The Building Blocks of Online Collaboration, Content Management, Business Intelligence, and More

Gartner, Inc. predicts that 80 percent of organizations will be using Microsoft Office SharePoint Server (MOSS) by 2010, but only 40 percent will use it effectively. This is because MOSS, the most successful Microsoft server product ever launched, can be a bit unwieldy. There are subtleties within the product that require a certain level of familiarity and expertise. This means that while MOSS is a great way for many companies to deliver web-based content and collaboration tools to customers and employees, implementing the solution without the benefit of experience may be ill-advised.

What Is MOSS?
MOSS 2007 a collection of web-based applications designed to facilitate collaboration, provide content management, implement business processes, and supply access to information that’s essential to organizational goals and processes. 2007 brings the fourth iteration of this product from Microsoft, which originated in 1999. Plante & Moran’s web development team has implemented several competing products, and we’ve found that MOSS 2007 is an unusually good fit for many of our clients.

What Are Its Capabilities?
MOSS includes the following capabilities:
• Collaboration. This includes wikis, blogs, calendars, e-mail integration, discussion boards, surveys, document collaboration, and real-time presence indication, among other features.
• Portal. Although this includes a variety of technical features such as content syndication and audience targeting, it also provides privacy and security, a site directory, and “my site” capabilities, which give users the ability to personalize information “for me,” “by me,” and “about me.”
• Search. This simple, easy-to-use tool includes a people search, knowledge network, and business data search. Search algorithms ensure relevant searches and search results are rendered more clearly—all while meeting the security your organization demands.
• Content Management. This allows businesses to manage documents, e-mail messages, videos, web pages, and more. Businesses can administer this diverse content, streamline business processes, and efficiently manage multiple websites.
• Business Process and Forms. MOSS contains built-in workflow templates to automate approval, review, and archiving processes. You can also create, maintain, and analyze custom workflows, which streamline collaborative processes.
• Business Intelligence. This infrastructure makes it easy to access the necessary information to make the best business decisions.

And that’s just the beginning. Broadly speaking, MOSS has an offering for most web-based applications a business may need, with the exception of e-commerce.

How Does MOSS Help Businesses?
If organizations had to build all of this functionality from scratch, it would expensive, perhaps prohibitively so. MOSS compiles all of these tools into one product, making this functionality accessible for organizations that may otherwise be unable to afford it.

We recently helped Airfoil Public Relations, a public relations firm headquartered in Southfield, Mich., rebuild their intranet using MOSS. “We were using a very basic folder system, which had gotten large and out of control,” says Aaron Petras, Operations Manager with Airfoil. “MOSS has allowed us to separate our team sites based on practice area and delineate down by client. This has been helpful because each team now has its own site to share documents and post announcements and discussions.
In addition, the business intelligence component is very useful; it’s helped us better present data to our senior managers.”

Don’t Go It Alone
While it’s true that much of MOSS is an “out-of-the-box” solution, it’s easy for organizations to get into difficulty when they try to implement it themselves. There are nuances in the product that require more sophisticated knowledge and capabilities. For example, it’s challenging to secure the privacy correctly, multiple “my sites” may result in lack of proper management, and the search function may not reach as broadly as it should.

Plante & Moran’s Web Development team has significant experience guiding organizations through the MOSS implementation process. For more information on how MOSS can benefit your organization, feel free to give us a call.

John Bissa
Partner
Technology Consulting & Solutions
248.223.3684
john.bissa@plantemoran.com

Amy Moore
Associate
Technology Consulting & Solutions
248.223.3421
amy.moore@plantemoran.com

Filed under: Business Articles, Technical Articles on August 4th, 2008 | No Comments »

In this article I want to focus on the decision criteria for hosting a dedicated server versus hosting in a shared environment. As the power and security of the shared environment has improved the lines have become somewhat blurred as to when to make this transition.

With ever more powerful servers and server operating systems it is now possible to host many complex web applications in a shared hosting environment. There may also be beneficial licensing advantages to a shared environment. For example there are applications such as email servers that are purposely priced to be used in a shared environment to spread the costs over a large number of users. Microsoft SPLA pricing may also make software more affordable in a shared environment.

Unfortunately, many shared hosting firms are more interested in offering a low price to attract customers and leave server performance as an afterthought. They will price a shared service based on attracting hundreds or even thousands of users. Depending on the program merely going from four to eight customers could mean the difference between a well responding application and one that responds sluggishly. We also see doubling up applications on the same server, for example, running an email server on the application server – a sure fire way to run into problems.

