Lukas Beeler's IT Blog

Disclaimer: I work for DATALINE AG, which sells the ERP Software DIAS-iS. This isn’t a unbiased review, but more of my insights into this market.

As soon as a small business has more than one or two people, there comes a need for professional management of business resources. This includes bookkeeping, management of projects, management of orders, articles on stock, etc. pp. To do this, you will need an ERP software.

Let’s start with the cold reality – ERP software, if you want good, well integrated, well documented and well developed solution is expensive. More expensive than a good server. There’s also cheaper software available, but they’re not really meant for small business use, instead oriented towards clubs and one-man-shops.

The market for ERP software is very, very big. There are many software packages to choose from, and even multiple companies offering the same packages.

If you are doing IT in your small business, it is very important that you are not the one choosing the ERP software – while this may be the usual case for choosing infrastructure products like server OS, groupware, etc., this approach shouldn’t be used when choosing an ERP software. Instead, get the people involved which will be using the software, and get them to write appropriate functional specifications.

In general, these are the steps you’re going to take:

• Writing functional specifications for the software itself
• Writing technical specifications or requirements
• Evaluate products by list of features (on your own or with a consultant)
• Refining your specifications
• Evaluating products (together with their vendors)
• Refining your specifications
• Choosing a partner for implementing the software

Functional specifications for the software

It’s very important that you have very clearly laid out requests of functionality. In german, this is called a “Pflichtenheft”. Never buy ERP software without having written a “Pflichtenheft” or functional specification before buying software or talking to a vendor. This can be a preliminary version which you can refine later together with a vendor.

You need to know what you want, before you go shopping. If you’re a normal small business, with few established processes, most standard software available on the market should work fine for you. Maybe a little bit of customizing is needed in order to get everything fitted to your processes, but this is normal.

Technical specifications

The technical side with ERP software is different, and there are many ways leading to the target. Software can come web based, logic in client, logic in server, using Java, using VB6, using a combination of their own client server technology, etc. There’s also a big question on how to integrate the software into other technology your using – the mostly interesting candidate here is Microsoft Office.

Our Software DIAS-iS offers a very nice suite of macros to integrate Office into the software called OSP. It’s also based on a lightweight client, which allows to upgrade most of the functionality in one place, and having no business logic in the client itself – we call this technology the DIAS-iS Network Client. Due to the nature of this protocol, it’s very easy to use DIAS-iS over WAN connections, since one screen just needs one roundtrip.

If you have some Linux or Mac machines, it’s very important to have a multiplatform client available. For this, we offer Java Client. Please note that due to the implementation of DIAS-iS, with all the business logic on the server, the functionality of the DIAS-iS Java Client and the DIAS-iS Network is almost identical. This allows you to choose your client platform at will.

We also offer integration into a lot of other sectors, like Telephony, Point of Sale, Mobile data access and e-Commerce.

Our server platform is the IBM System i. If you don’t know the System i yet, i suggest you to read up on it. It’s a technically very nice platform, offering advanced features like a hardware hypervisor, well integrated systems management and other nice features. And if you can administrate a windows platform, you can also administrate a System i. (It’s always a good idea to know more than one platform anyway).

Evaluating products

At the first step, you can evaluate products you’ve found from a variety of sources (online databases, references, advertisements) based upon their list of features, requirements, etc. This allows you to cut a down a list of several products into a much smaller list of vendors you’re interested in dealing with. At this point, you should get in touch with these vendors, and get offers. Note that this will need quite some involvement from your side, in order to get a fair and complete offer.

This is as far as i know about this topic – here comes a lot of stuff that is usually done by executives – the most important thing for you is to get a solution which fits all the needs of your company, not just those of the IT people. This will help you to get a solution which is accepted in the whole company.

Backups are nothing new – everyone, even if they’re not affiliated with IT directly knows this word.

Unfortunately, the term “Backup” doesn’t actually describe any concrete measure. One of the important things is to know for sure what you want to protect yourself against with a backup – this will heavily influence your choice of available solutions.

So, what are possible things that could happen to or in your business, which would require a restore?

• Accidental deletion
• Accidental modification
• Disk crash
• Hardware crash
• Software crash
• Malicious deletion
• Malicious modification
• Environmental disaster, destroying the whole building

I’ve ordered the items according to the numbers i’ve seen them happening. Note that this might be different for bigger businesses.

