Thursday 24 February 2011

End of an Era: The Last Space Shuttle Mission Flies In 20

A link of the launch of the last shuttle mission which will start shortly:

I was fortunate to be in the neighbourhood so to speak many years ago. We parked and sat on a hill and watched the launch from our perch.

The sound took a while to get to where we were but it was most certainly one of the most amazing human feats I have had the privilege of witnessing.

image

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday 23 February 2011

Encryption via BitLocker Or Other with SSDs Is Essentially A Must As There May Be No Sure Erase For Flash Based Devices

While we are focusing on Solid-State Drives (SSDs) for this post, it goes without saying that encryption is a must for any client that has sensitive data being stored on their laptop hard disk.

With a spindle based hard disk we can slave the drive to our Data Mule system here in the shop and run a utility that does a DoD 7 Pass wipe on the drive and be reasonably confident that the data has indeed been wiped beyond what any normal recovery efforts may access.

image

The freeware product’s Web site can be found here:

There is a really good discussion on the product’s forums about how to “erase” flash based devices.

Erasing SSD Data

An article brought to our attention by a client of ours has a data security question mark when it comes to removing or erasing data on flash based devices.

The above article links through to the following study:

image

About page three of the study we see that the researchers created a device that allowed them to gain full access to the actual flash chips within the flash based device:

image

The Ming the Merciless device helped them to discover data remnants stored in areas of the flash device that may have been accessible at one point due to the way the flash device’s wear-level software (Flash Translation Layer or FTL in the study) works.

If we are reading the study right, then the only way to truly protect any data stored on a system based SSD, external SSD, or other flash device is to have that device fully encrypted.

In our case that would mean that all laptops would need to be encrypted using BitLocker and all external devices would be encrypted using BitLocker To Go.

When it comes time to retire the device, it will get totally destroyed by whatever method comes in handy. In our case a drill would be the method of choice.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday 22 February 2011

Hyper-V Cluster – IMS, Second DC, Backup, and Power Hardware Configuration

We have a number of clustering projects coming down the pipe with quite a variety of configurations for the cluster nodes and common storage setup.

The following is a brief overview of one cluster configuration:

  1. Intel Modular Server MFSYS25v2 (new version).
    1. 3x Compute Modules.
      1. Dual Xeon E5640, 48GB RAM, Mezzanine NIC.
    2. Dual Storage Control Modules.
    3. Dual Ethernet Switch Modules.
    4. Four Power Supplies.
    5. 4x 160GB Intel X25-M Solid-State Drives.
      1. Hyper-V Server 2008 R2 OS partitions.
      2. Hyper-V based VM configuration/memory files (CSV).
      3. Quorum if another node is added.
    6. 10x 146GB Seagate Savvio 15K SAS Drives.
      1. VM OS and data partitions.

For Hyper-V clusters we need a DC to reside outside of the cluster.

  1. Intel Server System SR1625URR 1U 2P.
    1. Dual Intel Xeon X5660 CPUs, 48GB, Intel RAID, Intel PRO ET Dual Port NIC.
    2. 8x 146GB Seagate Savvio 15K SAS drives.

This particular setup will give us our second DC but also give us the ability to run a VM or multiple VMs when there is a requirement which in this particular case there will be.

For backup purposes we will be configuring the following setup:

  1. 2x Q-Nap 1U 4 SATA drive NAS with redundant power.
    1. 2x eSATA connections for external storage.
    2. VM’s native backup will be configured to run to VHDs stored on both Q-Nap NAS devices.
    3. Backups will be switched between each NAS for “rotation” purposes.
  2. 2TB external eSATA hard drives.
    1. ShadowProtect by StorageCraft will be configured on all VMs.
    2. Backups will be AES-128 bit encrypted and stored on the eSATA drives.
    3. eSATA drives will be rotated off-site twice per month.

