Enterprise Best Practice does not necessarily equal Cloud Best Practice…

2017-07-27T00:00:58+00:00 July 28th, 2016|Azure, blog|

This article might just be restating the obvious for some — but to put it bluntly, a “best-practice” Enterprise Active Directory (AD) design feature may not perfectly translate to a Cloud-based deployment scenario. Let me explain…

When Good Mappings Go Bad

Let’s imagine an enterprise that has done a good job of providing universal access to user Home Folders by using the AD Home Folder attributes on the user objects.  Very common indeed, and very well loved in most cases.  In a well-designed infrastructure, the users get access to the Home Folder from almost anywhere in the world, and from a variety of platforms including local, remote, and thin/terminal access.

On top of that, imagine further that the environment utilized the individual logon script user object attribute to determine group memberships, deliver printers, and maybe even deliver a mapping or two.  All of this is fine (though arguably cumbersome) in a high-speed environment where the network inter-connectivity is not rate-limited or rate-charged.

Now however, let’s imagine being one of those users authenticating to an RDS/Terminal Server (session hosts) farm in a cloud-based domain instead of in the Enterprise.  Hmm.  Suddenly, different access and performance considerations appear when walking through that logon process.  For instance, while that Home Folder server may be reachable from that RDS farm, that lookup and access of the file server might very well be across a VPN pipe that is slow; or even if it’s fast, there may be a charge for egress data transfer as is the case with Microsoft Azure.  Oh, and that logon script will definitely hit the Domain Controller looking for all of what it needs to draw conclusions; and in the end, may attempt to map you to things you cannot even reach.

Can you solve this problem by putting domain controllers in the cloud?  Well, part of it — if you use good AD Site and Subnet configuration.  But you can’t escape the fact that your enterprise user objects may attempt to reach beyond those controllers and into the infrastructure to access what they must, and time-out on what they cannot (read: slow logon).

The GPO is your frienemy

And don’t even get me started on GPOs.  Yes, you know them, and you love them, and you use them to provide a rock-solid enterprise configuration for your users…  But what about those mandatory proxy registry settings that matter in the cloud?  What about those printer map settings?  What about those WMI evaluations?  The Item-Level Targeting?  And so on.

And then one day of course, there’s the one GPO setting that accidentally gets applied to those users that inexplicably wipes out their access to the application in the cloud-based RDS farm.

The bottom line is that again, things that may be prudent and reasonable in the Enterprise may be detrimental to the Cloud users’ experience.

So what can you do?

First, step back.  Ask yourself if your user logon process is clean, lean, and mean, and prudent for a Cloud-based experience.  It may very well be the case, but it likely is not.  So if you find that you’ve been a good and dutiful Enterprise admin and used Active Directory to tightly configure that user, you might be faced with a need to have a separate directory for your Cloud environment that is either replicated, integrated, or federated.  Which, for some organizations, may very well cause them to have to re-think security models (or at least re-imagine the ones they have), evaluate provisioning, and so on, as part of a larger Cloud Strategy.

Or, if your situation permits, you might be able to take advantage of the soon-to-be-released Azure Active Directory Domain Services, as long your design doesn’t run up against some of the limitations (I strongly recommend you read the FAQ and other documentation before deciding it’s right for you).

Now you’ve heard what to watch out for, but the options you utilize going forward depend on what you are trying to achieve.  Good luck out there, and let us know if we can help…

Hyper-V, Windows 10, and Insider Preview…

2017-07-27T00:00:58+00:00 July 21st, 2016|blog, Hyper-V, Microsoft|

I am guilty of running Windows 10 with the Insider Preview “Fast Ring” in production as my day-to-day laptop.  I also maintain a lab of Hyper-V Virtual Machines (VMs) on my laptop that use shared virtual networking with the built-in interfaces, so I can have the equivalent of a NAT environment for my VMs.

Mind you, it’s really been great in almost every way — except that every time I get an update to the Windows 10 Insider Preview (and that is ever few days lately), I have to re-configure my interface sharing and NAT so my VMs can reach the Internet.  So, I thought I’d whip up the steps for you, in case you face the same thing.

So first, after you notice that your VMs don’t have Internet access — and then you remember that you got another Fast Ring update recently, you do this:

Open the Hyper-V Manager on the Windows 10 laptop, and click on “Virtual Switch Manager…” from the Actions area.

Capture1

Select the virtual switch to be fixed, in my case named “Internal-NAT switch”, and change from Internal to Private, and apply.

Capture3

You may notice that the Hyper-V interface disappears from the laptop Interface list.  Select Internal again to change from Private, and click OK.  The Hyper-V interface reappears in the interface list.

Capture2

Right-click on the WiFi interface (or whichever you wish to share networking with the VMs), and choose Properties.  On the Sharing tab, ensure the box is checked for “Allow other network users…” and click the drop-down list under “Home networking connection:”.  Change from “Select a private network connection to choose the Hyper-V interface, and click OK.

Capture4

Note that the previous step has not *always* worked for me, though it usually does.  A couple times, I’ve had to either a.) un-check the check box and save before re-enabling sharing, or in rare cases, b.) go into Device Manger and remove the WiFi interface, reboot, and return to re-enable sharing.  Anyway, if all goes well and you’ve re-enabled sharing, your VM pings will start going through as the networking gets reconnected.

Capture6

I’ve become quite used to doing this series of steps and have got it down to a quick few moments, but it always seems to catch me off-guard each time it happens.  I hope it helps you a bit!

Nutanix .NEXT Conference 2016 Recap

2017-07-27T00:00:58+00:00 July 8th, 2016|blog, Hyperconverged Infrastructure, Nutanix|

One of our strategic partners, Nutanix recently successfully completely their annual .NEXT Conference boasting over 2500 attendees from 50 countries. There were 67 breakout sessions and 120 speakers, and many exciting announcements were made, including but not limited to the following:

  • Acropolis Block Services: Expose Nutanix to bare metal with important features like migrating SQL from bare metal to VM with zero down time.
  • 5th Generation Hardware: The G5 series will now provide the option to choose all flash configurations across the board.
  • Predictive Analysis / What-If Scenarios: Answering such questions like, “What would we need if we bought a new company?” and “How would new hardware help my environment?”
  • Microsoft CPS: Nutanix will now have an option to ship with the “Azure in a Box” experience, pre-installed with SCVMM SCOM and Azure pack.
  • ESXi Management through Prism: This is now truly a single plan of glass for managing compute, storage and virtualization under one umbrella.  No need to jump back and forth between management tools.
  • Network Visualization: See how VMs are connected to the host, switches and other VMs.  This works not only as a great troubleshooting tool but also as an excellent tool for documenting the current state of network connections.
NTCs Behind the Scenes (literally)

NTCs Behind the Scenes (literally)

Coretek’s Datacenter Practice Manager, Todd Geib was honored to be a part of the conference.  Nutanix asked Todd to help kick off the .NEXT keynote session along with other members of the Nutanix Technology Champion (NTC) program.  In 2015 Todd was nominated into the NTC program.  The NTC Program recognizes Nutanix and web-scale experts for their ongoing and consistent contributions to the community and industry. The program provides its champions with opportunities to further expand their knowledge, amplify their brand, and help shape the future of web-scale IT. Todd and the NTCs started with a little fun, spelling out “WELCOME TO #.NEXTCONF 2016” on their shirts. Watch the Keynote here: https://www.youtube.com/watch?v=rV0LDLO4uPw

David Blaine at .NEXT Conference

David Blaine at .NEXT Conference

 

And what would a trip to Las Vegas be without a magic show? Magician and illusionist David Blaine made an appearance at .NEXT, testing his ability to hold his breath underwater against the time it took to install Nutanix Community Edition. It was installed in a little over 7 minutes – plenty of time for David to relax in the water tank, whose breath-holding record is 17 minutes.

 

 

 

For more highlights, announcements and information on the .NEXT Conference, visit the Nutanix page:

http://www.nutanix.com/2016/06/21/nutanix-next-2016-announcements-innovation-is-just-a-click-away/

 

The future with Nutanix looks bright and we’re looking forward to .NEXT 2017 in Washington D.C.!

Ransomware Is On The Rise – How to Defend Yourself

2017-07-27T00:00:58+00:00 May 10th, 2016|blog, Malware, Mobility, Ransomware, Security|

The arms race between cybercriminals and security firms has reached a fever pitch. Today end users and businesses alike are faced with the growing threat of Ransomware. This is a type of malware that locks and encrypts devices and files preventing access unless a specific amount of money (Ransom) is paid. In 2015, the FBI received roughly 2,453 complaints related to Ransomware malware attacks, which amounted to $24.1 million in losses.

Ransomware relies on social engineering to spread through infected phishing emails, attachments, or malicious content running on infected websites. Once a machine has been compromised, the malware executes and encrypts all data files. This includes local files as well as network drive file storage. After the files are encrypted, they are unrecoverable unless a “ransom” is paid to the attacker. Outside of restoring from a backup the only way to restore the data is to pay the distributor of the malware. (Whoa!)

Picture1

Initially, individual home users were targeted — but the focus of these attacks has shifted, and businesses are now their primary targets. The shift of the attacks has made these Ransomware companies very profitable, and as such the problem is growing rapidly. As the malware continues to evolve and become more sophisticated, the organizations have grown and now have full time employees dedicated to developing and improving the malware. They leverage some of the most sophisticated phishing and social engineering techniques seen to date. The threat posed by Ransomware is growing and should not be underestimated by our clients.

To mitigate your risk ,the Internet Crime Complaint Center (IC3) division of the FBI recommends the following:

  1. Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies. It’s also important to continually maintain both of these through automatic updates.
  1. Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.
  1. Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files. 
  1. Be skeptical. Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether.

IC3 additionally says if you believe you are a victim of ransomware to file a complaint with the FBI and suggests disconnecting from the internet to avoid any further data loss if you receive a message demanding payment.

Start a truly valuable conversation…

2017-07-27T00:00:58+00:00 April 21st, 2016|blog, Skype for Business|

At the heart of great teams is great communication

Productivity today is centered on conversations – sometimes a quick instant message or call, and sometimes a meeting planned in advance including voice, video and content sharing.  At Coretek, we believe that the heart of productivity is great teamwork, and that the heart of great teamwork is great communication.

Office 365 is a world-class productivity service that helps great teams to accomplish great achievements.  At the heart of Office 365 Communications is the Skype for Business service connecting your teams with the experience they love, in the Office applications they use every day.  With Skype for Business you can simplify your infrastructure with one platform for calling, conferencing, video, and sharing.

Achieve more with a fully integrated communication solution

Coretek offers a fully integrated communications solution based on Office 365, our services, and certified hardware to ensure the best experience for your end-users.  We help our customers along all the steps of the productivity improvement journey, starting with deployment planning and roll-out, to making sure your teams are up to speed with the new solution and comfortable enough with the new ways of communication.  By leveraging our company’s offering, your teams will be able to communicate like never before using Office 365 and Skype for Business.

How do you accomplish this?

Skype across Devices

Connect with your team anywhere using our mobile apps across Windows, iOS and AndroidTM, or bring remote participants into meeting spaces of all sizes with Skype for Business Room Systems.

Skype Across Devices

Complete Meeting Solution

Work like you are all in one room, even when you are not.  From collaborative team sessions to large broadcasts or dialing into a conference using your phone, Skype for Business is designed for all your meeting needs.

Complete Meeting Solution

Modern Voice with Cloud PBX

Make, receive, and transfer business calls in the office, at home, or on the road using phone, PC, and mobile.  Increase agility and consolidate management with voice services in Office 365.

Modern Voice with Cloud PBX

Security, Control and Compliance

Get end-to-end security, control and compliance that span from the user to the enterprise.  All powered by the on-demand scale and manageability of Office 365.

Security, Control and Compliance

Skype for Business voice

The bottom line is that Coretek’s integrated communications offering helps you take advantage of the following services and capabilities of Office 365 and Skype for Business:

  • Anywhere Access – ability to make and receive business calls in the office, at home, or on the road, using your business number on your smartphone, tablet, PC, or desk phone.
  • PSTN Conferencing – provides the flexibility to dial in to a meeting from a traditional phone, in addition to the existing ability to join a meeting with a single click on your PC or mobile device.
  • Skype Meeting Broadcast – makes it easier than ever to produce large virtual meetings for up to 10,000 meeting attendees, who can join from virtually any browser or device (see it in action). Now Skype for Business truly is a single platform for every type of meeting.
  • Cloud PBX – enables companies to eliminate separate PBX systems and transition to the cloud with Office 365 as the center of communications management.
  • PSTN Calling – ability to subscribe to Microsoft managed calling plans and phone numbers.
  • Skype Connectivity – Connect, communicate, and collaborate with colleagues, consumers, other businesses, and friends and family – anyone who uses Skype – with both voice and HD video.

Start a conversation with Coretek today and let us show you how you can bring truly valuable communication to your teams.

Load More Posts