|Happy New Year out there to all our faithful readers! In the spirit of the New Year, I thought it would be wise to create my own top ten resolutions of Good and Responsible IT leadership.
I know most of you are thinking that *everyone* practices IT using all of the Best Practices and methods. So Keith, why do I need to abandon my daily coffee and exciting game of digital solitaire. The network is running just fine. Well, my friend, I swear on my giant pink fluffy bunny slippers that not everyone is as responsible as you are. So, let’s get to it.
My Top Ten List of Things Every IT Person Should Do to Stay On Top of Their Systems in the New Year
1. Be aware of licensing changes to your software
2. Audit yourself or have someone else do it
3. Get your core systems current
4. Get rid of those old switches
5. Buy spare equipment …really….do this…yes, you, over there…do this!
6. Legacy NEEDS TO GO!
7. Protect yourself especially with Email
8. Discuss your Cloud Plan and get serious about it
9. Educate your people
10. Plan better and find good Partners
When you plan, give yourself room for things to take longer than you think they should. Remember, quality in IT really matters. It needs to be done right or you will have even more fires to chase as time goes by.
Make a plan, make a list, and get proactive. You will sleep better.
Keith’s Top Ten List of Things Every IT Person Should Do to Stay On Top of Their Systems in the New Year
Published on December 30, 2016 Written by kwillis
Published on October 31, 2016 Written by kwillis
Well, once again it is that time of year where ghosts, ghouls, and Spider-man roam the streets for candy. This Halloween, I dressed fashionably as Sherlock Holmes with pink, fuzzy Bunny slippers. I tried to get my wife to go as Watson, but the look I received had me shivering in my boots reminding me that there are so many kinds of fear. I don’t think she appreciated my dedication to the Holmes-ian lore. So, while I was passing out candy, I pondered that many of us might be getting goosebumps from all of the Hacking going on in the world
This led me to ask the question. Why is security such a nightmare?!? Most of us find ourselves beholden to Windows Updates, Antivirus Updates, Anti-Spam updates, and Email Spam filter systems. In the pool of never-ending updates, sometimes we feel as though we don’t truly have a grip on the state of our own security.
If you don’t run a modern security tool, you live in Cyber-fear. Today we live in the age of Cyber-warfare. China hacks the US…the US hacks China…Russia hacks the US…we hack back…and everyone disavows that any of this is actually going on. It can make you feel pretty powerless.
However, the one thing *every* hack has in common is lack of preparation and carelessness.
So…Let’s break it down.
Just like in any crime, criminals need a door (or a Window). People who wish to steal or harm in the cyber-world need an entrance. Don’t give them one.
- Have a proven Anti-virus application. Yes, free ones are just fine. AVAST, AVG, etc. All are good choices. A good A/V isn’t 100% fool proof, but it will let you know if something isn’t quite right.
- Know yourself and the people you interface with. A lot of bad guys come in through email by sending unsuspecting users emails that trick them into going somewhere on the Net they wouldn’t normally go.
- Use LOW TECH. If you get a suspicious email, before you open it, text your buddy or give them an old fashioned phone call to see if it is legitimate. This is especially important if it is outside of their normal behavior.
- Be extremely careful on networks you don’t know. If you travel, don’t just use any WIFI. If you are visiting a Hotel, make sure you are using only their WIFI and that they provide the password to you. Rouge WIFI in a public place is a common hacker trick. They setup an access point and pretend to be the hotel. If you get a funny feeling, don’t ignore it. Use your Cell Phone in HotSpot mode. Be safe.
- Use encryption. If you travel and use networks other than work, home, or school, you must use encryption. If your email client isn’t setup to use Encryption, then remove the account and set it back up with encryption. Hackers steal passwords over unencrypted email all the time. If you run Exchange, you are already protected. If you use another email program, make sure you checked the SSL or TLS box when setting up email. This is especially important on your phones as well. If you don’t know, Ask your friendly neighborhood IT guy or gal.
- Do not download stuff you wouldn’t otherwise. No matter who tells you. Vet it thoroughly. You know what tools you need.
- Don’t be Social Engineered. There is a rash of calls where people are calling folks and pretending they are Microsoft and they need to go download some tool for them to get protected. They then find out they are “infected” and have to spend $50 – $100 for the tool to save them. “Hmmm….I don’t think I had a virus until I downloaded the tool you gave me….Wait a minute?!??!” If you don’t know what Social Engineering is, go read a lot about it…TODAY!
A lot of you out there reading this article will think that you aren’t worth hacking and even if you do get hacked, there is nothing of value. Just a bunch of the photos of the kids. Don’t be fooled.
If you work for a small dry cleaning firm and work with the customer list, how much is that customer list worth and to whom. It might not seem like much to you, but your competitor across town might pay a pretty penny for that list. Yes, that makes you a prime target …. for someone.
In Information Age, it’s all about information. Yours, mine, even your mother-in-law’s. Information is power. Protect it. If you ever doubt the power of information, just ask Google.
Published on September 30, 2016 Written by kwillis
Windows Server 2016-The Next Generation!
“It’s finally here. Windows the Next Generation!” Really!?! All that was missing was the 1970s chic product gal with the glittering smile.
We just can’t wait to tell you how great it is and all the cool new things we have added to make your life simpler, faster, and better. Somehow, I think I have been here before.
Windows the Next Generation…. hmmm. As I sit here writing this article sipping on a cool Texas glass of Iced Tea, I can’t help but wonder how we’ve gotten here. Travel with me back to a simpler time.
I can remember when Microsoft Windows was a simple tool that crashed daily. You often had break out your 14, 3.5 inch floppy disks for a reload of a patch. For those of you who are old enough, you might even remember the good old days of Windows NT in 1995. They told me it was Windows the New Technology (NT). Sounds an awful like the Next Generation, just without the Borg and Captain Picard! My first experience with Windows NT involved a lot of rebooting, reinstalling, rebooting, reinstalling, and reinstalling some more.
But I digress. Today I was just given the news that as of October 15th we will be able to download and install Windows Server 2016. This means that those of you have been putting off your Windows Server Technology upgrades and are still running on Windows 2003.. are now officially running a 13 year-old operating system.
I wonder how many of you still have a 13-year-old refrigerator or drive 13-year-old cars?
Like a lot of Technology improvements Windows touts Server 2016 as the next best thing, but is it really? One thing is for certain, if you are running 2003 or 2008 it’s time to come out of the closet, pull up your shorts, and move into the 21st century!
So ultimately, why do we care about Windows Server 2016? The driving factor to move to a new Operating System has been largely driven by security concerns for the last several years.
In the end, an upgrade grants us new features, improvements, and even new tools. Those alone don’t push people to do upgrades. However, if you can prevent the latest Chinese hacker from remoting into one of your systems, it’s an investment well worth it.
So, even if Windows Server 2016 isn’t the best, baddest, and meanest. You need to be involved. Your technology health is critical. So get on board. The news is filled with headlines like “Yahoo compromised and 500,000,000 accounts stolen.” Don’t be the victim.
After all, new technology is the first line of defense against the new threats in the 21st century.
Published on August 31, 2016 Written by kwillis
Today I was sitting at my desk in my cargo shorts and bunny slippers when one of my long term clients called to talk about their aging infrastructure.
Now most of you know that I do my best thinking in bunny slippers, so he couldn’t have called at a better time. The conversation was light and pleasant with a lot of phrases like “treated me right”, “been great for my business”, “perfectly good gear”, and the famous: “if it ain’t broke, don’t fix it”. But yet, here we were, on the phone discussing the life and times of 8-year-old server technology!
So, why were we discussing the infrastructure if it was “perfectly good gear”?
Simply put, reality had set in. While the general feeling of nostalgia ruled the conversation, it belied the hidden issues that had been ongoing for the better part of 2 years. They were spending a significantly larger amount of money on a monthly basis with our firm and other vendors just keeping the technology running. Yet, this was not enough to make him want to pull the plug. (I found that interesting, because I like saving money.)
Like I said, reality is a harsh mistress. Customers were asking my client to produce reports and data that their systems simply couldn’t provide. Running reports and data analysis brought the systems to their knees causing a real concern that they couldn’t keep up with the demands from their customers. This customer-facing challenge was enough to get the ball rolling and to start the conversation about how to get out of aging infrastructure and what kind of impact that would have on the business.
I am thankful for that demanding customer for getting my client to move out of ancient technology into the modern world. However, as a professional, it leads me to ponder how easy it is for business owners and decision makers to get stuck in the technology rut. I have this conversation often and the reality is never as simple as the platitudes provided. Most of the time, the reason people hesitate moving is simply… Change Is Hard!
With Change, a company has to change their software, systems, and licensing. Sometimes this means training and new vendors. New client tools, new Desktop PCs, new, new new….. New means that you can’t do everything the way you were used to. It’s no longer the comfy leather recliner in the den. It’s a new post-modern era sofa with leopard print…ok, bad analogy…but you get the idea.
