VMWARE For Small Business

I recently held a seminar that discussed using virtualization for small business. Vmware is not only just for the larger enterprise anymore.


To get started down the virtualization path, the first version that you can utilize is VMWARE ESXI. ESXI is free and is a good way to start down the virtualization path. Before you purchase your next server, consider running ESXI on the server. You will just need to purchase a little extra disk space and memory.

Why would you want to run ESXI on your server? If the need arises to have more than one server, you can easily create another server in minutes without the need to purchase an additional server. Another good reason is if you are going to do upgrades or maintenance work, you have the ability to take a snapshot. This will allow you to easily rollback if the upgrade goes bad.

If your business starts to grow, you can always add additional nodes to your VMWARE cluster and license VMWARE. VMWARE will allow you to grow with your business.

If you are considering a new server, you should really look at running VMWARE ESXI as the base operating system and visualizing your server.

Network Move

I wrote a white paper a while ago about a netowork move. I have attached the contends fo the whitepaper.

Picking up and moving your network to a new location can be a very daunting task. Some things you can plan for and others you just cannot. Networking equipment and computers are very sensitive, and you can risk a total failure if they are not configured properly. It pays to plan ahead and be ready before the day of the big move.

The list below contains 9 key steps any Business owner or network manager will want to follow to achieve a successful network move.



1) Assign a Project Manager or Assign someone as the lead



A highly successful network move begins with proper planning and preparation. I project manager should be able to create a list of what needs to be completed in the proper order with a timetable set. This project manager will also create an inventory of the equipment that is being moved.



Some things to think about. Did have insurance for moving your equipment? Should all the equipment go in one truck or many? Should you hire professional movers who have liability insurance? Will the Vendor honor the warranty if the equipment is moved? Are your communications lines in place before you move? Are you going to keep or change your existing phone numbers?



2) Plan your space for a proper build out

Work the contractor and architect to obtain blueprints of the proposed space if it is a new building. If is an existing building, obtain the blueprints and wiring and electrical layout. Make sure the proper network cabling is run.



3) Plan your Server room or datacenter



The server room plan is critical to the health of your network. This room will be the heart of your business operations. You will want to ensure it is design to accommodate growth and provide a proper environment for your computers.



• Does the server room have the proper heating and cooling?

• Do you have enough room for growth

• Did you have enough wiring to allow the phone company to extend demarks

• Do you need a generator

• Is the computer room in an ideal location (Not in a basement that can be flooded)



4) Is it time to upgrade?

When moving your equipment, should you consider upgrades? After you move, will your network server you current and future needs. A network move is a good time to consider upgrades. You can have the upgrade completed before the move, or have the new equipment in place.



• Should you virtualized your servers to minimize the need to move hardware

• How is your backup system? Consider imaging your key systems before the move

• Consider a an offsite backup solution

• Can you upgrade and have the hardware in place before the move.



5) Internet, Telephone and WAN connections

One part of your move that cannot be overlooked is your telephone, WAN and internet connections. It might be time to look a new Phone system that could save you money. Sometimes it is less expensive to purchase a new phone system than move the old system.

• Are you going to move your existing Internet connection or obtain a new connection

• Are you going to get the new connection up and running ahead of time

• Will the phone numbers be forwarded or new phone numbers assigned?

• Is it time for a new phone system

• Do you have leased lines that need to be moved

• It is time to upgrade and replace your Internet firewall.

















6) Wiring the Building

One of the key tasks in your network move is wiring. Wiring problems can be difficult and expensive to troubleshoot. Ensure you have a reputable wiring company that offers cable certification and a lifetime warranty. Also consider adding 2 network drops in each location. It is easier to wire an empty building, then to add wires at a future time.



• Make sure you have wiring for printers, faxes computer and IP Phones

• Consider the idea of providing or going wireless for part of the building

• Ensure the Wiring contractor certifies the cables and provides a wiring map

• Ensure that the wiring is labeled on both ends with a number or lettering scheme

• Use Category 5e or higher wiring.

7) DO you have everything ready and are you prepared

Moving day will come faster than you think do you have everything ready and planned out? If the above steps have been followed than more than likely you are ready. All that is left at this point is to make sure that

• Assign someone to be responsible to shutdown the network. Ensure that a complete backup of the system is taken before this shutdown. Plan the shutdown to minimized disruptions and keep data loss to a minimized.

• Provide a label that details were the system will be move to. Create a diagram for the server room to help provide an orderly move.

• Ensure you have enough time budgeted to bring the network back online and test functionality. Consider a hotel near the office to stay overnight to manage unforeseen or forgotten issues.

• Create a network move plan with who will be doing what to minimize chaos on the day of the move.

• Have a contingency plans if the move becomes a disaster

o What if a key server does not boot?

o What if the server room is not completed?

o What if the moving truck gets into an accident?

o Is someone connecting the computers to the network after they are moved?





8) The day of the move

Moving day has finally arrived. You’re planning and preparation should be completed, but what can be expected that day?

• The Moving Company will be behind schedule, careless and rude. Be prepared to have things be in the wrong place and be moved at the wrong time.

• Expect something to disappear or be lost.

• Make sure you have a good tape backup offsite safe and secure

• Create a method for your users to report issues without interrupting your move process. Have a few key users come in and test systems after the move.

• Create a Key contact list, including managers, Key vendors and key employees’ gather alternate contacts numbers and notify the vendors that they might be on call.



9) The day after and documentation

After the dust settles you will began to recover from the move. You will need to be prepared for user problems and a little bit of Chas. You will want to

• Have a way for end users to report problems and for you to priority those problems

• Check to make sure the network is running properly and efficiently.

• Staff to ensure you can handle the support requests.

• Have key vendors available if support issues should arise

• Take another good tape backup to ensure you data are protected.

• Make sure the printers and phones are functional.

• Updated your documentation to reflect any chang

Next Generation Firewall's

I am always amazed at what I find when evaluating or installing a Next Generation Firewall of what I discover.

I recently placed a Palo Alto PA series firewall into someones network. They were having a difficult time identifying what there users were doing. Within 15 minutes of placing the firewall into the network, we discovered someone with bit torrent. The bad thing was that bit torrent was incoming, meaning users on the Internet were using a machine on that network to grab movies or other possilbe items stored on that machine.

Bit Torrents are also a good way to pickup and distribute viruses. 

This was also affecting bandwidth. I believe that the bit torrent was eating the available bandwidth, affecting the critcial work the client needed to perform.

My recommendation has been for sometime is to get a good firewall that can also identify were users are going. This will allow you to track down people or users who are potentially abusing the polices you have in place. It also prevents good employee's from doing bad things.

The Internet is a very dangerous place these days. With the botnets running around and with how easy it is to pick up spyware and malware, I would recommend that you consider a good next generation firewall that will help keep your network safe. Not doing so could put you and your users at great risk.

You can sign up for a eval here http://jsotechnology.com/demo/jso-security/utm.html.

You can also download the AVR report from Palo Alto networks and discover the most current network risks. http://www.jsotechnology.com/_pdfs/AVR.pdf

The 10 most Hacked Passwords

You have more than likely watched a movie or seen a TV show were someone sits at a computer makes a guess at a password and gets in.

You always question it, thinking to yourself is it really that easy?

It can be really easy. The best way to crack a password is to use the names, dates and things that might be important to the user. (Examples are Wife's Name, Kids Name, High School Name, Birthday).

A recent study by Imperva found that:

• The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.
• Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.

The report also found that these are the top 10 most common passwords.


1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123


My recommendation for a password strategy is to use a phrase and take the first letter out of each word in the phrase. For example. I went to school in 2010. The password cold be Iwtsi2010. That is a difficult password that is easy to remember.

I have discovered if you make the password you have very complex, you have a difficult time remembering it.  This usually leads to a a password that is written down on sticky note and can be found on a desk. This is almost worse than a weak password.


Also do not forget to use separate passwords for your Bank and trading accounts. If you primary password is compromised, you at least have a different password for these critical accounts.


(The Link to this study can be located here http://www.net-security.org/secworld.php?id=8742)

The 4 ways a manager can stress out employees and how to Avoid it

With the current economy, almost all departments are doing more with less. IT is no exception to that rule. The issue with pushing an understaffed and overworked department can lead to a huge problem: employee burnout.

These are some key management mistakes to avoid and to help keep the stress level down

Keep it exciting

A job that is not interesting or boring can lead to burnout. See if you can shift work around and give your staff some variety.

