Project Tasking Review
The workload for the last Quarter of 2017 was unexpected to say the least. We ended up with more client systems work in those three months than the rest of the year combined and we’re still dealing with the overflow plus several new projects today. With the Holidays and Contract Renewals falling in the mix, it has meant very long days, constantly changing scheduling and resource juggling at a furious pace just to stay up with the workload while still keeping client networks at maximum uptime. Posting blog updates has taken a back seat to all of this so I’ll try to give you a synopsis of where we are and what we see coming at us in the remainder of FY2018.
The Windows 10 upgrade cycle in in full swing now. We have fielded about 10 percent of the total Workstation count with Windows 10 and fairly close to the same percentage of Servers with current Operating Systems at this point. With the January 2020 deadline for Windows 7 and Server 2008 R2 (which includes Small Business Server) in mind, we still have over 400 Workstations and 30 Servers that will become unsupported at that point. With less than 24 months to complete this task, simple math tells you that the next two years will be hectic no matter how you look at it.
If you throw in the requirement for enhanced security needs at each site, the growing demand for wireless connectivity and rapidly increasing use of mobile devices, it is obvious that this upgrade cycle is far more intense than any other we’ve seen in the last 24 years. On top of that, the Internet bandwidth required to support business operations has exploded, especially as more and more sites are using some form of Cloud computing. In some locations, bandwidth is still severely limited so trying to find a solution for those clients going forward is more than just a challenge. Several sites which we support can barely function today due to this issue and the Internet provider choices are either limited or nonexistent.
Obviously, this means the client base has to start some serious budgeting and planning now. The costs associated with this upgrade cycle are hefty just on the hardware side alone. If you have a software vendor that intends to make major changes to your applications in the next 24 months, expect that change to drive hardware upgrades whether you like it or not. We have already seen this happen in late 2017 at three sites. In short, even if your hardware works today, most of it is aging and most likely will be incompatible with some key element in the coming year or so. Again, take your budgeting and planning requirement seriously and prioritize it now. We can do a lot to help you work toward that goal but this cycle is one that won’t allow a great amount of “meets minimum requirements” where hardware is concerned.
Enhanced Security- No Longer Optional
In 2017, we made a major push to emphasize our Three Point Security approach. To review, this is a multi-layered setup that puts protection at the End User (Trend Micro), Gateway (SonicWall) and Cloud (Cisco Umbrella) levels. The most recent release of Support Contracts stated this as a requirement going forward in order for us to continue to provide support. We dropped several clients at the end of 2017 due to differences of opinion on this topic. I have no problem doing this again, if necessary. A few are scheduled to complete this requirement soon and we will not be accepting any new clients that do not meet this standard.
Security upgrades, like hardware and software upgrades is not about selling things. It is about making sure you can do your job safely, effectively and efficiently. To date, the network uptime across the entire client base remains near 100 percent. Virus infections and network intrusions are near zero. There is a reason for this. We are not sales people, we are techies. We constantly monitor the industry, test and evaluate hardware and software and implement solutions designed solely to make sure your business platforms work for you.
Enhanced security has become so important an element in the business environment that we started a second business that focuses exclusively on this area. Business Data Defender (http://bizdatadefender.com/) was created in 2017 to provide solutions to business operations that don’t necessarily want our Managed Services Support functions. It has taken off like a rocket and we expect to see hefty growth in security services continue at an accelerated pace in the coming years.
Another related requirement for providing support services is our Datto appliance. Since Datto provides Business Continuity functions, it crosses over between Managed Services and Security Services by providing rapid recovery in the event of actual network intrusion (i.e., Ransomware or Trojans) or hardware failure at the Server level. Again, this isn’t about selling anything. It’s about making sure you can continue to work in the event of any number of bad events. When we issue the FY2019 Support Contracts, Datto will be a default requirement to obtain continued support services from us. Please take note if your site hasn’t addressed this item yet.
We have pretty much managed to upgrade all site Datto devices, nearly all SonicWall devices and a fair number of the outdated and less-secure wireless devices throughout our supported base. We will continue to review and advise everyone on what needs to be replaced as we go through the next two years of this major upgrade. The end goal is to get the right items in place to meet your business platform’s performance and security goals.
On several occasions, I have been asked why we are so emphatic about Security and Business Continuity in order to provide support services. The answer is a two-part response. First, knowing the environment we have to support means we know what works. It’s tested and proven and we use what we require you to use. Secondly, having the right things in place means we can provide the best support with a limited amount of resources at the backend and that keeps performance up and costs down. I know it’s shocking to think, but unlike a lot of other IT providers, we actually care about your business and its success. We always target a win-win scenario and constantly work toward that end. So if we are suggesting changes to your infrastructure during this upgrade cycle, there is good reason for it.
As If That Wasn’t Enough- Meltdown and Spectre Issues
So having discussed the challenges of this upgrade cycle and heightened security elements, we now have a new problem to face. Meltdown and Spectre exploits against Central Processing Units…
By now I’m fairly sure everyone has heard something (or likely several somethings) about Meltdown and Spectre and the potential impact these two may have on your systems. Since about two-thirds of the stories in the media concerning these issues are overblown, incorrect or hair-on-fire panic driven (maybe some of all three), I’ll try to filter out the noise and give you the actual info relating to your overall situation.
Meltdown and Spectre are exploits that impact pretty much all processors (CPU) built between 1995 and 2012. The vulnerability has been known for the past 7 years or so (some say as long as 10 years). It is a problem with the physical build of the CPU itself and cannot be fixed solely by a software patch. It doesn’t just impact PC units… it impacts anything with a CPU (phones, video cards, copier machines, and so forth).
Without getting too deep into the technical side of things, Meltdown can allow hackers to read passwords, encryption keys, or other data from the protected memory in your CPU. Spectre can do that plus access the same from other applications. Intel indicates that these exploits cannot corrupt, modify, or delete data, but if the hacker can access passwords and encryption keys the system is pretty much wide open to them.
There are two items of interest here where your operations are concerned. First, most of the exploits are targeted toward Cloud Service providers and are unlikely to impact your networks directly unless you have applications that are Cloud-based. Second, the required Operating System patches may result in reduced performance on your PC units (3% to 30+%). I don’t expect this to be a major deal for most of our supported units with the absolute exception of any PC that has an older Pentium 4 and is running the 32-bit version of Windows. The P4/32-bit units will likely just not work at all. Fortunately, we only have a very, very few of these left out there.
So how do we deal with this?
- Do Not Panic
- We’ll tell you when to panic- as always, we have been working on this since before it hit the mainstream media
- The Meltdown fix is fairly easy to patch and has pretty much been brought under control with patching
- We testing this now
- Spectre has two variants and some mitigation has been done by processor vendors already but in the end, older processors will remain vulnerable to Spectre.
- Takes higher skill level hackers to implement this exploit
- Not very likely to be a direct impact on your systems
- Updates to the BIOS are being released by PC vendors but even some of these have caused updated systems with newer processors to stop working
- We are not releasing BIOS updates until they are verified by Dell
- Video card updates are being released
- Will come mostly from Windows Updates so those of you who never log off or never let updates finish better plan on rebooting all units ASAP
- Should be logging off daily and rebooting the PC weekly especially if you have Windows 10
- Software updates from Microsoft have been released but the Antivirus product on the PC has to be updated first
- We’re testing this now with the first Windows Updates after the Trend Patch being released today
- We are already in the process of testing Trend Updates on our network in order to prep this for deployment to your networks
- Some systems and Servers will require reboots and we’ll schedule that as needed
- If you have hardware that is very old (i.e., Pentium 4, Celeron, AMD) plan to replace it
- In most cases, a refurbished Dell is the best cost/performance option
We have several Servers, a varying number of PC units, SonicWalls and Wireless setups in work for the January timeline. Additionally, we’re handling Server configurations for another company to deploy to their clients. If you think you might have project work coming up anywhere in January, February or March, please let me know sooner rather than later. I won’t hesitate to tell you we cannot get to your project if you call me with a last minute panic request. I have limited resources and a long client list to support. Quality support requirements to the entire client base aces out any failure to plan on anybody’s part, period.
We will continue to work the Meltdown/Spectre issue and get solutions in place in as timely a manner as possible. This whole thing is in a flux as new vendor revelations are showing up on a daily basis. We are watching this process and we may require your help getting people to log off when it comes to reboot the Server time so expect minor disruptions over the remainder of January.