LDSAccess, Odyssey Client and Desktop 5.5

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
aebrown
Community Administrator
Posts: 15127
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

#11

Post by aebrown »

jdlessley wrote:The CCN is LDS Limited Access and is set in the Cisco PIX. However the administrative computer which is also connected to the CCN is LDS Restricted Access.
I was just reading the Meetinghouse Internet Guidelines, and I found that the first section mentions the LDS Restricted Access and LDS Extended Access filtering options, and then says "Each location can have only one of these options."

And yet you say that at your location, you are seeing both options on different computers. That statement from the official Guidelines document doesn't fit what you seem to be seeing. I wonder why?
lajackson
Community Moderators
Posts: 10353
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

#12

Post by lajackson »

We have not yet, but this month we are going to try. We had to add memory on the stake computer when we installed the Odyssey client. We are going to try to get the ward boxes to run without the client.
jdlessley
Community Moderators
Posts: 8713
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#13

Post by jdlessley »

Alan_Brown wrote:I was just reading the Meetinghouse Internet Guidelines, and I found that the first section mentions the LDS Restricted Access and LDS Extended Access filtering options, and then says "Each location can have only one of these options."

And yet you say that at your location, you are seeing both options on different computers. That statement from the official Guidelines document doesn't fit what you seem to be seeing. I wonder why?

In terms of the security device or router that connects to the internet you are correct. In the case of family history centers the normal filter is LDS Extended Access. Behind that firewall there can be more filtering. This is where I have come up against additional filtering. It appears to be at the computer. In this case I think Desktop 5.5 with it's LUIS has added another filter by configuring the internet options control console and requiring all internet traffic to pass through a proxy server. A whitelist of Church web sites is included in the configuration.

I attempted to add some sites to the whitelist and then tested to see if I could connect. If it was a Church site I could connect. If it wasn't, I got the browser connect failure message. My 'other' test sites were Google and Yahoo. Both failed.
jdlessley
Community Moderators
Posts: 8713
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#14

Post by jdlessley »

lajackson wrote:We have not yet, but this month we are going to try. We had to add memory on the stake computer when we installed the Odyssey client. We are going to try to get the ward boxes to run without the client.

Why did you have to add memory? When I configured the stake administrative computer all seemed to work just fine with what we had. (Can't remember how much is installed.)

If you have luck with using LDSAccess will you add a reply to this thread? I would like to know what you have to do to get connected - if anything other than pushing the LDSAccess profile out to the WAP(s). Also let us know what hardware you are using in your network.
russellhltn
Community Administrator
Posts: 31285
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#15

Post by russellhltn »

I've seen mention elsewhere in this forum about pushing out profiles to the AP. You might want to try connecting another computer to the wireless just to see what happens.
User avatar
childsdj
Member
Posts: 258
Joined: Wed Feb 07, 2007 9:51 am

#16

Post by childsdj »

I may misunderstand some of the posts here already, but the only filtering is currently happening via the PIX box. The desktop itself has a software firewall built in to the Symantec package, but it is not filtering sites. It is filtering some incoming/outgoing ports but the filtering happens via the profile on the PIX.
User avatar
aebrown
Community Administrator
Posts: 15127
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

#17

Post by aebrown »

jdlessley wrote:If you have luck with using LDSAccess will you add a reply to this thread? I would like to know what you have to do to get connected - if anything other than pushing the LDSAccess profile out to the WAP(s). Also let us know what hardware you are using in your network.
In our stake center we are using LDSAccess and it is working just fine. We have:
  • A FHC with a CCN
  • The CCN uses a DSL broadband connection with a Cisco PIX
  • In the FHC and two other locations in the building are Cisco Aironet WAPs.
  • About 4-5 months ago, we connected our administrative computers (three wards and one stake) to the WAPs, using Linksys wireless adapters, and the Odyssey client.
  • About two months ago the GSD pushed out the LDSAccess profile to the WAPs.
  • We connected personal laptops immediately using the WPA pre-shared key given to us by the GSD.
  • We have not yet bothered to try to connect the administrative computers using LDSAccess, as they are working fine with the Odyssey client. But at least 5 personal laptops have connected to the network using the LDSAccess key, with not a single problem reported.
I hope this is helpful. I don't know particular model numbers of the hardware off the top of my head, but I can get those if it would help.
jdlessley
Community Moderators
Posts: 8713
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#18

Post by jdlessley »

DJC wrote:I may misunderstand some of the posts here already, but the only filtering is currently happening via the PIX box. The desktop itself has a software firewall built in to the Symantec package, but it is not filtering sites. It is filtering some incoming/outgoing ports but the filtering happens via the profile on the PIX.

I mentioned earlier that the internet options control console has been reconfigured – the security tab is gone and the LAN settings on the connections tab is set to require the use of a proxy server. Then a whitelist of Church sites has been added to the Address text box. When sites other than Church web sites are added to that list they still are not accessible. I would consider that if you cannot access a web site it has been filtered.
jdlessley
Community Moderators
Posts: 8713
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#19

Post by jdlessley »

Alan_Brown wrote:We have not yet bothered to try to connect the administrative computers using LDSAccess, as they are working fine with the Odyssey client.

We have the same configuration in our stake building. We also do not have problems connecting non-administrative computers to the network using LDSAccess. It is the administrative computers that I have been unable to connect to the network using LDSAccess. That is why I want to see if anybody has been able to do it. I want to know what I might be doing wrong since the GSD technicians could not help me get an administrative computer connected using LDSAccess. We can connect fine using Odyssey Client.

Since I read a thread where a Church employee said they are trying to get away from using Odyssey Client I was hoping to avoid the rush when I set up our administrative computers on the network.
lajackson
Community Moderators
Posts: 10353
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

#20

Post by lajackson »

jdlessley wrote:Why did you have to add memory?
Because we were using a Dell GX620 with 256M of memory, as issued by the Church with the assurance that it was enough memory. A ward can barely survive on that, but a stake with 15 units cannot. With the need (at the time) to add the Odyssey client and software to run the wireless, we decided to add memory and pick up the speed of MLS at the same time.

We almost added the memory when we installed the Desktop 5.5 image and Local Unit Security Suite, along with the switch to Symantec.

Bootup and shutdown of the OS were taking up to 5 minutes. MLS took more than 4 minutes to load. A save took more than 5 minutes. Switching users or ending MLS took 5 minutes (for the internal save). It took about 4 minutes for the MLS Send/Receive file to set up before MLS even began to look for a dial tone.

If the machine dropped into screen saver, it took more than 4 minutes to repaint the desktop. I think that basically the hard disk drive was serving as the memory in most cases.

On the average evening, we were spending more than an hour just waiting for the box to catch up with the next click of the mouse.

So, we added memory.
Post Reply

Return to “Meetinghouse Internet”