Windows Server 2012 In Your Small Business – Part 3


This is probably the coolest feature I’ve ever seen, in any piece of software.

If you don’t feel the same by time you’re done reading this, then perhaps you’ll agree it’s easily the coolest and easiest way to provide users with remote access to network resources.

DirectAccess was introduced in the last generation of Windows Server and Windows desktop products. So while it isn’t new, it’s been enhanced to make deploying it, and using it, easier. The idea is that anytime a user has an Internet connection, their device will automatically establish a connection to the corporate network as well, giving them remote access to shared folders,
internal websites, applications, etc.

No VPN to manually configure and initiate. Thank goodness for that.

From what I’ve seen, deploying DirectAccess in Windows Server 2008 R2 was a pain. Lots of steps, in and out of the command line on the server and the user’s device(s), and on and on. In Windows Server 2012, it can be done in about 6 steps. Configuring and managing remote access can take place immediately after. And it’s dead easy.

With Windows Server 2012 and Windows 8, your server no longer requires multiple network adapters, servers and clients do not have to belong to the same domain, and new policies/domain settings can now be deployed over DirectAccess. This all means that remote workers never have to physically get their device onto the corporate network anymore, making everything easier for all parties.

I’ve worked for several companies where remote access was provided. And each mechanism used either required a great deal of third-party components to make it work, or opened up huge security holes. Not to mention that a lot of hotels, cafes, and other public places don’t allow for VPN connections to be initiated in the first place, so you wouldn’t be able to connect anyway. DirectAccess is much easier to use, and it’s automatic. And if it doesn’t work, the tools provided to users to help the IT troubleshoot what’s happening are superior to anything I’ve seen from any third-party VPN solutions.

The one caveat is that DirectAccess requires IPv6. If your ISP has not deployed IPv6 yet, then you can opt to deploy an appliance that can perform IPv6-to-IPv4 translation.

That concludes the information I wanted to share about DirectAccess. Keep checking back for more ways Windows Server 2012 can benefit your small business.

Windows Server 2012 In Your Small Business – Part 2


To be honest, I didn’t think I would ever write something praising IIS. I use Apache, though I know alternatives like lighttpd and nginx exist. But Apache is tried, tested, and proven to work. It certainly has its flaws (all software do), but it works well and to my liking.

Upon seeing what IIS 8 is capable of, I must say I’m a bit surprised. Microsoft appears to finally be taking the web seriously, and IIS 8 comes out swinging.

Server Name Indication is a new feature that makes hosting multiple secure (https://) websites on the same server far simpler than I have ever experienced. Traditionally, if you want to secure your website with an SSL certificate for any reason (e.g. you’re running an online store, you want user logins to be secured, etc.), then it was imperative that you also had a dedicated IP address for your website.

For the average small business this introduces additional cost, because the majority of web hosting providers will charge extra for a dedicated IP address. Even if you’re hosting your own website, you will still need to pull an IP address out of your pool for a seemingly trifle reason.

Server Name Indication changes the way IIS responds to a request for your secure website, making it possible to host multiple secure websites on the same IP address. I don’t know if nginx or lighttpd have Server Name Indication support yet, but as far as I know this is one area that would be a boon to any Windows Server 2012/IIS 8-based web hosting provider now.

In IIS 7, CPU throttling was really just an on/off switch. If the CPU limit was reached, IIS would simply stop accepting requests. That’s not really “throttling” now, is it? It’s a kill switch until the average CPU resources being used is below the limit set. Certainly not an ideal “solution.”

Now IIS can be set to use a specific amount of CPU resources, and Windows ensures that the affected application pool doesn’t go over that limit set. You can also set IIS to throttle itself when the system as a whole is under a heavy load, ensuring that IIS doesn’t add to the problem.

One last area I would like to highlight about IIS is Dynamic IP Address Restrictions. This feature can be configured to begin blocking traffic from a specific IP address based on the number of concurrent requests received, or the number of requests received within a certain amount of time. It’s not terrific, but it’s far better than having to watch your logs and trying to identify potentially malicious traffic manually. Similar protection now exists for FTP as well, which is nice to see.

That concludes the information I wanted to pass along about IIS 8. Keep checking back for more information on how Windows Server 2012 can benefit your small business.

Windows Server 2012 in your Small Business – Part 1


Windows Server 2012 was released just a few short weeks ago, and from what I’ve seen and read it is a significant improvement over the venerable Windows Server 2008 R2. While deploying Windows Server 2012 in a small business environment may seem like overkill, I have reason to believe it’s actually a very smart decision for a number of reasons. Those include:

  • A free hypervisor (Hyper-V)
  • Streamlined management tools
  • Increased flexibility
  • Better support for standards
  • Better remote worker support

And the list goes on. The balance of improvements done to the interface and the underlying code are almost 50/50, which will no doubt be a boon to any system administrator, especially those that administer multiple businesses or locations.

We’re going to start by covering Hyper-V, and how it can be used in a small business.