So why go dedicated?

A good analogy may be to think of it as taking the bus or owning your own car. Yes they both get you to your destination but the car gives you greater flexibility to adjust your schedule. You can also customize your car to make it go faster and handle better.

A dedicated server provides the following benefits:

• More security. The dedicated server provides isolation from other customers and their applications.
• It’s dedicated to your application. You are in control which applications run on your server. This can be especially important when it comes to upgrading software levels that might impact your application.
• Configured server components. You determine items such as disk space and redundant configuration such as disk RAID standard, processor type and memory.

Rules of thumb for using a dedicated server:

• Websites using large databases for serving dynamic content.
• Forums or BBS sites that process a lot of data in a short time.
• Ecommerce web sites running online shopping cart systems.
• Corporate websites that can’t afford any downtime.
• Websites that requires custom server configurations such as clustering or special firewall considerations.

Of course, you must also pay close attention to the hosting service you use. Your hosting provider must have enough bandwidth capacity and an appropriately redundant facility to make sure your server is optimized. On a final note, make sure you can upgrade your server after your initial contract term to take advantage of the latest technology.

Filed under: Business Articles on December 9th, 2007 | No Comments »

I was watching the evening news the other night as one of the local channels began the countdown to the shutdown of our state government over budget issues. Interestingly, they finished the broadcast with blog responses from a number of voters/residents. Not only did they read the blogs on the air, they also showed the text in large letters on the screen.

And you’re wondering if your company should blog?

This  example involved state government but in this day and age could just as easily have been your company. We will take a look at the impact of commercial blogs and why they are important to your company and your relationship with your customers.

First Some History

BLOG comes from the evolution of the term “weblog” that became “we blog” and eventually the noun/verb BLOG.

BLOGs are seen as very open or frank comments, taking on a validity that may or may not be truly deserved. However, the fact remains that they are now a part of mainstream communication and can have either a positive or negative impact on your company’s reputation depending on how you manage them.

Commercial BLOGs

A corporate BLOG should be published as part of a company’s marketing strategy and will typically fall into one of three types.

• Internal blogs, for addressing employees, close vendors or customers.
• External blogs, for general communication to the open market or express a political or public statement.
• The CEO blog, (which could be for any top executive in an organization) that provides a more personal face to the ramblings of a company’s officers.

It’s estimated that 5% of the Fortune 500 have external blogs and as many as 70% of large companies have either established or plan to start a blog. The importance in coordinating with a marketing plan is that the ultimate goal is to create interest in new products or manage the corporation’s reputation. Unmanaged blogs can have the opposite effect as evidenced by executives that have expressed personal opinions outside the corporate party line and then faced serious repercussions in the market.

So here we go with the countdown.

1. Blogs can create buzz or interest in new products or services. Because of their candid nature, a blog creates an interesting way to break through the clutter and get potential customers to pay attention to your offer.
2. Blogs can help position you or your company as an industry expert. This is a great way for your company to discuss a topic in depth (for example – blogs!) and at least create the perception that you know what you are talking about. Hopefully this leads to credibility on future topics too.
3. Search engines love blogs. A good ranking on a search engine is worth its weight in gold. Blogs are included in search engine rankings as the engines review your content. As part of your overall plan to grow organic search rankings, a good blog should be a cornerstone of your SEO efforts. As an example, we recently posted a blog about a new collaboration product (COLLANOS). The CEO of COLLANOS picked it up and wrote a return blog. Before you knew it we had been found at multiple levels by numerous search engines. Trackbacks are part of this scenario but I’ll leave this topic for a future blog.
4. Blogs enhance reputation management. A competitor is preparing to unleash a new product or an officer of your company has done something very bad! (I hate it when that happens). What do you do? Having a well read blog in place can be your quickest way to address negative publicity or preempt some other type of event. The operative term is “well read”. You can’t wait until the last minute to start a corporate blog and expect everyone to be reading it.
5. Blogs help you COMMUNICATE with many customers and prospects simultaneously! In my mind (and that’s a very scary place) this is one of the greatest reasons for a blog. Blogs are viewed as more personable and combined with the ability to receive comments you get immediate feedback from your customers or prospects. Keep in mind however, that it may not necessarily be positive feedback but at least you’ll have feedback. You will need a thick skin to deal with some of the eventualities but managed properly this can be a great way to gauge interest in new services or changes to existing products.

Well there you have it, a blog blog. Matt will discuss some of your options for running your own corporate blog. Love them or hate them, they’re here to stay.

Resources:

http://en.wikipedia.org/wiki/Blog Wikepdia - blog definitions and history.
http://www.flyte.biz/resources/newsletters/05/05-blogs-vs-email.php Miscellaneous blog article.
http://www.dmnews.com/cms/dm-news/catalog-retail/39432.html Kevin Hillstrom’s reasons to blog.

Filed under: Business Articles on October 8th, 2007 | No Comments »

It seems that in today’s world; every topic, subject and anything of interest has some sort of blog. From complaining about your favorite football team, to finding a solution to a computer problem; blogs are all over. They can be very helpful and you may want to start one yourself, but you may not know where to go. If you look around on the Internet, you should find that they are fairly easy to setup and there are many places that can provide whatever you need. All you need to decide is if you want to setup and host it yourself; or if you want to choose between the many free services. In this “blog” I will discuss they ways that you can do just that.

What is a blog and are there different types?

First off, what exactly is a blog? From one of my favorite websites, Wikipedia, they say, “a website where entries are written in chronological order and commonly displayed in reverse chronological order.” So, it is just a place to write a post and let others see your comments. They are setup where the newest entry is listed at the top of the page. It is a fairly easy topic to understand, you can read about it more here: http://en.wikipedia.org/wiki/Blog.

There are also a couple of kinds of blogs. There are some that are just the blog; you type in the address and it goes to the blog like a regular website. Another way is to combine the website with a blog. If you already have and mange your own site, you can easily incorporate a blog. Such software as: b2evolution (http://b2evolution.net/), lets you do this. This is an open source piece of software that you can install to your site and now you have both.

Free Solutions

Now, you must decide where you want your blog to be hosted. The easiest, and cheapest, way is to go to one of the many free blog hosting sites. Here is a short list of some of the common ones:

Blogger.com

Blogs4me.com

Livejournal.com

Blogster.com

Thoughts.com

These are very easy and anyone can setup one of these. First, pick the one that you like the best and simply follow the instructions (it is that easy). They start off by asking you to create an account, once that is done it is time to name your blog and choose what kind of template you want. After that, you are set to go and your new blog site is setup like a pro. By using one of these free services, the blog is hosted on one of their servers and you can administer that by the login they give you. This is best for beginners and there is not much to worry about. If you like something a bit more complex and would not mind paying for this service; going to a hosting company and setting up your own could be right for you. I will explain this in the next section.

Pay Solutions

So, if you have decided that the free services are not enough; paying for your blog may be the best fit. The software that you need to install for your blog is free, but having it hosted will cost some money. The downside is cost, but you have the benefit of having complete control of the blog. Not only can you use an administer interface, you will actually have access to the root folder of the site. A popular one is called Wordpress (http://wordpress.com/). This is an easy download that you can have your hosting company install for you. It does require a MySQL database and this may result in higher prices.

Once the install is complete you can configure the blog to your liking. There are different skins to look at and the site is very configurable. There is also an admin section where you can install plugins, such as; password protection and spam prevention. Since there are many people working on this product, it is constantly improving. I do recommend this product and if you are up for the work, it is well worth it (selfless plug: check out our AWH Blog hosting).

All in all, blogs are fun and are now easy to setup. From the many free solutions, to hosting it at a company of your choice; the options are limitless. You have many options on how you want your site to look, as well as who you want to view it. Look around and see for yourself, I’m sure you will find something you like.

Additional Resources

http://en.wikipedia.org/wiki/Blog

https://www.blogger.com

http://wordpress.com/

http://www.livejournal.com/

http://blogster.com/

http://www.blogs4me.com/

http://www.thoughts.com/

http://b2evolution.net/

Filed under: Technical Articles on October 2nd, 2007 | Comments Off

This week I’m going to show how to tackle the WSUS 3.0 install.  I’m also going to talk a little bit about some of its functionality.  I’m sure that by now everyone is familiar with how Windows Automatic updates work and how you can schedule them or manually choose to update your pc.  Well WSUS is pretty much the same type of thing except you have a central place to manage updates for every pc or server in your organization.  You also have the option to store the updates locally to your WSUS server so that your pc’s will be able to download updates quicker.

First, the installation

When you’re ready to try WSUS you can download it from here.  Ok, now on to the install.  Run the WSUS3Setupx86.exe.  Click next à

 

 

In the below screen shot choose “Full server installation”.  Next à

 

 

Next is the license agreement.  It won’t install without it.  Next à

 

Below, you can choose where to install WSUS and also whether you’d like to store the updates locally.  Basically, it all runs the same if you choose not to store the updates locally, it’s just if you need to save disk space.  Next à

 

This screen shot lets you choose to use an internal windows database or if you are currently running mssql on this server you can choose to use that instead.  I chose to use the internal database.  Next à

 

Below, you can choose whether to use the existing IIS default website for the web services.  I chose to use the IIS default web site (recommended if you do not have other websites on the server).  Next à
 

Ready to Install!  Click Next à

 

Going through the install.
 

Congratulations.  You now have WSUS installed.

Some configuration choices

Once you’re finished installing then you can configure it to send e-mail notifications when there are new updates and alerts.  From the options menu you can customize your WSUS solution.

Within the administrator WSUS console you can view all updates, critical updates or security updates.  You can also choose to decline or approve them for install.  As you can see under the computers tree on the left you can view all computers whether they are servers or just PC’s.  Reports can also be generated to help you with updates.

To update your client PC or server you’ll need to either configure a Group Policy Object (GPO) within your active directory or if it’s in a non active directory environment you can edit the registry.  Find more information about configuring the client here.

This was just a quick rundown for WSUS, so if you’re interested in making sure that all the PC’s in your office or infrastructure are updated you should give WSUS a test drive.  By controlling what updates and who gets them you can better secure your environment.

Additional Resources

WSUS download
https://www.microsoft.com/downloads/details.aspx?familyid=E4A868D7-A820-46A0-B4DB-ED6AA4A336D9&displaylang=en

Determining a method for Client configuration
http://technet2.microsoft.com/windowsserver/en/library/3a8c83c3-4eac-4cc3-86fc-a54e67de9c121033.mspx?mfr=true

Filed under: Technical Articles on September 20th, 2007 | No Comments »

Everyone running a computer nowadays is probably used to running a software update mechanism of some sort. Windows users, Mac users, even Linux users are consistently bombarded with new features, bug fixes and software updates. This is all well and good except when the updates can cause network bandwidth utilization issues, or even system crashes. Take for example the two day outage Skype users suffered last month. It was reportedly caused by company personnel doing windows updates, which then required reboots, which then required users to re-connect to the network, and then crash! Obviously I would have concerns about a network being brought down by a simple update, but the fact that they say this is how it happened led me to our topic today. For all of you running Microsoft Windows networks I am happy to introduce you to a simple way to avoid this issue: Windows Server Update Service or WSUS. (Sorry Mac and Linux users).

What is WSUS?

So, what is WSUS you may ask.. Well simply put, it is a software application that allows companies granular control over the downloading, distribution and installation of Microsoft Windows patches. Or as far as Skype is concerned, it is the service that could have prevented their system from crashing.

Let me explain a little bit. The WSUS service plays two critical roles in the Windows updating process. First it becomes the central repository for all of those windows patches that need downloading almost every day. WSUS server initiates contact with Microsoft and downloads patches so your internal computers no longer need to strangle your precious Internet connection. This single fact in a company of 100 windows computers will provide a 100x bandwidth usage reduction. Second, and just as important for our friends at Skype, WSUS allows the integration of policy based patch deployment. Let’s take a look at that a little closer. WSUS allows administrators to deploy updates and patches based on corporate security and business rules. For example, again for our friends at Skype, a good deployment rule would be to create sub sections of computer users and deploy the patches in stages as opposed to all at once. Another possible rule, only deploy patches during low usage times, either of which could have minimized the risk occurred by updating, and potentially eliminating unnecessary outages.

Technical Preparedness

Obviously there are some technical considerations when evaluating and deploying a solution like this, and our own Jesse Woodruff has taken a deeper look into the technical world of WSUS in his post here.

Ultimately there are a number of reasons networks and systems can crash without any help from us, hopefully this tool gives you the ability to take one item off that list.

Good Luck!

