Server Upgrade Best Practices

It may seem mundane, but remembering to do little things, such as upgrading server software from time to time, can make life much more easy and manageable. One simple upgrade can help ensure that you are receiving all the most recent maintenance updates, patches and fixes, and news about your particular product. To make this process run even more smoothly, be sure to follow these best practices for upgrading server software.

•Find out what windows service packs should be applied and apply them.

•Assure that your maintenance is up-to-date and that you are using the correct registration codes for your product as old or outdated registration codes can delay the upgrade process. You can easily find this out by running the “check for program updates” utility in your product’s program group.

• Back up your database/registry/configurations. The backup procedures can be found in the program administrator under HELP… Help Contents… Contents Tab… Configuring Servers… Backing up Servers.

Cornerstone – To back up your database: Use the standard backup functionality built into SQLServer to backup the SQLServer Database. For more information about backing up your SQL Server database, see http://msdn.microsoft.com/en-us/library/ms187510.aspx or contact your SQL Server Administrator. To back up the Cornerstone Registry: Using Regedit – export the Server’s directory under HKEY_LOCAL_MACHINE\SOFTWARE\South River Technologies\Titan FTP Server. Save the .reg file and copy it to your computer (or a new computer). Copy that .reg file to the new computer and then, while on the new computer, double-click on the .reg file to import the information into the registry. Repeat this process for the information stored under HKEY_LOCAL_MACHINE\Software\ODBC\ODBC.INI as this contains information related to the SQLServer connection used by Cornerstone to communicate with your SQLServer Restart the computer for everything to take effect properly. Once you have restarted the new machine, launch your Cornerstone Administrator, and make sure that the IP settings for each server have been changed to the new server address.

Titan – To back up your Titan server configuration, reun RegEdit and export the Server’s directory under HKEY_LOCAL_MACHINE\SOFTWARE\South River Technologies\Titan FTP Server. Notify your users in advance of when the server will be offline so they can plan appropriately.

• Schedule the server upgrade after business hours if possible. If operations are 24X7, it is a good idea to be running in a clustered environment so that you can take a server offline without impact.

• Have a plan for how to roll back if there are any issues with the upgrade.

• Even if you are sure you know what you are doing, it doesn’t hurt to read any instructions or help files that come with the software. You might learn something you did not know.

Don’t forget to keep up with important installs. Following the correct steps can save you from unnecessary stress and keep your operations running smoothly.

What’s the real cost?

The recent data breach at Bethpage Federal Credit Union has compromised 86,000 consumer debit account records.  The breach was the result of a simple human error, and the lack of policies to ensure that such errors would not happen.

This is no small issue forBethpage, given the costs associated with the cleanup:

• Reissuing 86,000 credit cards
• Paying for credit monitoring for the 86,000 customers affected by the breach
• Loss of customers
• Loss of reputation
• Hiring security firms to monitor access to the files

Plus, they still have to put a long-term solution in place to prevent a similar breach from occurring in the future – a solution that they should have had in place a long time ago.  The solution needs to have multiple levels of security, and should ideally make use of all of the following:

1. Disable anonymous access to their servers.  This alone could have potentially prevented the servers from being indexed by Google
2. Use server software that forces selection of strong passwords
3. Install a reverse proxy server outside of their firewall to enable closing inbound ports
4. Encrypt the data on the server
5. Enforce policies about where sensitive data can be posted

These steps are inexpensive and easy to implement, which begs the question:  why weren’t these technologies in place a long time ago?  And if they were, why were internal policies unclear or unknown to employees?  Other credit unions should take heed.  While this data breach shows no indication that data was actually downloaded and used, hackers will certainly take notice and test other credit unions for similar situations.

Implementing an MFT solution like Cornerstone MFT now can save a tremendous amount of expense, effort and embarrassment later.  Cornerstone includes a web interface that can easily be made available to any or all employees who may need to post data on company servers.  A simple policy requiring users to only post sensitive data through this interface would eliminate the possibility that the user will erroneously believe that a server is secure.

WebDAV vs. FTP

In many conversations with our customers, I often run into a common question:  “What’s the difference between WebDAV and FTP?”  There seems to be confusion about the differences between the two protocols.  Since SRT’s products support both WebDAV and FTP, I thought it would be a good topic to cover in this week’s blog.

Web-based Distributed Authoring and Versioning (WebDAV), by definition, is a set of extensions to the HTTP (Hypertext Transfer Protocol), which allows users to edit and manage files collaboratively on remote Web servers.  One of the major features in WebDAV is the ability to lock files automatically to prevent data being overwritten by another user.  WebDAV also supports XML properties so users can access data about the file, the author, the date the file was modified and namespace manipulation, which allows resources to be copied or moved.

