Loading ...

Category: Servers

A Medical Office’s Journey to the Cloud

Today we tell the story of a medical office’s journey to the cloud. This particular client was facing their server operating system reaching end of support (a HIPAA violation) in the near future. They had begun by looking at their electronic medical records software company’s online offering, which didn’t have all the functionality of their on-premises software and was very expensive (this is typical).


They next decided to look into moving their current on-premises software into the cloud and we were asked to help with the testing. We determined that it would be best to move the file portion of the server to SharePoint / OneDrive to increase their mobility and flexibility. We also determined that it would be best to move them away from on premises Active Directory into Azure Active Directory / Intune to allow authentication and security policies. Finally we began testing the on-premises software hosted on a server in Azure with a VPN connection to their office.


The SharePoint / OneDrive and Azure Active Directory portions went through with little issues. The server, however, was not as we had hoped. The Azure VPN connection was expensive due to it always being on and no way of turning it off outside of business hours. The performance of the SQL database that the on-premises software used was basically unusable. The other option would be to create virtual desktops on Azure for this purpose but the cost and functionality was not what the customer was hoping for.


This has lead them back to searching for an online EMR software that will meet all their requirements. This will be tough because most companies are good at some things, but not all things and compromises usually have to be made. Our hope is that this story is a lesson to other companies. The cloud may sound like the newest and best way to work, but the costs and functionality are often worse than expected.

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Cost of Insuring Your “Digital” Employees

We were discussing the price customers paid for their monthly maintenance of computers and the comparison was brought up about insurance costs. As a business owner with employees, it is necessary these days to offer health insurance as part of their compensation package. If the company has vehicles that are used for business, then the government mandates that they be covered by minimum amounts of insurance. These costs are then built into the price the business owner then charges their clients for products or services.

Insurance Statistics: 

  • According to Business.com, the average cost of health insurance for a single employee was $645 per month and $1,850 per month for a family.
  • According to NerdWallet.com, the average cost of car insurance was $179 per vehicle per month. 

Questions:

So what about the “digital” employees of the company, aka the computers and network equipment that make business possible. How much are business owners paying to “insure” these assets? What are businesses willing to pay to make sure that their computers and network don’t have a sick day? Does the cost of insuring them include preventative care? Who does the business call in case of an accident or breakdown in the middle of the day? Does the cost of insuring include on-site service or transport to a service center?

If your company wants to keep their digital employees healthy and insure them from accidents, then contact us for assistance.

Recover a Stuck Windows Service

Recently had an issue with a backup software that would get stuck in START_PENDING status at every startup. This caused it to be unable to be uninstalled, repaired, or forcefully removed and re-installed. Here is how we fixed it:

1. Find out the Service Name of the service by looking for it in the Services control panel:

2. Open command prompt as administrator

3. To get the PID type in – sc queryex [Service Name]

4. To kill the errant process type in – taskkill /f /pid [PID]

5. To remove the process type in – sc delete [Service Name]

One I had removed the process I restarted the server just to make sure then re-installed the software.

If your company needs help troubleshooting software issues, then contact us for assistance.

Synology Active Backup Restore to Hyper-V

Prerequisites:

  • Make sure Hyper-V Host has CPUs than the combined total of CPUs for all servers being restored as these static until after the VMs are completely restored. If there is not enough CPU resources then the VMs will not boot.
  • Make sure Hyper-V Host has more than the combined total of RAM for all servers being restored as these settings are static until after the VMs are completely restored. If there is not enough memory then the VMs will not boot. 
  • Create a SET NIC Team on the server (if you have multiple NICs)
    • Open Powershell as administrator
    • User the New-VMSwitch command to setup an external virtual switch to connect to for live connections
      • New-VMSwitch -name “SET team” -NetAdapterName “NIC1″,”NIC2” -AllowManagementOS $True
      • The AllowManagementOS is needed if you are using the same NIC team to access the VM host
  • Setup secondary Internal vSwitch to allow for testing before deploying
  • Setup Synology LUN targets for each VM to be restored. Make sure that they are big enough to hold all the full uncompressed size of the entire thick provisioned hard drives for the entire server. 
  • Connect each LUN to the iSCSI Initiator on the VM Host. Make sure to bring them online, initialize them, and give them a drive letter. Synology needs this because it uses the SMB protocol to transfer the files during restore.
  • Make sure to allow the File and Printer Sharing app through the Windows firewall and open port 5986 to allow HTTP traffic for WinRM to allow Synology to query the Hyper-V settings.
  • Add the Hyper-V Host to the Active Backup for Business app.

