I know there are many websites that lists a bunch of features of Microsoft’s latest Windows Server 2008. I also know that these lists sometimes forget the fact that technology in the workplace is only as good as the business value benefited from it. I understand that during these tough economic times, migrating and upgrading your systems to Windows Server 2008 will be an option that is heavily scrutinized. Hopefully, this blog entry will help you create an informed decision for your business.
Below are the features that stand out to me when deploying Windows Server 2008. I will try to explain how these features can translate to a more secure, efficient, and stable network.
Restartable Active Directory Domain Services (RADDS)
Essentially, this increases uptime for a domain controller and it’s installed services. Currently, when security patches must be applied, offline defragmentation or authoritive restores must be performed, the entire server has to be rebooted. This equates to significant downtime for ALL the services provided by the server. If this was a heavily used server, such as a file server, a lot of users would end up calling the IT department.Scenario:
Lets say an Active Directory object needs to be restored from backup. Previous to Windows Server 2008, a server would have to be restarted in Directory Services Restore Mode. During this time, ALL services provided by that server would be offline. Then, once the restore is complete, we must restart the server again. Now, with RADDS, you only need to stop the service, perform the restore, and restart the service. Meanwhile, your other services are still working.
Increased uptime, Simplified restoration of Active Directory objects.
This is useful for all businesses.
Read-Only Domain Controller (RODC)
Back in the good ‘ol NT4 days, Microsoft had primary and backup domain controllers (PDCs and BDCs). The backup domain controllers would be Read-Only. Then, they touted the multi-master capabilities of Active Directory for Windows 2000/2003. What they didn’t tell you was the best solution was “C. All of the Above“. In Windows Server 2008, we can have multi-master domain controllers AND read-only domain controllers. When would you use either of these scenarios? Well, you would want multi-master replication for Fault Tolerance and Management Simplicity. Now, an RODC would allow for increased security since the LDAP database can not be tampered with. Unfortunately, there are limitations that might negate the benefits of this. Essentially, the RODC needs to have access to a writable Domain Controller in order to perform basic functions, such as DNS updates, password changes, and user authentication (if not cached on RODC). There could also be software compatibility issues.Translated Value:
This is a feature that’s great to have, but wouldn’t benefit an existing organization tremendously.
This is most useful for medium/large businesses with multiple locations.
As with previous operating systems, when a file on the NTFS filesystem becomes corrupt, there’s no way to know unless you a) run chkdisk b) try to open the file. Of course, if you periodically run chkdsk to detect corruptions or try to open a corrupt file, you would have to reboot your server to fix it. This is not the case with Windows Vista and Windows Server 2008. In 95% of the cases, it will automatically detect a corruption in your filesystem and attempt to fix it at the same time. This eliminate the need to reboot. I’m sure everyone knows the disadvantages of having to reboot a computer by now (read previous sections).Translated Value:
Higher uptime, important data is recovered
This is useful for all businesses.
Everyone can agree that Microsoft has it’s GUI advantages over Linux, while Linux has it’s high stability and security aspects due to it’s lack of “fluff”. Well, as Linux tries to enter the Desktop market, Microsoft is trying to imitate Linux with Server-core. IT provides a minimal (non-GUI) OS environment for running specific server roles, which reduces the attack surface for those server roles. Similar to Linux, in which you would manage your server from an SSH connection, Server Core could be managed from the local command console, Terminal Server connection, or using the MMC console. Once again, Server-core can only provide a subset of the full roles available to a full installation. Server-core can provide the following roles: Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), DHCP Server, DNS Server, File Services, Print Services, Streaming Media Services, Internet Information Services (IIS), Windows Virtualization.Translated Value:
Increased security and performance gains, and ease of deployment due to low footprint.
This is most useful for medium/large businesses with multiple locations.
Terminal Services Gateway (TS Gateway)
Lets say you had to remotely connect to multiple servers at the Office, yet you are prevented from using a VPN connection. What do you do? Well, there are many ways around this, including the use of 3rd party applications, but Microsoft has blessed us with their solution. A TS Gateway securely proxies applications running the RDP protocol (Remote Desktop, Remote Applications, etc..) through SSL encryption. This negates the typical firewall configurations necessary to allow VPN tunnels to be created.Translated Value:
Mobile Office is even more robust. You can truly access your servers and workstations from anywhere.
