Blog

June 24th, 2015

By: Dan Bremner

Windows 10 is coming!

You may have seen some of the press, or even a “Windows 10 is coming” notification on your desktop along with an offer to “reserve your upgrade”. By the way, if you’re only half-paying attention don’t worry, you didn’t miss Windows 9. Microsoft decided to skip a version and go right from Windows 8 (and 8.1) to Windows 10.

Of course, as your IT company, we’re working with the new release so we can give you inside scoop, and be ready to support you, our customers, when you’re ready to move. All of our desktops internally are running Windows 10 Preview, and I’ll have some information in the next newsletter on what’s new and changed in Windows 10, and what to expect.

For this installment, I want to focus on a few things you should know about the rollout of Windows 10, because it’s much different than previous Windows releases. If you’re a Castema Managed IT customer, please be sure to read the recommendations at the bottom.

  • It’s Free. For all customers with Genuine installations of Windows 7, 8, or 8.1, you can upgrade for free, as long as your system meets the minimum specs. Apple started doing this a few releases ago, and Microsoft is following suit. This free upgrade is good for a year after the release date, so until July 29, 2016.
  • It’s coming through Windows Update. Previous versions of Windows have come via a CD/DVD, a separate download, or a Microsoft Store App. While those options may be available for Windows 10 also, the upgrade that was just announced is being delivered through the Windows Update mechanism. Make no mistake, though, this is still a new Operating System, and not an “update”. The installation may take an hour or so, and may require installing drivers and setting up new system preferences after it’s complete.
  • Microsoft is taking “reservations”. What does that mean? If you click the Windows notification (if you have one) in your taskbar and reserve your copy, your system will be examined to ensure it meets the specs, and then once the release date arrives, your computer will download the installation files for the new OS in the background. What happens after that isn’t specified in detail, but presumably you will be prompted to install it.
  • It’s NOT Mandatory. Being techies at heart, we are generally in favor of new stuff, especially when it improves over the old stuff. But this is your business we’re talking about, so we certainly advise a controlled rollout, and not an “every man for himself” approach to new technology. Which leads to…

Our Recommendation to our Customers

The number one recommendation is don’t click on the update on July 29th and do this yourself without first coordinating with us. Having us involved can help steer clear of “gotchas” and make sure things run smoothly – exactly why you hired us in the first place. We’ll be doing plenty of testing over the next weeks leading up to the launch, and we’ll have some best practices defined for our Windows 10 rollouts. If you already clicked on “Reserve My Copy,” don’t worry, we’ve got you. Downloading files in the background won’t do anything until you OK the prompt to install. Or you can cancel your reservation easily.

Some of you may prefer to hold off on Windows 10 until your next PC refresh, just as many have done in the past, and that’s perfectly fine. Others may want to take advantage of the newest release, and the fact that it’s being offered for free, and we’ll work with you to roll it out smoothly, if that’s you. In the meantime, you don’t need to do anything, and we encourage you ignore the prompt about reserving your copy.

We expect Microsoft to release more details and tools soon for IT departments to help the companies they serve, to ensure consistency. In the meantime, as your IT department, rest assured that we’re on top of the Windows 10 news, and as always, you can come to us with any questions about what’s the best approach for your company.

Topic Articles
May 1st, 2015

By: Dan Bremner

This month’s article highlights another under-appreciated, but very useful technology that’s built into Microsoft’s Windows Server products. (In case you missed it, here’s last month’s post on Active Directory.) Remote Desktop Gateway is a service that enables people to securely log into their company’s Windows computers from any Internet-connected device that’s running a Remote Desktop client app. That can be a Windows PC, a Mac, a tablet, or even a smartphone. Yes, you could log into your desktop PC from your iPhone and run Quickbooks, though I’m not sure I’d recommend it for very long.

Many people are familiar with remote control solutions like LogMeIn, GoToMyPC, pcAnywhere, and so on. Microsoft has had its Remote Desktop (originally called Terminal Services) software for years, but using Microsoft’s solution to connect from outside the office meant using a VPN, or opening holes in the firewall, both of which carried potential risks, and added complexity. When Remote Desktop Gateway was introduced with Windows Server 2008, it promised to simplify and secure the process.

Here are 5 reasons to consider Remote Desktop Gateway if your company is looking for remote-access solutions for your employees.

  1. Connections are Secure. By using SSL Certificates (the same technology that secures your communication to online banking and ecommerce sites), and requiring only a single firewall opening, the remote connection is kept safe from eavesdropping and hacking attempts.
  2. No VPN Required. Any device with an RD client can connect directly over the Internet without opening any unnecessary tunnels between your corporate network and an employee’s home computer. This can save money on VPN solutions, keep things simpler for users, and limit your exposure to possible malware introduced by a non-secured home computer.
  3. One Connection, Many Options. You may have a Remote Desktop Server that many people can log into concurrently, or you may allow employees to connect remotely to their PCs at their desks. In either case, the same connection to the Remote Desktop Gateway acts as a bridge to the company computer that the employee is connecting to. There’s no need to worry about IP addresses, or DNS servers, or any of a number of other requirements that would be true of a VPN solution without RD Gateway. All that needs to be entered into the client connection is the name of the PC to connect to.
  4. Remote Desktop Gateway is Part of Windows Server. If you have Windows Server, you have Remote Desktop Gateway, and may need only to add an SSL certificate to get things configured.
  5. No Third-Party Sites. With many remote-access solutions, both the remote controlling device and the remotely controlled computer have to make a connection to a server operated by the remote-control service in order to make the connection. With RD Gateway, the connection is made directly to your company network with no intermediary required.

When it was first introduced, many of the RD Clients for non-Windows platforms didn’t have support for Remote Desktop Gateway. However, that’s no longer the case, as Microsoft has released clients for Mac, iOS, and Android in addition to Windows and Windows Phone, all of which support RD Gateway.

If you’d like to learn more about using this feature in your company’s remote access solution, just ask us!

Topic Articles
April 1st, 2015

active_directoryBy: Dan Bremner

I had a conversation with a client recently about Active Directory, and why it was a good idea, even for very small businesses. Like many business owners, my client had heard of Active Directory, but wasn’t really sure what it is.

Without getting into too much technical detail, Active Directory is a basically a list of the computers and people in an organization that all the computers share. It means each computer doesn’t need its own list, because they delegate the responsibility for authenticating users and setting permissions to a central location. In simple terms, it means that we can enter a user account once, and all the computers on the network know about that user, and know what things that user is and isn’t allowed to do. Without it, we would have to create that user account on every computer in the network.

Active Directory certainly isn’t a new technology, having been introduced by Microsoft in Windows 2000 (and built on LDAP and other technologies that are even older). However, if you don’t live and breathe technology every day, you may not realize all the good stuff that comes from having Active Directory as the framework for your computer network.

I’ve been asked, “When is a business large enough that they should use Active Directory?” With the ascendance of “the cloud” in recent years, there is also a school of thought that servers in the traditional sense aren’t needed anymore. I would answer that the foundation of Active Directory is still important for any business, and an inexpensive server like Windows Server Essentials is often the most cost-effective way to do it for the smallest businesses. (Although there are cloud options, too, including Microsoft’s Azure Active Directory.)

I’m going to turn that question around and say, “When is a business too small to use Active Directory?” My answer would be that a business with only a single owner/employee who does everything, and who doesn’t plan to hire anyone else, probably doesn’t need it. For just about everyone else, AD has benefits that make it worth considering. It’s part of the foundation that lets you build a scalable business.

Here are a few of the benefits of Active Directory for small businesses:

  • Single sign-on. Log into your computer and have access to all the resources you need on the network.
  • Permission schemes using Security Groups so things don’t have to be re-engineered when you add or remove employees.
  • Group Policy is an extremely powerful tool that can set standards for security, permissions, passwords, standardize appearance, install software, and connect to printers, all based on Active Directory attributes.
  • End-user PCs can be logged on by any user, which makes replacing, or restoring PCs take much less time, and enables employees to use another computer in a pinch.
  • For compliance with standards such as PCI-DSS and HIPAA, Active Directory makes it possible to ensure that required policies are enforced across the network.
  • Security auditing, if needed, is far easier with centralized authentication.
  • If someone leaves, or changes roles, there is one place to change their security settings, and it takes effect on all computers.

Active Directory may not be sexy technology, but it’s a solid tool for businesses that are serious about growing and scaling their operations.

Topic Articles
December 21st, 2014

BCP_Jan20_CBy: Dan Bremner

“Worst Case Scenario” thinking can help your business be prepared. No one likes to think about it, but what would you do if your office burned down, or flooded, or if thieves walked off with everything in your server closet? More to the point, would your business be able to survive?

Insurance is great, and hopefully you have good coverage that will get you a check right away to replace what was lost. (You do, right?) But while it’s easy to buy new equipment and furniture, there’s no store in the world you can go into and buy back the business information that was on those servers.

From an Information Technology perspective, the top priority for any Disaster Recovery (DR) plan is to ensure that critical business information is protected. Right below that on the list is ensuring that the business data you’ve protected, and the systems required to make use of that data, are available for use by the people who will be carrying on the critical functions of the business.

There is a lot that goes into a Disaster Recovery/Business Continuity plan, including threat analysis, Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO), as well as succession planning (having people that can step in if key employees are unavailable). It’s beyond the scope of this article to go in depth into DR/BC planning. However, I want to highlight a few technologies and practices that help make DR more affordable for smaller organizations.

  • Cloud-based data backup. For many customers, we have deployed a cloud backup solution that copies your server’s data files to a cloud server, and continuously sends updates as files are changes, while also maintaining older versions of the changed files. We have been advocating a combination of on-premise backup and in-the-cloud backup for a while now, as both have their advantages. For DR purposes, an event that takes out your office is unlikely to affect a remote data center, so cloud backup is an excellent fail-safe for your data.
  • Virtualization and Replication. This topic could be the subject of its own article (in fact, it was a few months back). Replicating a virtual server means that an exact copy of your server is being sent, in near real time, to another location, where it can be quickly placed into service if your primary server goes down. While other vendors have had replication options for virtual machines, Microsoft, with Hyper-V, has made replication an included feature, and has made it much more affordable to replicate servers to a secondary location. Just this month, they went one step further and enabled Hyper-V replication and recovery to their Azure cloud service (http://azure.microsoft.com/en-us/services/site-recovery). Now a business that wants to replicate a few servers doesn’t have to buy additional hardware or software, or pay for colocation of hardware in a remote data center. Of course there is an ongoing cost, but no up-front purchase is required.
  • Data center colocation. An increasing number of companies are moving their servers out of their offices and into a secure data center. This can increase security, and reduce operating costs such as cooling and power, as well as real estate requirements in the office. From a DR perspective, servers in a data center are more physically secure from theft, fire, flood, and they are usually protected from power and Internet outages by multiple levels of redundancy.
  • Cloud services. It bears mentioning that fires, floods, or equipment theft in your office won’t affect things like Office 365, Google Apps, Salesforce, or Quickbooks Online. As long as you can connect to the Internet, you can still use those platforms, so if you use a cloud service for email, your email will continue to function even if your office location is offline. That’s not the only reason to move to cloud applications, but it is one benefit.

While no one ever wants the worst to happen, and no one thinks it will happen to them, going through some “what if” thinking and planning for it can make the difference between business survival and business failure. Each company is unique when it comes to what systems or data are most important. What is indispensable to one company, another may be able to survive without for days or weeks. When it comes to the IT portion of your plan, we can help you navigate the many options and together create a plan that is suited for the unique requirements of your business.

