With the recent release of Microsoft Exchange 2010, most of our client base is faced with yet another upgrade. Exchange 2010 offers three compelling features that should justify the upgrade. The addition of email archival functionality is a long-awaited tool typically performed by expensive third-party add-ons. A hybrid model of mailbox storage allows both on-premise and cloud-based mailboxes. This eases the transition to the cloud while maintaing large, slow mailboxes in a high performing environment. Improvements to the failover functionality make highly available email much easier for small and mid-market clients.

Many clients and prospects have no email archival strategy at this time. Compliance with federal and industry standards such as Sarbanes Oxley represent only one benefit. Email is the primary communication tool used by business today. Promises are made, orders placed, complaints lodged and bad behavior recorded. Storing this data in an easily accessible manner ensures that committments are upheld and risks mitigated.

Adding a variable cost element to your email system without sacrificing the superior performance, storage and customization of an on-premise Exchange server is desired by many companies. A recent prospect has a few hundred seasonal employees with mailboxes and another few dozen year round staff. The year round staff average nearly 5GB per mailbox. By splitting this storage up between on-premise and cloud the prospect can elimate mailbox costs during the slow season. This can be accomplished in Exchange 2007 as well but is more elegant in Exchange 2010.

The disaster recovery improvements in Exchange 2010 allow easier failover and failback during outages. Many of our clients have embraced virtualization for hardware redundancy. Exchange 2010 allows for equally graceful level of software and data redundancy.

VARs love selling maintenance contracts. They constitute about the only margin left on hardware. There can be very little cost to the VAR in service that maintenance contract. Why? Because they're usually a horrible deal for the client. Why spend $50k on a phone system and then spend $10k per year on a maintenance contract? Why not keep spare parts on hand for an extra $5k, one time expense? I rarely meet any client with any maintenance contract that doesn't complain about nickel and diming. Avoid this hassle by either not renewing maintenance contracts or by going with a lower end contract. If your systems are redundant, a lower end contract is an easy way to save thousands of dollars.

The one exception to this is for systems with non-standardized equipment. If your server rack is a mix of HP, Dell, IBMs purchased sporadically over the last 3 years, stocking parts may be difficult. Of course, since you're going to virtualize on standardized servers anyway this is a moot point.

Being called "a worst case scenario of cloud computing" on Twitter demanded I pick this book up. It is actually a terrifyingly good read that demonstrates Suarez's technical knowledge as well as his ability to craft a great thriller. In his fantasy world thousands of corporate networks are penetrated with an advanced botnet. Oh wait, that's the real world too. In Daemon the botnet is controlled by a deceased game developer with enough money to ensure his ambitions persist beyond the grave. These ambitions include murder, mayhem, extortion, and more. Good times!

A few thoughts:

1) Though much of the technology is still in early stages of adoption, it exists today. If you can hunt a deer over the internet, you obviously can kill a man.

2) Security breaches of the sort required to perpetrate a more realistic version of this attack occur constantly.

3) The book incorporates interesting socio-economic themes as well. Suarez is obviously under the impression that private industry exercises near absolute control over our government. I, for one, welcome our corporate overlords.

4) The disaffection of corporate IT employees from the business was another key theme. Similar to Heinlein's "The Roads Must Roll" in which a technical class realizes the power they can exert over those dependent on their abilities. A massive, unionized strike flexes their muscle. If you're an IT executive this should be yet another thing to keep you awake at night.

5) For anyone not using offline storage such as tape, read this book. Offline storage is a critical last defense against many attacks. Unfortunately a large percentage of IT execs don't value it to the extend it demands. In much the same way accounting standards dictate separation of tasks, offline backup tasks should be split from normal IT tasks and, where possible, from your IT staff. Let offline storage be your panic room.

Check this book out soon. The next installment of the story is released in January. I hope there are a dozen in this series.

I was invited to be a guest speaker at the Texas Organization for Rural Community Hospitals' weekly webinar. This week's topic was an overview of IT Security for IT Executives and managers. My presentation covered basic risk assessment, common types of attacks and prevention strategies. I discussed several up and coming technologies such as application whitelisting, layer 7 firewalls, and network access protection. I also discussed various security standards such as SAS 70, PCI, and HIPAA.

As promised to the attendees, here is the slide deck:IT Security Overview.ppt (6.67 mb)

Cloud computing is already disrupting staffing, procurement and support practices in IT departments around the world. GCS' Early Happy Hour event will provide insight into the coming changes to your business practices. We'll profile solutions from vendors such as Amazon, Microsoft, Rackspace, Terremark and more. We'll look at private clouds and public clouds while breaking down the differences between I-a-a-S, P-a-a-S, and S-a-a-S.

We will present a high level strategy discussion on the topic of cloud computing. We hope that our attendees will share their cloud experiences and opinions with us in an open format.

The Early Happy Hour will be Thursday, December 3rd from 3:00PM to 5:00PM at Sullivan's Ring Side. GCS will provide refreshments including adult beverages.

Click here to RSVP. An RSVP is required. If you have any questions please email joe@gcsaustin.com.

http://www.gcsaustin.com/seminar/

When considering a hosted or cloud provider, ask the 10 simple questions below to further your analysis.

Data Center: Are your servers stored in a data center? Please describe your power, data and cooling redundancies?

Compliance: Are you compliant with PCI and SAS 70 standards?

Longevity: What happens in the event your business fails? How do we recover our data? How do we use it, once recovered?

Backup Systems: How do you backup the data? How often is it stored offsite? How is it backed up onsite?

Architecture: Do you utilize virtualization with shared storage?

Reliability: Do you offer a Service Level Agreement? How much credit do we receive when you are down? At what amount of downtime do I receive the credit?

Performance: How does our user count compare to your largest client and to your total user count?

Bandwidth: Approximately how much bandwidth per user is required at our office?

Ownership: Do you own the equipment and licenses on which you're hosted?

Support: What are your support departments hours of operation? How is after hours support provided?

This is a quick start but should start separating the real providers from the pretenders.

A great, in depth article on the DirectAccess feature in Windows 7 was posted recently on Informit.com. They nailed down the architecture well.

So, can DirectAccess kill your VPN? Yes and no. It is not intended to work on non-company owned PCs. Why would you want it to? You'll still need VPN for that. I've seen many organizations utilize VPN for vendor access. DirectAccess is not a replacement for vendor access. DirectAccess also requires IPV6. Oh. Though many organizations are unintentionally running IPV6 already, this will present some pause to many IT Managers.

A total lack of faith in existing anti-virus products has forced us to watch Application Whitelisting technology for a while. A comprehensive review of several top products was recently posted over on Computerworld.com. It was nice to see fellow Austinites, CoreTrace, score so well. The article correctly tagged one of CoreTrace's best features, buffer overflow protection.

Though we have a close eye on Application Whitelisting, we have yet to deploy it for a single client. Frankly I'm terrified of user adoption issues. For this technology to succeed we will have to convince the users that the trading flexibility for security is worth it, or work with organizations that can afford to ignore user complaints. Winning hearts and minds is a losers game. Today I'm more convinced than ever that Application Whitelisting will be a hard sell. For those organizations that can stomach it, it could dramatically reduce time spent on virus and spyware issues.

The first part of this comparison generated some heated interest in the blogosphere. It earned a response on Dell's Equallogic Blog as well as a couple of well composed comments from both HP and Dell. Dylan Locsin from Dell thought that a few of my points were inaccurate and he even insinuates that I may be misrepresenting myself. I'll respond to his points here:

1) Clustering: His point that my calling Equallogic "clustered" is inaccurate is completely correct. I should have call it "distributed." Equallogic does not offer true clustering across SANs. They don't offer a comparable feature to the Lefthand's Network RAID functionality which allows striping across SANs. Equallogic cannot pool IO resources as it scales.

