IT Spring Cleaning!

With Spring here, it’s time for a little cleanup. At Roundbrix, we’re only too familiar with those items that seem to get left by the wayside, yet they  can cause significant harm. Consequently,  we thought we would share a few tidbits of what we have learned in the last ten years.

Are we backing up everything we should?  This is a big issue and we see it all the time. We all get busy and add file shares here and there, or maybe a new database and somehow get pulled away from finishing the job which means including it in the nightly backups. Oh, this could hurt!

Do the backups actually work? I once worked with an outfit and discovered for two and a half YEARS, a gal would rotate the backup tape and take it offsite. The only problem was the backup job never ran! Folks, doing a sample restore of a file that was created yesterday will give you a ton of confidence that what you believe is in place is working.

Do these people still work here? Often times, folks leave and there are leftover items. They may still be a user on your system including e-mail. They may also have been granted VPN or remote access which may greatly expose your company.  Some may even still have voice mail set up and changed the greeting to something not very nice!  Another area of weakness we have discovered is when a user actually has been given the wireless access point password. What this means is they can sit outside in the parking lot, sit on your network backbone and attempt to get into employee accounts especially if passwords and security is not rigorous.

Can we get rid of those old computers? Sure you can, but realize what you can use and what you need to destroy before handing that machine into another party’s hands. What you should keep is usually RAM, especially if you have a lot of the same model machines. There’s not a machine out there that won’t benefit from at least 4GB of RAM and if it’s a 64-bit machine, it can benefit from using even more! It’s also an inexpensive way to stretch that IT dollar on those remaining aging units. On laptops, saving a couple extra power supplies might prevent you having to throw good money after bad should one fail. What you need to destroy is the hard drive as you don’t want ANY company data going with the drive. We use the HAMMER method with a pair of safety goggles – it’s like a sport!

Who has access to what? Ok, this is a bit more of an exercise but reviewing who has access to what makes sense. We would start at the firewall and look at the VPN list and ensure that access is not granted without VPN IPSEC access. We would also look at Access Control Lists (ACL) in the firewall. Additionally, just changing user passwords and wireless and administrator passwords every six months just makes smart business sense to catch those straggling items that are often overlooked. In more sensitive environments, we recommend a quarterly review and changing of the passwords.  Here, having a documented password change procedure makes sense.

Are folks surfing on my time and my dime? The short answer is yes, but is it at a point of excess is really the question? The policy should be simply “if someone needs to get a hold of you, they can call”. Other than that, ask folks to respect that work time is not play time. If that policy doesn’t work, you can put in web monitoring and application control, which is available on many firewall platforms that can prevent excessive social media abuse on business time.

These are just a few simple steps to keep you safe, secure, well-protected and productive.  As a business, you need Spring to be a time of growth as the vacation times start coming up pretty quick in Summer!

Let us know if we can help you button things up!

Advertisements

WebSite Performance Monitor and Attack Preventer!

Having a well-designed web site is great, but there are a few questions worth asking to ensure it is not only doing the job for you, but it is also not creating a liability. Yes, you heard me right.

You see, web sites contain data –  and they must. There’s data you intended for your audience, and other data that are only for the eyes of others- or just a little at a time.  There is a process called SQL Injection Attack. What happens is that hackers find a way to retrieve all or important data illegally for their own purpose, which could include putting you out of business or ruining  the good name you may have spent a veritable lifetime to build!

At Roundbrix, after protecting your data, security comes in a close second. It’s so important to us, we are our own priority consumer. But instead of keeping this great process and anti-hacking weapons to ourselves, we want them available to other outfits as well. After all, it’s Good Guy or Gal against Bad, right? So here’s what we’ve done. We’ve created the following total toolset that not only protects your interests .

SQL Injection SmartStopper. We use logic here that not only identifies when someone is trying to steal your data, but we identify them and block them.  We can also collect forensics if a law suit is involved to provide expert testimony on the prosecution end. There is a small setup fee and a smaller monthly charge to receive automated notifications of what was identified and what was blocked – automatically!

Web Performance Monitor.  We are able to monitor many pages of code and give precise response times. Warnings are sent out when thresholds you establish are exceeded. We can let you know exactly where and when it is slow. And when it’s down, we’ll notify you immediately. We also allow you to monitor specific keywords on web pages. Testing database performance and ensuring all is up and running is also part of this toolset.

Heartbeat Functionality. Here’s just another area where we separate ourselves from the crowd. We NEVER assume that because you hear nothing, that all is well. Our tools report to us if they are not operational, so in our scenario,  no news is bad news. It’s like your kid calling you to check in. If they don’t call, you don’t automatically assume all is well. Same holds true with intrusion performance monitoring tools. They need to report in just like in the Civil War, when the first cries of “Two O’Clock and all is Well” rang out to ensure the individual monitoring the enemy had not been taken out.

Related services.  Roundbrix offers a full suite of services to help you answer a number of questions as well as provide quick remediation to these and many others.

Are the database and internet servers properly tied down to one another?

Are database indexes optimized for performance?

Is the Internet server as fast as it should be?

How do I maintain proper PCI compliance?

Are your firewall permissions excessively creating exposures?

Is important information like client credit cards stored?

Is there a more secure way to conduct web commerce?

Is data stored properly and not kept too long?

As we most proudly enter our 11th year in business, we have never been better equipped or more resolute to helping companies succeed while keeping those with a patch over an eye at bay!

Call us for a free evaluation and quote!

When Two is Greater than Three or Disaster Recovery for Free!

This title reminds me of a childhood cartoon of Rocky & Bullwinkle when announcing the next episode, there were always two names for it. Here are a few examples:

Boris Lends a Hand or Count your Fingers!
Rocky and the Rock or Taken for Granite
Landslide on the Rails or Bullwinkle Covers His Tracks
All in Fever Say Aye or The Emotion Is Carried
Claus and Effect or Yule…Be Sorry

If you’re feeling nostalgic and need a bit more of this Rocky & Bullwinkle, here’s the YouTube link on Rocky & Bullwinkle starring Robert DeNiro.

To move on, we’ve been working to share the great news of the recent advancements in VMWare, specifically VSphere 5. But the very nature of this technology is so awesome it warrants another look, especially for your Disaster Recovery Plan and Property Use Tax bill, especially if you’re in Orange County!

Disaster recovery with VMWare. You’ll be pleasantly surprised when you get more functionality for less money. Remember that CPU utilization on an average server is only 15% unless it’s a heavily used database or application server. In summary, there are fewer and fewer scenarios where a Virtual Machine is not the solution. We firmly believe at least 75% of all servers should be virtualized.
So getting back to the 3 > 2, here’s the scenario.

In the above scenario on the left, if one of the three physical machines fail, you’re basically down in that area with all that it does. Not a good place to be if you’re planning on running a business. You get to react and perform damage control because you have just become a firefighter!

In the above scenario on the right using a VM Cluster, when one machine crashes on VMHost 1, it can automatically failover to the VMHost2 and life goes one. In being consistent with best practices, distribute your risk between VM Host machines. As is the case in life, flexibility and adaptability is what this is all about.

Orange County Use Tax. One of the areas I take issue with the most. When calculating use tax, it is based onPurchase Price, not what it is worth. So I have a 5-year old server that cost me $8,000 when I bought it, and today it is worth $500. The use tax is based on the $8,000. Not fair, but that is government. How you get even is with less physical machines as it’s just plain less tax. Go from ten physical machines to four, and your property use tax is reduced by 60% on these items for years to come, not to mention the savings in electricity! At the end of the day, monies paid in taxes could be better used for other business purposes or maybe give someone a raise – like me!

Six Keys to Avoiding Data Loss

At Roundbrix, we take data very seriously. After all, it’s the only thing we really cannot replace. Given that, there’s a few safeguards that we recommend so your data sleeps as well as you do!

1. Know Where Your Data Lives. This may sound silly, but what if you had nightly backups running, lost something, and went to restore the data only to find out you weren’t backing it up? Folks, this happens more than you would ever want to know. Often times data is on desktops when it should really be on a server where it gets backed up. Good company policy and procedures with occasional QA here is best practice.

And remember, if you install a new program on the server, create a new volume on a server or a new database, know that it has to be selected to be backed up. Just because it’s on the server doesn’t mean it’s backed up!

2. Backup Nightly with a Verify Pass. This is key to ensure that your data is restorable from the media. We used to call this “read after write” as it simply verifies that what is believed it wrote is indeed what can be read back. A simple check box verifies that all is well come ‘restore‘ time!

3. Take a Backup Offsite at Least Weekly. This is where you have to think through your pain threshold for data loss. In other words, if you’re building burned down, would losing a week’s worth of data make it even more painful? If the answer is an emphatic ‘YES’, then that means you need to take a tape offsite more frequently than weekly. Do remember a couple of things about taking tapes offsite. First rule is they don’t survive well in heat or moisture so get a proper transport and storage container. Second rule is ensure it is secure as the tape includes all your company information and if misplaced, creates a liability. You’ll want to account for your tapes periodically to ensure one didn’t ‘fly the coup’. If you’re a Roundbrix client, you can use our secure biometric-secured facility to store your backup data as frequently as you would like.

4. Periodic Reviews of What is Being Backed Up. This little step that we like to do every quarter to catch new areas created. Face it, we get busy and things fall through the cracks as we’re only human. Also, we occasionally find new databases that not only aren’t being backed up, but not set up properly for maintenance, safety and controlling growth. To know how to set up a database maintenance plan, see the article we previously wrote here.

5. Redirect My Document Folder to Server using Group Policy. Desktops and laptops will fail, but what’s important is that it does not take sensitive company data with it. Also, if it gets stolen or misplaced, has this just put your entire company at risk? Folks, keeping autonomy between the company data and the desktop/laptop device any more than absolutely required is simply good business. One of these failing should not send dangerous ripples through an organization like “Oh, Ed had all the company financials and client lists on his computer and now they are gone!”

6. Know How You Would Restore From Scratch. In a crisis situation, this is not the time to “figure things out”. We have “been there and done that” so rest assured we can get you back to where you need to be is short time. After all, the name of the game is first prevention, and secondly restoration. If the restorations took a month, what would be the point?

Current Projects

  • Access to SQL Database Conversion
  • Server upgrades
  • High Availability Firewall upgrades
  • Network Engineering and Performance Monitoring
  • – MAS Migrations

SQL Database Best Practices!

SQL MAINTENANCE PROGRAM:

Having a good solid maintenance strategy as part of your SQL Server database is a necessity for any company with a business critical application. It can be the difference of being down for a few minutes vs. being down for an entire day or several days. It can also manage space on the server better and if done correctly, can improve performance of the database dramatically.

The first part of a good database management strategy is to plan your backups. For a database that is frequently used and important to the company we recommend the following standard maintenance plan. In general it’s a good idea to do a full backup twice a day and transaction log backups hourly so you can easily restore the database up to the hour within minutes.

1. Back Up Full Databases Twice Daily

There are three Recovery Models

a. Full Recovery Model   –   What Roundbrix mostly uses. Safest mode of operation for production systems.

b. Bulk-Logged Recovery Model   –   Has minimum logging for bulk import operations. Space allocation and deallocation is only logged for bulk import operations. Basically a few limitations.

c. Simple Recovery Model   –   No transaction log maintenance needed. Recoverability of the database is very limited to a specific time frame.

