench work area, and all of the staff benefit from a large lunch room area. We are in the process of adding an on-site staff fitness room to our building.

A key feature of the new office is the first-class boardroom! This large room will handle groups of 30 for either traditional boardroom or classroom seating configurations. Seminar and classroom training sessions are planned for future dates in order to extend the use of this room to enhance customer interactions.

The entire team is excited to be in the new office and we are looking forward to hosting our customers at future Broadview events!

Our new mailing address:

Broadview Networks
1-1530 Taylor Avenue
Winnipeg, MB
R3N 1Y1 Canada

Phone: 204.984.9897
Fax: 204.984.9899

The fully-featured "thick-client" PC has traditionally been the ubiquitous workhorse of desktop computing. For many scenarios it has offered the best available combination of price, performance, and capabilities. However, for many use cases thick-client PCs are less than an ideal solution. Among their drawbacks:

Difficult to manage: Centralizing PC management is extremely difficult in the face of broadly distributed PC hardware and users who increasingly require access to their desktop environment from anywhere. Further, PC desktops are notoriously difficult to standardize because of the variety of PC hardware and users' need to modify desktop environments.

High total cost of ownership: The relatively low cost of PC hardware is often more than offset by the high cost of PC management and support. Ongoing PC management including deployment of software, updates and patches can be labor-intensive because of the need to test and validate deployment for a wide variety of PC configurations. Likewise, lack of standardization and the need for support personnel to troubleshoot issues in person raise support costs.

Difficult to protect and secure data: Ensuring that data on PCs is successfully backed up and can be restored when PCs fail or files are lost is a significant challenge. Even when data is successfully backed up, the risk of PC theft threatens the security of important data.

Inefficient resource utilization: The distributed nature of PCs makes it difficult to pool resources to improve utilization and reduce costs. As a result, PCs are often less than five percent utilized, remote offices require duplicate desktop infrastructure, and complicated remote desktop solutions may be required for mobile workers.

Because of these drawbacks, organizations are increasingly evaluating and implementing alternatives to thick client PCs for many scenarios. In particular, companies have looked to host desktop images on server systems to enable them to centralize resources and improve manageability of their desktop computing infrastructure. Building a server-based desktop solution with a VMware virtual desktop infrastructure makes it possible to address PC desktop challenges while optimizing usability, manageability, total cost of ownership, and flexibility. With a virtual desktop infrastructure, complete desktop environments-operating system, applications, and configurations-reside in virtual machines running on servers virtualized by VMware VI3 Server software. Administrators use VMware VirtualCenter to centralize management of all of the virtual machines in their environment. End users use remote display software to access their desktop environment from a PC or thin client.

With a virtual desktop infrastructure, administrators can:

• Build hardware-independent desktop environments
• Run multiple virtual machines simultaneously on the same system, each independent and isolated from others on that system
• Provision new virtual machines from templates in minutes

Customers who have implemented a desktop solution using a VMware virtual desktop infrastructure have seen benefits that include the following:

Improved manageability: VMware VirtualCenter makes it possible to centralize and streamline provisioning, configuration, resource management, and workload management for desktop environments.

Streamlined deployment: Desktop administrators can deploy new standardized, hardware-independent desktop virtual machines from templates in minutes and can automate more of the deployment process.

Increased flexibility: Users can access multiple desktop environments from a single client. They can also access their desktop environment from any connected client. Administrators can instantly archive or discard inactive desktop environments to reclaim resources for immediate reuse.

Improved data protection: Administrators can use the same backup processes they use in their datacenter today to ensure reliable desktop backups. Desktop recovery is dramatically simplified by the hardware independence of virtual machines. Ensuring data security is also simplified because all data resides in the datacenter.

Better resource utilization: Running multiple desktop environments on a single server allows customers to pool hardware resources effectively. It also provides the flexibility to easily reuse and dynamically reallocate computing resources to desktop environments.

Reduced costs: By centralizing desktop computing resources and standardizing desktop hardware, a virtual desktop infrastructure enables companies to reduce the complexity and cost of desktop support.

A server-based desktop solution built with a VMware virtual desktop infrastructure offers a true alternative to the traditional thick-client PC. This solution enables organizations to improve manageability, reduce desktop total cost of ownership, improve utilization, and better protect critical data.

To learn more about VMware solutions and products, contact your Broadview Networks Representative or call 204-984-9897.

With the announcement of the Read Only Domain Controller (RODC) role in the Windows Server 2008 product comes the opportunity for organizations to extend their Active Directory environment into remote locations that might have previously been poor candidates for a domain controller deployment. RODC's can provide remote locations with the benefits of faster, more reliable authentication services, while addressing security concerns that could arise in the event of loss or compromise. Three primary features of Read Only Domain Controllers make the technology particularly suitable for deployment at Branch Office or in edge network scenarios:

• One-way Replication
• Administrator Role Separation
• Secrets not cached by default

Read Only Domain Controllers host a read-only replica of the Active Directory database. Changes made to Active Directory on a normal Domain Controller replicate to the RODC, but the RODC never replicates anything to any other Domain Controller in the domain. Changes to Active Directory must be made on a writable domain controller; the change is carried to the RODC through replication only.

This read only replication pattern prevents a change at a branch location from polluting or corrupting data for the entire domain/forest. Additionally, this one-way replication model reduces the workload on bridgehead servers that are responsible for managing replication traffic (and there is less traffic as it is one-way only).

The one way replication model also applies to FRS and DNS services. An RODC can be configured as a DNS server and clients can query for name resolution just like any other DNS server. The DNS server cannot be updated directly by clients.

Administrator Role Separation

Administrator role separation enables the delegation of local administrative rights on an RODC to any domain user or security group without granting that user or security group any user rights for the domain, or other domain controllers. A designated local branch user can be granted permissions to log on to their branch RODC and perform maintenance work on the server - for example, to update a device driver, or to restart the RODC. However, the branch user cannot log on to any other domain controller, and the user is not a member of a domain administrators group (they do not need to be an administrator on workstations even). The delegation of administrative rights to the Read Only Domain Controller allows specified users or security groups to effectively manage the RODC without adding any security concerns with respect to the rest of the domain.

Secrets are not cached by default

An RODC holds all the Active Directory objects and attributes that are stored on normal Domain Controllers in the domain, except for account password information. By default, the RODC doesn't store any passwords for any object, except for its own computer account, and a special key replication account (each RODC has these). This behavior ensures that if anyone were to gain access to the RODC, then there would be no compromise of secrets.

In most Branch Office environments, only a small subset of domain users will ever authenticate to the domain from a branch site, but it may be desired for your branch users to have their passwords cached in the RODC to improve logon times, or to provide authentication when the WAN link to the writable domain controller(s) is not available.

In this scenario, a user logs on, with the RODC passing the initial authentication to the writable domain controller (it doesn't know the password). After the writable DC authenticates the user and recognizes the request as originating from an RODC, the writable domain controller consults the domain Password Replication Policy that is in effect for that RODC. If the Password Replication Policy dictates that the user's password can be replicated to that RODC, then the credentials are replicated and the RODC caches them. On subsequent logins, the RODC can authenticate the user until such time as there is a credential change replicated through Active Directory.

Additional Information

In order to support Windows Server 2008 Read Only Domain Controllers, the PDC emulator (Flexible Single Master Operations) server for the domain must be running Windows Server 2008, and the domain and forest functional levels must be Windows Server 2003 or higher.

For more information, or to learn more about whether RODC's might be right for your environment or Branch Office, please contact Broadview Networks.

Domain Name System (DNS) is a system that is designed to help people and computers access Internet resources. Internet Addresses are all numerical and are constructed of many digits which can be difficult to remember – it is much easier to remember the name "www.broadviewnetworks.ca" than it is to remember the corresponding numerical address "64.40.101.67". DNS is the mechanism that translates the request for the easy-to-remember domain name into the numerical Internet Address for the requesting system.

What is a DNS Server?

A DNS Server is a system that holds a database record of IP Address entries and associates these records to logical system or domain names. Whenever a system is looking for a DNS entry, it asks a DNS server. If the DNS server has an entry for the record, then the DNS server responds to the client with the record information. If the DNS server has no entry for the record that is requested, then it asks another DNS server to perform a lookup. The request process continues until a DNS server responds with information about the requested record.

Internal versus Public DNS

Local Networks typically have a local name server system designated in the network to handle DNS name requests for systems inside the network. Clients are configured to send DNS requests to this internal DNS server. This DNS server accepts requests from client computers and delivers responses when it has the record information.

• If the DNS server finds an address registered in its records that matches the name request, it provides the response to the requesting system.
• If the DNS server does not find an address registered in its records that matches the name request, but there is a recent cached record (stored from a recent external lookup), then it provides the cached response to the requesting system.
• If the DNS server does not find an address registered in its records that matches the name request, the server passes the request along to an another DNS server, asking it to resolve the Internet Address for the name requested. This process continues until a DNS server that is authoritative for the domain in the request is contacted.

DNS servers are provided by most Internet Service Providers (ISP's), and are the DNS servers that an Internal DNS server will relay requests to for those domains that it is not authoritative to answer for. For example, if your internal DNS server is configured to be responsible for only the domain name "internal.local", then any request for "www.google.com" will be relayed to an ISP DNS server. Your DNS server will not know anything about the "google.com" domain and will not know how to find the host name "www". But the ISP DNS servers will be able to determine where the public DNS servers are located for the domain "google.com", returning the information to the original requester through all the DNS servers which relayed the original request.

Types of DNS Records

There are different types of DNS records commonly stored in a DNS server database. This includes record types for the most common hostname-to-IP Address records (A record), mail server entries (MX), and pointer record entries (PTR) which are the reverse of A records. Other types of DNS record entries exist but are less frequently used and are seldom changed.

Next Month – Managing DNS

Managing your Public DNS records and hosting the entries can sometimes be confusing and usually involves contacting a DNS host and domain Registrars. Next month we will provide information on how and when changes to DNS are required, and how Broadview Media can help you with the tasks of managing your public DNS information.

Domain Name System (DNS) is a system that is designed to help people and computers access Internet resources. Internet Addresses are all numerical and are constructed of many digits which can be difficult to remember – it is much easier to remember the name "www.broadviewnetworks.ca" than it is to remember the corresponding numerical address "64.40.101.67". DNS is the mechanism that translates the request for the easy-to-remember domain name into the numerical Internet Address for the requesting system.

What is a DNS Server?

A DNS Server is a system that holds a database record of IP Address entries and associates these records to logical system or domain names. Whenever a system is looking for a DNS entry, it asks a DNS server. If the DNS server has an entry for the record, then the DNS server responds to the client with the record information. If the DNS server has no entry for the record that is requested, then it asks another DNS server to perform a lookup. The request process continues until a DNS server responds with information about the requested record.

Internal versus Public DNS

Local Networks typically have a local name server system designated in the network to handle DNS name requests for systems inside the network. Clients are configured to send DNS requests to this internal DNS server. This DNS server accepts requests from client computers and delivers responses when it has the record information.

* If the DNS server finds an address registered in its records that matches the name request, it provides the response to the requesting system.
* If the DNS server does not find an address registered in its records that matches the name request, but there is a recent cached record (stored from a recent external lookup), then it provides the cached response to the requesting system.
* If the DNS server does not find an address registered in its records that matches the name request, the server passes the request along to an another DNS server, asking it to resolve the Internet Address for the name requested. This process continues until a DNS server that is authoritative for the domain in the request is contacted.

DNS servers are provided by most Internet Service Providers (ISP's), and are the DNS servers that an Internal DNS server will relay requests to for those domains that it is not authoritative to answer for. For example, if your internal DNS server is configured to be responsible for only the domain name "internal.local", then any request for "www.google.com" will be relayed to an ISP DNS server. Your DNS server will not know anything about the "google.com" domain and will not know how to find the host name "www". But the ISP DNS servers will be able to determine where the public DNS servers are located for the domain "google.com", returning the information to the original requester through all the DNS servers which relayed the original request.

Types of DNS Records

There are different types of DNS records commonly stored in a DNS server database. This includes record types for the most common hostname-to-IP Address records (A record), mail server entries (MX), and pointer record entries (PTR) which are the reverse of A records. Other types of DNS record entries exist but are less frequently used and are seldom changed.

Next Month – Managing DNS

Managing your Public DNS records and hosting the entries can sometimes be confusing and usually involves contacting a DNS host and domain Registrars. Next month we will provide information on how and when changes to DNS are required, and how Broadview Media can help you with the tasks of managing your public DNS information.