Teleworking 2009 - Mac OS X Server

Teleworking 2009:
Mobility for the rest of us
PowerTools Session PJ
Dr. Bill Wiecking
[email protected]
1.
2.
3.
4.
5.
6.
Who are we? Case studies
Remote presence and access
Infrastructure: connectivity and security
Workflow and integration
Tools applications and gadgets
Whatʼs next?
Q&A - Users Conference
We are using Google Moderator to take questions for
this session.
1.
2.
3.
4.
5.
Go to http://tinyurl.com/5t55h2
Pick the topic that matches this session PowerTools
Sign in using a Google Account
User Name: macworldexpo09
Password: macworld09
Submit the questions you want to ask
!"#$%"&%"#'$()*%+,$)#-"&)%.",%/0&#%0&)/$($1
session PJ
• Case Studies
• Who are we?
• How we work, why and where
• Nature of data/workflow preview
• Best practices
• DEMO: SUBETHAEDIT
• SubEthaEdit
• Google Docs
• Remote presence/access
• Control
• Presence
• Collaboration
• Data Access
• Issues
• Control
• Timbuktu
• Apple Remote Desktop
• VNC
• LogMeIn
• others
• citrix
• DEMO: CONTROL
• Timbuktu
• Apple Remote Desktop
• VNC
• Presence
• Skype
• iChat AV (including jabber and vpn access)
• DEMO: PRESENCE
• skype
• iChat AV (inclucing jabber and vpn access)
• Collaboration (local and cloud based)
• Google docs
• Google apps
• SubEthaEdit
• Wikis
• Mac OSX Leopard Server wiki
• wetpaint
• mediawiki
• whiteboards
• hyperoffice
• ignyte
• DEMO: COLLABORATION (LOCAL AND CLOUD BASED)
• google docs
• google apps
• subethaedit
• wikis:
• wetpaint
• Mac OSX Leopard Server wiki
• mediawiki
• Data Access
• iDisk
• pdf servers
• Apple time capsule
• Apple Airport Extreme 2 USB
• Apple OSX server
• Sugar sync
• Airsharing (iPhone app)
• DEMO: DATA ACCESS
• iDisk
• pdf servers
• time capsule
• Airport Extreme 2 USB
• OSX server
• sugar sync
• airsharing
• Issues
• cloud based vs. local
• connection speed
• security
• Infrastructure
• overview
• connection types
• wired
• wireless
• 3G
• EDGE
• others
• Overview
• you as client
• you as roaming client
• you as host
• SOHO host
• host to guests
• sysadmin world
• Connection types
• wired
• wireless
• 3G
• EDGE
• Others
• Wired
• characteristics
• advantages/disadvantages
• issues
• speed
• reliability
• Wireless
• characteristics
• advantages/disadvantages
• issues
• speed
• reliability
• 3G
• characteristics
• advantages/disadvantages
• issues
• speed
• reliability
• EDGE
• characteristics
• advantages/disadvantages
• issues
• speed
• reliability
• Others
• WiMax
• EV-DO
• HSPA
• DEMOS
• speedtest.dslreports.com
• IPNetMonitor
• Net utility
• terminal
• iNetwork test (iPhone app)
• Focus: Wireless
• ubiquitous
• user configuration issues
• 802.11 varieties
• 802.11a (54 mb/s, ~5 gHz)
• 802.11b (11 mb/s, 2.4 gHz)
• 802.11g (54 mb/s, 2.4 gHz))
• 802.11n (MIMO, ~72 mb/s, 2.4 and 5 gHz)
• 802.11i (security suite)
• 802.11s (mesh networking)
• Legacy stuff:
• 802.11 (1-2 mb/s, 900 mHz = 0.9 gHz)
• Interference
• Logical (channelized, Access points, tunnels, ad hoc networks)
• Physical (non-channelized, select or broad spectrum)
• Logical
• channelized
• channel overlap (stomping)
• Access points
• Ad Hoc networks
• tunnels (point to point)
• DEMOS
• iStumbler
• coconut wireless
• ctrl-click AP window
• war walking
• Physical
• phones
• microwave ovens
• radar detectors
• any ISM device
• CF bulbs (older)
• non-channelized, so does not show up on stumblers
• only indicator is high noise, low speed (see SNR)
• may be specific spectra or broad spectrum
• “How many times in the past have they stood between me and my dreams of
glory? How many times hae the foiled my plans with their bungling
interference?”