File Transfer Protocol (FTP) is a simple network protocol based on IP, which allows users to transfer files between computers on the Internet.  FTP service is based on a client/server architecture.  An FTP client program initiates a connection to a remote computer running FTP server software.   Once a connection is established, the client can send and receive copies of files.  To connect to an FTP server, the client typically requires a username and password.  There are also public FTP archives that follow a special convention that accepts a username of “anonymous”.

There are several file transfer protocols available:

FTP – the plain FTP protocol, which has been around since the 1970’s.  It usually runs over TCP port 21, and is not secure.

FTPS – which stands for FTP over TLS/SSL.  It is often called Secure FTP and runs over TCP port 21 or 990.

SFTP – another file transfer protocol that has nothing to do with FTP.  The acronym stands for SSH File Transfer Protocol.  SFTP runs over an SSH session, usually on TCP port 22.  The protocol has been around since the 1990’s.

The FTP protocol supports two modes of data transfer, plain text and binary, and usually defaults to plain text.  Unlike the WebDAV protocol, FTP does not support automatic file locking, which can lead to users accessing the same file and potentially overwriting changes made to that file by the initial user.

SRT’s WebDrive , often used as an FTP client, supports a variety of protocols.  WebDrive can be used as a WebDAV Client to map a drive letter to WebDAV servers, including Sharepoint.  WebDrive also supports SFTP and Amazon S3.   WebDrive is now available as a Mac OSX FTP, SFTP and WebDAV Client.

SRT’s Titan Editions support FTP, SFTP, and FTPS.

Where’s the Remote?

Not long ago, my husband and I spent 20 minutes searching for the remote control in our bedroom.  We wanted to watch the news, so with the TV less than 5 feet away from us, I finally walked over and push the “power on” button – whew, crisis averted!    But with regard to technology, remote control is an essential technical support tool.  The days of walking a user through steps over the phone, or getting in a car to travel to a customer’s site, are almost things of the past.  Nowadays, technical support operates like Domino’s pizza delivery service;  if I (the Technical Support Engineer) can’t get your problem fixed in under 30 minutes, a link will be provided allowing me access to  fix the problem remotely.

Here at South River Technologies, our Support and Development Engineers use remote control software daily to solve customer problems; issues ranging from, “I can’t activate the license on my Titan MFT Server,”  to, ” My WebDrive will not connect to my WebDAV server.”  With SRT having customers all over the world, remote access saves us a bundle in long distance calls,  and there is no need to travel to a customer site. As long as we have the Internet, we can provide “on site” support.  I can’t describe the anxiety that washes over me when someone declines remote control access to their site.  You mean I actually have to walk you through this over the phone or write instructions? Someone please call the Police!

So, some may argue that remote control devices have made us lazy because now we sit back and watch someone else do the work, but aren’t lazy people the most inventive?   Think about it.

Cybersecurity Awareness

October is National Cybersecurity Awareness Month.  The website StaySafeOnline.org encourages you to make cybersecurity a priority and provides some “top tips” on how you can protect your business. While some of these tips are seemingly common sense (for example, “Know who you’re dealing with online.”), other tips speak directly to the capabilities of the software that you choose:

This tip immediately made me think of our secure FTP server solution, Titan MFT Server. Titan MFT Server is a managed file transfer solution, which, along with many other features that address cybersecurity (such as highly granular security settings that can restrict IP access and help to prevent DoS and FXP attacks) also provides strong authentication options and the ability to force complex password rules.

Titan MFT Server supports a variety of user authentication options, including native Titan Authentication, Windows NT/SAM authentication (for Windows 2000 Servers), Windows Active Directory authentication, LDAP authentication, and ODBC authentication.

Titan also provides S/Key password encryption and the ability to force the user to create passwords that are strong, which helps to prevent brute force password cracking. When this feature is enabled, passwords must be at least eight characters long with no spaces and must contain:

• one or more Latin uppercase letters (A through Z)
• one or more Latin lowercase letters (a through z)
• one or more digits (zero through nine)
• one or more non-alpha characters, such as ! # $^& , -+=

To learn more about how you can protect your business from cyberthreat by using Titan MFT Server, contact our sales team at sales@SouthRiverTech.com.

A Recipe for SFTP

Ingredients:

• Server (Select your own hardware; recommend Server class machine)
• Operating System (recommend Windows 2003, 2008 various flavors)
• *Licensed operational Titan Enterprise or MFT Server (other SFTP Servers can be used but not as flavorful as Titan)
• Port 22
• Client SFTP software (we like to use WebDrive; Mac or Windows flavor)
• 2 Host Key Pair, 1 for Server and 1 for Client
• 1 Password for Private Key pair (required for Titan Server)

*Note if you attempt to use single Licensed Titan Server in the same recipe, you will receive bad results

Preparation Time: 1 – 2 hours

Prep:

On your Server class machine, install your Operating system with either Windows 2003 or 2008 flavor, some people even like it with Windows XP.

