Derek E. Silva

Working towards better.

Windows Server 2012 In Your Small Business – Part 3

This is probably the coolest feature I’ve ever seen, in any piece of software.

If you don’t feel the same by time you’re done reading this, then perhaps you’ll agree it’s easily the coolest and easiest way to provide users with remote access to network resources.

DirectAccess was introduced in the last generation of Windows Server and Windows desktop products. So while it isn’t new, it’s been enhanced to make deploying it, and using it, easier. The idea is that anytime a user has an Internet connection, their device will automatically establish a connection to the corporate network as well, giving them remote access to shared folders,
internal websites, applications, etc.

No VPN to manually configure and initiate. Thank goodness for that.

From what I’ve seen, deploying DirectAccess in Windows Server 2008 R2 was a pain. Lots of steps, in and out of the command line on the server and the user’s device(s), and on and on. In Windows Server 2012, it can be done in about 6 steps. Configuring and managing remote access can take place immediately after. And it’s dead easy.

With Windows Server 2012 and Windows 8, your server no longer requires multiple network adapters, servers and clients do not have to belong to the same domain, and new policies/domain settings can now be deployed over DirectAccess. This all means that remote workers never have to physically get their device onto the corporate network anymore, making everything easier for all parties.

I’ve worked for several companies where remote access was provided. And each mechanism used either required a great deal of third-party components to make it work, or opened up huge security holes. Not to mention that a lot of hotels, cafes, and other public places don’t allow for VPN connections to be initiated in the first place, so you wouldn’t be able to connect anyway. DirectAccess is much easier to use, and it’s automatic. And if it doesn’t work, the tools provided to users to help the IT troubleshoot what’s happening are superior to anything I’ve seen from any third-party VPN solutions.

The one caveat is that DirectAccess requires IPv6. If your ISP has not deployed IPv6 yet, then you can opt to deploy an appliance that can perform IPv6-to-IPv4 translation.

That concludes the information I wanted to share about DirectAccess. Keep checking back for more ways Windows Server 2012 can benefit your small business.

Finally Taking SQL Seriously

On Friday, one of my co-workers and I decided to hash out a better way for us to find out that customers had added a reply to a help desk ticket. The idea was to poll the database for new comments, but only to have the script notify us if it was new within the last 5 minutes.

Well, that proved to be (at first) something I didn’t know how to do. Thankfully, with a bit of time, research, and trial & error, I was able to put together the code required. The result?

SELECT [SUBJECT],[INCIDENT],[CUST_ID],[COMMENTS] FROM [IncidentSQL].[dbo].[Incident] WHERE ([NEW_DTE] BETWEEN DATEADD(MINUTE, -5, GETDATE()) AND GETDATE()) AND (STATUS_EXT = ‘NFB’);

We select just the four fields of information we need, and the first WHERE statement subtracts 5 minutes from the current date/time, and the AND statement makes sure we only find help desk tickets that have had new comments added in the last 5 minutes, and are currently set to the current statusĀ only.

I felt it was quite the feat for someone who hasn’t done any substantial SQL scripting since 2003, and felt good about seeing the results work. Next, we have to figure out how to email the results to the tech support mailbox without adding a ton of complexity.

Windows Server 2012 In Your Small Business – Part 2

To be honest, I didn’t think I would ever write something praising IIS. I use Apache, though I know alternatives like lighttpd and nginx exist. But Apache is tried, tested, and proven to work. It certainly has its flaws (all software do), but it works well and to my liking.

Upon seeing what IIS 8 is capable of, I must say I’m a bit surprised. Microsoft appears to finally be taking the web seriously, and IIS 8 comes out swinging.

Server Name Indication is a new feature that makes hosting multiple secure (https://) websites on the same server far simpler than I have ever experienced. Traditionally, if you want to secure your website with an SSL certificate for any reason (e.g. you’re running an online store, you want user logins to be secured, etc.), then it was imperative that you also had a dedicated IP address for your website.

For the average small business this introduces additional cost, because the majority of web hosting providers will charge extra for a dedicated IP address. Even if you’re hosting your own website, you will still need to pull an IP address out of your pool for a seemingly trifle reason.

Server Name Indication changes the way IIS responds to a request for your secure website, making it possible to host multiple secure websites on the same IP address. I don’t know if nginx or lighttpd have Server Name Indication support yet, but as far as I know this is one area that would be a boon to any Windows Server 2012/IIS 8-based web hosting provider now.

