IT

With over 10 years of experience working with Mac, PC, and Linux workstations, I find it in my nature to help colleagues and friends with tech support, and more recently as the IT Administrator at First Baptist Church Edmonton.

FBC Edmonton

Beginning in Fall 2010, a multi-phase upgrade of all of FBC’s IT systems was initiated. Four phases of development were established and completed by January 2011. Below is an adaptation of the final report from January 2011, overviewing work performed in partnership with Kevin Lau of AHTR Networks. Recent additions include expansion of wireless coverage area, and implementation of remote network monitoring of security cameras.

1 Network Infrastructure

1.1 Wired Networking
An important part of the upgrade was the wired infrastructure. New CAT5e network cable was installed in all upstairs and downstairs offices, as well as lounge areas as permissible. New wired infrastructure ensures:

As part of the consultation process with AHTR Networks (Kevin Lau) it was determined that 3/4” EMT Conduit would be the most effective way of delivering cabling to all locations. By using conduit, the need to run cabling inside walls was avoided, which were found to be very thick and dense. Other benefits of using conduit included the simplicity of painting as expressed by Debbie Mitchell, and also permits future expansion of low voltage telecom wiring (ethernet, telephone, security system, etc).

Wired networking is now available in all staff offices, as well as the Parlour and the new Youth Room. Network connectivity has also been run to two new Wireless Access Points as described in Section 1.2, as well as at the Norstar phone system for simplified phone system administration. The ADSL modem has been relocated to this location to reduce ADSL signal loss in the telephone line.

1.2 Wireless
The FBCE wireless network is currently being used by members of staff for Internet, printing, and server access, but the access code has also spread to members of the church and outside groups who visit the church regularly. It is a serious security risk to have casual users share access to private network resources with staff.

Commodity wireless hardware was used with custom firmware to allow for multi-network operation from a single device.

For this reason, it was decided that a secondary “Public” Internet-only wireless network should be created to ensure security of the private network, while still allowing Internet access to patrons who have become accustomed to it.

Two new D-Link DIR-615 8011n access points were purchased, and custom firmware was installed to allow them to simultaneously serve both FBC-Staff and FBC-Public networks. One was installed upstairs in the West hallway, and another downstairs outside Karen’s Office, where it serves Jubilee Hall and classrooms. At $50/Access Point, this $100 investment has significantly increased wireless coverage area, and has also created a designated public network for church patrons.

The existing FBCE network will remain in operation until the transition is completed. A public campaign will begin in January to inform users on which network to use, and how to obtain access.

1.3 Internet Access & Routing
One of the first tasks completed was to replace the aging D-Link Internet Gateway with a dedicated Dell Dimension PC with FreeBSD-based pfSense firewall/routing software installed. This allows the administrator to monitor network user status, diagnose network traffic, and create sophisticated firewall access rules. VPN access is also provided through this machine to allow staff to work on files from home. The capability to centrally manage public wireless users is also included in this machine.
Analysis of the incumbent ISP, Uniserve, is ongoing. The connection is stable, but the 3.0Mbps/ 0.5Mbps download/upload speeds are below average. Univerve’s pricing remains competitive when compared to other business Internet options from TELUS and Shaw, thus the plan is to upgrade to the 6.0Mbps tier as soon as possible. Once we have cancelled our inactive web hosting service, there will be no net increase in cost to the church for this higher tiered service. Upgrade is scheduled to occur at the beginning of February 2011.

2 Server Upgrades

2.1 Network Attached Storage/File Space
As a replacement to the existing Microsoft Small Business Server, a D-Link DNS-323 Network Attached Storage device was purchased, along with two 500GB hard drives. The drives are run in a RAID 1 configuration, which means that all data is stored twice, once on each drive.

Server rack being implemented with DNS-323 NAS, Gigabit Switch, and pfsense-based router. Courtesy Kevin Lau

By doing this, data is still accessible if one drive fails, and work can continue until it can be replaced and rebuilt. Since hard drive failure is by far the most common type of data failure, this will be very effective at protecting the church from data loss.
In addition to the redundancy provided by the DNS-323, performance is significantly improved with tests showing read/write speeds 2-5x faster than the previous setup. Reliability is also improved, as the DNS-323 is resistant to operating system-related crashes and failures.

In conjunction with the roll out of the DNS-323, personal file space has been provided for each staff member to store personal files in a separate file share. Previously, ‘ChurchData’ was the only network share provided to staff, which was visible to all users.

2.2 Gigabit Switch
In planning for the network upgrade, it was determined that a new gigabit network switch would provide better value and improvement to the church’s systems than a UPS Battery backup system that was proposed initially (See Section 2.3 – Power/UPS for details). A D-Link DGS-1024D Gigabit Switch was installed, equipped with 8 more ports than the previous 3Com switch. This will ensure future expandability of new workstations, servers, and devices (security cameras, telecom devices, etc.).

As the backbone of the entire network, the switch provides 10x the bandwidth of the previous model, and is up-to-date with modern standards. It ensures that all workstations including the MacBooks in use by some staff are connecting at the fastest possible rate.

2.3 Power/UPS
In reviewing archived IT and telecom documentation, it was discovered that when TELUS installed a new phone system in 2008, a $500 APC UPS was specified on the parts sheet that remains unaccounted for. The device does not appear to have ever been installed in the church, and an investigation into why it was not received is ongoing.
The possibility of a UPS being supplied by TELUS affected the decision to purchase a Gigabit Switch in its place.

2.4 Remote Backup
Remote backup of the entire NAS device is performed incrementally on a nightly basis to jole.ca technical services HQ to a dedicated backup drive. An encrypted VPN connection is established for this transfer.

These backups will ensure that in the event of catastrophic loss, a copy of all files will be available off-site.

Continued backup services will be provided free of charge as part of any service plan with jole.ca technical services.

3 Email System

3.1 Google Apps
The pre-existing email system that was setup with MercMail Inc. had proven unsatisfactory for use by most of the staff. Problems included:

Transitioning to Google saved FBC $450/year

To solve these problems, the transition to Google Apps for Your Domain was completed. Google Apps provides GMail-like email accounts for addresses@fbcedmonton.ca. As a bonus, Google Apps is free for less than 50 accounts, has mobile sync support, and adds great calendaring support. This also represents a savings of more than $450/year. The move occurred on January 14, 2011, and some staff transitioning is still under way.

3.2 Temporary Work
While preparing for the transition to Google Apps, assistance was provided to some staff in forwarding their email to a personal email account. A recovery tool was also purchased to transfer email out of Ryan’s Outlook account, which was misconfigured as a Microsoft Exchange account. When misconfigured as Microsoft Exchange, data cannot be exported without this tool.

3.3 Timeline
The MercMail service contract is up for renewal at the end of January 2011. The goal was to have email accounts transitioned to Google Apps before this time, so that the contract may expire gracefully. Cancellation will occur as scheduled at the end of January 2011.

4 Security & Software Check

4.1 Anti-Malware
The Anti-Malware software of choice is Microsoft Security Essentials. MSE is free for personal and small business use, and provides sufficient protection for workstation PCs. Any pre-existing anti- malware software is being removed in favor of MSE, which self-updates on a regular basis.

4.2 Software Patches
Software updates are being rolled out on an ongoing basis, as workstations are being serviced and updated.

5 Workstations & Further Tasks
The following tasks were not part of the original FBC Upgrade Plan, but are being explored as part of ongoing IT maintenance work.

5.1 Workstations
In an effort to accommodate staff requests and preferences, some staff have chosen to bring their own personal computers to use on the FBC Network. They have been configured to access network and printer services, and will be maintained under the the FBC servicing umbrella.

5.2 Printing & Scanning

Research into using the church’s Canon iR5000 photocopier as a print and scanning device has been completed. Between online research, contact with our service rep and Canon technicians, the following conclusions were reached.

AirPrint was added sans-Apple in May 2011 to allow staff to print via iPhone, iPad, or iPod Touch devices

In order to enable printing, an additional hardware board must be installed, along with a full software upgrade. The part is not available for order from Canon due to the age of the machine, and installation of a part obtained from a 3rd party would not be supported under our service contract.

Our model only supports “pull” scanning (contingent upon a software upgrade), which ties up the photocopier while in use. It is a low-resolution black and white scanner, which would not be of great use.

While it is theoretically possible for our photocopier to print, our first-generation model was designed to be a photocopier only, despite the hardware buttons for printing/scanning on the front. Pursuing the additional hardware board and software upgrade would be in the range of $1000-1500 including labour, which is not cost-effective. Rather, printing and scanning features should be considered carefully when purchasing/leasing our next photocopier.

For now and the foreseeable future, printing is provided through the HP 1030n network printer in the Main Office, and scanning to be performed through the Reception PC via the Lexmark Multi Function device.

5.3 Sound Booth
The Sound Booth PC is used to record and upload church services and sermons on a weekly basis, and also uploads the sermons directly to the fbcedmonton.ca website and for distribution on iTunes. It is currently connected via wireless, but a wired ethernet run is in the works. This will allow audio recordings to be stored efficiently on the NAS storage, simplifying the distribution of church services on CD to shut-ins.

5.4 Video conference workstation
In an effort to repurpose some of the older PCs that were replaced by the personal staff MacBooks, a PC may be installed with the LCD TV in the parlor for video playback, web browsing, presentations, and the possibility of video conferencing.

5.5 Public access/youth workstation
A second PC may be deployed in the Youth room for Internet access or video playback with their new LCD TV.

5.5 Website
The fbcedmonton.ca website has been maintained on a volunteer basis by jole.ca technical services for the past 4 years. Hosting (including domain registration and server hosting fees), maintenance, training, and podcast integration will continue to be provided free of charge as part of any potential service plan with jole.ca technical services. Any redesigns or new initiatives would be outside the scope of the service plan.

 

Other Clients

Personal tech support is provided on a personal basis to a variety of clients in various sectors and industries, including land development and non-profit.

For more information on rates and services, please contact Joel directly.

Share

Updated: June 13, 2011