The easiest and most effective way to deploy Hyper-V would be to deploy the standalone Hyper-V Server 2012 onto a high-powered server. Hyper-V Server is not a full OS; it is solely the Hyper-V hypervisor deployed in a mode that does not require the full Windows Server running underneath it, meaning it is a bare-metal hypervisor. This has several advantages, but primarily it frees up a good deal of resources for the virtual machines (VMs) that are going to be deployed on the server.

Hyper-V itself has been improved with support for up to 160 logical processors and 2 TB of physical memory per host system, where VMs can be provisioned with up to 32 virtual processors and 1 TB of RAM. That’s a big step up for Hyper-V where it has traditionally trailed behind VMware’s ESXi hypervisor.

Hyper-V’s virtual switch in Windows Server 2012 has been enhanced with a great deal more flexibility. It can now be used for traffic shaping, protection against malicious/malware-infected VMs, and to make troubleshooting easier. The virtual switch also provides third parties developers with the necessary extensions and APIs so that they can add functionality into the virtual switch, negating the need for additional hardware.

My favourite part about Hyper-V Server 2012 is that it’s free. And you can put non-Windows VMs on it including Linux. So if you’re not a fan of IIS for hosting websites, or you just cannot part with that last FreeBSD server lying in the corner, have heart! You can move these machines to your Hyper-V Server as a VM and keep them running, without the added expense and infrastructure of having another physical box in the wiring closet/server room.

I’ll be covering off more aspects of how Windows Server 2012 can be used in a small business over the next little while. I hope you find this information useful.

Windows 8


The new ‘Modern UI’ for Windows 8. Image © 2012 Microsoft


I think Windows 8 is a compelling OS. Yes, it’s different. And what of it? So was BlackBerry’s OS, and Apple’s iOS, and Google’s Android. Just because it’s different doesn’t mean it’s bad. And this solution is surely far better (for the vast majority of consumers) than some of the things attempted by vendors like Lenovo, who put Windows 7 on a laptop and switched you to Linux when you detached the screen from its base (I love that idea, but I’m sure it would’ve been jarring for most).

Window 8 is designed to be a mobile OS, with a very neat, “live” interface. I’m fairly certain I’ll be replacing my aging tower with a 23″ or maybe 27″ all-in-one PC soon. The key will be that the screen needs to be adjustable, so that I can bring it down to a usable height if I want to use touch for more than 10 seconds, and those devices already exist.

On the other hand, I would caution anyone thinking of buying the Microsoft Surface RT device that was just released last week. You cannot install your “legacy,” desktop-based applications on the Surface RT. You will, however, be able to do on the Surface Pro coming out in a few months.

However, if you’re looking at a convertible laptop for mobile use, as I am as well, there’s already a full compliment of devices available, with more being released soon. Seriously, give Windows 8 a shot. It’s Windows, so eventually developers will build more apps for the ‘Modern UI’ (a.k.a. tiled interface) due to sheer market share numbers, and don’t think for a second Microsoft will bring back the desktop as the default interface. To do that flies in the face of where the personal computing industry is headed, and, despite Microsoft Bob, Microsoft surely isn’t that stupid. :)

E-Signature Solutions


I hate signing documents. Okay, hate is a strong word, but I certainly don’t enjoy it. It’s even more cumbersome when someone is trying to fax me a document that I’m supposed to sign and fax back to them. While facsimile technology certainly had its day, and was very useful for a time, it’s become quite outdated. So outdated that we’ve replaced larger printer-sized devices with online fax services available from lots of different companies.

One thing I mentioned there was signing a document. That’s also a process that I find is stuck in the stone age. I recently went in search of a good e-signature solution; something that would let me electronically sign a document, in a secure manner, and that would also negate the need to print it at all. Lucky me! I found it.

I compared several solutions: Adobe EchoSign, SignNow, and e-SignLive.

A few first impressions about each solution, for the sake of a bit of thoroughness:

  • Adobe EchoSign – Adobe actually acquired EchoSign some time last year. The EchoSign website talks a lot about viewing changes made by the other party in Microsoft Word, and how the other party can print, sign, and fax the document back to you. That’s the exact opposite of what I’m looking for.
  • SignNow – Better. Much better. Details are a little sparse on the website, and the business model is very unclear. I mean, free is nice for consumers and all, but as a business owner I need to know this company’s going to last for more than a year or two.
  • e-SignLive – Perfect! e-Sign Live has a business model, I don’t need special software, multi-document signing,  I can set multiple signers on a document, third-party authentication, and even the ability to integrate the documents into a website or online form. While Orpheum doesn’t need that know, I could certainly see it needing such a feature in the future.

Overall, e-SignLive takes it. Again, free is nice for consumers, but I’m running a business. I cannot risk legal documents in the hands of a company that may not exist tomorrow, nor do I want to be hampered by desktop software. Give me a flexible solution, an API for integration into my enterprise software, a signed and secured PDF, that also just happens to be trusted by the U.S. military… now you’ve got my vote.