TBG Blog

27Dec

When was the last time you have tested your backup. Have you ever performed a drill to test how quickly it would take you to recover? Recently, I was headed out on a vacation and a client had a disaster with a SAN crash. After calling the SAN Vendor, we discovered the data was corrupted.

What we had to do next was start data restores. It was a perfect test of the disaster plan. We had the luck of the SAN crashing on a Friday and we had the majority of the weekend to recover. In this scenario we had about 15 servers to restore and we were able to get them all restored with the exception of one.

After this event, it got me to thinking on how many people could have recovered this quickly and I can offer some tips on why this went so well.

Bare Metal Backups.

This feature alone saved so much time. We had the ability to boot up with a CD and restore the C:\ drive of all of the servers. This saved us from having to reload the OS and do all of the patching and configuring.  This saved hours if not days of times. One thing we could have improved on this is ensuring that we had the iso files created for each server. This is an important feature that every backup system should have.

Disk Based Backup.

After the bare metal backups where restored, when then proceeded to restore the data. Since all of this was online and available, we did not have to worry about which tape it was one. We had the ability to restore both Microsoft Windows databases and also files. We also had the ability to restore up to 8 jobs at a time, which also saved considerable time.

VMWARE

Since most of these servers where virtual, I did not need to be onsite. I could do the entire server rebuilding remotely. I did most of this being at least 2 states away with a VPN connection and with no one being onsite. I was able to create Virtual Machines and also load up the ISO file to begin the Bare Metal Restore.

Since the SAN crashed, the VMWARE servers had enough disk space to handle all of the virtual machines.

Redundant Systems

Since the SAN is the weak link with VMWARE, we designed the network to include some redundant systems. The first and foremost thing we did is make sure we had redundant physical servers for key systems. Microsoft Exchange, Windows File Servers and domain controller services all had a redundant server and allowed the client to maintain most of its business critical functions. A few departments had applications that were not available, but it was only for a handful of users and these applications did not warrant a redundant system.

This is also an import part of a good overall disaster recovery and business uptime. If you can create redundant systems in a different physical location, you can save yourself stress and your company downtime.

Lessons Learned

The first lesson is to make sure you test your backup system and ensure that all of the system can be recovered. We had one system that did not restore correctly and we choose to rebuild it rather than restore it. We had to get the vendor on the phone to get it corrected.

The second lesson is to make sure you have a good list of server’s names and IP addresses. We had a few servers that had IP addresses documented incorrectly and it caused issues during the recovery process.

The third lesson has to do with Domain Controllers. Windows domain controllers have a feature that detects what is called USN rollback.

Leave a Comment

24Dec

Recently, I received a call from a client, they were infected with a virus. This virus had modified the network share and hide folders. It then created folders that where executable. This client had current virus definitions, but it was a new variant of an existing virus. How could have this been prevented? This virus spread with USB drives and also with email attachments. All email attachments need to run through a virus scanner and emails with zip or exe attachments really should be blocked. With file sharing sites, it is an easier way to share files. Also USB drives should be limited in use. Unless someone has a need to move files around, USB drives should really be restricted and blocked.

Leave a Comment

20Dec

One of the items many of my clients have plans for is Backup for their computer systems, what they don’t always think about it communication line backups.
As computer systems are becoming more centralized or moved to some sort of cloud or hosted service, communication lines become much more important. If the office loses its connection, that office basically cannot work.
What I have been doing for the past 4-5 years is helping companies design redundant networks and you can do it fairly cost effectively.
The first think you should consider is if you have some sort of cable or DSL internet available. If you do, you can purchase an inexpensive firewall that has VPN capabilities. You can set it up so that if the primary line goes away, it utilizes the secondary connection.
The second item to consider is the type of connection. If you have T-1 line you more than likely will not want a DSL line. The reason is it will terminate in the same location and if the T-1 line is having issues, the DSL line will more than likely have issues. Chose a different media type and a different provider.
The third item is to make sure you are testing this system. The worst thing that you can do is have a redundant system that fails you when you need it. I would suggest a test at least quarterly to ensure that it is still operational.
Network Monitoring becomes much more important also. You will need to be notified if you have a down line and you are failed over. I have had a few clients over the years not even realize they had failed over. That is a good for avoiding an outage, but not good if you need to get the line fixed.
If you need some help with this design, send us an email or give us a call

Leave a Comment

14Nov

In my business we are always starting and finishing projects. One of the key items to a successfully project is how you manage it. I have seen numerous projects fail not because of some technical error, but because it was poorly management.