So how do we protect our business against accidental deletion or accidental modification? When you’re using Windows, the easiest way to guard against this is a feature called Shadow Copies. Shadow copies are nothing more than volume snapshots with a nice GUI around, and a way to access them over the network. Once you have this implemented, you don’t want to miss it. It allows users to recover deleted files on their own, quickly. It also allows you to recover modified files. You can set the timing for creation through the usual windows scheduler. Shadow copies just use disk space – implement them now if you haven’t already.

The next step on the list is a disk crash. This one is easy – just read this post about hardware redundancy. However, what to do if two disks fail at once, or the RAID controller?

Please note that neither Shadow copies or RAID replace a backup – but they are part of your backup strategy.

Complete hardware crashes happen seldom. And if they do, they usually don’t destroy your data. The best safeguard against hardware crashes is a maintenance contract or service pack on the machines – no matter what is broken or missing, someone will come over and replace the part. No backup necessary.

The worst that could possible happen is a software crash – a bug in the filesystem driver destroying all your data, or leaving your SQL database in limbo. You will need a complete backup for that, and this is where it starts to get expensive. You can achieve complete backups to disk (usually to a SAN or NAS), which is a nice for a bare metal restore, but has other problems.

What about malicious deletion, malicious modification? They could have happened months ago, until somebody else works on the data, and notices the problem. This is why you need backups that go back for quite some amount of time. You can buy a lot of disk space for your SAN or NAS, but that would get expensive.

And what about a environmental disaster, destroying the company building and everything that was in it? You will need some way to keep your data off site for that. You can move hard disks off site, but they are quite fragile. Replicating the data off site could be a solution, but has other problems.

The easiest way to get done with the latter three issues are tape backups – i’ve seen many people laugh at tape backups, but they are a great solution to many problems. LTO3 tape drives are fast, really fast. They also pack quite an amount of storage, with 400GB physical and 800GB theoretical maximum. you can get 500-650GB on them without problems. This allows you to do daily, full saves, and storing some of these full saves at an off site location. If you need more than one tape to save all your data, you can use tape changers. They were expensive once, but for now they come in at about 8000 CHF.

Tape drives are also an easy concept to explain to a non-IT person, because it involves physical objects.

You could also implement a multi-tiered infrastructure, backing up to disk first, and to tape later, which is what many enterprises do. But usually the complexity involved in such a setup by far outweighs it’s advantages.

When talking about hardware, the main difference between a “PC” and a “Server” is the amount of hardware redundancy the manufacturer has incorporated into it’s design.

• Disk redundancy
  Also called RAID (almost everywhere) or Disk Protection (in the System i world). Disk redundancy ensures that the loss of a single disk drive doesn’t result in loss of data. There are many ways in which can raid be implemented – starting with purely software solutions provided by the operating system (like in Windows Server and all Linux distributions), with solutions that use a part BIOS/part driver solution (SOHO/Consumer equipment because Windows Clients lack software RAID), to full blown hardware solutions incorporating a co-processor for checksum calculation (for RAID5/6) and a battery backed write cache.
  I would go as far and say “if it doesn’t have some form of disk protection, it’s not a server”. With software RAID, all you need are a few more disks.
• Memory protection
  Mostly called ECC / Checksum Memory / ChipKill memory. ECC ensures that defective memory can’t cause silent data corruption or system crashes. I don’t know of any server manufacturer which doesn’t ship their servers with ECC memory – i consider it an absolute must. ECC can usually recover from single bit errors (and write to the logfiles) and it can halt the system in case of a multiple bit error (and write to the management CPU log).
  There are newer technologies out like Memory Mirroring, which allows of whole banks of memory to fail, and recover without any downtime. This latter feature usually needs twice the memory, and is thus prohibitively expensive.
• Power redundancy
  Multiple power supplies are available as soon as you leave the lowest priced server segment. Power redundancy is a good thing for a variety of reasons. Having a day of downtime because of a blown power supply is not funny – a second power supply can help. A second power supply also helps you if your UPS has a problem – this is actually the most common situation where a 2nd PSU helped me – with broken UPSs happening more than power downs (at least here), a second PSU is an insurance that a defective UPS can’t bring down your production server. Of course this doesn’t work if you pull the second PSU into the same UPS – plug it into the wall, or into another UPS.
• Cooling redundancy
  Some server manufacturers ship their secondary PSU together with a redundant cooling kit. Redundant cooling is as important as a second power supply, because downtime because of a single blown fan is embarassing. Most fans are hot pluggable, allowing you to keep the server up and running even when replacing the broken one with a spare.
• CPU redundancy
  This is a nice add-on feature. Most 2 CPU machines support an automatic reboot to 1 CPU when one of the CPU fails – of course you don’t buy a second CPU just for this, but it’s really nice to have if you have 2 CPUs anyway.