-Fearless Leader, The Adventures of Rocky and Bullwinkle
• DEMOS
• eakiu/wispy
• kismac
• war walking
• Hosting issues
• Channel allocation
• Always use both an active stumbler (iStumbler) and a passive scanner
(Kismac)
• Poaching
• Endemic issue, HW ACL or WPA2 are good stop-gap measures
• Roaming
• Bridge APs, set DHCP server on LAN segment, name all networks
same
• Client issues
• WPA2
• Good security, password based, some client config needed. Controls
access to network
• VPN
• Controls content on the network, not access. Makes a secure encrypted
tunnel between your client and the server on the other end.
• Solutions
• Roaming setup for multiple APs
• PPP server using AE
• Client setups as download files
• Access control methods (HW ACL and RADIUS, see below)
• DEMOS
• iStumbler
• coconut wireless
• eakiu/wispy
• kismac
• ctrl-click AP window
• war walking
• Security
• Who is the threat?
• From how far away?
• How will I know?
• Various scenarios
• Home
• SOHO
• Campus K-12
• Campus higher ed
• Enterprise
• Levels of threat
• Passive users
• Usually after access to resources (e.g. connection)
• Determined users
• May be after access to resources (e.g. connection)
• Usually after access to data
• In some cases, to access and alter your data (data replacement)
• Intruder profiles
• Opportunistic
• Your neighbor, the black volvo parked near my house
• Script kiddies
• Opportunistic, “morally flexible”
• Industrial
• Well funded, covert, sometimes talented, legal ramifications if caught
• Military/governmental
• Extremely well funded, team efforts, international, very talented
• Methods
• Packet sniffing/data collection (Interarchy, IP Net Monitor, TCP dump)
• Network access required
• Data often in clear text
• Great VPN demo for your team
• Kismac wireless capture
• No need to gain access to network (“promiscuous mode”)
• Data in clear text, saved as PCAP files
• Encrypted data can be saved for later decrypting
• DEMOS
• Interarchy
• IPNet Monitor
• TCP Dump
• KisMac
• Solutions
• Access control
• Data Security
• Access control
• Hardware Access Control Lists (HW ACL)
• WPA2 (CCK and TKIP)
• HW ACL
• Benefits/drawbacks
• “Timed access” on Apple Airport Extreme configuration utility
• RADIUS
• Elektron vs. Leopard Server
• DEMOS
• Elektron
• Airport Extreme HW ACL list configuration
• Leopard Server RADIUS configuration
• WPA2
• Benefits/drawbacks
• WPA (1) cracked, 11.6.2008
• WPA2 personal (local) vs. enterprise (server)
• Others, now defunct:
• WEP
• DEMOS
• WPA2 setup on client
• WPA2 setup on Apple Airport Extreme (personal and enterprise)
• Data security
• 802.11i
• See also Apple OSX Leopard Server
• VPN
• Fast, easy, transparent
• Included in Tiger, Leopard servers
• 802.11i
• Access control bits
• Content integrity bits
• Can be managed by Leopard Server
• VPN
• Encrypted data
• Secure tunnels into organization
• Can be used to share content filtering (e.g. schools)
• DEMOS
• VPN setup on Tiger and Leopard Server
• VPN setup on client
• VPN packet sniffing example
• Cool tricks
• Reverse VPN for remote help calls
• Instant iChatAV through firewalls
• Secure data transfer
• Content filtering via host list
• Saving vpn config file for http download
• Special issues
• Rogue access points
• Detection using WiSpy remote
• Detection using RADIUS on wired LAN
• Log analysis, syslogd
• CyberGauge SNMP monitoring
• DEMOS
• TCPDUMP with wireless sharing enabled, iPhone sniffing
• Interarchy (v. 8.5.4) Net mode
• RADIUS
• Elektron
• Leopard Server
• Workflow/Integration: iPhone, laptop, desktop
• iPhone
• Nature of data
• Connection
• Laptop
• Desktop
• iPhone
• most mobile, reads/generates data (calls, emails, manual entry)
• connects via GPRS/EDGE/WiFi/USB
• sync data:
• USB to laptop/desktop (future bluetooth?)
