Vmware has now announced its General availability of AWS hosted Vmware in its cloud in London UK. The costs are below and factors in colocation, electric, bandwidth, security and licensing.
Region : EU London
Per Host Configurations
EC2 I3 server (2 x Intel® Xeon® E5-26xx v4 series CPUs, 36 cores, 512 GiB Memory, 8 x 1900 GB NVMe SSD)
Total Number of Hosts : 1
Yearly Price : £44,790
Offical Websites : https://meltdownattack.com/
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
On the 9th of Jan Microsoft will release a new patch to fix the issue. The same patch can be downloaded manually, more info here:
https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html
There are several reports (Read this thread https://www.reddit.com/r/sysadmin/comments/7o39et/meltdown_spectre_megathread/?utm_content=title&utm_medium=hot&utm_source=reddit&utm_name=multi) of users saying that the patch will slow down any CPU by 1 to 20% after patch, and some AV will not like it at all.
Update *
VMware has also released an advisory with patch links:
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
Update **
MS Disables Windows Updates if AV is not Spectre/Meltdown compliant
Update ***
Fortinet released new Forticlient 5.6.4 and it is fully compatible with the latest Windows patch.
Keep in mind that the Forticlient is seen as AV client from the OS (because it has an AV engine).
This in case you are unable to patch a system, make sure Forticlient is on latest version.
Forticlient can be freely downloaded here www.forticlient.com
We have had a few organisations with internal IT outsource the management of their Firewall and sometimes networking for us to they can concentrate on other aspects of the business. We usually arrange for a Site Networking Assesment were we come in and document ( if not already documented ) and provide some recommendations if nessesary on projects to get the network in a stable state.
Some reasons people outsource networking to us are as follows :
A managed firewall service gives you a flat monthly fee of managing each one of your firewalls or switching in regards to Monitoring , Security Updates and changes. This means you don't have any shock bills to worry about.
Our inhouse Networking gurus live and breath 1's and 0's flying across networks. We have notifications setup for the latest malware trends and 0 Day exploits currently beaing released on the internet and the patches to resolve them. Stay on top of patch levels from manufactures such as Cisco, Juniper, HP and Fortigate saving you the hassle. We also provide internal change control's to make sure each update gets installed without a hitch.
Our monitoring speaks to your router using various technologies such as SNMP , SSH and HTTP's to make sure we are getting the latest CPU and Memory load as well as making sure your bandwidth is not being over utilisted. If any of these are true we contact you about either performing QoS on your network or upgrading your Firewall/Connection to make sure your business is not disrupted.
As part of Microsofts Cloud offering , Intune is the functionality to control remote devices via the cloud instead of OnPremise Domain Controllers. With remote workers using devices like Microsoft Surfaces nowadays for portability they are rarely in the office or connected to a VPN which is able to connect back to the domain for new updates.
Windows 10 Intune allows a user to go to a store and purchase a device with their company credit card , and enter their Office 365 username and password on setup and it will setup the computer and download all the App's over the internet wiithout the need for being in the Office!
With Azure AD offering and now Windows 10 Intune slowely removing the need for onpremise Group Policys the move for cloud management is coming! You can also use these policies for deployment to Phones and Tablets as well. It's also a great tool for Asset Management, Security Auditing and remote assistant for devices in your firm.
Packages start from 4.50 GBP / Month
https://www.microsoft.com/en-gb/cloud-platform/microsoft-intune-pricing
There are some features that the Inbuilt MDM in Windows 10 cannot do per below
First, let’s take a look at an overview of the features available for the client and for Windows 10 MDM:
| FEATURE | INTUNE CLIENT | Windows 10 MDM |
|---|---|---|
| Auto Enrollment via Azure AD | ✗ | ✓ |
| Software Deployment via Single MSI | ✓ | ✓ |
| Software Deployment via MSI + additional files | ✓ | ✗ |
| Software Deployment via EXE + additional files | ✓ | ✗ |
| Configuration Policies | ✗ | ✓ |
| Compliance Policies | ✗ | ✓ |
| Windows Update Policy | Approved Updates & Reporting | Policy |
| Endpoint Protection Policy & Reporting | ✓ | Policy |
| Software License Management | ✓ | ✗ |
| Hardware Inventory | ✓ | Limited |
| Conditional Access | ✗ | ✓ |
Note 3 key items here – software deployment, Windows Update management and Endpoint Protection management:
Understanding the configuration policies possible with either approach is important for getting a full picture of how much control you have over Windows 10 PCs:
| POLICY | Intune Client | Windows 10 MDM |
|---|---|---|
| Custom Configuration (OMA-URI) | ✗ | ✓ |
| Edition Upgrade Policy✗✓ | ✗ | ✓ |
| Email Profile✗✓ | ✗ | ✓ |
| General Configuration✗✓ | ✗ | ✓ |
| PKCS #12 (.PFX) Certificate Profile✗✓ | ✗ | ✓ |
| SCEP Certificate Profile✗✓ | ✗ | ✓ |
| Trusted Certificate Profile✗✓ | ✗ | ✓ |
| VPN Profile✗✓ | ✗ | ✓ |
| Wi-Fi Import✗✓ | ✗ | ✓ |
| Windows Information Protection (Enterprise Data Protection)✗✓ | ✗ | ✓ |
| Microsoft Intune Agent Settings | ✓ | N/A |
| Microsoft Intune Center Settings | ✓ | N/A |
| Windows Firewall Settings | ✓ | ✗ |
| Exchange ActiveSync | ✗ | ✓ |
| Mobile Device Security | ✗ | ✓ |
Retail organisations such as shops and places that deal directly with the public through a shop front rely on IT Systems for multiple transactions through the day.
Point of Service Systems for purchases and stock audits
Systems for Payments e.g. Credit Card Machines and or systems like Square
Retail organisations also have multiple premises around the country if not world, so an IT provider needs to have engineers around the country available through all hours of the day and also prioritise busy seasons for retail companies e.g. Black Friday and Xmas to make sure any problems are dealt with efficiently and effectively
Retail organisations also need CCTV systems for their premise for security and insurance purposes and these should be stored either in the cloud or at the main office for archival purposes.
Some stores are also now using iPAD's for PoS systems and also giving these out to their customers for the shop experiencing in being able to find new items and also try outfits on virtually.
Free Wifi in stores also enables Stores to gather information about their consumers and start building a Customer Management System for offering offers for repeat business and building analytics to increase return sales.
Contact us today for how we can help your Retail Organisation with it's IT Support today
We preach two factor authentication whenever we can!
Previously ths cost of this has been pretty expensive for Customers due to the Labour of performing the following
However what if a customer already has office 365 ? They can enable 2fa authenticaiton with their 365 Tenant for free and outsource this setup and security to Microsoft.
To do this you just need a machine to be able to accept the SAML Tokens and Citrix's Netscaler does just this!
Not only can you toughen up the security to your inhouse and hosted apps but you can also restrict access by Enabling Country of Origin in a Conditions in Conditional Access Policies in Active Directory and SAML
You can host a Netscaler in Azure if you already have infrastucture there or you can host it as a Virtual Applicance on your existing Virtual Infrastructure.
The problem with computers that come straight from an OEM or setup by users themselves is that sometimes they leave the original Local Administrator Account Password Blank. When this PC joins a domain as most PC's in business' do , this blank password is left as an exploitable security rish which is how UK renowned British Hacker Gary McKinnon infiltrated Nasa
Not only can someone access your PC remotely they can also :
LAPs is a solution provided by Microsoft , that when installed has a tiny client rolled out on each PC, that gets told by Group Policy to generate a random password. The password gets changed every 30 days and is unique for each computer. Even if the computer disconnects the domain for what ever reason your local AD will still have a record for the password
LAPS is easy to deploy, easy to manage and provides several security benefits… and it’s free available below
Travel Companies such as Travel Agents, Tour Operators or tourist centres need access to the fastest internet to scour Holiday Booking sites or access airline checkin Systems and check availability. Not being able to access a site at a certain time such as a ticket site could lose existing business so the reliability of the provider and failback options should always be looked at.
Travel Agents also need to store previous , pending and future clients details with agenda's and be able to send the clients these all in a printable PDF Format. We can setup systems to prove a client has read each email or downloaded tickets to have a audit in case of any documents have been lost.
Customisable databases with all the above details can be created to suit each client with enough security to protect from a data breach.
We have helped our Travel Clients create booking forms on their websites for their clients to send through details of Exhibitions and Stands for their events which go straight into their booking database
Calling abroad future, overseas or existing clients can stack up expensive bills for travel companies. VoiP makes the cost of this much cheaper and also provides portibility for remote workers to have a follow me phone which means they can answer calls if people are out of the office.
As travel is the main worktype of people who work in travel , we host can host all infrastucture in the cloud so whevere they are in the world they always have speedy uniterupted access
From 25 May 2018 businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.
Risk that businesses could face fines of up to 4% of global revenues or €20 million (whichever is highest)
Do you collect names, ID numbers, IP addresses, cookie data, health data, genetic data, biometric data, racial or ethnic data, information on political opinions and sexual orientation or EU citizens ? This can be current employee's, previous employee's , existing customers , furture customers and previous customers.
If so the new rules means that
EU citizens have the right to access, so companies have to make sure they detail what personal data is being processed; the right to be forgotten and erased, which requires companies to delete personal data upon request; and also, the right to data portability, so the citizens are enabled to transfer personal data between companies.
The UK has launched an advisory Website for companies
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
Data might not have to be erased if any of the following apply:
How would you like to reduce your initial SAN costs and expenditure and change it to a montly ongoing cost , Microsoft if giving customers its Azure StorSimple 1200 for FREE
| Feature | StorSimple Virtual Array |
|---|---|
| Installation requirements | Uses virtualization infrastructure (Hyper-V or VMware) |
| Availability | Single node |
| Total capacity (including cloud) | Up to 64 TB usable capacity per virtual array |
| Local capacity | 390 GB to 6.4 TB usable capacity per virtual array (need to provision 500 GB to 8 TB of disk space) |
| Native protocols | iSCSI or SMB |
| Recovery time objective (RTO) | iSCSI: less than 2 minutes regardless of size |
| Recovery point objective (RPO) | Daily backups and on-demand backups |
| Storage tiering | Uses heat mapping to determine what data should be tiered in or out |
| Support | Virtualization infrastructure supported by the supplier |
| Performance | Varies depending on underlying infrastructure |
| Data mobility | Can restore to the same device or do item-level recovery (file server) |
| Storage tiers | Local hypervisor storage and cloud |
| Share size | Tiered: up to 20 TB; locally pinned: up to 2 TB |
| Volume size | Tiered: 500 GB to 5 TB; locally pinned: 50 GB to 500 GB |
| Volume size | Tiered: up to 5 TB; locally pinned: up to 500 GB |
| Snapshots | Crash consistent |
| Item-level recovery | Yes; users can restore from shares |
The tiering engine is now based on a heat map. Frequently accessed blocks are kept locally. Colder blocks are deduped, compressed, encrypted and sent to an Azure storage account, which can be cool blob storage (ultra cheap disk).
StorSimple is available as a virtual appliance, with up to 64 TB (hot + cold, with between 500 GB and 8 TB of that kept locally) per appliance.
Auto backups with 13 years of retention.
DR Situation you receieve a new unit and can start to use data in 2 minutes of installation
FindTime is an Outlook add-in or Web Based Tools that allows you to quickly find time to meet with others Internally or Externally - something that can take weeks without FindTime! FindTime helps you pinpoint times to meet by looking at available free/busy data for your attendees as well as creating a poll where attendees can vote on the times you suggest, and even suggest new times themselves!
FAQ
Nope! Your friends and colleagues only need an email address and Internet access in order to be a recipient. You are certainly welcome to spread the love and invite them to install FindTime, however, and become an organizer!
Definitely! Just add a second personal email address to the To: or Cc: line and you're in business!
Yes! You can send a FindTime invite to anyone with an email address. Only organizers are required to be on Office 365.
Skype for Business has a limit of 250 Users ... how do big enterprises get around to showing Webinars for a user count larger than this?
Introducing : Skype Meeting Broadcast is a feature of Skype for Business Online and Office 365 that enables you to schedule, produce, and broadcast meetings or events to online audiences up to 10,000 attendees. The Skype Meeting Broadcast portal is where you schedule a meeting of this size.
Company's can use this for free if they have an Office 365 Subscription and send event invitations to internal and external users with automatic Language translation which makes it a great worldwide feature.
For existing Employee's - Great for announcements and feedback across multi region offices and remote users
For Existing Customers - Great for new product launches
After the meeting, this video can be downloaded to host online in 365 Video for people who missed the event and also a CSV file can be download to list all attendee's to follow up attendee's on future events or feedback
A small village in Devon have used their annual theme bonfire night to vent their frustrations about WiFi speeds – by burning a giant effigy of a BT Openreach transit van.
“Upload speeds are almost zero! There really are very few places in our village where a 2G phone signal can be reliably found, let alone 4G.
A spokesman from BT said: “Templeton is an extremely rural community which makes rolling out fibre broadband much more challenging. Templeton was not included in Openreach’s commercial roll-out of fibre broadband or the first phase of the Connecting Devon and Somerset partnership but we’re working hard to find alternative ways of bringing faster broadband to residents.
Microsoft is announcing Azure File Sync a solution for customers who currently use DFS-R to share files between their multi site servers to leverage the cloud in enabling a cloud base file share and storage. Available for Supported OS for File Sync: WS2012 R2 and WS2016
App Compatibility
Performance and training compared to Sharepoint and One Dirve for business
Amazon provides a service called VTL , Virtual Tape Library which means your Existing Backup Programs can utilise this service per normal E.g. Veeam! This means whenever your tape drive fails you can not move to this service with a Gateway and continue on your retention per normal without a shift in Technology or process
Learn more about getting started here.
Azure
Starwind has partnered with Azure to offer a similar product however you need to purchase a VM to be able to do this
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/starwind.starwindvtl?tab=Overview
Cost of this is : $0.01 / Month / GB in "Cool Storage" . and it's Archive Storage ( Cheaper ) is still to be priced
Microsoft are coming around to copying all VM's and services available on Amazon's AWS e.g. Snowball ( Azure Databox ) and Glacier - ( Azure Archive )
One of these is the B Series ( Amazon's T2 released in 2014 ) , which are Microsofts Burstable VM range, that can burst when needed to 100% CPU. You have a specific amount of CPU credits which you can use for these bursts during the day to make sure you are not overusing the VM. Once you run out of credits your CPU is capped ( like your home broadband if when you go over the limit ) until you build these credits up.
To get a better understanding how much credits are banked per hour per different VM size, have a look at the following table.
| VM size | Credits banked / hour | Max banked credits |
|---|---|---|
| Standard_B1s | 6 | 144 |
| Standard_B1ms | 12 | 288 |
| Standard_B2s | 24 | 576 |
| Standard_B2ms | 36 | 864 |
| Standard_B4ms | 54 | 1296 |
| Standard_B8ms | 81 | 1944 |
The Azure service you are looking for is Azure Monitor with its metrics. The metrics are directly included in the VM blade of an Azure VM.
Here you get two different monitoring options for the credits.
You do not know when these will be coming in however you may need to do specific work on the email when it does throughout the working day. The same can be said for any parsing work.
You only need high CPU for PUT and PULLs requests to a code repository.
Same as your email parser you have no idea when these transcriptions will be coming in, however when they do , they need to be actioned straight away.
such as MySQL or SQL Server – on a virtual machine. Normally, you’re performing run-of-the-mill read queries that aren’t particularly expensive, but at the end of the week, you need to run a series of huge, complex reports that really eat up processing time.
To participate in this preview, request quota in the supported region that you would like. After your quota has been approved, you can use the portal or the API’s to do your deployment as you normally would.
Launching the preview with the following regions, but expect more later this year:
These are offered in Preview Currently which means they shouldn't be used in a production environment due to lack of warranty ( https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/ )
With the extra method of securit of enabling a second factor for authentication other than a password, attackers are looking at seeing how easy it is to social engineer this. Sometimes the factor is recieving a text message or call to a mobile phone. If the attacker can call up your cell provider and pretend to be you , they can move your number to their simcard and get your password reset!