Refer to: our Titan Host Key Quick Start Guide (Steps 1 – 7) for detailed instructions on preparing your Titan Server with SFTP.

Now that your Titan Server is ready, now you can add SFTP to make it incredible.

To make SFTP (SSH’s Secure File Transfer Protocol) on this server select this check box and choose the port number using the up/down arrows. Choose the host key set by using the drop down arrow. To use SFTP services, you will need a host key pair that will be used by the Titan FTP Server. Use the Host Key Management utility to either create a new host key pair to be used by the Titan FTP Server or to import an existing host key pair from an external file set. Once you have created a host key pair, select it from the list and then type the password associated with the host key.

*Port 22 is reserved for SSH (Secure Shell)/SFTP and is the default/recommended port.

Depending on your taste, choose your Host Key Type flavor: select a DSA host keys (must be 1024 bits in length), or  RSA keys, which do not have this restriction and can range from 512 bits in length to 4096 bits in length. A longer key length provides better taste, but takes longer to serve.  Shorter keys aren’t as good, but you can serve it quickly.

Now add the finishing touches to your Titan server, and then you are ready to serve your guests.

Before your guests can experience your server, they must use a password or a host key.  You’ll have to add the final component to the server to make this easier for your guests.

We recommend you support both Password Authentication and Public Key Authentication (meaning that client can use either Password OR Public Key Authentication), then select the Allow Trusted Host Keys option and deselect the Require Trusted Host Keys option, but depending on your taste, select what you like.

Before serving your guests, navigate to the guest’s public key filename and click.

* Note that the client host key pair will be created by each individual client.

They will then need to export their Public Host Key in SSH2 or OpenSSH format and send that .pub file to the Titan Administrator so that it can be imported into the Titan Host Key Database.

Make sure your server is started prior to serving.  Enjoy!

Top 10 Reasons to Use the E-mail Tab in Titan FTP/MFT Server

10.  You can configure it to send  an e-mail every time someone types in a bad password.

9.    You can find out who uploaded the “Thriller” video to the Finance FTP server.

8.    You can finally give the Cleveland office proof that typing:  WHEREISIT is not a valid FTP command.

7.    You can see how many times a day the user: Root tries to hack into your server.  

6.    You can see how much space the Art Department really uses on the server.

5.     Get a message that Joe changed his password.

4.     Discover who renamed a file on the Accounting server to: nomoremoney.xls

3.     Instead of waiting for the Help Desk to ring, you can find out the FTP server is down.

2.    You can find out who deleted the “Thriller” video before you got to watch it.

And the Number #1 Reason:

You can find out if your FTP server is being hammered and hindering your legit users from accessing the server!

How to Configure E-mail:

 The Email Server tab is used to configure mail server settings used by Titan.

To access the Email Server tab, click the server in the tree pane and then click the Email Server tab.

 SMTP Server IP or Hostname – Type the IP address or host name of the SMTP server used for sending email.

 Mail Server Username– Type a valid Username that will be used for authentication to the remote SMTP server.

 Mail Server Password – Type a corresponding Password for the username.

 Test Connection – Click Test Connection to test the connection settings to the SMTP server. If Titan is unable to connect to the server, or unable to authenticate to the server using your credentials, an error will be displayed.

Get more information on the Titan FTP/MFT Server

WebDAV vs. FTP

In many conversations with our customers, I often run into a common question:  “What’s the difference between WebDAV and FTP?”  There seems to be confusion about the differences between the two protocols.  Since SRT’s products support both WebDAV and FTP, I thought it would be a good topic to cover in this week’s blog.

Web-based Distributed Authoring and Versioning (WebDAV), by definition, is a set of extensions to the HTTP (Hypertext Transfer Protocol), which allows users to edit and manage files collaboratively on remote Web servers.  One of the major features in WebDAV is the ability to lock files automatically to prevent data being overwritten by another user.  WebDAV also supports XML properties so users can access data about the file, the author, the date the file was modified and namespace manipulation, which allows resources to be copied or moved.

File Transfer Protocol (FTP) is a simple network protocol based on IP, which allows users to transfer files between computers on the Internet.  FTP service is based on a client/server architecture.  An FTP client program initiates a connection to a remote computer running FTP server software.   Once a connection is established, the client can send and receive copies of files.  To connect to an FTP server, the client typically requires a username and password.  There are also public FTP archives that follow a special convention that accepts a username of “anonymous”.

