Tag : administrators

Windows Intune – Optimistic View

BVA has been in the cloud for sometime.  Obviously being in the cloud means alot of different things to alot of different people.  Everyone seems to have their own spin on the term.  For some time now we have wondered if Microsoft would come out with System Center for the cloud (BPOS). The overall BPOS solution has been fairly stable and successful yet there have been a few pitfalls but have worked through them with support.

As its core, Windows Intune is a cloud-based version of the desktop management capabilities customers could previously get by deploying Microsoft System Center technologies. For those that do not know that Microsoft System Center, it’s basically a bunch of older product put together via a large suite of applications.  That being said the applications contributed are valid and great products.  It’s basically the old SMS desktop management system and basically MOM.  These are tried and tested application that BVA has deployed for several years, yet all required their own on-premise servers.  Therefore, Window Intune, rather than hosting a System Center server on-premises and managing desktops from the server, administrators using Windows Intune load a client onto the desktops.  Administrators can access, via a browser, the management software and tools in the cloud and manage and secure those desktops through the cloud. In addition to the product features, the monthly subscription will include upgrade rights to Windows 7 Enterprise for every covered desktop and an option to buy the otherwise hard-to-get Microsoft Desktop Optimization Pack (MDOP).

When the first limited beta of Windows Intune arrived in April, Microsoft described it almost exclusively as a midmarket IT-focused offering, with a slightly lower-end core audience than the System Center suite of products reaches. Core capabilities of Windows Intune include the ability to centrally manage the deployment of updates and service packs to PCs, to manage protection of PCs through the Microsoft Malware Protection Engine, to receive alerts that help administrators proactively monitor PCs, provide remote assistance, track hardware and software inventory, and set security policies.  For users familiar with Microsoft’s other product families, Windows Intune combines a Web-based management console with the desktop malware protection and reporting of the Microsoft Forefront Protection Suite and the update management, inventory and software deployment of Microsoft System Center Configuration manager 2007 or Microsoft System Center Essentials. Windows Intune also has the operating system distribution capabilities of Configuration Manager.

After reviewing all the facts it seems that this will be a great offering for our client base.  We are going to try this out at a client next month and we are looking forward to really seeing the real-world applications and cost savings.  I think it is fair to say that I am a little apprehensive about the security associated in imaging desktops through the cloud, but time will tell.  As a collective unit, BVA is staying positive with the security and ease of use.

iPad and iPhone Can Be a Security Risk

BVA has found that these types of mobile devises if not provisioned correctly can seriously be a security risk to your network environment.  Security policies need to be set forth to ensure security at all levels of access.  Apple iPad tablet device as well as the iPhone is slowly becoming a legitimate business tool, your employees will soon have them in hand and invade your business. The reality is that the iPhone changes the playing field for security and really surprised IT consulting companies and their administrators when it got released.   The users needs versus wants changed completely where being able to have a Smartphone that just sync’s calendars, contacts, and emails changes drastically. The iPhone hit the scene and next thing we were getting requests for it to be integrated into a businesses mail environment immediately. These requests were coming from owners and directors, decision makers were being demanding about making it work, totally side-stepping the security protocols set forth by years of experience and best practice.  The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased.  There have been several studies that have shown that when asked, the iPad and iPhones present the greatest smartphone security risk for IT.  It’s a scary thought that you have locked down your environment but since a new gadget gets releases to the market and owners want it, it diminishes the integrity of the system.

There was recently a few contents by security outfits where they had people hack the iPhone in less than 2 minutes and won a cash price.  This is a scary thought and quite frankly shows how easy it can be for the non-hacker.  Obviously it might take a little longer from a less talented hacker but it can clearly be done.  Apple has little intention to make their OS more secure because it’s not the market that they are targeting.  Again they are targeting the consumer, not the business enterprise.  I am sure there will be a point in time when that day comes but it is not in the near future.  If Apple at the very minimum addressed just the enterprise security, supportability requirements, and new hardware level encryption.  I want to be very clear that the OS on the iPhone is the same as the iPad as well as its security. Apple targeted the iPad primarily as a media consumption gadget for the residential consumer, not the business community but again we have seen this shift.  I am not saying that you should ban the iPhone or iPad but develop policies and procedures that address the rules of engagement for integrating the iPad with your network environment.

As you develop the policies, keep in mind that the iPad is unique and could fall into a few different areas for policies.  Here are some key points to keep in mind:

•    delivers notebook-like functionality
•    smartphone OS platform
•    normally placed in the policy bucket for computer usage and security policies, not recommended
•    a good policy bucket to consider – smartphone usage and security policies (recommended)
•    same smartphone OS was hacked in less than 2 minutes

Make sure that whatever policy selected addresses the most important factor here which is allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.

Data Storage For Small To Medium Sized Businesses – Data Solutions That Meet Compliance Standards – ProStor InfiniVault Storage System Breakdown and Review | BVA IT Consulting Blog

In working with a few different architectural firms and medical agencies, BVA has learned of several types of backup solutions that lean toward hitting compliance standards.  Being able to store large amounts of data for a specific period of time is crucial.  We have found that tape is a great solution but the problem that we see is the restore time in case something took place.  Even with an LTO4, the restore time would be quite substantial which could be very painful when we are talking about a terabyte of data.  In looking around for different solution we found a DISK based solution, GB, that really shortens the gap of restoring.  The product is called ProStor InfiniVault and is an array full of disks that are removable which is great.

ProStor InfiniVault is a storage system designed to balance the need to cost-effectively manage increasing amounts of information over extended periods of time. This is the storage solution for terabyte-years.  You can restore data fast with reliable retrieval of information from a choice of local online, removable offline or replicated locations.  The backup system comes fully equipped with what technology consulting companies and administrators need to manage their data for the long-term. There is no extra cost for software features and RDX disk drives can be added when storage needs grow, without having to purchase expensive disk management tools or new system infrastructure.  Data is organized into vaults allowing fast access through a standard NAS interface. The system automatically manages data retention, compression, encryption, and single-instancing de-duplication. It also maintains data integrity for the user so that data is available for years to come.

The intelligent software engine automatically protects itself – there is no need to back it up. The software stores multiple copies of each file to RDX removable disk cartridges, allowing near-line and offline data protection with removability for seamless integration into current workflows. The software provides several features that allow organizations to comply with the rules and regulations that govern their business, such as:

  • Hardware-enforced WORM for immutability
  • Audit trail with chain-of-custody reporting
  • File indexing for search and rapid file retrieval (eDiscovery)
  • Data retention and automatic deletion
  • Automatic copies
  • Legal hold enforcement
  • Data encryption and key management

The backup software has a web-based management console and provides a simple interface for configuration and management.  The disks used to store the data is called RDX.   Over 130 Petabytes of data can be stored on RDX disks today, RDX is the market leader in removable storage. Organizations can trust that the technology is here to stay.  RDX has such world-wide acceptance because of its cost-savings benefits such as:

  • RDX uses less energy: RDX disks are powered down when not in use, thus reducing power and cooling costs.
  • RDX disks are cost-effective: Capacities can be intermixed, and the interface will remain compatible well into the future. Organizations can purchase the latest capacity cartridge at the current best market price.
  • RDX is built to last: Each RDX cartridge has a 30-year shelf life, along with protection against drops and static electricity.

Models and Hardware Specs: