Trying to buy from EMC...

I have had an interesting set interactions with EMC over the past few months.  I am trying to contact the sales person that is in charge of the Document Management System that they sell.  At this point, I don't even know the name of the software.

I have filled in the contact me form 3 times - Nothing
I have contacted the sales person through chat 2 times.

The first time was ok, the person on chat took my name, took my requirements document and indicated that someone would be contacting me in 1 week due to a sales conference.  well 2 weeks later, nothing.

Now I contact a sales person through chat and I have this exact conversation.  Somewhat helpful, but not great service.  Most of the time when I reach out to a company, they get back to me and try to sell me something...  I will attempt to call them soon, if I hadn't put this in my blog, the chat window went away and the phone number would have been lost

Thank you for contacting EMC. An EMC Sales Specialist will be with you shortly.

Privacy Policy
You are now chatting with 'Djamal '.

Djamal : Hello and welcome to EMC Sales Chat! How can I help you today?

Lance: I am trying to have a rep call me and discuss my Document Management Project

Lance: This is the 3rd time I have contacted EMC and I have not gotten any information

Lance: This will be the last time I contact EMC, I need to discuss my project and I need to do it NOW

Djamal : I am utterly sorry about that. Have you not managed to speak to someone yet?

Lance: I have already had months of discussion with Alfresco

Lance: Please find my rep and express my displeasure

Lance: I have a project

Lance: I have funding for it

Djamal : Do you have his full name please?

Lance: No

Lance: I have gotten nothing, I have filled out the interest forms, I have had a chat and I have never had a call.

Djamal : No problem I'll try to look him up.

Lance: the last time on chat the rep said all local sales reps were at a conference

Djamal : Have you tried calling IIG Department?

Djamal : Information Intelligence Group

Lance: I do not know who to contact which is why I have filled out forms and opened up chat sessions

Djamal : No problem. I will give you a number to call right now and surely they will be able to help you.

Djamal : Give me a second please.

Lance: I would like it if you called them and got it all prepped

Lance: I am just frustrated at this point

Lance: To be honest, If I called in and there was any issue I wouldn't bother contacting EMC again

Djamal : I totally understand. I would be frustrated myself if I'm in your shoes. I would love to help you butyou are through to EMC Core Products sales and not IIG.  Given the nature of your inquiry, I recommend contacting EMC's Information Intelligence Group (IIG), who can be reached at +1 925.600.6800 or via email at IIGTeam@emc.com. Their working hours are M-F 8:00 PST until 5:00 PST.

Lance: I will try, but I would prefer if you had the ability to get in touch with them for me and had someone reach out to me. 

Djamal : I'll be right with you.

Djamal : Thank you for waiting. I'll be with you in just a moment.

Djamal : Right, I just sent them an email.

Djamal : I recommend you call them as well Lance.

Have you signed a HIPAA BAA? Why you NEED to care!

Good News!  If you have signed a HIPAA BAA (Business Associate Agreement) you are required to adhere to HIPAA security and privacy rules just as a health care provider in the healthcare space would.  Why do I say Good News?  I believe that better security protection being required by more companies helps to protect more patients from having patient information stolen, sold or lost. 

Other than protecting patient information and being required, why should you take this seriously?  With the passing of the final Omnibus rules for HIPAA/High-tech there are serious consequences, financial penalties and potential jail time. 

For example a single type of breach could create up to a 1.5 million dollar fine.  Considering there are multiple types of breaches the fines could exceed that number.  Also, the HHS (Health and Human Services) has the ability to increase or decrease the fine based on how the covered entity has been adhering to HIPAA guidelines.  IE being proactive and adhering to HIPAA security and privacy rules could lessen the liability WHEN a security breach happens.

Specifically rules for Business Associates or people that have access to PHI and are declared a business associate by definition are summarized below.

• Business Associates are directly liable under HIPAA/HITECH 13404a for uses and disclosure that violate the HIPAA Privacy Rule or are in breach of the Business Associate contracts.
• Business Associates are not permitted to use or disclose Protected Health Information if it would be a HIPAA Privacy Rule or violation for a Covered Entity, except that a Business Associate may use Protected Health Information for internal administration purposes.
• An entity becomes a Business Associate by definition, and NOT because there happens to be a Business Associate contract in place; therefore liability attaches immediately when an entity "creates, receives, maintains, or transmits Protected Health Information on behalf of a Covered Entity."
• Business Associates are now directly liable under the HIPAA rules: 
• impermissible uses and disclosure
• failure to provide breach notification to the Covered Entity
• failure to provide access of Electronic Protected Health Information either to the individual or the Covered Entity
• failure to disclose Protected Health Information to the Secretary
• failure to provide an accounting of disclosures
• failure to comply with the requirements of the HIPAA Security Rule
• Comment: Business Associates and Covered Entities should recognize that these rules have "teeth".
• Business Associates must comply with the "Minimum Necessary" rule defined in the HIPAA Security rules.
• Business Associates are required to have Business Associate Agreements with their sub-contractors that use Protected Health Information on their behalf.
• Business Associates must monitor their Business Associate Agreements with their sub-contractors.
• Requirements in Business Associate Agreements apply to sub-contractors and sub-contractors of sub-contractors.  IE all sub-contractors that work on PHI regardless of how far downstream it is.

Do these items shock you?  I hope they do not but this facet of HIPAA is not understood very well.  

What do you need to do next?  Follow HIPAA guidelines or hire a consultant to help you get on the road to compliance.  If interested I can help you start the process and become compliant. 

One final clarification for small companies using cloud services, if you are using HIPAA compliant cloud services, the fact of the cloud service provider being HIPAA compliant does not make you/your organization HIPAA compliant.  You still need to put in the time and perform the work to become compliant yourself.

Setting up a Dell EqualLogic to use with VMWare (part 1)

I have finished the initial configuration of a Dell EqualLogic SAN for a customer.  This is my first time setting up an EqualLogic, but I have experience with other SAN technologies.  Why EqualLogic?  It was what the customer wanted and was not a budget buster.  They didn't need massive speed like Pure Storage and didn't need a huge amount of space.  

On the the un-boxing and configuration:  Dell has done a nice job of packaging the system,  It had all of the needed components and I was happy with how easy the rails are.  Dell rails are much easier to install in the last few years across all products.

Required information you need before starting:
Array Name
IP Address for the Management Interface
Group Name (if joining other EqualLogic SAN) or New Group Name
IP Address for the Group (Array)
Network connection to eth0 (Otherwise the initial configuration will not complete). 
Computer with a com port or USB to com adapter
HyperTerminal (or similar program) I use putty for as much as possible. 

Make sure that the computer is hooked up to the com port in the rear controller that is active.  Look at the back, the one with both green lights is active.  The secondary has one green and one amber light.

Turn on the EqualLogic SAN
If the computer is hooked up properly you will see txt on the screen as the system boots.
When it is finished it will prompt to log in
User: grpadmin
PW: grpadmin

It should discover that it is not configured and prompt for the following
Enter the network configuration for the array.
Member name []: CustArray1
Network interface [eth0]:
IP address for network interface []: 192.168.10.10
Netmask [255.255.255.0]:
Default gateway [192.168.10.1]:
Initializing interface eth0.  This may take a minute…
Enter the IP address and name of the group that the array will join.
Group name []: CustGroup1
Group IP address []: 192.168.10.11
Searching to see if the group exists.  This may take a few minutes.

The group does not exist or currently cannot be reached. Make sure
you have entered the correct group IP address and group name.
Do you want to create a new group (yes | no) [yes]:
Group Configuration
Group Name:                     CustGroup1
Group IP address:               192.168.10.11
Do you want to use the group settings shown above (yes | no) [yes]:
 Password for managing group membership:
Change the password

Once this was finished, I switched to the webgui using the IP address above.
Here is where I had the most problems.  The Java Certificate was expired and I had to go into the java security configuration and put in an exception for the IP address.  Otherwise I couldn't manage the site.  (I mean to test this again after upgrading the EqualLogic firmware)

The gui is pretty straight forward to use, I configured my system as a single RAID-6 device.  23 drives and one spare.

I created 5 logical partitions each at a few TB in size to segregate the VMWare traffic

8 – Best Practices for a Wireless Network in a Small/Mid Size Office

Wireless networks are becoming more and more prevalent in every office.  How does a company balance the different needs of employees, suppliers, contractors and guests while maintaining some semblance of security?  Wireless security is an active process not something that can be set and forgotten about.  Below are eight of my recommendations for keeping wireless networks secure. 

1. Create a guest network.  Have office guests, suppliers, contractors and employee owned devices attach to a guest network.  The guest network should have no connection to the internal network, it should have intrusion prevention and anti-virus scanning enabled and monitored.  If Internet bandwidth is shared with the internal network; the guest network should also have a cap put onto the maximum allowed speed to prevent interference with daily business operation.
2. Hide the internal wireless network.  Do not broadcast the SSID.  It is hard to break into something that is not advertised.  Don’t put the SSID name or password on prominent display in the office.
3. Minimize the wireless foot print.  Use a tool, (I like Wifi Analyzer by farproc on my android phone) to test how far the wireless network exists.  Does it cover the entire parking lot in front of the office, does it cover 5 floors in a multi-tenant building?  Reduce the antenna power to only cover the space the office occupies.
4. Utilize edge security services on your wireless network.  Enable Firewall, Intrusion Detection/Prevention, Anti-Virus, Anti-Spam.  If the wireless device allows disable access to countries that you do not do business with. (SonicWall and Palo Alto firewalls have a Geo-location service that allows blocking of countries that you do not do business with)
5. Automatically turn off your wireless networks during non business hours.  Why risk someone sitting near the office spending hours trying to hack into the network?  Having the wireless turned off prevents this issue.
6. Review network security.  Setup a schedule to review network security.  It could be annual, semi-annual or even monthly.  The point of reviewing the network is to stop and think about the current wireless configuration, new threats that may exist and adapt security practices to thwart them.
7. Monitor wireless access logs.  Proactively Monitor the logs for the wireless network to identify issues quickly.  Look for things out of the ordinary.  The log also serves as a forensic analysis tool if something does happen.
8. Change the wireless password.  Do this after an employee leaves and on a regular schedule.  Consider more frequent changes for internal wireless networks or using two factor authentication.

How to add a Server to the compatibility list of Internet Explorer 10 or 11

A funny thing happened a few months ago, I opened up my Internet explorer compatibility list and found that I could only put domains in it and not specific web sites like I used to be able to.  This presents a frustrating problem if there are more than a couple websites hosted at a particular domain.  

For example:  I have one domain, cubedcorp.com with 3 web servers, Web Server1, Web Server2 and Web Server3.

IE 10 Compatibility Setting

Web Server1 is an IIS website that supports IE 7 only, it is old and will be replaced when time and budget allow (12 months or so from now)
Web Server2 is running Linux and Apache and supports IE 7, 8 and 9.
Web Server3 is running IIS 8.0 that only supports IE 10 and 11.

The problem comes from the fact that in IE 10 and 11 you specify an entire domain in the compatibility settings.  Using IE 7 it was possible to list out specific servers in the domain that needed compatibility settings.

Compatibility View in IE 10 and IE 11

I can now see either Server1 and Server2 normally or I can see Server3 normally.  I cannot see all three normally.  I think this was/is a design flaw in the current versions of IE, but it exists and hasn’t been resolved.
Hos it this issue resolved?  When using Windows Home versions I have not found an easy way to resolve this issue.  There might be a way to hack the registry or use an unsupported group policy editor.  I fix it on home editions by using Google Chrome or Firefox (sorry Microsoft…)  Let me know in comments if anyone has found an officially supported way of fixing this.




If using Windows Pro or higher versions there is a Group policy setting that can be used to fix the issue.
First open group policy.  From the Run box (or if you have Windows 8) search for gpedit.msc, then navigate to the following location.  See the picture off to the right if needed.
Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View.  Select and open the “Use Policy List of Internet Explorer 7 sites” key.





Click Enabled, then click on the Show button to the right of List of sites.  












In this list, put in the server names that need compatibility enabled.  In my example I wanted both Web-Server1 and Web-Server2 in that list.
Click OK and Close Group Policy Editor.









 


Now, verify the removal of the cubedcorp.com from the IE 10/11 compatibility list.
After this step is performed, Web-Server3 will display properly in native mode.  All three websites now display properly in Internet Explorer.

Isaac Asimov predictions for 2014

After visiting the Worlds Fair in 1964, Isac Asimov wrote an article on what the Worlds Fair of 2014 would be like.  I find it impressive that he has gotten so many things right.  Follow the link below to read the full article  August 16, 1964, Isaac Asimov

10 key characteristics that make IT projects succeed.

I have been involved, over the years, in a large number of successful and a number of unsuccessful IT projects.  As I have been helping other companies with projects, I can usually tell ahead of time, when a project will be successful or when it will be left wanting. 

What basic characteristics do successful IT projects have?  Why are they successful?
I have put together my list of the 10 characteristics that make IT projects successful.  

1. The project has a succinct definition. 
• This is a key ingredient.  If you cannot describe what the project is, it will be hard to measure its success. 
2. The project has a limited scope.  
• Projects that try to fix or change too many things at a time often fail.  If there is a need to change multiple technologies in an organization, then it is better to have multiple projects that do not go live at the same time.
3. The project has buy in from upper management and the affected business units.  
• This is key, no one likes to be surprised with change.
4. Communication.  
• The project has mechanisms in it to keep key people in the know, and also keeps the end user abreast of implementation time frames.
5. The project has a backup plan with a tested recovery process.
• A tested backup plan and recovery process is needed to get your production data into test (most of the time).  This is also key to any back-out plan and it should be part of the organization as a whole. 
6. The project is tested in a non-production environment when applicable.  
• This is another key component. Never take a vendors word that nothing adverse will happen in your environment, every environment is unique. 
7. The project has a change management process 
• Change managment is needed to put the project into production methodically.  There should be no surprises, and no thinking needed when doing the actual work.  
• The only time critical thinking will be needed is if something unexpected happens during the change process.  
8. The project has a set, well defined, back-out plan.
•  Sometimes with even the best testing in a great test environment, things outside of the projects control happen and necessitate backing out the changes.  
• Think power outage, new virus/trojan, etc.
• Make sure that there is sufficient time to restore data, if needed, before your maintenance window expires. 
9. The project offers a realistic time-frame to be accomplished.
• I have seen many small projects be under estimated.  This can cause unexpected issues with users, cause all night installations.  I like to use a real test scenario time frame, then add an extra 20 percent overhead to account for unknowns.  
10. End users have training on the project. 
• Before the project is rolled into production there needs to be a thought-out training plan. Is the project small enough so that an emailed document suffices for the training?  
• Is the project massive in scope for a certain department?  Then make sure that key individuals have had hands on training from IT or the product manufacturer. 
• Training is often overlooked, but performing it keeps your end users happy, and it keeps the help desk from getting inundated with support calls the day after the project has finished.