Kerberos and UDP

Unless you have been in the trenches with Kerberos, you may not be aware that Windows 2003 and XP use Kerberos via UDP by default. By far the biggest implication of this is that if authentication packets get fragmented (usually happens when traversing a wan), the UDP packets are not retransmitted. This can cause delays when logging in, or during the login process. I have seen this at enough companies now to wonder why this is the default. In some cases the login process can take up to 15 minutes at a remote site connected by a VPN over an idle T1. Once Kerberos is forced to use TCP, the problem is resolved. One can only hope this is one of the changes in Vista/Windows Server 2008, or give it a changeable option in group policy. As it stands now it is only changeable as a registry key change, and if you want to change is using group policy you must create a custom Administrative Template and the policy is not fully manageable (it is treated more like a preference.) For more info on the Kerberos vs. TCP/UDP:

http://support.microsoft.com/kb/244474

Sendio I.C.E. box

No, this has nothing to do with Immigration and Customs Enforcement, it is the new anti-spam solution from Sendio. The idea is pretty ingenious. When you send an email to my company, the I.C.E. box replies asking you to verify yourself. What spammer will actually try to verify their spam? This way only legitimate email gets verified. I still haven't figured out how automated email systems will work with this scenario (I know you can add whitelist entries to workaround, but seems a hassle) and the only other problem is explaining to end user's recipients why they have to verify themselves. I can see some emails never making it through this way.

http://www.sendio.com/

Cisco 1861 Router

I got excited when I saw this released...a SMB focused ISR that is obviously based on the UC500. That is I was excited until I saw the list of UNSUPPORTED WICs and VICs:

http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd806c4dce.html

No VICs supported at all to be exact. Especially the VIC2-1MFT (PRI/voice T1 interface). This means that if you have an IVAD product (integrated voice and data) from your carrier, you more than likely have a PRI handoff with 8-12 channels and you will not be able to use the 1861. Bummer.

Next Certification: Cisco's CCVP

Ok, I'm not just starting this cert, but I need to post about it since it doesn't get much press these days. In case you haven't heard of it, the CCVP (Cisco Certified Voice Professional) is Cisco's VoIP professional level cert. It's a step above CCNA, and is on the same level as CCNP. Do a search on job boards and you'll find that very few people are asking about this cert right now, but that will change soon as more people roll out Cisco VoIP.

OK, here's a breakdown of what is required:
-Valid CCNA (You should have passed this in the past three years)
-Pass 5 exams listed below
--CVOICE (standard VoIP technology)
--CIPT (Callmanager exam)
--IPTT (Troubleshooting exam)
--QoS (QoS, hardest exam for me so far)
--GWGK (Gateway/Gatekeeper exam - lots of PSTN and integration stuff)

So far I have passed all but the GWGK exam, but I should be attempting that soon. We shall see how that goes...

VMware Lab Manager

So, I'm working on a project that involved VMware Lab Manager. I was shocked at first on the cost of the Lab Manager Server ($15,000) and that doesn't include the agents (required for each ESX host) and of course the ESX hosts. But on my first meeting with the client, I became aware of the HUGE benefit that they stand to gain from this product. They will certainly save that and more over the next year in saved provisioning time and time in QA. I'm not much on the software development side, but the benefit was plain to see. Downsides? No Vmotion or HA, but it seems that you probably wouldn't want that for your testing environment anyway.