2) Groups: Dylan interpreted my argument with Equallogic that "Data cannot span more than these two SANs" as a replication argument. It wasn't. With HP Lefthand SANs I can add performance and capacity with each node up to 16 nodes (and even beyond). This avoids silos of performance and storage. I did fail to point out that I was considering the PS4000 series which is the most commonly encountered Equallogic SAN considered device by my clients. The PS6000 series improves this situation.

Dylan wondered why I didn't offer a disclaimer that I sold HP Lefthand. If he scrolls down a bit he'll notice the disclaimer. I also prominently place the Lefthand SANs on my website. GCS does sell Dell servers, desktops and notebooks. We support MD3000i and Equallogic SANs from Dell. I think Equallogic is a fine product. However I firmly believe the HP Lefthand SAN offers the best value for my clients in the SMB market. That said, Dylan, I'm not opposed to also offering Equallogic to my clients that bleed blue. There are many of those, especially in Austin. I don't mean to insinuate that Equallogic is bad product. I've seen clients succeed with both options.

By far our clients and prospects have two SANs in mind, the Dell Equallogic and the HP Lefthand. While both are impressive SANs that are very similar, there are some critical differences.

Clustered Storage vs Cluster-able Storage: Both products offer clustered storage but only Lefthand can tout that out-of-the-box. Each Lefthand includes two chassis by default where-as Equallogic offers dual-controllers and an extremely reliable single chassis configuration. What is the actual difference in reliability? I have not found any real-world tests but if I can get two for the same price as one, I'll go that route. Advantage: Lefthand

Licensing: Both Dell and HP have listened to their clients anger at complicated licensing systems. Both the HP Lefthand and Dell Equallogic offer an all-inclusive licensing method. Unfortunately unless you buy the HP Lefthand Starter SAN Solution, you may need to be the Multi-Site/DR license in the future for real-time failover and failback. Advantage: Equallogic

Density: The HP Lefthand is essentially a ProLiant DL320s server. The Dell Equallogic is custom designed chassis. Because of this difference the Equallogic gets more spindles per U. This is certainly a consideration when you're ordering racks of SANs. It is much less of a concern when order a SAN or two. Advantage: Equallogic

Groups: EqualLogic PS series allows only two SANs in a group. Data cannot span more than these two SANs. With HP's SAN/IQ Network RAID you can span multiple SANs in a variety of configurations. This provides better performance and reliability. Advantage: Lefthand

Site to Site Replication: Out of the box both SANs offer site to site replication. Only the HP Lefthand supports synchronous data replication with automated failover and failback. The Lefthand supports multiple sites in all configurations. Advantage: Lefthand

Obviously a lot of features are excluded as they are quite similar between both products. The reason GCS chose to emphasize the HP Lefthand SAN was a significant price and value advantage. However it is not quite so apparent as when compared to other SAN vendors on the market.

Here is a helpful comparison chart for HP and Dell's iSCSI SAN lines:

Calculating usable disk space on a SAN is dependent on a number of variables. Make sure you're buying the right model with GCS' HP Lefthand SAN Usable Disk Space Calculator. The calculator displays usable disk space across a variety of RAID and Network RAID configurations for the HP Lefthand P4000 SANs.

Joe has been posting a nice buyer’s guide about the features available on various SAN storage products. But it doesn’t really address the question of why move from direct attached storage (DAS) to a SAN. What benefits does a SAN bring to an organization?

To answer the question, we have to look at how storage is purchased and provisioned without SAN based storage.

