Skip navigation

Last week we co-hosted a webcast presented by Randy Franklin Smith of ultimatewindowssecurity.com entitled "Auditing SharePoint Activity for Compliance and Security". For those of you who haven’t thought about it, protecting information by constantly monitoring logs and event data has been the primary course of action to uphold the gospels of information security: integrity, confidentiality and availability. Microsoft SharePoint services and solutions have empowered organizations to realize high levels of productivity and efficiency, but their adoption also presents distinct compliance-related
challenges.  What I realized watching this webcast is; SharePoint does have some basic inbuilt data security and user and content management features such as letting configure user permissions, prevent unauthorized access that could lead to data loss or theft. SharePoint also has basic reports to audit site collections. But this is not enough for compliance, security and auditing purposes.  LOGbinder SP combined with our SIEM tool Log and Event Manager (LEM) makes auditing SharePoint log activity for compliance and security easy and pain free. LEM has built-in support for LOGbinder SP agent for real-time log analysis, event correlation, alerting and reporting and active responses which dramatically improves the effectiveness of the process.

You can watch the recorded webcast or download the slides.

Does your organization use SharePoint? If so, we’d love to hear from you. Post your thoughts regarding SharePoint compliance and security concerns you might have today.

This is a guest blog post from Altaro Software (http://www.altaro.com/hyper-v-backup/). Altaro Software are the developers of a Microsoft Hyper-V backup solution called Altaro Hyper-V Backup. Altaro Hyper-V Backup includes a freeware edition – a 5 minute YouTube demo can be seen here: http://www.youtube.com/watch?v=mwxhHBOeS1g

 

With Windows Server 2008, Microsoft retired the venerated NTBackup utility and replaced it with Windows Server Backup (WSB). Microsoft has never intended for this free offering to compete with dedicated professional backup software and WSB does not change that approach at all. It is intended as a stop-gap backup measure or for simplistic deployments that don't justify a paid solution.

 

Setting up WSB to cover Hyper-V guests is pretty straightforward. You have two options: GUI mode or command-line mode. If you're using a native deployment of Hyper-V or running it as a role within Server Core, you can't install the GUI version, but, if you enable the WSB feature, you can connect to and manage it from a full GUI installation on another server.

 

GUI installation:

  1. Click the “Server Manager” icon in the quick launch area or under Start->All Programs->Administrative Tools.
  2. Select “Features” from the tree, then the “Add Features” link in the center pane.
  3. Place a check mark in “Windows Server Backup Features”. If you wish for finer control and more functionality, also check “Command-line Tools”. This article does not dive into detail on how to utilize these tools.
  4. Click the “Next >” and “Install” buttons.
  5. “Windows Server Backup” is installed as an icon under Start->All Programs->Administrative Tools.

image001.png

Hyper-V/Core installation:

  1. Type the following (feature names are case-sensitive):
    DISM /Online /Enable-Feature /FeatureName:MicrosoftWindowsPowerShell /FeatureName:WindowsServerBackup

By default, Windows Server Backup doesn’t work with Hyper-V’s VSS writer. Without these keys, VMs will be paused for backups. Note that if the VM doesn’t run a supported version of Windows (Vista or later on desktops and 2003 or later on servers) or if the Backup integration service isn’t offered, VMs will be paused anyway.

 

Registry modifications for WSB to work with Hyper-V guests:

  1. Observe the typical warnings about how tinkering with the registry can ruin your server, day, and career. Be careful in there.
  2. Choose one of the two following methods:
    1. Manual entry (from TechNet blog in Consulted Sources)
      1. In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WindowsServerBackup\Application Support, add a new key named {66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}
      2. Inside that new key, create a String Value (REG_SZ) named “Application Identifier” and give it a value of “Hyper-V”
    2. Scripted entry (from Mark Wilson’s recorded video on TechNet, also in Sources):
      1. In a text editor, create a batch file called “hyper-v-vss.bat” and paste in the following two lines:
        1. reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\WindowsServerBackup\Application Support\{66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}”
        2. reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\WindowsServerBackup\Application Support\{66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}” /v “Application Identifier” /t REG_SZ /d Hyper-V
      2. Execute the batch job as an administrator

 

Setting up a backup job is equally simple.

