TruStack Focus On… Remote Desktop Infrastructure

By Technical Pre-Sales Consultant, Ian Sanderson.

Is 2020 finally the year of VDI?
If you have been in the IT game for a while you may have heard the long-running joke that this year is finally the year of VDI. 2020 Could be when this becomes true.

What is VDI?
VDI or Virtual Desktop Infrastructure is a mechanism that allows a business to deliver corporate desktop images to any device, be that a thin client, a computer, tablet, or smartphone. All desktops are managed from a central location and can be delivered from public, private, or hybrid cloud. I heard a great analogy, imagine that the cables on your keyboard and mouse are just really long and they connect to a desktop somewhere else. Not the one in front of you.

What is it used for?
There are several use cases for VDI. The dominant one at the moment is to grant end-users access to their corporate desktops whilst working from anywhere during the global pandemic. It eliminates the use of a VPN and brings users closer to the data they need to access, making for a great end-user experience.
Did you know you can publish physical desktops and connect to them using the same infrastructure used to access a virtual desktop? Many organisations are adopting this approach to allow people to connect to their corporate devices in the office when they are working from home.

Why would you use it?
It is important now more than ever to secure access to data. A VDI solution can make this task easier as you are moving the entry point for an attack from the end-user device to the VDI estate. With appropriate policies and security in place, no data should be able to traverse the endpoint to the VDI session. From a management standpoint, IT only needs to worry about updating a handful of desktop computers rather than all desktop computers.

Who is it for?
Anyone can make use of VDI. Organisations with many desktops that are the same such as call centres, housing associations, or hospitals to name a few and businesses looking to offer additional flexibility for their users.
A VDI desktop can be accessed easily from anywhere in the world with an appropriate internet connection. If data gravity is a concern, a VDI solution can bring those users closer to the data they need to access.

If you would like anymore information on VDI or Remote Desktop Infrastructure, please do not hesitate to contact us by clicking here.

TruStack supports NCFE in business transformation

Almost a decade after they partnered for the first time, two of the North East’s most forward-thinking and flourishing organisations are looking forward to a healthy future together.

Digital business experts at TruStack have completed a transformation of IT systems at NCFE, a leading provider of educational services for more than 170 years.

TruStack was formed last year after the merger of SITS Group, PCI Services and Pivotal Networks, with SITS installing NCFE’s IT infrastructure back in 2013.

Not-for-profit organisation NCFE, which designs and certificates technical qualifications as well as offering assessment and educational technology solutions, decided to update its systems to keep pace with the organisation’s growth.

NCFE was pleased to continue its long-standing relationship with TruStack, a business which prides itself on giving clients ‘innovative solutions and expert support’.

Nick Evans, NCFE’s Information Security Manager, said: “TruStack has always supported us on our business journey. We feel that they are almost an extension of our own team.

“Our engineers trust their engineers. That respect between the organisations from an engineering level to managerial level has been born from a long-term relationship between us.”

“However, there was nothing to say that we were definitely going to go with TruStack for the project, but when it came down to it no one else could provide the same level of support and respect that we have received from them.”

“I have always felt they are not there just to make money from a client – they care. They had a vested interest in making sure the project was successful and that is what they did.”

In the past five years NCFE has seen its turnover more than double and its workforce increase from around 200 to more than 450 employees.

Security is vital to NCFE, with the organisation contributing to the success of millions of learners at all levels, in a range of sectors.

From September, it will take responsibility for delivering one of the government’s new T-Level qualifications, with five more to follow in 2021. 

Lindsey Gibson, Head of Group IT at NCFE, added: “We help learners from all walks of life to progress in their education and into employment, in line with our core purpose to ‘promote and advance learning’.

“We are firmly focused on the future and TruStack is a key partner in helping us to grow and increase our reach and impact.”

TruStack’s engineers spent eleven days planning for, and delivering, the project at NCFE’s head office at Quorum Business Park, in Newcastle-upon-Tyne, with the project going live in December.

Liam Holliday, TruStack sales manager, said: “It was a case of giving NCFE a platform to host its business applications that would last well into the future. 

“We pride ourselves on getting things right first time, and we are pleased things have turned out so well for NCFE in the latest stage of our partnership.”

He added: “We can never rest on our laurels. We see every opportunity we get like it’s a new business. 

“By treating every customer like a new customer we give ourselves the best chance possible of winning their business next time.”

TruStack works with hundreds of companies across the North East and beyond, including several of the North East’s Top 200 companies including Unipres (UK) and Vertu Motors. 

Other clients include the Natural History Museum and Collingwood Business Solutions.

TruStack has its head office on the Northumberland Business Park, Cramlington, with a branch office situated at the Evolve Business Centre, Houghton le Spring. If you are interested in finding out more, head to www.trustack.co.uk or call 0191 250 3000.

TruStack Focus On… Disaster Recovery and Backup

Over the last year, ransomware attacks have become more and more sophisticated in their approach. We have seen normalities such as deletion of backup files and encryption of all other files in an organisations systems.

This poses the question whether it is enough to have one back up and data protection vendor in your environment, or do you need to be looking at a more comprehensive data protection and disaster recovery strategy.

Data Protection

A well thought out data protection strategy relies upon multiple layers to help protect data at the core of a business’s infrastructure. As a business, you can no longer rely solely on a local back up that is always online and readily available. This could potentially lead to a complete loss of data.

There are however different methods that could help to better protect your data, or even other methods of duplicating said data. Each layer should have its own security and hardening in place to protect the data further.

As we know, your data is normally the ultimate target of any ransomware attack. If we start from the inside out, you can normally adjust some minor aspects to assist in protecting the data.

  • There should be appropriate permissions in place to ensure that only users that need access to the data, have the permissions to do so. This will then limit the attack surface, should a ransomware attack take place
  • Ensure that you avoid making all users a global admin
  • Follow principles such as, read-only groups, read and modify and full control

Netwrix for example is one of many products that could assist with all of the above.

Near-Line Storage/Back-Up

Near-line storage or back up is a target that is quick to recover from and is always online. This could range from a server, to a NAS or a purpose-built platform that offers benefits such as hardware compression or deduplication. The use case for near-line back up is typically used if someone deletes a file and needs to recover said data quickly.

Physically securing these devices is sensible, and like the data at the core, you should follow similar principles.

  • Access to the backup repository should always be configured
  • Do not use default admin accounts
  • Lock down firewalls
  • Avoid domain joining devices to limit the number of accounts that could log onto the device

Offsite Backup

Offsite backup targets could be considered as cloud-based object storage, for example another building hosting a backup target or rotated hard drives.

This offsite backup is classed as your insurance policy should anything happen to your data and the near-line backups mentioned previously.

Depending on where this data is stored, this can offer additional protection from ransomware and malicious attacks. If you find that someone has compromised your server and deletes the backups, what do you do?

You could use a third party back up target. These targets can help to protect your data, even from a ransomware attack, or internal threat. Many vendors offer this type or service which is normally shortened to BaaS, or backup as a service. Vendors that we use include Veeam and Datto.

Air-Gap Backups

Air-gapped back-ups are those that are completely off the network and not online, so there is no way that anyone could log onto the device and delete the data on it. Tape is the most common example of this and something that is still used frequently today.

However, with tape backups you still need to consider how these are going to be stored should the worst happen. At a minimum they should be stored in a fireproof safe, and preferably off-site.

Also remember that tape doesn’t last forever should you consider using it for archiving purposes, and each LTO generation is only compatible with the most two prior versions.

Snapshots

SAN snapshots are not back-ups; however, many SANS now offer the ability to create a snapshot of their volumes for a quick rollback. If the worst happens, and as the last resort, a SAN can roll back to a volume that is in a known good state and could be exactly what is needed. The volumes on a SAN where many servers run from are typically not exposed to a production environment where an attacker could manipulate them and delete data.

Securing access to the SAN should also still follow the same precautions as mentioned previously.

Remember, a backup is only as good as the last time it was tested, so make sure that this is done as often as necessary.