• over wifi/edge/gprs (gigabit wireless soon?)
• Nature of data:
• phone calls
• addresses/photos of contacts
• calendar (read, input, edit)
• mail (see data detectors)
• data detectors on laptop side, populates address book, contacts lists
• sms conversations
• bookmarks
• photos (captured, stored, played, emailed)
• music, playlists
• maps/GPS tagged info
• data from office (sync: me.com, iDisk, sugar sync)
• apps (from app store, from master computer)
• Laptop
• wireless access is assumed
• camera is assumed
• Nature of data:
• email
• messages
• contacts
• contacts (from email, address book)
• bookmarks
• iCal events
• Desktop
• network access assumed
• camera possible
• may be mac or PC
• Nature of data:
• email
• messages
• contacts
• contacts (from email, address book)
• bookmarks
• iCal events
• may be linked to server (see below)
• iPhone apps
• Apps store: 2 way setup (to/from phone)
• Organizing the apps (like the bookmarks window on safari)
• DEMO: NINE ESSENTIAL APPS
• Note2self
• SpeakEasy
• Voice dialer
• Jott
• Sugarsync
• VNC
• Mobile news
• Dial Zero
• Air sharing
• Streaming media
• KQED online news
• Pandora
• mobile news
• ambience
• MPR
• DEMOS
• MPR
• Access
• Voice dialer
• Note2self
• Voice record
• Jott
• Sugar Sync
• DEMOS
• Note2self
• GPS enabled
• Distance
• Tape measure
• G spot
• Remote control/presence
• Remote
• Jaadu VNC
• Touch term
• INCO
• DEMOS
• Jaadu VNC
• INCO
• Data collection
• Signal scope
• Sound meter
• G force
• Tools
• Flashlight
• Starmap
• iConvert
• Molecules
• Network
• iNetwork test
• Pingamajig
• TCPinger
• Telnet
• Easy wifi
• TouchTerm
• DEMOS
• iNetwork test
• Pingamajig
• Easy wifi
• Phone helpers
• Dial zero
• CSV search
• Setup at the office/home
• Connection
• Settings
• Connection: iPhone to desktop/laptop: cradle/cable
• USB cables to get/carry
• MobileMe as a virtual drive/translator
• Computer settings
• iTunes settings
• Sync settings
• Sync options: mobileMe or local
• Benefits/drawbacks
• Syncing apps-options
• No way to test apps except on phone, so computer becomes
repository for all apps, purchased or just downloaded
• iPhoto sync (slow)
• Setup on the road
• Getting connected
• EDGE issues
• WiFi issues
• Getting connected
• EDGE issues
• WiFi issues
• Other options
• EDGE issues
• From the field
• For the office end
• Sysadmin issues
• Email issues
• VPN solutions
• WiFi issues
• Security
• Sniffing iPhone WiFi traffic using your laptop in shared mode
• Using open access points
• Whatʼs secure, whatʼs not
• Extending coverage for roaming users
• RADIUS and HW ACL control issues
• DEMOS
• Sniffing iPhone traffic using TCPdump and Airport Sharing
• Other options
• SugarSync
• PhoneView
• iPhone configuration utility