Don’t Be Lax On Employee Discipline

Don’t over look boorish or bad behavior. That can cause frustration and resentment with certain employees.

Take The Time To Listen

Everyone likes to be heard. Most people become frustrated and depressed if they feel their concerns are not heard. Take the extra time to listen and reassure your employee’s.

Flex Time

If you can, allow some employees who are overworked to flex their time. It might allow them to help out more at home or allow them to avoid a stressful communicate. With the right employee and structure, Flex Time can really help keep up employee morale.

Thoughts on an Article in the Wall Street Journal on Online Bank Fraud

I was reading the Wall Street Journal today and they had an interesting article about Online Bank Fraud. It was an article about the dangers of online banking. The premise of the article was a small business owner in California had 100,000 stolen from his bank account. They got about 50,000 of it back. The other 50,000 went to a bank in Europe were mules (someone who gets the stolen money) started to withdraw the money from the bank account.

How this happened is the CFO had some spyware on his computer that transferred his username and password to the hackers. Whenever I read an article like this I always shake my head as common sense was not applied. My first rule of thumb is if you are doing to does online banking make sure that has virus and spyware protection on it. This is a first layer of protection against an attack such as this.

The second thing I would be doing is investing in unified threat management (UTM) or a next generation firewall. Not only do these look for viruses, they also can implement web filtering and prevent the computer from reaching the intended attacker. Web filtering can block access to websites that contain malware and spyware; it can also protect employees from going places they shouldn’t be. Fortinet and Palo Alto networks are two vendors that make Firewall appliances that do what I describe above. Both are very effective in helping prevent an attack such as this.

I would also look a good spam filtering solution. Numerous cloud based (hosted) solutions exist that are very inexpensive. A good spam filter will keep viruses, phishing and other attacks from hitting your email. A phishing attack is the most common. Someone creates an email that looks like your bank in an attempt to collect information. I never open emails from my bank. If they need me, they will call me. Most banks will not contact you for important account information with email. My favorite cloud based email filtering solution is MX Logic. They make an easy to use product that is well supported and very effective.

The third item I would do is making sure you are patching computers monthly. A good patching cycle will insure that we are protecting computers from attacks from vulnerabilities in the software that they are running. Most small businesses should look at a managed service provider. They can automate patching at a low monthly fee and ensure your computers are updated.

The fourth item is a matter of common sense. Most people at times go to websites or click on something they shouldn’t be. My suggestion is if you are doing Internet banking, it should be on a computer that is used the least. If you are going to go to questionable websites, do not do it on the computer you are doing banking. Also, be careful of phishing emails. About 3-4 year ago my wife was close to falling for a phishing email. She was ordering a bunch from EBay at the time. Someone was attempting to act like EBay or PayPal. She was about to enter her Social Security number into a website that was clearly a hacker. I thankful caught it in time and was able to educate her on the dangers.

The big issue in the article is who is responsible for the money loss. The company in the article blames the bank stating they were not secure. I argue that the business was not very smart or secure and the responsibility lies with them. The banks cannot protect against ever attack.

We at JSO can offer advice on how to secure your computers and network to help prevent an attack such as this. An attack like this could put someone out of business or cause their insurance rates to go sky high. The sad thing is this could have been avoided with a little once of prevention.

You can find this article here Wall Street Journal

Communicating with End Users: 4 ways to make sure your email is read

Make the subject line matter


Sending email reminders to end users to remind them of polices, tips and advice is a key to prevent serious IT related problems.

End users receive thousands of messages every week and many are either overlooked or ignored. Writing an effective email that will be read is a challenge. When you sit down to type up your email, key that in mind.

Remember the order of the email. The best way to get emails skipped is to hide or bury the important information. The key point you would like to get across should be in the subject line of the email. Example, “Network Maintenance tonight at 6:00pm. Save your files and log off your system”.

This will allow people to see the important point without opening the email.

3 more tips

Put the most important information first - Once the email is open, no one will keep if the information is useless or unimportant

Use Lists –If you have a bunch of information, it will be easier if they are broken down into bullet points

Proof Read – This is a critical step that is easy to forget. A good way to remind yourself: Don’t fill the “TO” filed until the email is completed. That will ensure you will not send the email out until you are ready.