The first thing you need to manage a project is a good task list along with who is doing what. This does not have to be a book and can be on a simple piece of paper or even a task in Microsoft Outlook. You can then hold people responsible and also set a timeline.

You also need to set a goal of what you want to accomplish in the project. If you do not have a goal the project might fail as it was not configured to specifications you needed.

You also need to come up with what will be considered a successful project. If you do not have that, how can you determine success or failure of a project?  It is like shooting darts at the dart board.

Finally, you need to make sure the project is completed. Everyone likes to work on new things and never really complete what is started. I have seen a lot of technology projects get to 80 percent and then are never completed. The best companies make sure that they get to 100%.

These are just some very simple observations to help you better manage your next project.

 

Leave a Comment

06Nov

If you are like me, you are very busy and when you get in that mode, you forget to plan.

Winston Churchill said “Those who fail to plan to fail”

This is true in about any aspect of life, but I want to relate it to the Technology Business in general. In my consulting role I walk into emergences from time to time. Some of them cannot be avoided, but most can. For example, I have walked into upgrades that have not gone very well. You ask, do you have a backup and they give you a blank stare. If they would have planned the upgrade, a backup would have been on that list.

Another good example is walking into a place with the email server out of disk space. Besides not monitoring the system a process should have been put in place or a tool purchased to notify someone before the situation lead to down time.

With how busy we are these days, people want to forget about the plan and just do it (Like the famous tag line from Nike). The problem with the just do it, it critical steps are missed and you risk a failure or even downtime that can cost your business money.

What you should do is each year sit down with a master project list that you will be performing each year. You then take that project list and assign it to the various people involved. Have them create an implementation or upgrade plan. They should present this to their team for review. The peer review is important to ensure you are not missing any steps.

You should have some sort of objective and timely of when a project is completed and what a successful project is.

You should also sit down and list out who is responsible for the systems and software that is in place and what procedures you have to monitor them. If it is a manual check, that is ok but make sure someone is assigned to do that check. It is a manual check, you might want to see if an affordable solution exists to automate those checks.

I think in this industry people think they don’t need to plan, but you should at least a quarter to half you time planning. I have found the more time I spend planning, the less failure and down time I have.

Leave a Comment

30Oct

One of the main concerns of the cloud is how secure their data is. When a company uses a cloud service they have no choice but to trust the provider with their data. Some recent attacks have shown that some cloud providers are not as secure as they need to be and that puts your data at risk.

This year alone (2012), a majority of the cloud provides have had some issues with their services. It has ranged from hackers to natural disasters; data has been exposed or has been unavailable. This has happened in prior years also.  Consider this, in 2011, Sony Entertainment had nearly 77 million accounts hacked, exposing user’s information, Dropbox had numerous service outages, and Gmail had a 30 hour outage that resulted in 44,000 accounts being lost.

This just shows you that cloud providers and their systems are vulnerable.

Despite numerous attacks and problems, the data centers where cloud providers locate their servers are physically secure. Google’s   has released a  security video that is a good example of how secure the physical locations are.

 

When you are looking at hosting your data on the cloud, you also need to consider the following elements.

 

  1. Privacy of banking, social security numbers and other details
  2. How services outages are handled and uptime guarantees.
  3. Confidentiality of your information, what controls are in place and who can access it.
  4. Physical and network security. How are they securing their datacenter and the systems in that datacenter?

 

By focusing on these four factors cloud providers are able to provide close to 99% security.

A risk still existing and that can come from inside your company and from your employee’s. Just about every cloud service requires a username and password to access the service.  The hackers and scam artists know this and will use this vulnerability to obtain access to the data. They can also use this same information to hit numerous cloud services as people generally use the same username and password for all websites. That is why it is a good idea to use a separate username and password for the various websites you access.

If your company utilizes a cloud service a number of factors that you need to be consider when it comes to security:

  • Liability for sensitive data stored in the cloud rests with your company, not the provider. Make sure you have a good insurance policy, contact your insurance company.
  • Cloud vendors should be able to provide reports written by a neutral third party on the security of their service. These should be taken into account when looking for a provider. This is typically called a SAS 70 certification and the Datacenter should be SAS 70 certified.
  • You should be taking steps to backup data stored in one cloud to either a different cloud or even to a physical location.

 

  • You should establish a process that makes your employees to change their passwords at least every three months and not allow them to use the same password

Do you have cloud solutions in your company? If so let us know what your concerns are about security?

 

Leave a Comment

25Oct

Windows Tablet Computers

With the release of Windows 8, Microsoft has also launched 2 tablet computer offerings. They are Windows Surface with RT and Windows surface with windows 8 pro.

Windows Surface RT

This version of the tablet can be ordered directly from Microsoft. It can be ordered in three different versions. The $499 version comes without a keyboard and 32 GB of storage, $599 version that comes with a Keyboard and a $699 version that comes with a keyboard and with 64 GB of storage. You can also order different colored Keyboards.

This tablet also includes a version of Microsoft Office with a few restrictions; it can only legally be used as a student or a home user. If you are using it as part of a business, you will need to either have Office Live 365 of a copy of corporate Microsoft Office.

The display is not as nice as the current IPAD 3 with retina. It has a 920×1080 208 PPI screen, while the IPAD 3 has a 2048×1536 264 PPI.

I have ordered one of these to test it out and also to make available to clients who would like to see it and demo it.

Windows Surface With Windows 8 PRO

 

This is expected to be released within 3 months and will include the ability to run Windows applications. It can be a direct replacement for the Windows 8 desktop. It includes a higher resolution screen and also includes more memory.

Final Thoughts

It will be interesting to see how functional these tablets are and if than can be a viable desktop replacement. The IPAD is a great device for data viewing, but not data input. These devices from Microsoft might change that.

Leave a Comment

29Sep

I have talked to numerous people that believe Apple and their products are very secure, I have listed a security breach into Apple’s Apple ID that might make you think twice about that. It is also a read into cloud security and some things that  you should not do.

Mat Honan’s Compromise  Mat Honan is a writer for Wired Magazine and  in early August had nearly his whole digital life wiped off the map. This article on Wired is a interesting read into how he was compromised and some thoughts on how to avoid what happened to him.

A quick summary is he had some of his important website accounts linked together. This account linking allowed hackers to obtain access to his ICloud account taking advantage of lax security related to Apple’s password reset.

The hacker really just wanted to take Matt’s Twitter account. They realized who he was and that he had other accounts linked to Twitter and that lead them to the Apple account. To gain access to the Apple account, they had apple issue a temporay password. This required the billing address and also the last 4 digits of a credit card registered to the Apple account. They called Amazon and obtained the last 4 digits of his credit card with social engineering.

From there ,it was easy to gain access to the other accounts. I have listed some steps below to avoid this type of compromise.

  • Unlink all essential accounts from one another.
  • Set up an email account that’s only used for other account resets.
  • Regularly back up all your devices onto a secure hard disk.
  • Change your password regularly and use two-factor authentication if available.
  • Don’t have the same username or password for all accounts.
  • If the information isn’t necessary for your account don’t provide it.
  • Delete and never store any credit card numbers in online accounts

If you have any questions or concerns about the security of your accounts or systems, please don’t hesitate to call us.

Leave a Comment

21Sep

 

BYOD – What is it?

BYOD allows employees or users to bring their own computing devices into your network and gain access to corporate applications and the Internet. Most corporate networks today only allow approved devices or they provide a device to a user.

With most people owing some sort of computing devices these days, they would like the ability to bring that device to work and use it. BYOD allows for this type of access for the employee’s or users of that network

BYOD – What do you need to consider?

BYOD is not something that you can just purchase and call it a day. It takes careful planning and design to make is successful. Listed below are a few items to consider

 

Wireless Connectivity

With a majority of today devices only having wireless, you need to have a robust wireless network.

This robust wireless network needs to be able to determine who is allowed on and who is not allowed on.

You also need to consider how many devices you have and plan for the correct capacity. Most wireless networks where not designed for BYOD and will not be able to hold up to the load. You wireless network will go from a nice to have to a must have and you need to plan it correctly.

Some wireless vendors are better than others and make sure you are getting a solution that has some sort of central control along with the ability to quickly make changes.

Also don’t forget about network wiring needed to connect your access points to the network. You will also need to consider how to power the access points. Most Ethernet switches have some sort of POE build into them and you need to consider this. These are all added costs to the wireless project

 

Policies and Procedures

This is something that most overlook but should be a first step. You need to define what you are going to allow and how you are going to allow it.

The first item should be the types of devices you support. Certain devices just don’t work well or may not have a client to access your applications; you want to make this clear up front.

Support, you do not want to be providing help desk support for the various consumer devices. You need to define what will and will not be supported.

Anti-Virus, security updates, etc. This is also something you want to have defined. You will want to make sure that they are patching and also have some sort of Ant-Virus. If they are not complaint, you have the ability to remove them from the network.

Expense reimbursement. This is something else most do not consider. Are you going to reimburse or give them a stipend for using their own device? If you are, you want to define the parameters of what this will look like.

Access to Applications

The next question you have to answer is how are you going to allow access to applications?

If you are going to allow tablets and Apple computers such as MAC’s, will your applications run on them?

Numerous solutions exist to allow access to your applications from the various BYOD devices.

MOKIAFIVE

These guys are newcomers to the market, but have a very interesting product. They offer a virtual desktop. Their product installed on top of a Windows server and is very easy to deploy and maintain. They even work if you are disconnected from the network.

Citrix

They have a number of solutions to allow access to applications, the largest one being Citrix XENAPP. Citrix XENAPP allows for the ability to publish applications to various devices. IPAD’s, IPHONE’s, PC’s, APPLE MAC’s are some of the platforms supported.

2X

2X is a lot like Citrix, but is at a lower cost and is geared towards the Small to Medium business.  This also works with the various platforms and allows the ability to access applications from anywhere and almost any device

Final Thoughts

BYOD is just not one thing but a collection of both technology and polices and procedures. Also, make sure you do not forget about how you are going to gain access to applications

 

 

 

 

Leave a Comment

08Aug

Demand for wireless access is expected to soar this year and beyond. Analysts have predicted an increase of 300% in wireless demand in your organization. The question is are you ready for it?

Expanding Your Coverage

Your locations more than likely have some wireless coverage, but they will have a hard time keeping up to the number of devices attempting to connect to them.

Increasing the number of access points and turning the power down on some of the existing access points will provide better overall coverage and also satisfy the new demand. You also need to make sure you design your wireless network for the device types it will service. Wireless VOIP phones have a different coverage model than laptops. They need more access points at less power so they can roam without dropping the call.

If you only have a dozen or so devices two access points should be able to provide adequate coverage for a 1500 to 2000 square foot building.

Access Point Placement

You want to make sure you place your access points carefully. You do not want to mount them on structural metal; it can cause issues with the signal. You also want to make sure that you check the construction of your walls. Some buildings have sand in the walls, which can decrease signal and require additional access points.

Also make sure you leave some extra cable so if you need to move the access point, you can.

Security

Wireless is much less secure than a wired network. Anyone with a device can find your network and attempt to break in. For your private wireless network, use WPA2 Enterprise security. This will require a username and password and not a key that is easily guessed. It also rotates the wireless keys providing another level of security.

At the least, you should not use WEP as it can be cracked in less than 1 hour in a heavily utilized network.

Wireless Controller

If you are going to be deploying a bunch of access points, you should consider using a wireless controller. This will help you make mass changes and also give you the ability to easily add and remove access points. You also have a central location to look for wireless issues if any are reported.

Final Thought

If you have not deployed wireless yet, chances are you will be in the next 12 months. Make sure you take time to understand your requirements so you can size your wireless deployment appropriately. Otherwise you will have coverage issues and unhappy users and unneeded expense

Leave a Comment