Why use the Configuration Logging feature in XenApp 6.5?

The Configuration Logging feature allows you to keep track of administrative changes made to your server farm environment. By generating the reports that this feature makes available, you can determine what changes were made to your server farm, when they were made, and which administrators made them. This is especially useful when multiple administrators are modifying the configuration of your server farm. It also facilitates the identification and, if necessary, reversion of administrative changes that may be causing problems for the server farm.

Below I have provided step by step instructions on how to configure this feature in XenApp 6.5.

Step 1: Left click on "Start (push button)" in "Start"

Step 2: Left click on "Citrix AppCenter (menu item)" in "Start menu" Step 3: Left click on "SOC Farm (outline item)" in "Citrix AppCenter"  Step 4: Right click on "SOC Farm (outline item)" in "Citrix AppCenter"

Step 5: Left click on "Farm properties (menu item)"

Step 6: Left click on "Configuration Logging (outline item)" in "SOC Farm - Farm Properties"

Step 7: Left click on "Configure Database... (push button)" in "SOC Farm - Farm Properties"

Step 8: Left click on "Server name: (This will be the name of your SQL server)" in "Configuration Logging Database"

Step 9: The username specified must have db_owner permissions over the database in SQL.

Citrix recommended to use Windows authentication as it’s more secure than SQL authentication.

Step 10: Left click on "password (editable text)" in "Configuration Logging Database"

Step 11: Left click on "password (editable text)" in "Configuration Logging Database"

Step 12: Enter the password for the Windows account.

 Step 13: Left click on "Next > (push button)" in "Configuration Logging Database"

Step 14: Left click on "specify the database (editable text)" in "Configuration Logging Database"

Step 15: Specify the database created in SQL

Step 16: Left click on "Next > (push button)" in "Configuration Logging Database"

Step 17: Left click on "Open (push button)" in "Configuration Logging Database"

Step 18: left click on "No (list item)"

 Step 19: left click on "Next > (push button)" in "Configuration Logging Database"

Step 20: left click on "Test Database Connection (push button)" in "Configuration Logging Database"

Step 21: left click on "OK (push button)" in "AppCenter"

Step 22: left click on "Finish (push button)" in "Configuration Logging Database (4/4)" 

Step 23: left click on "Apply (push button)" in "SOC Farm - Farm Properties"

Step 24: left click on "OK (push button)" in "SOC Farm - Farm Properties"

Step 25: left click on "History (outline item)" in "Citrix AppCenter"

Step 26: User left click on "History (outline item)" in "Citrix AppCenter"

Step 27: User left click on "Yes (push button)" in "No Filters Specified"

Step 28: Once History is selected, choose “Get Log” under the Action column on the right hand side of the window.

Step 29: As you can see, now that Configuration Logging has been enabled changes made within the AppCenter, such as the publishing of Apps or changes to the permissions of applications or policies will be logged under the History option located within your Farm under XenApp.

David Cuevas is a Jr. Citrix Engineer for JHC Technology.  He can be reached at dcuevas (at) jhctechnology.com.

JHC Integrates AWS CloudTrail

JHC Technology has integrated Amazon Web Services' CloudTrail as a best practice for all our AWS solutions.  AWS CloudTrail is a fully managed web service that provides increased visibility into a customer's cloud solution and user activity by recording the API calls on that customer's account.  JHC utilizes CloudTrail to perform the following services in order to provide enhanced security for our AWS customers:

·        CloudTrail is the first service activated on new AWS accounts to ensure every API call is captured from the onset of the account.

·        JHC configures CloudTrail to capture both regional and Global API calls while preventing duplicate global events in the logs.

·        JHC deploys custom Identity and Access Management (IAM) permission policies on CloudTrail to prevent unauthorized access to logs.

·        JHC Enables versioning and logging on CloudTrail S3 buckets for added protection.

·        JHC deploys and configures Splunk Enterprise Instance inside customer's Virtual Private Cloud (VPC) and integrates Splunk with CloudTrail in order to gain additional insight into security related activities.

·        JHC creates custom notifications on CloudTrail S3 bucket to immediately notify customers when objects stored are lost.

 

James Hirmas is the CEO for JHC Technology.  He can be reached at jhirmas (at)jhctechnology.com, @JHC_JamesHirmas, or connect with him on LinkedIn.

JHC to be Panelist at NIST Industry Day - Dec. 16, 2013

Craig Atkinson, JHC's Chief Technical Officer has been selected to be one of the panelists that will be presenting during this year's NIST Industry Day. The event expects to attract 600 registrants from around the DC Metro area seeking to learn more about the challenges of Cloud computing in the Federal Government.

The industry day will focus on the challenges that the Federal Government is experiencing when it comes to the disruptive technology, specifically around procuring Cloud services and infrastructure. As the landscape for procuring computing power is being transformed by Cloud computing, the industry day will attempt to address the changes in the market that can assist the Government in transforming the way it procures Cloud computing moving forward. The industry day also promises to touch base on the capabilities available in the commercial market space in regards to Cloud web hosting and content management.

JHC Technology will also have a booth set up where you can stop by, meet our team and learn more about what we have cooking in the Cloud today.

The Industry Day will be held at the NIST location at 100 Bureau Drive, Building 101, Gaithersburg, MD 20899 on Monday, December 16th. To register, visit https://www-s.nist.gov/CRS/conf_disclosure.cfm?conf_id=6571

Antivirus vs Antivirus

Do you have right Antivirus/Antimalware installed on your computer?
How many times have you received an email from someone you knew, but something about the email didn’t seem quite right? You shouldn’t trust everything you get from anyone. If you have been using a computer for sometime, you should be very well aware that having some type of antivirus is a must on your system. You should also keep that antivirus up-to-date.

How do you know you have the best and does it matter?
When it comes to antivirus, choice matters. A rule of thumb is to stick with the big boys, but they can be costly. Not all antivirus software are created equal and free doesn’t always mean better, just as expensive doesn’t always mean it will function with superiority. You should take the time to do some research on reliability, customer support and how often their product is updated.

Am I completely safe after installing antivirus software?
Once you have an antivirus installed you are ready to start scanning anything that comes in via e-mail or Internet downloads for any type of media. Your antivirus says everything is clear. More often than not, your antivirus may give you the green light, however, antivirus are not always perfect.

Chances are you may have heard of a buzzword such as zero-day. Zero-day is basically a geeky term to call a virus that may not be detected by many antivirus applications. Wouldn’t you like to have multiple antivirus applications installed on your system to cover as many types of malicious files? Unfortunately, installing more than one antivirus on a computer may cause you quite a bit of trouble. That type of software does not play well with others alike.

It’s like the old saying about oil and vinegar or better yet, it’s like beer and liquor…never been sicker. Well, having Antivirus Brand 1 and Antivirus Brand 2 installed on your system is like that. They could wreak havoc on your computer to render it useless or extremely frustrating.

Can I scan my files with multiple antivirus software that I don't need to install on my system?

Here is my tip to help you out get a better "warm fuzzy".

First, understand I am not asking you remove your antivirus installed on your computer. You need something on your system to keep you safe and you need to make sure you are keeping it up to date.

Modern day full antivirus suites scan e-mail automatically, as well as files downloaded from the Internet. I recommend keeping all foreign files in a specific folder until they have been vetted. Make sure your antivirus scans the files in that folder.

Now it’s time to scan a file with multiple scanners at the same time.

1. Virustotal (http://virustotal.com)

Open up your favorite browser and navigate to http://virustotal.com.

Click on the Choose File button and a window should pop up. Navigate to your folder where you are keeping the files in question and select 1. Finally, click the Scan It! button.

Please note that Virustotal may say it scanned a file already, but just to be on the safe side tell it to scan it again.

You should see a small window saying "file uploading". Soon after it’s done you will see that the "file is being analyzed". Right below that you will see the results trickle in. You will also notice that it is using several antivirus engines to scan your files.

It will display the antivirus brand followed by the scan result and date. That date is when that Antivirus was updated. Note that they are kept fairly up to date.

Virustotal uses about 47 different scanners. If these 47 scanners are still not enough for you, you can also try a couple of other websites that practically do the same thing.  In addition to scanning files, Virustotal also has the capability to scan URL links.

2. Jotti (http://Virusscan.jotti.org/en)

Jotti is another site just like Virustotal. Open up your browser, and go to http://virusscan.jotti.org/en:

Jotti, unlike Virustotal, lets you know up front what the server load is like. This is good if the server shows that there is a heavy load and you will have to wait or just go to another site.

The results page is simple and easy to read and also includes dates of updates and color coded font with its results.

3. Metascan (www.metascan-online.com)

Metascan uses 42-43 scanners and the results page is very similar to Virustotal and Jotti.

 

By using these three different options for scanning for viruses for viruses on your files you won't have to install or pay for additional software to do so. However, it is important to note that these sites are useful for scanning files only.  In addition, using these websites depends on having Internet access. Thus,  having an antivirus/antimalware scanner installed on your system is a must. Many of these applications also monitor your system memory and behavior.