There are many more hardware redundancy techniques, but most of them are not meant to be used in a small business. Things like Multipath IO, fail over blades, etc. are just far too expensive.

Application redundancy is the best, and most expensive way to make your infrastructure resilient against problems. Application redundancy requires at least two machines, which then both serve the same application. Application redundancy is also called clustering, replication, multi master replication, etc.

Basically, there are two different architectures to achieve application redundancy:

• Shared Storage
  Shared Storage means that the storage is shared between the two machines. Note that a shared storage does not prevent an Active/Active configuration, with both machines active – however, care must be taken by the programmers of the application to support this mode of operation. The good side of Shared Storage is that you can make Active/Passive configurations with any software – the downside of Shared Storage is that if the storage is down, nothing works.
• Shared Nothing
  Shared Nothing means that there are no shared components between the two or more machines. There is no longer a single point of failure. Shared Nothing is almost always implemented in an Active/Active configuration, ensuring that you don’t waste energy on a machine doing mostly nothing.

Shared Nothing is usually the more elegant approach, but it’s not always supported in the application itself. Or it might require special licenses. But so much for theory – how do these things look in practice?

Here’s a list of services than can be made to support redundancy in a simple fashion.

• Active Directory
  Active Directory is designed for multi master operation. Install a second domain controller, and you’re set. This is easy. Except if you’re using Microsoft’s Small Business Server product. Upgrade SBS to a full blown windows server. SBS is designed for really, really small companies which can’t afford more than one server. Multiple DCs are allowed by all Windows Server Editions, except SBS and Web. Active Directories Multi Master Replication gives you a Shared Mostly Nothing configuration – read up on FSMO roles
• Exchange
  Exchange 2007 offers a feature called Cluster Continuous Replication. CCR requires the enterprise edition of Exchange 2007. This allows you to do you to create a Shared Nothing configuration easily.
• File Serving
  DFS is the way to go. Upgrade to R2 if you’re thinking about implementing DFS. DFS allows true multi master replication with binary diffing (for WAN connections). DFS also allows you to implement a unified naming convention for your shares. You should implement DFS even if you’re not using the replication contained. DFS is supported since Windows 2000, but not on Web and SBS editions.
• SQL Server
  I never worked with SQL server, and don’t know much about it. Our ERP software uses the System i (where they focus on hardware redundancy, and make application redundancy impossible to pay for smaller companies). If you know about SQL Server, write a comment.

Servers for small businesses are never purchased according to need, but according to budget. This is a (sad) reality, that can’t be changed on a technical level. Most small businesses don’t have the amount of resources necessary to purchase an IT infrastructure according to their needs.

It doesn’t matter if you’re a service provider, or if you are the one that has the internal IT as a side job in a small business, the main target is still to get an infrastructure which doesn’t create troubles. Even small businesses depend on their it infrastructure – while a bank like the UBS would probably be dead in the water if their infrastructure is down for a day, it isn’t that bad for a small business. But without an infrastructure, they will still get problems, missed deadlines, and missed business.

There are multiple ways to make infrastructure more resilient to problems, usually a combination of these methods is used:

• Application redundancy
  Application redundancy has many names – clustering, replication, you name it. The trick is here that software and data can be spread throughout multiple machines. This makes it possible to provide high reliability with cheap hardware. The problem here is that application redundancy is usually expensive (with commercial software), support for it might not exist for SMB software, and that it increases administrative overhead.
• Hardware redundancy
  Almost every piece of hardware can be implemented to be redundant. The most common form of hardware redundancy is RAID – usually implemented in even the cheapest servers. Hardware redundancy is not a fix for software problems, and it can’t save you from every disaster. The plus side is that it usually is completely abstracted from the end user, and thus only costs money.
• Backups
  Backups exist in many forms. They range from simple solutions like a single tape drive, which stores full copies of the complete server to a single tape, which can be stored off site. Another form of backups are volume snap shots, called “Shadow copies” in the windows world. The aren’t suited for disaster recovery, but allow easy recovery of data deleted by end users.

I will write about each of these topic in the coming week, and how to use them in a small business.

I really like purchasing new hardware – it’s generally a fun thing to spend someones else’s money on shiny new toys in a 19″ form factor.

While people in bigger companies usually purchase their hardware by the sizing done on the requirements, in SMB environments you purchase by budget, and hope the budget is big enough to at least get near the requirements.

I usually deal with HP and IBM servers – i think they’re the same in pricing, features and problems. When trying to get most out of your budget, it’s usually necessary to draw up several different configurations, in order to get as many requirements fulfilled while not being over your spending limit. If you have a hardware supplier, they will can make you a quote, and tell you what it’s going to cost, but it’s usually easier to make a draft config on your own, and then ask your hardware supplier to give you a quote and delivery time.

In case you’re not an IT company, and you don’t have a direct ALSO IVIS account, i suggest you to get one (you can get one easily even if you’re not directly an IT company, you just need a “HR Auszug” and a letter signed by a “Unterschriftsberechtigter”). This will also help you to see if your hardware supplier is trying to make too much profit on you (they will have much more hw turnover than you, and thus even lower prices).

The easiest way to get a server configuration is to use the vendors supplied tools. HP offers a web interface, which you can access through your ALSO IVIS login, and get direct quotes. For IBM equipment, it’s a little bit more complicated (but IMHO nicer). You can download SSCT, the Standalone Solutions Configurator Tool. This tool can help you to configure servers, but you will only be able to see the official list price – you will need to cross check with ALSO to see the “real” prices.

Please note that both configurators don’t have any facility to see whether something is on stock or not. If you’re in need of a server fast, it’s usually best to print out a PDF list of a server with additional equipment directly from the ALSO IVIS web interface, this way you can configure the server “by hand” with a marker pen, and see what is directly available on stock.

A generally interesting observation i made is that the professional 1U servers with all the necessary options (iLO or RSAII, second PSU, RAID controller with cache) have almost the same price as a 2U server with the same options. As space is usually not at a premium in the SMB datacenter (or “The room with AC”), you will almost always be better of with 2U servers in the long term. It’s a different thing of course when we’re talking about co-location.

I tried to get the i5/OS FTP Client to connect to a Linux machine, running vsftpd with an SSL certificate signed by a self signed CA created using OpenSSL. I wasn’t able to get it to work against that, but at least i was able to get it to work between two System i.

What i wasn’t able to accomplish is disabling the certificate check (yes, this defeats several advantages of SSL, but it might not be an issue).

Here are the general steps you have to perform:

• Connect to the administrative HTTP server on the destination system (https://System:2001/, if you didn’t enable HTTPS access it’s http://System i:2001/)
• Go into DCM, download the CA certificate from the destination system, save it to a local file, and upload it to the IFS on the source system
• Connect to the administrative HTTP server on the source system
• Go into DCM, load the CA certificate from the IFS into DCM, assign the newly imported as a trusted cert to the FTP application
• Connect to the destination system using SECCNN(*SSL)

Here’s how to get the CA cert out of the destination system:

Here’s how you import the CA cert into the source system:

Here’s how you assign the newly imported CA cert to an application on the source system:

The interesting thing here is that disabling the defined list doesn’t disable CA checking. Also, the same procedure should work with other CAs, but when i tested it with an OpenSSL generated cert, i just received Error code -99 when trying to connect.

And here’s a working, secure FTP connection from one system to another:

You will receive Message TCP3D2C with Error Code “-23″ if you didn’t install the CA cert correctly. And under some circumstances, you will receive Error Code “-99″, when you’ve installed a CA cert which IBM’s software doesn’t like.

The text for this error is:

Fehler bei sicherer Verbindung, Rückkehrcode -23.

I had an interesting call – a customer bought a multi function device on their own, and wanted it integrated in their network. I’ve always made bad experiences when customers bought equipment on their own, because usually the devices aren’t really fit for the intended purpose – SOHO equipment is not meant for companies with their own servers.

In this case, the customer bought a HP Photosmart C5100 All-in-One device. This thing looked rather fragile, but it came with an ethernet interface, which would probably make life a lot easier to integrate it into the server. The device couldn’t do Scan-to-Email, Scan-to-Share, it couldn’t integrate with Active Directory, in fact it doesn’t even speak PCL or PS.

My first try was to just install the print driver on the server, but even that was a no go. HP’s spec don’t state compatibility with Windows Server 2003, but i tried anyway. It didn’t work, Spoolsv.exe crashed right after installing the driver.

So i couldn’t even integrate the printing function into the network. I’ve installed HP’s Software onto the two PCs where the printer will get used primarily. This worked flawlessly (though i didn’t install HP’s Photo Smart Suite, just the drivers). Interesting is that you can access the Memory Card reader installed into the device using a standard SMB share – that’s a rather elegant solution.

In the end, it seems to work so far. But it’s not an elegant, and by no means a well integrated solution.

HP does offer solutions like the OfficeJet 9100, which is just a little bit more expensive, but has a lot more functionality. With the proper plug in (license) card, it even supports Active Directory.

If you’re mostly working for windows shops, and you’re less than 30 years old, you probably only heard of dot matrix printers in history books.

But they still exist. Just today, i installed a new IBM 4247. In this day and age, they even come with Ethernet interfaces, and you can configure the edges using software (instead of tiny wheels).

The interesting part was that i’ve replaced a (very old) laser printer with a dot matrix printer – most people would consider this a downgrade, but dot matrix printers have several advantages over regular laser printers (though i personally prefer laser printers).

• Huge reports on continuous paper are easy to hold and transport, not really the case with 300 sheets of A4 cutsheet paper.
• Printing on layered graphite paper allows for easy and fast creation transport documents and bills, with laser printers you’ll have to use multiple drawers and a tacker attachment

The funny part is that a 4247 with IPDS and Ethernet costs about 6000 CHF – you can buy a really good laser printer for that amount of money. In the end it’s a question of worker preference. I still think that dot matrix printouts look 80ies.

When installing network printers, you usually have a wide variety of available drivers to choose from. PCL, PCL5, PCL6, PCLXL, PS2, PS3, WHQL, not WHQL, etc.

But which is the right one? The answer is usually “it depends”.

In General, WHQL certified drivers have less features, and do not offer the same graphic representation pictures usually found in normal Vendor drivers – this differs from vendor to vendor though, some invest more time into their WHQL drivers than others do. I usually prefer WHQL drivers, if they look halfway decent (GUI perspective). They are updated a lot less, and usually cause less issues.

But this is just the first step toward choosing the correct printer drivers, because you also have to choose the print language used. Most modern network printers support PCL5, PCL6 (which is the same as PCLXL) and PS3. PCL6 and PCL5 are relativly different languages, which is why PCL6 is not downward compatible – i’ve never seen a PCL6 printer which didn’t support PCL5, but they may exist. Usually, the PCL emulation of SOHO/Workgroup printers works better than their Postscript counterpart. Which is why i try the PCL drivers first, and if they don’t do what they should i will fallback to the PS3 ones.

Many vendors have PCL6 drivers which aren’t feature complete yet, and their PCL5 drivers are usually superior – also a very interesting point. In some cases, i had to use both PCL and PS drivers to get correct output – some Programs wouldn’t work correctly with the first, others not with the second. This was with an InfoPrint 1220, where Lexmark is the OEM.

I usually check the PCL5/WHQL driver first before trying the other drivers. Remember that the featureset offered between those drivers may vary, and if you’re in need of a special feature you will have to look at all of the combinations.

When you’re buying cheap SOHO/Workplace printers, you might have encountered printers that support both Host-Based printing and PCL as input options. These printers usually have a very slow CPU, and the PCL input support is for supporting Linux or other operating systems where the manufacturer doesn’t provide direct support. This is why the Host-Based driver usually produces the better results, and prints faster (if your CPU is fast enough). I’ve seen this combination on some HP Workplace b/w laser printers