This will allow us to serve you even better, as you should never have to worry about being asked to restart your server manually again. Obviously the goal is to have to use this device as little as possible, but when it is needed it will be invaluable. Give us a call at 443.921.3001 should you have any questions or are interested in signing up for a Managed Care contract today.

Hope this makes someone else’s life easier as well. The script is available for download here.

“Bring together young entrepreneurs and the necessary tools for running a lean and successful technology business. We want to see Maryland, DC, and Virginia flourish with innovation.”

Foundations Technologies, Inc. is actually a sponsor of the event and I will be in attendance. I’m really excited at this opportunity to meet a great group of entrepreneurs in the area, and have a great day of information and networking.

Wanting to really get into the spirit of the community that is going to be developed here and wanting to offer something beyond just my presence, I have come up with an offer for all of the attendees of Bootstrap Maryland.

Foundations Technologies, Inc. will offer all attendees of the Boot Strap event any non-labor service that we provide AT COST. Yes, you heard me, at cost. What offerings does that include?

• Networking Monitoring and Patch Management and Antivirus Licensing
• Remote Backups
• BDR Units and Storage
• Calyptix AccessEnforcer Firewalls
• Napera N24 NACs
• ExchangeDefender E-mail Security with LiveArchive
• Hosted Exchange (Exchange Accounts include ExchangeDefender) and Sharepoint
• Colocation at Hostmysite.com in Delaware (We have half a rack, so per U is cheap)

There are specific conditions and terms for certain services, such as the BDRs require either an outright purchase or three year contract, but most of our services can be had for a month-to-month basis. Right now this offer should be running until the end of the year, but depending on the response this could be extended. If you are interested in any of our services provided 100% at cost give me a call at 443.921.3001 x101 to discuss your options.

This is a very exciting improvement to our current monitoring offering and believe we have chosen a more powerful and flexible solution than we were using in the past. We anticipate the roll-out to be completed by the end of next week. We currently have most of the basic monitoring installations installed and will be finalizing the transition of the current full monitoring customers over the course of this week. Upon completion of your transition you should find an e-mail being sent to you with the URL to view your dashboard.

I wish I had more time to have stayed in Seattle and be all tourist-like, but duty called, so I had to come home on Monday. I did want to make sure I threw shout-outs to Autotask, Bandwidth.com, and Jeff Middleton for throwing some excellent parties. These guys really made the weekend a blast, and would have been reason enough to travel to Seattle.

As far as evidence of our fun goes, check out the following picture sets:

• Jeremiah Ilges – Official SMB Nation Photoset
• Calyptix Blog – Day One Pictures
• Calyptix Blog – 20 Things Lawrence Learned

I also have to recommend any that makes it to Seattle to try out the Spitfire restaurant in Seattle. Great food, some pretty good West Coast Microbrews, and really nice atmosphere. Just make sure to try the Tortilla Soup.

Now, please take a cupcake!

Currently I have the following UTMs covered:

• Astaro
• Calyptix
• Endian
• Fortigate
• Sonicwall
• Untangle (Open Source)

I would like to add at least the following:

• Barracuda Web Filter
• Checkpoint
• Cisco ASA Series
• eSoft
• GTA
• Juniper
• mxLogic Web Filtering
• Postini Web Filtering
• Smoothwall Commerical
• Untangle (with Kaspersky Add-on)
• Watchguard

If any of the above vendors would like to participate directly, I’d be happy to give bonus points for including yourself in the test. Even if you don’t send a firewall for testing, if you’d be willing to run the script against your system I’d be very much appreciated. This is highly unscientific, but will be completely open for review after the fact.

My goal is to be able to present 250 malware samples to each firewall, and rate their overall effectiveness. All samples will be available along with Virustotal results for the file upon completion. Please send all malware files to scott.cover{at}gmail.com in password protected zip or 7z files. Any offers to support the actual test, please post in the comments, and we’ll work out arrangements to get you information for the actual testing.

If anyone that reads this can pass it down the line I’d be much appreciated.

Currently the thing we are looking to do is find a way to assign tickets across the system to each other, but still be able to track the progress of the ticket as the other person works on it. The short version is that neither of us really wants to have to burn a license so that the other can work on tickets that originate from the other side’s Autotask instance. I know this has to be possible since companies like Ingram Micro can integrate with a MSP’s Autotask installation with their helpdesk product.

This is my first look into how to manage this interaction, but as I continue to grow and add more partners to my list, this is something I’m hoping to have to do even more of in the future. If anyone out there from Autotask is reading this and has a pointer to where we can read up on how to do this, it would be appreciated as well.

