Software guru, Inc

Real World Solutions

Software Guru Common Solutions

Software Guru is technology agnostic.  We look for the best solution for our clients' needs without any particular product bias.  We don't make money selling other companies products.  While we certainly can acquire and resell equipment to our clients, we do so with no markup.    Further, as a rule, we prefer to work with vendors our clients have good existing relationships with, or help them establish new vendor relationships.  We don't act as a middleman for any third parties.

However, that being said, over time you find products and services from third party vendors that you end up recommending more often than others.  Solutions that can meet a wide variety of client needs and that we end up implementing on a fairly regular basis.  We present some of those here.


Dell Equallogic

 
 
 
Storage Area Networks have a reputation for being difficult to install, configure and maintain. Furthermore, in my early experience, they delivered a far less flexible "virtual disk" platform than I wanted.  

In my mind, a SAN should be a "disk cloud" where shared disks are dynamic and independent of the size or type of underlying physical disks.  Where the SAN would be smart enough to know what kind of performance I needed, what level of redundancy and how much space I needed at any given time.  It should be able to over allocate space as needed and dynamically reclaim unused space.

Yeah.  That didn't happen.

Not until I discovered Equallogic, and my dreams began to take form and with Windows 2012 did my dream become real.  Windows 2012 now supports virtual disk space reclamation and my SAN or "disk cloud" does what I always thought it should do in the first space.

  •  Ease of use:
    • Did you know that Equallogic representatives carry Equallogic units in their cars, along with their notebooks?
    • I was sold when the representative came into my client's conference room, took the unit out of it's suitcase, plugged into the wall, plugged his notebook's ethernet cable into it and in 5 minutes we had a working SAN in our conference room.
    • He then created iSCSI target drives of varying sizes and mounted them on his Windows XP notebook and proceeded to show us some of the outstanding features, including disk resizing, over-allocation and a host of other features.  
    • He then did a factory reset, to prove there were no tricks, and did the whole thing again.
    • When that client bought one, it was just as easy to do ourselves, but our Dell Equallogic rep was sitting there by our side as we did it.
    • I've recommended nothing else for my SMB clients since then.   I've worked with a lot of different SANs nothing is this easy.
  • Modular
    • All PS6xxx Series Equallogics use the same software and are backward compatible with each other to the very first Equallogic (the PS4xxx series is similarly compatible, however the advanced feature sets vary a bit)
    • Up to 16 units can be grouped together into a common virtual SAN unit.  Every machine you add increases the performance and flexibility, both by increasing throughput but also allowing for dynamic and automatic tiered storage.
    • You can then network these super SAN units together with other Equallogic SANS and you can setup replication schedules and data movement plans between the SANs.
    • I have customers that have a set of Equallogics at their main site, and another distinct set at their backup site.  Critical data is easily replicated between the two SANs over a VPN with almost no effort on the Admins part other than the initial setup, which is again, quite easy.
    • The PS6xxx comes with every feature enabled.  There are no upsales, no add ins.  You buy a complete SAN each time.  
    • Every unit can act independently or in combination depending on your needs.
  •  Simplicity
    • If you look at the Dell/Equallogic website, it may seem like there are a lot of complex options.  There really aren't.  You only have to make a few choices.
      • Physical Drive Size 3.5" or 2.5"
      • Disk Type:  
        • All normal disk
        • All SSD
        • Some SSD, some normal.
      • Chassis Size: Generally 2 Options: Lots of disks, or an awful lot of disks.
      • Ethernet Speed: 1 Gbps or 10 Gbps
      • Disk Capacity:  Depending on the form factor of the disk, there are generally two sizes of disks available at any given time.
      • Disk Speed:  
        • 7,200 RPM and either the older SATA models or newer near-line SAS.
        • 10,000 RPM
        • 15,000 RPM
    • That's it.  Other than you could get a 4100 series which has fewer features, but we don't recommend that.
  • Reliable
    • By default they come with redundant controllers
    • Each controller has 4 ethernet ports, plus a management port on some models.
    • Mix and match the 8 ports to redundant linked Switches and you're good to go.
  • Ease of Use
    • There are very few choices to make in setup.
    • Each unit has a base RAID level that determines the overall storage structure.  You choose from the standard options 0,1,5,6,10,50 etc.  That determines your capacity.
    • By default there are 2 drives used for spares.
    • After that you just start carving the giant disk up into little virtual disks of whatever size you need.  
      • Choose a size and an allocation level 
        • e.g. start with only using 10% of visible size:
        • Disk reports as 100 Gb, but only uses 10 Gb to start.
        • Disk will grow dynamically and transparently, and with W2K12, it can be trimmed.
      • Choose a reserve percentage for Shadow Copies and replication (could be Zero)
      • Choose a warning level to alert you if the size gets to a certain point.
      • Assign permissions to the disk.  What servers, or users, can access this target disk.
    • You then just refresh your iSCSI initiator and decide if you want to use mutlipath and attach the target.
    • Quick Format the disk (to preserve dynamic allocation) and select a drive letter.
   


SQL Server High Availability Groups

 
 
 

Not Your Grandfather's Clustering 


SQL Server 2012 introduces High Availability Groups a new way of clustering databases.  And it works great on Windows 2008 R2, but with the introduction of Windows Server 2012 High Availability Groups come to a lot more Windows Services.

Anyone who's ever done Windows Clustering knows what a painful experience it can be, along with the critical requirement of using exactly the right certified hardware and matching patch levels.  Heartbeats and shared storage all combine to make clustering something that only an Enterprise IT Staff will want to take on.

No more.  High Availability Groups bring clustering to the masses.  The key difference?  High Availability Groups are Application Layer Clusters, not OS clusters.  This means cluster members no longer have to be identical.  In the case of SQL Server 2012 the only thing that really has to be the same is the logical disk layout and path structure.  The underlying details of that structure doesn't have to be identical.  It can be a SAN in one environment and local storage in another, you just need the path names for the databases to be the same.
SQL Server High Availability Groups rely on Windows Fail Over Clustering.   Windows Fail Over Clustering is a Windows Feature that allows you to define Application Clusters and cluster FOC aware applications.

In addition to SQL Server, many other services such as DNS, DHCP and MSMQ can be in Fail Over Clusters.  Some require shared storage, such as on a SAN, but others do not.  SQL Server does not.

Windows 2012 makes use of this technology and builds on it in to provide Fail Over Virtual Machines and other advanced services.
  • SQL Server High Availability Groups require at least two servers plus either a witness share or a witness SQL Server (which could be SQL Express).
  • Not all databases on a SQL Server need to be clustered.  You can have some database in the HAG, and others not.
  • There are two modes of operation Synchronous and Asynchronous. 
  • Synchronous mode waits for hand shake to confirm all data has been committed on both sides.  It thus occurs some overhead and a noticible performance hit, depending on your network connection.
  • Asynchronous mode sends data and doesn't wait for a commit hand shake, but will resend data if needed.
  • The key difference is how much data loss could there be from a fail over.  In Synchronous mode, you know that there will be no data loss whatsoever if the main node goes down.
  • In Asynchronous mode there could be some data loss if the replication is running behind.  With fast connections this is not a problem, but when replicating large change sets over a VPN tunnel, there could be time periods where the second copy could be minutes to hours behind.  
  • Much of that, however can be alleviated/minimized by application design, greater bandwidth or WAN accelerators.

Cloud Solutions

  • CloudProtect Your Servers:  Backup any Physical or Virtual Windows Server (2008 or later) to your on Virtual DR LAN in our Cloud

 

  • We can migrate your business to the cloud.
  • We are a Microsoft Cloud Partner and can: 
    • Advise you on the best options for your business.
    • Sign you up 
    • Migrate you 
    • Provide ongoing management your hosted Exchange services on a very reasonable per user/month basis.
  • We provide full Exchange Online configuration along with all other Office 365 management features.
  • We can help you with:
    • Office 365 Software
    • Hosted Exchange
    • Hosted SharePoint
    • Hosted Lync Services
    • Microsoft Dynamics CRM
    • Visio Pro for Office 365
    • Project Pro for Office 365
    • Project Server Online
  • We also can recommend, sell, support and manage traditional on-premise Microsoft solutions:
    • Exchange On-Premise
    • SharePoint
    • TFS
    • SQL Server
    • Dynamics
    • Office
    • Windows
    • Active Directory

 

 

Firewalls

Watchguard vs. Sonicwall 

We've implemented a wide number of firewalls over the years:  Checkpoint, Cisco, Astaro, Fortinet, Symantec, Juniper/NetScreen, Sonicwall, Watchguard but the two we keep coming back to are Sonicwall and Watchguard.  These have proven to have the most price competitive feature sets for the SMB community.  The big question we keep coming back to is which one is better?  And you might ask, why not Cisco or Fortinet or the others?

Actually most of the ones I mention are reliable and good firewalls.  The main reasons?
  • Cisco is the industry standard.  Therefore the most likely to be exploited by hackers.  And it costs more for what you get.  
  • Fortinet is good, we just haven't got as much history with it, to give it our full blessing.  The same is true for Juniper (formerly NetScreen)
  • Checkpoint used to be the overpriced-gold standard for firewalls.  However, we felt some time back that it's price and complexity were beyond what the SMB market needed.  Although they've made some good strides in recent years.
  • Astaro used to be one that we installed regularly, it's great.  However as the UTM market's matured, we don't feel it provides a level of service to meet its new higher prices.
  • Symantec is generally not sufficient for our clients.
Both the Watchguard family and the Sonicwall family offer a proven track record for network security.  The features we look for the most are well represented in both families:
  • Failover Clustering (i.e.can you cluster the two firewalls so that if one goes down the other comes up)
  • VPN Endpoint Interoperability with other firewalls.
  • WAN load balancing, multiple/internet connections.
  • Unified Threat Management with regular updates
    • Antivirus and Anti-spam Scanning of all traffic including HTTP/FTP/SMTP
    • Site access controls and Content Filtering (website blocking)
    • Intrusion Detection and Remediation System
    • Application Blocking (e.g. BitTorrent and other highly port-mobile applications)
  • Easy to use interface.
   
  •  Hands down, the Watchguard family has the easiest/simplest interface in the business. 
    • This is why Watchguard often wins with me over Sonicwall.  It's almost impossible to screw yourself up with the Watchguard.
    • There is no simpler interface for managing a firewall's basic functions.  It's very object oriented.
    • We regularly train end users with no tech background how to manage these boxes.
  • I've had great experience with them and had them go through all sorts of Penetration testing with flying colors.  The interface makes complete security amazingly simple.  You don't have to know much about firewalls to be secure with a Watchguard
  • VPN Tunnel Compatibility is good.  However documentation is poor to some other brands of firewalls, and things are done a bit differently on a Watchguard.  There are some configurations that don't work together, like clustered Watchguards and BGP (even on the otherside)
  • Watchguards and particularly their UTM subscriptions are more expensive than Sonicwall.  Considerably so in the case of UTM.
  • Their direct sales support is pretty bad, use a reseller.
  • Their support team does it's job professionally, although they tend to be rather snarky and rude.
  • Sonicwall has been remarkably consistent about keeping its management interface the same over the years even as the feature set has expanded dramatically.
  • That being said, it's not great.  It's not as confusing as say CISCO, but then CISCO's GUI seems more robust.  I'd argue it's about 2nd best, after Watchguard.
  • Configuring a Sonicwall is relatively straightforward if what you want to do is covered by one of their wizards.  If not, well, this is something either a network administrator needs to do (vs a typical Systems Administrator who is not trained in firewalls/switches.)
  • Soniwalls need an administrator with a decent knowledge of TCP/IP and network protocols to configure and maintain; more so than a Watchguard.  Pretty much everything is more complicated in the Sonicwall Interfaces vs the Watchguard interface.
  • Sonicwall VPN Tunnels are well documented and can connect to every other firewall I've ever tried.  Sonicwall VPN Tunnels are probably the most straightforward to configure.
  • For a given performance level/feature set, Sonicwall's are around the same price, however Sonicwall has more models and pricepoints in the mid range,  in regards to annual subscriptions, Sonicwall seems a bit cheaper..
  • Sonicwall support is good, and it's going to get even better as its merged in with Dell's own customer support.  (Yes I know home users hate Dell support, but their business support is excellent)