Managed IT Services versus ad-hoc
Ad-hoc – What does it include?
The ad-hoc or break/fix method of IT support is where you simply contact us when something breaks, and we fix it. You can of course have maintenance, general support and advice, all charged at an hourly rate.
What isn’t included?
Response time assurances, resource allocation assurances, scheduled proactive work, known costs and a Service Level Agreement, all of which are included under a Managed Services Agreement.
Managed Services – All that ad-hoc isn’t!
Managed Services provides proactive management and support for your business’s technology needs, for a known monthly cost. Under a Managed Services Model, you give the responsibility of your technology needs to us your Managed Services Provider (MSP). We proactively monitor and manage your IT systems allowing us to see potential issues and threats before they arise, avoiding unnecessary and unplanned downtime.
It is operating under the old adage of ‘prevention is better than cure’. In the event that there is a disaster, we already know and understand your systems, have allocated resources and can act quickly to begin restoration of services within an agreed timeframe, all included in your monthly fee.
One of the many benefits of Managed Services is that we “own” your technology problems. If there is an issue with one of your line of business applications, you can report the issue to us, we work with your application provider and stay on the problem until its fixed. We will own the problem, follow it through and ensure that it gets resolved.
We offer a range of Managed products – Managed Server, Managed Workstation, Managed Cloud, Managed Data Protection, Managed Connect (including Managed Security, Managed Router, Managed 4G router, Managed Mail Filter, Managed Firewall, Managed Switches, Managed Bridges)and Security Audits, offering management, monitoring, maintenance and support across your business’s technology needs that can be delivered in a variety of ways:
On premise – all servers and infrastructure at your office;
Private cloud – Utilising servers housed in our Sydney secure data centre;
Public cloud – Utilising Microsoft Azure, Google Apps, Office 365 or similar; or
Hybrid cloud – giving you a mixture of both on premise and private cloud
Our strategy under a Managed Services arrangement is to give you a standardised, controlled environment which in turn gives you continued uptime and stability for a known cost.
Server Maintenance & Support
Our Managed Server product delivers proactive monitored services that keep the core of your network – your servers – up and running at optimal effectiveness and efficiency, with superior performance, security, and reliability—all at an affordable price.
We will work with you on an ongoing basis to cooperatively manage your servers growth.
The proactive approach to server management will maximise the life of hardware and minimise unnecessary expenses, lost time and reduced productivity by ensuring existing resources are allocated where needed.
The specific services offered with our Managed Server products include:
- Proactive Monitoring
We will proactively monitor your servers 24×7 with real time monitoring and alerting to identify and report potential points of failure before they become critical.
Automatic alerts guarantee a rapid response to any problems with your server. We identify, track and report on issues affecting security, performance and reliability of your server infrastructure.
2. Server Maintenance
We will ensure maintenance of the server is regularly undertaken including but not limited to hard drive defragmentations, space management and patch management (including Windows updates, service packs and security updates); and performance checks (including CPU and RAM).
3. Security Monitoring
We will monitor server/s security alerts or attempted server access by unauthorised users. Patch management ensures your operating systems are continually up to date and not exposed to vulnerabilities. We identify in real-time viruses, worms, spam ware, and other malware.
4. Detailed Server level inventory
Up-to-date hardware, software and patch information is maintained at all times. This information becomes important in the event of insurance claims in case of flood, fire or theft.
5. Remote Management & Communication
We minimise disruptions to the work environment by remotely resolving issues using a secure encrypted system. Remote visibility to your server/s allows us to undertake works and resolve issues in the most efficient and timely manner.
Computer, Workstation & End user support
Under Managed Workstation we become your technology helpdesk for a fixed monthly fee. Your IT budget becomes known and easy to manage without the unexpected costs of an ad-hoc/break/fix service charged by the hour.
Managed Workstation delivers a well performing, standardised environment which in turn allows for reduction in issues, increased productivity and the ability to off er support in a timely manner when required. We take ownership of your technology problems. We may not be performing the actual work if, for example, the problem relates to line of business application software, but we will liaise with and co-ordinate the required vendors and ensure that the work is completed. This alleviates the “finger pointing” that can sometimes occur and also means you never need to think about who to contact when
there is a problem. You simply contact us and we take care of it from there.
Education is one of the most important components to Managed Workstation. Having staff that can use systems well, understand the best way to carry out their tasks and utilise their systems, has been
proven to enhance productivity. This also increases users’ confidence and allows them to be more self sufficient in their day to day tasks.
With Managed Workstation your environment is proactively maintained and standardised. Problems, and downtime are reduced, and productivity is significantly increased through this “whole of business” approach to technology management.
The addition of Managed Connect and Managed Data Protection to your products will then provide management and support of your internet connection, security, back up and disaster recovery, which then affords your business complete coverage of your foundations and end points.
In summary Managed Workstation is our end user/device support product. This product moves away from ad-hoc support where things break, we fix and you pay for them.
Bundles – Take advantage of our bundle packages which includes the user’s device and office productivity software (Office365/GoogleApps/Hosted Exchange and Microsft Office). There are two levels of
bundles, giving you the option of a desktop/PC for an office bound worker or a higher speced device for mobile workers/power users. When its time for a new device, you simply return the old device to us
and we replace it with a new one. We look after all repairs and warranty claims for these devices.
Program Entry – Customers wishing to have Managed Workstation will have an audit of their existing infrastructure undertaken. (Costs may apply). If required, a report including an estimate of costs to bring the environment into line with best practices will be provided. Once all work is complete to satisfy best practices, the Managed Workstation Agreement can commence.
Support of the user including maintenance of their user account, profile, device, and supported software applications. Includes configuring and support of business access from home devices.
Support of user’s tablet and mobile phone (not including hardware fixes)
Support of line of business applications (e.g. MYOB, Quickbooks) where a valid support agreement is in place with the software vendor.
Proactive maintenance and standardisation of environment.
Installation of printer drivers, supporting print spooling. (customer must have support agreement in place for the printer hardware itself)
Phones – support is included if the phone system was purchased from us.
If a valid back up service is in place, restoration of end files is included in the instance
Backup & Disaster recovery
Managed Data Protection
Your data is the most valuable asset in your business, which means secure storage and protection of your electronic data is critical, as is the ability to quickly restore it in the event of a disaster.
The Managed Data Protection (MDP) service encrypts then backs up or replicates your data and stores it in our secure data warehouse facility. Anything from just one file that was accidentally deleted, to your entire system if you have a disaster, can be easily restored.
If you lose your hardware in a disaster there is no need to worry about waiting for your new hardware to arrive, you will be back up and running again quickly as we will restore your system to one of our
servers in our data centre and you and your staff can continue to work from anywhere, all you need is an internet connection.
Our MDP service is a full data management service, not just data backup and ensures you meet record keeping legislation as your data is stored for the required seven years. Some insurance companies
will even reduce your premiums simply by utilising our service.
Our pay by the month service is based on enterprise grade solutions with multiple levels of redundancy for maximum availability. Our data protection solution combines the latest advancements in disk based backup with secure, integrated online storage.
We off er businesses recovery of their critical business data whilst freeing their staff for more value driven tasks, also removing the burden of the removal of data and storing safely off site, protecting it from local disasters.
MDP allows your servers, workstations or notebooks to backup on a daily basis (or more times if required) to our remote site without the cost of purchasing and operating your own backup drives and tape libraries. In addition, the service includes disaster recovery protection for your servers by means of a monthly off site server image service.
With MDP, your data is stored at a highly secure, off-site location, your data remains safe. we encrypt all of your data before it is transmitted and keep it encrypted in the off -site location, so only authorised
users with the correct keys can decrypt it. Hosted customers can also have a copy of your data replicated back to your own office. This gives you the peace of mind of your data secure in the data centre, with a further copy at your own site.
MDP takes the protection of your data one step further, unlike other off site solutions, and covers the disaster recovery component of your IT as well.
Our MDP is a complete data protection and data management solution as data protection is not a single activity or one-time event. Its a multi-step, complex workflow of interconnected processes that extend far beyond simple on-site backup, including:
– Backup or replication of critical data on another device
– Database and open file protection, database log truncation and integrity
– Database maintenance and server defragmentation plans
– Removal of replicated data to an off -site location to protect it against man-made or natural disasters
– Storage of replicated data that both protects and organises data so that it can be easily and quickly recovered
– Test data recovery and test disaster recovery scenarios
– Recovery of replicated data from storage whenever and wherever needed
Internet, Network & Security
Managed Connect range of Products
Managed Connect is a range of managed services that monitor, manage and maintain the devices that allow you to “connect” to both the outside world via your internet connection and to devices on your network such as servers, printers, wireless access points and more. Redundant internet connections, security and policies to protect you from computer virus, cryptolockers, worms, trojan horses, spyware, adware, scareware and more, are all offerings available with this product.
Managed Router is good for branch offices or small offices or in conjunction with completed hosted solutions (public or private cloud) and it protects your connectivity to the cloud services. This can be used in conjunction with our Threat Management Package where head office has the full package installed and smaller branch offices or home offices that wish to protect their traffic can have this Managed Router installed.
Managed Router 4G
Managed Router – 4G gives you a 4G router together with the data you need to offer redundancy for your internet connection. In the event your main internet service fails, this 4G router will keep you working until services are restored.
This service includes:
– Router hardware
– SIM and data
– Monitoring of data usage
– Assistance if needed to fail over to this device when your main internet fails (e.g. for SIP (telephone) services, your 4G IP address may need to be given to your SIP provider. We source the information and talk to your SIP provider for you.
Our Threat Management Package includes everything that comes with the Managed Router and adds:
– Spam filtering
– Stateful Firewall – this is not simply looking at source and destination IP’s, it looks further into the traffic to ensure there are no viruses or other unwanted traffic
– Traffic Shaper – Quality of Service – allowing you to prioritise which traffic is more important
– Two-Factor Authentication ( 2FA )
– Captive Portal
– Virtual Private Network – Allow your external staff and offices to connect securely
– High Availability
– Filtering caching proxy – This allows you to report on internet usage (We can help you put an internet usage policy and/or security audit in place)
– Inline intrusion prevention
– Multi-WAN Load Balancing
-High Performance TCP/HTTP Load Balancer
– Let’s Encrypt support
– Network Flow Monitoring
– Reporting and Analysis
Managed Security has three components – non admin configuration, software restriction policies and end point security – which work together to help protect IT environments from Internet-based threats.
Non Admin Configuration
After tabulating all the vulnerabilities published in Microsoft, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights. The two biggest exploited
Microsoft applications also fare well: 100 percent of Microsoft Office flaws and 94 percent of Internet Explorer flaws (and 100 percent of Edge flaws) no longer work when administrative rights are removed from a computer!
We believe that running users as standard users is good for business, the ecosystem, and all users (even I, a network administrator, do not run as admin on any of my computers) Configuring users as standard users enables parents to more securely share family computers with their children and enterprise administrators to configure standard user accounts for staff lowering TCO and improving security. IT pros likely know the benefits of reduced system access across wide swaths of workers, but for those setting up a shared family computer, or helping out a very virus-prone friend or relative, it’s worth keeping in mind. You’ll get occasional phone calls and emails when someone needs to update or install a program or plug-in, but it spares you a lot of grief down the line.
Setting someone up with a limited account doesn’t mean they can’t have a Local Administrator account – if this meets with corporate compliance – just make sure they understand that the limited account is for everyday use, and the Administrator account is ONLY for installing programs they know are safe. Using the least amount of privilege for the task you need to accomplish is always a good idea, regardless of how computer savvy you are.
Most malware, spyware & similar threats will prompt the user with some message, often misleading – like – ‘Warning: you are running on a computer that has no Antivirus software (even though you do have antivirus software installed) and click here to fix this problem. Inevitably a large percentage of staff will click on messages like this (even the X box in the top corner of a pop up box like this can direct you to a place that isn’t so nice) and if you are running as an admin you can be infected by something ‘nasty’ – if you are not an admin, which means you do not have the access rights to make major system changes or software installs, it’s very likely that the ‘nasty’ also cannot make major system changes or install software.
Computer virus, cryptolockers, worms, trojan horses, spyware, adware, scareware – all types of malware have plagued all our “computer lives” for many many years. Over the last few years though we have had to contend with a new type of security threat, most likely the worst type yet – Ransomware. I am sure many of you would have read in the press the many many people and businesses affected by ransomware – FBI, Russians, Edward Snowden etc. For those of you that haven’t – here is a short definition taken from Wikipedia:
“Ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading, or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, traveled automatically between computers without user interaction.”
The rules of “if you don’t open an attachment, or click on links means you are safe” – are also no longer true. E.g. we now see on social networking over the last week a crypto attack in social comments that even if you simply hover your mouse over something you will execute ransomware. The same has been seen over the last week with Microsoft PowerPoint files.
The bad guys have gotten smarter. For example, not only have they worked out how to make a program execute on your computer without the need for you to click on anything, they have also worked out how to get around you having no admin rights to your computer. They now will simply run or install or execute the “nasty” program in your profile, which you do have full admin rights over, and from there any folders and files on the network that you have permissions to will be encrypted and you will then be up for a paid ransom! Of course, we do backup all servers hourly 24×7 – so you will only ever lose worst case up to 59 minutes of work – but the downtime can be costly.
So with all the above in mind, in order to counteract ransomware/malware, we need to look to entirely different security strategies. An important component of such a strategy is now the implementation of a Microsoft technology called Software Restriction Policies (Or SRP’s for short)
In essence, a Software Policy lays down rules about where on a computer’s hard disk programs can be run from. Thus, for example, programs in ‘Program Files’ will be given the OK, but programs in Downloads’ will not (only an administrator can install programs to ‘Program Files’) Since this defensive mechanism does not rely on identifying a given program as malicious, it is in principle effective against all strains of malware. E.g. it doesn’t matter if your AntiVirus software knows about the problem or not, which is important in zero day attacks.
An SRP has other advantages besides hardening the computer against malware. For example, it allows us to control the launching of programs from USB key or DVD, other routes by which unwanted software may find its way onto your computer.
We whitelist all of the known genuine software on your network so these are allowed to run as normal. Should any program outside this whitelist attempt to run, it will be blocked and the user will be asked to contact the Administrator for assistance in installing. This allows us to ensure only genuine business software is installed and blocks harmful or malicious software.
In basic terms your switch/es connect your computer to other devices such as printers, servers, routers and more, on your network. Our Managed Switch product monitors, manages and maintains your switches to ensure correct configuration is maintained, firmware updates are applied and monitors their overall health. Prior to entering the Managed Switch program we will audit your switches, advise of any required configuration required and once the switches are at optimal performance and configuration we will commence the program.
Managed Wireless Bridges
Your wireless bridges connect your wireless devices and in some cases wireless branch offices to your network. Our Managed Bridge product monitors, manages and maintains your bridges to ensure correct configuration is maintained, firmware updates are applied and monitors their overall health. Prior to entering the Managed Bridge program we will audit your bridges, advise of any required configuration required and once the switches are at optimal performance and configuration we will commence the program.