1) Disable 802.11a and b where possible, consider turning off 802.11g: There are scant few devices that only support the old “A” and “B” standards still in use. Most wireless networks are still setup to be backwards compatible with these devices. Consider turning off support for these old standards. The “G” standard is also a candidate, but that depends more on what kinds of client devices you allow on your network.

2) Disable low mandatory data rates: Related to the old standards, most default wireless configurations specify low mandatory data rates, such as 1mbps. What many don’t realize is that many wireless implementations send all control and management frames at the lowest mandatory data rate, while multicast packets are sent at the highest mandatory data rate. Simply setting the lowest mandatory data rate at something reasonable like 12mbps can drastically increase your performance since the management and control traffic can now clear the air faster.

3) Only invest in dual-band/dual-radio Access Points – right now the 2.4ghz spectrum is crowded, with only three non-overlapping channels available. The 5ghz space has a lot more room and available channel space. Supporting both will allow your clients that support the 5ghz band to take advantage of it. Of course the higher the frequency the lower the effective coverage, which means in the real world that you may need a few more access points. The ability to shunt your clients that can support it over to what it a relatively wide-open radio frequency will pay for itself quickly by way of increased performance and better capacity for growth.

4) Use WPA2-Enterprise for the best possible security – Tying your user login and password infrastructure in with wireless access gives any company a great deal of flexibility in keeping their network secure. You no longer need to distribute a Pre-Shared Key (PSK) to users. If an employee leaves you can immediately disable their access to the wireless network without affecting anyone else. Coupled with Active Directory you can easily grant wireless access to computer accounts that are members of the domain, avoiding the need to grant access to user accounts altogether. There isn’t a lot of overhead for a WPA2-Enterprise setup, but it does require thinking through RADIUS server and Certificate Authority considerations. If you absolutely must do WPA2-Personal with a PSK, make sure the PSK is at least 16 characters or more and have plans in place to deal with changing the key on all devices that use it should the need arise.

5) Think Big – The major vendors have all come out with some great tools to help you control the radio space. Application Visibility and Control allows you to see what types of applications are being used over wireless, such as video streaming, email, VoIP, etc. You can then decide what traffic you wish to disallow or, with a properly designed Quality of Service (QoS) map, mark as either a lower or higher priority over other traffic. Guest networks allow to you have an easy way to place visiting sales professionals, consultants, or other third parties Internet access without connecting them to your corporate network and exposing your own systems. Take advantage of these features to ensure a reliable experience for your users.

6) Controller-based or controller-less: This is one of the big debates among wireless right now: should you go with a controller-based system (where a central device manages and coordinates the APs and their traffic) or a controller-less system (where each AP may pull a configuration from a central source but handles the traffic of its connected clients directly) for your network? There are benefits and side effects of each, but here’s what most of the vendors leave out: the right solution for you largely depends on HOW your underlying wired network infrastructure is laid out. The control available with a controller-based system is a nice benefit, and if your backbone is robust can be a great fit. In a network that consists of many standard-grade interswitch connections then a controller-less solution might be the better choice. Some vendors also offer the ability for a hybrid approach. The point here is that it’s important to not overlook the relationship between the wired network and your wireless solution.

7) Location, Location, Location: The placement of the access points can influence the performance of the wireless network. Construction materials in the building can absorb or reflect radio waves. Interference from microwaves, wireless  camera systems, even the WiFi systems of an adjacent business can also have an impact. It’s possible to get a good signal through trial and error, but a professional site survey can provide a solid understanding of where access points should go.

As part of our commitment to helping our clients get the best performance of their information technology, we’re pleased to offer a full range of wireless network assistance. From design and troubleshooting, we’re ready to assist you. We can provide a professional site survey quickly, depending on the size of the area you’d like to cover with WiFi. Click here for a detailed description of our Wireless Survey Offering, or contact us for more information!

w32tm /config /manualpeerlist:“0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org”,0×8 /syncfromflags:MANUAL /reliable:yes

Note that the begin quotation mark goes before the list of server addresses, but NOT the colon after /manualpeerlist. I’ve bolded the quoation marks in question to highlight them. This is the piece that many websites show incorrectly.

