Closing our Data Centre

Posted by: mbmadmin | | No Comments »

Data Centre – The End of an Era

We recently decommissioned our data centre. For the last 15 years we have been hosting customers’ workloads on our own equipment. This started in Docklands, London and then we moved to various locations in Manchester. The system hosted line-of-business applications, dedicated virtual machines, Windows and Linux website hosting servers, VoIP servers, VPN servers, mail filters and a variety of other little services. We had five 1Gbit/s Internet feeds from three different backbone providers with our own BGP routers and IP allocation.

This solution served us well for many, many years but it was time for a refresh, so we had to take a long hard look at what we were doing. Replacing a six-node virtualisation cluster with 10Gbit/s storage is a costly exercise. Having our own equipment and facility means that monthly costs are fixed but the initial outlay is high. The facility also gets old over time and eventually needs to be replaced again.

So, how about using a public cloud?…
  • Let someone else worry about disk crashes, connectivity issues, firewalling, upgrades, etc
  • Just pay each month for what we consume
  • No expensive capital costs
  • Advanced features like AI, IoT, replication and multiple regions
But what about doing it ourselves?…
  • Costs of our own facility are fixed, so profits are good if we have many customers
  • Being the ‘master of our own ship’ means we can fix problems ourselves and not be reliant on an external provider
  • Offer interesting, unique services
  • Differentiate ourselves from other IT providers

In the end, factoring-in the capital expense, the power and flexibility of the cloud and not wanting to worry anymore about equipment failures, we opted to migrate to the cloud.

As a certified Microsoft Partner, we had already worked with their general-purpose public cloud, Microsoft Azure, so that was the natural choice.

Over a period of months, we migrated customers’ VMs and LoB applications to Azure in London. They all benefited immediately from modern infrastructure, especially noticeable was the performance increase afforded by using SSD-based virtual machines. Their VMs are now up-to-date Windows Server 2019 installations behind very secure firewalls and access policies.

Our development team also migrated a series of server-based ASP.NET web applications to Azure’s Platform-as-a-Service solution. This means that those services just run inside the Azure cloud, no need to configure servers, upgrade them, protect them, we just let Microsoft do all of that. It is the same for the SQL Server databases, you choose how fast you need the database to go and pay for that service; no expensive ‘per-core’ licensing or performance limitations.

Everything is then backed-up or mirrored to Microsoft’s other UK data centre in Cardiff… this is something that would simply be impossible for us to afford with our own equipment.

The solution has been running for a few months and it is great. Customers are happy with the performance of the applications and VMs. The PaaS platform means that reliability of websites and web apps is 100%; this too would be impossible for our own data centre as hosting machines must be restarted each month for their security updates.

All-in-all, the migration from our DC to Azure has been great. Reliability is up, performance is up, customer satisfaction is up, whilst costs and sleepless nights are down! We are sad that we no-longer have our own servers and solution, but Azure is big, better and more flexible, so we are OK.

The Future

Azure allows us to do things that were previously out-of-reach, such as…

  • AI Solutions – Machine learning in your own DC is basically impossible
  • Multi-site Replication – Replicating VMs between DCs is possible but you need an entire second data centre with a second set of costs
  • Global Reach – Our PaaS services can be positioned near to customers in any part of the world, whereas our data centre was just in Manchester

“Bye bye DC1. We’ll miss you, but your time had passed.”

PS. Special mention must go to HP for making such brilliant hardware. Every server worked beautifully for ten years or more. Splendid work guys!

XenServer-based six node virtualisation cluster using (mostly) HP ProLiant hardware.

Jason Timmins, our Technical Director, stand in the rack that used to house our hosting facility. At his feet are five 1,000Mbit/s Internet connections.

Posted in: Uncategorized
tagged with: , ,

Using cloud technologies to improve disaster recovery

Posted by: Marketing Department | | No Comments »

Disaster lurks around every corner. You need a solution that can deliver peace of mind with a comprehensive solution. By using Microsoft System Center Data Protection Manager and SQL Data Sync to improve application resilience and performance in the cloud, Microsoft IT helps ensure that business applications are always available, and data is protected in case of disaster.

