What’s IT all about?

In a prior existence as an IT Manager, I implemented a Websense server on our network, primarily to monitor website usage and enforce our internet use policy. It was, and probably still is, a very good product offering a huge level of detail on who is accessing what on the network.

For a small business, however, Websense and it’s competing products just don’t make sense. Financially they are aimed at corporations, not a small office, and they require quite a bit of work to set up and maintain, let alone keep on top of the reports that are generated.

There are hosted services out there, through the likes of Messagelabs and Blackspider, that take the need for installing your own equipment away. However, there is still an ongoing cost involved, and you are likely to be faced with significant configuration and monitoring still.

If, however, all you want is basic web filtering (i.e. don’t let anyone access gambling sites) then this can be achieved for free. How, well it’s quite easy really, and it’s all achieved through DNS. For those that don’t know, DNS (Domain Name Services) converts those ever-so friendly website and email address names (e.g. www.fourlakes.co.uk) into much less friendly but very necessary IP addresses (e.g. 72.52.225.30) which tell your PC exactly where to find the relevant web page. Your network is probably set up to use your ISP’s DNS servers, which makes sense as they are located quite close (in network terms anyway) to your computer. However, if you change your DNS server settings on your ADSL or Cable router to point at those run by OpenDNS.com (namely 208.67.222.222 and 208.67.220.220) then you open up basic web filtering for your network. You need to register on the OpenDNS site first, but once you’ve done that it will recognise any traffic from your network and filter it against a whole raft of website categories. You can choose which ones you want blocked, resulting in a standard message which can be tailored to include your logo. This page also contains some fairly discrete advertising which is how the service pays for itself.

Additional feature include some pretty basic stats…you won’t get filtering or reporting to a user level, but you will find out if someone is trying to access unwanted websites on your network, allowing you to take action to track down the culprit if you so wish.

Worth a look.

My testing of Google Apps continues, and one issue I have had has now been resolved. If you recall from a previous post, I had Lotus Domino handling mail, calendar and contacts for both work and personal purposes. Now that I am using Google Apps and Thunderbird for personal email/calendar/etc. I have lost the tight integration I had with my Palm Lifedrive and my mobile. But the synchronisation of calendar items between Google and Thunderbird has been solved…and the instructions are here.

OK it does not get my calendar items on to my Palm, but that’s not a major problem and I think that having my Google calendar in sync opens up a whole raft of new avenues, given it’s support for iCal and XML.

Now if only I could get contacts synchronised

As mentioned a while ago, Four Lakes is moving from the Surrey/Hants border to Kent, now confirmed for 24th May. As part of the whole operation I will be moving house, which has been described as one of the three most stressful activities that can be undertaken. This particular move, so far, has been probably one of the smoother one, and yet there have been negotiations over work needed on part of the roof, and pressure from our vendor to move in a certain timeframe. Still, we have managed to exchange contracts successfully, and the moving date is set.

One of the painful aspects of moving house, I have found, is sending out change of address notices to all and sundry. Email has eased that problem somewhat, and online services like Plaxo have the potential to help too, but notifying the myriad of companies we deal with in our personal lives has always been a chore. Whether it’s the utilities, banks, credit cards or whatever, finding the right address to send your ‘Please update your records with our new address’ letter is most definitely a chore.

However, I came across a service the other day that has given me some significant help with this particular problem. Iammoving.com asks you a few pertinient questions (old and new addresses, moving date, etc.) and then asks you to choose from a list of companies to inform, categorised by type. Once you’ve built your list and, if necessary, added company-specific information (such as your bank account number) to some of the selections, you can press the button and electronic notifications are sent to your list. Or, at least, electronic notifications are sent to some of the companies on your list. The others produce a pdf which you can print and stuff into an envelope.

So it’s not as easy as it might be, due no doubt to the reluctance of certain companies to accept electronic change of address notifications, but still a useful service. If you’re moving house then it’s worth a look.

The world of VoIP promises a lot, and not the least of those promises is free phone calls via the internet. The reality, at least for now, is not quite that simple; but then is anything ever that simple ? That’s not to say that free internet calls are not possible, rather that you have to meet certain criteria before you can reach that exalted goal. In essence, free calls are an option if you and the person you are calling are on the same network. So if both of you are using Skype, or are Vonage customers, or use any other internet telephony provider that you should be able to chat away for hours without any problems or charges. The issues arise when you both are on different networks.