Synology Active Backup Restore to Hyper-V

  1. Open the Active Backup for Business app
  2. Click on the Physical Server tab on the left
  3. Select the server and click the Restore button
  4. Select the point in time to restore from Graphical user interface, text, application, chat or text message Description automatically generated
  5. Choose Restore to Microsoft Hyper-V
  6. Choose Full Virtual Machine Restore
  7. Change the Restore Name
  8. Select a folder on the Hyper-V Host to place the configuration files Graphical user interface, text, application, chat or text message Description automatically generated
  9. Select a folder on the Hyper-V Host to place each of the restore VHD files
  10. Select a Virtual Switch on the Hyper-V Host to connect the VM to Graphical user interface, text, application Description automatically generated
  11. Confirm the settings by clicking on the Done button.

After:

  • The VMs will boot with a single NIC and no network settings. Keep them offline and add additional NICs as needed to match the original setup. Then configure the NICs as before upon reboot. Make sure to connect to Internal Test Switch for initial steps. 
  • Check hardware configuration of CPUs and RAM to determine if adjustments can be made. In particular, the RAM settings can be changed to startup, minimum, and maximum to allow for distribution of resources to VMs that have heavier workloads.
  • Boot VM to make sure it is functioning correctly.  (first bootup can take upwards of 15 minutes)
  • Convert the VM from Gen1 to Gen2
    • Download Windows 10 ISO – https://www.microsoft.com/en-us/software-download/windows10
    • Add Windows ISO to IDE controller as CD 
    •  Set boot to CD in VM Settings 
    • Boot VM to repair section of CD 
    • Boot to command prompt
      • diskpart 
      • list disk   (Make boot disk is in 0 spot)
      • exit
      • X:\>mbr2gpt /validate /disk:0 (select proper disk) 
      • X:\>mbr2gpt /convert /disk:0 
    • Create new VM with Gen2 setting
      • Give the VM a name and Store in appropriate iSCSI LUN drive then Click Next 
      • Select Gen 2 and click Next
      • Give the VM as much startup memory as needed and Use Dynamic Memory then Click Next Graphical user interface, text, application, email Description automatically generated
      • Select the Internal Test Switch and click Next
      • Select an existing hard drive and point to boot drive that was converted to Gen 2 then click Next Graphical user interface, text, application, email Description automatically generated
      • Click Finish to create
      • Modify to match old VM
        • Check Dynamic RAM settings to make sure the Max / Min is set properly
        • Check Hard drives and add additional as needed
        • Turn off Secure Boot function
  • Boot new Gen 2 VM and configure static IP address.
  • If booting successfully then delete Gen 1 VM 
  • Turn of old server as needed
  • Change Gen 2 VM to use SET Team vSwitch 
  • Test connectivity to network resources. 

If your company is looking to migrate from physical to virtual servers, then contact us to make the transition easy.

RMM Automation: Export List of AD Users Last Login Days Ago

As our business continues to grow our focus is on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services. This blog will be highlighting tips for using Powershell to get an Export List of AD Users Last Login was more than 90 Days Ago.

Research

You need to find out what the Organizational Unit (OU) path that you are trying to get the count from. The following command will list all OUs in the domain.

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

If you want the entire organization then you will need the top level information which looks like DC=[DomainName],DC=local

Variables

$SearchOU = This is the full DistinguishedName from the above output.

Script Snippet

$InactiveDays = 90
$Days = (Get-Date).Adddays(-($InactiveDays))
  

Get-ADUser -Filter {LastLogonTimeStamp -lt $Days -and enabled -eq $true} -SearchBase $SearchOU -Properties LastLogonTimeStamp,UserPrincipalName |
  
select-object Name,mail,@{Name="Last Login Date"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('MM-dd-yyyy')}} | export-csv C:\support\inactive_Users.csv -notypeinformation

The script will take several seconds to run based on the number of users in the OU being searched. The output is saved to the local c:\support directory and you can modify this script to include the FTP upload based on our previous article – https://www.farmhousenetworking.com/rmm/automation/rmm-automation-export-log-files-to-ftp/ The script can also be easily modified to change the number of days since last login.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

RMM Automation: Active Directory User Count

As our business continues to grow our focus is on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services. This blog will be highlighting tips for using Powershell to get an Active Directory User Count.

Research

You need to find out what the Organizational Unit (OU) path that you are trying to get the count from. The following command will list all OUs in the domain. 

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

If you want the entire organization then you will need the top level information which looks like DC=[DomainName],DC=local

Variables


$SearchOU = This is the full DistinguishedName from the above output.

Script Snippet

(Get-ADUser -Filter * -SearchBase $SearchOU).count

The script will take several seconds to run based on the number of users in the OU being searched. The output is an integer number. You can do the same sort of thing for an Active Directory Group Count or Active Directory Computer Count:

(Get-ADgroup -Filter * -SearchBase $SearchOU).count

or

(Get-ADcomputer -Filter * -SearchBase $SearchOU).count

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Small Office Server Virtualization

Expand Server Storage - Clackmas County, OR

Had a client recently who had a smaller office network (they have up to 6 concurrent users) with a server to process orders from their website using a software called StoneEdge. This software is SQL-based database with a Microsoft Access front-end. It was time to upgrade their server to new hardware and cost was definitely an issue based on their size and order volume. In this case we chose to use a Synology device to act as the virtual machine host and create a new virtual server on the host. Here are some details:

Server Build Specifications

  • Synology RackStation RS1221+
  • Synology M2D20 – M.2 SSD Adapter Card
  • 2x Synology SNV3410-400G – 400GB NVMe M.2
  • 2x Synology D4ECSO-2666-16G – 16GB DDR4 2666 MHz ECC SO-DIMM Memory Module
  • 4x Seagate 4TB IronWolf Pro 7200 rpm SATA III 3.5″ Internal NAS HDD

Picked the Synology based on the expandability of RAM to 32 GB, the capability to use cache drives, and storage growth over time. It also has a 4-core 2.2 Ghz Ryzen processor which was plenty based on their old servers CPU usage.

Basics of Setup

  1. Assembled parts
  2. Installed Synology OS
  3. Setup HDDs in Synology SHR2 RAID
  4. Added M.2 drives as cache
  5. Installed the Virtual Machine Manager app
  6. Created a VM with the max CPU available and max Memory available
  7. Uploaded the ISO for the server OS
  8. Installed the server OS
  9. Setup the StoneEdge application
  10. Migrated data

This build did not increase performance dramatically, but it did allow them to spend about half the cost of a full server to accomplish the same purpose. It also reduced costs by using the Synology for backup of the server locally and into S3 storage in the cloud for redundancy.

If your company is looking to move their servers to a virtual environment or into the cloud, then contact us to start the process

Zero Trust – Application Whitelisting

This is the eighth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Application Whitelisting. 

Application Whitelisting

Application Whitelisting is a process of determining which software programs the company absolutely needs to do business, marking them as safe, and blocking any other program that tries to run on company computers. This methodology has the distinct advantage of blocking almost all forms of malware on computers. Pairing this with a good next-gen antivirus creates an impenetrable wall against malware threats. It also prevents users from accidentally or intentionally running something that should not be on company computers. Here are some questions to ask:

  • Do you know all software on your computers?
  • Do your users spend time on company computers listening to music?
  • Have any of your users ever downloaded software without asking?
  • Do you have a computer use policy? How is that enforced?

If your company is wanting to lock down what is running on company computers, then contact us for assistance.

Zero Trust – Software Patching

This is the seventh in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on software patching. 

Software Patching

Software patching is a neccesity because no person who writes code is perfect and hackers are actively looking for these mistakes. The hackers find the mistakes and then develop ways of using these to exploit the software, computer, or whatever else they can gain access to. The only way to combat both the mistakes and the exploits is to discover them before the hackers do and patch the hole in the software. This patch can however lead to unforseen consequences to the software, so a plan for testing and deployment of patches is needed to avoid unexpected downtime to businesses.Here are some questions to ask:

  • Do you know all of the hardware and software on your network?
  • Do you check for hardware, operating system, and other software regularly?
  • How do you check for updates, patches, or upgrades to software?
  • How do you install these patches? Is it automated?
  • Are these patches tested before installation?
  • What happens if a patch causes problems?
  • Do you have a log of all installed updates?
  • Are any systems or software on your network no longer supported for updates?

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Surviving a Flood

Had a client walk into their office to find it flooded with an inch and a half of water on the ground and it got me thinking about what could be done to mitigate the risks associated with this sort of “Act of God” at the office.

Can’t Stop the Flood

It goes without saying that there is no way to realistically prevent a flood besides the usual preventative building maintenance that most businesses are not in control of anyways. It makes sense then to choose an office space where the owner is into proactive repairs on the building, even if it costs a little extra per month. It would also be good to talk to your business insurance provider to make sure that such Acts of God are covered. Clean-up and recovery though usually covered by the building owner can get expensive if your contract doesn’t cover it. 

Prepare for the Worst

Practically speaking it may not be possible to keep computers out of the water in a flood. At this particular client we did have the computers up on blocks just in case of this very thing. All network equipment should also be in a safe place, ideally in a locked cabinet high off the ground.

Recovery can happen

If the worst does happen, the first thing to do is shut off the electricity to the building. After that take careful inventory of all that is plugged in and remove it from electrical outlets. If equipment is wet, keep it unplugged for a couple days in a dry environment to make sure it is free from moisture. Once sure it is dry, plug in the equipment and test whether it will come back online. If anything was submerged in water, it is best to plan on replacing it as most water has minerals in it that will stick to components in the computer and could cause and electrical short.

If your company is not ready for the worst, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]