View: Using cloud technologies to improve disaster recovery

Posted in: Uncategorized

Empowering your organization to embrace a data culture with Power BI

Posted by: Marketing Department | | No Comments »

Companies are generating an amazing amount of data, but do they know how to use it? Often, the answer is “not really.” You need to leverage a solution that can help your employees understand what your data is telling them. With Microsoft Power BI, you have access to manipulate, learn from, and act on your data. Use Power BI to explore, gain crucial insights, and make decisions in new and exciting ways. Contact MBM Ltd to learn more on how we can help you integrate Power BI today.

View: Empowering your organization to embrace a data culture with Power BI

Posted in: Uncategorized

Microsoft migrates 150,000 mailboxes to Exchange Online

Posted by: Marketing Department | | No Comments »

Before releasing Office 365 to the public, Microsoft recognized the advantage–to both users and the company–of migrating to Exchange Online. Exchange Online offers the ability to access email from anywhere on any device and much more. Exchange Online is one way in which Microsoft chose to modernize its business. MBM Ltd and Microsoft want you to have a modern, agile workplace. Contact us for more information on how we can help you migrate to the cloud.

View: Microsoft migrates 150,000 mailboxes to Exchange Online

Posted in: Uncategorized

Azure Backup datasheet

Posted by: Marketing Department | | No Comments »

Your data is more important to your organization than ever before. In today’s technological world, having the tools to back up your information is vital to success. Azure Backup helps you retain rapidly increasing amounts of data while keeping storage costs low. It makes it easy for you to back up and restore your most important information when the unexpected happens.

View: Azure Backup datasheet

Posted in: Uncategorized

SQL Server 2017 Datasheet

Posted by: Marketing Department | | No Comments »

Data is an important part of any modern business. Why not use a data platform with intelligence and security already built in? Microsoft SQL Server 2017 provides extras without extra cost, along with best-in-class performance and flexibility for your on-premises needs. Contact MBM Ltd today to find out how we can help you integrate SQL Server for industry-leading performance and security.

View: SQL Server 2017 Datasheet

Posted in: Uncategorized

Day in the life–Financial services

Posted by: Marketing Department | | No Comments »

Ever wonder what a day in the life of a financial services professional is like? With cloud email, partners can manage their business on the go and safeguard customer data. With Outlook, features like FindTime make it easy to identify gaps in schedules and set meetings, saving valuable time. MBM Ltd and Microsoft want you to have access to professional cloud email for your mobile and agile business. Contact us today to learn more.

View: Day in the life–Financial services

Posted in: Uncategorized

Phishing Emails – Cautionary Tales – Part 1

Posted by: mbmadmin | | No Comments »

https://media.licdn.com/dms/image/C4D12AQEvQ_COuNPGQg/article-cover_image-shrink_423_752/0?e=1556150400&v=beta&t=n1OPyqVhcOrRsiJ10LS8YupbnhDcwkHcmas5hphsoc0

9am Monday morning; “Jane” the finance director of a small roofing company turns on her PC, opens her Outlook and spends 5 minutes going through her emails.

5 minutes later her company has lost £8,500.

What happened was a failure on several levels; of procedure, of security and of system. And while the bank’s anti-fraud department was able to recover / cover the lost money, it was a mistake that nearly cost the business and took many months to recover from.

So just how did it happen?

Unfortunately; Jane’s company was something of a poster child of what not to do, their password policy was non-existent, their network security was out of date, and it was standard operating procedure for the managing director to send emails to Jane stating, ‘Please send £X to Y bank account’ without any verification.

Of course, Jane had received an email from her ‘MD’ asking her to transfer £8,500 to an anonymous bank account. The email was not from the MD but ‘spoofed’ to appear to have come from him and with the lack of proper security procedures and technical measures that was all it took.

Another day and another user; “Karen” the accounts manager at a hotel chain, receives a phone call from her contact at the business’ third party accountant firm. Her contact was concerned by the amount of money ‘Karen’ has been asking him to move to unknown accounts recently. Of course, the real Karen had no knowledge of this.

After investigation it transpires that previously; Karen had fallen foul of a phishing attack and been tricked into giving up her email credentials to an unknown party. Without two factor authentication to prevent it, the malicious party went on to read through all her emails, contact the accountant while diverting all responses to themselves and deleting any evidence, and instructing the accountant (as Karen) to transfer £36,000 to an account in the Cayman Islands. Like in Jane’s case due to this being the standard procedure the money was transferred.

Sadly, for Jane and Karen, phishing and scam emails are becoming one of the gravest concerns for moderns SMEs and yet much of the user base is ignorant of both the threat presented and the potential costs. Every day the attacks become more and more complex, increasingly realistic and harder for your average person to spot.

The above examples; while ranging from incredibly simple to technically complex, are still effective because the creator of these attacks rely on human nature. All you can do as a business is to reduce the avenues of attack and to protect the user when they make a mistake.

Once upon a time; the height of scamming was an email from a generous Nigerian Prince (Nigeria does not in-fact have a royal family) wanted to give YOU $50,000 if only you could provide them a measly $1,000 to help facilitate the transfer. Who could say no?!

Like other early scamming attempts, these emails were poorly worded, full of spelling mistakes and typos. While you do still see first generation emails like this in the wider ecosystem, modern anti-spam email filters mean the end user rarely sees them.

Of course, as the email filters and other forms of defence have evolved, so have the attacks become more complex and harder to stop. Additionally, scammers more often use phishing attacks to try and steal customer data and logon credentials rather than extract money directly.

https://media.licdn.com/dms/image/C4D12AQGuGVxTkwWnrg/article-inline_image-shrink_1000_1488/0?e=1556150400&v=beta&t=McjUwaFbeltXX4-lJM3jU5YumEB1SS8Nsxp3Ywfd0cw

Here we have an example of a phishing email from ‘Barclays Bank’. It is a near carbon copy of a legitimate Barclays email; and the only obvious way you can tell it is a fraud is by the hyperlink addresses.

https://media.licdn.com/dms/image/C4D12AQGywa8Z-gYj9g/article-inline_image-shrink_1500_2232/0?e=1556150400&v=beta&t=cR_VFHi_-2-XPN_r71_nihffYuREHQ7KDzxRNYkJ4-s

Once the victim has clicked the link on the fraudulent email, they are often taken to a fake web page similar or identical to the real page; this is where the victim is tricked into giving up their real username and password which the malicious party with then use for their own ends.

C:\Users\ben.TWFINTERNET\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E1BCF32F.tmp

Ransom emails are very common currently; the attacker doesn’t need to do anything but spoof that the email is from the recipient, they are then relying on the user to be scared into sending the money even though there is no real threat.

Thank you for reading, I hope you found it informative/enjoyable. Next time I will be going through the ways you can secure against the threats faced by a business the Modern Workplace.

Written by Benjamin CutlerMBM Ltd – 12/03/2019

*The above stories are based on real incidents with the affected users’ names / industry changed. Following the incidents, they approached MBM Ltd and their cases were resolved and their security improved.

Posted in: IT Security
tagged with: ,

Change to Azure Active Directory Multi-Factor Authentication Breaks Outlook

Posted by: mbmadmin | | No Comments »

I’ve been using MFA with Office 365 for some time. I was using the Authenticator app on my smartphone and entering the six-digit code when I was challenged by the MFA mechanism. However, I recently changed the MFA process so that the Authenticator app simply pops-up a notification asking for approval, dispensing with the six-digit number.