Skype

First of all, let’s take Skype as an example. One of the barriers to non-Skype users is that Skype uses a proprietary protocol, and as barriers go that’s a good ‘un ! Therefore, if you’re using a SIP-compliant PBX/provide, the world of Skype users is pretty much closed to you unless, of course, you have Skype running alongside your SIP softphone/handset. Not ideal, but about as good as it gets. (Note: there is a product called PSGw which will integrate Skype and SIP, but it requires Skype to be running on your PC so I’m not convinced you gain an awful lot.)

SIP

If you are on a SIP network (there are many providers such as Vonage, Sipgate, Voiptalk, FreeWorldDialup etc.) then you have a few more options. Most SIP ITSPs (Internet Telephone Service Providers) will have peering arrangements with other SIP ITSPs which allow you to route calls directly from one network to another. Therefore, if you are a Sipgate customer and you are calling a FreeWorldDialup customer then, with the addition of **777 at the front of their phone number, your call does not touch the PSTN and you incur no charges. Nice, but with a couple of limitations:

1. Limited peering. You are reliant on your ITSP having peering arrangements with many other ITSPs, and some are better than others in this respect.
2. Foreknowledge. It only works if you know beforehand which ITSP your contact uses, and then go to the trouble of programming in the right prefix for them. So for new or rarely used contacts you will invariably end up just using the standard number. (Note: SIP addresses go part-way to fixing this, so that if you publish your SIP address (e.g. SIP: 5576167@sipgate.co.uk) on business cards, emails, etc. then that information can be used to place free calls as long as appropriate peering is in place.)

Asterisk

The addition of your own Asterisk server (or any other PBX for that matter) into the mix opens up another option. Now, instead of having your softphone or shiny new SIP (or even IAX2) handset hooked up to your ITSPs PBX, you can run your own PBX, and only route calls through your ITSP when necessary. The advantage of this kind of setup is that you can accept incoming calls that are not routed through your ITSP, and this is important. Why, because you now have a means of avoiding the ITSP peering restrictions that would otherwise restrict from whom you can accept SIP calls. You are essentially setting yourself up as your own ITSP and can decide with whom you wish to peer.

“Hang on” you say, “doesn’t the other person need to know your server details in order to call you for free?”. And yes, you are quite right. As with peering, if the calling party doesn’t know you can accept a call directly then the default route is through the PSTN and back out through your ITSP. This is the issue that SIP addresses are supposed to resolve at the ITSP level (see above), and the mechanism for resolving this problem when you are running your own PBX is ENUM.

ENUM is most easily described as DNS for telephone numbers. For instance, on the e164.org site you can register your VoIP phone numbers and add ENUM records that will translate that number into an IP address, domain name or even a SIP address. It’s similar to publicising a SIP address, except in theory it is much more powerful for the following reasons:

1. Set and forget. Rather than relying on the person calling you to have received your SIP address information somehow, you are now relying on them performing an ENUM lookup. This is a one time operation for the PBX owner, making it much more likely to be done.
2. It’s all about control. And in particular, putting you in control. You set up your ENUM records, and you can change them should your circumstances change.

ENUM is more likely to be used in a business environment as only a small percentage of SOHO VoIP users will run their own PBX, so it is certainly still sensible to publish a SIP address for now. For home users, ENUM lookup on outgoing calls is a feature offered by some ITSP’s, although given that it will only ever reduce their income, you can understand why many are not offering it. For them there is a balance to be found between making money from SIP to PSTN calls, and improving their attractiveness to potential subscribers by having a lot of peering arrangements or ENUM lookups. Right now there are relatively few VoIP numbers out there…but that will only grow.

Conclusion

So, to summarise, it is possible to maximise the number of free VoIP calls you can make, but you just need to do a little groundwork first.

• Check your contacts. If most of your potential VoIP-enabled contacts are Skype users, then use Skype to call them. If they have SIP facilities, then implement a SIP solution.
• Start small. The world of VoIP is still low on the growth curve and thus is changing constantly. So right now it makes little sense (unless you’re a large business) to implement a costly solution. Keep it simple for now.
• Plan for growth. Having said “Keep it simple”, you should also factor in likely growth. Not so applicable for domestic solutions, but for a growing business you might want to think twice about putting a Skype handset on every desk.
• Ask for advice. There are a lot of open source solutions (such as Asterisk) in the VoIP arena, and many people willing to offer advice. Be wary of the guys who shoehorn their ‘product’ into any scenario you can come up with, but keep an open mind.