Additional Resources

Skype Crash
http://gizmodo.com/gadgets/breaking/skype-blames-microsoft-windows-update-for-network-crash-291202.php

WSUS Homepage
http://technet.microsoft.com/en-us/wsus/default.aspx

WSUS Overview
http://technet2.microsoft.com/windowsserver/en/library/632f98ac-9d45-480b-b801-996b714cebd01033.mspx?mfr=true

Filed under: Business Articles on September 20th, 2007 | No Comments »

When I told my wife I was writing a story about stamping out spam she was pretty excited because she never could understand how I could eat that stuff. (Personally I love it!) I know it’s an old joke. What I really want to talk about is email spam, how it is evolving and the steps you can take to reduce it in your organization.

Is my anti-spam solution working?

If you’ve noticed an increase in spam you’re right! There are actually two things occurring. First, the volume of spam has grown by over 15% in the last six months. In fact, it is estimated that over 85% of all e-mail traffic is now spam. Second, spam firms are always looking for and finding new ways to get around spam filters. Until recently you probably saw a lot of emails where the message was actually an image rather than text. However anti-spam technology has evolved rapidly to identify and stop image spam. Within a mere six months image spam has almost stopped.

What’s the latest spam ploy?

Now it’s fake greeting cards or “attachment” spam. You receive an innocent looking message that asks you to open an attachment. In many cases it looks like a greeting card. When you open the attachment, your PC can be hijacked and turned into a “zombie” that can be used to forward more spam without your knowledge. Who knew The Night of the Living Dead was more truth than fiction.

A spammer’s main goal is to get you to go click on a web link or URL. Often it’s to get you to look at a product, call a phone number, buy a stock or order some form of medication (as if any of us really need to be any bigger!) So pay attention. It’s easy to fall prey to an innocent looking e-mail that says “Hey John - click here to see pictures from our vacation!”

Now my filter is blocking good messages!

Yep - here’s the flip side to the issue. As anti-spam filters become increasingly sophisticated, the prospect of a false positive has grown. So what to do? Quite often administrators will “white list” the domain of the sender. However, remember our earlier statement about zombie machines? Who’s to say that the server you trust today won’t be infected tomorrow? Obviously sometimes you will need to white list a domain, just don’t be indiscriminate. Better to white list an individual e-mail instead.

I also see people do things like enter the subject in all capital letters or give a short “Guess what ?????” subject with a string of punctuation. Anti-spam filters use content to identify spam. If your e-mails look like spam, they get treated like spam.

We’ve also noticed that AOL accounts seem to bounce e-mails more than other services. I think they are trying to provide protection to their customers but sometimes it goes a little overboard.

Is there anything else to worry about?

Yes, stopping spam is an ongoing process but the good news is that technology is moving fast to keep up. The best defense is a dedicated anti-spam appliance that sits in front of your email server. You don’t want your email server spending all its time monitoring for spam and slowing down. The anti-spam device we employ at Awecomm monitors for all of the following items:

• Anti-spam
• Anti-virus - Might was well check for viruses at the same time. Don’t let emails get through with viruses that a user might open.
• Anti-phish - protects from schemes often used to gather confidential information about an organization or its users.
• Anti-spy (attachments) - scans attachments for spyware executables and delete.
• Anti-spoof - prevents the use of forged or “spoofed” sender addresses on unsolicited emails.
• Denial of Service protection - use rules to prevent denial of service attacks.

There are also anti-spam services and anti-spam software you can run locally, but a hardware solution is going to be faster. Take a look at your budget and overall requirements. With any solution make sure there is a competent subscription service in place to update the rules and scanning mechanisms on a regular basis.

Here are some additional tips:

1. Never reply to spam messages even if you are given a “remove” option. Instead use your Outlook or anti-spam service to block the message. (Most systems have a plug-in that lets you tell the service whether to mark or unmark a message as spam). The only time you may want to respond is if you know the e-mail is from a reliable source.
2. Do not open attachments from a source you are unfamiliar with. If necessary call the individual to confirm first.
3. Don’t send your email address through chat rooms or instant message services.
4. Don’t put direct e-mail links on your web site. This one is far too easy to pickup. Instead, for example, use a hyperlink from your name. Even better is to use a form that uses a processing script to resolve the email address. It helps to even keep email addresses out of the site HTML.
5. Make sure you “opt out” of receiving free or additional information from a web site. A lot of sites have a flag that defaults to “Send me more information”. Make sure to uncheck it.
6. If you are just checking out a site and aren’t sure if you will go back you can always enter a fake e-mail address if one is required.

There are obviously a lot of issues to deal with when it comes to spam. Complicating this scenario is the fact that the nature of spam is changing all the time. Spam identification and elimination solutions will constantly evolve. However the cost on the organization in terms of wasted time or possible outright damage to your network is too substantial to ignore. You will need to be proactive and don’t be surprised to see spikes in activity. But if you have a good solution in place you should see it adapt to the challenge.

Sources:

Barracuda networks white papers. http://www.barracudanetworks.com/ns/support/white_papers.php

Personal experience fighting the fight!

MSNBC articles on spam

Filed under: Business Articles on September 5th, 2007 | Comments Off

Well, I have never eaten SPAM, but I have deleted a bunch of it. A few years ago, you may have been excited when you have received a new email. Now, you just wish you recognize the sender. SPAM email has become more prevalent in recent years and is one of the biggest pains to deal with. Unless you like adds for Viagra or “Get rich quick” emails. In this article, I will discuss exactly the types of SPAM, why they are out there and some things you can do to minimize it.

What is SPAM and how many kinds are there?

First, why is it called “SPAM?” It seems that this term came up from a Monty Python SPAM sketch; the sketch was set in a café where every item included SPAM meat. The chorus of patrons were singing the words “SPAM, SPAM, SPAM…lovely SPAM, wonderful SPAM,” thus “SPAMming” the dialogue. SPAM meat was also one of the few products not rationed during World War II, making it commonly available. Looks like the name took off from there.

Before we can tackle SPAM, we must first know the proper definition. Some of the definitions vary, but my favorite comes from Wikipedia, “Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.” This pretty much sums it up; SPAM is a mass email about something you probably have no interest in, or an attempt to infect your computer with a virus, spyware, adware, etc.

How many kinds are out there? There are many different kinds, trying to do the same thing, annoy you. The most common and widespread is e-mail spam; here is a list of some others you might be familiar with:

• Instant messaging
• Usenet newsgroup
• Web search engine
• Spam in blogs
• Mobile phone messaging
• Internet forum
• Junk fax transmissions
• Image
• Blank

As you can tell, SPAM is all over. Most of these are for recreational purposes and it is a shame that SPAM is ruining user’s experiences. You can read more about each of these here: http://en.wikipedia.org/wiki/Spam_(electronic)

How does it work?

You have probably been the victim of many SPAM mass emails; have you ever wondered what is going on? By examining how these emails get out; it is not hard to do, which is why there are so many. There is a simple “SPAM to do list” explained on spambloggers.com; this explains what one would do if they wanted to become a SPAMmer.

1. Procure initial capital.
2. Acquire a list of e-mails to which you will send out your messages.
3. Get at least one client that is willing to pay you in order for you to distribute their message.
   • Figure out a way by which you will be paid by your client.
   • Figure out how you will track the payment conditions.
   • Setup the system by which you will be paid by your client, following the payment tracking conditions.
4. Create a system which you can use to distribute the message to the e-mail list.
5. Press Go

It is as simple as getting some money together and thinking up a product, or fake product to sell. Once you have that you can get a list of email addresses to send to. Just remember, if one per son will buy it, then many more will. If they pay using Paypal or another Internet pay portal, the money will come in without much work on your end.

I guess the next question anyone might have is, “Is SPAM illegal?” Well, for the most part no, but states have varying rules. SPAMmers are sending messages from outside the United States, which makes it much harder than creating a law. Sending someone a SPAM email is not illegal; forging another company’s software is illegal. This will be discussed in the next section.

People that got busted and stats on SPAM

SPAM has been around for some time now, there must have a few people that have been caught. Well, there are actually many, but I will explain two cases.
Ryan Pitylak - a 24 year old out of Texas, is known for one of the biggest spammers of all time. At his peak he was sending out 25 million messages a day and made between 3 to 4 million throughout his career. His emails offered mortgages and debt counseling, but in the end he paid a fine of 1 million and costly legal bills. He now clams to be an “anti-spam activist.”

Jeremy Jaynes - Spammer that Virginia and AOL put in jail. He made over $24 million on fake Federal Express refund kits. He was sending over hundreds of thousands of e-mails a day, with 10-17,000 replying each month. His kits went for $39.95 and was earning up $750,000 a month. He was sentenced to jail for nine years.

Here are some stats that you may think are crazy:

The first SPAM on record was in 1978 that was sent to 600 addresses. The first big scale SPAM sent was in 1994 that was sent to 6000 newsgroups. As of February 2007, 90 billion SPAM emails are sent per day. Jef Poskanzer, owner of the domain name acme.com, was getting over 1 million spam emails a day. It is estimated that 80-85% of all incoming mail is some form of SPAM. It was stated in 2006 that the SPAMming industry has cost the US over $10 billion in money, lost man hours and fixes to limit SPAM.

Interesting Cases
The first known SPAM attack was in 1978, read about it here: http://www.templetons.com/brad/spamreact.html

Star Trek vs. Star Wars - Star Wars fans invade a Star Trek chat room http://www.myshelegoldberg.com/writings/essays/spam.htm

With all that said, what can I do to decrease SPAM?

There are many things that can be done to decrease the amount of SPAM that you receive. The easiest way would be to customize whatever SPAM protection you are using on your mail server. A common product is called SpamAssassin; this product lets you create rules to keep you up to date with the newest attacks. You can give emails a scoring rating, ones that score too high will not be allowed through. This, combined with Outlook settings, will greatly diminish the emails you receive. Outlook will let you place all Junk emails into a Junk Folder, so only the emails you want will be in your Inbox. These programs do vary and it depends what kind of mail server you are running on. There are also other programs that you can run from your desktop that will scan incoming messages.

Another way to more efficiently limit the SPAM that you get is through a hardware appliance. The most popular one is called the Barracuda SPAM firewall. The setup is pretty straightforward; point your MX record to the appliance and setup the domain on the server. This appliance sits in front of your email server and will decide, based on its’ software, if the message it legit or not. If it thinks it is fine, it will let it pass through to the mail server; if not, it will block or tag the message for further review. There is a nice web control panel that will let you view all the messages received. If it blocks a message that it shouldn’t, you can manually deliver it through the web control panel. The only downfall is price, these units start around $1500.

SPAM is a growing issue and will continue to get worse. You can keep up with the times, or surrender to hundreds of unwanted emails a day. The major email providers seem to be getting a grasp on SPAM (gmail, hotmail and msn); but if you want your own domain, there is a bit to consider. You could go software or hardware protection and try to customize that to your liking. There are different ways to go, look around and see what works best.

Additional Resources

Wikipedia
http://en.wikipedia.org/wiki/E-mail_spam

Wikipedia
http://en.wikipedia.org/wiki/Spam_(electronic)

SpamBlog
http://www.spamblogging.com/archives/000043.html

Spam News
http://mcpmag.com/news/article.asp?EditorialsID=688

Spam Legal Issues
http://customersupport.acd.net/spam/spam4.htm
http://advertising.about.com/cs/spam/f/spamlegal.htm

Ryan Pitylak
http://blogs.guardian.co.uk/technology/archives/2006/06/05/spam_king_ryan_pitylak_turns_activist.html

SPAM money
http://weblog.johnlevine.com/Email/pitylak.html

1978 SPAM attack
http://www.templetons.com/brad/spamreact.html

Star Trek vs. Star Wars
http://www.myshelegoldberg.com/writings/essays/spam.htm

Filed under: Technical Articles on September 5th, 2007 | Comments Off

For this weeks newsletter we tackle a topic pretty close to our hearts here at Awecomm. Application Stress Testing. We have been performing this service for a while now and feel it is an important component of any application deployment. For more reasons why businesses should seriously consider this check out Brent’s post here.

This week I’ll highlight ten very important stress testing components, and describe why they are important.  If you are serious about determining the scalability and performance of your online application check out my list below.

Basically our stress tests are a combination of tests used to gauge the performance of the server and to determine how much load it can sustain before degradation takes place. For example, in one test, our developers built a automated user script that duplicated the login process, application usage, and logout process of a web application. We then ran 2000 simultaneous connections to it for 1 hour and collected as much information as we could. With that, we can determine what type of load the infrastructure
can sustaine.

1. CPU Usage.  A cpu that is continually running at a very high percentage during the test may indicate an application issue whether it’s poorly tuned or designed. This could be lowered once the application has been optimized. If cpu usage has scored high it could also mean that a hardware upgrade is imminent. You can use the Processor:% Processor Time counter in System Monitor to determine this.  Below is a sample screenshot.

2. Disk Usage.  If your physicaldisk: % disk time counter is very high we can then check the current disk queue length counter.  With this we can determine whether what step to take next.  Do we need to upgrade to faster drives?  We can also check #3 below.

3.  Memory.  One thing we can check is the Memory Page Faults/sec counter.  We can then determine whether the disk activity is caused by paging which could mean that the memory usage could be high due to processes using too much memory.
There’s another counter that can determine memory usage that will also reflect the usage that correlates with the possible disk time counters being high.  View a sample screenshot below.

Monitoring SQL

4. SQL Memory.  You need to check how your database server is performing.  We can use the same counters above with some of these sql counters to determine this.  The sqlserver memory manager counter will show the total memory in use by SQL.

5. SQL Connections. We can find out the number of users connected to the sql server using the sqlserver:general statistics\user connections counter.

6. SQL Latches.  SQL uses these to protect actions that don’t need to be locked for the life of a transaction.  When the engine is scanning a page it latches it, reads it and gives it back to the relational engine and then unlatches the page so that it can be used again.  You can monitor the average latch wait time by using the sql server:latches\average latch wait time counter.  If the number of these is high, there could be a resource limitation.

Monitoring IIS

7.  Current Web Connections.  Finding the current IIS web connections is important to understand how this might be related to cpu, and memory usage.  View a sample screenshot below.

8. Not found Errors.  This show’s the number of requests that were reported as HTTP error 404. 

9. ASP Pages Performance. During the testing we can find if there are Errors and how many there are.  ASP Requests whether we find how many have failed or how many requests are timed out could shed light on application or resource issues.

10. ASP.NET Performance. When looking at worker processes and how many are running or how many restarts it’s getting could throw a red flag in which could lead to some investigation.  We can also look at either a single instance or a total for all applications running on the server.

Valuable information can be found after running a load test.  Although this can get quite technical, the data that is gathered is critical to determine where your application, database, or web server stands.   

Resources

Microsoft Performance Baseline
http://technet2.microsoft.com/windowsserver/en/library/9277f422-eb8c-4c14-89b5-9fe09f80fd191033.mspx?mfr=true

SQL Latching
http://msdn2.microsoft.com/en-us/library/Aa224727(SQL.80).aspx 

System Monitor IIS6
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3ffd9ede-2bc8-4bdc-871e-9d937f25d6c9.mspx?mfr=true

Filed under: Technical Articles on August 17th, 2007 | No Comments »

For a while now we have been performing application stress testing for our customers. We basically setup our drone machines and network to throw a bunch of traffic towards an online application, use our customized scripts to simulate users, and tediously measure the results. From there we can produce reports projecting application performance over varying loads and situations. So why is this an important thing for businesses to evaluate… Read on!

Why you need it.

Stress testing can provide invaluable insight into the scalability and performance of your application. It gives you the ability to anticipate load times witnessed by your users, gives you the ability to forecast problems, helps identify application and hardware limitations, allows you to properly plan and deploy infrastructure, and in most cases can locate areas in which your applications can be optimized for better performance. What does this mean.. well simply put, a proper stress test can help you avoid downtime when your web site or application is needed the absolute most, during heavy usage. I have experienced far to many sites going down or slowing to a crawl when they get too much traffic, not only is the web site losing my interest, but they are probably loosing my business too. This is unacceptable today given the fact that most time it can be easily avoided.

What is stress testing?

Basically stress testing an application is generating a pre-defined amount of traffic to accomplish a pre-defined set of tasks on an application, then collecting data and interpreting the results. The amount of traffic and which actions are performed depend on what you are testing but usually simulates normal user activity factoring for anticipated growth. Anything from visiting multiple web pages within a site, to engaging in actual application usage like logging in, purchasing items, taking tests, running reports, filling out forms, etc.. During the testing process very specific measurements are recorded and this data is used to produce specific reports on the performance and limitations of your web application.

What should the reports show?

Another common question is what information should your test reveal. Well of course like everything else that depends. At a minimum I would suggest at least getting a good idea of how many simultaneous users your application can handle with the current infrastructure. That will give you a loose idea of when to anticipate issues based on too many users and potentially avoid them. I would also check for hardware bottlenecks, or potential software issues. Our own Jesse Woodruff does a good job describing them technically in his post here. Ultimately you’re looking for enough information to build a roadmap for growing your application based on actual usage. You should know how many users your web application can handle, what is the longest acceptable load time you can deliver to those users, when you need to scale your infrastructure, what components of the infrastructure you will need to scale first, and potentially what modifications can be made to your application to utilize less resources and therefore extend the life of your current infrastructure. Having this information readily available will not only help you save money by planning correctly for your application, but can also help you avoid unacceptable downtime that would loose business.

Filed under: Business Articles on August 17th, 2007 | No Comments »