This worked nicely for the web and other application but, after a day or so, Outlook failed to connect and repeatedly showed. No-matter what password I entered, or how often, it kept coming back with this dialogue…

The solution was to run Microsoft’s Support and Recovery Assistant for Office 365, which is better known as SARA. You can download it here, https://aka.ms/Sara. Once installed the wizard looks like this…

Naturally, mine was an Outlook issue so I started on that path…

There was an exact entry for my issue so my choice was clear…

Obviously, if the tool is going to help, it needs to be run on the machine with the issue…

Enter your Office 365 credentials…

I’m using MFA for my Office 365 account, so I had to go through the MFA login…

Choose your work account…

Enter your O365 password…

Complete the MFA authorisation and you’ll be presented with this page in the wizard…

It looks like Outlook doesn’t work quite a smoothly with MFA as it should. It seems to need an App password. I don’t remember creating an App password, so I opted to click ‘create a new one’ and got sent to this page…

(It’s https://account.activedirectory.windowsazure.com/AppPasswords.aspx.) Initially, for me, this page was empty, there were no App passwords. Clicking ‘Create’ let’s you add one to the page, like this…

You’re asked to create a name for your password. I went with ‘My O365 App Password’ and clicked Next…

The wizard then creates you a strong password. You really need to make a note of it somewhere. Once you’ve got a copy, you can return to SARA. It’s this password that it’s looking for in the page from before…

SARA then does some checks…

Then…

It’s offering to fix Outlook so let’s try, click Yes…

Seems fair, let’s do it…

Close Outlook then Next…

Outlook starts and asks for the password. This time, it’s that new App password so paste it in. Then, as if by magic, Outlook connects and Email flows again…

Conclusion

It seems, for Outlook, it’s important to set and know your App password. I’m sure this will become smoother over time, but it’s a bit of a pain at the moment. I might try turning MFA off or switching authentication method again to see if that also breaks Outlook. Enabling MFA is something that is great for security and so should be done for all organisations, but we don’t want Outlook to break everywhere!

On a plus note, the SARA tool seems pretty good.

Posted in: Cloud, Office 365, Tip

Getting Started with Azure Sphere on the Seeed MT3620

Posted by: mbmadmin | | No Comments »

Getting Started with Azure Sphere on the Seeed MT3620 Development Kit

(Tip: Connect your development board using the lead that came in the box.)

  1. On your Windows 10 PC with Visual Studio 2017, install the Azure Sphere SDK Preview for Visual Studio.

2. You’ll need a business/school Microsoft Azure account, these have Azure AD which Sphere uses for access control.

3. You need to add an Azure Sphere Tenant to your Azure AAD. The SDK will have installed Azure Sphere Developer Command Prompt, use that to run…

azsphere login

4. You’ll probably see something like this…

This is because there’s presently no Sphere Tenant in you AAD.

5. Use this to create a new tenant…

azsphere tenant create --name <my-tenant>

In our case we’ll use “MBM Ltd” as my tenant name like so…

6. Next, take the advice on the screen and claim your development board so that it’s associated with your tenant, use…

azsphere device claim

7. Time to connect your device to your WiFi. From the Sphere command prompt use this to join the device to your WiFi…

azsphere device wifi add --ssid <yourSSID> --key <yourNetworkKey>

Check it’s got it with…

azsphere device wifi show-status

8. Time to update the device. Use this…

azsphere device show-ota-status

It can take a while. Give it half an hour. It’ll hang for a while so be patient.

Time for the sample app

9. Configure the device for debugging using…

azsphere device prep-debug

10. Let’s make some lights blink! Go to VS and create a new project. You’re looking for a Visual C++ Cross Platform project for Azure Sphere, it’s called ‘Blink Sample for MT3620 RDB (Azure Sphere)’.

11. With luck, the code should run straight away. Press F5 to build the project, send it to the board and start debugging. If you add a breakpoint on this line…

if (newButtonState == GPIO_Value_Low) {

(Line 96 in my version of the demo code.)

It’ll hit the breakpoint when you press Button A on the MT3620.

Conclusion

That was pretty simple. In the next article, I’ll show you how to deploy code over the air using a feeds and device groups.

Posted in: IoT
tagged with: , ,