Topic Articles
October 15th, 2014

By: Dan Bremner

 

Is your smartphone bigger than your last one? Chances are pretty good the phone you have now, or the one you’re going to get next, has a larger screen than the previous one.131404860

I’ve been using an iPhone 6 Plus for a week or so now, and figured it was time to share some impressions of it. I’ve been comfortably in the Apple ecosystem for years, so I know I’m late to join the owners’ club of “comically large phones” (Or “phablets” if you prefer that term. Personally, I prefer “comically large phones”.) compared with some of my colleagues with Windows or Android phones.

Judging by the record-setting pre-sales figures for the new Apple iPhone 6 and 6 Plus—not to mention the Samsung Galaxy line and offerings from HTC and Nokia, among others—there is plenty of consumer demand for big-screen phones. This appears to be a trend that is here to stay, despite Steve Jobs’s famous, “no one’s going to buy that” quote. Consumers clearly prefer larger screens, and the phone makers have responded by super-sizing their new phones pretty continuously over the past 6 or 7 years, as this chart highlights.

smartphonescreensizeovertime

Source: http://www.pcworld.com/article/2455169/why-smartphone-screens-are-getting-bigger-specs-reveal-a-surprising-story.html

My impressions after a week or so of use are generally favorable. Here’s a breakdown of the good and the not-so-good.

Plus:

  • The screen is fantastic. Beautiful, crisp, and far better for reading, web surfing, and just about everything else. Also, showing a photo or video to someone, or to a group, just feels better than crowding around a tiny screen.
  • The camera takes great photos. I can’t say I’ve used the motion stabilizers yet, but I’m looking forward to putting that to the test.
  • Battery life is better than I’ve experienced on any previous iPhone.
  • I love the predictive typing feature. I know this is an iOS 8 feature, not unique to the new phones, but it’s a big time saver.

Minus:

  • Holding and using one-handed. For me, the phone is right at the edge of being “too big.” That’s a very personal preference, and I’m told by others who have had larger phones for longer, that this will subside. In a few weeks, they say, it will no longer seem that way. I’ll see about that. Realistically, it’s usable one-handed, but a little awkward at times. The “reachability” double-tap helps but isn’t seamless. That said, I seem to use two hands a lot anyway.
  • Carrying the phone. For me it’s not too bad, though when I sit down the phone with it in my pocket, the phone does make its presence felt. I’ve always kept my phone in a front pocket, and for the most part, all my pockets accommodate this phone reasonably well, though not as discreetly as with a smaller phone.
  • The interface to my car is problematic when I want to play music in the car. I’m pretty sure this is an iOS 8 bug too, because my iPhone 5S had the same issues after I upgraded it. I suspect Apple will have some fixes coming soon, which I hope will take care of this.

Time will tell if the minuses become non-issues. Meanwhile, even after only a week, an iPhone 5S now feels small to me. My teenage daughters give this phone a big thumbs-down, though. Their hands are smaller, their pockets (if any) are smaller, and the back-pocket method they prefer would not work well with this phone.

For a lot of people, the 4.7″ screen of the iPhone 6 will be a better fit than the 5.5″ iPhone 6 Plus. But as we all get more accustomed to using our phones for things we used to do on our computers, the extra screen real-estate is welcome, and that’s a good thing. Because it seems there will be no going back to the old 3.5″ screen of the 2007 phones.

Topic Articles
July 14th, 2014

480365773By: Dan Bremner

Email security is on my mind today for a couple of reasons.

With my oldest daughter off to Marquette University in the fall, the “college fund” my wife and I have been saving into for years is no longer a deposit-only thing – we need to start tapping into it to pay tuition bills. So I’ve had to exchange some documents (via secure email) with my financial advisor to get accounts linked so we can transfer funds and make those tuition payments.

At the same time, as some of you know, we’re in the process of rolling out a new email security platform to our Managed IT customers. While “email security” in this sense refers to spam and malware filtering, the “secure email” I want to talk about is email encryption, a newly available option with this platform. It lets us exchange information via email while keeping prying eyes from intercepting and reading the contents. Like those documents from my financial advisor that have my bank account information in them.

But I’ve Always Heard Email Is Insecure?

Isn’t email inherently insecure? Well, yes, it is. Standards for email delivery don’t require encryption, which means that as your message passes from one mail server to another on the way to your intended recipient, there’s a good chance it’s being passed around and stored in plain text. It also may end up in many different places, not all of them secure, such as a smartphone, iPad, or home PC.

Bottom line: Email is insecure today, just as it always has been. This is why we avoid sending important login credentials, or anything else important like credit card numbers through email.

So How Do We Make Email Secure?

Over the years, many “email encryption” solutions have been introduced, incorporating technologies like S/MIME and PGP. Ease of use has been the biggest barrier to mass adoption. Not only were they cumbersome to use, but because you couldn’t assume a recipient was even able to receive an encrypted message, these solutions never really took off in widespread use.

More recent solutions have emerged to simplify the process, and to comply with data security legislation, such as HIPAA, PCI-DSS, Sarbanes-Oxley, and the EU Data Protection Directive. To do so, they have approached the problem from a different angle. Essentially, since email is insecure, they take the sensitive data out of the email message. More on that in a moment.

It’s worth noting that these newer solutions have different goals than previous “end-to-end” email encryption solutions. Whereas those solutions aimed to ensure only the individual sender and receiver could read the message, these solutions are more concerned with making sure the message remains under the control of your company (or designated service provider acting on behalf of the company), with access granted only to authorized viewers, because that’s the key to being compliant. If you think about how such information is handled in the non-computer world, this makes sense. Your medical information is not just given to your doctor, but also the nurses and other medical personnel who need access to it, just as multiple people at your bank have access to your bank account number and can look up your balance.

Email as a Notification Tool

These newer encryption solutions take advantage of several realities.
1. Email is great for notifying people when they have a message.
2. Everyone already knows how to use email.
3. Interacting with secure web pages, whether for e-commerce or online banking, is both simple and familiar for most users.

With our newly available encryption platform, when you have a secure message to send, the outbound mail server detects if the message needs to be encrypted based on rules set up by your company. You could have a trigger like [secure] in the subject line that automatically creates a secure message, or it could scan the email content for something that looks like a SSN, or credit card number, and auto-create a secure message.

Rather than sending the message along, the message content is removed and stored it in a secure web-based messaging system. An email is sent to the recipient saying, “You have a secure message,” with a link to the secure web-based system. The recipient clicks on the link and creates an account (no cost). After logging in, they can read the message and any attachments. Subsequent messages to the same recipient will use that same account.

For many organizations that need to communicate sensitive data while remaining compliant with data privacy laws, a secure email solution could be just what the doctor ordered. Or banker, or lawyer…

Topic Articles
May 27th, 2014

178495138By: Dan Bremner

Software vendors are increasingly using a combination of carrot and stick to induce customers to sign up for their subscription-based software licensing. The “carrots” tend to be extra features or permitted uses, while the stick may be higher prices for traditional perpetual licenses, or discontinuing the perpetual license (almost) entirely, as Adobe has recently announced.

While some vendors consider subscriptions part of their “cloud” offering (e.g. Microsoft Office 365 ProPlus, Adobe Creative Cloud), in most cases the software itself is still installed locally. Notwithstanding the cloud features that may come along with it, the question still comes up, “Should I buy or subscribe to software?”

Since the answer to this question is inevitably, “it depends,” it may be helpful to list some pros and cons of software subscriptions in general, and some things to be aware of in specific cases, namely Adobe Creative Cloud and Microsoft Office 365 ProPlus.

First the positives:

  • With a pay-as-you-go subscription, you don’t have a large up-front purchase, and can make your software an operating expense rather than a capital expense.
  • You always have access to the latest version.
  • Software companies like the predictable, consistent revenue stream.
  • In theory, the developers can focus on incremental upgrades that users have requested rather than having marketing drive new features based on shiny new bells and whistles they think will drive upgrade purchases.
  • Customers have access to vendor support without separate maintenance fees.
  • For customers who would normally upgrade to new versions regularly and/or purchase software assurance, the costs of subscribing will often be lower, and come with additional benefits.

Now some drawbacks:

  • If you upgrade infrequently, or skip a few versions between upgrades, you may pay more by subscribing.
  • If you prefer to stay on older versions of software, a subscription may not give you that option.
  • If the vendor discontinues a product, or stops offering the service, you may lose the right to use it, which would not be the case if you bought a license.
  • If they raise subscription prices, you have to pay a higher price for the subscription, or find an alternative product. If there is a strong competitive marketplace for similar products, it should help keep pricing in line. If the vendor feels they have a virtual monopoly (or high cost of switching products) it may make this a more likely scenario.

It looks like this model is being adopted by more and more software vendors. Adobe has been among the most aggressive, announcing that they will no longer sell new versions of their Creative Suite products (which include such stalwarts as Photoshop, Illustrator, Premiere, etc.), as perpetual licenses. The CS6 versions will be the last available for purchase. Further, they have recently announced that they will stop selling the CS6 bundles; only CS6 individual products will be available for sale. All new features and future upgrades will only be available to subscribers to Creative Cloud.

Both Adobe and Microsoft include additional features such as simplified cloud download and installation, cloud storage, and the ability to install the products on multiple computers for the same user. With Microsoft, the license extends to 5 devices for each user, including a home PC or Mac, even if your company is paying for the subscription. Both companies also offer the entire suite of products to subscribers, which is great if you need or can use those products, but not all that relevant if you don’t.

Whether you prefer to buy or rent/subscribe, there are options out there for you, but more and more customers are finding the pay-as-you-go model to be a compelling and attractive option. As always, we consider our role as a technical and business advisor to be one of our most important contributions to our customers’ operations, and that includes helping to analyze how best to procure the software licenses you need. We include that advice and analysis at no extra cost to our Managed IT customers.

Please contact us if you have questions about software subscriptions, or anything else technology related. And if you’re not currently a Managed IT customer, feel free to contact us about that, too!

Topic Articles
April 17th, 2014

By: Dan Bremner

You’ve likely seen media coverage of the recent “Heartbleed” security issue. We have received a lot of questions about it, so I figured a brief FAQ might be helpful.

Q. This looks too long and I don’t have time to read it. Should I change all my passwords?

A. Yes, that is a good idea. This is especially important for websites that have credit card or banking information, or places where you’ve re-used the same password on multiple sites. Your Windows/Domain password is less likely to have been compromised, but it still wouldn’t hurt to change it, especially if it’s the same as a password you’ve used elsewhere.

Q. What is this “Heartbleed” flaw?

A. Most websites that deal with sensitive information (i.e. e-commerce, online banking, etc.) protect that information from unauthorized access using SSL (secure socket layer) encryption between your browser and the web server. OpenSSL is one widely-used implementation of SSL that is used by many websites. Specific versions of OpenSSL were discovered to have a flaw that could permit an attacker to see some of the encrypted data in an unencrypted form.

Q. Who or what is vulnerable?

A. Not all websites that use SSL are using OpenSSL. OpenSSL is just one programming library that exists to implement the SSL protocol. However, OpenSSL is widely used, with some estimates putting it at over 60% of all SSL-enabled websites. Notably, Microsoft’s IIS servers do not use OpenSSL, so Outlook Web Access, Remote Desktop Gateway, and Office 365 connections were not at risk. Not only websites, but also any apps that communicated via SSL to a vulnerable server could have been compromised.

Q. What’s the problem with using the same password on multiple sites?

A. If one site is vulnerable to this security hole, and your email address and password are obtained by an attacker, they can go try that email/password combination on other sites. Password-guessing programs are pretty sophisticated now, so chances are good that they’ll try variations on that combination also.

Q. Why am I reading advice to change ALL my passwords?

A. This flaw existed for 2 years or so before it was detected and fixed. It’s possible that attackers could have discovered and exploited it at any time during those 2 years. It’s hard to tell if a site had the vulnerability at any time during the last 2 years – all we can look at is whether it’s vulnerable now. Changing passwords periodically is good security practice anyway, and better safe than sorry is the thinking behind that advice.

Q. I have dozens or hundreds of passwords on various websites and online apps. How can I possibly keep them straight if I’m not supposed to re-use the same password, or variations of it?

A. That’s a good question, and it highlights the inherent weakness of password-based security. One solution is to use a password manager, such as LastPass, KeePass, or 1Password, and let those programs suggest and maintain complex, random passwords for your online accounts.

Q. Where can I go for more information?

A. Mashable has a list of affected sites and recommendations for which passwords to change.

LifeHacker has a lot of good information, including this guide to what constitutes a “secure” password, and this one about why its best to have a password you can’t remember.

Here is a Heartbleed test that will report back if a site is vulnerable. It is best to wait to change your password until the site has patched OpenSSL, and ideally, has re-keyed its SSL certificate.

Finally, if you want all the geeky details, see http://heartbleed.com for more information.

We have audited sites for our Managed IT clients and notified any we found that had vulnerable code. If you have specific questions about your situation, please feel free to give us a call.

Topic Articles
March 2nd, 2014

Businessman Hand Working With New Modern Computer And Business SBy: Dan Bremner

Virtualization? Isn’t that only for data centers? Not by a long shot…read on.

While virtualization has clear benefits for companies with large server farms and data centers, this is far from the only application of virtualization. Small businesses have a lot to gain from this trend, and the inclusion of Hyper-V and its features as a “built-in” technology in Windows Server makes a compelling case that smaller companies should not ignore the “virtual” revolution in computing. In addition to Microsoft’s Hyper-V, other virtualization products include the market leader, vSphere from VMware, as well as Citrix XenServer, and Oracle’s VirtualBox.

What is Virtualization?

Simply put, virtualization refers to the ability to run multiple instances of operating systems on a single physical computer, with each of those operating systems running as if they were on their own hardware. The hypervisor (running on the “host”) abstracts the hardware and creates a virtual machine (VM), in effect making each VM “think” it is interacting with real memory, CPU, disk storage, and network interfaces, while the hypervisor is actually managing the process of sharing those physical resources among several VMs (“guests”).

Once this concept is grasped, we can think of a server, conceptually, as a self-contained file that can be moved around from one computer to another, and can run on that new computer with no change in function, no new drivers required, etc.

What Can I Do with Virtual Machines?

Why should small businesses care about virtual technology? Here is a short list of ways that we have used virtualization among Castema’s clients in recent deployments.

  1. Consolidate hardware. A customer with two aging servers purchased a new (hardware) server, and we migrated the two physical servers into two virtual machines both running on the new single machine. The new, powerful hardware is more than enough to handle the workload of the two previous servers, and was more economical than purchasing two separate machines.
  2. Get a performance boost. Sometimes an otherwise perfectly functioning server gets to a point where it is exhausting the resources of the hardware, perhaps due to company growth, or new functions being placed upon it. In several cases like this, we have had our client purchase new hardware, while we virtualized the existing server (a process called “physical to virtual” or “P2V” conversion), and moved it to the more powerful hardware as a VM. This is a relatively quick and painless cutover, and allows the new VM to take advantage of the faster CPU, more memory, storage, etc.
  3. Improve Disaster Recovery options. The Hyper-V software included with Windows Server 2012 includes a new feature, VM Replication. Recently, for a customer that wanted to minimize downtime, we set up a physical server with 2 VMs, and configured those VMs to replicate to a second physical server. If the first machine experiences a hardware failure, the replica can be brought online in a matter of minutes and pick up where the original left off. The replica is kept current in near-real time, so if any work is lost at all, it should be only a matter of a few minutes, and will be a much faster and more up-to-date recovery than restoring from last night’s backup. An even more robust DR is possible by replicating those VMs to a server in another location, protecting against an event that might knock out the entire primary location, e.g. fire, flood, power outage, theft, etc.
  4. Run software intended for another platform. If you use Apple Macs, you may have heard of Parallels software, or its competitor, Fusion by VMWare. Both products create a VM running on the Mac hardware and capable of running Windows. We have installed this to enable people who need to run Windows-only programs to use those programs on their Mac.
  5. Run Legacy software. Sometimes an older program needs to be used for business reasons, and there may not be an option to upgrade. If that older program doesn’t run on newer versions of Windows, VMs can be a way around it, as a transitional phase toward a more permanent solution. Much like running Windows on the Mac, you can use a VM to run older versions of Windows within newer versions. (Or run Linux on your Windows desktop, or any number of variations.) In fact, Windows 7 Professional had a feature called “XP Mode” that hid a lot of the details, but behind the scenes was actually running Windows XP in a VM to support older programs.

Virtually every new server deployment (pun intended, sort of) we have done for customers in the past year or more has involved virtualization. If you’re thinking about a new server, chances are good that we’ll bring up virtualization when we discuss the project with you. If you’re not currently a Castema Managed IT client, but you’d like to know more about how we can help improve your technology infrastructure through virtualization and other means, by all means, give me a shout, or send an email to sales@castema.com.

Topic Articles
January 13th, 2014

Windows XP was released October 25, 2001. That’s over 12 years ago, several lifetimes in PC operating system time.

dbxpp1

To put it in perspective, here are a few other events that took place in 2001:

• Apple introduced a new music player product called an iPod.

dbxpp2

• The first Harry Potter film was released.

 dbxpp3

• Michael Jordan came out of retirement to play for the Washington Wizards.

dbxpp5

Since that time, Microsoft has released Windows Vista, Windows 7, Windows 8, and now Windows 8.1. Still, according to recent reports, as much as 30% of online browsing is still being done from Windows XP computers.

dbxpp4

If this includes you…well, let me gently suggest, in no uncertain terms, that it is, most emphatically, time to move on.

As you may know, Microsoft has announced the “End of Life” (EOL) for Windows XP on April 8, less than 3 months from now as I’m writing this. They will no longer issue any updates, fixes, or security patches for XP after that date.

This is a big deal.

If you continue to use Windows XP after April 8, you are inviting malware into your network. Hackers are eagerly waiting for that day to unleash the worst of their exploits. Why? Because if they release them now, there’s a chance Microsoft will fix XP to block the vulnerability they’ve found. If they wait 3 months, the exploit will work forever, at least against XP machines that are still being used. You think the CryptoLocker Virus is bad? (And it is! See my previous blog posts about this.) Just wait until a whole barrage of malware is unleashed on unsuspecting XP users in 3 months.

Between July 2012 and July 2013, Microsoft issued 45 security bulletins (patches) affecting Windows XP. Of those, 30 also affected Windows 7 and Windows 8. If you ponder that for a moment, you’ll realize that not only will there be malware using already-discovered vulnerabilities, but hackers will have another avenue. As security fixes are released for Windows 7 and 8/8.1, those will be analyzed and reverse-engineered to find out what was patched. They will then test the same type of attack against XP to see if it shares the same vulnerability. If so, another exploit is born.

In many cases it will be hard to know if the foundation of the OS has been compromised, and if XP is inside your network, it may well be used as a launchpad for other attacks against your internal network — the ultimate Trojan horse.

Microsoft themselves estimate that if you continue to use XP after the EOL date, you will be 67% more likely to be infected than you are now. That’s not just a scare tactic to get you to upgrade, trust me.

If you were ever thinking of moving to a newer system, now is definitely the time to do it. You had a great run, Windows XP, but much like that first iPod and MJ’s basketball career, it’s time to let it go. Even the kids from Harry Potter have grown up and moved on to new projects.

Topic Articles