All posts by admin

The Effect Of The PRISM Revelations On Cloud Based Providers

One the 6th of June this year, we woke up to the revelation of PRISM. PRISM was a program from the National Security Agency that was designed to collect the search history, email, file transfers and live chats from any online user in our country. They did this by logging in to our local servers. The revelations even showed how long various companies had been involve in PRISM, with Microsoft being the very first. They started to join in 2007, despite always advertising with “your security is our priority”. Apple was the last to join in 2012.

The revelations told us more. The Verizon network, which is the biggest telecommunication network in our country, received an order from the government to allow full access to the call records of their customers. This took place for three months between April and July of 2013. This information has been confirmed, and it turns out that it was actually a recurring request. The first time it took place was in 2005. And to top it off, Facebook had leaked the details of some six million of its users.

A Storm of Controversy

It will come as no surprise that these leaks caused a huge amount of controversy. The Obama administration was clearly involved in significant covert surveillance operations on its own people. Various technology companies denied that they had complied with requests, trying to save face (as well as money and customers). Google immediately said that they really care about their customers’ security. They stated that if they ever gave information to the government, they did so because the law told them to, and only after careful examination of the request. The vehemently denied that the government has “back door access” to Google.

The Consequences

These types of revelations were never going to go unnoticed, of course. As a result, people no longer trust their online providers, least of all those in our own country. Public providers have come under tremendous scrutiny and there is a demand for providers who will always protect their intellectual properties and digital assets. Solutions that are offered here are no longer protected by anything, and people simply do not want to put any kind of information online, and particularly not on the cloud, because they fear the government will immediately access it and read it.

The result is that cloud firms are already starting to lose out on loads of dollars, because people are moving away towards servers that are based in other countries with better privacy laws. Both Google and Amazon have noticed a drop in customers already and private clouds have seen an influx in customers. Private clouds are able to give that security that the data customers leave is completely safe and private. With a private cloud, the server is actually on site, or it is leased from a data center, where the provider has actual, physical access. The result is that if a company states they will not sell their data to the government, or even allow it access, then a customer is as certain as they will ever be that this will not happen. Unsurprisingly, cloud servers in Switzerland, a country known to have the strictest secrecy laws in place, are becoming more and more popular.

People all over the globe are becoming increasingly concerned, because customers no longer trust their government to allow them privacy. In fact, they feel we now live in an Orwellian society where Big Brother is watching our every move. However, because the internet has no borders as such, people are able to look for private, managed and hybrid solutions instead. Businesses and private individuals alike want to have control over how their data is governed and they are able to do this by simply going to companies that offer cloud storage abroad, or through privately owner companies.

The PRISM saga is long from over. Edward Snowden, who revealed all, is still stuck in Russia waiting to be given asylum somewhere. In fact, various countries have agreed to grant him asylum, but the government continues to use their PRISM program to find out which plane Snowden is likely to be in, forcing the plane if it flies through airspace of a country with an allegiance to our country. It is interesting to see that damage control for the government is not about placating its citizens, but rather about locking up the guy who told the truth. At the same time, this makes all of us even more uneasy about the security of our data locally and we are moving our data away faster than the speed of light.

Public Cloud vs. Private Cloud

Choosing Cloud option for your files and security is paramount to your success in defending network files and data.  There are three options available to the consumer and business marketplace and we will be discussing the benefit and disadvantage of each;

  1. Public Cloud – Shared files or folders like “Box.com, rackspace, justcloud, amazon cloud, Google cloud, and dozens of others”
  2. Private Hybrid Public Cloud – Shared Files, Applications accessible to employees from anywhere in the world with and internet connection.
  3. Private Internal Cloud – Shared Files Applications only available to employees within a private LAN and not accessible outside ISP’s

Public Cloud is the most popular and its popularity stems from it’s convenience.  It’s very nice to not manage any hardware systems and simply copy everything to an unknown web hard drive somewhere that allows you access 24/7.  The problem is it’s your data, your gold, your work and it’s being sent to a server with hundreds or thousands of other people.  With NSA spying, hackers and simple mistakes your data easily falls into the hands of those you may not want to see your information.  There’s always a great saying that an office is secure as long as you trust every vendor, janitor, employee that is in it. The public cloud has a massive disadvantage that people forget – We do not know who is on the other side of the keyboard in a private cloud.  How many people have admin access to those servers?  Do you trust them?  The sad truth is the data is almost in the open once uploaded to the cloud as there are huge amounts of people that work there or are contractors there that could get the data. The problem is compounded by the service offering that says they back it up to different data centers all over the world meaning you would have to trust all those people.

