Loading ...

Category: Cloud Services

Two Great Tastes That Go Great Together

We have decided to make a business change that includes no longer directly selling phone services, but instead we are moving our clients to RingCentral. They are the industry leaders in this type of service and their rates are very competitive. One of their killer features is the Teams integration

RingCentral for Teams – Embedded App

RingCentral for Teams embedded app enables calling from the Teams app to both internal extensions and external numbers. It’s the simplest way to supercharge the phone experience for both end users and IT admins without having to deploy a new app to end users. Most importantly, there’s no need for an added Microsoft calling or E5 license to capture this value. This solution is ideal for organizations that want to:

  • leverage RingCentral’s superior telephony while maximizing the value of their Teams investment
  • avoid the added cost of Microsoft’s calling license

With the RingCentral for Teams embedded app, users access an icon presented in Microsoft Teams. They can then place and receive calls, access voicemails and voicemail transcriptions, and send or receive an SMS or fax. These tools fill critical gaps in Microsoft Teams, transforming it from messaging and video meeting tool to a communications powerhouse. This approach is also a money saver, as it doesn’t require the added cost of a Teams Phone or E5 license.

If your company is currently using Microsoft Teams for communications and want to add the incredible functionality that RingCentral brings, then contact us for assistance.

A Medical Office’s Journey to the Cloud

Today we tell the story of a medical office’s journey to the cloud. This particular client was facing their server operating system reaching end of support (a HIPAA violation) in the near future. They had begun by looking at their electronic medical records software company’s online offering, which didn’t have all the functionality of their on-premises software and was very expensive (this is typical).


They next decided to look into moving their current on-premises software into the cloud and we were asked to help with the testing. We determined that it would be best to move the file portion of the server to SharePoint / OneDrive to increase their mobility and flexibility. We also determined that it would be best to move them away from on premises Active Directory into Azure Active Directory / Intune to allow authentication and security policies. Finally we began testing the on-premises software hosted on a server in Azure with a VPN connection to their office.


The SharePoint / OneDrive and Azure Active Directory portions went through with little issues. The server, however, was not as we had hoped. The Azure VPN connection was expensive due to it always being on and no way of turning it off outside of business hours. The performance of the SQL database that the on-premises software used was basically unusable. The other option would be to create virtual desktops on Azure for this purpose but the cost and functionality was not what the customer was hoping for.


This has lead them back to searching for an online EMR software that will meet all their requirements. This will be tough because most companies are good at some things, but not all things and compromises usually have to be made. Our hope is that this story is a lesson to other companies. The cloud may sound like the newest and best way to work, but the costs and functionality are often worse than expected.

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Automate Your Work, Free Yourself

Worked with a client lately to help them Automate a workflow, but you may be wondering what does that even mean. Let me explain. We all have tasks in our workday that are repetitive and consume little bite size pieces of our time. Depending on the steps needed to accomplish these tasks, they can be “delegated” to a computer process via scripting aka we automate them. In the case of the client we helped, they received emails from an eFax service which included attachments. These attachments had to be manually saved into a shared folder for the rest of the staff to access as needed. This process probably took about 30 to 60 seconds each, but multiply this by the 30+ faxes they received each day you have 15 to 30 minutes of wasted time each day (65-130 hours per year). This does not take into account the time taken to stop doing one thing, accomplish this task, and restart the original thing they were doing. 

Automate to Freedom


What if we could automate this little task and keep them employee free to do other more important things? We did. They customer uses Office 365 which includes a service called Power Automate. We scripted this tool to look at incoming messages, find ones from the eFax vendor, strip out the attachment, and save it to a SharePoint folder. This can then be shared with other employees and even synced via OneDrive to their Desktops for viewing, etc. That is just the tip of the iceberg as there is so much more that can be done with this technology. 

If your company wasting little bite size pieces of time in repetitive taks, then contact us for assistance.

What every business has in common?

Every modern business has one thing in common – the internet.

