This isn’t Good-Bye

This is a bittersweet day.  Three and a half years ago I encountered my first day as a staff member at Grace Family Church (GFC) and today, it’s my last.  For a recap of why this is my last day, click here.

The feelings I have are polar opposites.  I’m excited to begin my new adventure with Fellowship Technologies (now known as ACTIVEnetwork | Faith).  I’m sad to leave my many friends and colleagues at GFC.  It’s weird to feel in such opposite ways but a friend just recently reminded me that Paul also encountered this mixed emotions.  In Romans 1 Paul expresses his desire to be with the Roman people; you see he is sad that he can’t be with them.  Paul is also excited for them and what God is doing in their lives.  I am sad that I can no longer be with my GFC friends and colleagues but also excited because I know what God is doing in my life!

As I leave today, I know with confidence that I’ve accomplished my mission at GFC.  I was hired to bring their network infrastructure from a “home grown” like status to an enterprise level.  We now have Windows Server 2008r2, we have VLAN’s, we have a virtual server infrastructure, we have FAST internet, we have a 50/50 ratio of Macs to PC’s, we’ve migrated Church Management systems, and so much more!

There are so many to thank but no way to mention everyone!  Off of the top of my head:  Pastor Craig for leading strong.  Pastor Chris for always challenging me.  Pastor Joe for empowering me.  Greg for making me think and plan.  Bonnie & Bill for your sincere friendship.  Russ for being a light and a pain :-). Rivas for being a tremendous partner in crime.  Tami for showing me that with effort and encouragement anything can be accomplished.  Jeanna for your support in all things Fellowship One.  Helene for giving me a comedic outlet on which to spew my dry humor AND being reason for the I.T. Helpdesk.  Mauricio for being an example of going the extra mile when serving others.

When I announced my transition a few weeks ago, another friend mentioned that she admired the faith that April and I have when making decisions of great magnitude such as the one regarding this job transition. I tell you this to encourage you.  It is easy to make decisions of great magnitude when you are in tune with the One who guides your every decision.  I keep being drawn back to  Jeremiah 29:11-14

For I know what I have planned for you,’ says the Lord. ‘I have plans to prosper you, not to harm you. I have plans to give you a future filled with hope. When you call out to me and come to me in prayer, I will hear your prayers. When you seek me in prayer and worship, you will find me available to you. If you seek me with all your heart and soul, I will make my self available to you…

God knows me.  God hears me.  God is available for me.  All I have to do is seek Him.  It’s because of my relationship with Him that I can hear His voice.  I know what He wants for my life.  I know that He wants me serving churches all over the United States of America (and possibly beyond) through the implementation of the Fellowship One Church Management System.  I know that He wanted me at Grace Family Church for the last three and a half years.

Grace Family Church… Thank you.  Thank you for accepting me into your fold.  Thank you for allowing me to serve.  Thank you for allowing me to lead.  Thank you for your confidence in me.  Thank you for impacting the lives of me and my family.  Thank you!  Thank you!  Thank you!

This isn’t good-bye… This is Hello!  Hello to God’s will. There’s no other place I’d rather be than in God’s will.

A Fork in the Road

Some of you may have seen my tweet last Thursday, August 18, 2011. If not, let me repeat it for you:

‘For I know what I have planned for you,’ says the Lord. ‘I have plans to prosper you, not to harm you. I have plans to give yout a future filled with hope’ – Jeremiah 29:11

Do you know that you know that you are on the right path for your life’s journey? Several times through the years I have been told by various people that I need to be in Ministry. Immediately my thought was “NO, I don’t want to be a pastor!” At the time, that’s all I thought Ministry was.

God gave me insight into Ministry by allowing me to lead worship in our church for over 10 years. I loved music. I loved God. I was allowed to combine my loves to serve Him! But, this was only the beginning.

Five years ago I began a journey combining Ministry and Technology when I embarked upon on a mission trip to Ghana, Africa. My sole purpose was to teach high school age students about computers. It was there that I saw my true pathway into Ministry. That experience opened my eyes to a whole new world of Ministry. Technology. Who knew that Technology could have a role in Ministry? Certainly not me.

For the past 3+ years, my role as the I.T. Director at Grace Family Church (GFC) has been and exciting step in that journey. I have learned so much about I.T., Leadership, and Ministry while here at GFC. We’ve virtualized our servers, we’ve changed Church Management Systems, we’ve integrated Macs with Active Directory, we’ve mobilized checkin, we’ve planted 2 churches, we’re getting ready to launch the Dream Center of Tampa Bay in Tampa’s inner city, and I’ve established so many awesome relationships with the staff ot GFC and also within the Church IT Roundtable (CITRT) community. So much has been accomplished and I’m thankful to the leadership at GFC for allowing me to polish these skills and build the while on their watch.

That leads to the next fork in the road along my Ministry Journey. I’ve had the opportunity to serve the church on a local level through 10 years of leading worship and now 3+ years as an I.T. Director at GFC. Through much prayer, unending conversations with my awesome wife, and the wise counsel of many who are close to us, we have decide to direct our Journey off of the GFC path and take the path to Fellowship Technologies, part of the Active Network. It is there where I will be serving churches all around the United States (and possibly the world) as an Implementation Manager. In this role I’ll be helping churches implement Fellowship Technologies’ Fellowship One Church Management Software. (The cool part… I get to do this from the comfort of my own home! We don’t have to move to the Dallas, TX area where their offices are located.) This software “helps churches become more effective in ministry and more efficient in administration.” For an overview of what they do, checkout this video:

With all of that being said, Grace Family Church will be looking for a new I.T. Director. If you are interested in applying for this position, please stay tuned. I’ll update this post with a link to the job posting as soon as it is available at http://gfconline.com.

I’m excited about what God has done in my life and I can’t wait to see what He has in store for me next. He knows what he has planned for my life! He won’t harm me! He will prosper me! He has already given me a future filled with hope! I KNOW that I’m on the right path for my life’s journey!

Finally – will you pray for April, our girls, and I as we begin down this path? We have already felt the prayers many of you have lifted up for us.

Oh, and #CITRT friends – I’ll still be in IRC… I can’t thank you guys (and girls) enough for your support and friendship! You have made my Church IT experience a true joy!

Yep – I’m a Fellowship One Fan!

Many of you know that I’m a HUGE fan of the Fellowship One Church Management System.  In May I had the opportunity to attend the Fellowship One Dynamic Church Conference and while there I was asked to share my thoughts about Fellowship One.  Matt Knisley did a GREAT job of putting these videos together and I want to share them with you!

What Churches Say About Fellowship One from Fellowship One, Church Software on Vimeo.

Upgrading to Web-based Church Management with Fellowship One from Fellowship One, Church Software on Vimeo.

Fellowship One and the Cloud from an I.T. Administrator’s Perspective from Fellowship One, Church Software on Vimeo.

And shoot, if Matt Pugh can share his videos, why can’t I?  Enjoy!

Installing pfSense on a Compact Flash card

I purchased a Netgate ALIX.2d3 to use for a pfSense Firewall.  It runs pfSense off of a Compact Flash (CF) card.  The trick is getting pfSense installed onto the CF card.  Once I got the process figured out, it was really quite simple.  I used a Windows 7 computer to accomplish this.

To Load it up…

1. Download pfSense from one of the mirrors here. You’ll need the nanobsd version (depending upon the size of your CF card, you can choose to download the most appropriate nanobsd img.gz file.  Store it in an folder easily accessed from a command line like c:\pfsense.  I also renamed my download to something simple like pfsense-2.0.img.gz.
2. Download physdiskwrite, unzip it, and place the physdiskwrite.exe in your c:\pfsense directory.
3. Gather a CF card reader and plug it into your computer.
4. Format your CF card.  This is necessary for physdiskwrite.exe to work correctly.
   • Open up a command prompt as Administrator and type “diskpart”, then hit “Enter”
   • Type “list disk” and hit enter
   • Type “select disk x” (where x = the disk number of your CF card from the last step)
   • Type “clean” and hit enter
   • Type “exit” when diskpart has finished cleaning the disk. Type “exit” to quit diskpart.
5. In your command prompt navigate to your c:\pfsense directory and type “physdiskwrite -u pfsense-2.0.img.gz” and hit enter (be sure to use the name of your pfSense image at the end of that statement).
6. You’ll see a listing of drives.  Make note of which drive number is you CF card and then enter that number after the question “Which disk do you want to write?” and hit enter.  (For example: PhysicalDrive1 = disk 1 so enter 1 and hit enter)
7. If your CF card is larger than 2 GB you will be prompted with a “Proceed?” question.  Type “y” and hit enter.  (By the way the “-u” switch in the command line in step 4 allows you to write to a CF card larger than 2 GB.)
8. You will now see the bytes begin to copy over to the CF card.  Once completed, eject the card from the reader and plug it into your Alix board.  Connect a null serial cable to the board.  Plug in the power.  Pull up a Serial Client like Hyperterminal or Putty and connect to the  Alix.  You may proceed from there to configure pfSense as your firewall.

By no means am I an expert at this.  It’s my first attempt!  Please feel free to share any pointers you may have come across if you have done or are doing something similar!

Syncing Active Directory Users with Postini Message Security

There are two options to sync your Active Directory with Postini, you can host the sync on your server or on Postini’s servers.  You can find information here.

I chose to use the local server tool so that Postini isn’t poking through my firewall and accessing my LDAP.  I’m pushing the information to them.

Go ahead and download the tool here and then install it.  If you’ve ever installed an app, I’m sure that you can do this without detailed instructions.

This whole process is very similar to installing the Google Apps Directory Sync tool.  As a matter of fact – the interface is pretty much the same.  You can see how I set that up here.

Here is how to setup the Google Apps Directory Sync for Email Security.  NOTE: this will only sync users – NOT PASSWORDS.

