Three Things…

Written by Nick B. Nicholaou on . Posted in Articles

© 2012 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from Christian Computing Magazine

Our team does a lot of network engineering, and we run into some common issues in Christian churches and ministries.  We find ourselves saying, “Now that needs to be an article!”  The problem is, they’re usually topics that won’t make a full article by themselves, so they never make it as an article idea.  In this article I’m going to address three of those issues: Macs in Active Directory, Who Owns Your Domain?, and How’s Your Cable?

Macs in Active Directory
The use of Macs in churches and ministries is on the rise: team members are asking for Macs for a variety of reasons, and they are getting the okay to buy them.  Network administrators are trying to find good ways to manage them using the network tools they have used for Windows workstations, and one of those management tools is Active Directory.

Active Directory (often referred to as AD) is the database used by Microsoft Windows networks to manage the network.  It’s where security policies are defined, users’ login IDs are established, and computers are registered, among other things.  When managing a Windows workstation (desktop or notebook), they “join it to the domain” which then makes it possible to control the workstation’s security, etc from the network.  Many network administrators believe they should join Mac workstations on the network to the AD domain just like they would a Windows workstation.  The problem is that doing so adds complexity to the network, is a lot of work, and accomplishes very little.

There are a number of complex strategies available to join a Mac to an AD domain, like Magic Triangle.  Network administrators who employ these strategies often complain about how poorly they work and about how much time they take to establish and support.

I recently asked a number of church IT folks what benefits they got from joining their organization’s Macs to the AD domain.  I was surprised to learn that about the only benefit they saw was the control of passwords from the network.  I don’t think that benefit is worth the effort and complexity.  Our firm does not join Macs to the AD domain; it’s just not worth doing.

Who Owns Your Domain?
When engineering a network for a new client we usually need to make some changes to their public DNS record.  Those records are where computers on the Internet learn how to connect to a website, where to send email, and more.  The DNS record (DNS is short for Domain Name System) resides on a server somewhere and is accessible only by authorized individuals.  The question we often must ask is, “Do you know who we need to contact to make a change to your DNS record?”  The answers are often not very good:

  • We don’t know.
  • It was set up by a former team member or by a volunteer who no longer goes to this church.
  • Our webhost manages it, but we’re thinking of changing webhosts and don’t know what to do.

How would you answer that question?  If your answer is anything other than that you can login and change it, you may need to make a change.  If you have the ability to manage it then you can grant access to it by a trusted vendor or team member, but if it is out of your control your options are very limited.

We strongly recommend taking control and ownership of your DNS record.  We recommend moving it to dnsmadeeasy.com so your options are controlled by you and not by someone outside your control.

Having access to your DNS record gives you the freedom to change webhosts and email hosts when you think it would be best for your organization.

How’s Your Cable?
Another issue we run into a lot is network cable that is substandard and causes network errors.  We think it’s great when our clients can save money by pulling their own cable, but we always recommend they get the cable certified afterwards.  Certification is not free, and it’s more than doing a “tone” test.

Testing for tone, what is usually all that’s been done, tests to make sure there isn’t a complete break in the cable.  Certification tests a number of engineering parameters to make sure the cable is capable and ready for gigabit data transmission, and it requires a fairly significant testing device.

Is WiFi an acceptable alternative to good network cable?  Our answer is probably not.  WiFi connections are not as predictable as good cabled connections, so we recommend not basing a data network on WiFi.

I hope those are helpful as you look to the health and reliability of your network.  Paying attention to these three things can improve your team’s efficiency and productivity.

Tags: , , ,

Comments (3)

  • Fredric Gluck

    |

    Reason #1 to join any computer on my network to AD is simple … SECURITY! I don’t want any computer on my network that is not authorized to be there. Reason #2 – access to shared data. The moral of the story? If you don’t join any computer to AD, you open yourself to security risks.

    It’s too hard?? Bah … that’s what they pay IT Managers to do. Keep an orderly and secure network. When are we IT Managers going to realize that there should be absolutely no difference between Macs and PCs. Our networks should be agnostic to what hardware is attached.

    Reply

Leave a comment