For more information on Data Protection and the services that TruStack can provide, please feel free to call us on 0191 250 3000 or email on [email protected]

TruStack Focus On… Connectivity

In this blog we will be addressing the long-standing requirements and considerations for the use of Virtual Private Networks (VPN). We will focus on traditional VPN use from end user to corporate networks access, rather than VPN Mesh, VPN to cloud platforms such as Azure, or consumer style VPN provision for confidentiality and security.


So, what is VPN?
As many of you will know, Virtual Private Network connections (VPN) have been a long-time trusted connectivity option between networks since 1996 when Microsoft first published the Peer to Peer Tunnelling Protocol (PPTP).


Why has VPN been so popular?
Point to Point VPN Tunnels across customer networks and VPN between end user devices and company networks have enabled users to access business data, applications and security measures whilst working from anywhere in the world.


In turn this has allowed companies to become more agile, allowing end users to work from anywhere, whilst still delivering the businesses’ security needs with information normally stored behind an enterprise or business grade trusted firewall.

Over recent years the migrations to cloud based Software as a Service Solutions (SaaS) for business data and applications has in many cases reduced the use of VPN. End users are now able to connect directly to the cloud resources from local endpoints with less reliance on traditional on-premise systems.


However, many companies have key applications and large data sets that are unsuited to cloud SaaS. Businesses may also have to meet various compliance regulations or commercial model requirements which traditional on premises infrastructure still provides and therefore still require a VPN solution.


Why is March 2020 so important?
Across the globe the Covid-19 lockdown hit, many organisations who had never needed agile working and remote access now needed it fast. With no time for planned cloud migrations, businesses needed large scale VPN user rolls outs to enable working from home with access to data and applications for end users. Often this was done with limited considerations on how the VPN would deliver what was required or the security risks involved.


What are some of the common key business cases for customer VPN connections?


Remote access to files: VPN provides a great method of accessing small files on networks, often as part of a domain for work share group.  


Enabling remote access to applications: VPN may provide direct access to applications on the corporate network or can enable access to remote desktop services for remote users to access corporate network-based compute to run the required applications.  


Web security: Agile workers often don’t have the levels of security required on the end-point or network to enable secure access to any web services. There could be other devices on those networks which are malicious and pose a threat to your corporate data. If required, VPNs can pass all web traffic directly back to the main corporate network to run through your traditional on premises network security.  


What key considerations should a business check before jumping to VPN?


Level of encryption: Many companies needed to implement VPN quickly with access for remote working without the latest technology, running the risk with older less secure VPN methods such as PPTP vs more secure SSL VPN providing a better layer of security. Some older firewalls don’t support SSL VPN, so it may be an upgrade which is required, and some firewalls need licencing to enable SSL VPN on a per user basis.  


VPN performance: VPN provides a method for agile working; however, it can be limited in the performance it delivers.  For example, does the VPN provide the performance requirement to open or transfer the documents across your IT environment as end users expect?


Does VPN enable what you need?: VPN connections alone may not allow you to run the applications required, however, VPN may provide the secure the access to another layer of compute such as a remote desktop server or individual Endpoint.


The resiliency of your firewalls: If you are only running one firewall it may be worth considering a pair of high availability configured firewalls to reduce risk and a single point of failure.


Treat VPNS with the highest security: VPN passwords should be highly secure as they allow a device to connect to your network. VPN passwords should be complex, updated regularly and kept up to date to ensure no legacy users have access credentials.


Multi-Factor Authentication and Geo Blocking Controls: For best practice, implement a multi-factor authentication system to complement your VPN security. This can prevent unauthorised access in the event of password breach or brute force attack.


Firewalls limitations: Many firewalls are limited in the number of VPN connections available and the number it can handle concurrently. Ensure latest firmware updates are in place for your firewalls which may offer more stable connections.


And many, many more…

Ultimately VPN can still provide a great layer of security to ensure external users who are accessing the system need a further level of credentials to access the network, particularly when Multi-factor authentication is added to the VPN connection. However, it is important the company understands the required working practices and security risks that need to be fully considered.


