Last week we co-hosted a webcast presented by Randy Franklin Smith of ultimatewindowssecurity.com entitled "Auditing SharePoint Activity for Compliance and Security". For those of you who haven’t thought about it, protecting information by constantly monitoring logs and event data has been the primary course of action to uphold the gospels of information security: integrity, confidentiality and availability. Microsoft SharePoint services and solutions have empowered organizations to realize high levels of productivity and efficiency, but their adoption also presents distinct compliance-related
challenges. What I realized watching this webcast is; SharePoint does have some basic inbuilt data security and user and content management features such as letting configure user permissions, prevent unauthorized access that could lead to data loss or theft. SharePoint also has basic reports to audit site collections. But this is not enough for compliance, security and auditing purposes. LOGbinder SP combined with our SIEM tool Log and Event Manager (LEM) makes auditing SharePoint log activity for compliance and security easy and pain free. LEM has built-in support for LOGbinder SP agent for real-time log analysis, event correlation, alerting and reporting and active responses which dramatically improves the effectiveness of the process.
Does your organization use SharePoint? If so, we’d love to hear from you. Post your thoughts regarding SharePoint compliance and security concerns you might have today.
This is a guest blog post from Altaro Software (http://www.altaro.com/hyper-v-backup/). Altaro Software are the developers of a Microsoft Hyper-V backup solution called Altaro Hyper-V Backup. Altaro Hyper-V Backup includes a freeware edition – a 5 minute YouTube demo can be seen here: http://www.youtube.com/watch?v=mwxhHBOeS1g
With Windows Server 2008, Microsoft retired the venerated NTBackup utility and replaced it with Windows Server Backup (WSB). Microsoft has never intended for this free offering to compete with dedicated professional backup software and WSB does not change that approach at all. It is intended as a stop-gap backup measure or for simplistic deployments that don't justify a paid solution.
Setting up WSB to cover Hyper-V guests is pretty straightforward. You have two options: GUI mode or command-line mode. If you're using a native deployment of Hyper-V or running it as a role within Server Core, you can't install the GUI version, but, if you enable the WSB feature, you can connect to and manage it from a full GUI installation on another server.
By default, Windows Server Backup doesn’t work with Hyper-V’s VSS writer. Without these keys, VMs will be paused for backups. Note that if the VM doesn’t run a supported version of Windows (Vista or later on desktops and 2003 or later on servers) or if the Backup integration service isn’t offered, VMs will be paused anyway.
Registry modifications for WSB to work with Hyper-V guests:
Setting up a backup job is equally simple.
As mentioned in the opening paragraph, Windows Server Backup is not intended to replace commercial backup products. Its support for Hyper-V is more or less coincidental; WSB can talk to WSS-enabled applications and Hyper-V is a WSS-enabled application. There are significant and numerous reasons to not use WSB:
The most important reason not to use WSB for Hyper-V is that there are free alternatives even for small environments. If you don’t mind command-line scripting, you can use the DiskShadow utility that is already included within Windows. In addition to being command-line only, this tool also shares some of WSB’s limitations. For one or two virtual machines, Altaro Software provides a free edition that overcomes all of WSB and DiskShadow’s shortcomings. The paid edition is inexpensive enough to fit the budget of even the smallest organizations.
Altaro Software for Hyper-V Backup (with Free Edition): http://www.altaro.com/hyper-v-backup/
Manually entering registry settings to enable the Hyper-V VSS writer for WSB: http://blogs.technet.com/b/askcore/archive/2008/08/20/how-to-enable-windows-server-backup-support-for-the-hyper-v-vss-writer.aspx
Building a script for enabling the Hyper-V VSS writer for WSB (as well as some WMI/PowerShell coverage): http://technet.microsoft.com/en-us/windowsserver/dd775213
To learn more about Altaro Software and their Hyper-V Backup solutions head over to the Altaro site (www.altaro.com) and download a 30 day trial. If you have a small setup you can also download the Altaro Hyper-V Backup – Freeware Edition.
Well folks, after many, many years of working here at SolarWinds and helping to build the best IT management products in the world I've decided to branch out on my own and do something a little different for a while. I have thoroughly enjoyed my time here at SolarWinds and even more than that I've enjoyed with working with all of you - our customers and community members.
Fear not, you are being left in good hands. Several of the people within our organization - in engineering, product management, product marketing, sales engineering, and the like - will be stepping up to fill any void that I might be leaving. That said, these folks have been doing all of the heavy lifting for a long time now. They'll just be a bit more visible in some of the places where I've typically appeared.
I'll still be around here at SolarWinds for a little while yet. Also, the folks here at SolarWinds and I continue to maintain a strong, healthy relationship so even after I leave don't be surprised if you see me blogging about SolarWinds technologies or someone there recommends that you reach out to me for some advice with your IT management strategies.
I'm still around for a little while yet but you can go ahead and start using my personal contact information if you need to reach out to me.
Founder, Bearded Dog Consulting Services
Don’t let SharePoint be your compliance weak point. SharePoint’s exponential growth has caught the eye of regulators who are alarmed with the all the uncontrolled sensitive information being shared.
The need to protect that information through auditing, alerting, and reporting grows. Failure to protect your data can result in:
Join this webinar to see how easy and affordable it is to unveil SharePoint’s audit logs with SolarWinds SIEM tool; Log & Event Manager and LOGbinder SP agent. Together, they are a fully managed audit and security monitoring solution for SharePoint.
This free event, hosted by Randy Franklin Smith from ultimatewindowssecurity.com and featuring SolarWinds, will be an informative discussion about auditing SharePoint activity for Compliance and Security.
Register to attend this live event: Wednesday, April 25, 2012 at 11am Central. Click here to register: http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=168&source=blog)
CAN'T MAKE THE LIVE EVENT? REGISTER ANYWAY TO GET THE RECORDED VERSION.
Title: Auditing SharePoint Activity for Compliance and Security
Date: Wednesday, April 25, 2012 12:00 - 11:00 am Central
This is real training. Space is limited. Reserve your Webinar seat now at: http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=168&source=blog
It’s astonishing to hear that some network configs aren’t regularly backed up. One assumes that the reason engineers don’t do this is for one of the following reasons:
So, let’s tackle the most obvious objection first. Many network engineers either have other things on their minds, or they think that configuration issues are unlikely to cause problems. I looked around and it was easy to find several examples of exactly the opposite situation. First, Spiceworks has a community thread about Network Configuration Backup Horror Stories. Remember that Amazon Cloud outage that took down several large websites over several days? You guessed it – the postmortem identified that a configuration error was at fault. Intuit also experienced a major outage tied to a network configuration error. Gartner calculated that 80% of network outages can be tied to a configuration error. With evidence like that, you really can’t afford not to back up your network – if disaster strikes or a change doesn’t go as planned, you need to be ready to restore or roll back as necessary.
Ok, moving on to price. While NCCM products *can* be expensive, they are a bit like cars. It all depends on the model and feature set. Kiwi CatTools is a basic NCCM product in the SolarWinds Kiwi line, and is just $750 USD. For that, you can back-up your configs, do bulk change management, and run some basic reports. Its feature set lends itself to more basic use cases, but we have options if you need more power. Next in the lineup, we have Network Configuration Manager (NCM). NCM costs just a bit more (starts at $2495) and adds functionality like auto-discovery, approval flow, integration with the rest of the SolarWinds product line, and compliance. If you want something highly specialized, I’m sure you can find a way to spend more, but you usually won’t need it for the majority of devices and use cases.
Ok, last but not least – there is the perception that NCCM products are hard to use. This may be true of products in the ends of the spectrum: open source and highly specialized. Open source products that are more “do it yourself” can be truly complicated and hard to use, as can super specialized products that may be highly customized and built for certain specific use cases rather than streamlined usability. However, in the middle market, you’ll find that ease-of-use is a focus and evident in both NCCM products from SolarWinds.
Our advice – don’t put your network (and yourself) at risk. Give an NCCM product a try and sleep a little better from now on.
Windows system utilities and other third-party tools may be taking more of your time than you think. We recently did some research into common tasks in a sysadmins day, and looked at how native tools can be taking more time than you realize.
For example – let’s consider Active Directory management. When you are managing AD with included tools, you may find yourself in the situation where you need an individual tool to perform every task. There’s no comprehensive
way to launch them, and it involves a lot of starting, stopping, and logging in. You might need additional 3rd party tools to discover users, systems, and domains, and then add those to the AD interface. Plus, not all tools will support all the objects and attributes of Active Directory. So, if you want to manage things like photos or some other data, that may not be possible from your current tools.
Another task we looked at is remote Windows management to accomplish tasks like:
Again, to do these tasks with native tools, you are looking at adding systems, servers, domains and nodes manually and logging into the remote machines individually.
One really obvious place sysadmins and IT generalists can save time is by upgrading their tools for remote connection and support. With native tools, you have connection limitations, you’ll need to call the end-user if you want to discuss things, taking screenshots is a multi-step pain, and file transfer isn’t easy either.
We looked at several other common tasks, and then compared how long it takes to do these tasks with native tools vs. DameWare NT Utilities. To see the comparisons in action, check out this webinar. You can also see the slides on Slideshare here.
I recently read a blog about Networking in the Cloud by Jeff Loughridge discussing the configuring of a network composed of both physical and cloud components. While he provided some insightful configuration examples and stressed the importance of working with your cloud provider, there was no mention of the impact on network monitoring.
In a traditional network configuration, network monitoring primarily focuses on the availability and performance of the network infrastructure but as more of the network shifts to the cloud, then your monitoring needs to shift to service availability and performance. Why is this? Quite simply it is because you cannot afford to have your cloud based business critical applications negatively impacted due to poor network performance between your location and the cloud provider.
Since your WAN link is the lifeblood between you and your cloud provider, it is paramount that you monitor its performance. Excess latency or jitter can have significant negative impact on your service availability and performance. One simple way to monitor WAN performance is to use Cisco IP SLA technology (if you are using Cisco routers). IP SLA allows generates time based performance data so you can measure key statistics between your site and the cloud site. One additional benefit to using IP SLA is to create service level agreement metrics to determine if your CSP or your cloud provider are delivering what they promised. In addition, more advanced, but often times more expensive, solutions such as WAN optimization can also be used.
It is not enough to simply monitor WAN performance; you also need to understand your network traffic (who is using it, how much are they using, and what they are using it for). Again, a simple but quite effective solution to monitoring network traffic is to use flow analysis such as NetFlow (or its counterparts J-Flow, sFlow, IPFIX, and NetStream). Flow enabled routers collect traffic data so you can see just how your traffic is being used.
Now that you know your WAN performance and how your traffic is being used, you can begin to implement and monitor Quality of Service (QoS) policies to ensure that your cloud based business critical apps are getting the priority they need.
So, just because you are shifting some of your apps and infrastructure to the cloud, does not mean that you can ignore your network monitoring. It becomes more critical than ever to ensure that your users continue to experience the performance that they are accustomed to.