• Other servers
• Sugar Sync (iPhone app, computer app, phantom mirror)
• Downloading from the cloud
• Sending from the iPhone
• Sending from your computer
• Web access/sharing of documents from computer or phone
• PhoneView
• Call log/history view and export
• Notes
• SMS conversations view/export
• Use iPhone as a jump drive
• iPhone Configuration Utility/Web utility
• XML files
• Create, maintain sign config profiles
• VPN configurations (“payloads”)
• WiFi configurations (“payloads”)
• Cisco config payloads
• Track and install provisioning profiles and authorized apps
• Capture device information, including console logs
• Excellent for diagnosing devices on your wLAN, problems with the
phone
• See the Enterprise Deployment Guide from Apple
• Web utility does many more things via a web browser port 3000
• DEMO: SUGAR SYNC, PHONEVIEW AND IPHONE CONFIGURATION UTILITY
• SugarSync
• PhoneView
• iPhone configuration utility
• Other servers
• MacOSX server
• PDF repository
• VPN connectivity
• INCO monitoring
• VNC and Timbuktu
• LDAP contacts repository
• iCal server
• Central iPhone config repository
• apps
• contacts
• user logs
• What you can do with this setup, and how to do it
• Mail workflow
• iCal workflow
• Safari workflow
• Data workflow
• GPS enabled camera workflow
• Mail workflow
• Computer to iPhone
• Data detectors
• What mail harvests, how to check it
• Push/pull whatʼs the difference?
• iPhone to computer
• Duplicate data
• Hints
• Using MobileMe to sync mail accounts
• Best practices
• Clean data is good data
• iCal workflow
• Computer to iPhone
• Which calendars to sync
• Using MobilMe to sync data
• iPhone to computer
• Modified events go where?
• Hints
• Keep a discrete calendar for iPhone
• Best practices
• Keeping it clean
• Safari workflow
• Computer to iPhone
• Show all bookmarks, clean with folders
• iPhone to computer
• Back-migrating bookmarks
• Hints
• Bookmarks as app windows
• Best practices
• Keeping it clean
• Data workflow
• Computer to iPhone
• pdf documents
• Sugar sync
• iDisk
• iPhone to computer
• Usually as a reader
• Email attachments
• Hints
• Keep mobile docs small, easy to read
• Best practices
• Screen inversion
• Bookmarked data as app windows
• GPS enabled camera workflow
• Using Jet Photo, GPS tagged photos can create google maps, others
• May be imbedded into iPhoto eventually (technically reasonable)
• iPhone/iPod Touch/inactivated 2.5G iPhones
• iPhone config utility
• PhoneView
• Best practices
• Two kinds of users: those who have lost data, those who are about to
• Backup to laptop/desktop, then to time machine (backs up iPhone data)
• Sync (push/pull)
• DEMO: GPS ENABLED CAMERA WORKFLOW
• JetPhoto GPS to photo integration
• Where can we go from here?