If you would like to discuss any VPN requirements for your organisation or advice on your existing systems contact us on [email protected]

Important Updates To Office Support

Office 2016 for Mac and Office 2010 will reach their end of support on October 13, 2020. After this date, Microsoft will no longer provide technical support, bug fixes, or security updates for Office 2016 for Mac and Office 2010. You will still be able to use these versions of Office, but over time, organisations will face an increase in security risks and compliance issues.

Running legacy platforms allows security exploits to be leveraged against businesses and so retaining Office 2010 which Microsoft will no longer patch or bug fix is a significant risk.

Therefore because of the changes listed above, we strongly advise that you move to a current agile platform such as Microsoft 365.

Those who have Cyber Essentials or Cyber Essentials Plus will not be able to maintain the accreditation as the Microsoft platforms will not be patched. To have these accreditation’s patches must be deployed within two weeks.

Why Move to Microsoft 365?

Businesses who adapted best to Covid-19 were those who were already using current technology and leveraging tools such as Teams, securely ahead of the lock down.

Those business were already benefiting from agile working practices which their staff and clients benefited from. Meanwhile, others were left unprepared and looking for last minute solutions to remote and agile working, this is now the opportunity for those businesses behind the curve to pull themselves into the present day with up to date technology.

Benefits Include

  • Reduction in on premises infrastructure to manage by moving to the cloud.
  • No long contracts. The ability to flex up or down depending on the size of your workforce. Removes uncertainty should there be a sudden increase or decrease in staff members.
  • Always entitled to the latest version of the software.
  • Easy license management. 
  • Experts on hand at TruStack to help guide you through your journey.

Contact us today to claim a FREE 30 minute consultation.

You can also read more on Agile Working by clicking here.

TruStack Focus On… Collaboration Tools

Unified Communications can mean many things to many people. Essentially it is the ability to communicate in a seamless manner wherever and whenever. Whether that includes video call, extension mobility, or instant messaging, this digital transformation can help to improve productivity in the workplace when working in an agile fashion.

One of the biggest roadblocks to collaboration is distance. With increasing availability and popularity of web-enabled collaborative tools, it is no longer necessary to make extensive plans for bringing busy colleagues to the same location. With new-age web conferencing tools, it is possible to have audio-video interactions with a range of features like desktop sharing, whiteboards, polls, webinars – to name just a few.

The greatest tangible benefit is monetary savings and travel costs that account for a large chunk of the training budget. Arranging for employees to travel, as well as arranging for training sessions can be a tedious and complicated process – especially when employees today have extremely busy schedules and deliverables within tight timelines. With conferring and other web-enabled collaborative tools, employees do not have to travel for training sessions. With recording and saving functions built in, training sessions can also be saved for future utilisation or for learners who cannot attend the session live.

Another big component in cost savings is that of communication costs incurred in phone calls, mail and other modes of one-to-one communication which, in the absence of collaboration tools, have to be made time and time again to reach out to a large or geographically spread out audience. With conferencing or collaboration tools, a lot of learners can log in to a single platform and attend sessions together. With facilities like two-way chat and direct calls, collaboration is real time – benefitting the learners by addressing their needs there and then.

For smaller organizations, it is a means to enable them to find a global reach and makes their business international. For bigger enterprises, it increases inter-organisational communication and builds knowledge within its structure.

Collaboration and conferencing tools also make a lot of resources readily available for staff and customers. Brainstorming sessions with peers encourage even the most introvert learners to contribute to discussions. The online platforms give them more comfort than a room full of unknown faces would.

From our agile working survey, it was easy to see that the most popular form of collaboration was via Microsoft Teams with 75% of those surveyed using the platform. No surprise with the ever-increasing adoption of O365 and the many great features it can bring for agile working. Of course, there are many platforms with similar functions such as Mitel Connect, Zoom etc, however our experts here at TruStack can guide you through that decision making process and the considerations that need to be made.

For more information please do not hesitate to contact us on [email protected]

You can also read our Agile Working report by clicking here.