On IT

Cloud computing is taking off and practice managers are embracing cloud computing for its many benefits, including:

• Eliminating investment in servers and endless hardware refresh cycles
• Attaining a flat, predictable monthly payment for IT
• Eliminating regular IT maintenance tasks
• Gaining the ability to scale IT with the practice, without buying more servers
• Enjoying high availability of their IT solutions
• Accessing Enterprise-Class IT equipment they otherwise could never afford

Two very simple axioms apply:

[PICK A LOCAL CLOUD PROVIDER]

A local cloud services provider takes the time to understand your practice, create a customized cloud solution and help you change it as your practice evolves and grows. They’re a single point of contact for support no matter what application you’re having a problem with. So, instead of trying to determine who to call this time, then getting in a phone queue to talk to someone you’ve never met, you call the one local company you know has already fully documented your environment and will take complete ownership of the problem so your staff can focus on their jobs.

Also, a big, multinational IT provider isn’t going to feel much of an impact if you take your practice elsewhere. On the other hand, your business helps a local IT services provider pay their mortgage. Because you’re paying a flat monthly rate, the most important as well as cost-effective thing they can do for their business is to keep your IT running smoothly.

[UNDERSTAND THE CLOUD COST/BENEFIT FORMULA]

When comparing costs of on-premise versus cloud, it’s important to avoid performing a strict hard cost analysis. One of the major benefits of a Cloud solution is better uptime than on-premise IT environments typically deliver.  Ask yourself: “How much does downtime cost my practice?”

Here’s one formula: I have (X) employees that make an average of (X) per hour. If they are down and can’t work for (X) hours, what does that translate to?

Downtime costs often go beyond just productivity, though. It often halts production, causing delays and restart costs, and it harms your reputation and patient confidence in your practice.  How much is that worth? A recent survey by CA found on average, {practices} suffer 14 hours of IT downtime per year. Half of those surveyed said IT outages damage their reputation and 18% described the impact on their reputation as “very damaging.”

IT has become critically important to viability of medical offices, but is not their core competency. It makes sense to place IT into capable hands in an ideal environment, but not with just any provider. Healthcare practices need a boutique provider who prioritizes their needs, creating a turnkey, managed cloud solution that combines the best of Cloud with the benefits of a local, trusted provider.

It’s not exactly a common subject of cocktail party conversation.  Common or not, a conversation with your Trusted IT Advisor about Managed Services is far more important than such water cooler fodder as What’s Trending on Twitter.

Quite often, however, the reward for a conversation extolling the benefits of Managed IT Services is a slightly annoyed, if otherwise indifferent client posing the age-old question that clients so often do, “That’s great, but what’s in it for me?”

At face value, Managed IT Services is a proactive approach employed by Managed IT Services Providers (MSPs) to monitor the health of your computers, servers and network.  Windows patches are automatically applied to all the appropriate machines, hard drive health is monitored, networked devices are ‘pinged’ for heartbeat signals, blah, blah, blah…well, I never said anyone outside the pocket-protector-bearing world might find the basic offerings of Managed Services enthralling.  But in order to really see its benefits, business-minded clients need a bigger-picture view of Managed Services. To that end, I offer the following: a simple and concise, “What’s in it for me?” 30,000-foot view of Managed Services for the “I’m too darned busy to be bothered with it as long as it’s working”” business world.  Here are the most important reasons to embrace Managed Services.

Henceforth, let’s just assume that each of the following paragraphs starts with “Along with patching your computers, monitoring health and alerting your IT superheroes before something bad happens…”  In order of importance, here they are:

[BUSINESS CONTINUITY]
The A-1, Primo, Numero-Uno argument for leveraging Managed Services for your business: to keep your business running smoothly.  Business Continuity is a concept that implies that your critical business functions will be available to a maximum degree. Email, File Shares on Servers, Internet, and many other services need to be running for your business to function. Managed Services is, by design, the optimal method to keeping things running on your network as smoothly and consistently as possible.  Ever tried to run your business with all your computer equipment turned off?

[PARTNERS VS. VENDORS]
With Managed Services in place, your Managed Services Provider becomes less IT Vendor and more Trusted Advisor.  Corporate financial data, personnel records, budgets, and business plans are all common items, among many others that reside on your computer network.  When an MSP and its clients’ interests are aligned, the motivation to keep things protected and running smoothly becomes a shared burden.

[MANAGED SERVICES VS. BREAK-FIX]
The old Break-Fix concept is pretty simple: something breaks, and your IT vendor fixes it (or tries to, at any rate).  The first glaring issue with the Break-Fix axiom is that something actually has to break first for your IT Vendor to fix it.  Broken means downtime, and downtime means lost productivity.  Break-Fix simply does not work.  Outages cost customers money in employee efficiency as well as Break-Fix budget-busting dollars do.  Managed Services provides for stable systems with more predictable, budget-friendly costs.

[SERVICE LEVEL AGREEMENTS]
Managing Labor Costs is the name of the game…in any industry, IT services included.  Managed Services Providers face a separate but related challenge: butts in seats, ears to phones and fingers to keyboards.  Any service profession tells the story of “speedy and efficient” being the key to creating satisfied customers, but with MSP’s it’s akin to the question of the chicken and the egg: In order to keep IT systems running smoothly, MSP’s need well-qualified Engineers in seats, talking into phones and pounding away on keyboards.   Good Engineers cost good money; money comes from Managed Services Customers; and MSP’s need customers to provide a predictable revenue stream to cover the cost of qualified engineers almost as badly as customers need for their IT systems to “just work”.  Last time I checked, the pool of available, well-qualified engineers that don’t cost any money dried up along with the stream of customers who don’t need their IT systems to run well all the time.  An MSP’s ability to predict whether they will be able to keep networks running smoothly and respond to customer issues is directly proportional its customers’ willingness to provide the predictable sustenance for them to do so.  So what’s in it for the customer?  The basics: MSP’s promise to have enough well-qualified engineers on hand and systems in place to keep things running for customers, and when something arises that the Magic 8-ball couldn’t predict, MSP’s can provide a trained, professional response to it within a guaranteed amount of time.  That’s called Service Level Agreement, or ‘SLA’.  Every Managed Services customer gets one, and every MSP lives and breathes by it.  That’s the contract.

Technology is here to stay.  It’s pretty doubtful that the CEO or owner of ANY company will ever condone using LESS technology in the operation of their business.  More businesses than ever are relying, more deeply than ever, on technology as a core component to run their businesses and promote efficiency among their staff.  Isn’t that argument enough to promote a system that breeds uptime across the board, provides predictable IT budgeting, and improves overall total cost of ownership for IT, all without having to touch it?

We are really excited to launch our newest cloud service for small business, “Cartella”.

Essentially, Cartella™ is a virtual file server, in the cloud.  It takes team file sharing to a whole new level by offering many more benefits than a traditional file server.

With Cartella, your company files are stored securely in the cloud, making them accessible anywhere, anytime.  (No more VPN or FTP).

You can then access your company files (and your own files) securely, from anywhere.  The files are automatically synchronized across all of your devices, removing the hassles about where the latest revision of a file is at any given time.

Furthermore, Cartella is super easy to use.  There is virtually no learning curve for you and your team.  Your employees will love the fact they can access their files from any device, including PC, Mac, iPhone, iPad, Blackberry and Android devices.

We offer free software for the Windows and Mac OS X platforms and use industry leading security and encryption to keep it all safe and sound.  Finally, with granular file and folder access, you decide who has access to what files and folders.

Why struggle with FTP or VPN?  Get a free trial of Cartella today and see why universal access to cloud based files is the most efficient way ever for small business to work anywhere, anytime.

Buying a new laptop?  Thinking about it?  Customers call us all the time looking for advice on a new portable computer.  In response, we created a list of questions.  With the questions, we try to collect as much information as possible so that we can help get the customer a machine that will not only fit their needs, but their budget as well.  We hope you find in useful.  Feel free to share!

What sort of software applications are you going to use on the new notebook.  (e.g.) E-mail, word processing, spreadsheets, QuickBooks, web browsing.
What is your budget for this laptop purchase?  Keep in mind that quality, warranty features and overall performance are usually commensurate with price.

• Less than $1,000
• $1,000 to $1,350
• $1,350 to $1,500
• $1,500 to $2,000
• Ultraportable
• 5-6 lbs

A typical business laptop weighs about 5lbs.  However, for frequent travelers or those who prefer a lighter machine, there are “ultraportable” units as light as 3lbs.  Keep in mind that, lightweight always translates to smaller screen size.  So, would you prefer a traditional laptop in the 5-6lb range or an ultraportable closer to 3lbs?

What size screen do you prefer?  (See above question on how this affects weight)

• 13.3” (Ultraportable only)
• 14”
• 15.6”
• Spare no expense; I want the best that money can buy!

What type of “parts and labor” warranty would you like to attach to your new laptop?

• One-year (return to mfr. for repair)
• Three-year (return to mfr. for repair)
• Three-year, onsite service (a favorite, since most users hate to part with their laptops)

Not all repairs are covered under warranty.  (e.g.) damage as a result of dropping, cracked screen, etc.  Would you like to add “accidental damage” coverage for an extra fee?

• Yes
• No

Will you need a carrying case for your new laptop?

• No
• Yes, a very inexpensive canvas or nylon one
• Yes, a leather, executive style one
• Call me, I have very specific needs

Would you like to have Microsoft Office installed on the laptop?

• No, thanks.
• Yes

Do you need Microsoft Access installed on the machine?

• No
• Yes

Virtually all laptops utilize a touchpad for mouse movement.  Would you like us to add a separate wireless travel mouse to your quote?

• Yes
• No

Do you want a Port Replicator?  A port replicator will allow you to “dock” the laptop when working at your office (or home) and use a full sized keyboard, monitor & mouse.

• Yes, add a port replicator
• Add two port replicators, one for my office and one for my home
• No

If you chose yes to the above question, what size LCD monitor would you like us to add?

• 19” (standard)
• 22”
• 24”
• Not applicable

Will you require the assistance of an technician to setup and configure this/these machines?

• Yes
• No

The best tools and utilities on the Internet are usually free and simple.  Want to save time writing Google Adwords campaigns?  I sure did!  So I downloaded the handy dandy PPC Creation Tool from Richard Kraneis.  The tool (a Microsoft Excel spreadsheet) will ensure that you comply with Google’s ad length requirements, saving you time and headaches.  Thanks, Richard!

Interesting issue that was just resolved at a client. We use Cisco WAPs (Cisco WAP321 model) for some SMB customers and it seems that they have an interesting quirk that will cause some serious issues on a network if they are plugged into an STP-enabled SmartSwitch. By default, the WAP is also STP-enabled and it causes BPDU packet flooding on the SmartSwitch, which, in turn, causes the SmartSwitch to disable the port that the WAP is plugged into. If you try to outsmart it by plugging it into an ASA firewall directly or a dumb switch behind the SmartSwitch, the port that the other device is plugged into on the SmartSwitch will detect the BPDU packet flooding and will disable THAT port. The only way to bring the ports back is to unplug the WAP and powercycle the SmartSwitch or to unplug the WAP and manually log into the SmartSwitch and take the port out of suspended mode.

In these Cisco WAPs, however, under WDS Bridge settings, there is an option to un-check “Spanning Tree Mode.” By un-checking this box, it takes the WAP out of STP mode and will allow it to talk to the SmartSwitch without an issue.

In addition to this, you can get this far and then not have any traffic at all, including DHCP broadcast traffic passing through the wireless. This is because, by default, SmartSwitches tag their ports for the default VLAN and it is considered a tagged port. Within the Cisco WAP, the default option under “LAN Settings” has an “enabled” check box for “Untagged VLAN”. This “enabled” box must be UN-CHECKED in order to pass traffic back and forth from the WAP to the network, including DHCP broadcasts.

Once these are done to the Cisco WAP, it will play nice with the SmartSwitch it is connected to.

As you might have imagined, our customers had tons of questions in the wake of Hurricane Sandy.  “How do I keep my business up during a power outage?”  “Can I plug my servers or computers into a portable generator?”  “How can we avoid downtime during the next power outage?”

In response, we created this whitepaper:  “Small Business Guide to Surviving Internet and Power Outages” Please check it out and share as you wish.  We hope you find the information useful.  If you have any questions, just give us a call.

So you have a client that has a VoIP system? They have remote users that need to be able to access the phone system from Internet / VPN? How do you configure an ASA to work with this type of a scenario? Or, even better, why isn’t your ASA configuration working to allow this? If you Google this and look at forums, you will find overly-complicated, convoluted tech-talk and people posting their specific Cisco configs for others to look through and help them with their specific issues as opposed to an easy-to-understand generic formula for how to accomplish this relatively common scenario. So, let’s make it simple:

1.)    Log into the Cisco ASDM

2.)    First, we need to ensure a NAT policy exists for a Public IP to NAT to the internal IP of the VoIP system / server. Click on “Configuration” at the top, then click on “Firewall” down on the bottom menu. Once in the firewall section, highlight “NAT Rules”

3.)    Click on the “Add” option on the right side to add a new static NAT rule and choose “add new static NAT rule”

4.)    Original Interface is “inside” with a source that is the internal IP of the VoIP System. The translated Interface is the outside interface. Select the “Use IP Address” option and specify an available static public IP from your ISP that you have not used in a NAT policy yet. Then click “Ok.” Essentially, this tells the ASA to statically (always) translate traffic from inside interface from the inside IP of the VoIP system destined for the outside Interface to translate to the static public IP you specified. In turn, the ASA will automatically translate inbound traffic from the outside static public IP specified from the outside interface to the inside interface destined for the internal IP specified.

5.)    Now that has been done, click the “Apply” button at the bottom

6.)    Now, we need to add port forwarding rules for VoIP traffic. Click on “Configuration” at the top again and then click on “Firewall” down on the bottom menu again. Highlight “Access Rules” option.

7.)    Click on the “Add” option on the right side to add a new access rule and choose “add new access rule”

8.)    Choose Interface “Outside” because this is going to be a rule that applies to outside traffic traveling to the inside of the network. Action is to permit. Source is anything out on the Internet (alternatively, you can create a network object or group with specific IP addresses or ranges). Destination is going to be the public NATed IP address for the phone system. Service is tcp-udp/sip (sometimes you may have to create separate rules – one for UDP specific and one for TCP specific SIP. SIP port is 5060 by default)

9.)    Repeat step 4 for creating any port forwarding rules you need to have in place based on open ports the VoIP provider specifies as needing to be open. Once done, external remote users should be able to configure their VoIP phones to point to the public IP of your phone system and connect to that phone system to make calls!

10.)  Save the running config of the ASA.

BONUS STEPS!

11.) You may notice VoIP traffic isn’t fully working in some cases… or sometimes, a phone provider may tell you to “disable SIP / ALG options” in the firewall… so what the heck does that mean? Well, they are talking about an ASA’s default config to inspect SIP packets via its global policy map. By default, the ASA will inspect SIP packets and deal with them how they want to before NATing the packets to the right place. This can cause loss of audio, call quality issues, etc. sometimes if a VoIP system is not meant to have SIP inspection turned on in the firewall. To disable SIP inspection in the ASA, you need to navigate back to “Configuration” then “Firewall” then highlight “Policy Rules.”

12.) Once in “Policy Rules” you highlight the default inspection policy by left clicking on it and then choose the “Edit” button at the top. This will open a new window. At the top, click on the “Rul Actions” tab. Scroll down until you see “SIP” option and then UNCHECK the option and hit “Ok” then click the “Apply” button at the bottom. This essentially sends the following command to the ASA:

policy-map global_policy
class inspection_default
no inspect sip

13.)  That’s it! Remote VoIP users on the Internet should be able to configure their VoIP phones to point to the public IP of your phone system and connect to that phone system to make calls!

But what about VPN users using softphones or locations already connected with site-to-site tunnels? No worries, friend. Keeping in mind the settings above regarding what the VoIP system provider may tell you in order to configure your firewall, VPN site-to-site traffic is also governed by an Access List, much like the Firewall Rules. Very similar to steps 7, 8, and 9, you add ACE rules to an existing VPN ACL under the “Site-to-site VPN” option along the bottom of the Configuration page. You drill into “Advanced” and then highlight “ACL Manager.” Select the appropriate Access List (depends on if this is the firewall where the VoIP system is vs. the remote firewall, as both firewalls will need to have these rules added).

And, like with the regular firewall access rules, make sure that the firewalls at both locations are configured to PERMIT the VoIP provider specified traffic from that ASA’s source network to the other ASA’s destination network! Voila! Instant cross-VPN VoIP access to the internal phone system!

Hairpinning is the term used when someone wants to redirect traffic from an internal network destined for the public IP of an internal resource back to the internal IP of the internal resource. It’s essentially a “U-Turn” for packets destined to travel externally when the ultimate destination is a NATed inside resource on your own network. If you Google this and look at forums, you will find overly-complicated, convoluted tech-talk and people posting their specific Cisco configs for others to look through and help them with their specific issues as opposed to an easy-to-understand generic formula for how to accomplish this relatively common request. So, let’s make it simple:

1.)    Log into the Cisco ASDM

2.)    Click on “Configuration” at the top, then click on “Interfaces” and click on the check box that says “Enable traffic between two or more hosts connected to the same interface”. This is equivalent to the command line “same-security-traffic permit intra-interface”. Once done, click “Apply” and then save the running config.

3.)    Once you have done the above, you must click on “Firewall” down on the lower left and then highlight “NAT Rules”. Once in “NAT Rules” find the NATed public IP that you need hairpinned (if you did not yet created a NATed public IP to private IP, you can do so here) and then scroll over and make sure to click the checkboxes for “DNS Rewrite” for those NATed public IPs. Click “Apply” and then save the running config.

4.)    Congratulations! Traffic from inside your network pointing to a Public DNS name which translates to a NATed public IP within the ASA should now be resolving to the internal IP instead. *NOTE* – This only works if you are trying to translate a public DNS record which would normally resolve to a public IP address that you have NATed to an internal IP address within the ASA. This will NOT allow direct public IP to internal IP translation.

Crazy cursor on Windows Surface?  If you experience a problem where the mouse cursor starts acting erratically on your Windows Surface RT, it just might be a defective keyboard.

From the moment I started playing around with my Surface, I started having issues where the cursor starting moving on its own around the screen, blinking and shaking intermittently.  Removing and reattaching the keyboard seemed to resolve the issue, but only for a short period of time.

I took the Surface to the local Microsoft store and showed them the issue.  They replaced the keyboard and it resolved the problem.  Thanks Microsoft Store – Bridgewater, NJ!