If a database doesn’t change often, Simple Recovery Model may be an option. (i.e. a database that imports all the data from Quickbooks from previous day, etc.). The data is only used for reporting, so the Simple Recovery Model would work fine if timed properly. (after data is inputted from QB).

2. Back Up Transaction Log Files Hourly

A database has two components, data file(s) and transaction logs. A transaction log captures the modifications made to the database. A SQL server must have at least one transaction file.

With the Full Recovery Model, it is important to backup the transaction logs frequently so the database can be restored up to the point in time when the problem occurred. A transaction log backup will truncate the inactive portion of the transaction log.

The transaction log can get large and the file size will not be reduced when it is truncated after a transaction log backup. This simply shifts the pointer within the existing file as to where the space is to be freed up.

3. Rebuild Indexes Weekly

Rebuilding indexes should be done weekly during off-hours as this can sometimes be intensive and slow down the database. It is important to rebuild the indexes to optimize performance of the database. You can think of this like defragmenting your hard drive. After it is completed, everything runs just a little smoother and faster because space is optimized properly (doesn’t take as long to figure out where a record goes during an insert or update).

4. Update Statistics Daily

It is also a good idea to create a maintenance plan to update statistics daily. This optimizes space in the tables and can have an impact on improving performance of the database. If this never gets done (which sometimes happens in databases that are not maintained) performance can slowly degrade until it becomes a serious problem, adversely affecting application performance.

TYPICAL BACKUP PLAN FOR A DATABASE THAT IS BUSINESS-CRITICAL:

PROPER AND OPTIMAL DATABASE DESIGN:

One of the most common problems we’ve seen is applications where a query takes over 30 seconds only to find that one of the fields in that query has not been indexed. Beyond looking at the queries in your application to make sure the fields that are in your “WHERE” clauses are all indexed, there are some tools that can help. Using Microsoft SQL Server Profiler in combination with Database Engine Tuning Advisor is the easiest way to find slow queries and see what indexes may be missing, which could help improve the performance of your application.

For SQL Server Profiler first, select “Tuning”. Next, select the “Events Selection” tab, and then the “Column Filters…” option and “Duration”. Select the Greater than or equal to 3000, as we want to see queries taking over 3 seconds.

After about an hour of running the profiler, stop it. You should save the file to one that can be imported into a “Database Engine Tuning Advisor”. Run it to have the tool point out what can be optimized. Usually you can accept most of the suggestions from Database Engine Tuning Advisor and see a dramatic increase in performance.

The other important thing to look at in a database is how well normalized it is. Normalization is important so that information is not duplicated. One example is a company we worked with used 12 different excel sheets to keep track of similar information. However data that was supposed to be consistent throughout the different excel files was spelled differently and listed multiple times where it should have referenced by a table with a unique ID and one consistent value. We moved these 12 excel sheets into one database and created separate tables for the columns so information was normalized. This allowed the customer to do more sophisticated and accurate queries on their data.

The information above, when properly normalized, should be put into three tables as shown below. This way, “Hardy Boys” only needs to be updated once.

PROPER NAMING CONVENTION IS ALSO IMPORTANT:

Naming a foreign key differently from the primary key that it references can be very confusing to programmers. If the fields are named properly and referenced properly, it can save countless hours of confusion. I typically name the primary key as the table name with “ID” after it. So if Book is the table, BookID is the primary key. This is a pretty common way to name primary keys which will make it easier for programmers to understand more quickly.

It is also important to make sure you keep an ER (Entity-Relationship) Diagram. This is very easy with SQL Server by right clicking on Database Diagrams and selecting “New Database Diagram”. Then you can link the primary/foreign keys here and also add/update fields to the database-making database management tool very easily. Make sure all the tables are in the diagram and connected properly to the other tables that they should be connected to.

By following the tips above, you should have a solid robust database that will allow your company to grow without having to worry about database issues. For a free database analysis call the experts at roundbrix at 949.273.5200.

Ed