OK, shameless plug time. If you are a growing business looking for help and advice on a VoIP solution, then please feel free to email or call. PSTN number is (UK) 01233 888240.

I blogged a few days ago about my initial impressions of Google Apps, saying that it looked promising as a free mail/calendar/web service aimed at small businesses and other groups (families, clubs, etc.). Certainly for our particular circumstances at home it promised to ease a bit of a headache, namely running a full-featured groupware platform in a VMWare virtual machine merely to provide mail and calendar services to family members, all on a home PC.

Well, a few days in and there have been no real hiccups so far. Changing the MX and CNAME records to point at Google’s servers was pretty simple, and all changes took effect within an hour. Installing and configuring Thunderbird was pretty painless too, and the simple user interface provided no issues to my Outlook-familiar wife or my 7-year-old daughter ! A nce feature of the Google service is the ability to set up friendly URL’s for the services (e.g. http://mail.domain.com or http://calendar.domain.com)

The only real potential gotcha I have so far encountered happened just now. Google mail has quite a good spam collector built in (on another Gmail account I have reached the point where I rarely bother to check it so confident I am that there will be any false positives), and in logging into the web interface I saw that it had already captured one spam item, which turned out to be quite an important email. Turning spam filtering off is an option, but I think it would be best to monitor the web account for a while until it ‘learns’ what is and isn’t spam to us.

Another success was setting up IMAP access to our old mail accounts (on the Domino server). Took a little bit of fiddling in Domino to make sure each mail database was set up for IMAP access properly, but once done I was able to drag and drop emails and folders to ensure all the mail I wanted to keep was now in Thunderbird. This was so successful that I can see Domino being decommissioned sooner rather than later. Or at the very least being left off by default and only being fired up if an old email needs to be searched for.

One previous facility that I have not yet reproduced, though, is synchronisation of my contacts and calendar between PDA and PC. I was using Laplink PDASync to synchronise Domino and my Palm Lifedrive, which worked very well. I have not yet been able to find a product that will sync the Palm with Thunderbird 2.0 although there does appear to be a product for Thunderbird 1.5 which will hopefully be updated soon. Exporting contacts to CSV seems to lose a lot of the nice information…and using vCards would require them being exported one by one ! The search continues on that one.

I came across a link to Google Apps the other day and it certainly intrigued me. Why ? Well, I have been running Lotus Domino as my personal mail server for some time now, primarily on the basis that I have many years experience with Domino, and it offers both a decent mail client (OK, Notes has it’s idiosyncrasies, but I am very familiar with it and can make it work the way I want) and the ability for me to check my mail online using Domino Web Access (DWA). This all happens in a VMWare-based virtual linux server (specifically Fedora Core 4) running Domino 7 and using fetchmail to pull four family members’ personal mail into separate mail databases. It works, and works well, but it has a downside. Basically, no matter where I am, if I want to access my personal or work emails then this virtual server has to be up and running. And since this does not sit in a server farm somewhere, I can’t guarantee it will be available.

So when I saw Google Apps I thought that there may be an opportunity to replicate the important aspects of my current setup within a more stable environment with higher availability. Here’s how I see it working:

• Register the ‘family’ domain name with Google Apps, giving mail, calendar, chat and website for free.
• Change my MX and various CNAME records for the domain to point to Google.
• Install Thunderbird as the new mail client, pulling emails from Google using POP3.

And that’s about it. The big issue right now is how to migrate everything from Notes to Thunderbird, but I will probably use IMAP to give access to old emails for a month or two and not bother copying everything across. Sometimes these exercises are a good means of having a tidy up !

I’m not totally convinced that POP3 is the way to go, but Google mail does have a setting that archives emails once they have been downloaded, and I think that will be the best solution. I will blog more about this, but initially I think it’s a good solution. I am certainly looking forward to the point in time when the Fedora VM is only fired up occasionally rather than running all the time. It’s a bit of a resource hog on what is, after all, a family PC.

I have been having problems getting emailing of voicemail to work on my home Asterisk system….seems it’s due to the lack of an internal DNS server ! This article explains how to fix the problem.