  1. If you’ll be managing another server, notably one without a GUI, use the “Connect to another server…” link in the right pane. Fill in the name of that computer and click OK.
  2. Click “Backup Schedule…” in the top right, and “Next >” on the introductory screen.
  3. You can choose to back up the entire host, which will cover your virtual machines. The rest of the screens are fairly self-explanatory. A possible exception might be the destination screen, which gives an option to back up to a dedicated drive. This is only applicable to a drive that the host considers to be local. If the target drive is on a NAS device, then it needs to be set up as a shared drive.
  4. If you choose to perform a custom backup, then on the first screen, click “Advanced Settings” and switch to the “VSS Settings” tab. Ensure the dot is set to “VSS full Backup” (you can read the descriptions here for explanations).
  5. WSB does not work at the VM-level. To back up the guests in a custom job, you must select the volumes that the VHD(s) and configuration files are placed on. Once the Hyper-V VSS writers are enabled, WSB does talk to Hyper-V as an application and at the host volume level, so attempting to use exclusions to narrow down which VMs are being backed up is not supported and will likely result in disaster.

 

Benefits of WSB

  1. Because it invokes the Hyper-V VSS writer, guest VMs with VSS enabled are backed up without pausing and know they’ve been backed up; SQL and Exchange databases are committed.
  2. Zero financial cost.
  3. VSS is a block-level approach, so backups after the first one only track changes from the previous backup. These backups are generally very fast.

 

Why Not to Use WSB to Back Up Hyper-V

As mentioned in the opening paragraph, Windows Server Backup is not intended to replace commercial backup products. Its support for Hyper-V is more or less coincidental; WSB can talk to WSS-enabled applications and Hyper-V is a WSS-enabled application. There are significant and numerous reasons to not use WSB:

  1. It absolutely does not work with Cluster Shared Volumes (CSV).
  2. Unless you only wish to backup and restore your entire Hyper-V deployment, WSB can be very difficult to use. You need to use PowerShell and/or WMI just to find out which VMs were backed up.
  3. Scheduled backups always overwrite or modify the existing backup. You can’t restore to any backup except the very latest. To get around this, you have to run manual backups or setup PowerShell scripts to manipulate WSBADMIN.
  4. You can only restore to the host that created the backup.
  5. You can only backup/restore all VMs on a volume, not individual VMs.
  6. Restores will fail if a VM contains multiple snapshots (review the TechNet article below for a workaround).

The most important reason not to use WSB for Hyper-V is that there are free alternatives even for small environments. If you don’t mind command-line scripting, you can use the DiskShadow utility that is already included within Windows. In addition to being command-line only, this tool also shares some of WSB’s limitations. For one or two virtual machines, Altaro Software provides a free edition that overcomes all of WSB and DiskShadow’s shortcomings. The paid edition is inexpensive enough to fit the budget of even the smallest organizations.

 

Consulted Sources:

Altaro Software for Hyper-V Backup (with Free Edition): http://www.altaro.com/hyper-v-backup/

Manually entering registry settings to enable the Hyper-V VSS writer for WSB: http://blogs.technet.com/b/askcore/archive/2008/08/20/how-to-enable-windows-server-backup-support-for-the-hyper-v-vss-writer.aspx

Building a script for enabling the Hyper-V VSS writer for WSB (as well as some WMI/PowerShell coverage): http://technet.microsoft.com/en-us/windowsserver/dd775213

DiskShadow: http://technet.microsoft.com/en-us/library/cc772172%28WS.10%29.aspx

 

Altaro Software – Hyper-V Backup Solutions

To learn more about Altaro Software and their Hyper-V Backup solutions head over to the Altaro site (www.altaro.com) and download a 30 day trial.  If you have a small setup you can also download the Altaro Hyper-V Backup – Freeware Edition.

Well folks, after many, many years of working here at SolarWinds and helping to build the best IT management products in the world I've decided to branch out on my own and do something a little different for a while. I have thoroughly enjoyed my time here at SolarWinds and even more than that I've enjoyed with working with all of you - our customers and community members.

 

Fear not, you are being left in good hands. Several of the people within our organization - in engineering, product management, product marketing, sales engineering, and the like - will be stepping up to fill any void that I might be leaving. That said, these folks have been doing all of the heavy lifting for a long time now. They'll just be a bit more visible in some of the places where I've typically appeared.

 

I'll still be around here at SolarWinds for a little while yet. Also, the folks here at SolarWinds and I continue to maintain a strong, healthy relationship so even after I leave don't be surprised if you see me blogging about SolarWinds technologies or someone there recommends that you reach out to me for some advice with your IT management strategies.

 

I'm still around for a little while yet but you can go ahead and start using my personal contact information if you need to reach out to me.

 


Flame on...
Josh

 

Josh Stephens

Founder, Bearded Dog Consulting Services

e-mail:  josh@joshstephens.com

twitter:  @josh_stephens

http://twitter.com/josh_stephens

blog:     http://blogs.computerworld.com/stephens

Don’t let SharePoint be your compliance weak point. SharePoint’s exponential growth has caught the eye of regulators who are alarmed with the all the uncontrolled sensitive information being shared.

The need to protect that information through auditing, alerting, and reporting grows. Failure to protect your data can result in: 

  • Disclosure of customer information
  • Leakage of trade secrets and intellectual property
  • Exposure of human resources data
  • Regulatory penalties and liability

 

Join this webinar to see how easy and affordable it is to unveil SharePoint’s audit logs with SolarWinds SIEM tool; Log & Event Manager and LOGbinder SP agent. Together, they are a fully managed audit and security monitoring solution for SharePoint.

This free event, hosted by Randy Franklin Smith from ultimatewindowssecurity.com and featuring SolarWinds, will be an informative discussion about auditing SharePoint activity for Compliance and Security. 

 

Register to attend this live event: Wednesday, April 25, 2012 at 11am Central.  Click here to register: http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=168&source=blog)

 

CAN'T MAKE THE LIVE EVENT? REGISTER ANYWAY TO GET THE RECORDED VERSION.

Title: Auditing SharePoint Activity for Compliance and Security

Date: Wednesday, April 25, 2012 12:00 - 11:00 am Central

This is real training. Space is limited. Reserve your Webinar seat now at: http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=168&source=blog

It’s astonishing to hear that some network configs aren’t regularly backed up. One assumes that the reason engineers don’t do this is for one of the following reasons:

 

  • They think a configuration error is unlikely to cause any network issues
  • They have other things on their minds
  • They think that Network Change and Configuration (NCCM) products are too expensive
  • They think that NCCM products are too hard to use

 

So, let’s tackle the most obvious objection first. Many network engineers either have other things on their minds, or they think that configuration issues are unlikely to cause problems. I looked around and it was easy to find several examples of exactly the opposite situation. First, Spiceworks has a community thread about Network Configuration Backup Horror Stories. Remember that Amazon Cloud outage that took down several large websites over several days? You guessed it – the postmortem identified that a configuration error was at fault. Intuit also experienced a major outage tied to a network configuration error. Gartner calculated that 80% of network outages can be tied to a configuration error. With evidence like that, you really can’t afford not to back up your network – if disaster strikes or a change doesn’t go as planned, you need to be ready to restore or roll back as necessary.

 

Ok, moving on to price. While NCCM products *can* be expensive, they are a bit like cars. It all depends on the model and feature set. Kiwi CatTools is a basic NCCM product in the SolarWinds Kiwi line, and is just $750 USD. For that, you can back-up your configs, do bulk change management, and run some basic reports. Its feature set lends itself to more basic use cases, but we have options if you need more power. Next in the lineup, we have Network Configuration Manager (NCM). NCM costs just a bit more (starts at $2495) and adds functionality like auto-discovery, approval flow, integration with the rest of the SolarWinds product line, and compliance. If you want something highly specialized, I’m sure you can find a way to spend more, but you usually won’t need it for the majority of devices and use cases.

 

Ok, last but not least – there is the perception that NCCM products are hard to use. This may be true of products in the ends of the spectrum: open source and highly specialized.  Open source products that are more “do it yourself” can be truly complicated and hard to use, as can super specialized products that may be highly customized and built for certain specific use cases rather than streamlined usability. However, in the middle market, you’ll find that ease-of-use is a focus and evident in both NCCM products from SolarWinds.

 

Our advice – don’t put your network (and yourself) at risk. Give an NCCM product a try and sleep a little better from now on.

Windows system utilities and other third-party tools may be taking more of your time than you think. We recently did some research into common tasks in a sysadmins day, and looked at how native tools can be taking more time than you realize.  


For example – let’s consider Active Directory management. When you are managing AD with included tools, you may find yourself in the situation where you need an individual tool to perform every task. There’s no comprehensive

way to launch them, and it involves a lot of starting, stopping, and logging in.  You might need additional 3rd party tools to discover users, systems, and domains, and then add those to the AD interface. Plus, not all tools will support all the objects and attributes of Active Directory. So, if you want to manage things like photos or some other data, that may not be possible from your current tools.

Another task we looked at is remote Windows management to accomplish tasks like:


  • Editing/ modifying registry settings and system services
  • Implementing access and logon policies
  • Forcing encryption and policies
  • Monitoring processes, killing or restarting applications, deploying/uninstalling software or to shutting down/restarting systems or operations


Again, to do these tasks with native tools, you are looking at adding systems, servers, domains and nodes manually and logging into the remote machines individually.

One really obvious place sysadmins and IT generalists can save time is by upgrading their tools for remote connection and support. With native tools, you have connection limitations, you’ll need to call the end-user if you want to discuss things, taking screenshots is a multi-step pain, and file transfer isn’t easy either.


We looked at several other common tasks, and then compared how long it takes to do these tasks with native tools vs. DameWare NT Utilities. To see the comparisons in action, check out this webinar.  You can also see the slides on Slideshare here.

I recently read a blog about Networking in the Cloud by Jeff Loughridge discussing the configuring of a network composed of both physical and cloud components. While he provided some insightful configuration examples and stressed the importance of working with your cloud provider, there was no mention of the impact on network monitoring.

 

In a traditional network configuration, network monitoring primarily focuses on the availability and performance of the network infrastructure but as more of the network shifts to the cloud, then your monitoring needs to shift to service availability and performance.   Why is this? Quite simply it is because you cannot afford to have your cloud based business critical applications negatively impacted due to poor network performance between your location and the cloud provider.

 

Since your WAN link is the lifeblood between you and your cloud provider, it is paramount that you monitor its performance.  Excess latency or jitter can have significant negative impact on your service availability and performance.  One simple way to monitor WAN performance is to use Cisco IP SLA technology (if you are using Cisco routers).  IP SLA allows generates time based performance data so you can measure key statistics between your site and the cloud site.  One additional benefit to using IP SLA is to create service level agreement metrics to determine if your CSP or your cloud provider are delivering what they promised.  In addition, more advanced, but often times more expensive, solutions such as WAN optimization can also be used.

Cloud Latency.jpg

It is not enough to simply monitor WAN performance; you also need to understand your network traffic (who is using it, how much are they using, and what they are using it for). Again, a simple but quite effective solution to monitoring network traffic is to use flow analysis such as NetFlow (or its counterparts J-Flow, sFlow, IPFIX, and NetStream).  Flow enabled routers collect traffic data so you can see just how your traffic is being used.

NetFlow Top 10.jpg

Now that you know your WAN performance and how your traffic is being used, you can begin to implement and monitor Quality of Service (QoS) policies to ensure that your cloud based business critical apps are getting the priority they need.

NetFlow CBQoS.jpg

So, just because you are shifting some of your apps and infrastructure to the cloud, does not mean that you can ignore your network monitoring.  It becomes more critical than ever to ensure that your users continue to experience the performance that they are accustomed to.

 

And, if you are interested in using SolarWinds products to monitor your network in the cloud, you should dig into SolarWinds Network Performance Monitor, NetFlow Traffic Analyzer, and IP SLA Manager.

Filter Blog

By date: By tag: