About Me

My photo
JHC Technology is a Service Disabled, Veteran-Owned, Small Business based in the Washington, DC Metro area. Our primary focus is to offer customized solutions and IT consulting to our Commercial and Government clients. Our experts have a broad experience delivering and managing Microsoft Enterprise applications and Cloud and Virtualization Solutions, as well as mobilizing Enterprise data.

Friday, June 28, 2013

Protecting Your Small Business When Seeking Business Partnership Opportunities

Whether you are a small business that is starting out or one that has been around for several years, at some point it becomes essential to make and establish partnerships along the way with companies that will add value or be an arm extension to your business. Most firms to have the innate fear of setting up partnerships because they feel like they don’t know other firms as well, they’re afraid to give away too much information, or they just don’t want to be taken advantage of by other firms. While these are valid and understandable fears, there are actions you can take to protect the integrity of your valuable information, your resources, and your products. Creating partnerships often allows small businesses to take on projects they would not have been able to qualify for on their own, allows them to gain marketing momentum, and also share on some of the costs of doing business.

Before you enter into any detailed conversations with another business regarding partnership opportunities, value-added services, products you offer, and types of resources at hand, the first piece of legal documentation you should request to sign is a Non-Disclosure Agreement (NDA) or Confidentiality Agreement (CA). Essentially, this agreement signed by both parties delineates the key items that both parties will be protecting, such as technical documents, intellectual property, business processes, client or project specific information, confidential information (CI), etc. By signing this agreement, both parties agree to discuss confidential information about their business and both agree not to disclose the information shared for a specified period of time.

Once you and the prospective business partner have agreed that the relationship would be of mutual benefit to one another, it is advisable that before you begin executing any business activities that you set the terms of the business relationship with a partnership agreement. This can be in the form of several types of agreements, the most common to include:
  • Teaming Agreement (TA) for joint ventures
  • Subcontractor Agreement (SA) for services one partner will provide another
  • Master Services Agreement (MSA) for setting terms of future transactions
  • Reseller Agreement for allowing one partner to resell products/services of the other partner

You should always seek professional legal advice prior to signing any contracts and prior to attempting to write one on your own. As a small business, capital resources may be limited, so as an alternative, instead of procuring legal assistance for every contract you sign, it may be helpful to procure the assistance of a lawyer to provide a set of templates of such contracts that you can use on multiple occasions. Again, depending on the subject and terms of the business partnership, you will need to use your best judgment and seek legal advice. However, don’t let the fear of partnering with another business stop you from seeking new opportunities. These opportunities can be very rewarding in many aspects and will allow you to build your business in ways you may not otherwise be able to with the resources and capital at hand.

Wendy Dueri is the Director of Business Operations for JHC Technology.  She can be reached at wdueri(at)jhctechnology.com or connect with her on LinkedIn.

Wednesday, June 26, 2013

Database Encryption & Application Level Protection

Often times during a SharePoint implementation the topic of data protection comes up, and mostly, we end up leveraging Application Level Protection. In addition to Application level protection there are some database encryption methods that can be applied at the database level to protect the content.

Database Encryption

Below is description about different types of encryption methods that can be applied to protect the database.  With the implementation of SQL Server 2008 or above the best approach to encrypt the data is to use the Full Database level encryption. One of the major benefits of using full database encryption is that applications do not have to rely on built it functions to encrypt /decrypt the data and therefore prevents query slowness. 

 
Advantages
Disadvantages
Windows BitLocker
This service is available at the Windows Server 2008 and up. This type of encryption protects the data at volume level
·   Minimum impact on disk read/write
·   Volume level encryption protects system data
·   Backups and Logs are not encrypted
·   Logs are not encrypted
File Level Encryption
This service is available at the Windows Server platform. This type of encryption protects the database files. It specifically uses NTFS.
·   Easier to implement since it leverages NFTS platform.
·   Leverages Windows  key management store
·   Backups and Logs are not encrypted
·   Logs are not encrypted.
·   Need OS level administrative access on the server
·   Async  I/O can experience slowness
Cell Level Encryption
This is the legacy encryption method from SQL Server 2005. This type of encryption protects at the field level for the database. SharePoint databases cannot benefit from this type of encryption due to schema restrictions.
·   N/A
·   Cannot use with SharePoint
Full Database Level Encryption
This is new service called TDE (Transparent Data Encryption) that is introduced in SQL Server 2008. All the data get encrypted in the database mdf and ldf files. Only time the data is decrypted is when the information is read and display at the application level.
·   Full database backup
·   Backups are encrypted
·   Transaction Logs are encrypted
·   TempDB is encrypted
·   Encryption puts extra load on the system
·   Application independent. The application is not affected by encryption
·   Data in transit is not encrypted.  SSL can leverage to mitigate data in transit

Application Level Protection

Another level of security can be added to the SharePoint application by leverages Kerberos and SSL authentication. Kerberos and SSL help create a secure communication channel between the server and client. Kerberos authentication is a protocol in establishing trust and provides authentication. Both provide secure communication between the server and client.  Kerberos is available under the Windows platform and is mostly installed on a domain controller. Once the SharePoint architecture is associated to the domain, Kerberos authentication can be activated to provide centralized authentication and ticket granting service.  Kerberos authentication adds another layer for protection to the SharePoint environment. Some of the benefits of implementing Kerberos are following:
  • Double hop authentication using delegation.
  • Tickets are renewed after a certain time which reduces roundtrips to domain controller. Improves performance
  • Authentication at the Server Level

In order to implement Application level protection, SharePoint has to configure at a domain level with Active Directory authentication.



Hemant Datta is the COO  for JHC Technology.  He can be reached at hdatta(at)jhctechnology.com, @hdatta, or connect with him on LinkedIn.

Friday, June 21, 2013

Purging Your Devices

If you own a device with wireless capabilities chances are you are actively using that feature, whether you realize it or not.

OK, so let's narrow the scope down to smartphones and tablets. The top 4 popular operating systems on these devices are Android, Windows Mobile, Blackberry and Apple iOS.
I have used all 4 on some sort of device (smartphone or tablet or both) and one thing that has stood out like a sore "security" thumb was when it came to managing wireless (WiFi) profiles.
How many of you know how to get to your wireless configuration settings to add and remove specific wireless profiles?

For example, last year I traveled to a foreign country by plane. While I was in a DC airport waiting to board, I decided to connect to an airport pay-for-service WiFi on my iPad. I filled out the form and I was up and surfing. After a while it came time to finally board my flight and head off to my destination, but I had a 3-hour layover at another airport. So I decided to get on the Internet again, but this time it was a different service. However, this time it was free. So I decided to hook up all my other devices, such as Blackberry and Android tablets. So there I was, multitasking with all my electronics, until my next flight boarded. After a long day of traveling, I finally got to my destination, and like any electronic device driven person this day in age, I
connected ALL my devices to the Internet before I even unpacked the rest of my bags. 


After 10 days of fun I came back home and it was time to get back into the groove of things, work, 2+ hours commute and every-day life activities. While my vacation was now a memory relived through pictures, conversations and random thoughts, my devices had not been purged clean since they were holding onto the trip information still.

The good thing is that these "virtual" memories can easily be deleted. In fact, I highly recommend that you be paranoid and actively delete these memories from your devices. The main reason is in regards to wireless security, as related in my last blog.

Previously, I mentioned that your devices always beacon out looking for previous wireless
connections that are in your device profiles. Well in this story, I created extra wireless profiles on my iPad and on 2 other devices. Fortunately, I can delete these profiles on every device one at a time, except the Apple device.  I have many profiles on my devices and don't want to delete my home WiFi, my work WiFi or any other previously created WiFi profile on my devices. I just want to remove the ones that I know I will not use again.

So what I do is open my configuration settings on my devices and pick one profile at a time and delete it.  I do this on my Blackberry and my Android. However, the Apple device does not give
 me that option. The only option Apple devices give me is all or none...unless you are within range of said WiFi and the iPad (Apple device) detects the WiFi signal, at which point you can tell your Apple device to "Forget it" within your wireless configurations. So your only option if you use Apple device is to delete all the profiles. It is not so horrible, but just a burden and a best practice in order to keep maintain the security of your device.

So how many people do you think purge or clean their devices after they were done with an Internet connection they will probably not use again? I believe there are many people who don't want to deal with it, let it
 be and continue collecting WiFi profiles on their devices. I say to those people: Beware!
You really need to do a little cleanup with your devices every now and then and reduce your chances of getting owned.


