Solved

Resolving SPX names w/o a Netware server

Posted on 2011-09-23
14
323 Views
Last Modified: 2012-05-12
We use SPX to remote control machines (XP Pro) running various VPN clients required to connect to our customers. Most customers do not allow split tunneling so bringing up the VPN knocks the connection down if we used IP - so we use SPX. This also isolates these machines as they have no local IP capabilities.

We still have one old Netware server still running, its only purpose is to resolve SPX names so we can "find" the remote control machines using SPX (they are running pcAnywhere). If the Netware box is unplugged, we can't get to any machine.

I would love to replace this with a Windows server or use one we already have running - 2003 preferable.

Any way to do it?

Alternately, is there a way to have a HOST type file for SPX I could put on each controlling machine where I hard code the controllable machine name and (I assume) the network and MAC addresses? This never changes and would be no problem to put on the controlling computers (also XP Pro) so they could find the remote controllable machines.

If I can't do this, then I have to keep the Netware box alive or find another remote control solution that  isolates us from the customer's network and can be remote controlled and survives a VPN tunnel.
0
Comment
Question by:dlwynne
  • 6
  • 6
  • 2
14 Comments
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
Comment Utility
Personally I would probably create instead virtual XP machines (or whatever OS is needed, either one for each customer or one for all if approriate) on the workstations, or better a server.  Then THAT makes the VPN connection and the main workstation continues with what it's own jobs.

e.g. You could use (free) VMWARE server, install an XP machine to spec. you need, copy and paste it how many times you need, change the names in the config files and say when each is started that it is a Copy not a move. Then your users can web into the VM box and connect to the required customer VM over IP.

Another alternative is having the physical connected to a KVM over IP solution - you are talking something like £300-£400 for an 8 port device or a quick google revealed various refurb models from 50 quid or so.

As to SPX, has been too many years since I dealt with IPX/SPX connectivity sorry as sadly everyone I dealt with migrated away from NetWare many years ago so listening really as a reminder.

Steve

0
 
LVL 28

Expert Comment

by:Bill Bach
Comment Utility
The name resolution for IPX was done in two ways:  The application could query the NetWare bindery directly, or it could use SAP broadcasts.  If PCA is querying the bindery, then you'll have to leave the NetWare box running.  However, I believe that it is looking at the SAP broadcasts that are sent out every 60 seconds.  For this to work, you should install the SAP service, in addition to IPX/SPX, on each machine.  

Right-click/Properties on the NIC and click Install, then Service, then SAP.  A reboot is likely required.
0
 

Author Comment

by:dlwynne
Comment Utility
dragon-it:,thanks for the comment.

I had thought about virtual machines but had not though of KVM over IP. The problem with both, I think, is something that I failed to mention in my question :-)   .  We have multiple support reps active on VPN machines at the same time, does VMware and / or IP KVM allow for this?  Rep A needs to control VPN 1 while rep B is controlling VPN 5 while rep C is controlling VPN 3, etc.  Also, the reps all have VPN machines at their desks on a standard KVM. When in the  office they control them directly. When working from home or the road (nights, weekends, holidays) they access their non-VPN PCs  via a secure VPN tunnel them remote control (via SPX) the proper VPN box. Having a VPN machine at your desk is much faster / better access than remote controlling it - would IP KVM pr virtual machines be as responsive (assuming we can have have multiple users at once) ?
0
 

Author Comment

by:dlwynne
Comment Utility
Thanks BillBach.

I tried SAP on one of the VPN machines, but it is possible I didn't configure it correctly.  I unplugged the Ethernet cable from the Netware box and all my SPX hosts vanished from pcAW remote lists. I then connected up the VPN box with SAP on expecting to see it in the lists of available hosts, but I did not.  Would I need SAP running on both the host and the remote box for the host to see the remote? I need to make sure the network number and frame type was set on the test hosts and remote boxes. Normally the local network number is set to all 0's in the SPX config, perhaps that needs to be set when no Netware box is present?  I THINK I rebooted the test VPN after I turned SAP on, but I am not 100% sure.

