Posts filed under 'Security'

Ultimate SBS Configuration List

There is of course, no true one size fits all when it comes to a business server infrastructure.  Besides the typical constraints such as budgets, existing equipment, etc. you also have to contend with items such as legacy applications in the backoffice, multi-office scenarios, and much more.  However we are constantly being asked questions regarding ‘what’s the best…” when it comes to equipment, software, and management tools for deploying Microsoft’s Small Business Server.  To that end we have gathered up our favorites and evaluated discussions on the forums and newsgroups on these various topics  to come up with our Ultimate SBS Configuration List.  This list of hardware and software components is known to work well together since we have deployed it in dozens and dozens of our own client installations and is validated through the hundreds of other deployments by others.


  • ServerDell PowerEdge 2800PowerEdge 2800We really like this product for its solid lineup of internal components, but mainly because it is by far the most flexible server we have ever come across.   With multi-processor options of varying speeds and huge expandability you can configure this server for a small baseline business for less than $1500 all the way up to a mid-size firm fully decked out for over $10k.  From a reliability perspective the thing just runs.  The only server that has ever come close to  having as solid a performance record as these have so far was  the fantastic PowerEdge 2650.   It’s a true monster in size but you can buy this in a minimal configuration today for your nascent business without worrying about having to replace it in a couple of years as it can expand right along with your organization.  If purchasing SBS as a preinstalled OEM package with your server you should know that Dell is doing a much better job these days of insuring that there is adequate space on the system disk.  Most vendors in the past (including Dell) tended to shortchange the system drive when it came to the partition size and really make it a pain to manage.
  • Backup Software: Veritas Backup Exec For SBS. Sure you could use the built in backup tool with Small Business Server if you want…..but I sure wouldn’t.  This robust suite features backup, restore, disaster recovery, single
    drive library support, Exchange Server, SQL Server, and SharePoint
    Services protection and recovery. A select family of powerful agents
    and options deliver robust storage management tools to meet diverse
    application needs for growing and upgrading storage management
    capabilities. Now includes continuous disk-based data protection
    helping eliminate backup windows, improve reliability, and deliver the
    first web-based file retrieval functionality.  In addition, the Desktop and Laptop Option (DLO) has turned out to be one of the best benefits of this package when it comes to backing up your individual company computers.  Note that it now comes in two flavors, one for Standard Edition and one for Premium.  The only real difference is that the one for Premium edition comes with the SQL Server backup option, so please order accordingly.
  • E-mail Tools/Management: GFI MailEssentials It seems odd to me that one of the tools that we now consider indispensable with any SBS installation is for functionality that you typically don’t think of when putting together your initial procurement list.  But without question this is the one product that we simply insist on.  Its main function is that of an anti-spam product for MS Exchange, but in addition it also adds functionality such as disclaimers for your e-mail messages, simple email list management, a more advanced POP-To-Exchange tool, etc.  We could easily write an entire article on why doing anti-spam at the server level is so much better, and so much more important, than doing it at the email client level but this is one of those items that we just say “Trust Us”.  Buy it.  We have never had anyone complain about that decision.  Besides, it’s cheaper than buying anti-spam software for each computer in your company anyway.
  • AntiVirus (Server/Clients)Sophos Anti-Virus SBE . This is by far the most contentious, most difficult question to answer…and probably the most asked.  The truth of the matter is that we like the Sophos solution mainly because the procurement, deployment, and management can be done across both servers, desktops, and laptops all within a single product and a minimum of fuss.  In addition we are not fans of “all inclusive” products that rollup Sophosfirewall, spam, anti-virus, etc all into a single product within a corporate environment.  That narrows the field pretty massively with just those two requirements.  So, in our Ultimate Configuration this product makes the most sense.  But we also like Kaspersky, and NOD32 products with their lightweight footprints and high detection rates.  Management and deployment however will take up a lot more of your time to get everything configured correctly.  Regardless of which product you use in this category, please insure that any anti-virus product running on the SBS server has all of the exclusions necessary or else you could find yourself in a heap of trouble.
  • Backup Mechanism: Computer Data BackupWe have recently become huge fans of disaster proof hard drive systems.  In fact, we are working with a manufacturer as we speak to develop one built specifically for SBS installations.  In a nutshell, these are external hard drives encased in waterproof, fireproof enclosures.  Typically these are USB and/or firewire and sometimes a NAS configuration, however we will be offering SCSI and eSATA options on our own units.  Why is this such a big deal?  In small business environments using a tape drive rotation usually means that you have a policy but it’s often forgotten, tapes gets overwritten, etc.  And when you want to restore data you never seem to be able to actually put your hands on the tape you need.  Don’t get us wrong, we aren’t anti-tape, we order an inexpensive internal tape drive with every server we buy.  We just don’t like depending on human intervention in mission critical processes if they aren’t going to work.  And as hard drive prices have decreased, and storage usage increased, the cost of tape drives and media capable of backing up all of that data is still very costly.  We figured why not just use inexpensive disk-to-disk backup processes.  It’s faster, it’s automated, and no tapes to remember and catalog.  That’s great except for one thing….what if the building burns down, what about a flood, etc.  Enter the disaster ready drive.  Solves all of those issues.  We’ve never looked back.  We still use the inexpensive internal tape drive for periodic “archives”, but that’s it.

Future Items To Be Added (Additional)

  • Remote Control
  • Exchange Anti-Virus
  • 3rd Party Firewall
  • Router
  • Wireless
  • Desktop Software Config
  • Laser Printer
  • MultiFunction Printer

Add comment July 1st, 2006

Fighting Microsoft’s Piracy Check?

Fighting Microsoft’s piracy check | CNET News.com

Given my strong stance on privacy issues some of you may find my opinion on this topic of piracy surprising. The main gist of the article is:

Counterfeiters aren’t Microsoft’s only opponents in its effort to combat piracy: Some of its customers are against it, too.

The company is forging ahead with a program, Windows Genuine Advantage, tied to its free software downloads and updates, that checks whether the Windows installation on a PC is pirated. But some people, including some who say they own a legitimately acquired copy of Windows, have challenged the need for such validation.”


But I have to say that in general I don’t have an issue with Microsofts anti-piracy efforts, including the WGA program. My only gripe to date has been that in the event of migrating to a new machine you may find that you have to reactivate your software, and in many cases do so manually via a phone call. Hopefully they will iron that out.

The article discusses how the general user populace is joining the software piracy mentality when it comes to Microsoft due to its tactics. I mean, c’mon! As paranoid as I am about privacy concerns, I can find absolutely nothing that looks as if Microsoft is purposefully using piracy concerns as a means to surreptitiously try and glean private information from you. In my opinion the internet community, particularly the tech geeks, have gone overboard these days in implying that any software developer whose software communicates back to them is involved in subterfuge. 9 times out of 10 the developer is trying to add a useful feature for the user but invariably will get taken to task for it. In regards to Microsoft, and the WGA program explicitly, yes it’s true that they released a ‘critical’ update that will enforce the WGA program. The argument being made is that this ‘critical’ update was only critical to Microsoft and not their users, and since it tries to insure that the software in question isn’t pirated then it is an attempt by Microsoft to spy on you. To me this just begs the question, why do you care? The only thing the software can do is tell if your copy of the software is real or not…and even then it doesn’t report back to Microsoft and say “go arrest this guy at 123 anywhere blvd because he has a pirated copy”. As far as I can see the only way this software would effect you is if you had a pirated copy in the first place. Now don’t get me wrong, I am an absolute glutton when it comes to downloading and trying out
software, and if I can’t find a fully functioning trial then I’m the
first in line to download it. Whatever the legality of that download might be. The difference is that if I end up
actually keeping a piece of software then I buy it. But in the case of Microsoft, here is a company that provides fully functional trial downloads, usually for up to 3 months, of its most popular (and quite expensive) software. In addition they keep releasing new add on products, for free, that a lot of people want. Now however Microsoft is saying you can have all you want, still for free, but for gods sake don’t pirate our software and then expect us to also keep sending you updates and downloads for it!

OK, I think you get my opinion on the matter. It does bring up a good topic of trial software, piracy in general, and its effect on the software development ecosystem.