• MobileMe as document sync
• Connectivity upgrades
• GPRS/EDGE faster, more ubiquitous
• Gigabit wifi
• USB to bluetooth
• Physically installed
• Just needs to be activated
• Security issues
• iWork as web 2.0 mobile documents
• Create/edit from the iPhone
• Using cloud (.Me account) these could be in constant state of refresh
(see Sugar sync)
• Tools/apps and gadgets
• Power
• Headsets
• Cameras
• Bus adapters
• Data
• Road Warrior toolkit
• Power
• Laptop batteries
• Coconut battery app
• Extended batteries
• iPhone batteries
• Clip-on
• External
• Solar
• Power on the road
• Car/boat
• Air
• Solar
• DEMOS
• Coconut Battery
• Headsets
• Bluetooth
• Plantronics
• USB
• Plantronics
• Cameras
• Built-in apple camera
• iGlasses add-on
• USB cameras
• Logitech
• Firewire cameras
• Apple legacy iSight camera
• DEMOS
• iGlasses for VTC
• Bus adapters
• CardBus
• Photo card reader
• Gigabit ethernet extender
• PCMCIA
• Wireless adapters
• Ethernet adapters
• USB
• SD Readers
• Wireless scanners (use with Kismac)
• Wireless physical scanners (use with WiSpy)
• Data
• USB flash/jump drives
• USB HD
• Powered
• iPhone
• Firewire HD
• 400
• 800
• Gen 1 iPods
• Connectivity
• USB powered amplifiers/antennas
• DEMO: CONNECTIVITY
• USB powered amplifiers/antennas
• RoadWarrior toolkit
• Presentation tools
• Hotel/road tools
• Demos
• Presentation tools
• Remotes
• Storage
• Power
• Hotel/road tools
• Antennas/amps
• Power strip
• Headphones
• Earbuds
• NC headphones
• DEMOS:
• Keyspan remote
• Whatʼs next
• Connectivity
• Bluetooth integration
• Storage
• Web apps
• Netbooks
• AV integration
• Connectivity
• 4G
• 802.11x (gigabit wireless?)
• 802.11n in iPhone (including MIMO)
• Bluetooth integration
• Cable free operation, iTunes, iPhoto, sync
• BT GPS export to laptops
• Storage
• NAS networks (home, office, cloud storage)
• WebApps
• iWork suite as a web app?
• Netbooks
• Theirs, ours?
• AV integration
• AppleTV v.2?
• Apple brand flat panel TV?
• RESOURCES
• wireless.kamuela.org
• Dr. Bill Wiecking: [email protected]
• Online texts: Take Control Books
• Non-volatile storage media:
• Peachpit Press
• Pogue Press
• OʼReilly Press (the ones with the cute animals on the cover)
• APPLICATIONS
• Subethaedit
• Firefox
• Safari
• iPhone configuration application
• Skype
• iChat AV
• Timbuktu
• Apple Remote Desktop
• Chicken of the VNC
• Wi-Spy
• PhoneView
• IP Net Monitor
• Terminal
• iStumbler
• Kismac
• Elektron
• Interarchy (old version)
• Coconut wireless
• SugarSync
• iGlasses
• IPHONE APPS
• Easy Wi-Fi
• iNetwork test
• INCO
• Air Sharing
• Direct Line
• Dial Zero
• iTalk recorder
• Note2Self
• Jaadu VNC
• PingA Majig
• Ping
• Whatʼs goin down
• TCPinger
• Telnet
• SugarSync
• Speech Cloud Voice Dialer
• Jott for iPhone
• Fring
• Flight Tracker
E,8-",/*#D%((',-#?$%(%-)/)',-(
0))12334/+1$%(567(0,8-%)(7-%)
!""#$%&'()%$%*#+,-.%$%-+%#/))%-*%%(#+/-#&,#),#
0))12334/+1$%(567(0,8-%)(7-%)#),#/++%((#)0%#
1$%(%-)/)',-(#.,$#(%((',-(#)0%9#8/-)#),#*,8-",/*7#
:/+0#+,-.%$%-+%#1$,&$/4#8'""#0/;%#/#.,"*%$<#8')0#)0%#
+,$$%(1,-*'-&#1$%(%-)/)',-(#'-+"=*%*#)0/)#(1%/>%$(#
0/;%#1,()%*7#?"%/(%#$%.%$#),#)0%#('&-#,=)('*%#)0%#
+,-.%$%-+%#$,,4#'.#9,=#-%%*#'-.,$4/)',-#/@,=)#)0%#
A,-.%$%-+%#B/4%#C#D%((',-#B=4@%$7
Fin
Notes:
• Intermapper for remote network admin, works for monitoring teleworkers as well
What's missing? bluetooth sync, bluetooth GPS to laptop, geolocation on iphoto, 802.11n (not just throughput, but MIMO). Maybe already physically installed, just need to be activated (all of
these are possible now with current HW).
option-click airport menu to get more info
Method 0: Plain SMS -- You can send SMS from a phone. 500 SMS messages are included "free" with the standard AT&T data plan for the original (EDGE) iPhone. For the new
iPhone 3G, the base data plan doesn't include any SMS messages. You can pay $5 per month for 200 messages, $15 for 1,500 messages, or $20 for an unlimited number of
messages. Or, if you don't plan on sending and receiving more than 25 SMS messages in a month, you can pay $0.20 per message by not signing up for any plan.
Astronomically expensive!
Method 1: AIM-to-SMS Gateway -- For computer users, Jeff's method is fine - AOL's AIM-to-SMS gateway works consistently. My issues were with the iPhone AIM client. On
the Mac, iChat and AOL's Mac client are reliable, and another iPhone client using AOL's IM service would presumably have been fine. This morning, in a quick search for "AIM"
in the iPhone App Store, I found 5 chat clients that claim AIM compatibility. But I barely use instant messaging since I started using Twitter, so determining if they work more
reliably than the iPhone AIM client is left as an exercise to the reader.
Method 2: Email-to-SMS Gateways -- My favorite way to send SMS messages to iPhone-using friends is via email from either my Mac or my iPhone to their 10-digit cellular
number @txt.att.net. txt.att.net is AT&T's email-to-SMS gateway; it generates an SMS message that looks something like an email message, with minimal 'FRM' & 'SUBJ'
headers adapted from the original message, and forwards that as an SMS message to the specified 10-digit cell phone number. Longer email messages are broken into
multiple SMS messages. Now that I realize my iPhone 3G-using recipients pay for incoming SMS messages (including gatewayed spam!), I'll probably use this approach less,
and avoid long messages which would be fragmented and thus charged as multiple SMS messages.
Email-generated SMS messages are easy to recognize - they come from strange-looking phone numbers, like "1 (010) 100-010" for the 10th message I received from the
gateway.
Unfortunately, these gateways are generally specific to individual carriers - AT&T's gateway works only for AT&T subscribers. Teleflip used to offer such a multi-carrier
service, but the company has gone bankrupt. Notepage offers a long list of gateways. If you're not sure which gateway to use, try sending an SMS message from your phone
to your email address (which will likely entail an SMS charge on the cellular bill) - the email should show a valid return address at the appropriate SMS gateway. Some SMS
programs allow this, while others accept only phone numbers as recipients.
Method 3: SMS Web Pages -- Many cellular carriers, including Verizon Wireless and Sprint, offer public Web pages for sending SMS messages to their subscribers. In
contrast, AT&T's page is available only to logged-in AT&T customers, although hopefully that means it can reach any SMS number. I am not aware of a Web page which
enables non-AT&T subscribers to send text messages to AT&T subscribers.
Method 4: SMS Applications & Widgets -- There are a variety of applications and Dashboard widgets that you can use on a full-fledged computer to send SMS messages.
Many of these charge the sender, although they appear to operate across cellular carriers. I suspect they use commercial gateways which have the same access to cellular
providers as other providers, but nobody except AOL appears to do this for free.
Method 5: Mobile Phone Under External Control -- Additionally, several Mac programs exist that can instruct a mobile phone to send SMS messages, generally via
Bluetooth or USB. The VersionTracker link immediately above lists a few. Obviously, there's no difference in price when using this method, but it may be easier to type out a
message on a real computer keyboard.
MMS: Multimedia Messaging Service -- In addition to SMS for short text messages, MMS enables mobile phone users to send one another pictures and short videos. The
iPhone lacks MMS support, although Mail is perfectly suitable for sending attachments to an MMS gateway, if you'd like to reach a non-iPhone cell phone that does support
MMS. Messages sent to iPhone cellular numbers via @mms.att.net are silently dropped.
SMS messaging may not be used in the United States to the extent it is elsewhere, but I hope these resources make it a bit easier - and cheaper - to stay in touch with friends
and family.