Power protection will be provided by an APC Smart-UPS RT 6000VA (208 volt) with additional Smart-UPS RT 192V Battery Packs to give us approximately 6-8 hours of runtime. An APC Step-Down Transformer will provide the needed 110 volt power to the IMS.

Additional power protection for the switches, ISP connections, external eSATA drives, and the Q-Nap NAS devices will be provided for by two additional APC Smart-UPS 2200VA (110 Volt 20 Amp) UPSs.

We will be using Cisco Small Business Pro series switches and security appliances for the necessary network connections and remote office VPN connections.

The main office will get two APC NetShelter SX 24U enclosures. One will house the UPS equipment while the other will house the server equipment. We do this to reduce the risk of damage to the server equipment if there is a major battery failure in one of the UPS devices.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Thursday 17 February 2011

Licensing SBS 2011 and the Premium Add-On via Open Value with Part Numbers

To start a new Open Value Agreement with the 3 year spread payment option we will use the following part numbers for any client that requires SQL for their setup:

  • T72-0082: SBS 2011 Standard
    • 6UA-01452: SBS STD 1 CAL Pack
    • 6UA-01804: SBS STD 5 CAL Pack
    • 6UA-00908: SBS STD 20 CAL Pack
  • 2XG-00206: SBS 2011 Premium Add-On
    • 2YG-00434: SBS Premium Add-On 1 CAL Pack
    • 2YG-01039: SBS Premium Add-On 5 CAL Pack
    • 2YG-01596: SBS Premium Add-On 20 CAL Pack

For a client that has 36 users with 27 of those users working in an application that is tied into SQL as a backend we would license as follows:

  • (1x) T72-0082: SBS 2011 Standard includes 5 CALs 
    • (1x) 6UA-01452: SBS STD 1 CAL Pack
    • (2x) 6UA-01804: SBS STD 5 CAL Pack
    • (1x) 6UA-00908: SBS STD 20 CAL Pack
    • Total: 1 SBS 2011 STD License + SA  and 31 CALs (36 total)
  • (1x) 2XG-00206: SBS 2011 Premium Add-On includes 5 CALs 
    • (2x) 2YG-00434: SBS Premium Add-On 1 CAL Pack
    • (None) 2YG-01039: SBS Premium Add-On 5 CAL Pack
    • (1x) 2YG-01596: SBS Premium Add-On 20 CAL Pack
    • Total: 1 SBS 2011 Premium Add-On License + SA and 22 CALs (27 total)

The CAL licensing structure has changed from the SBS 2008 one in that we need an SBS 2011 STD CAL to cover _all_ users accessing the SBS server and its services. We then need Premium Add-On CALs to cover users accessing SQL.

The Canadian Microsoft Licensing part number list can be had from here:

image

Click on the Open Pricelists (Excel) link to open or download the most current list.

UPDATE 2011-02-24: I missed the included 5 CALs on the base SBS and Add-On SKUs. My apologies for that. Calculations adjusted accordingly.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday 16 February 2011

MDOP – DaRT Crash Analysis Tools

We have a crashing laptop.

We downloaded and installed the latest MDOP so that we can access the Crash Analyzer Tool.

image

The Crash Analyzer Wizard requires the Windows Debugger Tools for whatever architecture the tools will be running on (x64 or x86):

image

Click the link in the above screen and we are taken here:

Once we have the SDK web install downloaded and running we need only install the needed tools:

image

Note that we are also going to download the Redistributable package so that we do not need to go through this process again for the 64-bit platform.

We also need both the 32-bit and 64-bit debugging symbols:

Once downloaded and installed we were able to go ahead and analyze the problematic laptop’s MiniDump files.

image

There is a native way to do this with the Windows Debugging Tools, but having the Crash Analyzer Wizard handy makes things a lot simpler for us when it comes to analyzing multiple systems throughout the day.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Windows Server 2008 R2 and Windows 7 Service Pack 1 On TechNet

For those subscribed to TechNet the service pack is available for download:

image

We will be deploying the service pack to our Hyper-V servers to gain access to some of the new Hyper-V features that we are interested in including new memory commitment structures and RemoteFX capabilities.