Businesses are using computers, smart phones, tablets, etc. to connect to the internet for research, shopping, advertising, or any number of things. With a connection to the internet comes the need for routers, switches, wireless, and other network hardware to distribute internet connectivity across the company. There are malicious people on the internet that are setting traps and trying to break into companies which necessitate the use of tools like antivirus, internet filtering, spam filtering, and other protective measures. There are also people who work from their homes and need to have a way of tunneling safely into the network to use the resources there. 

All of this has to be managed by someone in the company or you can contract with a managed IT service provider. 

If your company needs help managing all the things connected to your internet, then contact us for assistance.

Synology Active Backup Restore to Hyper-V

Prerequisites:

  • Make sure Hyper-V Host has CPUs than the combined total of CPUs for all servers being restored as these static until after the VMs are completely restored. If there is not enough CPU resources then the VMs will not boot.
  • Make sure Hyper-V Host has more than the combined total of RAM for all servers being restored as these settings are static until after the VMs are completely restored. If there is not enough memory then the VMs will not boot. 
  • Create a SET NIC Team on the server (if you have multiple NICs)
    • Open Powershell as administrator
    • User the New-VMSwitch command to setup an external virtual switch to connect to for live connections
      • New-VMSwitch -name “SET team” -NetAdapterName “NIC1″,”NIC2” -AllowManagementOS $True
      • The AllowManagementOS is needed if you are using the same NIC team to access the VM host
  • Setup secondary Internal vSwitch to allow for testing before deploying
  • Setup Synology LUN targets for each VM to be restored. Make sure that they are big enough to hold all the full uncompressed size of the entire thick provisioned hard drives for the entire server. 
  • Connect each LUN to the iSCSI Initiator on the VM Host. Make sure to bring them online, initialize them, and give them a drive letter. Synology needs this because it uses the SMB protocol to transfer the files during restore.
  • Make sure to allow the File and Printer Sharing app through the Windows firewall and open port 5986 to allow HTTP traffic for WinRM to allow Synology to query the Hyper-V settings.
  • Add the Hyper-V Host to the Active Backup for Business app.

Synology Active Backup Restore to Hyper-V

  1. Open the Active Backup for Business app
  2. Click on the Physical Server tab on the left
  3. Select the server and click the Restore button
  4. Select the point in time to restore from Graphical user interface, text, application, chat or text message Description automatically generated
  5. Choose Restore to Microsoft Hyper-V
  6. Choose Full Virtual Machine Restore
  7. Change the Restore Name
  8. Select a folder on the Hyper-V Host to place the configuration files Graphical user interface, text, application, chat or text message Description automatically generated
  9. Select a folder on the Hyper-V Host to place each of the restore VHD files
  10. Select a Virtual Switch on the Hyper-V Host to connect the VM to Graphical user interface, text, application Description automatically generated
  11. Confirm the settings by clicking on the Done button.

After:

  • The VMs will boot with a single NIC and no network settings. Keep them offline and add additional NICs as needed to match the original setup. Then configure the NICs as before upon reboot. Make sure to connect to Internal Test Switch for initial steps. 
  • Check hardware configuration of CPUs and RAM to determine if adjustments can be made. In particular, the RAM settings can be changed to startup, minimum, and maximum to allow for distribution of resources to VMs that have heavier workloads.
  • Boot VM to make sure it is functioning correctly.  (first bootup can take upwards of 15 minutes)
  • Convert the VM from Gen1 to Gen2
    • Download Windows 10 ISO – https://www.microsoft.com/en-us/software-download/windows10
    • Add Windows ISO to IDE controller as CD 
    •  Set boot to CD in VM Settings 
    • Boot VM to repair section of CD 
    • Boot to command prompt
      • diskpart 
      • list disk   (Make boot disk is in 0 spot)
      • exit
      • X:\>mbr2gpt /validate /disk:0 (select proper disk) 
      • X:\>mbr2gpt /convert /disk:0 
    • Create new VM with Gen2 setting
      • Give the VM a name and Store in appropriate iSCSI LUN drive then Click Next 
      • Select Gen 2 and click Next
      • Give the VM as much startup memory as needed and Use Dynamic Memory then Click Next Graphical user interface, text, application, email Description automatically generated
      • Select the Internal Test Switch and click Next
      • Select an existing hard drive and point to boot drive that was converted to Gen 2 then click Next Graphical user interface, text, application, email Description automatically generated
      • Click Finish to create
      • Modify to match old VM
        • Check Dynamic RAM settings to make sure the Max / Min is set properly
        • Check Hard drives and add additional as needed
        • Turn off Secure Boot function
  • Boot new Gen 2 VM and configure static IP address.
  • If booting successfully then delete Gen 1 VM 
  • Turn of old server as needed
  • Change Gen 2 VM to use SET Team vSwitch 
  • Test connectivity to network resources. 

If your company is looking to migrate from physical to virtual servers, then contact us to make the transition easy.

Setup Azure to Araknis IPSec VPN

Had a local medial office want to move their current server into the cloud and because they are already an Office 365 customer, I chose to use Azure for their Virtual Machine. I helped them setup Azure to Araknis IPSec VPN to connect their headquarters to the hosted server. This tutorial will go into detail about the creation of this tunnel starting with the Microsoft Azure side first using Resource Manager. It will be using the following parameters:

  • VNet Name: TestNetwork
  • Address Space: 10.10.0.0/16
  • Subnets:
    • Primary: 10.10.10.0/24
    • GatewaySubnet: 10.10.0.0/24
  • Resource Group: TestResourceGroup
  • Location: West US
  • DNS Server: Azure Default
  • Gateway Name: TestVPNGateway
  • Public IP: TestVPNGatewayIP
  • VPN Type: Route-based
  • Connection Type: Site-to-site (IPsec)
  • Gateway Type: VPN
  • Local Network Gateway Name: TestSite
  • Local Subnet: 10.20.20.0/24
  • Connection Name: VPNtoTestSite

Configure an Azure VPN gateway

This part takes the longest, so it should be done first:

  • Click on the “+” icon at the top left hand side of the Resource Manager, then search for “Virtual Network Gateway” and click on the “Create” button.
  • Give the Virtual Network Gateway a name
  • Select matching Region to where Azure resources are located
  • Leave Gateway & VPN type the defaults
  • Choose a SKU <- These have changed since the article was created, so my “standard” now is WpnGw1 with Active / Active turned off (this is a good balance of performance and cost)
  • Choose or create a local network (not covered here, but must contain Gateway Subnet) that matches internal resources
  • Choose or create a Public IP Address
  • Leave the remaining values as their defaults and then click the “Create” button. (Please note the reminder that this takes 45 minutes to create!)Azure Virtual Network Gateway

Configure an Azure Local Network Gateway

This is a reference to your on-premise network so that subnets can pass traffic:

  • Click on the “+” icon at the top left hand side of the Resource Manager, then search for “Local Network Gateway” and click on the “Create” button.
  • Give the Local Network Gateway a name
  • Select matching Region to where Azure resources are located
  • Specify the external IP address of the local on-premise site
  • Specify the on-premise address space (subnet)
  • Leave the remaining values as their defaults and then click the “Create” button.
  • Azure Local Network Gateway

Configure an Azure VPN Connection

This will create the tunnel from Azure to the on-premise site:

  • Click on the “+” icon at the top left hand side of the Resource Manager, then search for “Connection” and click on the “Create” button.
  • Choose “Site-to-site (IPSec)” as the connection type
  • Give the Connection a name
  • Select matching Region to where Azure resources are located
  • Leave the remaining values as their defaults and then click the “OK” button. On the summary screen click on the “OK” button to create the connection.Azure Connection Basics
  • Choose the newly created Virtual Network Gateway
  • Choose the newly created Local Network Gateway
  • Specify a shared key
  • Leave the remaining values as their defaults and click the “Create” button.
  • Azure Connection Settings

This completes the setup of the Azure side of the VPN tunnel. Now to work on the Ubiquiti USG side.

Configuring an Araknis IPSec VPN Network

  • Connect to Araknis router (need at least a 310 for this to work)
  • Click on Advanced > VPN
  • Scroll down to IPSec and click add new tunnel
  • Fill in the Remote IP address of the Azure VPN Gateway
  • Araknis VPN Settings
  • Fill in the Remote Subnet Mask
  • Araknis VPN Settings
  • Make the following changes to IPSec Setup
  • Araknis VPN Settings

That is all there is to it. If your company is currently using either Microsoft Azure or Araknis routers and would like a VPN created, then contact us for assistance.

Small Office Server Virtualization

Expand Server Storage - Clackmas County, OR

Had a client recently who had a smaller office network (they have up to 6 concurrent users) with a server to process orders from their website using a software called StoneEdge. This software is SQL-based database with a Microsoft Access front-end. It was time to upgrade their server to new hardware and cost was definitely an issue based on their size and order volume. In this case we chose to use a Synology device to act as the virtual machine host and create a new virtual server on the host. Here are some details:

Server Build Specifications

  • Synology RackStation RS1221+
  • Synology M2D20 – M.2 SSD Adapter Card
  • 2x Synology SNV3410-400G – 400GB NVMe M.2
  • 2x Synology D4ECSO-2666-16G – 16GB DDR4 2666 MHz ECC SO-DIMM Memory Module
  • 4x Seagate 4TB IronWolf Pro 7200 rpm SATA III 3.5″ Internal NAS HDD

Picked the Synology based on the expandability of RAM to 32 GB, the capability to use cache drives, and storage growth over time. It also has a 4-core 2.2 Ghz Ryzen processor which was plenty based on their old servers CPU usage.

Basics of Setup

  1. Assembled parts
  2. Installed Synology OS
  3. Setup HDDs in Synology SHR2 RAID
  4. Added M.2 drives as cache
  5. Installed the Virtual Machine Manager app
  6. Created a VM with the max CPU available and max Memory available
  7. Uploaded the ISO for the server OS
  8. Installed the server OS
  9. Setup the StoneEdge application
  10. Migrated data

This build did not increase performance dramatically, but it did allow them to spend about half the cost of a full server to accomplish the same purpose. It also reduced costs by using the Synology for backup of the server locally and into S3 storage in the cloud for redundancy.

If your company is looking to move their servers to a virtual environment or into the cloud, then contact us to start the process

RMM Automation: Credential Manager Empty After Reboot

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for using Powershell to fix Credential Manager empty after reboot. There has been several users at a bunch of clients recently that have lost access to a network share due to saved passwords and we found Credential Manager empty after reboot. It was easy enough to re-add their password to Credential Manager, but it was not sticking around. This sounds like a job for automation, so we created a script to clear the errant Credential Manger files and create a new entry for the user to connect to file shares.

Variables

$user = username to add to Credential Manager of network share connection

$pass = password to add to same

Script Snippet

### Remove file folder associated with Credential Manager
Remove-Item -Path %localappdata%\Microsoft\Vault -Recurse

### Install Credential Manager Powershell Module
Import-Module -Name CredentialManager -Force

### Convert password to Secure String and create credential
$password = ConvertTo-SecureString -string $pass -AsPlainText -Force
$Credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $user, $password

# Save the credential object directly without unwrapping it:
New-StoredCredential -Credentials $Credential -Target 'Share Credentials' -Persist Enterprise -Comment "Share Credentials for $($Credential.UserName)" > $null

This script will need to be run in the context of the user who needs the credential created. Please use caution with this script as it will empty Credential Manager completely for the user context run with. Also it is advised to run a full CHKDSK /R on the root (C:\ usually) directory to make sure that nothing else is corrupt on the drive.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

RMM Automation: Create Office 365 User

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for using Powershell to create Office 365 User and add them to groups. We have several clients with high employee turn-over which makes it necessary to often create Office 365 user. We will detail how to find all the needed data to create the proper script for each client (yes it will take a different script for each client due to different group names for each client).

Research

You need to get two pieces of information – the license type used by the organization to create users and the names of the groups to add users to

To find out the license types used use this commands:

Connect-MsolService
Get-MsolAccountSku

To find out all the groups in the organization use this commands: 

Connect-ExchangeOnline
Get-UnifiedGroup | Format-Table Alias

Variables

$displayName = Full user name – usually First name & Last Name
$userPrincipleName = Email address for user
$adminuser = Email address for admin of Office 365 Tenant
$adminpass = Password for admin of Office 365 Tenant
$licenseType = Office 365 license type found in research above

There is also the need for variables for each group you will be adding users to (found in research above). For this example I will be using:


$CompanyShared = Company Shared Contacts
$CompanyTimeOff = Company Time Off Calendar
$BillingPayroll = Billing & Payroll Group Email

Script Snippet

###Use this command to be allowed to use DotNet assemblies
Add-Type -AssemblyName System.web

$displayName = "UserFirst UserLast"
$userPrincipleName = “User@Company.com”
$adminuser = "admin@Company.com"
$adminpass = '@dm1nP4ssw0rd'

$CompanyShared = "yes"
$CompanyTimeOff = "yes"
$BillingPayroll = "no"

###converts admin credentials to useable format for connections to Office 365
$adminpassword = ConvertTo-SecureString -string $adminpass -AsPlainText -Force
$admincred = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminuser, $adminpassword

Connect-AzureAD -Credential $admincred
Connect-MsolService -Credential $admincred

$mailNickname = $userPrincipleName.Split("@")[0]

###To find User License Types use Get-MsolAccountSku
$licenseType = "companytenantID:SPB"

###Generates a random password length
$minPassLength = 8 ## characters
$maxPassLength = 15 ## characters
$passlength = Get-Random -Minimum $minPassLength -Maximum $maxPassLength

###Generates a random number of non-alpha characters in the password
$minNonAlphaChars = 1 ## characters
$maxNonAlphaChars = 5 ## characters
$nonAlphaChars = Get-Random -Minimum $minNonAlphaChars -Maximum $maxNonAlphaChars

###Creates the password, makes it useable by Azure, sets it up to not require password change, and creates account
$password = [System.Web.Security.Membership]::GeneratePassword($passlength, $nonAlphaChars)
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "$password"
$PasswordProfile.ForceChangePasswordNextLogin = $false
Write-Host "Password is set to $password for $displayName"
$user = New-AzureADUSer -DisplayName $displayName -PasswordProfile $PasswordProfile -UserPrincipalName $userPrincipleName -mailNickname $mailNickname -AccountEnabled $true

###Waits 5 minutes for the user creation process in Office 365
Start-Sleep -Seconds 300

###Sets additional parameters for account that are needed like location, license type, and sets password to never expire
Get-MsolUser -UserPrincipalName $userPrincipleName | Set-MsolUser -UsageLocation US
Get-MsolUser -UserPrincipalName $userPrincipleName | Set-MsolUserLicense -AddLicenses $licenseType
Get-MsolUser –UserPrincipalName $userPrincipleName | Set-MsolUser –PasswordNeverExpires $True

###Adds new user to groups
if ($CompanyShared -eq "yes")
{ Add-MailboxPermission -Identity companyshared@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

if ($CompanyTimeOff -eq "yes")
{ Add-MailboxPermission -Identity companytimeoff@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

if ($BillingPayroll -eq "yes")
{ Add-MailboxPermission -Identity billing_payroll@premieror.com -User $userPrincipleName -AccessRights FullAccess -InheritanceType All}

This script requires that the admin account you use to setup the user have multifactor authentication turned off (I know not secure), so use a really long complex password. The script creates a random password for the new user and write it to output. The script will take several minutes to run due to the waiting for the account to finish setup before adding additional parameters and adding them to groups.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Zero Trust – Password Management

Password - Grants Pass, OR

This is the fifth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on password management. 

Password Management

Password management is the concept that you are not using the same password for all sites and services. So it is necessary to have a means to track and protect those passwords from others accessing or using them without consent. Here are some questions that you should be asking yourself:

  • How do you keep track of passwords? paper? spreadsheet? program?
  • Are your passwords encrypted? Are they guessable? Are they changed regularly?
  • Do you have a password policy?
  • What do you do when someone leaves the company?
  • Do you take advantage of 2FA or MFA?
  • Do you take advantage of single sign-on?

Take time to think about these questions and decide where changes can be made to better protect your passwords, or contact us to do the thinking for you.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]