Look at the video below to show you how easy this is when the attacker has no or the incorrect imformation!
1) If you can try and use an App insteaf of a text message for your second factor. As long as your phone is properly secured and encrypted and also the backup is , it will be near impossible for an attacker to exploit this.
2) If you have to enable a txt message or a phonecall as your second factor , make sure your provider has undergone strict processes nessesary before moving the number to a new sim card.
One of the benefits of an Office 365 Subscription is your monthly costs going towards free monthly improvements
These can all be found here : https://products.office.com/en-us/business/office-365-roadmap#abc
Some ones we are excited about :
Admins will be able to add phishing levels similar to how they set up their spam levels
Sync drafts between different versions of Outlook, so you can start a message in one place and finish and send in another.
Secure Score will add the ability for you to see the average score of organizations that have a similar number of Office 365 active seats.
And easily 50+ Team Updates
With Mixed Reality Viewer, you can see 3D objects – either from the Remix3D.com community or your own creation from Paint 3D – mixed into your actual surroundings through your PC’s camera for powerful ways to bring your story to life.
With Windows Mixed Reality, you can escape to the most immersive experiences – touring top travel destinations, getting inside the most exciting games, attending the most popular events, even travelling across time and space – right in your own home, with you at the center of everything.
Windows and Office together are the best duo for doing. 3D, now in Office, helps you increase visual and creative impact with 3D objects in your PowerPoint presentations, Word, and Excel documents. View, resize, and rotate a 3D object with the 360-rotation handle, pull content from the Remix 3D community or locally from your PC, plus even use a brand-new transition type, Morph, with 3D models in PowerPoint to create cinematic transitions between slides.
The reimagined Photos app now gives you the ability to add filters, text, 3D effects – and soon full 3D objects – and even digital ink to your photos and video clips for great storytelling complete with soundtracks, themes, and transitions.
To better protect against ransomware attacks, we’re introducing Windows Defender Exploit Guard that helps protect files from unauthorized changes by nefarious applications and your applications from unknown exploits. Additionally, Windows Defender Antivirus now has specific safeguards in place, along with default enhanced coverage that is delivered instantly via the cloud protection service. These and other security technologies protect against persistent ransomware campaigns like Cerber, Locky, and Spora, as well as global outbreaks like WannaCry, and Petya.
When you save your files in OneDrive, now you can access them just like any other file on your PC without filling up your disk space. Easily tell which files are available online only or offline. Online-only files download on demand with a double-click, and you can make them online only again to free up space. Or you can select files to always be available offline. Click here to learn more about OneDrive Files On-Demand and how to enable it.
Your password now is a single point of failure for your email or service getting hacked by unauthorized users. The chances are the account would be exploited in the first day against some social engineering trying to get money from your finance department. Your bank and financial institutions have been using 2fa for years now and it's the recommended solution now to add to the rest of your cloud and local services.
This is usually added to company's Web Application such as a Document Management Solution or Content Management Solution which use certificates to encrypt traffic between your web browser and the app to make sure no prying eyes will see any confidential data.
SMTP emails should be set to use TLS for mail flow by default over normal port 25.
Windows 7 and Windows 10 now-a-days come with Free Antivirus checkers ( Windows Defencer and Security Essentials) however these are only licensed for Home use. It's best to get a fully managed AV like Webroot where Virus detections are alerted on straight away.
Even with cloud providers such as Google's Google Apps for Email or Microsoft's Email Hosting 365 , they need that added layer of protection against Spoofing, Phishing and Virus.
Services such as Mimecast and Postini can help protect all the above and provide real time protection to new threats
Per Bullet point 1) the first form of defense if your password! Make sure this is changed once a month and sign up to https://haveibeenpwned.com/ to make sure this hasn't been compromised elsewhere
Make sure all the firmware on your Wireless Devices , Servers and Routers are kept up-to-date to make sure you install security updates as well as feature updates
Make sure users are told regularly about current well-known attacks such as phishing , Spear Phishing or Cryptolocker so they can understand what to look out for and ask before clicking!