There is one known caveat to installing SP1 on machines that have the pre-release version of RSAT installed:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday 15 February 2011

SPLA – Build A Custom SPUR

We are working on some changes to our hosting setup so are in the process of working our way through the Services Provider Use Rights document (SPUR).

Microsoft now has a site much like the Microsoft License Advisor site for those of us that have signed the SPLA:

image

We can choose a specific licensing model and generate a Word document that will have the specified product’s terms and conditions available to us.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Saturday 12 February 2011

Licensing SBS 2011 And The Second Server Under SPLA

With the change in the product structure for SBS 2011 we have seen the way we license SBS under our Service Providers Licensing Agreement change as well.

With SBS 2008 we had a SKU for SBS 2008 Standard and SBS 2008 Premium as per the product’s structure.

With the advent of the SBS 2011 Premium Add-on things have changed both in the way things are licensed and the costs for products licensed.

  • T72-01694: SBS 2011 Standard SAL
    • Per user licensing for SBS 2011 Standard.
  • 2XG-00481: SBS 2011 Premium Add-on SAL
    • Per user licensing for the Premium Add-on
  • P73-03408: Windows Server 2008 R2 Standard SAL
    • Per user licensing for Windows Server 2008 R2 Standard
  • 6WC-00002: Windows Remote Desktop Services SAL (RDS access)
    • For users accessing desktop OS VMs via RDP and SBS 2011 RD Gateway.
    • For users accessing a Remote Desktop Services on the hosted SBS network.

If our hosted client has no need for SQL then we will be licensing both SBS 2011 Standard and Windows Server 2008 R2 Standard.

For example, customers that only utilize Microsoft Office via RD RemoteApps would be licensed in this manner.

In relationship to the cost difference between the SBS 2008 Standard SKU and the SBS 2008 Premium SKU, the SBS 2011 Premium Add-on SKU is _a lot more expensive_ than the SBS 2008 Premium SKU.

To demonstrate using fictitious numbers:

  • SBS 2008 SPLA licensing structure:
    • SBS 2008 Standard SAL: $30/MTH
      • Licenses one user to access SBS and its features.
    • SBS 2008 Premium SAL: $45/MTH
      • Licenses one user to access both SBS and the second server and their features. Included SQL access if needed.
    • Difference between STD and Premium: $15/MTH/User
  • SBS 2011 SPLA Licensing Structure:
    • SBS 2011 Standard SAL: $30/MTH
      • Licenses one user to access SBS and its features.
    • SBS 2011 Premium Add-On SAL: $45/MTH
      • Licenses one user to access the Premium Add-On second server and SQL only.
    • Cost to license both SBS STD and Premium Add-On: $75/MTH
      • Net increase in Premium feature access for the 2011 version: $30/MTH/User

While the actual price of each SKU is relatively low, that price change is way more than we can absorb for our existing SBS Premium hosted clients so we will unfortunately need to pass that cost on to them.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Thursday 10 February 2011

Windows 7 – Slow Web Based Office File Access

We are hearing of some folks dealing with really slow file access when the files are stored somewhere on the network.

When that happens, it turns out that the WebClient service within Windows may be stopped:

clip_image002

Note that the service’s Startup Type is set to manual in the above screenshot and it is started.

For folks that have the service stopped and are experiencing the problem make sure the service is started and that it is set to Automatic for the Startup Type.

Hat Tip: Les Connor – SBS MVP (Bing Search)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

How To Sell An IT Solution Without Using Those Acronyms But Using Them!

The following is from an e-mail sent out to a prospective client that explains the business side to an IT solution without any reference to the technologies themselves.