There are several file transfer protocols available:

FTP – the plain FTP protocol, which has been around since the 1970’s.  It usually runs over TCP port 21, and is not secure.

FTPS – which stands for FTP over TLS/SSL.  It is often called Secure FTP and runs over TCP port 21 or 990.

SFTP – another file transfer protocol that has nothing to do with FTP.  The acronym stands for SSH File Transfer Protocol.  SFTP runs over an SSH session, usually on TCP port 22.  The protocol has been around since the 1990’s.

The FTP protocol supports two modes of data transfer, plain text and binary, and usually defaults to plain text.  Unlike the WebDAV protocol, FTP does not support automatic file locking, which can lead to users accessing the same file and potentially overwriting changes made to that file by the initial user.

SRT’s WebDrive , often used as an FTP client, supports a variety of protocols.  WebDrive can be used as a WebDAV Client to map a drive letter to WebDAV servers, including Sharepoint.  WebDrive also supports SFTP and Amazon S3.   WebDrive is now available as a Mac OSX FTP, SFTP and WebDAV Client.

SRT’s Titan Editions support FTP, SFTP, and FTPS.

Tell Me How…

…A Note about Technical Writing and Help Documentation:

“Technical writing is the art, craft, practice, or problem of translating
that which is logical into that which is grammatical. Technical writing
forms a bridge between the logical (the primarily binary concepts understood by computers, robots, lawyers) and the illogical (the haphazard, inconsistent concepts misunderstood carbon-based life forms, highly intelligent computers, lawyers) via the medium of the grammatical, the haphazardly logical system incomprehensible to both. The practice of technical writing presupposes that you, the illogical, actually want to learn about the logical subject, which of course is in all cases false. This basis in a false presupposition makes technical writing a pursuit typically favored by those with arts degrees from obscure universities.”

–The Hitchhiker’s Guide to the Galaxy

Of course, being a Technical Writer, I found the preceding quote to be very entertaining! And while this quote may strike a chord, here at SRT, we’ve tried very hard to make sure that using our products is a breeze, whether you’re configuring LDAP, ODBC, SFTP, or FTP/S. We have a large repository of help documentation and add to our Knowledgebase frequently. If you need help connecting your WebDrive FTP client to a Sharepoint server, or want detailed information about how to configure Microsoft clustering services, we have step-by-step guides available on the South River Technologies’ website. If you have a unique Titan MFT Server configuration, you can find troubleshooting tips in our Knowledgebase. And we want to hear from you! Please tell us how we can serve you better.  We want to get you up and running as smoothly and stress-free as possible. We love our products. We think they’re easy to configure and use. And, if we can do anything to make it easier for you, please, let us know.

By the way, I have a B.A. degree from SUNYA, double major in Communications & Theatre. Very funny, Doug Adams, very funny.

Benefits of 64 bit Server Software

Most computers these days ship pre-loaded with 64 bit Windows operating systems.  This had led to some compatibility issues with some 32-bit software either not working at all, or running with limited functionality.  The primary issue many users face is driver incompatibility for their peripherals which require 64 bit drivers.  Most 32 bit application software will still install and run on 64 bit Windows platforms; however, there are usually configuration issues that can frustrate users and leave them wondering what benefits, if any, there are to a 64 bit operating system.

The primary benefits to running native 64 bit software on your 64 bit operating system are the ability to allocate and use more memory and speed.   When running 32 bit applications on a 64 bit OS, Windows will run them in a subsystem called “Windows on Windows (WOW64)” which is a transition layer to map all Windows calls from their 32 bit to 64 equivalents.  The WOW64 layer also intercepts registry calls and uses a special tree in the registry to store settings to not interfere with native 64 bit software.  Using the WOW64 transition layer will have a negative effect on performance and will not give 32 bit applications the increased memory space that native 64 applications enjoy.  A 32 bit Windows application can use/address at most only 2 GB of memory, even though the computer system may have 16 GB of memory installed.   Even when running on a 64 bit operating system, 32 bit applications still can only address 2 GB of memory.   A native 64 bit application can access/allocate 8 terabytes (TB) of memory.

You may be wondering if any application really needs to address more than 2 GB of memory.  If you are running file server software, then the answer is yes.  To be highly scalable, your server software should be able to make use of all available system memory.  File server software, such as FTP/SFTP/DAV servers, are designed to handle many clients and sessions simultaneously and generally interact with database servers at the same time.   The more users accessing the server at the same time the more memory that it requires.  If your file server software only supports 32 bit operating systems then you are limiting its scalability.  When choosing a file server solution it is a good idea to look for servers that natively support 64 bit operating systems to get the benefits of increased memory capabilities, scalability and speed.