Windows Server options

Microsoft Windows Server 2012 will be released September 4th.  Microsoft streamlined server-edition options to four and discontinued Home Server, Small Business Server, and Enterprise Edition.

 

Windows Server 2012 editions:

  • Foundation – Up to 15 users; OEM-only, so purchased with hardware
  • Essentials – Up to 25 users with cloud-enablement features
  • Standard – Unlimited users; includes two virtual instances
  • Data Center – Unlimited users and virtual instances

 

Server discontinuations:

  • Windows Small Business Server (SBS) 2011 will be discontinued on June 30, 2013.  To get SBS functionality, you will need to purchase Windows Server and Exchange Server separately.  (Software Assurance, Microsoft’s maintenance option, for SBS has been discontinued as of July 31, 2012.)
  • Windows Enterprise Server has been discontinued
  • Windows Home Server has been discontinued

 

Specific editions with pricing are noted atWindows Server 2012 Editions.

Protect your mobile device – Part 3: Enforcement, Tools, and First Steps

We have explored the importance of setting policies and training users on mobile device security and management; now, we wrap-up with how to enforce these policies, recommended tools, and first steps to mobile device security.

 

Enforcement

 

Enforcement is usually assisted through a Mobile Device Management (MDM) tool; typically a software-based application that requires an agent be installed to the mobile device.  Once installed, this agent connects back (remotely) to a central console from which an administrator can monitor, manage, and secure the mobile device and also support its user.

 

MDM features typically include:

  • Enforce user security policy:

o   Require complex password with frequent changes

o   Permit remote access only via SSL or VPN

o   Lock-down browser settings

o   Enable encryption

  • Recover lost or stolen devices:

o   Activate alarm (set off an audible alarm on the device)

o   Enable track and locate (track and locate the device via GPS)

o   Permit remote wipe (complete erasure of the device as a last resort)

  • Control mobile device applications:

o   Recognize and prevent installation of unauthorized applications

o   Permit whitelisting and blacklisting of application

o   Restrict or block application stores

  • Remotely deploy and configure applications (email, etc.)
  • Audit the mobile device for installed software, configuration, and capacity

 

ComputerWorld has a comprehensive article on the challenges of MDM. View it at

Mobile device management: Getting started.

 

To support our mobile device clients, we use the MDM capabilities built intoKaseya, our Remote Monitoring and Management tool.  Other MDM providers include:

  • AirWatch
  • LabTech
  • MobileIron
  • Symantec
  • Zenprise

 

While MDM provides a comprehensive tool, it can be costly to procure and support.  Many companies utilize a trusted business partner (like Bryley) to provide MDM tooling, monitoring, and support for their mobile devices on an ongoing basis with pricing that ranges from $15 (in quantity) to $75 per device per month.

 

Non-MDM Tools

 

Alternatively, Microsoft Exchange 2010 offers many MDM-type features through Exchange ActiveSync (EAS), an included protocol that licenses by end-user or end-device Client Access License (CAL).  The Exchange 2010 Standard CAL licenses:

  • Password security policies
  • Encryption required
  • Remote wipe

 

The Exchange 2010 Enterprise Add-On CAL licenses advanced features including:

  • Allow/disallow Internet browser, consumer email, unsigned installation, etc.
  • Allow/disallow removable storage, Wi-Fi, Internet sharing, etc.
  • Allow/block specific applications
  • Per-user journaling
  • Integrated archive

 

Exchange Server Standard 2010 is $709; Standard CALs are $68 each while the Enterprise Add-On CAL is an additional $42 each (based on list prices for business).

 

Main difference between MDM and EAS: Most MDM tools provide greater control over the mobile device during its lifecycle and can provide control over the device even before email is configured.

 

Other recommended tools include:

  • Anti-malware: AVG Mobilation – From free to $9.99 for Pro version
  • Protect and find phone via key-case fob – Kensington Bungee Air at $79.99

 

First step suggestions

 

These are our minimum, first-step suggestions:

  • Deploy anti-malware software immediately and manage it continuously
  • Require password to activate the device with a low auto-lock time
  • Update mobile devices through vendor-approved patching
  • Enable on-board encryption if handling sensitive data

 

Visit 10 Steps to Secure Your Mobile Device for detailed recommendations on securing your mobile device.

Google moves Postini spam-filtering into Google Apps

Google purchased Postini in 2007 to provide spam-filtering and related security and compliance services to Google enterprise-services clients; they initially branded Postini under Google Messaging, but have now integrated Postini into Google Apps for Business.  They will retire the Postini brand name in 2013.

 

Users of Google Message Security (spam filtering) will be transitioned into Google Apps for Business; Google Message Discovery (spam filtering with archiving) users will be transitioned into Google Apps for Business and Google Vault.

 

Pricing will stay the same for users of spam filtering and archiving.  Those that expand into other Google Apps for Business services (like Google Drive or Gmail) will see a price increase on their next renewal date.

 

The announcement from Google’s Adam Sawes, Product Manager – Google Apps, is at Continuing the transition from Postini to Google Apps.  For additional information please visit the Postini Transition Resource Center provided by Google.

 

Our belief: While Google will continue to provide Postini to customers under the Google Apps for Business banner, they will recommend migrating to other services within Google Apps for Business and will make it harder to remain Postini-centric within the Google Apps world.

Microsoft Streamlines Windows Server Options, Kills Versions for Home and Small Business

Microsoft has revealed that the Windows Server 2012 options will be drastically streamlined from the myriad choices of its predecessor. In the paring down, though, Microsoft is killing off Windows Small Business Server, and Windows Home Server–the two most popular versions for small and medium businesses (SMBs).

On the one hand, the news is quite welcome. Variety may be the spice of life, but when it comes to choosing which version of Microsoft’s server operating system is right for you business it’s just confusing. Choice is one thing, but too many choices makes the decision much more complicated than it needs to be.

With Windows Server 2012, Microsoft will only offer four versions: Datacenter, Standard, Essentials, and Foundation. Even better, the versions are all equipped with essentially the same features and capabilities, and the only real difference is the number of virtual machines each can handle. That means that Windows Server 12 Standard Edition will include features like Windows Server failover clustering, and BranchCache hosted cache server that were previously reserved only for the Datacenter and Enterprise versions.

For the most part, though, SMBs aren’t really interested in those enterprise-class capabilities, and they’ve been satisfied working with Windows Home Server, or Windows Small Business Server–which includes core functionality of Exchange Server and SharePoint Server. These organizations are going to have to make a switch, though, when it comes time to upgrade.

According to a PDF from Microsoft titledWindows Server 2012 Essentials: Frequently Asked Questions, both of these versions are superseded by Windows Server 2012 Essentials. Microsoft explains that it has focused on making Windows Server 2012 Essentials the ideal operating system platform for both small businesses and home users.

The decision is driven–at least in part–by current tech trends, and Microsoft’s own focus on cloud-based tools and services. Microsoft explains, “With Windows Server 2012 Essentials, customers can take advantage of the same type of integrated management experience whether they choose to run an on-premises copy of Exchange Server, subscribe to a hosted Exchange service, or subscribe to Office 365.”

The bottom line is that SMBs don’t need to have Exchange or SharePoint bundled with Windows Server. Windows Server 2012 Essentials will meet the server platform needs of most organizatons–even better than its predecessor thanks to the across the board feature parity–and an Office 365 subscription can deliver Exchange, SharePoint, and Office as a hosted service.

References: PC World: Business Center