Private Hybrid Public is excellent for convenience as you can still not only access your files from anywhere like public cloud offers, but you also have access to application execution, a feature cloud providers don’t touch.  Private hybrid consists of you acquiring a virtual workstation software, making your own server that you control the host for your users.  This way you control the data, the security and more.  The disadvantage is some maintenance and setup along with the usage of a dedicated or virtual server to run the software 24/7.  For those with some technical knowledge the private hybrid allows the best of both worlds of immense security and control, while providing users convenience.

Private Internal Cloud is identical to Private Hybrid Cloud with one exception – that users can access the files only when connected to a Local Area Network or Wifi the company offers.  This private Internal Cloud options still requires you dedicate a server to the hosting tasks, but gives the added layer of security that only internal users may participate.  This option works well for individuals that want to bring their own device BYOD to work and utilize different systems, laptops and even ipads, which are increasingly being used at work.  Private Internal cloud is the most secure but convenience of remote access suffers.

Virtualize Your iPad and iPhone

iPad and iPhone may become virtual workstations with a simple application downloadable once an organization has dedicated a computer to receive the ios request.  It works simply by an itunes free app which simply requires an ip address or hostname (if applicable) in it’s configuration. Connecting allows you to see a program window with available applications, icons and shortcuts.  Double clicking on them through iphone / ipad allows virtualization of that device and displays for the user the running program and data that is on the host computer.  With different profiles on the host gateway computer an ipad  or iphone can run applications like Microsoft office and other complex apps without loading anything on the ipad.

The tips and tricks for ipad / iphone configuration:

  1. Ensure your Virtual workstation software is installed and you have that hosted with a public or private routable IP Install the Virtual Workstation software
  2. Never click to remember the password in case you misplace your iphone or idevice
  3. Log out when you are done using your host gateway connection.

It’s really that simple with the I-devices. Running huge applications and data files with remote horsepower gives ipads and iphones encrypted channel to enormous power. MS Word can open through the ipad in a second and provide access to all your files remotely.  Best of all there’s nothing ever on the ipad. The iPad and iPhone also have keypad touchscreen capability for editing.

Virtual File Sharing

Sharing a network folder containing files along with Windows permissions is an easy way to ensure users can only open the files and folders they are natively allowed to open.

Process of enabling virtual shared files:

  1.  Authenticate as different users to ensure each user has permissions granted and restricted based upon authority.  An IT administrator can do this by right clicking folders of the shared drive and reviewing Security tabs.
  2.  Test permissions and restrictions.
  3.  Install VirtualWorkstation software
  4.  Configure Virtual Gateway Host computer/server to allow for file explorer application. Then change the users my documents profile on the Virtual Gateway Host computer (local profile) to map to the shared drive // path.
  5.  Test access and security from remote or virtual computer connection or workstation.

Hosting Apps Virtually

99% of our experience with a computer is using applications.  For virtual workstations the elimination of the distraction of computer configuration allows a simple window to represent the available programs to the user community.  Permissions can be placed on some apps to only allow certain users access.  Application usage will load programs like  MS Office, Word, Outlook, Notepad, custom EXE’s, Databases, and more through the connections enabling users to not have local installations of heavy applications.  This configuration helps to reduce help desk, eliminate timely program updates when dealing with multiple computers, and centralized security and files.

  1. Install the Virtual Workstation software
  2. From the Host Server open the configuration window and find tab “Applications”.
  3. Browse for the desired EXE and click select.
  4. By Default the icon for things like MS Word will populate and you’ll be instantly sharing.
  5. For custom Codes, ports, command line special needs for EXE’s, enter that in the Application Configuration once you have selected the appropriate shared program.