This is most useful for businesses running Terminal Services or those with lots of servers.
Terminal Services Remote Application (TS Remote Application)
Aligned with their virtual application technology, TS Remote Application uses the RDP protocol to allow users access to specific applications stored on a server. Instead of using more computing resources than necessary and providing access to an entire Desktop, users can now be limited only to the capabilities of the application. Advance connection policies can be set in place to maintain compliance with security policies set within the company.Scenario:
Accounting staff requires access to the Quickbooks server when they are offsite. Using a VPN connection alone is not an acceptable solution since the data transfer size is too large. The use of Remote Desktop through a VPN connection would work, but that can cause unecessary confusion for users. With TS Remote Application, the Quickbooks application RDP file can be exported on a users’s desktop. When they run the file, either locally or remotely, they will see the Quickbooks applications open on their computer. This application is actually running on the remote computer, but the interface is exactly the same as if they opened it locally on their computer.
Granular access to applications, secure access to network resources, improved capacity and performance for Terminal Services applications
This is most useful for businesses running Terminal Services or those with lots of servers.
Windows Deployment Services (WDS) This service allows is the needed replacement for Remote Installation Services (RIS). Windows Deployment Services enables you to deploy Windows operating systems, particularly Windows Vista, using images and PXE booting. I know there are 3rd party applications that provide this capability in a more simplified manner, but they are often too costly. Once setup, WDS is a pretty cool application. It works well and have few heart-stopping limitations.Translated Value:
You can setup new Microsoft workstations quickly and in an automated way.
This is most useful for new businesses or ones that are growing in the near future.
Here’s the deal. The IT industry is realizing that on average, the load on a server is pretty low due to minimal resource usage and advancing. This results in wasted Energy Costs and lower Return on Investment (ROI) in the hardware. Hyper-V is a hypervisor-based virtualization technology that allows servers to run multiple instances of Microsoft and certain Linux distributions. What is sometimes overlooked when it comes to virtualization is the ease and consistency in obtaining a solid backup and recovery of files using snapshoting technologies. Also, the management of these virtual servers are simplified since there is only one platform to work off of.Translated Value:
Increased efficiency of resources, increased stability, reduction in cost for new server deployments, High availability, increased security.
This applies to all businesses. From consolidation to saving on energy costs, virtualization is beneficial for all businesses.
http://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gif00ktranghttp://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifktrang2009-02-19 15:26:252017-08-15 04:04:13What can Windows Server 2008 do for you?
You see and hear the buzz word swarming around the internet of networks with special setups that tout “High Availability” or sometimes commonly known as “H.A.”. What is it? What does it do for my business? Ultimately in today’s economic climate… Can I afford not to have it?
There are actually different types of HA that you can implement into you IT infrastructure. At its core, HA is a system designed implementation that ensures a certain absolute degree of operational continuity during a given measurement period. In simple business terms, HA makes sure your employees are able to continue working even if primary service providers or servers or your local network experiences some sort of an outage. Yikes!
As an example:
Can you afford to send your employee’s home because your office internet connection is down? And your ISP is telling you sometime between 9am-6pm repair ETA.
Can you afford half or potentially a full day of employee downtime because the file server is being re-built from the Ground, Up?
Can you afford to have your website, email server, FTP server, and/or other in-house hosted services go down!?
For small to medium sized business, you need a solution – High Availability.
Most administrators of small to medium sized networks are probably already assuming you need twice the amount of hardware, extra connectors, licenses, and more. Depending on the current network equipment you have, High Availability to a certain degree can very easily be a viable option.Lets take a very common scenario as a prime example of what High Availability can do.
Your Users: You have a user base of 30 people. All with varying job tasks which rely heavily on internet access to go about those tasks.
Your Network: Your have DSL service from your local ISP. You have a Cisco router/firewall, medium grade switch, a file server and a Directory server, and a few occasional remote VPN users.
The Outage: Your internet is somehow disconnected or cut off! Covad can’t help until they send a 1st level support tech to check their field equipment, someone between 12pm-6pm. And this may not even be a field equipment problem.
you have 30 people grumbling they can’t get work done.
you have 30 people grumbling they can’t access your online company email.
you have 30 people standing around the water cooler.
you have the CEO at a remote location unable to access the internal company files.
your travelling remote sales associate can’t make the sale because they can’t VPN to access the internal company sales files.
you’re at the mercy of your local ISP’s support to fix the problem in a timely manner.
With a very simple High Availability setup, you could be saved. This is a very common and possible situation and a High Availability setup may alleviate the frustration, anger, and the ever possible firing of office employee’s.By choosing a business level Cisco router, you get the benefit of a very customizable and upgradeable platform. You may think the price for Cisco equipment is high, but their products are truly made for business. You would never want to trust “home” equipment to run your core business infrastructure do you (this is another topic)?
The Answer: To avert a potential disaster, you have a very short shopping list. All you would need to implement a “High Availability – Dual ISP – Redundant internet connection – Redundant VPN” office network is a specific Cisco hardware module aka “WIC” module, a secondary DSL internet provider (other than your primary -Covad), and a few minutes during office downtime to get it all installed and configured. Total hardware cost can easily be had for under $300, and total monthly cost for a secondary DSL line might be $25 (shop around). If you didn’t have a High Availability setup, you may have lost MORE due to the office down. Lost employee production, lost sales, lost clients, lost trust, and who knows… a Lost Job.
“The Outage” has been avoided. Your High Availability Cisco router setup automatically switched over to the secondary ISP, and you were alerted of the switch over. Your employee’s continue along with their tasks, and may not have even noticed the internet disruption.
And because you were alerted of the ISP failover, you can easily send out a “Daily Tech Update” to your remote and C-level staff, letting them know to use the secondary Cisco VPN profile or to call you for assistance.
The failover change was nearly invisible.
Staff keeps working.
Staff trust of the network maintained.
President, CEO’s and Management trusts you’re the right guy.
Staff maintains or gets new sales, customers, service.
You’re still employed!
http://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gif00ktranghttp://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifktrang2009-02-03 17:27:182017-07-04 23:21:22High Availability, ISP, VPN, Servers, and Your business.
Today, it’s all about security. If you aren’t practicing good security, you are probably going to be held accountable for the information that sneaks into your network, and especially the information that can find its way out of your network.
Script kids and hackers alike all begin their first “hacking” by targeting what’s easy – The poor, unsuspecting FTP server. All day long, doing its job of blindly sharing and accepting files. Here are the four key parts of FTP (and its cousin Telnet) that make it insecure.
Clear-text transmission: all communications are done in clear text, including usernames and passwords
Weak client authentication: both FTP and Telnet authenticate users through usernames and passwords, which, time and time again, have proven to be unreliable authentication methods. There is no support for more advanced authentication methods such as public/private key, Kerberos or digital certificates
No server authentication: this means that users have no way to be sure that the host they are communicating with really is the FTP server and not an attacker impersonating the server
No data integrity: problem here is that, assuming the same scenario as above, anyone could alter and corrupt the data being transmitted between the server and the client without being noticed
So you have your brand new shiny server with tons of disk capacity, and a clean install of Windows 2008 Server. You’re tasked with setting up the new company FTP site. If you have experience with setting up IIS and FTP services on Windows 2000/2003 server, then you know exactly how easy it is to setup FTP service. With Windows 2008 server, securing your FTP server became just as easy. And the benefits, immense!
Windows 2008 Server utilizes the method FTPES aka FTP Explicit mode. In explicit mode, an FTPS (FTP Secure) client must “explicitly request” security from an FTPS server and then step-up to a mutually agreed encryption method (usually the minimums are defined on the server). It currently isn’t packaged onto the Windows 2008 server install media, but information and the download can be found here http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1619
Without this extra handshaking and communication, your server-to-FTP client communication is susceptible to snooping and hijacking. With these simple steps, your server avoids the pitfalls listed above, that plague many FTP servers out on the web.
Securing your new Windows 2008 based FTP server comes down to these steps:
Make sure your users and clients have a current FTP client that supports the few FTPSecure methods.
Install IIS7 on your Windows 2008 Server
Install the required Microsoft extras (all available on the “roles” menu) for Microsoft FTP Publishing Service for IIS 7.0.
Install the Microsoft FTP Publishing Service for IIS 7.0 update. Now you’re nearly 80% complete
Create and apply security ACL’s to your FTP repository. The top 10 rules that very much still apply today are published at http://www.windowsecurity.com/articles/Secure_FTP_Server.html
Create a self signed server certificate, or purchase a server Certificate and import.
Tada, you’re done! Now your Windows 2008 FTP server is protected. From beginning to end, Connection, Authentication, Authorization, Data Request, Data transfer. It’s all encrypted.
http://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gif00ktranghttp://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifktrang2009-02-03 17:14:542017-08-15 04:05:10Windows 2008 Server - Easily Secure your FTP server
It still amazes me how many critical IT related tasks still require a floppy disk. I came upon one of these situations when trying to install Windows 2003 Server R2 on an extra Dell Workstation I had. Of course, it wanted the drivers on A:, which didn’t exist. Of course, you could always install a disk drive… Below are instructions how to address this issue without using a disk drive. The term is slipstreaming because it injects the files just as if it was part of the original installation media.
Download nLite (http://www.nliteos.com/). You could also download the Vista version called vLite (http://www.vlite.net).
Install the application
Select your original Windows XP, 2003 installation media location.
Select a target location to copy the installation files
Select the tasks you would like to perform (ie. install drivers, install service packs, remove components, etc…)
Choose to create an ISO image from your previous selections or Direct Burn to create a new CD image.
Install the OS using your CD, but this time, you don’t have to press F6 to try to load drivers.
http://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gif00ktranghttp://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifktrang2009-01-28 14:32:302017-08-15 04:05:38Slipstreaming RAID and SATA controller drivers to your Windows XP, 2003 installation media
What Is VoIP?
Voice over Internet Protocol, or VoIP, is the current technology that allows people to transmit voice signals through the internet instead of over the phone. Most people have already become acquainted with the idea of sending voice over the internet through the use of headsets or microphones, but only a few realize the unique differences between the two.
While a direct connection to a single person or a separate server allowed users to chat with each other using microphones, users still had to have telephone services in order to receive out of network calls. VoIP eliminates the obvious limitations of in network voice communication, and expands it above and beyond our expectations.
Much like an e-mail, users don’t have to pay to send or receive them. E-mails can go anywhere users have set up a mailbox, at any time. Imagine e-mail transforming from text into voice, and virtual mailboxes becoming phones. The result is a completely free, new form of voice technology capable of sending voice from an internet line and converting it into a signal anyone with a phone can receive.
Businesses, especially smaller or medium sized companies, are always in need of more cost-effective tools and solutions. Businesses invest thousands of dollars in order to save money over a longer period of time. VoIP is a service that can potentially provide the results companies are looking for, in an even shorter amount of time. By instantly cutting costs with fewer drawbacks, VoIP has become a popular solution.
Telecommunication systems can be merged with current networks, allowing a business to save on the cost of network infrastructure.
Remote Web-based interfacing eliminates the need for on-site representatives to repair or troubleshoot phone network issues. Costs associated with on-site repairs are practically negated.
While saving money, VoIP users have found that the service provides much more than the average office phone services. While there were certain limitations with phone services (such as busy lines and expensive remote location calling bills), VoIP has sought to break these limits. Not only do clients receive phone services for nearly no cost, but they also receive tools tailored to make manage and design the network how they want it to be. VoIP puts the client in control.
Single IP networked VoIP lines enable extension dialing to expand to multiple, or even distant locations.
Applications are all extended to employees at any corporate location (including temporary or remote locations), including, but not limited to: conferencing, voice mail, unified communications, and click-to-dial services.
VoIP telecommunications systems are easily simplified into a single network (combined with data networks), allowing for easy management, and the elimination of multiple networks.
Remote troubleshooting and management through web-based interfaces. Settings can be changed for specific employees remotely, and without the need to contact service providers or phone system manufacturers.
http://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gif00ktranghttp://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifktrang2009-01-22 17:32:292017-07-04 23:04:59Advantages of Voice over IP (VOIP)