1. After installing the Google Apps Directory Sync for Email Security tool, go ahead and open the application.  The first screen you’ll need to configure is the Authentication screen which is highlighted in orange along the left side of the picture below.  At 1. you’ll enter the Admin Email and Password of your Postini account.  This is the account that has the FULL Admin rights for your whole Postini Account.
2. Select Authentication at #2.  I chose Password since I didn’t go through setting up the Xauth in my Postini account.
3. I checked the box at #3.  This will send any new users a welcome message from Postini.
4. If you are using an SSL Proxy or an HTTP Proxy you’ll enter that information here.  I don’t use either on my network so I left them blank.
   

   Steps 1-4

5. Here is where you will select which Organization you will sync with.  This is the organization that is setup within your Postini account.  You can sync with more than one Postini Organization if you choose to do so but they must be in the same Postini account.  I only have one Postini organization, therefore I chose the first option.
   

   Step 5

6. The Directory Sync tool will remove any users from Postini that are not on in your Active Directory.  It is here that you would enter rules to exclude those users from being deleted.  The 2 rules you see below are in the Sync Tool by default.  I left those rules in place and did not enter any others.  You may choose to do differently.
   

   Step 6

7. Here you will enter the information to allow the Sync Tool to pull the data from your Active Directory server.  Connection Type for Microsoft’s Active Directory will be “Standard LDAP”.  Host name can be either the fully qualified domain name or IP address of your Active Directory Domain Controller.  Port # should be 389.  Finally, the Base DN is where you store your user information in Active Directory.  I have an OU called GFC_Staff, hence the data input in this field.  If you have your users spread over multiple OU’s, you’ll need to create a container OU and then relocate your User OU’s into the container OU.  The Container OU will then become the OU that is entered in the Base DN field.
8. Authentication type for Microsoft Active Directory is Simple.  The Authorized User and Password will be a username that has Admin Rights to your Active Directory.  Notice the format of the Authorized User field:  domain\username.  That format is important – you will not authenticate unless you enter the information in this format.
9. By clicking on the “Test Connection” button you will then test your connection to your Active Directory Domain Controller.  If you have configured everything correctly up to this point, your test should succeed.
   

   Steps 7-9

10. This is where you tell the Sync Tool what user attributes to push up to Postini.  Server Type will be MS Active Directory.  Email Address Attribute will be mail (the attributes are Case Sensitive).  If you have an Exchange Server and have email Alias’ that you would like to upload to Postini, you’ll add the proxyAddress attribute in the Alias Address Attributes field.  Since we don’t have an Exchange Server, I cannot access this field in my Active Directory to add email alias’.  I’ll have to add those manually to Postini.
11. This is where you’ll tell Postini to upload any mailing lists you may have such as an All-Staff list.  The attribute you’ll enter here is called mail. (again – case sensitive)
    

    Steps 10 - 11

12. This is where we are going to tell the Sync Tool which users to push up to Postini.  To make a rule for that, you’ll click on the “Add Rule” button.
13. Here you are telling the Sync Tool in which Organization you would like to place your users.  Be sure to type this EXACTLY as your Organization is named within Postini.
14. Now you need to give the Sync Tool direction as to which users to pull over.  I used the rule (objectclass=user) to bring push ALL USERS within the Base DN specified in step 7 up to Postini.
    

    Steps 12 - 14

15. If you want to exclude any users from being pushed to Postini, you may do so here by adding rules to exclude them.  I am not excluding any users, thus I have no rules here.
    

    Step 15

16. Mailing Lists – I am not using any right now, therefore I have left his area blank and not added any rules.
    

    Step 16

17. Enter an address you would like Sync Tool notifications to come from.
18. Enter any email addresses you would like to have notifications sent to.
19. Complete the necessary credentials to authenticate to your SMTP Email Relay Host.  You may also test this connection by clicking on the “Test Notification” button at the bottom of the page.
    

    Steps 17 - 19

20. THIS IS A MUST!!! It exists to protect you from deleting your whole organization from Postini at one time.  The default is set to delete no more than 5% of your users at one time.  If more than 5% of your users are to be deleted during a sync – the sync will fail.  THIS IS A GOOD THING!  Choose your settings here according to the amount of risk you are willing to assume.
    

    Step 20

21. Set where you would like your log files to be stored, the Level of the log, and the Size of the log.  Again this is your choice and your preference.  Set it as you’d like.
    

    Step 21

22. The Sync Tool allows you to simulate a sync or test it before actually syncing.  This is a good thing.  Click on “Simulate Sync” to see of your sync would be successful.  You’ll get a full readout of what happens during your sync.
23. Now – click on File, Save.  Make note of where you save the xml file.  You’ll need to know the location of this file in ordre to make changes in the future, and also to run the REAL sync.
24. To run the real sync, I wrote a batch file that is attached to a Schedule Task on my Domain Controller.  The syntax of the Batch file is as follows:
    cd “c:\Program Files (x86)\Postini Directory Sync”
    Start sync-cmd.exe -a -c c:\PostiniDirSync.xml

Now, anytime I add a user to the Active Directory I will run the Scheduled Task to push the new user up to Postini.  I’ve also scheduled that task to run automatically, once a week.

I hope this helps.  If you see any errors or would like to make suggestions for improvement, let me know!