The Prospect’s Proposal

***

First things first. We are not in the business of selling hardware and software. That has never been our focus and never will be. Our business is about creating a tool that enables a business to grow more efficient, and to in effect grow the business. A part of that process is training folks to _use_ the tool in such a way as to bring about the best results.

Another part of that process is the maintenance of all of the tools being used. No IT solution is maintenance free. It never has been and it never will be. Much like a fleet of trucks need to have the oil changed, tires changed, routine inspections, tune-ups, washed to keep rust away, and so on IT infrastructure also involves routine maintenance.

There are regular patching cycles for Microsoft products. For those that we manage we actually install all of the relevant patches and updates on our lab systems to regression test them before releasing them to our clients. If something breaks we will troubleshoot the problem and figure out either how to mitigate the problem, work around it, or not release the patch/update at all.

Now, on to what we really do as far as bringing about an improvement in your business processes by utilizing the tool of IT.

Company’s Revenue

Client Company’s current setup:

  • Establish revenue per user
    • Gross revenue for the year is approximately $4M (I asked Client for a round number for this explanation).
    • Client Company’s number of users is 8.
      • Take $4M and divide by 8 and we get $500K per year per user.
    • Establish hourly worth of each user.
      • $500K per year per user divided by 2080 Hours per year is $240/Hour/User.
        • Note that statutory holidays are not deducted.

So, we now have an dollar figure for the approximate value of each user relative to the gross revenue of the company per year.

Cost of Downtime

What does this tell us? Well, for one thing it gives us a figure that we can use to cost out downtime of the current or future system.

  • Raw cost of downtime:
    • $240/Hour/User
  • Post downtime costs
    • $480/Hour/User
      • For every hour of downtime it takes at least double that to recover.
      • We still need to do the work that would have been done while things were down, plus do the work that needs to be done at that time!
      • Does not account for time lost due to data loss (very expensive).
IT Solution Costs

Now, let’s say we come up with a solution for your company that costs $20K. This is an example number based on some of the previously mentioned needs for Client Company.

  • Cost of the solution over its lifetime of 36 months.
    • $20K/36 is $555/Month
  • Cost of maintaining that solution over its lifetime of 36 months.
    • $495/Month
  • Total cost of the solution per month (on-site visits not included)
    • $1,050/Month

Okay, we now know the overall cost of the solution over its life. From here we need to calculate its cost relative to the number of users.

  • Cost of the solution per month:
    • $1,050/Month divided by 8 users is $131.25/Month/User
  • Hourly breakdown based on an 80 hours worked per month:
    • $1.64/Hour/User

We now know the real cost of the solution relative to the revenue generated per user in the company.

How does all of this relate to an IT solution?

IT Solution Revenue Benefits

If our solution plus training can improve your user’s efficiency, that is the time it takes them to do their daily tasks, by 1 hour per week:

  • How efficiency is improved:
    • User’s ability to search for and find data, content, etc. is vastly improved.
    • Applications are easily accessible.
    • Fully accessible mobile experience.
    • Collaboration abilities both within Outlook and SharePoint.
    • Data is encrypted and protected by good backups.
    • System instability is no longer a part of their experience.
  • Revenue per user per hour from the above calculation:
    • $240/Hour/User times 8 users is $1,920.00/Week.
      • Net benefit: $96,000/Year

Is that $96K a real number? Yes, it is. It is based on the real revenue numbers that each user contributes to in the company.

User Efficiency

It has been our constant experience that users become a lot more productive when they are properly trained on the use of their IT.

It is also our experience that users become a lot more productive when their stress levels around IT equipment disappear. They can concentrate on doing their job instead of fussing with a broken printer, an application that was misbehaving, or any other technology problem. All of those little things cost the company money in lost time.

I hope this explanation helps you to see what it is that we are proposing.

Thanks for your time,

Philip Elder
MPECS Inc.

***

The Acronyms

So, what have we addressed in the above note to our prospective client?