One challenge that repeatedly comes up is in regards to permitted web browsing. A few of our clients work under a much larger entity that controls web access through proxy appliances, namely devices by Blue Coat. This isn’t to point them out specifically, as what I’m about to describe seems de rigeur across the web filtering industry niche.

These specific customers are troubled often when trying to research a technical issue. Perhaps they, like many of us, do a google search of the problem. They see in the results something germane to their issue. When they click on the link however, the proxy appliance that is maintained by the controlling organization’s IT team blocks access to the page, because that organization decided they wanted to block anything in the “Blogs/Personal Pages” category. (Click here to see the definitions for these categories used by Blue Coat)

So while researching the issue I noticed that Blue Coat’s own security blog was not classified as a “Blogs/Personal Pages” and pointed this out to them. They agreed that it should be put in this category according to their current definitions. Blue Coat helpfully pointed out that an IT Department could craft rules that would, for example, allow websites marked as “Blogs/Personal Pages” only if they were also categorized as “Computers/Internet.” While useful, the cold hard fact is that often IT teams don’t do this: it’s simply more effort on already overworked IT groups, and such groups are apt to want to keep things as simple as possible.

This sparked a short discussion on whether lumping “Blogs” and “Personal Pages” together made sense in 2013. While this may have made sense in late 90s when LiveJournal and Blogger were very dominant and the blog format was akin to a web diary, this seems to make a lot less sense here in 2013 with nearly every corporate and news/media site sporting some kind of blog, or even multiple blogs. Do we categorize every website as a “Blogs/Personal Pages” simply because they  all have a construct that resembles a blog in format? Isn’t there a world of difference between a personal journal or website (anyone remember geocities?) and a site like scotusblog.com, which reports on the proceedings of the United States Supreme Court?

We feel that there is a huge difference, and in today’s age it no longer makes sense to put these all together in the category of “Blogs/Personal Pages.” It’s confusing structure for content. Besides, aren’t personal blogs more likely to be called tumblrs today?

Surprisingly, we received a very speedy reply from a Senior Manager over at Blue Coat and they agree that this is certainly something worth revisiting. They’re in the middle of their annual category review summit, and have decided that this is a topic of worthy discussion. They’ve promised to let us know what happens, and have asked quite a few questions of us as to what our customers are seeing. We’ll be sure to share any response here.

Of course it’s pretty well known that Microsoft requires a premium Exchange CAL to use Personal Archives, and that you also must be running the Enterprise Edition of Exchange Server 2010. Fair enough, even though I think personal archives is a feature that every company small or large can really benefit from and should be something Microsoft is pushing harder. What ends up being a confusing topic is what version of Outlook is needed to access the personal archive, and this is where our client ran into snags.

Microsoft has until recently been very confusing on the topic. Until the 17th of March, this page included the following text:

“Personal Archive is available only when you use Outlook 2010 as part of Microsoft Office Professional 2010 or Microsoft Office Professional Plus 2010 with a volume license.”

As of last week that sentence has been removed and replaced with a link to this page, which spells out the licensing requirements. To summarize, according to this you need to be running a volume licensing version of Office Professional or a stand-alone retail license of Outlook to access the personal archives. Which brings me to my client’s situation – they prefer to purchase Office with their PC purchase, which Microsoft of course encourages through the Product Key Card add-on that comes pre-installed, just purchase a code for the version you want and it’s unlocked. Unfortunately, there is NO Office Bundle that they can buy this way that will let them access personal archives. It’s either volume licensing or stand-alone editions of Outlook. (Note: versions of Outlook 2007 can also access Personal Archives with a recent patch, but that is beyond the scope of this discussion)

So kudos to Microsoft for getting their act and language together around what version can do what. We have to give them a big raspberry though for leaving the retail market pretty much high and dry when it comes to a version of Office that can be bundled with a new PC purchase that supports Personal Archives. We also have the give them another shake of the head for parsing the features of Exchange and Outlook so much that you need an advanced degree in confusing marketing to figure it out. So not only do you need Exchange Enterprise, and a Premium CAL for Personal Archives, you now also need a volume license edition of Outlook to do the job. This is the type of stuff that drives customers crazy.