Here is another link to another site, but it is not as simple as the others. However, you do have several options. If you feel comfortable give it a try:  http://anubis.iseclab.org/?action=advanced_form

Scan, be safe and prosper!

Ernesto Fuller is the Senior Security Administrator for JHC Technology.  He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.

Hybrid Cloud Solutions: Amazon Web Service (AWS) and Microsoft Office 365

Can Microsoft Office 365 and Amazon Web Services (AWS) work together?  The answer to this cloud riddle is YES.  

There seems to be an overall confusion between what these Cloud venders provide as services.  To be clear, Amazon Web Services is an Infrastructure as a Service (IaaS) provider and Microsoft Office 365 is a Software as a Service (SaaS).  

In enterprise deployments of Office 365, many organizations have requirements to manage and synchronize user profiles to Office 365, restrict user access, provide secure mobile access, and advanced Exchange/Lync/SharePoint management (Remote PowerShell and management consoles).  

In order to satisfy these requirements, organizations will need to deploy the following components within their controlled environment:

• Mobile Management Solution (Blackberry Enterprise Server 10)
• Active Directory Federation Services (ADFS) internal and proxy
• Exchange and Lync Management Console
• Remote PowerShell for SharePoint, Exchange, Lync, and other Office 365 components

Some of our clients have elected to move these components into their own Virtual Private Cloud (VPC) within Amazon Web Services (AWS) so that they can take advantage of the power of AWS (Elastic, Pay as you go model, network, high availability, etc…) and remove their dependencies on managing their own data centers. Once these components have been deployed they can be configured to integrate/communicate with Office 365 Exchange, SharePoint, Lync, and other Office 365 components.

JHC Technology has also designed and implemented virtual application and desktop technology to run on Amazon Web Services.  We are able to deploy the Microsoft Outlook virtual application as well as other office products on AWS and connect them to Office 365.  In this scenario, users are able to connect to an AWS region and access Outlook either via virtual desktop or virtual application from any device and pull down their Office 365 exchange mail securely.

Organizations should not be tied down to use only one cloud model (IaaS vs SaaS). They should look at their overall requirements and choose an architecture that is flexible enough to expand for future requirements.

James Hirmas is the CEO for JHC Technology.  He can be reached at jhirmas(at)jhctechnology.com,@JHC_JamesHirmas, or connect with him on LinkedIn.

Cloud Isn’t All or Nothing

One of the misconceptions that I run into as I visit potential clients is the amount of access a company like ours has when performing a cloud project for a company or individual.  Invariably, at some point, the question of data visibility comes to the forefront.  It usually goes something like this:  “So are you going to be able to see everything, because we can’t have that!”

The answer to this question is the same as many other answers we give when it relates to highly malleable cloud projects:  “It depends.”

Cloud isn’t an all or nothing endeavor.  Your data doesn’t have anything to do with our work, and whether we get to see the data is totally up to you.  I look at it this way:  A cloud provider, such as AWS, can come to the site at which you’re building your dream home.  AWS will put a Home Depot on the site and then leave.  AWS doesn’t tell you how to build your home, what boards to use, or whether that joint requires a nail or a screw.  All they do is keep the Home Depot stocked.  JHC handles the architecture and deployment, and we know all the best practices when it comes to using the material.  But that’s where it ends.  We can build your house without ever knowing what will go in it.

Your data is the same way.  We don’t need to see it and building your cloud environment isn’t dependent on having any access to it at all.

We are doing one project with a global organization in which we have full control of the cloud infrastructure we are deploying.  This infrastructure is being deployed in an AWS Virtual Private Cloud (VPC).  As part of the creation of the VPC, our client’s requirement was that the VPC only allows access from a specific set of IP addresses.  As it stands, that IP range is limited only to our client’s development servers.  What that means is while we can deploy a server into the AWS VPC, we can’t even verify its operation beyond the fact that the server is running.  We have no access to ping the server or remote into it.  The only access comes from the client’s on-premises machines.

Testing the capabilities of the cloud can provide tremendous insight for an organization.  Many times, involving an outside consultant with cloud experience is also the wise step.  But, don’t fret that you’ll need to give the ol’ “Keys to the Kingdom,” to your consultant.  You can build and test all sorts of services without exposing your data outside your organization.

Matt Jordan is the Cloud Services Manager for JHC Technology.  He can be reached at mjordan(at)jhctechology.com, @matt_jhc, or connect with him on LinkedIn.