In IIS 7, CPU throttling was really just an on/off switch. If the CPU limit was reached, IIS would simply stop accepting requests. That’s not really “throttling” now, is it? It’s a kill switch until the average CPU resources being used is below the limit set. Certainly not an ideal “solution.”

Now IIS can be set to use a specific amount of CPU resources, and Windows ensures that the affected application pool doesn’t go over that limit set. You can also set IIS to throttle itself when the system as a whole is under a heavy load, ensuring that IIS doesn’t add to the problem.

One last area I would like to highlight about IIS is Dynamic IP Address Restrictions. This feature can be configured to begin blocking traffic from a specific IP address based on the number of concurrent requests received, or the number of requests received within a certain amount of time. It’s not terrific, but it’s far better than having to watch your logs and trying to identify potentially malicious traffic manually. Similar protection now exists for FTP as well, which is nice to see.

That concludes the information I wanted to pass along about IIS 8. Keep checking back for more information on how Windows Server 2012 can benefit your small business.

Transportation On Patrol

I have a bone to pick with the “Transportation On Patrol” initiative that Aboutown entered into with London Police Services last year. I don’t know why I haven’t written about this until now, but I just saw an Aboutown taxi van with a sticker promoting the initiative across the top of the windshield, so it just reminded me of how misguided I feel this initiative is.

The ultimate irony of this program is that, when it comes to road safety, I feel taxi drivers are the biggest offenders. Everyday, during my commute across the city (the entire east-west length of the city), I see cab drivers violate several traffic laws:

  • Speed (sometimes more than 20km/h over the limit)
  • Run yellow lights
  • Run red lights (not everyday, thankfully)
  • Make illegal turns
  • Make rolling stops

If the program is only intended to get Aboutown drivers to report things like theft, arson, etc. then I suppose it’s a worthy initiative. I’m certainly not accusing them of doing anything but violating many road safety laws we’re all expected of adhering to. On the other hand, if LPS has the audacity to expect Aboutown drivers to report traffic law violations, then I would like to see one massive crackdown on cab drivers across all companies licensed to operate in London.

And, unfortunately, there is very little information currently easily accessible about the program. And I cannot think of one good reason as to why any cab driver would need to violate multiple traffic laws in one day. If anything, since they are so highly visible, they ought to be setting an example for the rest of us, gaining our trust, and inevitably our business.

Windows Server 2012 in your Small Business – Part 1

Windows Server 2012 was released just a few short weeks ago, and from what I’ve seen and read it is a significant improvement over the venerable Windows Server 2008 R2. While deploying Windows Server 2012 in a small business environment may seem like overkill, I have reason to believe it’s actually a very smart decision for a number of reasons. Those include:

  • A free hypervisor (Hyper-V)
  • Streamlined management tools
  • Increased flexibility
  • Better support for standards
  • Better remote worker support

And the list goes on. The balance of improvements done to the interface and the underlying code are almost 50/50, which will no doubt be a boon to any system administrator, especially those that administer multiple businesses or locations.

We’re going to start by covering Hyper-V, and how it can be used in a small business.

The easiest and most effective way to deploy Hyper-V would be to deploy the standalone Hyper-V Server 2012 onto a high-powered server. Hyper-V Server is not a full OS; it is solely the Hyper-V hypervisor deployed in a mode that does not require the full Windows Server running underneath it, meaning it is a bare-metal hypervisor. This has several advantages, but primarily it frees up a good deal of resources for the virtual machines (VMs) that are going to be deployed on the server.

Hyper-V itself has been improved with support for up to 160 logical processors and 2 TB of physical memory per host system, where VMs can be provisioned with up to 32 virtual processors and 1 TB of RAM. That’s a big step up for Hyper-V where it has traditionally trailed behind VMware’s ESXi hypervisor.

Hyper-V’s virtual switch in Windows Server 2012 has been enhanced with a great deal more flexibility. It can now be used for traffic shaping, protection against malicious/malware-infected VMs, and to make troubleshooting easier. The virtual switch also provides third parties developers with the necessary extensions and APIs so that they can add functionality into the virtual switch, negating the need for additional hardware.

My favourite part about Hyper-V Server 2012 is that it’s free. And you can put non-Windows VMs on it including Linux. So if you’re not a fan of IIS for hosting websites, or you just cannot part with that last FreeBSD server lying in the corner, have heart! You can move these machines to your Hyper-V Server as a VM and keep them running, without the added expense and infrastructure of having another physical box in the wiring closet/server room.

I’ll be covering off more aspects of how Windows Server 2012 can be used in a small business over the next little while. I hope you find this information useful.