Change Is Hard – but it doesn’t have to be! Really! tWhen was the last time you bought a new car and wished for the good ol’ days of crank-up windows? (I don’t know anybody that liked those things and the Drive-Thru was just painful!) Upgrading to the nice new car smell is never a bad thing.
So, why does everyone think technology changes have to be akin to walking on hot coals or pokers in the eye?
Let’s change the conversation and the mindset. Anticipate the future role of technology in your business with an open mind, good planning, great technology partners, and looking forward to better ways of doing things. Time doesn’t stand still and neither should you.
Look FORWARD for your better tomorrow!
Published on July 29, 2016 Written by kwillis
- Mid-Tier/Business Class
SOHO – Small Office / Home Office – (run, run away)
Published on June 3, 2016 Written by kwillis
The price of keeping our systems and data secure (as well as our sanity) is unending vigilance!
It is a given that the typical IT Shop in the small to medium business environment is busy to the max, as you work to keep things going, answer requests and jump on emergencies… much less scour the net looking to keep up with the ever changing security threat landscape.
Our Senior Security Engineer spent two tours with three letter agencies in D.C. doing for them what he now does for ECXSystems’ clients … provide timely warning of emerging threats, assisting in clean up and restoration. One of the ways he stays current is to leverage his time thru using solid blog and newsletter sources that he trusts.
You would do well to follow up on this article in Knowbe4.com… and if you don’t have time, then be sure to contact us at http://ecxsystems.com/contactsale.html Fill out the form and we will follow up and help you fix your phishing issue.
The Nightmare of Exploits Past. How Phishing Attacks Use Old Vulnerabilities!
A Must Read…
Published on April 27, 2016 Written by kwillis
….BUT, I like VMWare!
Of course you do! As do I! We all like to dance with who brung ya! (and swing with who swung ya)
Hyperconvergence as a product means to make Hyper-V and VMWare obsolete (if we let it). The product offerings pushing Hyperconvergence will let you continue to use Hyper-V and VMWare if you like, but they make jumping ship very attractive.
For example, the Nutanix node-based compute solution is a 4 U box with compute and Disks included:
Nutanix includes their own Hyperviser called Acropolis – based on the Linux KVM solution. Since the reason that Hyperconvergence is so attractive is the turn-key features that dominate the landscape. Think autoprovisioning of compute, storage, and networking (called Prism). We no longer have to think about these things as separate disparate technologies.
Need to expand, just add more nodes!
You can keep your VMWare or Hyper-V architecture…or just move them to Acropolis. Thing is…you get to decide. However, since Acropolis is included you might just ask yourself why you are continuing to pay for a Hypervisor. After all, shouldn’t the next generation of technology be cheaper and better than the last?
See how Nutanix is pushing the reasons to switch HERE.
So what does this really mean for my environment?
For the average business, most of us won’t jump straight into hyperconverged platforms. However, as our old environments age out or we have a need for expansion, this becomes the next logical choice. Why buy 80TB of storage when you can get a full platform for just a little more?
Ultimately it provides the baseline for the migration to the next generation technology platform.
So, when faced with an aging system or you just need to look to the future….Think Hyperconvergence! – It’s here, fast, and ready to make you look good!
Published on April 26, 2016 Written by kwillis
Hyperconvergence is not the name for a new German punk rock band or even the latest new Pharmaceutical being hawked on TV by the ever lengthy 90-second commercial. So, how is hyperconvergence the next big thing and why should you care?
Up until a couple of years ago, most of us were being told that virtualization was the way of the future. Well the future is here. If at least 90% of your environment isn’t virtualized, you should call us immediately. You are wasting money, time, and energy.
So if virtualization was the future, how is the next future thing Hyperconvergence?
Hyperconvergence is virtualization done better. A hyperconverged platform provides the ultimate in software management and integration. Imagine all of the pieces of your network managed simpler and better. One single pane of glass for all of your infrastructure.
Now, imagine Enterprise class virtualization features without the VMWare tax, or if you want, you can continue to use VMWare.
In essence, hyperconvergence allows us to deploy an infinitely expandable environment without the hard separation between networking, compute, and storage.
What does this look like?
Most of us need to understand what the physical representation of this actually looks like. For most of us, this will be a hardware chassis with drives and hardware blades in it. The drives will act as converged storage while the blades offer the processing power. The magic is in the software.
Hyperconvergence is currently being offered by both Nutanix and Scale computing. Both are interesting and both look to completely displace VMWare. The jury is out, but the future is here.
Published on February 19, 2016 Written by kwillis
Due to all of the positive feedback on the original article, I decided to do a brief update to nail down and simplify the process.
- Create a Key and Certificate Request
- Issue the Certificate from your favorite Registrar
- Merge the Certificate into a Tomcat File
Create a Key and Certificate Request
On your favorite Linux or Windows box, make sure you have OpenSSL.
I am making a directory called /home/keystore. Seems fitting.
Run the following:
First we need a Private Key. This is yours and yours alone.
openssl genrsa -out /home/keystore/private.key 2048
So, the private key is critical. It’s your unique identifier for this SSL cert.
Next, we need to generate the request to send to GoDaddy, InstantSSL, etc
(If you like this article, you can get an SSL through our GoDaddy Account – I think we make $1)
Now, the command:
openssl req -new -sha256 -key /home/keystore/private.key -out /home/keystore/mydomain.csr
You are going to be prompted for all of the details as follows. For Wildcard, use *.mydomain.com. For other hosts, just use the hostname. ie mydomain.com (you will get www automatically)
----- Country Name (2 letter code) [XX]:US State or Province Name (full name) :Texas Locality Name (eg, city) [Default City]:Tyler Organization Name (eg, company) [Default Company Ltd]:My Domain Inc Organizational Unit Name (eg, section) :IT Common Name (eg, your name or your server's hostname) :*.mydomain.com Email Address :firstname.lastname@example.org Press Enter on the Extra fields, no password needed.
Ok, once finished, take your CSR and submit to your provider. Once you submit, you wait and then you will get your certificate. You may have to check email to approve it.
Now the Easy Part!
Merge the Certificate into a Tomcat File
If you are a GoDaddy Customer, you will get two files. Other providers might send you on a wild goose chase for the Bundle file.
6e00664a60ac4578.crt - This is the Actual Certificate gd_bundle-g2-g1.crt - This is your Bundle file with all the certificate chain data from GoDaddy
For simplicity and understanding, let’s rename the file:
mv 6e00664a60ac4578.crt mydomain.crt
Now, let’s make the Tomcat keystore container
openssl pkcs12 -export -chain -CAfile gd_bundle-g2-g1.crt -in mydomain.crt -inkey private.key -out keystore.tomcat -name tomcat -passout pass:changeit
Ok, you have everything you need. Now, setup Tomcat.
Installing the Certificate in Tomcat
Let’s copy the file to our tomcat installation configuration directory. My tomcat was in /usr/local/tomcat5
cp keystore.tomcat /usr/local/tomcat5/conf
Now, we need to enable SSL. So, we need to edit the server-wide server.xml file. Find the section like this:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <!-- <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
Replace it. Mine looks like this:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="250" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat" keystoreFile="/usr/local/tomcat5/conf/keystore.tomcat" keystorePass="changeit" keystoreType="PKCS12" />
Lastly, find any other references to port 8443 in the server.xml file and replace them with just 443.
Now, restart Tomcat and enjoy your newly functioning wildcard certificate.
I hope this bridges the gaps on some of the other articles out there.
Please comment if it helps you.
Published on March 23, 2011 Written by sbradley
This one bit me good, and cost quite a bit of time before I figured it out. Therefore, I thought it best to document my findings in case it comes up again.
As with many bugs, the behavior didn’t show up until the application was deployed – it worked fine in the development environment. My app uses Linq-to-SQL, and includes an IDE-generated DBML file to interface with my database. The app was connecting to my local database just fine. However, when the app was deployed, and all the changes to the connection string in the web.config file were updated, the connection to the database failed with the error “A network-related or instance-specific error occurred while establishing a connection to SQL Server”. What??
After digging and googling, I discovered something about the IDE behavior when it comes to Linq-to-SQL and DBML generation. When the DBML file is first created, the IDE inserts an entry in the Settings.settings file, which contains the full connection string details. Since this connection string matches the settings in my web.config and the app.config for my local projects, everything works fine. The problem is masked by the fact that both the settings file entry and the config file entries are the same. So, to fix this requires first changing the settings on the DBML file to not use the connection string in the Settings.settings file.
Once this is done, the app will pull in the connection string from the config file, and no more error!
Original post from http://www.sunergeosystems.com/2011/03/23/dbml-and-connectionstring-pitfall/