Top 25 Managed Services Myths

September 1, 2010

Despite being around for nearly 10 years, misconceptions about Managed Services continue to rage with customers and many in the IT industry. The following points help clear the confusion and dispel common myths:

  1. Outsourcing is expensive. Versus one or more IT staff the cost should be less when considering taxes and benefits alone. 
  2. By the hour costs less. Like gambling in Vegas, a break-fix mode may have stretches of little or no cost followed by a roller coaster of downtime and unexpected significant cash outlay in short periods.
  3. Managed services are all the same. Offerings and pricing models are dramatically different between providers, so pick based upon need and fit.
  4. Model to sell more stuff. While some in the industry have taken this misguided approach adding to the confusion, managed services are actually based upon saving cost for provider and customer with no motivation to sell product or bill by the hour.
  5. Managed service providers hold customers hostage. The customer still maintains control and has more documentation and feedback.
  6. Missing goals.  Just like any part of a business, customers should have clear goals that are defined and measured for IT.
  7. Management can forget about IT. In business, you can never fall asleep at the wheel and upper management should be educated on IT business aspects and regularly informed of ongoing operations.
  8. Someone must be on site all the time. With remote tools, response is fast and may be provided by multiple personnel versus an individual employee that may be occupied.
  9. Only an employee can understand. Most systems have common components and a provider has a breadth of like customer environments across several personnel over the limited exposure of a single employee and site.
  10. Managed Services are all or nothing. Many customers may choose to have a hybrid of IT and managed services for best function and lower cost.
  11. Managed Services solve all problems. Some users need basic PC training and hardware still fails occasionally.
  12. Recommendations are suggestions only. While the latest article or magazine may have some cool ideas, consistently ignoring professional advice can be as detrimental as ignoring your doctor.
  13. Phones are included. Even though on the network, phone systems have little commonality and less than 2% of providers support phone systems.
  14. Development included. Developing applications are another separate competency and project.
  15. Hardware and software is included. Unless leasing, products should not be part of a monthly fee.
  16. Ultimate competency. Just like doctors, individuals and providers specialize in specific areas.
  17. One vendor for everything.  Not just a bad business practice, but plain not feasible.
  18. Customer leads. The provider consults and assists with strategy and implementation, but the customer must convey clear and realistic expectations.
  19. Software Control. It is the customer’s responsibility to keep software in a locked cabinet.
  20. Cases unimportant. Customers should help in advising the provider of problems and providing feedback.
  21. Reports don’t matter. Just like financials, it is time to take a business approach.
  22. Turnover concerns. Most IT professionals change jobs every 2 years. Focus on provider approach and processes.
  23. Buy it anywhere. It may have been a good deal, but that consumer product bought at a retail store is going to cost you much more in the long run.
  24. Provider has full responsibility. Keeping business running and becoming more profitable is not about IT politics or blame, but rather clear and realistic expectations and measured execution.
  25. Adversary approach. Managed services are about a partnership in risk and cost for customer and provider.

Leave a Comment » | IT Outsourcing, Managed Services, Matrixforce, Oklahoma, Tulsa | Tagged: , , , , | Permalink
Posted by matrixforce

Cloud Computing vs. Hosting

June 1, 2010

Cloud Computing and Hosting are not the same thing. Hosting is defined as renting rack space and paying monthly for hosting your server as well as the bandwidth used. Hosting is a legacy option before Cloud Computing and you still have to account for management, disaster recovery, backup, security, and upgrades.

Let’s compare Cloud Computing for e-mail versus hosting. For both you have a project to get onto the service. With Cloud Computing you get gigabytes of storage, full use of Outlook, and SPAM filtering. In addition, you escape on-going upgrade costs, SPAM filtering, SSL certificates, and a failover plan and infrastructure for a 99.9% Service Level Agreement (geo-dispersed data centers around the world). The cost for Cloud Computing Exchange is generally less than 50% of hosting Exchange at a third-party and 70% of the cost of on-premise Exchange.

With hosting you are dependent upon unreliable and slow VPN access to Exchange as part of your environment. You still pay for upgrade, backup, SSL, and SPAM filtering. For the convenience of offsite Exchange, you are slower with the potential for similar downtime and still must deal with failover and disaster plans. For certain applications like an e-commerce web server hosted at the local rack space, this makes sense for the cheap access to bandwidth and failover generator for power failure.

However, for line of business applications like accounting, e-mail, presence, and document storage cloud computing wins hands down. Imagine having access to the data and services to run your business via the Internet, regardless if your sites have power or flooded or destroyed by natural disaster. Failover to another server or site is eliminated, as well as restore of servers in an emergency trailer. Basically, you are in disaster mode at all times and get to focus on improving business rather than worrying about the worst and paying to be an IT survivalist. While there is no silver bullet, Cloud Computing offers better reliability and lower cost than legacy Hosting.

2 Comments | Cloud Computing, Matrixforce, Oklahoma, Tulsa | Tagged: , , , | Permalink
Posted by matrixforce

Managed Services Defined

May 1, 2010

Managed Services is technology maintenance and support provided for flat monthly cost, based upon metrics such as number of computers. While other industries are trying to adapt the term, Managed Services only applies to the Information Technology industry as failed usage in other sectors such as Medicine or Utilities refer only to a suite of offerings that has little to do with flattening cost or being proactive.

Managed Services developed out of legacy maintenance plans where a vendor performed regular maintenance to ensure the life of equipment and catch problems before the customer was down. While most customers understand and practice regular maintenance on their automobiles, in the previous two decades most did not understand that need for computer systems and often opted to wait unit a costly outage. For Service Providers, this customer mentality meant that  it was either feast or famine and worse yet the customer paid more when in pain.

The key customer benefits to Managed Services are as follows:

  • Strategic Plan for management understanding and cost control.
  • Proactive network monitoring on 24x7x365 basis.
  • Remote desktop and server support saving the client and provider time and cost of travel.
  • Single point of contact for all network issues.
  • Regular management review on technology issues.
  • Single supplier instead of multiple vendors.
  • Defined Service Levels for response or uptime. 
  • Known costs for management & fixed price contracts.
  • Avoiding costs of building own management & reporting systems.

While many providers in the industry try to adapt, most do not have the business acumen and will not make any changes to their business model. That retail store is still trying to make margin on product, an ISP only wants to sell more bandwidth, the recruiting firm just wants to get people off the bench, and those 2-3 guys who move offices every year are just trying to do as little as possible and outsource to India. 

The following are not Managed Services:

  • Lease of equipment. It’s much better to buy a server than lease for $400 per month.
  • E-mail SPAM filtering. Buy a product or go direct to the manufacturer such as paying Postini $1 per mailbox per month rather than paying a reseller $4 per mailbox per month.
  • Third-party portal. Monitoring tools and portals should be offered by the provider and not resold product or outsourced staffing.

True Managed Services offer a cost and effectiveness value proposition for maintenance and support that cannot be matched by a full-time staff or break/fix hourly charges.

Leave a Comment » | Managed Services, Matrixforce, Oklahoma, Tulsa | Tagged: , , , | Permalink
Posted by matrixforce

Technology Tax

April 1, 2010

Whether you have a full-blown audit or simply get profit and loss information for the accountant, it’s time to reflect on last year and seek advice going forward. You’ll look at your top expenses and evaluate business goals while trying to get the most tax breaks possible.

But who is checking your technology, advising you on trends, and helping you to lower costs? Technology is your #4 business expense after salaries, taxes/benefits, and rent. Just like everything in your business it’s time to cut the fat and stop repeating the same old mistakes.

Your IT Department is obviously trusted, but they are paid to maintain systems and keep users happy. New things are always on the back burner and the technology is constantly changing. To make a sharper point, do you provide your IT an annual budget, regularly certify them on the latest technology, and measure their cost or performance to the financials? No.

We generally find companies have:

  1. Inadequate documentation for maintenance, disaster recovery, or business evaluation.
  2. Too much hardware and mis-matched software.
  3. Minor to significant system configuration problems and pending failures.
  4. No understanding of pending or future needs and associated costs or risks.

A regular review of systems and network security prevents businesses from flying blind and prevents IT conflict. This review should be done by a qualified IT firm rather than an Accounting firm. It should include a breakdown of the top business/technology categories, specific issues for resolution by system, and immediate to future recommendations.

Be prepared to hear some things you may not like, but it’s better to know and react than remain oblivious. You also should be open to new ideas to lower cost like managed services, virtualization, cloud computingremote monitoring, and online backup. Your IT likely needs help and would much rather have expert input and focus on helping the business than mundane maintenance tasks. If you chose to do nothing, you’re resigning your business to regularly paying a high technology tax.

Leave a Comment » | Cloud Computing, IT Outsourcing, Managed Services, Matrixforce, Network Security, Oklahoma, Online Backup, Remote Monitoring, Remote Support, Tulsa, Virtualization | Tagged: , , , , , , , , , , | Permalink
Posted by matrixforce

Better Recovery

March 1, 2010

It’s the typical Nolan Growth Model. You start out with RAID 5 and tape. Then you graduate to encapsulation with applications and data spread across several servers, but often it is simply with more tape and bigger or multiple tape devices. Finally, it’s time to invest in Direct Attached Storage (DAS) , Network Attached Storage (NAS) , Storage Attached Network (SAN),  and Online Backup. The answer of what to implement is different based upon the size of the business.

Small Business customers should consider buying two smaller servers rather than one large one. The servers should be:  1) A Remote Desktop Server (formerly call Terminal Server) for remotely accessing applications without complicated and failure prone VPN and 2) A domain controller/file print server. That old answer of buying monolithic Microsoft SmallBusiness Server and large server to run all those applications and tape or external hard drives is just too costly and maintenace/error prone. The most common mistake small companies make is leaving the tapes on top of the server or in close proximity and not buying new tapes annually. The tapes are usually damaged or wiped from Electro Static Discharge (ESD) or old tapes are past their write life and restore is impossible. External hard drives have the same potential ESD issue and most poeple don’t stop to think that while escaping multiple write limitation, any power surge will damage the external hard drives too. The best recovery answer is online backup. It should not be more than the recurring cost of legacy tape, require proprietary agents on each server,  or involve always calling a vendor to restore files or check backup status.

Mid-size and large companies have the challenge of much more data based upon a larger user base. Legacy storage options of DAS and NAS should be avoided. For the unintiated, these appear like good choices as it seems simple and inexpensive. Entry costs are less, but maintenance and growth is time consuming and exorbitant. The problem with direct attached storage is dependence upon the health of one server, space limitations, and difficulty expanding.  Problems with the additional RAID card may prevent a server from booting or cause data loss, the 2 TB partition limit means painful data migrations, and moving DAS to another server often requires a different RAID card and hours of installation. With the coming of NAS, direct attached storage is no longer a popular choice.

There is great confusion that NAS and SAN(s) are the same thing. A NAS is a 1995 solution for sharing data from essentially a file server running some limited firmware, rather than a full operating system. It has one way in and out to the network and line of business databases like e-mail and accounting or failover for virtualization cannot utilize a NAS. The RAID partition size limitation still exists and the only answer for growth is backup, buy new, and restore.

Storage Attached Networks (SAN) are the best answer for mid-sized and large storage needs because: 

  1. While entry costs may be higher, on-going cost for maintenance and growth is dramatically less.
  2. Snapshots provide quick local restore options and built-in replication addresses multi-site and disaster recovery needs.
  3. Multiple connections to the network allow the storage to be utilized by multiple servers with high performace multi-path I/O performance.
  4. Data appears local to any attached server allowing line of business applications to have fast access and near unlimited growth.
  5. Any server with additional network cards can be quickly configured to access SAN data within minutes.
  6. Volumes may be grown on  the fly and new SANs added to existing for pooled shared storage without reconfiguration or full backup and restore.

Finally, no discussion on recovery would be complete without mentioning the trend to simply have a smaller footprint and less to recover.  Many organizations are choosing to utilize cloud computing with online accounting, e-mail, and collaboration tools. Instead of simply moving servers to some hosted rack space and still having all the operational burden of maintenance and backup/recovery, cloud computing allows you to enjoy high service level without a physical location dependence or cost of monitoring, maintenance, and backup.

Leave a Comment » | Cloud Computing, IT Outsourcing, Managed Services, Matrixforce, Oklahoma, Online Backup, Tulsa | Tagged: , , , , , | Permalink
Posted by matrixforce

Essential Virtualization Tips

February 1, 2010

Server virtualization means converting physical servers into logical ones and running on less hardware. The concept is simple: use less energy, buy less server hardware, AND gain stability and reliability.  It’s the last part where amateurs stumble and customers get hurt.

Like everything in business, start with what you need regardless of technology and then research and pick a vendor based on that criteria. That ISP (aren’t they in the business of providing Internet access?) who touts financial stability in spite of having gone out of business three times, is likely not a fit for many reasons. Server virtualization requires knowledge of storage, networking, and migration.

Here are some tips to save you time, energy, and money:

  1. Follow the rules. Just because you can convert just about any physical server to virtual, doesn’t mean you should. Your whitebox and 32bit knowledge needs an upgrade to certified hardware and x64 (yes you need TOE for the NICs too).  Many manufacturers don’t support virtualization or only in certain configurations. Special functions like firewalls simply should not be virtualized. Just because it will run, doesn’t let you escape the fact you have no support for a problem. With channel inventory crunches like now, you could be waiting 30 days for replacement hardware, not to mention the cost of reinstalling and restoring on physical iron with all the business downtime. Even hardened gamblers cringe at such risk.
  2. Think in twos. You should have at least two physical hosts, two more switches for a separate network, and replicated storage. A major point of server virtualization is to add reliability so it is easier to recover from failures. However, many uninformed and unscrupulous vendors will sell only one physical host because it is cheap and easy. If that one server crashes, you’re out of business and worse off than if you had physical boxes because at least something would be running. If your data is stored on the same box, restoring is longer and more complicated.
  3. Invest in storage. Another major concept to understand is separation of processing and storage. This approach is how things like domain controllers on different physical hosts and Live Migration give greater up time. Get a Storage Attached Network (SAN) for multi-path data transfer and fiber is not required. While virtualization is a good time to escape tape and think about data replication,  DO NOT get a legacy Network Attached Storage (NAS) as it provides no advantage for speed or growth versus a traditional physical server. Again, many crafty providers will sell only one physical host and lease a NAS for backup because it is cheap and easy. The danger for customers is that as the virtual servers that include data grow, response slows and the huge hundred plus gigabyte virtual images are difficult to backup or restore. When you add the typical outsourced solution from India with no access for customers to verify backup or restore their own files, the captured high cost and low viability is more than insult to injury.
  4. Save on software too. Microsoft HyperV now dominates the market, has as many or more features, and costs less than alternatives. Plus, with each Windows Server Enterprise license, you get 4 free Windows Server standard licenses. Those myths about poor security and limited features have really hurt the competition. Windows Server Core had 19 patches (full Windows Server 34) last year versus 168 VMWare updates. Server Core is 73MB versus VMWare 4GB and features like Live Migration have eliminated any third-party advantages.

Starting in 1996, Matrixforce began providing virtualization which at that time was largely limited to terminal services. Fast forward to today, Matrixforce is the exclusive certified Advanced Infrastructure and Enterprise Storage provider in Oklahoma. Since we’re unconcerned with selling product or billable hours, we would welcome the opportunity to help you make an informed virtualization decision. Contact us at (918) 622-1167 Option 3 or e-mail sales@matrixforce.com to review needs or schedule a demo.

Leave a Comment » | IT Outsourcing, Matrixforce, Oklahoma, Online Backup, Tulsa, Virtualization | Tagged: , , , , | Permalink
Posted by matrixforce

Technology Vendor Selection

January 1, 2010

Who’s the greatest? Muhammad Ali of course. So why do most vendors seemingly have the same bluster?

In the technology industry, you better believe your own story, but there are things that all customers should ignore or move onto another vendor when they hear:

  • We’re the best or most experienced.
    Summing the ages of all employees and significant others is an obvious ploy. Also, a lot of advertising doesn’t make you the best.
  • We’re certified.
    That dated MCSE, archaic command line knowledge, and that on-line open-book hardware test don’t mean much today.
  • We want to be your trusted advisor.
    Who doesn’t?
  • We do good work real fast.
    Speed is fine, but it doesn’t rank in the most important aspects of technology implementation.
  • People like us.
    The inflated testimonial quote from a buddy and your girlfriend on your own website are transparent. That LinkedIn recommendation from your best friend about how honest you are doesn’t help either.

Generally, the younger the company the more repetitive and outlandish the claims. Before the feeds and speeds and myriad sales presentations, here are some points to quickly qualify the true professionals from the pretenders:

1) What is your need and their motivation? 
Start with your specific needs, preferably not  more than 6-10 concise and quantifiable phrases. It’s amazing how many clients don’t do this first step in helping to eliminate the bulk of vendors and focus on just a few. Then while you’re Googling, a dated and poorly done website is an initial warning sign. Other warning motivations include “doing it all for any and everybody” unclear focus, slogans beginning with their profitability first, and myriad logos of manufactures signaling an invested reseller pitch regardless of need.

2) How long have they been in business?
Much like restaurants, most technology and consulting firms fold in 3-7 years. This question will cut to the bone for many vendors and should be one of your top disqualification factors, as you’ll generally want a minimum 5  year solution. While that LLC startup may sound hip, you should ask how they are funded and true business background in addition to technical.

3) How did their business start?
The vast majority of technology companies start under less than honorable circumstances. Some of the stories are harrowing: individuals stealing company brand and tag lines and representing as their own, selling services for their new startup while working for their previous employer, downloading employer documents and processes for their new venture, and disparaging their employer and utilizing trade secrets to solicit existing clients and break contracts. Litigation is $50K to start and there is little protection for employers via law for such piracy, with only lawyers reaping the reward and offenders simply going bankrupt and starting again. Remember that the companies you pick have a great deal of access to your information and you do need them to be trustworthy. Ask for contact information for their previous employer and if that employer would hire them again. When you don’t hear from them any more or you get the real story from the previous employer, know that you dodged a bullet from making a big mistake.

4) What are the credentials of the owners?
Another dirty secret of the industry is that most principles have no degree. That former cable installer and PC assembler who got a MCSE in 2003 via their previous employer may be touting consulting experience, but with no formal training you’re taking a big risk. Knowing how to install software and hardware are drastically different skills from business process, planning, and understanding. This point comes back to the issues of credibility and longevity.

5) What is under the covers?
Throughout the selection process, you should be asking and evaluating what the vendor uses to do their job. Is the offering open and can you check it or are you restricted from even accessing your own systems? Is that Microsoft vendor really using a Linux box for monitoring? Why is the service provided by two or three companies? Do you want a foreign system from India and phone support transferred there? Finally, visit the offices. Lease space is cheap and many startups have a fake office and a few 1099 contractors working from home. You’ll know it when you see it as the office will likely be in a retail strip, have a plain black and white sign, and an odd wall facing the entrance protecting the view of largely empty space.

Throughout the selection process, it is a glaring mistake not to tell the vendors the other players who are competing because things you may have missed will be identified by competitors. Also, after selection let the short list candidates know who won and why.

1 Comment | Cloud Computing, IT Outsourcing, Managed Services, Matrixforce, Network Security, Oklahoma, Online Backup, Remote Monitoring, Remote Support, Tulsa, Unified Messaging, Virtualization | Tagged: , , , , , , , , , , | Permalink
Posted by matrixforce

Mailbox Upgrade

December 1, 2009

Microsoft Exchange 2010 was released last month. If you’re still running Exchange 2003, this would be a good time to break that old arbitrary rule about always staying one version behind:

  • Those ever-increasing requests and associated problems concerning e-mail archival and retention are now built-in with much more capability than previous versions and without third-party software.
  • Voice mail preview may delay or lessen that upcoming phone system upgrade as a new unified messaging feature.
  • New information protection features gives you much more ability to prevent leakage of confidential information.
  • Exchange 2007 is on year 3 of 5 for standard support and leaps in technology are now happening every 18-36 months.
  • The x64 hardware requirements are nearly identical and corresponding x64 server software is well beyond being mainstream.

Now each user can have their own archive mailbox with retention automatically defined by the organization and that is also available from Outlook Web Access. You have much better ability for compliance and legal hold. The web accessibility is just one example of improved user self-service. The new Role Based Access Control can allow users the ability to do their own message tracking. Mailbox resiliency as a whole is much better with Database Availability replacing Continuous Replication and the capability to move mailboxes without taking users off-line.

While you still must implement Rights Management for full information control, administrators may automatically notify users of potential confidential leakage and receive alerts of such actions. Windows Mobile 6.1 users will also receive new conversation views.

As with most line-of-business applications today, Exchange 2010 requires x64 hardware and operating system. Active Directory may be 2003, but the Exchange OS should be Windows Server 2008 and a Domain Controller role is not supported. Exchange may be readily virtualized, but this configuration is not supported with Unified Messaging and there may be some performance decrease when using advanced networking like ISCSI because large packets are not supported by virtual interfaces. Purchase only Standard Client Access Licenses, unless you will utilize Microsoft Exchange Hosted Mail Security. Exchange was never meant to be a document repository, so you’ll either need to move public folders to resource mailboxes or file shares.

Even though the media hypes Google as a threat to Microsoft, Gmail is still geared toward individuals. If you are a small business and haven’t investigated, Exchange On-line will offer the new 2010 features with much more capability than Google at about half the price per year ($24 vs. $50 per user per year).

Leave a Comment » | IT Outsourcing, Managed Services, Matrixforce, Oklahoma, Online Backup, Remote Support, Tulsa, Unified Messaging, Virtualization | Tagged: , , , , , , , , | Permalink
Posted by matrixforce

Channel Changes

November 1, 2009

Every so often the whole technology industry changes and 2010 will be one of those years. If you are responsible for purchasing or evaluating technology products or services, much of what you’ve learned and utilized to make decisions has already or is in the process of changing. You know your needs have changed as everyone has had to tighten their belt. If there’s been little budget spent in the last few years at your organization on technology, then the following are things to consider.

Being in the middle of the country, local understanding and adoption of current technology often lags the rest of the nation by 18 – 36 months. Making legacy decisions on current technology could cost your organization more, while positioning behind competitors with little hope of recovery. The four main areas you should begin to understand are 64bit, virtualization, remote access, and unified messaging.

64bit means the processing speed doubles as well as the amount of memory, but you don’t have to buy “enterprise” software. Servers and associated platforms and applications are now generally all 64bit compliant. Unless your line of business application (like accounting) is 64bit compatible, this is not the year to get 64bit operating systems on desktops as most productivity software like Microsoft Office does not have a 64bit version.

If you have four or more servers, it’s time to leverage virtualization. This simply means an application is running that runs several servers within one box. If this sounds risky, consider that you often run multiple things on a server with no concern. The difference with virtualization is that you can have a second server or host to copy the virtual server image files or have running in case of a failure. So recovery is in minutes rather than days for a traditional server failure. Microsoft Hyper-V is recommended instead of VMWare for no cost and little difference in functionality. Common mistakes to avoid are only purchasing one server host and not considering storage which should be a Storage Attached Network (SAN) box and not a legacy slow and costly Network Attached Storage (NAS) box.

Why are you using that VPN? It’s difficult to connect, often down, and slow. The time is now to see a demonstration of gateway services. You can use a browser for access, have a personal desktop, and even copy files without all the hassle. Most customers are choosing Microsoft 2008 Gateway services over Citrix to save the licensing cost. Be sure to ask your software manufacturer for compatibility.

Do you love your Blackberry and e-mail? Well, Blackberry now trails the market versus iPhone, Windows Mobile, and even the new Android devices. Blackberry devices require additional server hardware and licensing, so while they started mobility remaining viability is questionable. Likewise managing e-mail consumes tons of time for little business return. Organizations that implement instant messaging/presence often see a 30% reduction in e-mail immediately and get some time back to do real work. Use Office Communicator for roaming presence and integrated security versus free clients like Windows Messenger lacking these features. Add a camera and you can do everything but reach out and shake hands.

The major manufacturers themselves are changing, all rushing to offer more integration and hosted services to change forever the relationship with customers, partners, and resellers. We’ve all been taught over the years that multi-vendor solutions offer best-of-breed and better security, but many of the major players including Microsoft have been quietly adding integrated products like anti-virus and backup. You can’t really argue when an offering is by the manufacturer, for the manufacturer’s products, and does more and costs less than third-party offerings.

Microsoft has changed the Partner Program to the Partner Network, so there will shortly be no more undiscerning Gold Partners with some having high competency and the majority with the same designation simply selling software or having customers respond to a questionnaire. Further, individual certifications have all changed to specializations like Technology Specialist in Messaging or Enterprise IT Professional, so that MCSE from 2003 no longer has meaning. Hardware manufacturer’s like Dell are following suit, recognizing that the on-line open book 30 minute test is not a discerning certification. Established players spend significant dollars for their own infrastructure offerings and have teams of sales and technical people trained in current technology for an organization Enterprise Certification. Thankfully, soon gone are the days when a cabling contractor and PC builder can tout themselves as experts with no degree or current credentials, duping customers by marking up commodity products and adding no real value while wearing more logos than a race car.

Leave a Comment » | IT Outsourcing, Managed Services, Matrixforce, Network Security, Oklahoma, Online Backup, Remote Monitoring, Remote Support, Tulsa, Unified Messaging, Virtualization | Tagged: , , , , , , , , , , | Permalink
Posted by matrixforce

Hardware Firewalls Lacking

October 1, 2009

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. Since their creation, a battle has raged between those who believe a hardware or software firewall is better. In truth, even the hardware devices utilize some type of software and every product has its own strengths and weaknesses.

No matter what your opinion, the fact remains that Microsoft Internet Security and Acceleration (ISA) is the best protection for a Microsoft environment. The reason is because ISA authenticates access at the edge of the network rather than allow traffic to penetrate the firewall and access a server directly. For Outlook Web Access, Terminal Services Gateway, or SharePoint, ISA authenticates logons before any servers are accessed. For hardware devices, the appropriate port and URL is opened and direct access is provided to the server through the firewall. Conceptually, once you have access to the server it’s much easier to do harm.

Typical arguments tend to follow:

ISA is not a real firewall.
It has more than a 10 year history of use in all sectors including high security Government and Financial customers with highest certifications in the industry.

Windows has too many vulnerabilities.
Every system has discovered flaws and Windows/ISA has no more than any other offering. Further, ISA has Microsoft Update for security patches and enhancements while hardware updates are manual.

Hardware firewalls are faster.
Server processor, RAM, and NICs all offer higher performance and more expandability.

Hardware firewalls are cheaper.
Like everything in technology, it depends upon the offering and configuration on what is more expensive. Microsoft software generally has a 5 year standard and 10 year extended life cycle with servers warranted for 4 years. Most hardware firewalls have a warranty of 3 years with annual maintenance, so total cost of ownership over life of the equipment tends to be higher.

If you prescribe to the notion of having two firewalls from different manufacturers, you can put a hardware firewall in front of ISA and still enjoy the edge authentication and perks like Active Directory integration to filter by user/group instead of just IP address. If you must have a box to put in the rack, then purchase an appliance that has ISA. In 2010, ISA runs on Windows Server 2008 with more features and a new name of Forefront Threat Gateway.

Leave a Comment » | IT Outsourcing, Managed Services, Matrixforce, Network Security, Oklahoma, Remote Monitoring, Remote Support, Tulsa | Tagged: , , , , , , , | Permalink
Posted by matrixforce

« Previous Entries