  • TCO: Total Cost of Ownership
    • Our prospect can take those numbers and calculate what the total cost of the solution will be including our management.
  • ROI: Return On Investment
    • That one hour savings demonstrates very clearly that our solution will pay for itself in under one year!
    • Not only that, we go on to explain a lot more time saving techniques that folks will be trained in to further up that ROI.

Most business owners will realize very quickly that they will benefit big time when things are explained to them in this manner.

One of the things we would do would be to have our prospect have a look at the following:

We would also run some demonstrations for remote access and especially for Remote Desktop Services RemoteApps which is still, in our opinion, the killer app for the SBS/SMB space.

No Geek Speak

Note the distinct lack of any mention of the actual technology. Business owners love these conversations because they don’t really care for the tech itself, with the odd exception, while they do care about how the tech will improve their business.

Business owners also care about the downtime, backup, restore, and data protection conversation. We touched upon that with the above, but ultimately talking redundancy with the business owner comes down to essentially working out an insurance policy. The better the insurance, the more expensive the policy.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

SBS 2008 – Exchange 2007 Service Pack 3 Error–TSGateway failed to start

Once the whole service pack process completed we ended up with one failure:

image

Error: Service ‘TSGateway’ failed to start. Check the event log for possible reasons for the service start failure.

We checked Services.msc on SBS to see what services were stalled besides the TS Gateway one. The Information Store service was also stopped. So, we rebooted the server to make sure everything took.

Once the server came up with the logon screen we tried to remote into a system via the TS Gateway service. The connection failed:

image

Remote Desktop connection

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.

The certificate shown in the above error message was the wrong one. This particular client had a wildcard certificate *.domain.com installed but what we see is a self-issued certificate.

So, we re-ran the Third Party Trusted Certificate after making the necessary registry change to install a wildcard certificate on SBS 2008 (applies to SBS 2011 too).

image

PublicFQDNPrefix: *

Once we had a successful TSGateway based RDP connection into the network we also logged onto OWA to verify that everything was running okay which it was.

We ran this particular update via a direct console session even though we were remotely connected. If our only way into the network was via TSGateway we would have been in trouble. Intel’s RMM or Dell’s DRAC are a good thing to have for those just-in-case moments like this one.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday 9 February 2011

SBS 2008 – Exchange SP3 Error DataCollectorSvc process has open files

We are applying Exchange 2007 Service Pack 3 on an SBS 2008 server and received the following error:

image

Exchange Server 2007 SP3 Setup

Error: Setup cannot continue with the upgrade because the ‘DataCollectorSvc' () process (ID: 1564) has open files. Close the process and restart Setup.

So, we brought up the Task Manager and opened Processes tab:

image

After right clicking on the DataCollectorSvc.exe and clicking on End Process we clicked the Retry button in the Exchange SP3 Setup.

image

We are good to go!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Friday 4 February 2011

CaseWare Working Papers – CaseView PDF Printer 2009 Unable to Print Document

When trying to create a PDF document from within CaseWare Working Papers 2010 there may be a hang-up or CaseWare Working Papers

image

CaseWare Working Papers

Excel or PDF

Unable to print document Document.PDF or Document.XLSX. The file may be locked, may contain restricted macros or the CaseView PDF printer may not be accessible.

So, we fired up the Print Management console on the workstation to verify that there were no PDF jobs caught and sure enough there were:

image

Once we cleaned up the pending jobs we then deleted the CaseView PDF 2005 printer listed in Print Management.

image

We could then create a PDF using the built-in PDF generator that CaseWare installs during its own setup routine.

If the CaseView PDF 2009 printer disappears from Print Management then run the most recent release update which is R9 as of this writing.

image

Once installed the CaseView PDF 2009 printer should be available in Print Management under Printers and the Printers and Devices window.

Note that when both the CaseView PDF 2005 and CaseView PDF 2009 printers are installed that both will be covered by one icon in the Windows 7 Printers and Devices window.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Thursday 3 February 2011

Intel 6 Series/C200 Series Chipset Design Error

It seems that there are some issues with the SATA ports on the new 6 series chipset based motherboards not holding up over time.

We have been waiting for the new Intel DQ67xx Executive Series Micro-ATX and Mini-ATX boards for a while now. We had hoped to see the boards by the end of this month. It looks as though we will be waiting just a bit longer for them.

Now that this problem has been discovered, board makers that have a 6 Series chipset board on the market are going to have a serious problem on their hands if their production volume was ramped up and product has been sold.

Intel has a support page here:

For other manufacturer’s products that use the 6 Series chipset, we will need to check their support site to see what sort of remedies they will have for us.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Resource – Migrating SBS 2003 v2 SharePoint to SBS 2011 SharePoint Foundation

Robert Crane has an excellent guide on the process of migrating the v2 SharePoint instance found in SBS 2003 to the SharePoint Foundation instance found in SBS 2011

We have added the description to the titles:

Robert is an excellent resource for SharePoint related issues. The above steps assume a fairly mundane SBS 2003 SharePoint v2 setup. For highly customized SharePoint sites, please e-mail Robert to arrange for him to consult or provide technical migration services.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Symantec LiveUpdate Certificate Expiring Soon

On certain versions of Symantec’s LiveUpdate product the Symantec root certificate will be expiring on April 30, 2011.

A grid of products impacted by this problem:

image

The updates look to be had from Symantec’s support portal which may require an up to date product license.

Note that the impact of the certificate expiration for products impacted by this situation is no more A/V updates!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday 1 February 2011

Windows Server 2008 R2 Standard – Updates Required After A Fresh Install And Update Order

We just rebuilt one of our servers to provide file services for our network.

Out of the box, this particular Windows Server 2008 R2 Standard full GUI install has approximately 93 updates waiting:

image

Windows Update on the server sees things a bit differently:

image

However, once we have run the full gamut of updates shown above there are guaranteed to be more updates waiting to update the updates! :)

image

The first step in our update process will be to run the Windows Server 2008 R2 security updates. We will then run any other updates that may be waiting. We will not update .NET until we have a backup of the box which has just been configured but not run yet.

Depending on the OS that has just been installed we would run .NET updates in the following order:

  1. .NET 1
    1. .NET 1.1.x
    2. .NET 1.2.x etc.
  2. .NET 2
    1. .NET 2.1.x
    2. .NET 2.2.x etc.
  3. .NET 3
    1. Same pattern as above for each subsequent version.

A reboot would be done in between each version of .NET and if the server is critical then we would run a backup in between each version as well.

We will also leave out the BPA updates until we have all of the necessary core updates completed successfully.

Off the server goes on the first round:

image

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Mobile Security–Best Practices by F-Secure

As more and more of our users are incorporating some form of mobile device whether Apple, BlackBerry, Android or other the need to be aware of our client’s security vulnerabilities through those becomes all the more acute.

The tips are as follows:

  1. Keep your system updated
  2. Install a security application in your phone
  3. Watch where you click and land
  4. Refrain from doing transactions on a public network
  5. Install or obtain applications from trusted source
  6. Make it a habit to check each applications' data access on your phone

The final point is one of interest since many users do not realize that the applications running on their handheld devices are indeed phoning home with the device’s unique ID and GPS data.

As always, it is very important to read the Terms & Conditions for any supposedly “free” or even paid services and/or products from _any_ online or on-premise vendor.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

SBS And the Recent SQL Updates

We have seen a number of different updates being released for SQL and the Windows Internal Database.

To date we have not installed any of these updates as we are always a bit apprehensive when it comes to installing updates into SQL or SharePoint Services.

We will begin testing the updates on our lab systems shortly to make sure that nothing blows up.

In the mean time, make sure that a good and tested backup is in place, and that an incremental backup has been run prior to installing _any_ SBS product component updates.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer