Author: Jay Carter

Keep Track of your Assets!

Posted on by Jay Carter
Card-Catalog

Working at the Card Catalog Library of Congress LC-H2- B-5636 [P&P]

Asset tracking software like Open-Audit by Opmantek streamlines IT decisions and improves accountability.

When a organization’s IT infrastructure grows beyond, say, 20 devices, it becomes very important to keep an accurate record of all of the information about the equipment. This kind of information is vital for:

  • Accounting and tax record keeping on asset depreciation
  • Recording the date of purchase for warranty performance
  • Installed software to ensure licensing compliance
  • Disk capacity tracking for planing upgrades
  • Location information to make finding the PC for troubleshooting and maintenance

You could manually try to record all of this data using spreadsheets or a custom database, but that becomes far too tedious and labor-intensive.

You need asset tracking software – I install and recommend Open-Audit by Opmantek. This open source software was created by Mark Unwin of Brisbane Australia and purchased by Opmantek in 2013. Mark continues to lead the development of this excellent product.

Open-Audit runs on either a linux or windows system, and collects a huge array of data on various devices connected to your company network. Devices can be discovered and audited on a scheduled basis which allows you to track changes to installed hardware and software over time. Linux, Windows and Mac OSX PCs can be cataloged.

Basic setup of Open-Audit is pretty simple, and once this data is being collected regularly, many IT tasks become much simpler:

Want to ensure software license compliance? You can enter license counts for each Software title detected, and see which machines have a particular title installed.

Want to decide who needs an upgrade most? You can view a query showing installed memory and CPU speed and description. If you’ve populated fields such as purchase date you’ll have even more clues to make an effective decision.

Are users unknowingly installing spyware or adware? You can scan the installed software report for titles you don’t recognize (or are known bad apples).

Wondering if a system tucked in a far-away server closet is still alive and well? Check the ‘Last Seen’ report to find out if it has responded to an audit recently.

Asset tracking: Do you apply a company asset ID sticker to every device purchased? Update the asset tag field and you can supply accounting with useful information for inventory audits. If you have many physical locations you can create these (even including GPS coordinates) and assign devices to locations.

 I’ve used the open source edition of Open-Audit at my clients. For smaller installations it offers a terrific set of features. Open-Audit Enterprise adds a host of features which look to be perfect for larger organizations: Scheduled Reporting, Reporting over time, more advanced reports, and of course support and custom development possibilities.

I deploy Open-Audit for your organization and help you get a handle on your IT hardware – Contact me today!

The End of the World? Just work your plan…

Posted on by Jay Carter

…you have a plan, right??

Business technology has become so ubiquitous and reliable, it’s often difficult to imagine how you might operate without it. That is, however, exactly what you must do to formulate a good disaster recovery plan.

Think about the kinds of events you need to plan for: most are not true end-of-the-world type disasters. Power outages of various durations happen in most places every year. A fire or other emergency at a neighboring business might make your facility difficult or impossible to reach for a time. Impassable roads from snow or ice might mean your employees are better off working from home ( if that makes sense for your business).

Good tech plotted out in advance can turn all of these situations from minor disaster to business-almost-as-usual.

To guard against both natural disasters such as fire and flood, and hardware issues like disk crashes, you need off-site backup. This can be hosted storage in a data center or self-hosted in branch office. Data centers have all the security, power backup and bandwidth required to do the job, and are reasonably priced. The self-hosted option can make sense if you’re already paying for those requirements at the backup site.

I can work with you build a disaster recovery strategy built on a solid data backup foundation.

Contact me, while everything is still working.

Keep your business out of the headlines

Posted on by Jay Carter

Security Breaches: bad news for your small business.While you may spend a lot of your time making the world more familiar with your business, there is one kind of publicity that really is bad publicity – being the target of a security breach that puts your customer’s information at risk. Rarely a week goes by without another high-profile incident of hacking; compromised customer information costs big businesses millions and could certainly spell doom for a small one.

There are a lot of important policy decisions that go a long way towards limiting your business’ exposure to security breaches:

  • Physical security: Limit access to the places where your information is stored and used –  your office, warehouse, outsourced facilities, and even employee’s homes if they must keep business information there (they shouldn’t). Keep track of visitors and vendors who come on-site.
  • Make sure the minimum number of people necessary to do the work have access to business information. This covers both physical aspects and things like shared file and data resources.
  • Good password practices: passwords are always the last line of defense so make sure they are not guessable, and are changed regularly. When someone leaves your employ, make sure passwords get changed as a matter of course immediately.

These are just a few of the ideas that are crucial to the physical and social-engineering aspects of security. On the technology side, a well-designed strategy for protecting against attacks is just as important. This side of the equation also protects your business against lost productivity caused by annoying malware infections.

trendmicrologoFor ‘endpoint security’ (today’s industry buzzword) I recommend and use Trend Micro products. Trend has excellent offerings sized from one or two office PCs and a smartphone, all the way to a multi-national enterprise with hundreds of locations and thousands of employees.

For my customers, Worry-Free Business Security is the right fit. It has a good balance of cloud-based and on-premises resources for good performance and great protection against viruses, trojans spam and malicious websites. It supports Windows PCs, Macs and both Android and Apple iOS devices.

The best feature of WFBS is its management interface – a simple-to-use web GUI that gives a great view of the security status of all your PCs and devices. The agent deployment process is mostly transparent to end users, and you can easily enforce rules on your network to ensure all devices are protected.

Once configured, updates are deployed automatically and seamlessly. Trend’s Smart Protection Network  collects (anonymous) data about threats around the world from millions of Trend Micro installations and uses the information to deliver detection and removal of new threats more quickly.

If you’re migrating from another anti-malware solution, the agent install process will smoothly remove the existing agent for many popular competing packages. In most cases, employees won’t even know the process is happening (a reboot is usually needed to complete the process, end users are notified to do this at their convenience).

Worry Free Business Security Advanced also includes anti-malware and anti-spam protection for Exchange servers, and inbound email filtering using Hosted Email Security. This is another productivity booster – inbound spam drops dramatically with this product. It also saves resources like bandwidth and Exchange server resources, because spam emails never reach your site. EHS offers a simple web interface so each user can control his or her Approved senders and deliver any legitimate emails that get intercepted (usually a very rare occurrence).

I can also manage and monitor your WFBS system remotely, and provide support when malware is detected.

Ready to get started? Contact me today!

Microsoft Exchange Server 2013

Posted on by Jay Carter

Microsoft Exchange Server: Business email without the technology hassle.

Microsoft Exchange is leader for business collaboration, and the 2013 version is making great strides to support the new ways people interact.

Some of the new features:

  • Smart Search learns from a user’s work habits to optimize search results
  • Contacts from multiple sources can be merged to provide a unified view of each business contact
  • Enhanced message archiving and search capabilities that include other resources in your organization (not just mail, contacts and appointments on the Exchange server)
  • Outlook Web App is more sophisticated than ever – view merged calendars, link multiple contact sources such as Linkedin. The look and feel is designed to work better on tablets and mobile devices
  • OWA for devices is available for iPhone and iPad
  • Very flexible options for hybrid deployments using an Exchange server on the LAN in concert with Exchange online

For smaller businesses, Microsoft is abandoning the small business product which included and Exchange server. The offering for this market is a combination of Windows Server Essentials for local LAN file and print services and Active Directory, along with Exchange Online hosted service or Office 365. The hosted services run on the same server software and provide the same features.

These services are right for very small organizations and widely-distributed, highly mobile workgroups. I do have concerns with aggregating mail for thousands of companies into a large high-profile target for hackers. There are other hosted options (smaller hacker targets) besides Microsoft’s offering, and for some situations an in-house server still makes good sense.

Windows XP: Going but not forgotten

Posted on by Jay Carter
Windows XP: The (mostly) reliable old dump truck among operating systems.

Windows XP: The (mostly) reliable old dump truck among operating systems. Photo by Darron Birgenheier

The venerable Windows XP operating system entered immortality (so far as an OS can I suppose) on April 8, 2014.

This is Microsoft’s End-of-support date, meaning it will no longer fix issues found in Windows XP after this date. Microsoft always provides a good long tail for operating systems – 12 years in this case.

Now brace yourself: Extended support for Windows Vista ends on 4/11/2017 (the horror!).

Vista seems to be virtually nonexistent in the SMB space, so there’s not much worry about that one. Windows XP is far more common in the workplaces I visit, for good reason: it is generally very stable (especially with all its updates applied) and its performance is generally acceptable on the older hardware still in use. This is especially true in lab and industrial environments where the PC may have a single (albeit important) function. These of systems are often difficult to upgrade because of the required downtime and because expensive proprietary or custom-developed software would need to be upgraded at the same time.

So what to do about Windows XP?

In the office environment: It is really high time to be off XP and onto (at least) Windows 7 for this kind of system. Office workers constantly use the ‘net and so the threat from malware is just too great to continue using an outdated OS. The cost and complexity of an upgrade (either with an OS upgrade or a new PC) is minimal.

In lab, production and manufacturing environments: There is certainly risk here too, and a plan for upgrades and possibly special security measures is indicated. I know of one large organization which banned XP machines from their LANs in all locations as of the end-of-support date. I think this is too drastic for most companies, but if you can operate with your XP systems off the net or isolated from the public internet, do it. (This may have a side benefit of keeping operators focused on work instead of Facebook!)

It’s important to get all of the XP machines updated to the final set of updates. The best way to do this is by using Windows Update for home and very small offices, or a Windows Server Update Services server for larger groups.

For situations where Windows XP needs to be re-installed (such as a hard drive failure in one of those critical lab PCs) I maintain a bootable USB drive with all  XP updates integrated.  The unofficial SP4 for XP created by harkaz provides a convenient way to do this and is available at ryanvm.net . You can also install this package directly onto an existing Windows XP installation.

When you need help planning your Windows 8.1 rollout contact me.

If you need support for your well-loved XP systems, contact me (no teasing I promise!).

Virtualization: Less is More

Posted on by Jay Carter

With the impending end of support for Microsoft Windows Server 2003, small businesses need to decide how to upgrade their IT infrastructure. Windows Server 2003 has been a great stable platform for file- and print- sharing on the LAN, as well as enterprise systems for accounting and resource planning. If you have systems running on Server 2003, they are likely also running on aging hardware.

Modern server hardware combined with a hypervisor allows for one physical machine to host many virtual machines. Each virtual machine runs its own operating system, and has its own allocation of CPU resources, memory and disk space. This yields tremendous benefits:

  • Most server workloads never use all the computing horsepower available; virtual machines can utilize an otherwise-idle system, and balance the load amongst many VMs
  • Each VM is isolated from all others, so that a software problem with one system does not affect the others – a big improvement over the older model, where one operating system might have several services running
  • Each VM has its own operating system (and requires its own license) – Windows,  Linux, etc. This can allow you to continue to operate a legacy system along side a new system during a transition period
  • Each VM can be re-configured as needed (often without a service interruption). Setting up a new software service or testing a new product can be done in minutes
  • Fewer physical machines generally means lower cost for hardware, maintenance, power and cooling, as well as a more compact data center (or server closet!)

Microsoft, VMWare and several other players in the virtualization game offer free hypervisor packages which make it easy to experiment with VMs and get a feel for how they can benefit your company’s infrastructure.

VMWare’s vSphere Hypervisor provides is my preferred virtual server, assuming that your hardware can support it (plenty of recent server hardware is fine, but it’s important to check the hardware compatibility guide first) . The management tools available are easy to use and provide everythign applicable to a single-server installation. The licensed versions add features that are important for two or more servers (For production use in a small business the VMWare vSphere Essentials Kit is ideal; the license starts at $560US).

Microsoft offers Hyper-V Server 2012 . Hyper-V has the benefit of being a Windows operating system ‘under the hood’ so hardware and drivers availability means it can work on a wider variety of server hardware. On the server itself, there is only a basic command line interface – most management is done remotely from a Windows PC with management tools installed. The virtual capabilities of this free package are identical to those provided in Window Server 2012, but in the licensed version you have the option of a full Windows desktop with management tools. An interesting side benefit for Microsoft Server 2012: each license purchased grants two server ‘instances’, one of which can be a physical machine. So, for example, with two Server 2012 licenses you could run a physical server with the Hyper-V role, plus three more virtual Server 2012 machines.

Adding the ‘virtual’ layer on top of the physical one may seem to be just an added layer of complexity at first, but the flexibility you gain really does make life simpler in the long run.

I can help you decide if your organization is ready to be virtual – contact me today!

 

Microsoft Windows Server

Posted on by Jay Carter

I think of Windows Server as the cornerstone of a business network. Many business-critical software systems Accounting , ERP and database systems rely on a Windows operating system. But a well-designed business network needs more:

  • Authentication: A Windows Active Directory domain provides a single source of authentication for users. One user ID and password can control access to all resources on the network. The administrator has complete control to enforce security permissions, create, disable and delete users, reset passwords, etc.
  • Group Policy enforcement: ensure a consistent configuration of desktop PCs, control what settings users can change (and give different groups of users different sets of capabilities), limit what software can be installed to control licensing and unauthorized software use.
  • Flexible shared folder storage: impose storage usage quotas, enforce proper permissions to shared folders, replicate shared folders to servers in different locations.
  • Print Management: network printing is a snap when the Windows Server print queue can deliver the proper drivers to every PC with just a couple of mouse clicks. Control who can use each printer, even submit large print jobs for printing during off-peak hours.

I can help you solve issues with your existing Windows Server 2003,  2008 or Small Business Server, upgrade to Server 2012 and get the maximum value from from your Microsoft Windows investment. Get in touch today!