What I need to do is plug two machines together without the LAN or server at all (so everyone can keep working while I test). If I can get the two machines to see each other in pcAW with SPX and SAP then I can do the same for the whole network.
0
 
LVL 28

Assisted Solution

by:Bill Bach
Bill Bach earned 250 total points
Comment Utility
I believe that you need SAP on each and every machine.  (Again, this is going WAY back, and Microsoft was never good at IPX/SPX anyway.)  This is a broadcast-based protocol, and you need each machine to be broadcasting.  

You actually bring up another REALLY good point.  With your NetWare box running, everybody knows what the IPX network number is supposed to be, so they all join the same network.  Without this leader, you'll have to tell EVERY box which network they are on.  In the IPX/SPX configuration, you will see TWO different network numbers.  
1) The first network number is the network number of the machine.  These values must be UNIQUE on the network.  The default (00000000) is OK for clients, but not for servers, and each of these broadcasters will now be a server, so you may as well set this up.  Remember to change it if you ever clone a computer -- each box must always be unique.  
2) The second network number is the wire network number.  Your boxes are probably configured for "Auto" config.  This must also be changed.  Look at your NetWare server and determine the IPX network protocol and number.  (I think this is shown by entering NETWORKS or DISPLAY NETWORKS on the console, but it's been a while.  If you don't see it there, check the network configuration files directly in either AUTOEXEC.NCF or in INETCFG, depending on the version and configuration.)  The protocol and IPX network number for the wire MUST be hard-coded on each and every machine to be ther same value.  The best option is to be using Ethernet_802.2 (which is the default for Windows, but older NetWare servers might be using 802.3).  If your NetWare box is using only 802.3, then you should change everybody to that instead.  Again,. don't rely on "Auto"!  Then, be sure to specify the exact same IPX network number for everyone on the network.  You can use the same number that the NetWare box is broadcasting right now, but again, without the "leader", the "followers" will have to be told where to go.
0
 

Author Comment

by:dlwynne
Comment Utility
I found some multi user IP KVMs but they look quite spendy.  What I was not thinking of was a single port KVM. That might do the trick? But one for each VPN machine and control them directly - it may be quicker and more responsive than SPX pcAw (but not as good as direct connection?).  It would be ideal if I could fins an inexpensive 1 port VPN with pass through to a real keyboard, mouse, and monitor. Then deskside would work as normal and remote access would work without pcAW or SPX at all!
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
VM would be fine with this:  Lets say you've got a reasonable server / powerful wrokstation with 4Gb RAM.... it can run XP or a basic 2003 server.  You can probably run 6-8 simaltaneous basic XP machines with, say, 384k RAM each or obviously pile in the RAM, 64 bit server etc. etc.

I do that myself and have VM's for each client, or at least flavour of VPN software / applications etc. and then either use the web remote access from remotely or onsite into the relevant VM console directly, or also have VNC and/or RDP enabled on them so I can use traditional RDP client into each - this of course fails when using the kind of non split-tunnel VPN solutions you mention.

You can soon have more VM's than your hardware allows and then you just remote into the VMware server console (or ESX etc. etc. if you can purchase better) start / unpause the relevant machine and click into the console window and pause it again when you finish.  With some "flag" system of who is using which machine you would know which were free etc. if needed and which could be paused.

I had forgotten that most of the KVM over IP are 1x8 or 1x16 port etc. though as you say there are some 2, 4, or even 8 remote client versions though they are more.

Franly I'd be going the VM route.  If nothing else ust think how easy the backups of them are, the putting back when something fouls up, and a new client is copy/paste!


Steve
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:dlwynne
Comment Utility
Using VM I can have all the VM XP VPN "machines" in use and actively remote controlled by a several users simultaneously?  What software is used for the "console" - a web browser?  We they all go in on the same local IP while each VM has its own IP (or shares one) on the public side?  I don't want the VM VPNs on my local network at all (if I can prevent it), if I do then SPX only like we have now.

You recommend free VMware or Vshere or what?

On an unrelated note, I found some one port IP KVMs that have a 2nd Ethernet port (simplify cabling) OR the ability to run a local kn, mouse, a monitor as well as remote. Either of these makes that even more attractive.

Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Yes.  With vmware server which is free you connect to https://server on port 8333 and then authenticate to it.  You then get a GUI onto all the machines on it. from where you can stop / start / suspend / configure and click on console link. You can just save the console links too to go direct to them.

Lots of other vm solutions but VMARE server is nicely free :-)

Vmware server for this sort of thing I would have thought would be plenty but obviously of you are looking at vurtualising real production servers etc. then you need to consider vsphere with moving between multiple hosts etc. etc.

With VM each machine could have two physical interfaces if needed but as you are going to be using your machines with VPN's then you wouldn't be talking IP to them just to the VM server.... effectively KVM over IP again ---> you can see them booting from BIOS upwards, not just in the OS.

Being tight I run vmware server 2 with a couple of production servers on and multiple XP machines etc. which are unsuspended / booted as needed to do whetever work it is accessed over combination of RDP and through VM console.

You can of course if the KVM has video passthrough use multiple keyboards and mice.

Steve
0
 

Author Comment

by:dlwynne
Comment Utility
As long as VMware console allow multiple users to control multiple virtual machines at the same time then that is the direction I am leaning.

The server will have dual NICs (I assume that is enough), one on the private LAN to remote in to the console, the other shared among the VM machines and attached to the WAN (behind a firewall).

Is there an internal way to share files among the VMs?  To transfer files (via the console) to / from the VMs?  We can use an FTP server if we have to (and we do now) to keep the VPN boxes isolated from the rest of the network.

Can you clone an existing (stand alone) XP machine and make a VM or do we have to do an install to the VM and do all the patches and setup on it?

Once we have a working image, we can clone that over and over as much as we need (and our license allows) ?

We have some spare servers, extra 2003 licenses, and VMware is free so we are going to do a test server and see how it goes. We may need a larger / better server for production. We are also planning on splitting up the VM machines over 2 servers so all will not depend on a single server.

Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
yes basically!

To copy a new machine... You copy/paste the directory, edit the config file in notepad and change the name.  add it to inventory in vmware admin web page and start it... It will tell you copy or move.... Say copy and it will get a new id etc.

Your lan idea is fine.. You can allocat machines one or more nics and they can communicat on private lan, nat range to one nic or bridged to pickup dhcp or fixed ip.

You can setup shared area on host and map drives to that for each machine (and therefore also share it from your other lan if wanted). Share clipbpard if wanted etc.

Effectively a machine is a cluctch of config files and hard drive image files.

Oh yeah you can map cd drives to real ones or iso dir which is handy.

Moving to another server is copy and paste job in vm server.  in paid for ones you can migrate over running machines etc.

Good luck, feel free to ask (or employ!) if needed and there are lots of more knowledgable peopl in vm forums here.

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Sorry missed this comment on mobile before:
<Can you clone an existing (stand alone) XP machine and make a VM or do we have to do an install to the VM and do all the patches and setup on it?

>

You can use VMWARE converter to make physical into virtual bu probably better of starting with a clean XP image (or whatever).  Get it patched up to level you want but NOT on domain etc. if you need that, give it a generic name and DHCP IP address.  You can build from ISO image of OS or physical CD in server or client machine.  Copy it to a "template" directory and remove from inventory on VM server.
Then copy / paste the dir x how many you need, edit config file, boot them up, set pc names, passwords, fixed ip addresses etc.
0
 

Author Closing Comment

by:dlwynne
Comment Utility
BillBach answered the question I asked.

dragon-it suggested virtual machines (which we were considering) and IP KVM (which we had not thought of).

We have decided to use either VM or IP KVM (or both) and do away with SPX and the Netware server completely, but  BillBach's answer should have let us keep SPX if we had decided to go that route.
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Yes sorry for hijacking with OT answers really but I think is much more 2010's answer than PcAnywhere and SPX (which inicdentally we did used to do something similar mid-late 1990's with dial-in machines which then internally remoted onto other machines with PCAnywhere to connect to customer networks etc.)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now