Publishing applications becomes a simple and fast way to centralize horsepower and security while allowing powerful application experiences on items such as Ipad, iphone and all manner of Windows and MAC PC’s and Laptops.  The best part about the program is that only the visual representation of the monitor is transmitted so it’s fast and does not burden the end-user connection machine.  Publishing applications should be done only where there is sufficient licensing with the applications being published and the rights to the license exist.

Setting Up Remote Computing

Work from Anywhere is being demanded for many organizations.  Often only a few are allowed, but when offered, it can improve productivity or empower remote or road warriors to see their data remotely.  Law firms can now see files in their corporate office via their iphone with  a click of an iPhone app.  Workers can use, edit word documents, excel, and even have outlook anywhere.  In essence you can run your entire business from an ipad, that actually has zero data on it if stolen.  Construction love having capability of seeing huge PDF’s of blueprints while onsite with and ipad, and zooming to the page and detail and not carrying any paper.  Doctors can use it.  Even students can use it if there are special apps or even special needs apps that can be accessed by students from anywhere, anytime from any device.

To enable Remote Computing

  1. Install the Virtual Workstation Host software on the Server, AND the Virtual Workstation software for the client (or download via itunes for IOS)
  2. Ensure you have a public or private IP statically configured to connect to.
  3. Open the Firewall and forward port that you chose to the static internal IP
  4. Open the app (ios) or the Application to connect and enter the IP (public or private), along with credentials.
  5. See your remote apps and enjoy your new connection!
  6. By Default the icon for things like MS Word will populate and you’ll be instantly sharing.

Printing Local Vs. Remote

Printing is traditionally one of the most difficult areas of Virtual Office configurations.  Fortunately the right software can in fact allow printers to show up when users are using normal applications like Word, Excel PDF etc when trying to print.  Correct configuration offers the optional printers as the company printer networked or accessible from the Virtual Gateway Host computer, and the printer drivers loaded on each individual client.  In this way a connection from user 4 will display optional printers they have on User4’s machine AND the corporate printer.  Remote printing can also be disables if security prevents such remote printing.

Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software.

Creating a Cloud Shared Drive

Virtual Server is offered free via HyperV from MS Servers, while VMware will cost.  Using a virtual server is identical to the setup of a physical server, with the exception the you first create the virtual server 2008 64bit etc., and allocate sufficient memory.  We recommend 8 or more GIG ram. You will need a Static IP for the virtual server.  This Virtual server becomes the dedicated computer or server to stay on and be the “Main” server for virtual connections.  By creating the static IP for the device (192.168.xx.xx) you can then connect via the end user application or IOS app into the virtual server.   Firewall settings can be made to forward certain ports that contain the encrypted usage packets to the correct machine via a PORT FORWARD rule.  If you don’t want to enable outside connections, simply do not create a firewall rule (one to one NAT or forward), and enjoy the connect from anywhere within a LAN convenience from any device via a direct 192.168.xx.xx path.

Network setup is simple once you have found a powerful computer or server with Tons of RAM.  A software designed for windows (best on 64 bit) will be sufficient.  The software will always listen for connections, then respond, ask for authentication, and begin the process the user requests for applications, data and more.

For Networking, there are some general practices that you will need.

  1.  Load the software on your virtual server by visiting _____________ if you do not already have it.
  2.  Determine what applications are needed (office, word, etc), find file shares required across company (shared drives) and where they reside.
  3.  In the setup options configure to allow users to copy / paste, remote print and timeouts for disconnected sessions.
  4.  Load end user applications on MAC and Windows machines, or IOS apps.

To Purchase software, you will need to visit ___________  and select the appropriate amount of concurrent user licenses.

Determining which applications that can be used is one of the most important but commonly overlooked decisions in virtualization.  Only about 5 programs are generally needed or used.  By Virtualizing, you can actually increase your security by allowing through the virtual only the applications you want the organization to use.

Shared files and enforcement of AD or other folder / file security is then offered once purchased, allowing some users access to certain shares while others cannot.  Making a quick list of who can access what prior to installing the software can help speed up the installation and ensure compliance with your policies.

Computer / Server sizing is important and a virtual host uses tremendous amounts of memory to be capable of real-time service to multiple users. It’s a good rule of thumb to allocate 2Gig per user if you want fast performance.  One computer (non – server) can usually host 5 virtual workstations, while beefing up the ram and processer or switching to an 8Gig server 2008 can probably service 12-15 without an issue.

Creation of the users is simple as you can simply create a profile on the Gateway for each user, load their email, files and more.  Some organizations can even have shared drive access elsewhere that is usable by the virtual workstation.  Best practice is to create a “LOCAL” profile on the Gateway PC or Server, and then logon and make sure everything works.  The virtualization will come when someone connects via remote client software, IOS, or other method and be provided with the applications and data you pre-loaded.  A user switching from one device to another is a non-issue as the gateway has all the information and nothing is saved on the connecting device.

Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software.

Keeping Service Up with Microsoft Patches

Microsoft Update does not plan for compatibility with others, rather simply releases what it wants.  On rare occasions these patches can change the way windows works and alter the ability of users to access the virtual workstation host, gateway or server.  Fortunately there is a best practice when virtualizing:

To Maximize Uptime and defend against serious MS patches that can take you down:

  1.  Isolate the PC / Server acting as the Virtual Gateway Host machine, in that no-one can access it but the IT.
  2.  Update all the patches and AV prior to installing Virtual Office software, which can be downloaded at ____________.  If you need a good intelligent AV system, take a look at ________________.
  3.  Disable patches and automatic downloads of Windows Update.  Instead schedule a periodic time once every few weeks to download and install the patches.  Remember to backup BEFORE you patch.
  4.  Ensure Firewall policies and filtering policies do not allow the Virtual Gateway Host machine to surf the Internet via the Virtual connection which could open the machine to malware.

Setting Up a Virtual Network

Virtualizing in a network requires you find a dedicated computer or server to stay on and be the “Main” server for virtual connections and create a static IP for the device (192.168.xx.xx).   Firewall settings can be made to forward certain ports that contain the encrypted usage packets to the correct machine via a PORT FORWARD rule.  If you don’t want to enable outside connections, simply do not create a firewall rule (one to one NAT or forward), and enjoy the connect from anywhere within a LAN convenience from any device via a direct 192.168.xx.xx path.

Network setup is simple once you have found a powerful computer or server with Tons of RAM.  A software designed for windows (best on 64 bit) will be sufficient.  The software will always listen for connections, then respond, ask for authentication, and begin the process the user requests for applications, data and more.

For Networking, there are some general practices that you will need.

  1.  Load the software on your server visit Here to download a free trial if you don’t already have it.
  2.  Determine what applications are needed (office, word, etc), find file shares required across company (shared drives) and where they reside.
  3.  In the setup options configure to allow users to copy / paste, remote print and timeouts for disconnected sessions.
  4.  Load end user applications on MAC and Windows machines, or IOS apps.

To Purchase software, you will need to visit Cost of Virtualization and select the appropriate amount of concurrent user licenses.

Determining which applications that can be used is one of the most important but commonly overlooked decisions in virtualization.  Only about 5 programs are generally needed or used.  By Virtualizing, you can actually increase your security by allowing through the virtual only the applications you want the organization to use.

Shared files and enforcement of AD or other folder / file security is then offered once purchased, allowing some users access to certain shares while others cannot.  Making a quick list of who can access what prior to installing the software can help speed up the installation and ensure compliance with your policies.

Computer / Server sizing is important and a virtual host uses tremendous amounts of memory to be capable of real-time service to multiple users. It’s a good rule of thumb to allocate 2Gig per user if you want fast performance.  One computer (non – server) can usually host 5 virtual workstations, while beefing up the ram and processer or switching to an 8Gig server 2008 can probably service 12-15 without an issue.

Creation of the users is simple as you can simply create a profile on the Gateway for each user, load their email, files and more.  Some organizations can even have shared drive access elsewhere that is usable by the virtual workstation.  Best practice is to create a “LOCAL” profile on the Gateway PC or Server, and then logon and make sure everything works.  The virtualization will come when someone connects via remote client software, IOS, or other method and be provided with the applications and data you pre-loaded.  A user switching from one device to another is a non-issue as the gateway has all the information and nothing is saved on the connecting device.

Printing can become a burden if users are offsite so make sure to know if you want to allow home printers to be used before you install and configure the software.

Virtual Network Viewed on an iPad