To be fair, in Exchange 2010 Personal Archives can also be accessed through the Outlook Web App, but we think this leads to an inconsistent experience for the users. Here’s hoping that Microsoft finally wakes up and realizes the companies that pay top-dollar for the retail version of Office Professional deserve the same feature set as a volume license buyer.

Finally, in a separate but related topic, there is a lot of bad information out on the Internet around what you need to be able to import PSTs into someone’s mailbox or personal archive in Exchange 2010. I’ve seen blog posts that say you must have Outlook installed, that it must be a mailbox server, etc. As of Exchange 2010 Service Pack 1, NONE OF THAT IS TRUE.

To be able to import PSTs into an Exchange Mailbox for Personal Archive, all you need are the Exchange Management Toools. That’s it.

Happy messaging everyone!

It was a full year, and we’ve had the opportunity to work on some great projects such as Exchange 2010 migrations, Office Communications Server pilots, VMware migrations, and a host of other technology challenges. So busy in fact that it’s been tough to keep the blog up to date!

I’d like to share with everyone some exciting news. Every once in a while one of our customers comes to us and asks if we can procure hardware and software for them. The answer has always been that we can put them in touch with the right folks thanks to our industry connections, and we at Walker IT Group, LLC will help ensure everything is spec’ed out correctly.

This has happened often enough that after much consideration and planning, we are pleased to announce that we have officially become a reseller of IT equipment and software! We’ve put agreements in place with two distribution powerhouses: Ingram Micro and Tech Data. Through our relationship with these firms, we’re now able to offer our customers a wide selection of products from thousands of different manufacturers. When it’s time to purchase new equipment, please think of us, we’d love the opportunity to present you a free, no-obligation quote.

Additionally, we’ve also partnered with select companies that align well with our offered services in order to give the customers that ask for it the ability to have a “one-stop shop” for their IT Infrastructure needs. Please see our “Partners” page for more details on the current roster. We will periodically review our relationships and maintain a suitable mix based on the needs of our customers.

We of course recognize that many of our existing customers prefer to buy their equipment and software through their own sources, and we’d like to reiterate this doesn’t present a problem at all. The service you’ve come to expect from us will continue to be available regardless to where you’ve purchased your equipment or software.

Finally, while these partnerships are important to us, let me re-assure everyone that we primarily think of ourselves as a service provider. To that end, if the right solution for your business is from a vendor that we don’t have as a partner we won’t hesistate to recommend that solution for you – arriving at the right answer for our customer’s businesses is more important to us than proposing an alternate solution just because we happen to sell it. At the same time, we’ve carefully selected our current partners because we feel they offer some of the best solutions in the industry.

We’re excited about the opportunity to expand our offerings to our customers, and we weclome your feedback and comments.

What is it?

Microsoft KMS is a service that companies who have volume licensing agreements for their Microsoft Products can activate installed copies of their software.

What’s covered?

As of this writing, KMS covers all volume licensing editions of Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, and Office 2010.

What are the benefits?

KMS makes it possible to deploy and activate the products listed above WITHOUT DISTRIBUTING YOUR LICENSE KEYS TO ANYONE. Think about it – by using KMS you no longer have to build unattended installations with your license keys in the answer files, or give your license keys out to your IT team responsible for deploying software.

Another benefit is that after a set period of time (by default 6 months) if a computer cannot contact the KMS server the software is “deactivated”. This is useful for laptops that are popular theft items.

How does it work?

Every computer running Windows Server 2008, 2008R2, Windows Vista, or Windows 7 has the ability to become a KMS server. Additionally there’s an add-on for Windows Server 2003 that does the same thing. For Office 2010 activations there’s a small installation program available from Microsoft that will add support to an existing KMS server, however this can only be run on a KMS server running on Windows 2003, Windows Server 2008 R2, or Windows 7.

When you turn on KMS  server it publishes an SRV record to DNS with the server name and port (default is 1688). The record name is _vlmcs, and there is one per domain. The volume licensing editions of the products listed above are setup to use KMS by default. They will attempt to contact the KMS server listed in the SRV record and request an activation. By default they try every 2 hours until they are activated, and then they check in once per week. If they cannot contact the KMS server during the one week period (such as a laptop used by a travelling sales rep) no problem – it stays activated until six months have elapsed.

The protocol is designed to be very lightweight and resilient. You can have multiple KMS servers, but keep in mind that there are minimum thresholds of unique activation requests that must be received before KMS will activate. If you have a big network you may consider multiple KMS servers by site, but to do that you need to run some script commands on each client to specify the KMS server to use.

What if the KMS server fails? With a default config it’s easy. Just delete the _vlmcs SRV record, install a new KMS server, and activations will switch to the new server over time.

Sounds easy – what’s the catch?

A few things. First, to activate a given product class, a minimum number of requests must be received. This is to prevent someone from installation a KMS server with your key at home, say a Windows Administrator who has your keys.

Once you reach those thresholds, at next check all copies will that particular product will activate. Note that you need 25 or 5 machines for Desktop OSs and Server OSs, respectively. It doesn’t matter what combination of OSs those machines are running.

Now there’s another catch that has caught many companies by surprise. When it comes to OSs (not the Office 2010 activations) KMS server will only activate products within the same product group or lower! So you want to install KMS on the highest level operating system you will run in your company. See the activation matrix at the end of this post.

Installing the KMS server is easy – simply activate the server installation with using the appropriate KMS product key for your company, available from the Microsoft Volume Licensing Center.

If you have machines that are not on your network at least every six months, you can activate that machine using retail codes or a MAK (multiple-activation key) that comes with your licensing agreement. MAK codes have an upper limit to the number of activations before you have to contact Microsoft. We think for medium and large organizations KMS will be the preferred choice, although MAK keys will certainly come in handy for special use cases such as laptops issued to telecommuters without VPN access to the KMS server.

There are a few other caveats to be aware of such as most of the administration of KMS happening through the use of Microsoft-supplied VBS files, but as you can see installing KMS can help ease the administration of license information in your organization and help ensure that your keys remain private and confidential. If you have further questions, feel free to sound off here. In addition, Walker IT Group, LLC offers KMS consulting services to help you determine the best use.

For more information you can review Microsoft’s Volume Activation section of TechNet Library.

IT has a history of latching onto hot trends and buzzwords, and the latest is no different: cloud computing. Let me first say that it’s an exciting concept, but not necessarily a new one. While it has evolved over the years, it’s had a number of names that date back to the early days of IT and MIS. Here’s a few you might have heard in previous decades: application service provider, hosted service provider, network computing, time-sharing, multitenancy. All of these are variations on the same theme – someone else hosts the system or application, the client using the system pays for only the portion they use, without the overhead expense of maintaining the infrastructure.

What may be different this time around is that a few key technology areas have come together, and the cloud is starting to make a lot of sense for businesses of different sizes. What’s different?

• Virtualization Innovations: VMWare and their brethren like Hyper-V are allowing companies to host multiple “virtual” servers on one physical machine by taking advantage of processor idle time.
• Bandwidth Increase: Internet bandwidth has dropped in price and increased in capacity, so the graphical, audio, and dynamic experience users expect can be realistically delivered remotely; all the way down to having virtual desktops.

From a business perspective there are some great positives to harnessing a cloud computing setup for your company.

1. Lower equipment costs – there should be less capital outlay for servers and less operating costs on things like electricity and cooling since you are outsourcing the data center.
2. Dynamic sizing – Assuming you selected a good provider, moving your applications and data to the cloud can give you great freedom to add or subtract computing capacity quickly and easily as your business changes.
3. Peace of mind – Perhaps one of the biggest headaches for large enterprises and a nearly insurmountable obstacle for smaller operations is setting up disaster recovery. The right cloud environment promises to offer seamless and effortless business continuity in the event of a problem. Effortless for you that is, because all the risk is being borne by the service provider.

What’s not to like? Well there are a few things.

1. Loss of control and customization – Don’t get me wrong, cloud providers are continuing to add customization capabilities, but at some level you are forced into their perspective of how the environment looks or what it can contain. Don’t expect Google Apps to be hosting your Oracle databases anytime soon, for example.
2. Risk of hacking – By going with a big name in the cloud computing arena, you are increasing the risk that you are going to be a target for computer hacking. I hedge that by saying that it’s a slight increase that’s probably offset by the (hopefully) more sophisticated security systems used by a professional cloud provider. So let’s call this one a wash – it’s not really a con or pro for cloud computing.
3. Pricing Model Concerns – Depending on the pricing model used by the provider, scaling up in terms of users or percentage of computing power consumed could be detrimental to your budget.
4. Legal Concerns – It does not appear that your information stored at a cloud service provider has the same legal protections as documents stored at your place of business.

Wait, what’s that about legal concerns?

[DISCLAIMER: WE ARE NOT ATTORNEYS NOR A LAW FIRM, AND THIS ARTICLE IS NOT INTENDED TO SUBSTITUTE FOR LEGAL ADVICE. YOU ARE HEREBY ADVISED TO SPEAK WITH YOUR ATTORNEY TO DETERMINE THE ACTUAL LEGAL CONDITIONS IN YOUR AREA AND ANY POTENTIAL CONCERNS AS THEY MAY RELATE TO YOUR BUSINESS.]

Essentially, any information stored at a remote provider has less legal protection than that same information stored at your place of business. This is due in part to the Stored Communications Act of 1986.

This article from Wired Magazine illustrates what’s at stake.

Let me try to summarize the differences.

If the information is stored at your place of business, probable cause and a search warrant are required to enter your establishment to search for and seize the information. You must receive a copy of the search warrant, thus ensuring you know that the search is taking (or has taken) place.

If the information is stored at a remote provider, reasonable suspicion (a lesser legal standard than probable cause) and a subpoena are all that is needed. Prior notice is supposed to be provided so you know the search is taking place, but in practical terms can be delayed indefinitely in 90-day increments.

So what this means is that if you store sensitive information on the cloud, it has less legal protection that it would if stored at your place of business. It can be searched or seized and you wouldn’t have to be notified that this is happening.

You may be thinking ”well that’s all well and good, but I’m not doing anything illegal with my business so this doesn’t bother me.” In which case we would reply that we think most businesses aren’t trying to do anything illegal. However, because of this double standard you may want to think twice about placing your sensitive business information up in the cloud. While we at Walker IT Group, LLC strongly feel that the majority of government officials are honorable, we also do not think it’s a reach to think that there’s a possibility of one of your competitors attempting to mislead or coerce the judicial system in order to gain an advantage.

Consider another scenario – let’s say one of your customers, vendors, or employees is under investigation, and your company is drawn into the investigation with subpoenas and warrants served. With your information stored in the cloud you may not even find out that your data was seized. I don’t know about you, but I’m uncomfortable with the idea that potentially my customer list, in-depth financials, negotiated contracts and agreements, trade secrets, or other business documents might become part of the public record without having the opportunity to contest the search or ask for a gag order.

So if your company has decided that cloud computing is something you should be doing or are already doing, what are some of the things you should or could do?

1. First and foremost, consult your attorney or general counsel to determine what your business should be watching out for.
2. Scrutinize your cloud computing contracts and agreements. You may want to ask your attorney about making sure the terms around non-disclosure of your information includes some type of prior notice required by the cloud service provider if they are served with a subpoena.
3. Consider storing very sensitive business information at your place of business only, and not on a cloud service.
4. Contact your legislator and local chamber of commerce. It is very apparent that the laws have not caught up to how businesses and individuals use technology, and only our elected representatives can really fix that.

Ultimately we believe that cloud computing can offer many benefits to all types of businesses, but it falls on that business to make sure they understand not only the benefits but also the potential drawbacks.

Please bear with us as we work to get the website operational and content uploaded. Of course, your feedback is welcomed.

We plan to use this blog to talk about items of interest to the technology community, so please check back regularly for new posts. If you have a specific topic you’d like us to cover please let us know!