Harry from SMB Nation posted a request yesterday for a comparison between Calyptix and Untangle, with SonicWALL, Watchguard and Napera thrown in for good measure. Having been in this space for a number of years, and having worked for different companies that sold and supported a wide range of products, I feel like I can make a worthwhile contribution to this particular question.

Over the past five years I’ve had the chance to support products from the following vendors (Yes, I know Barracuda isn’t a UTM company, but they are often used in comparisons):

• Astaro – Astaro Secuirty Gateway Software and Appliances (Versions 5-7)
• Barracuda Networks – Spam Firewall (Model 200 and 300), Web Filter (Model 210, 310 and 410)
• Cisco – PIX 501, PIX515E, ASA 5510
• Fortinet – FortiGate 60/60B, FortiGate-100A, FortiGate-200A
• Juniper – SSG5, SSG140
• ServGate – SSG100, PointForce, EdgeForce M30
• SonicWALL – TZ150, TZ170, TZ180, 1260 PRO, 2040 PRO, 3060 PRO, 4060 PRO
• Watchguard – SOHO6, Both Edge and Edge e-Series, Core X550e, Core 700 and Core 1000

I feel this leads me to be able to have a well informed opinion on the performance, reliability, and overall quality of devices in the UTM space from a consultant’s point of view. I’ve worked with them all, seen the bugs, seen the places where they fall flat, seen the places they shine, and over this period had just about every vendor commit some form of unforgivable sin or simply not live up to the fact that there is an issue with their product that needs to be corrected. Some of the most repeatable and common issues that I could bring up with my past experiences with the major players:

• Poor Support – Most all the big vendors have outsourced, call-back support. Current record awaiting a return phone call is two weeks. When a company has a single point of contact for support via phone and you wait on hold for twenty-plus minutes only to be dropped into a voicemail and told someone should call you back within four hours, how do you explain to your customer that is down and needs a replacement box that they are just going to have to wait. The other half of the time the support staff simply doesn’t know the features of the boxes they support.
• Long Development Cycle – You’ve identified a definite bug with the product you use. After many hours on the phone with the outsourced technical support and finally being moved to Tier 2, they agree that it is a problem with the box. Great, it’ll be fixed in the next software release. Problem, next software release won’t be for two months. What am I supposed to do now?
• Level of Detachment – Most of these companies selling UTM Appliances and Firewalls are huge. Unless you sell hundreds of thousands of dollars of their equipment a year, you are simply another number to them. They don’t care about you or your level of success. You probably never even deal with anyone from the company because you do all your purchases through Ingram or TechData, et al. You could probably call whoever is your Account Representative with your vendor and they wouldn’t have a clue as to who you are.
• Lack of Influence – These vendors all have finely crafted development timelines meant to follow the current trends and anticipated movements in the security space. Your request for a new minor feature will most likely fall on deaf ears, or at the most, end up in the next major build of the product planned for sometime in Q3 of next year. If it’s a major feature change or upgrade, unless more people get onboard with you to request it, you just may simply never see the change.
• Price – Depending on configuration and features, some of these boxes can be horribly expensive to meet the needs of a SMB. There was a Title Company we did a quote on an Astaro for one time that ended up being almost $10K, and that was before the hardware to run it on, which would have brought the total up to about $12K. There simply had to be something better out there that didn’t run at such a high cost point. The fact that the pricing options for a lot of these products can require a complete PHD in discrete mathematics to figure out.

These were all factors in my decision process when I was looking at a provider for my managed firewall service when I was starting my company. I wanted something that was reliable, stable, progressive, and fixed the problems that I had with the other vendors I worked with in the past. There was a long process of researching various vendors for my new solution, including the ones listed above as well as:

• Calyptix Security
• Cyberoam
• Endian
• eSoft
• GTA
• Smoothwall
• Untangle
• XRoads Networks
• ZyXEL

In the end I selected the Calyptix AccessEnforcer as my vendor for my company, but not after a long exhaustive search, lots of reading, lots of comparisons and plenty of hours on the phone with sales representatives. If you are interested in reading more of the final parts of why I chose Calyptix as my vendor you can read about it in this post here.

Being that this is a response to a question about Calyptix versus Untangle, I also need to hit on my reasons on why Untangle wasn’t chosen as my preferred vendor. Untangle seemed interesting enough, but not very much a standout in any matter when I first started looking into it. Personally, I felt initially that Untangle was just another Smoothwall, as they had their free product, but it you pay them money you can get support and more features. To make things even more muddled, that puts them in the same boat as Astaro and Endian as well. That’s four companies all with very similar models of a free version (although Astaro doesn’t advertise it) that you can then add commercial add-ons to gain more features and support.

