Group Policy – Scaling without Increasing Cost

It’s no secret that when a company grows, costs rise. One simple reason might be payroll. Another might be the need for more space or additional resources. In the Microsoft suite of tools there is something called Group Policy (GPO). Simply put, this is the ability to impose security and workflow disciplines in an environment. This can be done on both a machine and user basis, and can also be grouped. Here are a few examples:

Rerouting ‘My Documents’ to a Server: At the end of the day, if a PC crashes or a laptop is stolen, what happens to the documents on it? If they were not rerouted to the server, you had better hoped they were backed-up, although this is not the case. This tends to result in some angst and anxiety as folks grapple with data loss or worse yet, possible exposure of confidential company and customer data. Had ‘My Documents’ been rerouted to the server, no such exposure would have resulted.

Mapping a Share: This can be done on individual or global levels. It means that you can maintain uniformity in your outfit, so that “Drive K” on one computer actually refers to “Drive K” on anyone else’s computer that has permissions to this share. Additionally, you can have folks that can “view only” separate from those that can “Edit, Create or Delete”. The name of the game here is to give permissions as required, but not excessively as that creates exposures.

Assigning or Replacing a Printer: Say 50 people are individually mapped to an “All In One” machine that performs copying, printing and faxing. But alas, it’s at “End of Life” and they gave you a smoking deal on a new one that does twice as much in half the time! You have two choices here. You can visit 50 desktops or you can push out the new machine with a few clicks and voila, everyone has it nearly instantly.

Preventing Unauthorized USB Devices: These USB drives are great. But when trying to contain internal security and folks taking confidential data offsite, these are among the greatest of liabilities. You can lock it down so that no USB mass storage devices are allowed, perhaps except for a few authorized individuals. Again, it’s not looking for bad, it’s about protecting the mother ship.

Forcing Password Changes: We see more Post-It notes than you can imagine with passwords. Moreover, these passwords are rarely changed. These should be changed either every three to six months or when a security breach is encountered, especially if you have systems that are accessible remotely. Group Policy makes this automatic.

Forcing New devices to have Anti-virus Software before allowing Network Access: We love this one, as folks tend to accidentally bring in infected devices, including MACs, which sometimes are not affected, but are quite effective as ‘carriers’. Regardless, we have the ability to ‘force’ compliance to ensure that those new devices requesting access to your network are compliant before they are allowed to touch any data.

Distributing New Application Versions: A new version of a client/server application is released, but now comes the laborious task of loading on 30 PCs or so. Never fear. If there is an install package, often times referred to as a MSI (Microsoft Installer) package, it likely can be distributed automatically.

At the end of the day, there’s a reason you’re on a Microsoft Network. What is key is to leverage that the functionality so it earns its keep – like the rest of us!

Ed

Advertisements

Look before you VoIP!

As technology would have it, the train keeps moving forward, but at times it feels like we’re losing passengers. A lot of new speak and talk, but what does it all mean? In this ever-changing world, technologies are leap-frogging one another. How decision-makers choose today makes more difference than ever. Not just for the initial purchase, but in coming years. Allow me to me explain.

For background purposes, I have been in technology for over twenty years and have seen a lot, but the VoIP thing has a lot of folks perplexed, and for good reason. Here, I will try to clarify the most common areas of confusion. We want to help you make a smarter decision here as you entertain your next phone system or a move where maybe your current phone system has seen better times.

Understanding the Cost Components. As with any technology, what’s important is to clearly understand the cost components to any system. In doing so, the cost/benefit equation needs to remain in balance. With a phone system, there is: 1) the infrastructure (main pieces), 2) the handsets, 3) the adjuncts (other pieces connected), and 4) the ongoing cost of maintenance which include moves, adds and changes. At the end of the day, we need to have an understanding of total cost over useful life and then employ the cost/benefit equation. The longer the useful life, clearly the less cost per year, so this component is truly key.

Understanding Reusable Items. Here’s where a lot of savings can occur. For many manufacturers, like AVAYA, the reuse of phone sets as much as 5-7 years back can allow you to either significantly reduce the cost, or perhaps buy the infrastructure pieces first, followed by new handsets over time. I cannot stress how much this can save, but over 30% savings is not uncommon. Upgrading from same brand to same brand is typically the only scenario in which this strategy works well.

Another important reuse item is premise cabling, specifically CAT3 cabling still in so many buildings. Only AVAYA can reuse all your existing cabling by using digital phone sets which have the same functionality as VoIP, without the chatter!

Digital versus IP Phones. Here’s where the rubber meets the road. Let’s start with costs. An IP Phone will run you $400 to $500 for Avaya and a bit more for Cisco. Digital sets are $100-$150 less and basically have the same functionality. You also need to know that if you plan on or need to run gigabit Ethernet at the desktop and use the same network drop, the IP phone needs to be gigabit as well. If not, you just slowed down the PC’s network speed tenfold. Ouch!

You may also need to replace your network switch with a PoE (Power over Ethernet) switch at a cost of $3,000 and up for a managed PoE switch offering, which you need to prioritize voice traffic to eliminate VoIP chatter. PoE essentially powers the IP phone, otherwise you’ll have to pay another $50-$80 per power supply. It’s really not structured to save you a whole lot.

So let’s say you are a single facility with 25-75 users. There is no real benefit for VoIP handsets. But say you have 50 people in one location, a smaller location with 10 folks and another 15 sales folks in regional home offices. Now you could benefit from VoIP. It would be nice if there was a best of both worlds scenario. Well, you’re in luck!

What you do in this situation is implement an Avaya IP Office 500, deploy the lesser expensive digital handsets in the office, and deploy VoIP softphones or handsets in the field. The routers we use in home offices are $80 each and properly tag voice packets to minimize or eliminate VoIP ‘chatter’.

VoIP Downsides. I love technology, probably more than most folks. I live it, breathe it, and at times, get frustrated with it. But at the end of the day, the name of the tech game is to not make it more complicated or have more pieces than necessary. This strategy tends to keep costs under control and makes troubleshooting simpler.

But there are a few significant challenges to VoIP. The first is the chatter component. Look, we can control voice packet priority on the one or two ends we control (main site and remote site), but we cannot control the Internet itself and latency and congestion issues within. This chatter can be quite prevalent, especially if you choose a ‘hosted’ VoIP solution.

The second downside is if you have all of the voice and data on the same switch (as is the VoIP model) and the switch fails, you not only lose all of your data traffic, but your ability to make and receive calls as well. Double ouch! A failed router can have a similar effect as well. So you moved up in technology, but added points of failure. Not sure about the win here.

A third issue is that data issues can now affect voice, and this includes troubleshooting, which now gets a bit more involved and costly. So a bad PC network card could bring your voice quality to its knees. Also, you could have a glitch on the data network which could effectively drop every voice call in the building. Not nice!

Summary. The items here are not meant to discourage the newer VoIP technology, but to help in selecting the proper technology best suited for the need and not overcomplicate your infrastructure. It’s important to keep it as simple as possible, which will keep the total cost of ownership (TCO) well in check.

Ed