Say you have an older File Server which currently has 500GB of data but can’t take any more drives.  Performance is fine but you decide you need to upgrade to a new server to add more capacity. You want the new server to have room to grow, so you spec out and order a server with 1TB of disk space. You also have Mail Server. It’s a pretty new server, but you recently merged with another company and the mail store size doubled overnight.  It needs storage and fast, but not a lot as you don’t anticipate the mail store growing so quickly in the future. You have 500GB of storage sitting on the new File Server, but you can’t use any of it to host the mail store.  So you order an external tray with just a couple drives and still end up with more storage than you need.  

Ten months later you look and see that file server data is growing rapidly and the free space is already gone.  You have an external tray attached the mail server, but you can’t use that to attach it to both servers. So you have to purchase a separate tray for the file server.

This example is over simplified, but it highlights three problems of direct attached storage:

·         Poor scalability

·         Poor Utilization

·         Silos of storage

Poor Scalability

It is not uncommon for an entire server to be replaced just to increase capacity. Not only is this expensive, but if the old server was performing fine you are buying additional resources (processing power and RAM) that you don’t really need. Adding external trays allows you to add large chunks of capacity, but what if you only need a bit more space. 

Poor Utilization

Data growth is dynamic which makes calculating your future needs difficult. The lack of flexibility in DAS discussed above and the fact that adding capacity frequently involves downtime or complete server migration leads organization to buy much more storage upfront than they need.  The result is servers with considerable amounts of unused storage.

Silos of storage

Because of the two problems above you end up with servers with spare capacity, but it is unavailable if another server needs it.  You have storage you’ve paid for but can’t use. Organizations respond in two ways, they either accept this inefficiency or start adding multiple services to servers that have space even if it violates best practices.  An example would be adding high usage file shares to your mail server.

How a SAN helps

A properly designed and deployed SAN addresses each of these problems.  SAN based storage is scalable, flexible, and allows storage to be shared between servers.  The end result can be better storage utilization meaning you only buy the storage you need and can easily add more as needed.  SAN based storage is also a critical element that enables organization to effectively utilize advanced technologies like clustering and virtualization.

Hopefully you now understand the benefits of SAN based storage and have decided it’s time to add it to your organization.  As you can tell by the number of features Joe has in his buying guide, there are many more options and decisions to make. Like any new technology deployment, good guidance can mean the difference between a successful deployment and failure. In future posts I’ll break down:

·         What is a SAN? Or more accurately what components make up a SAN?

·         How should a SAN be used and how should it not be used?  There are many ways to deploy a SAN can limit its utility and seem to be more expensive and troublesome than it works.

Most of our clients choose between an Entry Level or Mid-Level SAN, as described in Part 1 of this Buyer's Guide. In this post I'll identify the features that differentiate those two classes of SANs.

Clustering: Clustered SANs operate like clustered servers. If one fails the other takes over immediately. This is only available in the Mid-Level products such as HP Lefthand, Dell Equallogic, etc. Only HP's Lefthand offers true clustering out of the box. The minimum order for a Lefthand SAN is two completely separate units.

Thin Provisioning: Mid-level SANs allow  you to oversubscribe storage by allocating storage to a volume without reserving that storage. If you create a 100GB volume but only use 40GB, the remaining 60GB is free to be allocated to another volume. This feature is essential in maximizing the storage efficiency of a SAN.

Offsite Replication: Replication between SANs is the foundation for an excellent DR solution. Replicate all data and VMs to another site. Many of the mid-level SANs offer this solution but in some it is a licensed add-on. HP's Lefthand includes scheduled replication at no additional cost but real time replication and automated failover is an additional license fee.

Snapshots: Snapshotting technology is an on-array backup method that utilizes a relatively small amount of disk space. This is possible to restore entire volumes quickly without relying on external storage.

De-duplification: Long an enterprise only feature, integrated de-duplification is making its way into mid-level SANs. This can dramatically increase the efficiency of storage but can have a significant performance cost.

This brief guide will outline the different SAN classes available to the SMB buyer.

Entry Level: If you're buying a SAN, you need a few basic features. iSCSI support and vendor certification (Microsoft, VMware, Citrix) will meet minimal needs. These will enable your virtual environment to utilize high availability features in any of those vendor's environments. HP's MSA 2012i G2 and Dell's MD3000i both meet these criteria. Expect to spend as much as $15k on these devices. The HP will let you mix and match SAS and SATA drives in a single chassis for best use of your SAN dollars. Neither of these solutions offer thin provisioning or clustered storage. What's that mean? Less efficient per GB and much greater risk of failure. If you're concerned about putting all your VMs in one basket, and you should be, then look to the Mid Level, below.

Mid Level: This is what you want, if you can afford it. Two major features enter play here: thin provisioning and clustered storage. I'll touch on both of these now with more to come soon. Thin provisioning allows for oversubscription of storage. Don't worry about it, just do it. Clustered storage is like clustered servers. Two, or more, boxes configured for failover. The HP Lefthand provides the lowest entry cost to true clustered storage. Dell's Equallogic, Compellent, NetApp, Xiotech and others each offer some unique features. Expect to spend at least $30k on this device.

Enterprise: Forget about it. You can't afford it and wouldn't fit in your server closet if you could. Vendors such as HP, EMC, IBM, NetApp and others live here.

Virtual Storage Appliance: For those organizations that may already have a large investment in internal storage in servers or direct attached storage, a VSA may be the best bet. This software solution aggregates storage across your servers into an iSCSI SAN with similiar feature benefits to a full system. You will be able to support High Availabilty and VMotion/Live Migration with this solution. Obviously since you are only buying the software the entry cost is much lower than a hardware solution. HP's Lefthand offers a VSA for VMWare (Xen and Hyper-V are coming). StorMagic has an interesting option that currently supports only VMWare as well, but Hyper-V support is coming.

A not-too-brief market overview should whet your appetite. Look for more info on the features and key differences between vendors to come soon.

We've long been fans of Sonicwall firewalls at GCS. Advanced features, easy web-based configuration, low failure rates and low cost make it a very compelling option for many clients. With the rollout of the new product lines Sonicwall offers the Enhanced Firmware features (most notably WAN Failover and Load Balancing) as a standard item on every product. My small office clients can now get WAN failover in a device for less than $400. This is a real cloud enabler. For a few grand you get WAN failover plus a High Availability configuration on your firewalls.

Today Avaya released a KB article describing how to configure Sonicwalls to prioritize voice traffic between sites. With the rise in popularity of MPLS and managed routers, we are seeing far more Ethernet handoffs than T1 handoffs these days. The Sonicwall NSA 240 is a great device to terminate that MPLS circuit and appropriately manage the traffic.

Live Migration is the killer app in Hyper-V R2, which is due out in mere weeks. Microsoft finally can match VMWare feature by feature in many environments - or can they? If you don't want backups, Live Migration works fine. What? Again, please? If you're using Data Protection Manager 2007, you will not be able to backup VMs using Clustered Shared Volumes. Clustered Shared Volumes are required to utilize Live Migration.

Fortunately DPM 2010 released to Beta on 9/29. Not only does it add support for VMs using Clustered Shared Volumes but it also enables mobile laptop backups. The mobile laptop backups work over a VPN and are designed for the user off the LAN. DPM to DPM replication offers a poor man's disaster recovery solution.

Data Protection Manager is by far the best backup solution for Hyper-V virtualized environments. It includes brick level backup of Exchange, a SQL agent, and a Sharepoint agent. It integrates to Shadowcopy for backups of the VMs. All DPM agents are included in the System Center Server Management Suite, though you have to buy a seperate DPM server license.

Hold your breath. Live Migration is coming, just not quite as fast as the marketing indicates.

GCS' Early Happy Hour was filled to capacity by IT Executives from all over Central Texas. For many it was their first look at Windows 7. Many attendees agreed that the upgrade to Windows 7 is unavoidable. Following the demo, some attendees even looked forward to it! Our discussion highlighted the improved UI, Branch Caching, Windows XP Mode and AppLocker.

In addition to Windows 7 the attendees got a look at Windows Server 2008 R2. We spent quite a bit of time talking about Hyper-V, System Center Virtual Machine Manager R2 and the new Live Migration features. Marquis covered Clustered Shared Volumes in depth, as they pertain to Live Migration. We also covered the new Active Directory Recycle Bin and Branch Caching.

We wrapped up the event with a look at VMWare's VSphere 4. The new Fault Tolerance features garnered the most interest. VSphere's Fault Tolerance allows for failover between hosts without downtime. They have set the standard here. Unfortunately most of the new features in VSphere 4 are not included in the Essentials and Essentials Plus package which is the only version that is price competitive to Hyper-V.

We'll be hosting our next even soon, focused on Cloud Computing in the SMB environment.

We're finally seeing the ProLiant G5s and virtualization-enabled PowerEdges become widely available in the used server market. Many clients are asking for our recommendations. In a virtualized environment with VMware's High Availability or Microsoft's Failover Clustering, is used hardware an acceptable option?

First let me say that I've long been opposed to used hardware in traditional environments. The hardware represents a small portion of the overall cost of the implementation. The installation and configuration, whether performed in-house or by a consultant, is wasted when the hardware has to replaced. I would rather see that service cost spread across four of five years of use. Why save a few thousand dollars to sacrifice a lot of ROI? Cash is the only valid reason. The difference between new and used gear is rarely enough to determine the fate of a project.

Now we have a highly available, virtualized system. We have architected enough capacity to easily run in the event of a single server failure. Are we more comfortable pushing the typical refresh cycles of servers? YES! If we're only refreshing from a fear of hardware failure, then used equipment should be an option considered. In two recent projects we've been able to go from 20ish servers to two servers without buying a single new server! We're reusing equipment from the organization in these cases, but that compares well to procuring used hardware.

Make sure when ordering that your hardware is identical to take advantage of the high availability features. SANs are still new enough to have limited availability on the used market. If you can knock $20k or $30k out of the upfront cost by using used servers, why not?

You've taken the plunge (or not) and are ready for SIP. Now, how do you configure SIP trunks on an Avaya IP Office?

1. Buy licenses from an Avaya reseller (I can think of one). Each SIP trunk is licensed.
2. Order SIP service from an Avaya-supported provider. 
3. Your SIP provider will request a public IP address that has port 5060 forwarded to the IP Office.
4. Reference the Application Notes with step-by-step instructions from Avaya for your provider here. Any App Note is a decent guide for any provider.

Not all SIP providers have Applications Notes at this time. However, if your provider is listed your Avaya reseller (*ahem* GCS) will be able to configure SIP service. If you're just getting started with SIP it may helpful to read GCS' SIP Primer.

SIP is a mature technology that will likley displace PRIs as the standard for dial tone in the SMB market. The IP Office offers both SIP trunking and endpoints.

In my last posting I promised to explain the concept of Application Whitelisting. But before we get to that there is another reactive aspect of computer security I failed to mention...software vulnerabilities.

Viruses and malware don't just take advantage for trusting users to infect systems. Frequently these programs exploit vulnerabilities in your computer's operating system and applications.  And once infected other vulnerabilities can be used to spread the infection on your network. 

Security researchers work tirelessly to find these flaws and alert the software makers before the bad guys figure out how to use them.  But even if a flaw is discovered and disclosed before an exploit is developed, it takes time for the software vendors to build patches to fix the problem. A patch does not help until it is actually applied which falls on users and IT shops.  Even the best IT shops struggle to keep their systems patched. It is a never ending battle and as this reactive cycle plays out, your computers are left vulnerable.

As the number of bad programs grows, the reactive process of detecting, processing and tracking them becomes more inefficient. So what is an organization to do? Application whitelisting is a change of approach in computer security from the ways of antivirus.  Instead of trying to figure out all the programs in existence you don't want to run on your computer, you specify what programs you DO want to run.  And more advanced whitelisting applications can go a step further and prevent the programs you allow to run from doing things they aren't supposed to when a vulnerability is exploited.

There are many different approaches to tracking what software is approved.

·     Simple whitelisting programs use the file name and/or path to determine if a program is allowed to run. These systems can be bypassed by changing the name of a file or move it to a different directory. 

·     A more advanced method is to use a hash of the file, a string of characters generated by processing the file through a mathematical algorithm. If even a single bit of the file is changed the hash will no longer match. The problem with this method is that if a program is updated the hash must also be updated. 

·     More reputable software vendors now "sign" their programs with digital certificates very similar to those used to secure web pages.  This allows you to verify that the program was actually released by that company. Instead of using one of the above methods to approve of software, you can tell your whitelisting software to approve of any program signed by a particular vendor’s certificate.  Unfortunately not all code is signed.

Frequently a combination of the above methods is required to build a whitelist. Once a whitelist has been created and applied to a computer it will prevent any program not specifically listed will be prevent from executing.  This should prevent any malware from running, but if not done correctly it can also prevent legitimate software from running. The ability to manage a whitelist is almost as important as the ability to enforce it. 

In the next post on this subject I’ll introduce a couple application whitelisting products and explore the differences in how they work.

HP's Proliant G6 maxes out at 144GB of RAM. 16 core processors are due out in 2012. How many VMs can you cram in a quad, 16-core box with a 144GB of RAM? Enough. Arthur Cole describes trends toward both mainframe-style aggregration and grids of smaller systems. Which is right your for you? One factor in determing the best strategy is:

Additional servers reduce the overhead for virtulization failover. Much like RAID configurations, with 2 servers you must allocate 50% overhead for failover capacity on each server. Three servers only need 33% overhead and so on.

The co-founder and CEO of Oracle carries a lot of weight in many tech circles. An event last night at Silicon Valley's renowned Churchill Club saw Ellison again downplay the importance of "cloud computing." This is not the first time Ellison has been so bold. His point is consistent - cloud computing encompasses a wide variety of solutions that are already in use.

It feels like cloud computing has accelerated in deployment so quickly for this very reason. Solutions that were previously hosted, managed, Saas, etc are now grouped together under a "cloud" moniker. The real opportunity, that has preceded "cloud" systems, is the shift from fixed costs to variable costs in IT budgets. For many organizations this improves their flexibility tremendously.

Running antivirus has become standard practice on home computers and corporate desktops alike. It is required by a number of security certifications and most IT security policies.  Yet I’m willing to bet that almost every company has still seen an increase in the number of computers infected with some form of malware.  And cleaning up the havoc malware reeks is becoming more and more difficult. It would seem antivirus is letting us down when we need it most. This is backed up by recent research that shows that of 10,000 computers infected with a common Trojan virus, 55% were running fully updated, fully functional AV software.  

So, if you are running antivirus why doesn’t that protect your computer?  In my view the problem with antivirus is that it is far too reactive and not proactive.  To explain, let’s look at how antivirus works:

·         Antivirus companies scour the internet looking for new malware. The problem with this is that some poor soul is already infected at this point.

·         The antivirus company then has to build a signature of this particular malware. This takes time during which your computer is potentially vulnerable.

·         The signature is than packaged and pushed out to the antivirus client.  While this is a proactive action, any IT admin will tell you that keep AV signatures up to date is a hassle with the best products out there.

·         Now your computer thinks it knows what to look for. The problem is that if the malware is modified, the signature can become worthless and the process has to react again.

·         Even if you have the right signature, many AV products won’t find an infected file until they perform a scan of your computer. It then tries to quarantine and clean the infection. Again, this is reactive. Real-time scanning might catch some malware before it lands on your computer, but if this method is reliable than why do AV companies still advise full scans on a regular basis.

There was time when user education could do as much to prevent an infection as the best antivirus.  But when high profile, trusted sites become compromised, and drive-by downloads can infect your computer without any user interaction the ability of end-users to protect themselves diminishes greatly.

So, what is the solution? Home users will probably just have to hope for improved antivirus products and fewer vulnerabilities in their software. But to business the pain and expense of dealing with malware infection has made the concept of Application Whitelisting an attractive way to keep computers clean.   In my next post I’ll explain exactly what this is and talk about a few of the options out there.

Come join us on October 1st at 3:00PM for demonstrations and discussions of these exciting new products. What will users like most about Windows 7? What three features separate HyperV R2 from VSphere 4? Can your environment use both hypervisors effectively? Our event will be held at Sullivan's Ring Side. Click here to RSVP.

This seminar is focused exclusively on IT personnel, in a management or strategic role. Engage directly with technical experts experienced in the installation and management of these products.

I hope you can make it. Your RSVP is appreciated.

Back in August, I introduced the various components of the System Center family. I also pointed out that the cost would of licensing each product, or even licensing a single product for multiple virtual machines, would be prohibitive for most smaller organizations. However, Microsoft has responded with the Systems Center Management Suite license that includes the licenses to manage multiple virtual machines using the full System Center family for a far more approachable price.  Here is what is included:

·         A license to run the Virtual Machine Manager server.

·         Management license for:

o   Data Protection Manager (DPM)

o   Operations Manager

o   Configuration Manager

o   Virtual Machine Manager (VMM)

This license is sold in two flavors:

·         The Enterprise flavor is licensed per physical server and allows you to manage 4 virtualized operating systems on that server. 

·         The Datacenter flavor is licensed per CPU (a minimum of 2 processors) but allows you to manage an UNLIMITED number of virtualized operating systems on a physical server.  When licensed for two CPU’s the Datacenter license is only about 25% more than Enterprise, and most likely if you have more than 4 VM’s you’ll have two CPU’s and will save money by going with the Datacenter edition.

But for small environments the biggest value of the license comes when using DPM for backup. But to explain the benefit let’s use a small virtual environment example. 

We have a Hyper-V server with 4 virtual machines:

·          A domain controller/file server

·         An Exchange 2007 server

·         A SQL server

·         A SharePoint server

The DPM protection agent also comes in two flavors:

·         Standard Data Protection which allows you to perform basic file level protection of a server.

·         Enterprise Data Protection which is required to provide protection for advanced applications like Exchange, SQL, SharePoint and Hyper-V

One of the benefits that drove this small organization was the ability to backup an entire virtual machine, which means we would need an enterprise DPM license for the Hyper-V server. When a Hyper-V server is protected with the enterprise license you are also permitted to deploy a standard DPM license inside any of its virtual machines. This allows us to backup the domain controller and file server, but the other servers would each require their own Enterprise protection license. So we would need 4 enterprise licenses.  Similarly, to properly protect all these servers with alternate backup products would require a special Hyper-V agent, SQL Agent, SharePoint Agent and Exchange Agent.

But, if this company was to purchase the Enterprise Server Management Suite they would be entitled to all the Enterprise DPM licenses they needed. And because of the new pricing, they would pay less.  Just 3 enterprise DPM licenses would cost more than the enterprise suite license. And on top of that you get management licenses for all the other System Center products.

There are two gotchas with this management suite:

·         The only System Center Server license included is the VMM server license. So you still need to purchase the server licenses for DPM, Operations Manager and Configuration Manager to take advantage of the management licenses included in the suite.

·         Despite all being part of the same product family, the System Center server product cannot all run on the same server.  Only VMM and DPM can coexist.

Because of these limitations it is likely that smaller environments will only take advantage of the VMM and DPM components of the suite, but it still offers a compelling value to consider.