Globalize Networks blog

Why aren’t we an MSP? I am not seeking a commodity play.

Scott Jackisch — Fri, 26 Aug 2011 18:26:21 +0000

Who wants to be a commodity?

I have struggled with the MSP model since it came out and have considered writing about it for some time. Today, I realized why we aren’t an MSP. It’s that the MSP play turns both the client and the provider into commodities. For those that don’t know, MSP refers to “Managed Service Provider” and has become an ascendent business model for IT service providers. The model is predicated on charging fixed monthly fees (usually per client and per server) for a limited list of services. The provider then tries to scale up and service more clients with fewer technicians by leveraging remote access and monitoring tools.

Patching and monitoring is necessary but not sufficient.

Intuitively I feel that IT services are difficult to commoditize. This isn’t the fast food industry. The MSP model says that proactively patching and monitoring systems will reduce service requests. I find that almost impossible to believe. Patching and monitoring could not have prevented 95% of the service requests that our company sees in the average week. Of course we do patching and monitoring. This is dictated by Best Practice. Of course patching and monitoring can help a service provider “proactively” fix some problems before they become visible to the end users. This is true for everyone who follows best practice, regardless of their model.

So what do we do? How are we different from MSPs?

We didn’t buy an expensive framework to cram all of clients into. We build custom solutions suited to each individual environment. We support existing systems as long as they are meeting business requirements. MSPs have the tendency to push clients to a unified platform that lowers costs on the admin side. Our model is more flexible. We go on-site regularly. We talk to clients face-to-face and work to understand what they are trying to do. Sure we can provide remote support as needed, that’s trivial these days. But relying on remote support exclusively turns both the client and the provider into a commodity. First IBM dumped their commodity businesses in favor of high value-add services and now HP seems ready to follow in their footsteps. I feel good about trying to learn from them.

Google Apps Transition

Scott Jackisch — Thu, 21 Apr 2011 07:18:24 +0000

Google Apps

So if you don’t know about Google Apps, you really should read up on it. For the purposes of this post, let’s just say that Google Apps gives companies or individuals the ability to use Gmail with their own domain names.

If you have been using Google Apps, you will have noticed that many of Google’s other services, such as the Android Market or Google Voice, would not accept your Google Apps user credentials. Most Google services require that you use a regular personal (consumer) Google account.

But that is all changing now. Google is in the process of transitioning the Google Apps account infrastructure. Early adopters can go ahead and start transitioning selected accounts right now. Users will be given the chance to change the email address on any conflicting accounts and there will some options for transferring data between accounts.

I had been often annoyed by the need for separate accounts, so I am glad that Google is finally getting their act together and fixing that kludgy mess. Now I am off to grab a bunch of new Google Voice phone numbers!

Mobile Device Management

Scott Jackisch — Thu, 14 Apr 2011 09:36:19 +0000

The explosive popularity of mobile email devices like smartphones and iPads can lead to security problems if not managed properly. In the corporate world, we want at the very least to be able to enforce passwords on devices and remotely wipe mobile devices if they are lost or stolen.

There is also the emerging scenario of devices left in semi-secure environments. Imagine an iPad configured with a corporate email account and left around the house to be toyed with by the children and their mischievous friends.

Here is a quick overview of some of the Mobile Device Management options available on the most common platforms:

Blackberry Enterprise Server has had “IT Policies” for some time. It fact, they really set the standard in this area, Mobile Device Management is old news to BB admins. This should come as no surprise given RIM’s deep commitment to the enterprise.
Microsoft Exchange 2003 is getting old to compete well in this area. However, SP2 allows password enforcement, and the “Microsoft Exchange Server ActiveSync Web Administration Tool” provided by Microsoft, although very basic, can do remote wiping of ActiveSync devices.
Exchange 2007 and 2010 introduce “Exchange ActiveSync mailbox policies” which have a myriad of great management options. Of course you can wipe the devices using the Exchange Management Shell and enforce passwords and password complexity, but some of my favorites include enforcing storage card encryption and
setting inactivity time before the phone locks. You can even do things like disable the camera if you are feeling like a real control freak. Of course, not all phones will be able to enforce all of these options.
Google has been playing catch-up to enable these enterprise MDM features in Android and they now support a few of the essential options. They are also starting to roll out these features (including device location discovery) for Google Apps users via the “Google Apps device policy.” It looks like they can even password enforce and remote wipe any phone with Google Sync installed.
iPhones have been pulled into the enterprise for some time now, so Apple’s enterprise features are more mature than Android’s. They even include a “find my ” feature with Mobile Me which allows remote wipe and ad hoc passcode enforcement. Everyone I talk to about Mobile Me has been disappointed though, so I can’t recommend it in good faith.

FaceTime on the iPad 2 is pretty compelling

Scott Jackisch — Tue, 29 Mar 2011 05:30:50 +0000

Ok, so maybe Apple isn't pitching this as a corporate vid conf solution...

I received my iPad 2 today and yes, yes, as any of the thousands of online reviews will tell you, it is thinner and lighter. The cameras are crap, the smart cover is cool and really cuts down on the bulk of the original iPad case. It’s not clear to me that browsing really is faster, but the benchmarks all say that it is…well faster than the original iPad anyway. Don’t ask about Android.

One of the first things that I wanted to do was try a FaceTime call. I know, I know, Skype can do video calls. Why even the poor forsaken Yahoo chat can do video calls. My corporate clients have been using high end video conference systems for years, etc. etc. There is nothing new about video calling…except there is.

I opened FaceTime, logged in with my Apple ID, and there were my contacts all waiting to be called. Of course precious few of my friends have the new iPad, but I was able to locate a fanboy, err, iPad 2 owner, in my contact list, and we had a lively, spontaneous video call. The video certainly wasn’t HD quality, but the audio was very clear and lacking in typical VOIP artifacts like echo or stuttering.

It turns out that the iPad form factor is really in a sweet spot. It’s much lighter and easier to handle than a laptop, but the larger screen is much more engaging than an iPhone.

The iPad seems to be following in the iPhone’s footsteps and is wriggling it’s way into the enterprise. This might be the device that injects ad hoc video calls into every day business communications.

Hardware based full drive encryption

Scott Jackisch — Sat, 19 Mar 2011 18:15:10 +0000

I have been researching hardware-based SSD Full Drive Encryption (FDE) lately and here are some bullet points to consider:

What is it? FDE is a way to protect data on laptops in case of loss or theft.
Who cares? If you have any data on your machine that you wouldn’t gladly hand over to any stranger, it suggests that you want to protect your data somehow.
Don’t file permissions control data access? It’s fairly trivial to circumvent standard file permissions by removing a laptop hard drive and connecting it to a different system.
Why this method? Using hardware based Full Drive Encryption (FDE) with SSD drives should provide relief to the performance problems that users of other forms of encryption encounter.
How does it effect users? Implementations vary by platform, but it basically requires an additional authentication step at system startup (password or fingerprint swipe).
What systems is it available on? The two laptop platforms that business users care about most, Dell and Lenovo both offer hardware based FDE:
- Dell
  - Dell’s solution is based on “Encrypted Mobility Solid State Drives” and the “Wave Embassy Trusted Drive Manager”. Make sure that the model you select includes “Encrypted Mobility Solid State Drives” hard drive option. Not all models do, but at the time of writing, I was able to add this to a Latitude 6410.
  - For more info, check out the bottom of this Dell hard drive description page.
  - Here is an interesting FDE performance study provided by Samsung.
- Lenovo
  - Lenovo has partnered with WinMagic to provide the “SecureDoc” solution for FDE. I didn’t research which specific models are available with this, but here is the press release.