Personally it seems rediculous to me for companies not to offer long term trials of their software, it does seem that more and more are starting to do it however which is great news. I consider the software development marketplace an ecosystem. While the mega-companies are who you hear the most about, they represent a small fraction of piracy in regards to the quantity of pirated products. It’s these smaller software developers that the piraters should really think about. These small companies and individuals are the true innovators of the industry. It’s their products and ideas that eventually get bought up and incorporated into the larger companies, or more rarely they beat the odds and become a large company of their own. By pirating these companies software they are reducing the overall pool of dollars available to these software developers, which in turn means a greater number will be forced to close up shop and join the corporate megaliths as just another member of the payroll. The innovation potential is reduced each time, and the entire industry and the consumer ultimately suffer.

Unlike the expensive software of the big boys, these software developers typically make lower priced products. And the typical excuses made by the pirater, in regards to how their piracy has no financial impact on the developers because they wouldn’t have purchased it in the first place due to its cost, don’t hold true in this case. These are usually developers of games, internet utilities, system tools, and the like with price tags averaging under $50. In almost all cases the pirater would have paid for the software if they could not have gotten it illegally. Unfortunately they cannot see that the publisher of that ‘must-have’ tool may not exist next year to release that next fabulous version, or that it might receive less work and be of a lesser quality since the publisher had to spread their attentions to other activities to stay afloat.

I realize there is no ‘one size fits all’ when it comes to the reason that piraters do what they do. But I hope that the mentality can change when it comes to software produced by the little guys, since a great deal of our innovation will be lost to the world if we can’t find way of supporting these developers with financial security when they produce quality products. That said, I do have a couple of suggestions for the ‘big boys’ when it comes to marketing and licensing their software.

  1. Take a lesson from the excuses that people make for pirating software and counteract it with creative licensing. If the product is targeted to a specific audience (business software for example) then offer cheap, or even (Gasp!) free, versions of the software for non mainstream audiences that you don’t expect to make any revenue from. By increasing your userbase you will obtain greater feedback on quality control and compatibility issues and a broader audience familiar with your product to recommend it to their employers….your targeted audience.

  2. Split educational software licensing into two parts. One for educational institutional use (existing pricing) and the other a even further reduced license for students and faculty. I personally already find the educational software pricing competitive, but obviously a large number still find the convenience of pirating still worth the price differential of buying an educational or OEM copy.

  3. In exchange for these low end pricing structures get increased permission agreements from the purchaser for marketing and acquisition purposes and even product testing/feedback. Require download only copies and paid support only to keep your supply costs as low as possible.

I would doubt that many companies believe the above aren’t doable. In fact I think most would immediately jump on those ideas if it weren’t for one thing….they are terrified of cannibalizing their existing userbase. It’s true that they would likely gain income by implementing the above, and significantly reduce the amount of pirating of their software. But if they don’t do it right they risk the fact that their existing userbase might start taking advantage of these opportunities as well. Since they don’t have enough information about just how many might fall into that category they can’t accurately calculate the amount of cannibalization that might occur.

Now I can’t guarantee that’s the reason they don’t do it, I just hope that’s the reason. The alternative would simply make me too cynical. That alternative of course is that they truly believe that they can sell their product at full retail to those pirates…..if only they could stop them from pirating. There are a few cases where that might be true, but they are definitely the exception and not the rule.

Technorati Tags: , ,

Add comment June 21st, 2006

AT&T rewrites rules: Your data isn’t yours

Here’s an interesting article on the new privacy policy released by AT&T. This is the first such policy shift that I’ve seen in which the emphasis of the policy is focused on the rights of the company in regards to your personal information vs. the rights of the consumer.


They state explicitly now that they own the data that you generate, instead of you. In addition they clear they way for making it easier to avoid lawsuits caused by handing over that data to other entities. In addition they state that they will track what you watch, play, etc. if you use their new video over phonelines services providing television programming and gaming services. It should be noted that this is currently illegal for cable operators, since lawmakers didn’t envision such a technology at the time of passing the law they didn’t include telecommunication companies in the restrictions.


Whatever happened to being customer focused?


Matt Ridings

MSR Consulting


Technorati Tags: , , ,

Add comment June 21st, 2006

Microsoft OneCare For Small Business?

Should Windows Live OneCare be used in a Small Business Server environment?

As Microsoft has now released the production release of Windows OneCare you may be wondering whether or not it is appropriate to use as a tool for Small Businesses. The answer, as is usually the case where small businesses are concerned is, it depends.

First a quick product overview. As this article isn’t meant as a full product review I’ll simply provide the feature summary of OneCare and a couple of comments. OneCare includes firewall, antivirus and backup software, as well as Microsoft’s Windows Defender antispyware technology, which is still in beta form. The product also handles routine maintenance tasks such as defragmenting the hard disk and cleaning up unused temporary files. You should note that in regards to the maintenance tasks such as backup, disk cleanup, and defragmentation that these aren’t really new features for your XP machine. They already exist, you are just most likely not using them.

The real benefit is that this functionality is compiled into an inclusive application that can automate most of those tasks for you with a simple to use interface. Microsoft is selling OneCare subscriptions under a novel pricing plan of $49.95 per year for three users (different computers), which is designed to simplify things for home users. As of this writing you can expect to find deals for much less than that through various retailers as Microsoft works with the channel to refine its marketing push. There was a recent promotion at Circuit City for $9.99 (expired) which was by far the cheapest I’ve seen, but at the moment you can still pick up from Amazon for $19.99. That’s the same discounted price that Microsoft offered to those that had assisted in beta testing the product.

So basically 3 computers covered for Antivirus, Malware, etc for $20. Sounds good to me.

For home users we definitely recommend the product, namely for its comprehensive coverage of the most common security related issues as compared to other vendors and its nearly silent and less annoying background operations. If you are a power user who likes to tweak every aspect of your systems however you will likely be happier using best-in-class products for each security category as you’ll be able to have granular control over most aspects of the software. For that type of user we recommend Eset’s NOD32 or Kaspersky. They are hands down the best anti-virus products out there when it comes to speed and detection, but not nearly as easy to use or as comprehensive as OneCare.

Outside of the all-inclusive approach of providing system tuning and backup tools here are the main items we consider the biggest competitive differentiators at the moment that provide true value:


  2. While a subscription model for obtaining the latest virus and Malware updates is nothing new to security products, Microsoft is the only vendor so far that also includes product updates as well as a part of the subscription. With a competitive product from Symantec for example you would currently have to go out and buy the new product.

  3. Microsoft also one-upped the competition, and itself for that matter, by taking the unprecedented move of supporting all OneCare customers via their choice of telephone, online chat, or email.

But what about the small business owner? That price point and feature set sounds pretty good for covering three machines, and if the coverage is good wouldn’t that make a lot of sense? Again, it depends. If you are a very small business still running a peer to peer environment without a centralized server then I’d certainly say go for it and you can stop reading here. If you are running Small Business Server however and have more than ten or so machines, or are a startup planning on high growth, then there are other factors we need to examine…

First and foremost, is it even compatible with your computers? Well, it requires Windows XP with Service Pack 2 (or Vista when it releases). In a Small Business Server domain environment, what about conflicts with the domain or installation rights? We couldn’t find a comprehensive answer from Microsoft on those latter questions other than the following general statement:

Q: Can I use OneCare with Microsoft Small Business Server?
A: Windows Live OneCare is not designed to work with Small Business Server; however, you can use OneCare on the desktop’s and laptops within a network that uses Small Business Server.

That sounds straightforward enough but there are so many areas that a product like this could conflict with the domain that it left us hesitant to say you could use it painlessly without actually checking it all out…..so we set everything up in our test lab. Guess what? It ran just fine and without conflicts, even in the areas we were most worried about such as Group Policy firewall settings, etc. That said, please don’t try and run it on the server ok?

So, now that we’re confident it works we can move on to the other issues, or rather take into account the downside of using any product like this which is targeted predominantly at personal installations vs. corporate.


  2. Centralized Management: Obviously you will not have any centralized management tools built in for deployment, updates, subscription/license management, reporting tools, or administrative scans. This becomes progressively more important based upon the number of machines you have or your expected growth rate so weight this factor as appropriate for your organization.

  3. Redundancy/Conflicts: Some of the functionality built into OneCare will likely overlap existing functions you may have in place. Namely client pc backups, firewall settings, or WSUS if you have it localized. It’s important that you take the overlapping functions into account if you use the product and disable one of the redundant pieces of software or incorporate into your management plan.

  4. Long term planning: With Microsoft structuring existing and new products into a business security package called ForeFront I wouldn’t hold my breath for a variant of OneCare to be released just for SBS. So, even if you may be a very small business today, if you have growth plans that significantly increase your size in the next 12 months you may want to consider a centralized solution instead of OneCare.

  5. Control: One of the benefits of OneCare for a home user is that it does most of its magic in the background automatically without bothering you every 5 minutes. To accomplish this however it necessarily makes a lot of assumptions, something you may want more control over as a business. Basically, if you have someone internally or externally tasked with regularly managing your IT services then you may not be a great candidate since most IT personnel would balk at their inability to control product and content updates (and rightfully so as seemingly benign updates have been known to break other software or features, so we tend to test major updates prior to releasing them for full deployment….)

  6. Email Anti-Spam: This is the only real shortcoming of the product in our opinion. I was frankly a bit surprised to see this missing. Granted, if you are using Outlook you have some very basic coverage such as its Junk Mail features. If you are not running Small Business Server with Exchange then insure that your ISP’s email system provides hearty anti-spam functionality. If you are running Exchange server then we highly recommend supplementing the server with a product such as GFI’s outstanding Mail Essentials product. This is on our “Must Have” list of software anyway therefore we don’t consider it a massive blow to OneCare but just be aware of this.

  7. Timing: As this product is newly released its entry into the market has shaken up security vendors such as Symantec Corp. and McAfee Inc., which are now scrambling to deliver security products that have the same backup and PC tuning features as their new competitor. Symantec expects to ship a OneCare competitor, Norton 360 (previously code named Genesis), by year’s end. McAfee said it would deliver its own backup and security product, code-named Falcon, by September. A beta version of Falcon is expected any day now. The reason this matters to you is one of these products may well address some of the features above we’d like to see in a Small Business variant. So if you don’t have to make an immediate decision we’d recommend letting this market shake out a bit first to see what your options may be. In addition there are additional features in some of the competitor product plans that might be useful to you, namely an option to backup online to a hosted offsite server. In response to that Microsoft has stated they are also examining offering that as a future feature.

Our conclusions? We tend to caveat everything in the small business space since there is rarely a “one-size fits all” answer for that audience. But since we know you want straightforward answers we’ll give it a shot.


  • Peer-To-Peer environment: Recommended

  • Small Business Server < 15 Users (Onsite): Recommended

  • Small Business Server > 15 Users (Onsite): Not Recommended

  • *For environments with greater than 15 users, but the majority of whom operate remotely out of home office environments we would recommend the product deployed on those machines and use the same rules above for the onsite machines.

Cheers,

Matt Ridings
MSR Consulting

Related Links:

Windows Live OneCare FAQ:

Paul Thurrot’s OneCare Review

CNet OneCare Review

Vista Note: A beta program designed to test the upcoming Windows Vista version of the software will start up later in the year. Windows Vista is expected to ship in early 2007, and OneCare for Vista will be available around the same time

Add comment June 13th, 2006

Personal Data on Veterans Is Stolen - Largest Personal Security Breach Ever

A simple home burglary of a Department of Veterans Affairs employees laptop has netted the thief around 26.5 Million names and social security numbers of veterans. Signs are that the thief may not know what they have, yet.

2 points here,

1) What in the world was that employee thinking taking that data home? and

2) Can you imagine how freaked out that thief is going to be when he realizes how much extra attention is going to brought to bear on finding him now?

Full Story

Matt Ridings

MSR Consulting

Š

Add comment May 31st, 2006

Previous Posts

Topic Areas

Subscribe To Site

  • All MSR Sites

  • Gadgets & Gizmos

  • SBS Links

    • Recent Websites

    Translate This Page

    Who Links Here?

    Related Advertisements

    Featured Download

    Advertiser

    Tag Cloud

    internet consulting Small Business Server sharepoint Internet Business Tools Gadgets and Gizmos wss sps Sharepoint Portal Server Windows Mobile microsoft Just Plain Interesting General Technology software msr consulting Ultimate Lists sharepoint portal server microsoft office Security politics neutrality laptop Internet Marketing google cellphone 3rd Party Software windows sharepoint services windows verizon telecommunication companies sharepoint server senate commerce committee search engines review privacy office notebook netneutrality motorola moss law internet policy Exchange Server desktop dell debate computers civil liberties censorship business