When I installed and ran Untangle in a test environment on a Dell Optiplex, I really can’t say I had any problems and things went smooth enough, pretty much the same as most of the other Linux based firewall distros I’ve used in the past. Though the biggest issue I had was once I loaded the interface and the Java GUI kicked in. Instant flashbacks to the pain that was the old Symantec firewalls, which to this day I rate as the worst firewalls ever built. In this day and age I simply find a Java interface for something that can easily be done via a simple web interface completely unacceptable. This was an instant black mark against Untangle in my book, and something that pretty much kept them out of the running for a winning spot in my book. I still ran the box for a week, and can’t really come up with any complaints for the box outside of some tweaking and trying to get to know it.

The short version on the product itself was that I simply didn’t feel the synergy. I didn’t enjoy administrating it, and didn’t feel that I could be enthusiastic about selling it. The other part of the coin, relating to the company itself was a bit more interesting of a story.

Like all the other non-major players, I did a lot of googling and reading to find out as much about the companies themselves as possible, and see if I could find any horror stories or praise pieces that weren’t directly linked to the company itself. It really seemed that almost all the work I did researching the company all ended up pointing back to their forum or wiki. The one thing that really got me was the fact that they had been working under their old moniker (Metavize) for years selling an appliance and then one day suddenly changed models, secured a bunch of funding and said we are doing things this way now.

Granted, I have to give them credit for contributing to the OSS community, but the fact that on more than one occasion I’ve seen them compare themselves to SugarCRM, which I find troubling. I’ve had many involvements with Sugar in the past and currently, and none of them have been anything approaching good. In fact, just about everyone I know that has used and paid for Sugar has ended up switching to a new product within two years, with most of them moving to SalesForce. If you are going to relate yourself to a product, I’d make sure that it is one that is thought of more highly than SugarCRM.

Their pricing structure is another part that put me off, as it pretty much fits in with the overly complex formulas of some of the other larger vendors. I don’t want to have to pick from this or that, and figure out pricing. I just wanted something simple. I want this model and it’s this price (which I love about the Calyptix model, One Box. One Price). Also, their pricing complete neglects to add-in the actual hardware that the box is going to run on, and the preconfigured boxes are unacceptable to me, as there is no reason they have to be selling a 2.5U unit. There is no reason these boxes couldn’t be at least SFF or 1U units. Maybe I’m overly picky, but a good 1U server that I would find acceptable would probably end up running a minimum of $1500 on top of all that, and it’s now another vendor to manage for support. I want the vendor to be responsible for the whole setup so that there is no possible chance of them coming back saying “Oh, we don’t support that hardware”. Their HCL is extremely short, which extremely limits my options for how to build a server for a client. Which makes the chance that the unsupported hardware conversation even greater.

The one real gripe I have with Untangle, that really has come up post my decision to not use them, has been their blog and the testing methodologies used in their two fight clubs that they’ve done so far. First the Virus fight club, where they tested stand-alone scanners against UTM appliances (apples against oranges) and most recently the porn filtering capabilities. Neither test specifies exactly how the boxes were configured (as I noted in a previous post, the SonicWALL’s GAV seems dependant on blocking packers for full effectiveness), and both completely leave their own product out of the mix. If you are going to perform that sort of comparison testing, you have to use your own product; otherwise it looks like you are simply trying to pass off a test as Snake Oil. Granted if their product won, it would look biased, but that’s a lot better than sitting out a test where you are critical of your competitors.

I’ve actually been working on redoing both their Fight Club tests on my own and have almost completed the virus testing, and been slowly working on prepping (and verifying) the porn test. I tweaked the virus test to only include UTM firewalls, versus using some desktop applications and some UTM boxes. So far I’m happy to say that the Calyptix AccessEnforcer passed the virus test with a full 100% pass rate and it also blocked a number of them even before the Web Filter got them via the IPS.

So if I didn’t choose Untangle, then why did I choose to partner with Calyptix? Well for starters, their business model of “One Box. One Price.” was what got me in the door and moved the ball forward. From that starting point it became a number of different points including:

• Flexibility – The flexibility that they had in how they presented their offering. They actually built a program for MSPs to use to sell their product. No huge cash outlay up front to get a box in a client’s location.
• The Technology – OpenBSD is simply secure and rock solid. Too many people pass over it for Linux in this environment and I feel like it’s a mistake. pf is vastly superior to iptables that most of the Linux based systems use. The fact that they wrote their own inspection algorithm from scratch wasn’t a bad thing either.
• Simplicity – The box is simple to administer. Most of the features that the box incorporates has all the needlessly complex configuration details taken care of automatically. This drastically cuts down on setup time, and the amount of hours per month required to manage the box effectively.
• The people – Lawrence and his crew are a great team with tons of talent. They know what they are doing. They write good code, and they focus very heavily on helping their partners have the best product they can build.
• Quality – I have yet to see them release a half-working or broken feature just to get it out there. They’d rather take the extra time and have it work right the first time versus putting something on the box that is going to cause problems.
• Belief – Everyone that works there truly believes they are making a great product for the SMB space, and you can tell it every time you talk to them. It shows in everything they say and do, and is one of the factors I believe will lead them towards long term success.

Since partnering with Calyptix, I’ve been introduced to lots of interesting people in the SMB community, and had plenty of cross-referral opportunities passed through them for various projects. I truly enjoy getting together with them whenever they are in town (or close by), and am hoping to make time one of these days to make the trek to Charlotte and give them a visit.

I’ve had plenty of early looks at the next generation of the Calyptix AccessEnforcer and everyday am more and more pleased that I chose to work with the team at Calyptix to provide security to my clients. With the features in the next release, and the GUI enhancement, and the general improvements being made daily to the box I’m going to be very excited what the SMB market will have to say about the product when it reaches the 2.0 milestone.

Now, I have not had enough interactions with the people at Untangle, or enough time running an Untangle server to say that you shouldn’t try it or even partner with them. My entire point was that I did not feel a synergy between Untangle and myself when I looked into their offering to feel that I should sell their product. The people at Untangle could be the greatest people in the world, but I haven’t met any of them (which surprises me, do these guys go to any SMB conferences?). I’m always open to talking to new people, and seeing if there are new ideas out there I haven’t thought of, but I’m proud of my choice to work with Calyptix and being a part of making their company a success.

I’d love to hear more from people that have used Untangle or are Untangle partners and why you chose to use their product and what other products you evaluated in your decision making process. Or even more broadly, have there been any people out there in the last year or so that switched firewall vendors to use a newer or different UTM Firewall solution?

I ordered the Silencer 500 Dell unit, which claims to be compatible with my Dimension 9100. I installed the power supply earlier this evening and have to say that I am a bit disappointed in the claim that it is Dimension 9100 compatible. The problems:

• I had to remove metal from the frame of the case to make the power supply fit.
• The power supply is too small for the opening and I now have about a 1/4″ gap in the back of my machine
• The SATA power cables are too short to properly reach the location of the hard drives in the machine.

I have to say, based on my prior experiences and the overall reputation of PC Power and Cooling, I’m very disappointed in this new power supply unit. Does this have something to do with the purchase of the company by OCZ? This is the first time I’ve bought a PC Power product since they were acquired by OCZ and this somewhat leads me to wonder if that hasn’t caused a decrease in the quality of the PC Power and Cooling product.

This wouldn’t be the first time I’ve seen a company acquired by another company have their good name tarnished by the new owners. Geek Squad anyone?

In more fun preview news, the Calyptix AccessEnforcer passed with a 100% rating, and actually blocked almost 10% with the IPS alone. Interesting to see the difference in the IPS and packed executables check box being close to the same.

More to come soon, have a lot of other boxes to test. And if you are wondering, I’m simply following the testing methodology from the Untangle Fight Clubs. They seem to leave themselves out in a lot of tests, so I wanted to put them in a set of tests along with the Calyptix box as I sell their product (and truly believe in it) and am interested to see how they stack up against the big boys in a test that other people have designed.

About six months ago I became a devout Gmail user (I have had my account since the early invite only days, but never used it) for my personal e-mail accounts. This allowed me to aggregate all my accounts into a single location, with instant access anywhere that I had internet. Gmail was a big step to say the least, and something that constantly becomes a more useful decision as new features are constantly being added.

Unfortunately, this also lead to a single place for all the mailing lists, and spam (not that much is missed by the filter), to pile up in. I’ve automated my Outlook for my business related e-mails to death, but have never done anything with my Gmail account. In fact, I hadn’t used labels or archive or anything. This basically left me with a monster of an overgrown inbox. I had some free time on Thursday evening and began the process of streamlining and automating my Gmail account. With some judicious use of Gmail Filters (which I have to say are every bit as powerful as most full e-mail clients), a ton of labels, and a very liberal use of the Archive button I trimmed a ton of fat and old information from my inbox.

It was a long and interesting process, but something that was in dire need of being completed. I’m not quite done the complete automation and streamlining of my inbox (and I don’t ever really expect my personal e-mail to hit Inbox Zero), but already I’ve filtered about 75% or more of the e-mail that would have otherwise hit my inbox. It’s really a blessing, as this has probably cut a good 30 minutes a day from the need to manage my personal e-mails.

This is a good step in what I hope will become a renewed effort to making my own personal life as efficient as I try to run my business. If I make my own life even close to efficient as I have been able to build my business, I will hopefully be capable of adding another two hours or more a week that I can spend my undivided attention on my children.

The scenario that has reminded me why is as follows:

13 DLT-IV tapes that are an archive of the source for an old software release. These sources are required again as they are going to be scrubbed and brought up to the current standard of all the newer animations. The drive, a 7 tape DLT autoloader connected via SCSI. Begin the restore, 58 hours later, the restore is still processing.

I can only imagine what this process would be like if this was mission critical data, and it had to be back up and running right now. Thankfully, this is a legacy system and this particular archive was the only portion that had never been transferred to the new LTO-3 archival system.

This whole situation reminds me of why I sell all my clients on our remote backup solution, as the flexibility, speed and simple fact that it is completely automated with never a tape to change, have continuously proven to me that it is simply superior to tape. And with today’s ever increasing bandwidth availability, it becomes more effective by the day.

Personally, I’m very curious how many MSPs and Service Providers still recommend tape as a primary means of backup to their clients, and why they feel the need to continue to push what I feel is a technology that has become relegated to an archival solution.

With a goal of keeping the collaboration between my company and the people we are working with as simple as possible, I wanted to keep everything in one place. Central Desktop allows us to have all our collaboration documents, tasks, and Wiki all under one roof. I feel like this makes our life a lot simpler, and over the long run will make the outsourced company more apt to insure that things are updated in the system, especially since their payment is dependent upon it.

I understand that I’m not being the most original or innovative with this approach, but am curious as to what packages other people use and how they combine them to get the best results. Currently we use Autotask for the actual management of what was done and for customer requests, while Central Desktop is used to manage tasks between ourselves and the outsourced company while at the same time document our customers networks via the wiki.

The downfalls to the process:

• Have to enter the same information in multiple locations. My templates are simple and can’t pull from a single source.
• No central hardware/software interfaces, means the same thing might be called something completely different across two separate quotes.
• Manually compiling all the separate components into a single PDF file for delivery.
• Tedious process that would make it difficult for me to pass off on a sales person.

I know Autotask Pro can generate quotes, but I’m not sure at what level, and frankly, we’re not ready to grow for the Autotask Go product at this time. I’ve really been researching some quoting systems, and frankly I have yet to find anything that appeals to me. I want something simple and web based, that will allow us to generate quotes with some mouse clicks, drop downs, and check boxes. The idea of a roll your own has run through my head, but that would really be excessive, and more than likely take a while to show a good ROI on that initial investment.

Being a relative newbie at the marketing and sales game, I have to wonder if something like Salesforce.com would benefit what I’m trying to accomplish, or if that is just for pipelining and lead management like most CRMs really seem to be focused on. I could approach my friend Jared over at SET Consulting and see what they could do to integrate and streamline the quoting, but again, would probably take a while to generate a good ROI.

I know there are plenty of companies out there with years of working on their process of quoting their work and would love to know some of their tricks for streamlining the process.

Since day one, we have always run a Nessusne scan on our potential clients (with authorization of course) and quarterly with our regular clients as well. Recently I’ve begun upgrading our scans with some basic light pen-testing of some major sticking points. Now that I’ve started adding some of these basic pen-tests, the responses from potential clients has improved dramatically. It’s always one thing to explain to them why they need strong passwords, but when you can hack their RDP session in a matter of hours, it really gets them to understand why they need a good password.

It is a good way to impress upon your clients the need for security, and also helps to keep your staff and contractors on their toes if they know you run real penetration tests against your client’s networks. The driving force for making sure I run these basic tests were due to a recent meeting with a client who insisted that they leave their Domain Administrator password as a simple 6 character password that was quite easily guessed. In order to impress upon them the importance of having a good password policy, I got them to agree to let us hack their network. Starting from scratch, I was able to download the appropriate script kiddie tools, run my cracks and gain full Administrator access to the sole domain controller on the network.

As much fun as it was, I really learned that this was a useful tool, and something I should be doing for all my clients. So now, all our clients are going to be receiving an additional page with their quarterly scans that details the penetration testing of their network. My question to you is; “What do you do to make sure that your clients are actually secure”?