Tekexpertise Blog

Internet Bandwidth refers to the amount of network capacity coming from an Internet Service Provider such as Comcast, Time Warner, Verizon and others. Internet bandwidth has increased fairly dramatically over the last few years and it has become much less expensive. Inexpensive Internet connectivity is available with download speeds exceeding twenty Mbps and upload speeds of nine Mbps. Fifty Mbps connections are available now or will be soon. Higher bandwidth speed should improve productivity.

Note, you should check with your current Internet provider. There is a good chance that you can get a faster connection at the same price or maybe even less than the monthly fee you are paying now.

As more and more applications move to the Cloud, faster bandwidth will become a necessity.  As I mentioned in my last entry, Cloud Computing is the emerging IT paradigm that has the potential to provide far better business solutions at lower overall cost.

If you are still using DSL or a T1, consider changing to a cable modem or FIOS connection. Not only will you get a much faster Internet connection, you will probably save money. Unfortunately, there are still some areas and buildings that don’t have either cable modem or FIOS capability. (Note beware of phone companies, even Verizon, advertising “high-speed Internet connectivity”. What they really are offering is DSL. Look for bandwidth of at least 20 Mb to be sure.)

The effective bandwidth users receive can be throttled in a number of ways. Like any other type of pipe, the throughput of an Internet connection is only as fast as the slowest connection between the Internet and the user. For example, older firewalls may only support ten Mbps or less of incoming bandwidth and an upgrade should be considered. The number of inbound VPN connections will affect effective bandwidth. Also, poor cabling or older switches will also affect the amount of bandwidth to users.

Finally, businesses need to know just how their Internet connectivity is being used. Often, some employees are using on-demand video applications such as YouTube or getting video at news sites, using Facebook, etc. Peer-to-peer sites, which distribute music and video files, consume large amounts of bandwidth. It is typical for these applications to spring up once users realize that the available bandwidth has increased.

If you would like to discuss this topic in more depth or have an analysis of your current Internet infrastructure, please send an email to ed.mchugh@tekexpertise.com.

Cloud Computing has matured greatly in the last year and is now a major technology shift. Basically, Cloud Computing means running applications across the Internet. In some senses the “cloud” is just a metaphor for the Internet itself. Organizations outsource applications to vendors who host these applications in their own data centers. Organizations access them over the Internet using a web browser.

With Cloud Computing, instead of owning a specific server or software license for an application, an organization pays a monthly fee. Details of hardware and software provisioning, configuration, management, monitoring, disaster recovery, etc. are provided via the Cloud vendor thereby decreasing the administrative and technical burden on organizations.

Cloud Computing has become feasible by the latest increases in Internet bandwidth, storage capacity and server speed as well as advances in software and tools. As each of these becomes ever more powerful, the value proposition of Cloud Computing becomes more compelling.

Major vendors such as Microsoft, Amazon, Google and others now have Cloud offerings. These companies have the capability to massively scale data centers to accommodate the demands of customers. Also, almost all organizations cannot provide an environment that is nearly as bullet-proof as these vendors can provide. The recent competition between HP and Dell over 3Par shows that large vendors are placing big bets on Cloud Computing as a new IT paradigm.

A major inducement to Cloud Computing is that the start-up costs are much smaller than provisioning the same application in house. However, it is not necessarily true that Cloud Computing is less expensive in the long term. An analysis of the economics of in-house IT infrastructure versus a Cloud implementation needs to consider not only the initial purchase of the hardware and software, but also the hidden costs of the on-premises power and cooling, the costs of the staff to properly maintain the infrastructure, software licensing costs, etc.  Furthermore, it is likely that as more competition comes to Cloud Computing as well as continuing improvements in computing overall, that costs will decline or remain steady while the value of the offerings continue to improve.

All organizations should now begin serious efforts to move at least some of the IT infrastructure to the Cloud. If you would like to discuss this in more depth or if you would like to put together a plan, please send an email to ed.mchugh@tekexpertise.com.

Many organizations have postponed server upgrades during the recession. As the economy recovers, these organizations may now be thinking about upgrades. Their servers have may be getting beyond useful life and are unable to run the latest or supported versions of software. Of a greater concern is whether their servers may be at risk of hardware failure.

Servers today are cheaper and far more capable than those bought four or five years ago. A good rule of thumb is to replace servers no sooner than three years after the original purchase (they are still under manufacturer’s warranty) and no later than five years. After five years, the probability of hardware failure, particularly for disk subsystems, goes up noticeably.

However, the best upgrade approach may not be replacing existing physical servers with the latest server hardware. There are two strategies to be considered before making that purchase. First, if there is more than one server that needs replacing, organizations should consider buying a more powerful server and use virtualization to replace two or three (or perhaps more) physical servers. Virtualization is the technique where multiple instances of server software, including the operating system, can be run on the same physical hardware.

An even more intriguing possibility is to retire at least some physical servers completely and outsource their functions. For example, organizations should not be hosting their own websites internally. Other prime candidates for outsourcing include email, CRM and Intranet servers.  Unless there are compelling reasons, there is little advantage to keeping those functions on internal servers.

For a relatively modest monthly fee, organizations can remove the administrative burden and expense of running their own servers. Further, these hosting companies provide the redundant power, Internet connectivity, spam and virus prevention, monitoring and other functions that most organizations would not be able to do cost-effectively themselves.

The number of hosted solutions is continuing to grow as “Cloud Computing” matures. I will be discussing Cloud Computing in a future blog post.

If you would like to discuss this in more depth or if you would like to put together a plan, please send an email to ed.mchugh@tekexpertise.com.

Every organization needs to be prepared for adverse events that could disrupt normal operations. Business Continuity Planning (BCP) is the discipline where organizations plan to handle these events.

A BCP strategy must have the flexibility to recover from partial outages as well as complete outages. Most events are localized and two of the most common are power failures and loss of Internet connectivity. Also, outages can include weather-related events such as snowstorms where employee safety requires them not to come to work.

The BCP process begins by analyzing the key business activities and their operational requirements. Interdependencies between activities need to be determined as well. Further analysis should reveal how long an interruption can last before the impact becomes unacceptable. Note that organizations can’t react too quickly to an event that may be of a short duration while waiting too long to implement the plan would cause valuable recovery time to be lost.

The analysis proves the information needed to create a plan. This plan has detailed information how each business activity will be recovered and where the recovery will take place. Recovery locations could include alternate sites, work from home or an unaffected part of the main site. The plan also should address the order in which each business activity is restored and when and how activities return to the affected site.

No plan is adequate unless your staff is trained on what is in the plan and what their roles and responsibilities are in case of an outage. It is also critical that run-throughs of the plan be done on a regular basis. New employees need to be trained on the plan when they join the company.

One of the key items of your plan is to identify one or more incident managers who have the authority to ensure that the outage is handled appropriately. An incident manager must have a clear mandate and the ability to direct people in all departments who are affected by the outage.

No plan is complete unless there is an ability to reach all the effected personnel to give them information wherever they might be. Automated systems are available that leverage multiple means of communication (home phones, cell phones, texting, etc.).

If you would like to discuss this in more depth or if you would like to put together a plan, please send an email to ed.mchugh@tekexpertise.com.

Your business is almost certainly highly dependent on data you have on your server(s) and PCs. Studies indicate that small businesses that lose their technology or data capabilities for more than 48 hours are in danger of going out of business. The good news is that some simple techniques which need not cost a lot can prevent data loss except in the most extreme cases.

Required:

You must backup your data and keep copies of those backups off-site. Data must include all primary business files, including those on employee PCs. Primary files include accounting data, email, work in progress and business process information. You should create a list of what those are.

For business with relatively modest amounts of data, Internet based backup is a great choice. Services such as Carbonite (http://www.carbonite.com) and Mozy (http://mozy.com/) are good choices among many options. Get a connection with at least 5 MB upload (that is from your systems to the Internet) and 10 MB download. Cable providers (Comcast, Time Warner, etc.) and Verizon FIOS can provide more than enough bandwidth for as little as $100 to $150 per month. Note that DSL is NEVER fast enough.

If you have a large amount of data, consider tape backup or backup to an external hard-drive. Be sure to bring at least a weekly full backup offsite, even if it’s to your home.

Better:

Businesses can’t rely on a single piece of equipment to run their businesses whether that is a server or the boss’s PC. Fortunately, virtual machine technology makes this less of a problem. Without going into the technical details, a virtual machine can take a snapshot of or server or PC and have it ready to be redeployed on another device.
Excellent choices are VMWare from VMWare Inc. (http://www.vmware.com) and Hyper-V from Microsoft (http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx). In both cases, they have free versions that will work just fine for most small businesses. However, these products require the assistance of an expert to configure and maintain. There are many capable technology service providers with virtualization experience.

Best:

The next level of protection means hosting your key server(s) offsite to a data center (sometimes called a co-location facility). These facilities provide redundant power, cooling and Internet capabilities as well as strong physical security for your systems. Most can provide monitoring to alert you in case one of your systems goes down and will provide some level of support to get them back up. All of your systems should connect via a high-speed Internet connection.
Some additional costs (other than the monthly fee at the co-location facility) include one-time costs of buying an additional firewall and switch and the initial configuration fees. Again, you need to have a service provider that is capable of configuring these environments correctly. The co-location facility may provide these services themselves or have partners they can recommend.

These are cost-effective techniques that can give you the peace of mind that your data and systems will be protected. If you would like to discuss more, contact me at ed.mchugh@tekexpertise.com.

Massachusetts has new privacy regulations that went into effect on March 1, 2010. These regulations affect almost all entities, except for government bodies, that have private information for any resident of Massachusetts whether or not the entity has an office within the state. Specifically, the regulations, commonly called 201 CMR, apply to entities that collect and store sensitive information that must be kept private. Here is a link provided by the state with general information regarding the regulation: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf.
In order to comply, a company must institute a security program designed to protect sensitive information associated with a person’s name: Social Security numbers, driver license numbers, credit card numbers and any financial/banking institution accounts and associated credentials. These elements must be protected whether they are stored on paper or electronically. The regulations provide for stiff fines for non-compliance or security breaches.
To protect this information, entities have to meet requirements such as: a written data privacy policy, functioning firewalls and anti-virus/anti-spam software, applicable security updates on all computers, and encryption of all wireless communications. Companies need to designate an individual to be responsible for the security program. In addition, encryption is required for protected elements that are passed to and from the Internet, are placed on laptops or on any other device (USB drive, thumb drive, etc.) that can leave the firm’s premises. Access to the protected data must be limited to those whose job functions require that access and data access must be protected by security policies that require strong passwords that are regularly updated. Users must also receive training on the policy.

Even the smallest companies can be put at great financial and reputational risk if there is a breach. Breaches need to be disclosed and non-disclosure could lead to even larger fines.

If you would like a tutorial or consultation on how your organization can have an effective policy, please email me at ed.mchugh@tekexpertise.com.