SharePoint 2016 (it’s evil but it’s awesome)

This is one of those programs you don’t even know you need until you have it.  Then you wonder how the heck you functioned without it.  You can ‘do the cloud’ or make your own fully controlled on-site system.

Explaining SharePoint is difficult but, trust me on this, you should at least look at it so see if it’s the ‘missing link’ of your information system.  Microsoft SharePoint.

Microsoft offers $20/month/user for SharePoint with Office, OneDrive, Exchange and the works.  Problem is they own you and your data, something most business owners in Canada either can’t (because of government contracts) or won’t do.  I’m on the ‘no cloud’ side because one twit with a backhoe can end your business in 10 minutes unless you diligently make backups.

If you have a Server 2016 & Exchange 2016 (the type I usually put into clients) you don’t need any hardware (see Your New Server), just a really complicated install.  If you already use SharePoint the upgrade from 2010 is nightmarish (but doable) and from 2013 it’s a walk in the park.

So why don’t you have one?  Well it’s the $7000 software plus $100/user (ball park figures Microsoft changes things from time to time).  Which is more than the licensing cost of your Server, Exchange and all those CALs you needed to get it happy.  You’ll need an SQL server as well (additional cost).

Maybe in this one case, the cloud will work for you (at least cost wise).

Posted in Uncategorized | Leave a comment

‘Hey Microsoft just called me’

Uhmm.. no they didn’t.  First off Microsoft isn’t going to call you, or really any other software company (try phoning their tech support and see how long it takes, imagine them actually phoning people proactively to solve problems).

The solution:  Don’t get rattled and don’t trust anyone (not webpages or people you don’t know).

This applies to those pop-up webpages you can’t close (often with loud messages playing).. “Call this number you are infected, owing taxes, under arrest, piracy, being investigated for terrorism.  You often see the terms FBI, RCMP, CIA, CRA and other scary federal agency letters, seals and the like.  Just as often you see spelling mistakes and poorly phrased English.

Here’s a quick list of thing to watch for in the ‘Tech Support Phone Scam’, I’ll cover the ‘Webpage scam further down’:

  • Clue #1: THEY called YOU
  • Clue #2: The Caller ID says ‘Microsoft’, ‘Tech Support’, or something techie sounding
  • Clue #3: They have a thick foreign accent and some ‘normal’ sounding name
  • Clue #4: They claim your computer is doing ‘something’ (spam, virus, hacking)
  • Clue #5: They ask you to open the windows Event Log Viewer
  • Clue #6: They ask you to go to a Website and install a Tool (Ammyy, TeamViewer, LogMeIn Rescue, and GoToMyPC)

As long as you don’t let them in (via the remote control programs) they can’t do anything but swear at you.  If you do let them in they’ll likely run for SYSKEY and now you have to pay a ransom to get your files back.  Couple hundred to a few thousand dollars with no guarantee you get your files back.

The annoying WebPage with plenty of threats and you can’t close it:

  • Clue #1: You can’t close the page
  • Clue #2: It’s usually playing some loud record voice telling you how you are in serious trouble (virus, taxes, police etc..)
  • Clue #3: You have a convient phone number to call to get this all fixed ASAP

If you call you are now in the ‘Tech Support Phone Scam’ at Clue #3 and they will quickly need you to allow them remote access (Clue #6).  To get rid of the page you can reboot or in your Taskbar (that bar on the bottom usually) RIGHT click on your browser and select ‘Close All’.

Variations of these scams include:

  • A relative needs money for bail in some foreign country, usually they got this information from your relatives FaceBook page.
  • CRA/IRS is coming to take your house (foreclose), sometimes they want you to send Bitcoins (digital currency) to some address.
  • Some crazy distant relative left you a pile of money but you need to pay for the ‘processing’ so they can mail you some massive cheque from Namibia or something.

If you want to help stop these people, tell others and especially our less digitally knowledgeable relatives (usually older and retired).  If you really want to help perhaps take a few lessons from 419 Eater (a site that helps fight back).

Posted in Internet, Virus / Hacker | Leave a comment

Your New Server

It’s probably that time again.  You knew it was coming but that old 2008R2 has been running well or at least it was until recently.

So what to do now that 2008R2 is done and if you knew me you had an SBS2011 (with Exchange & SharePoint as well as 2008R2 server).  The good news is the hardware is probably cheaper for more CPU/RAM/Storage/Speed, the bad news is Microsoft isn’t going to let you off easy on the software costs (hard to beat $900 for SBS).

Migrations are not easy and being your system is probably 5+ years of clutter with leftover accounts, email, and more; a fresh start would probably help.  So here is what you’ll need and what it’ll take to get there:

  • New server box (i7 Hex Core, 64GB RAM, 2x SSD and 2x HDD, 2x Backup USB drives & extra NetCard)  All totaled it’ll probably by about $2500-3000.
  • MS Server 2016, we’ll use the VM licenses to get more mileage from this $1000 base software.  You will have CAL costs per user ($100/user)
  • Exchange 2016 is another $1500 plus $150/user.  You only need this if you want local Exchange which you probably do.. if you cloud mail count on $10/month/user for anything better than crap.  Even at 5 users the ROI is 4 years.
  • 1x SSL domain wildcard @ $150/year
  • The last part is the sheer work involved.  This will usually take me 30-50 hours on just a single machine with VMs running Exchange and all the data transfer and setup (as well as migrating you workstations).  The good part is large and more complicated doesn’t increase labour much, even triple server boxes and a dozen VMs with 35 workstations will still be less than 100 hours.

All in for your single box Server & Exchange for 5 users for under $10000, Each additional user is $250 (2x CALs).  The amount of data can affect the time required, plan a weekend at the office while it’s migrated.  Come Monday everyone has a new profile with their old data still there, email migrated, toys installed and very little to complain about.  This would be a great time to retire the old tired workstations as well or possibly just wipe and reinstall.

I know, you see $10,000 and nearly have an involuntary bowel movement.  Think about it though, the cheapest POS new car is double that, heck your copier is likely that much.  Your business could survive without a vehicle (you can rent one) but turn off the network and see how it all turns out.

Balls in your court, upgrade before the old beast dies and it’s smooth sailing.  Wait too long and it fails and it’ll cost a bunch more and a much more painful upgrade with significant down time (no one keeps servers in stock, these are custom computers).  I can work miracles, sometimes even resurrecting the dead server.. but not every time, so keep the 5 year replacement idea firmly in your thoughts (moving parts wear out).

Send me a message if you want more details.

Posted in LogicITy, Server, Software | 1 Comment

SBS 2011 goes bye-bye

Alas Microsoft is in the process of ending the 2008R2 server and Exchange 2010 from regular support and updates (limited support until 2020 but only critical security patches).  This means all those companies that have one of these awesome beasties will need an upgrade in 2017 or 2018 (or risk some serious problems).

So what’s the plan?  The plan is head to 2016 and opening your wallet.  There is no more cheap ride on SBS (it’s dead) so you need 2 servers and purchase a full Exchange.  At this point the best in-house option is a powerful CPU & loads of memory and run the Exchange on a VM.  It’ll cost about $4000 in software/licensing alone for 10 users including the base Server software.

If that makes you cringe you can host the Exchange with a partner of mine (HostedBizz) and get a Canada-only cloud at $10/month/user and I will still keep it running normally.  Unlimited mailbox size and good old Exchange so your phone will be happy and no SSL for you to mess with (saves $100/year).

If you need a quote on the hardware for this I’ll get you something current but your looking at an i7 hex-core with 32GB RAM, 2x SSD and 2x 2TB HDD.  Some extra cheap extra bits will help (like a network card for the VMs and some new 4TB USB backup drives).  The server is ‘cheap’ it’s the software that’ll hurt this time.  I have UNIX alternatives (like Zentyal) but the maintenance will eat your savings.

For the accountants out there the cloud services offer a better tax advantage @ $10/month/user the on-premises solution of Exchange 2016 with be $1500 & $150/user and about a 5 year lifespan making the ROI and easy calculation (remember software has a smaller/longer write off spread over time but is cheaper in real $).

Call/Email me if you have questions

Posted in LogicITy, Server, Update | Tagged , , , | Leave a comment

‘BadTunnel’ a gateway to hell

PhoneMicrosoft has a bounty program, which pays if you find a bug and explain why it’s a bug (or exploit).  They pay upto $50,000 USD for the information.  Yang Yu, founder of Tencent’s Xuanwu Lab has made previous successful bounty claims as well but this one is a whopper.  It affects every version of Windows back to Windows 95 (no patches coming for those old OS either).

The flaw, which he’s called BadTunnel, exposes local area networks to cross-network NetBIOS Name Service spoofing. An attacker can remotely attack a firewall- or NAT-protected LAN and steal network traffic or spoof a network print or file server.

“In combination with other system mechanisms, it can hijack the network traffic, and even run any program,” Yang said.  The flaw was addressed recently by Microsoft in security bulletin MS16-077 and in CVE-2016-3213.

“To successfully implement a BadTunnel attack, [you] just need the victim to open a URL (with Internet Explorer or Edge), or open a file (an Office document), or plug in a USB memory stick,” Yang said. “[You] even may not need the victim to do anything when the victim is a web server.”

The key is the apparent predictability of a NetBios Name Service transaction ID, which an attacker can abuse by getting the victim to visit a URL hosting an exploit or open an exploited document. The victim’s machine will trust the attacker and they will be able to hijack traffic or force the victim to visit malicious sites.

Windows admins are advised to patch at once, or block UDP port 137.

Posted in Update, Virus / Hacker | Leave a comment

Randsomware – the ‘new’ virus type

HelpLocky encrypts your data using AES encryption and then demands .5 bitcoins to decrypt your files.  Though the ransomware sounds like one named by my kids, there is nothing childish about it.  It targets a large number of file extensions and even more importantly, encrypts data on unmapped network shares.  If you don’t have a backup your data is gone, unless you pay and hope they payment isn’t yet another scam.

Those of you with a server are pretty safe.  Backups, Shadow Copies and the like but stand-alone computers are at risk.  The virus (usually run as a script or macro from an email attachment) will disable your shadow copy (removing backups) and sometime hunt the backups down wiping them out.

So far I’ve seem 5 infections of this virus and only 1 had data loss (that client at least remembers me specifically telling them.. “Seriously, you really need a backup of some type, you know, just in case”).  Each infection differed in the targeted files.  Sometimes it was MS Office files, image files or PDFs but there is no limit to what it COULD encrypt.. it just happened to have a priority before we stopped it.

Why did the anti-virus get it?  Because the user ran it, not as a virus but a function with their security and authorization.  Much trickier, to limit what the user can do a file (like saving & deleting) than limiting access to the same file.  It sound like a fine point but the micro-management required means you need a server and if you had one this virus is only inconvenient event, not a source of data loss.

The real victims are home users and ‘server less’ environments.  The most recent off-line backup could be the only fall back.

So if you see a .locky file on your machine, reboot.. NOW!  Pull the power cord if you need to it’s only in memory (usually) and that stops the encryption process.  If you are on a network you can look at the file properties of the newly created ‘How to fix’ file in the same directly (could be a few names but you’ll know it when you see it) and the under the Details of the file properties it’ll tell you the user/system infected (the one that created the new file).  Reboot that machine ASAP.

Google can offer you some help recovering, so can Malwarebytes.org (in finding any viral leftovers).  Your server and backups are your best hope, failing those a few bitcoins and some trust in the makers of the virus are all you might have left.

Backup often, trust no email attachments.

Posted in Internet, Server, Virus / Hacker | Tagged , , | Leave a comment

SBS is dead, but not forgotten.

UpgradeMicrosoft officially ended the Small Business Server (aka SBS) to the chagrin of many smaller companies wanting in-house control of their data at a reasonable cost.  With this move the cost of having an in-house solution for email & data went up by $3000 or more.  I’ll explain the changes and how you can make a new SBS that will at least do the same job as before.

SBS was unique in it allowed the Domain Control & Exchange to co-exist on the same server, normally this didn’t work.. Exchange doesn’t like being on a DC.  The new method means every company needs 2 servers in their office or move email to the Cloud, as we know in Canada that’s not going to work (unless you have no email from the government or government contracts which REQUIRE your mail & server be in the country).

The new solution is a computer powerful enough to run 2 servers, one normally and the 2nd virtually.  Windows Server Essentials 2012 will be the base machine and another copy of Server 2012 Standard runs as a VM (but not a DC) and there resides the Exchange server.  Many other changes are also needed and the setup is much longer and of course the server more complicated.  Instead of the $900 + licenses (past 5) on SBS you now have $500 for Essentials (upto 25 users), $1000 for Standard but also $900 Exchange & $110/user.

Of course setting up 2 servers takes longer (even if one is virtual), the hardware is more expensive and you need a few extra parts (like a VM drive for Exchange).  All in all an in-house system went from about $6000 (hardware, software & labour) to about $10,000.  You can no longer buy SBS 2011 but for those with a copy you could keep it running on new hardware for a least a few more years (after all SBS 2003 just ended it life).

Posted in Hardware, Server, Technology | Leave a comment

HeartBleed & Microsoft

HackedThe Heartbleed vulnerability in OpenSSL has received a significant amount of attention, worry naught it won’t get you unless you have Apache on your Windows server. Microsoft services were not impacted by the OpenSSL vulnerability and the Windows implementation of SSL/TLS was also not impacted.

Rest assured that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability.   Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.

Posted in Internet, Server, Software, Virus / Hacker | Leave a comment

Vitualization vs. Cloud Computing

WorldwidePeople often get the terms “virtualization” and “cloud computing” confused, believing that they can be used interchangeably when, in fact, they are diametrically opposed.

Virtualization tricks your software into believing that it’s running on a real server, network or storage that is actually there, but it’s not: it’s virtualized. Essentially we are hiding the infrastructure from software, which allows software to believe that nothing is changing even if we move the ‘server’ to a new machine or new location.  Portable and easy to get running on new hardware.

Cloud computing is the exact opposite. A real public or private cloud richly exposes the infrastructure to the application which is not only infrastructure-aware; it is dependent on its interactions with the infrastructure.  This allows companies to turn off resources when they’re not using them and add additional resources when required, basically making a server more powerful when needed.

The PR teams will tell you Cloud Computing is the way to go, the destination and ultimate goal of business computing.  Complete horse crap.  It’s probably the next ‘leaky condo’ with more central points of failure than any system in existence (because you need to connect to it the entire path is vulnerable from failure).

Cloud computing and data storage bind client to the service providers like nothing else the monthly fees are reasonable on a per user basis but company wide they can become onerous without offering any local hardware maintenance (which is often the largest cost).  One special consideration for Canadian customer is you are not allowed to have any government communication or documents leave the country, which mean even GMail violates government contracts let alone files on the cloud.

Posted in Internet, Server, Technology | Leave a comment

DNS Happens

How DNS happens

How DNS happens

DNS (Domain Name Service) has been around since the first time someone tried a name instead of an IP to get somewhere on the Internet.  Which translates to only a few years younger than the first network. What happens when you type ‘google.ca’ isn’t stunningly complex, it’s really no more than your machine looking up the number of that domain and then sending you there.  The really interesting part is how much we rely on it and how it’s embedded into nearly everything.  In fact the Internet would grind to a halt in about 5 minutes without it and the fact it is made of millions of simple text files is a minor marvel.

So why the news on DNS?  My home internet (to my server) went out a few days ago and it is one of a chain of DNS servers that maintain a few domains.  It also exposed an vulnerability in my redundancy which I had thought covered, turns out some companies know less of DNS than I do and thier system weren’t capable of taking the added load.  Thus the DNS entries began to expire and the scramble was on.  Long story short, I managed to get a new DNS system up in a few hours and migrate things to a more stable platform.  The whole system is better than ever and more fault tolerant. This meant some email outages for a time and though email can recover, the deliveries where later than expected.

What I learned yet another software system that doesn’t do what it claims and I didn’t even get an error the system wasn’t working as expected.  No way to check and the only way to discover the flaw was to create the problem it was meant to protect against, seems a rather hard way to test a system.  I’ll have to break down and learn to use Unix on the command line and stop relying on a GUI that tries to hide thier failures behind pretty icons.

I’ve never been a proponent of ‘hard testing’ where one creates the disaster to check the recovery system.  My reasoning being if things are other than planned (see Murphy’s law) you’ll have created a problem you do not have the solution for (or your recovery plan would have worked).

So I’ve learned a few new tricks, found a useful service for DNS replication and for one day of annoyance managed to ‘hard test’ my failover system.  Now I just have to get my own regular Internet connection back, thank the tech gods for cell phone tethering 🙂

Posted in Internet, LogicITy, Server | Leave a comment