Ernesto Fuller is the Senior Security Administrator for JHC Technology.  He can be reached at efuller(at)jhctechnology.com or connect with him on LinkedIn.

Wednesday, June 19, 2013

Storage Issues….

Helpdesk:  Hello, this is the helpdesk may I help you?
Caller:  Yes, I deleted all of my files.  Can you restore      them for me immediately?
Helpdesk:  Possibly.  Do you know when the files were deleted?
Caller:  Yes, about a month ago.
Helpdesk:  The storage tapes containing those files are offsite. It will take at least a day to bring them back. 
Caller:  But I need the files today.  I have presentation to do in an hour.  Is there any way around this process?
Helpdesk:  Unfortunately no, but we will work as quickly as possible to retrieve your data.
Caller:  Well, how long do you think this process will take?
Helpdesk:  At the least a day or two.  At the most maybe one week.  It all depends on how fast we can have the media containing the data returned to us and placed inside the storage device that needs to retrieve the data.
Caller:  Gosh, I may as well just recreate them.  Still, do what you can.  That’s an awful lot of data to attempt to recreate in a day.
Helpdesk:  Alright.  I will open a ticket to have the process to restore your files started.

As an IT professional, it pains my heart when I am unable to assist a customer in a timely fashion due to restraints. 

In this scenario, a user had deleted files sometime ago and only recently noticed that the files were gone.  Due to policies and procedures, the media containing the information was stored offsite, thus hindering the ability to assist the customer immediately.

Well, these days will soon be a thing of the past.  Amazon Web Services (AWS) now offers a plethora of storage options that can provide on-demand access at a minimal cost to almost any type of data that you can think of.  AWS storage services include:

1.     Amazon Elastic Block Store (EBS) Volumes which provide block level storage for Amazon Instances from 1GB to 1TB.  This means that you will have access to physical hard drives containing your data ready to use after a simple attachment to a running EC2 instance.

2.     Amazon Simple Storage Service (S3) which is an object store service that stores mission-critical and primary data with an easy to use web interface.  It is highly scalable, highly durable and the number of objects that can be stored in an Amazon S3 bucket is unlimited (whoa!). 

3.     Relational Database Service (RDS) which is a fully functional MySQL relational database.  It automatically backups your database and maintains your database software.  It is ideal for any application that relies on MySQL and its repository information.  It provides a highly scalable, durable, low maintenance database that does not require the need for very much code change.

With AWS storage options, the list goes on.  AWS has found a way to take the physical aspects out of network backups and storage options.  The cost to run any of the above mentioned storage options is pennies on the dollar compared to what it would cost to maintain a physical library and its peripherals, warranties along with other items  such as space issues and support for faulty equipment.  One of my current administrative tasks is to move current infrastructure backup operations into the cloud environment.  Check in with me next month to see how I will go about accomplishing this task.

Jeronna Freeman  is the Cloud Administrator for JHC Technology.  She can be reached at jfreeman(at)jhctechnology.com or connect with her on LinkedIn.

Monday, June 17, 2013

Mobility First: It's All Possible


When the word mobility comes to mind, I think of being in motion, constantly moving, being able to do everything and anything while on the move. With the type of job I do it’s very critical that I have everything I need in order to be successful. I can honestly say that I applaud the inventors of cloud computing which helped shape the concept of mobile computing. 

The development of Cloud computing has taken the IT world to its heights and is grabbing the attention of every industry all over the world. Mostly promoting security and the ability for multiple users to be on the same environment all at once, mobile computing is enabling companies to have more of a hold of their private records and keeping their employees and systems safe. 

Most electronic devices are now having features that can allow the user to conduct business with just a single touch. It all started with PDA’s, which were mainly used by businesses for inventory tracking, but now newer devices can be used for both business and personal use. 

When talks of mobile computing came up, there was the issue of size and how they could accomplish the mobility aspect of it. We started with desktop computers which were too large, and the need was for devices that needed to be smaller in order to achieve mobility. Eventually, hardware manufacturers got the right idea, and now mobile devices are being used by everyone, everywhere. 

As a result of the mobile computing phenomenon, businesses are now going mobile, even government agencies are starting to adapt to it. This is where firms like JHC Technology come in, to assist businesses in making their offices mobile by leveraging Citrix on AWS to deliver apps on all types of mobile devices. It’s an awesome way to conduct business, especially while working at home. I always have full access to all my data and apps while on the go, everything is connected and I don’t need to be only in one location to get my job done. It has now become a necessity to have, now a day you see people constantly in their mobile device either working, browsing the web or catching up with the latest news. It has become our way of life.

Kelechi Uzo-Okoro is the Administrative Assistant for JHC Technology.  She can be reached at kokoro(at)jhctechnology.com or connect with her on LinkedIn.

Friday, June 14, 2013

Save Money with a Wi-Fi Hotspot

With high cost to operate and use a Mobile device, such as a BlackBerry, we want to become accustomed to using the methods that keep charges down.  Everybody hates the large unexpected bill after a trip. If you are traveling or just nearing the end of your plan minutes for the month you may want to connect to a Wi-Fi hotspot. You may want to do this on a regular basis to keep your monthly usage low and stay away from experiencing any overages. A good practice is to turn off Mobile network and only turn on Wi-Fi whenever possible.  

I recommend you practice turning off the Mobile Network at home so you are familiar with how it is done once you find yourself in a Roaming situation.

Word to the wise;

  • If you make a call while connected with a Free Wi-Fi hotspot stay put until you are done talking.  Once you move away from the Wi-Fi hotspot your call will drop.
  • Before you travel internationally contact your carrier to ask “What is covered and what is NOT” while roaming. This could include your Internet email (Gmail, Yahoo and more).  This is considered data when roaming.  You are charged for roaming data even if you do not open the email account on your device. 
  • Ask about the cost to add International Data Roaming for one month, it may very well be worth the fee versus the surprise charges to your account afterwards.
  • Find out the fee for Instant messaging, SMS chat.
  • BlackBerry Messenger and Pin to Pin are both FREE
How to setup and connect to a Wi-Fi network

Before you begin, ask for the Wi-Fi name and password, if required. Most cafes and public places are starting to offer free wi-fi and generally require you to agree to terms of use prior to connecting. In other locations, it is becoming a common practice to secure the wi-fi network with a security key.  
You may also be provided security credentials (WEP, PSK, EAP-TLS etc...) in order to be connected. 
  1. From the Home screen,
  2. Locate and click the Manage Connections icon (For many mobile devices, this may be located in the Settings)
  3. Depending on the mobile device you will need to check the box for Wi-Fi and uncheck Mobile Network
  4. Your device will show a list of wi-fi networks, just click on the one you want to connect.
  5. If security key is required, you will be automatically prompted to enter it.
For Manual Setup:
  1. Select Set Up Wi-Fi Network > Other Ways to Connect > Manually Connect to Network.
  2. Type a profile name in the SSID field, type the name of the Wi-Fi network, Click Next.
  3. In the Security Type field, click the Wi-Fi network security type or credentials you have been provided.
  4. Click Save and Connect.
Just that simple, now practice.

Wanda Bannerman is the Mobile Architect for JHC Technology.  She can be reached at wbannerman(at)jhctechnology.com.

Tuesday, June 11, 2013

Building Your Own SharePoint 2013 Lab

Recently my wife decided that she had expressed an interest in learning SharePoint, so I said “Hey, there’s no better way to learn than to learning using the latest/greatest technology.” She would have to learn Windows Server 2012, SQL Server 2012 and the SharePoint 2013 Preview.  With that in mind, the goal was to build out a SharePoint 2013 Preview farm in a lab environment that would emulate a small/development environment.

The Prelude

This is not an exact step by step. Some of your own individual research will be needed to perform a lot of the “in-betweens”

The Hardware

The farm was built on my Macbook PRO utilizing Virtual Box. I truly recommend a desktop/laptop with a quad core processor and a minimum of 16GB of ram.

Software Needed

        Virtual Box

        Windows Server 2012 Trial

        SQL Server 2012 Trial

        SharePoint Server 2013 Preview

The Pre-Reqs

PreReqs can be downloaded via batch script. If you just want to let the SharePoint installer download everything, you can skip this section. If you want to perform an offline setup/install, see below:

  • .NET Framework 4.5
  • Windows Management Framework 3.0 (CTP2) – PowerShell 3.0
  • Microsoft SQL Server 2008 r2 Native Client
  • Windows Identity Foundation (KB974405)
  • Microsoft Sync Framework Runtime v1.0 SP1 (x64)
  • Windows Server AppFabric
  • Windows Identity Extensions
  • Microsoft Information Protection and Control Client
  • Microsoft WCF Data Services 5.0
  • CU Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB2671763)
1.     Create a new folder and copy PrerequisiteInstaller.exe and msvcr100.dll from the root folder of the SharePoint 2013 Preview ISO into it. 

2.      Create a subfolder named “PrerequisiteInstallerFiles” and copy all the prerequisites that you downloaded into there. 

3.     Create a subfolder under PrerequisiteInstallerFiles named “NET35″ and copy the contents of the Windows Server 2012 ISO \sources\sxs there.

4.       Create a batch file to install the prerequisites:

@ECHO OFF

set PF=”PrerequisiteInstallerFiles”

REM INSTALL NETFX3

dism /online /enable-feature /featurename:NetFX3 /All /Source:%PF%\NET35 /LimitAccess

REM INSTALL PREREQUISISTES

PrerequisiteInstaller.exe /SQLNCli:%PF%\sqlncli.msi ^

/PowerShell:%PF%\Windows6.1-KB2506143-x64.msu ^

/NETFX:%PF%\dotNetFx45_Full_x86_x64.exe ^

/IDFX:%PF%\Windows6.1-KB974405-x64.msu ^

/Sync:%PF%\Synchronization.msi ^

/AppFabric:%PF%\WindowsServerAppFabricSetup_x64.exe ^

/IDFX11:%PF%\MicrosoftIdentityExtensions-64.msi ^

/MSIPCClient:%PF%\setup_msipc_x64.msi ^

/WCFDataServices:%PF%\WcfDataServices.exe ^

/KB2671763:%PF%\AppFabric1.1-RTM-KB2671763-x64-ENU.exe

5.       Save the batch file to wherever you placed the PrerequisiteInstaller.exe and msvcr100.dll files. 

Create Your Virtual Machines

Create Windows Server 2012 three times.

  1. DC1        Active Directory Domain Services and DNS roles
  2. SP_CAS_13         SharePoint 2013 running Central Administration Server
  3. SPSQL   SQL Server 2012 hosting the SharePoint 2013 databases
Prepare the Domain

1.       Log onto your domain controller VM and add Active Directory Domain Services. 

2.       I used dev.internal for my domain name. 

3.       Configure DNS forward & reverse DNS

4.       Create the following domain accounts

o   SharePoint setup account

o   SharePoint Service Applications service Account

o   SharePoint Web Application Service Account

Install the SQL Server

  1. Log onto your SQL Server 2012 VM.
  2. Connect the SQL Server 2012 ISO image to the VM and run the setup.exe file located in the root folder.  I did not change any of the defaults.  For “Feature Selection” I enabled/installed ”Database Engine Services” and “Management Tools – Complete”.
  3. Create a login for your SharePoint setup account and grant the account db creator and db owner rights.
 Install SharePoint Pre-Reqs

Now it’s time to install the SharePoint Server 2013 prerequisites.  Perform the following steps for the Central Administration VM:

  1. Attach the SharePoint Server 2013 ISO to the VM
  2. If performing an online (download everything from the internet) setup, launch the PrerequisiteInstaller.exe from the root of the SharePoint installation media/ISO

Install SharePoint Server

 Now it’s time to install SharePoint!  Perform the following on the CA Virtual Machine:

  1. Log onto the CA VM using the SharePoint Setup Account
  2. Attach the SharePoint ISO
  3. Run splash.hta from the root of the SharePoint ISO and select the “Install SharePoint” option
  4. “Create a new farm”
  5. For the database settings, enter the name of the SharePoint SQL VM
  6. When installation completes, launch Central Administration
The configuration wizard will step through setting up shared services, the initial web application and site collection.

Now you have a fully functional version of SharePoint 2013 preview

End the End

It took me longer to write this blog than it did to actually help my wife build out her first development farm. In our next segment we will talk about installing development tools and the such. Stay tuned.

Gary Arrington is the Cloud Consultant & SharePoint SME for JHC Technology.  He can be reached at garrington@jhctechnology.com or connect with him on LinkedIn.