In our new office, there is an upgrade on our private cloud 2.0. This is our commitment to our clients with continuous development for our technical team. We are providing the best cybersecurity, network and IT infrastructure services, etc.
Meanwhile, we would like to share our new computer lab 2.0 using our tailored racks for hosting servers. Our own design 25U open frame #rack is #adjustable and able to support #400KG. It is a rack able to be installed or uninstalled within 45 minutes. So, it is fit for temporary projects or even home-use.
Read More
Moving Notice
It is our pleasure to announce that we are expanding our business with a new office location at Sheung Wan.
Our new address is:
1301, 13/F Shun Kwong Commercial Building, 8 Des Voeux Road West, Sh...
Read More
Commitment on Bitdefender Support
As Archsolution is focused on providing best service quality, our team is always learning new skills and getting more experienced with the investment in people and technology .
In November 2021, our team have renewed all required technical and sales certificates in Bitdefender for the coming year. We are qualified to provide local first tier support with certified engineers and sales specialists. We are commited our skills and knowledge updated with different vendors.
For Bitdefender, our commitment is already started since 2013. Please see our achievements.
Read More
- Certificate Requirements
- Specimen of Certificates Archieved
Backup ESXi, vCenter, ESXi Free, Hyper-V and Database with Lowest Possible Investment
Even we are migrating application and database servers to an Open-stack environment, but there are still lots of Virtual Machines being maintained by our clients and our team.
Unfortunately, most of the Enterprise class backup solutions are not able to backup ESXi free version. Otherwise, many other tools are allowed to backup ESXi free images but counted by each guest nodes. The cost will be extremely high and not worth for ESXi free or other virtual environment like Hyper-V. We will spend some time to try and test different products in the market. Finally, we have picked up Iperius – a software vendor in Italy for doing the backup task for 10 guest live images of ESXi free. It is powerful, complete, and extremely easy-to-use. It supports incremental and differential backup of ESXi (CBT/VDDK) virtual machines, including the free ESXi Free version.
Further, Iperius supports the replication of virtual machines from datastore to datastore and from host to host, to have an exact copy of virtual machines always ready to be started in case of malfunction or crash of the main machine. Replication can also be planned and performed on multiple destinations, thus enabling an optimal failover policy.
The most significant features of Iperius for this kind of backup are being list below:
Read More
- Incremental and differential backups of virtual machines (full support for Changed Block Tracking (CBT/VDDK));
- Backup of ESXi Free (the free vSphere Hypervisor version), including incremental and differential backups;
- Replication of virtual machines from host to host and from datastore to datastore (to have an immediately bootable copy in case of crash)
- Incremental Replication even between ESXi Free hosts
- Backups only of the disk space that is actually being used;
- Restore of individual files (file-level restore)
- Full support for connecting to VMware vCenter Server and ESXi Cluster
- Auto-restore of virtual machines, including on different hosts (also useful for the replication/cloning of virtual machines);
- Extremely lightweight and stable software (Iperius is also portable and does not install anything that will affect the performance of the server);
- Compatible with all ESXi (4.x, 5.x, 6.x) versions;
- “Application Consistent” backups even of Linux virtual machines, by quiescing the file system with pre-freeze and post-thaw scripts.
- There is also the possibility to exclude specific virtual machine disks and manage independent disks;
- One of the lowest prices on the market (€ 269), perpetual license, both support and updates are for free;
- Agentless: with just one installation, you can back up any virtual machine on the network
- Only one license needed for unlimited host and virtual machines;
- Complete backup utility with many other features.
IT Infrastructure Tips for Small Business #1 (Communication Tools)
There are a number of articles being written for small businesses and will be published.
During the Coronavirus crisis since 2020, there are lots of people working at home remotely. In the first article, it is going to discuss communication tools for remote work. WhatsApp / WeChat, etc. are not classified as communication tools for work and not to be discussed in this article. However, there are still lots of tools needed to be in-place like Remote Access, Sharing of document, etc. We will discuss them later in other articles with tips.
There are many software able to do video conferencing with both freemium and paid software. It is important for this type of software with features below:
Read More
- Screen Sharing
- File Sharing
- WebCam Connection
- Computer Audio Connection (Mic+Speaker/ Headset)
- Options for toll-free diag-in
- Options for recording
Professional Service Arrangement (30 Jan 2020)
Due to the new corona virus impact and epidemic spread, we may provide remote support to our clients via:
1. Zoom
2. WebEx
3. Microsoft Team
4. Slack
Please contact us via email and phone for any arrangement and / or update.
Thanks.
Regards,
Archsolution Limited
Read More
Our Own Private Cloud
There are many different organizations moving their infrastructure and application to different cloud vendor. Once the platform is being built on 1 cloud vendor, it is difficult to move to another environment. In recent years, many business owners found that the cost on using cloud platform is more expensive than hosting their own infrastructure with the price increment but also the expensive database / big data storage charged by cloud vendors by the growing data volume.
In order to maintain the scalability and flexibility, it is possible to host a private cloud environment free from "vendor lock-in". Moreover, it is very important to apply their own security policy easily at the private cloud and with serious security concerns on the public cloud or any other cloud services connecting to the Internet. This project is not only preparing our own private cloud environment for different applications but also a proof-of-concept for a data science consulting company. For building the platform, there are a number of physical servers leading different roles including control, compute, block storage and object storage nodes.
Let’s see the architecture diagram as below.
Figure 1: Open Stack – Architecture for the Private Cloud in Archsolution Limited
For hardware, they are basically listed below:
We are using our stock of Supermicro and ASRock mainboards with Team-group SSD. For system memory, we are using ECC registered memory with Mircon chipset. Also, the raid cards are all LSI (Broadcom) 9200-8i and 9200-16i with both battery module and the hardware key for the SATA SSD drives. We don’t take SAS disk drive due to the cost concerns. You can contact us to order any of these items.
However, the SATA SSD is suggested to use either top-end models of Intel or Crucial for production environment. If you are going to invest SAS SSD, it is recommended to take Seagate Nytro series with many different choices for the disk size.
This is the first time for all machine running on top of SSD storage.
Also, this successful example is being replicated to a Data Science consulting company. We are helping them to deploy the solution at their lab and provide training to support their daily operations.
Figure 2: Open Stack architecture – for a data science consulting company
The data science consulting company is aimed to build their own private cloud with open source technology for research and training purposes. There are some vital R&D projects like IoT and AI running in this platform.
If it is required to have HADR, it is just needed to duplicate 1 set to another data center with the synchronization to maintain the information stored at near real-time basis.
For the management of Open Stack cloud, we use chef and compass to maintain the daily operation for the private cloud. With the continuous development of Open Stack framework and improvement in different Linux distro, Open Stack is now a reliable and scalable platform without any software investment like VMWare / Citrix / Microsoft, etc. Thus, this is a promising solution for enterprise with HADR features and live deployment of VMs. All-in-all, the private cloud solution should be a good answer for the public cloud security concerns and also the flexibility & scalability within a corporate environment.
Read More
Node | No of nodes | Configuration | |
1 | Control | 1 | 1*Intel Xeon 2.2Ghz 10C20T, 64G Ram, 2* 256G SSD |
2 | Compute | 2 | 1*Intel Xeon 2.2Ghz 10C20T, 256G Ram, 2* 512G SSD |
3 | Block Storage | 1 | 1*Intel Xeon 2.2Ghz 10C20T, 32G Ram, 2* 128G SSD 4* 1Tb SSD |
4 | Object Storage | 2 | 1*Intel Xeon 2.2Ghz 10C20T, 32G Ram, 2* 128G SSD 6* 1Tb SSD |
Open Source Firewall Real Examples
There are many people arguing that it is only possible to go for Enterprise firewall. However, there are non-profit making organization or small businesses not able to afford top-end products like Checkpoint, WatchGuard, etc.
Most of the open source firewall operating systems are developed for more than 1 decade and using by millions of individual and organization. Our professional service team is delivering both Open Source and Enterprise firewall or UTM gateway solutions.
In this article, we would like to share some of the real applications of Open Source firewall with happy users for at least 3 years.
First of all, we would like to introduce a case for a primary school with around 100 devices connecting to the network and the internet. This catholic school is not able to afford an Enterprise class UTM gateway and consequent annual maintenance fee. They are using the IPCOP as a static firewall with additional add-ins to protect their web, email and even student database server. Their solution was deployed in 2014 and there is no single case of failure by virus, malware and ransomware. (Remarks: they are using an Enterprise Anti-virus endpoint in education discount together with the IPCOP firewall)
Another case is the computer lab owned by a Data Science consulting company – Smart Data Institute Limited located in Hong Kong. They are using 2 nodes installed OPNSense as a cluster in front of their own private cloud and their workstations in the lab. However, Sensei is a plugin for firewalls which complement them with features like Application Filtering, Advanced Network Visibility and Cloud Application Control. (Note: their production network is using another Enterprise firewall – contact us for details)
Apart from IPCop and OPNsense, there are still many different open source firewall solutions available in the market. pfSense and OPNsense are those options able to meet Enterprise class demand. IPfire is the one easiest to use and maintain, which is fit for SOHO and small organization without dedicated internal IT resources.
However, there is no perfect security solutions to protect everything. In order to maintain better Information Security, it is important to apply corresponding security policies, such as Computer Security Policy, Data Retention Policy, etc. It is important to review the related policies and the latest technologies in order to balance the productivity and security.
Should you have any question, you can contact us to arrange a free consultation session for seeking the tailored solution for your organization.
Read More
Protect Your Children with Security Suite
You can find anything in the internet including violence, sex and drugs information. It is highly recommended parents should protect their own children with the help of Security Suite – such as Bitdefender Total Security. For taking Bitdefender as an example, it is because the Bitdefender brand with OEM products are protecting over 500 million devices worldwide.
In this example, we try to demonstrate the functions of a security suite with Child protection. You should find similar functions and features in many different brands like Kaspersky, McAfee, Symantec, etc.
First of all (in Bitdefender Total Security), open the Parental Advisor / Parental Control functions in other antivirus to input the child’s profiles and prepare the custom settings.
Then, it will prompt for the owner’s account to avoid the “hacking” from your child.
Next, you are about to create a new custom profile. First of all, you should pick your chlid’s device(s) with Bitdefender product being installed.
Input your chlid’s name
It will show the related device for the settings.
Pick the user for the device.
It is important to input the email account to receive alerts and for which alerts being active for the monitoring.
Moreover, you can create or modify your own customized control by adding hostname(s) into the blacklist or whitelist. In the example below, it shows “facebook.com” being blocked.
You can also monitor for whom your child is always talking to.
Further, you can check your chlid’s current location with the near real-time monitoring.
Meanwhile, you can set for when your child is able to access or use the computer and / or surfing the internet.
If your child is trying to log on outside the scheduled time, he / she should see the page below by asking the parents for special request or just switch it off as suggested.
Conclusion
Freedom is important for everyone. However, it is basic responsibility for parents to protect their children from abuse or day-long usage to affect their children’s health both physically and psychologically.
Read More
Important: For the device, it is only allowed user account(s) with profile to access the corresponding device with Parental Control switching on. |
UrBackup Server – free backup solution for SMB
Archsolution Professional Service Team (2019-11-4)
Backup is one of the most important method to protect your digital asset. However, most of the backup solutions are very expensive and we would like to share one of the freeware options – UrBackup.
In this article, we will focus on the Windows installation only due to the ability to backup Windows client workstation – operating system image. For download, you can go to the urbackup.org to download different versions.
Installation of UrBackup Software on Windows- Download the NSIS (.exe) or MSI installer. You can only use the MSI installer, if you have a 64-bit operating system and at least Windows Vista/2008.
- Go to the web interface ( http://localhost:55414 ) and then go to the settings and configure the folder where UrBackup should store the backup. This folder should have following properties:
-
- It should be on a NTFS formatted volume (not ReFS or FAT).
- There should be enough free space to accommodate the backups
- Preferably the volume should be dedicated to UrBackup backups
- The volume should be persistently online while the UrBackup Server instance is running. UrBackup does not support different backup volumes/drives
- While migration is possible it will be lengthy and difficult. So best plan ahead.
- You can easily increase the size of the backup storage volume, if you use Windows dynamic volumes or a hardware raid. If you are using a plain volume change it to a dynamic volume before the first backup.
- Turn on compression for the urbackup folder (in Explorer: Right click and properties). If you are not using a really old computer it should pay off without decreasing the backup speed. Possible exception: If you plan to backup files with more than 50GB or turn off the image compression and plan to backup volumes with more than 50GB you should not turn on compression. NTFS cannot compress files larger than about 50GB.
- Alternative to the compression you can use the offline dedup and compression build into Windows Server 2012
- Disable 8.3 name generation on the volume. See https://support.microsoft.com/en-us/kb/121007 on how to do this. 8.3 name generation causes errors in rare cases, lowers performance and the 8.3 names are only used in rare cases.
- If you are using Windows Server 2008(R2) (or the equivalent Desktop versions) you should consider consider applying hotfix https://support.microsoft.com/en-us/kb/967351 and then formatting the backup storage volume with
- Format <Drive:> /FS:NTFS /L
-
- Go to the user settings and add an admin account. If you do not do this everybody who can access the server will be able to see all backups!
- Setup the mail server by entering the appropriate mail server settings.
- If you want the clients to be able to backup via Internet and not only via local network, configure the public server name or IP of the server in the Internet settings.
- If you want the clients to be able to access their backups via browser and “right click -> Restore/access backups“‘ enter a server URL. E.g. http://backups.company.com:55414/. Make sure your DNS is configured such that backups.company.com points to the internal IP of the backup server if accessed from the internal network and points to the external IP otherwise. You should put a real web server in front of UrBackup and setup SSL.
- If you want to get logs of failed backups go the “Logs” screen and configure the reports for you email address.
- Change any other setting according to your usage scenario.
- Download the client from http://www.urbackup.org.
- Run the installer.
- Leave the backuped items at the default, manually select paths to backup or configure the client from the server.
- The server will automatically find the client and start backups.
- Add a new Internet client on the status page.
- Download the client installer for the Internet client and send it to the new client. Alternatively, create a user for the new client (in the settings) and send the user the username/password. The user can then download the client installer from the server on the status page and install it.
- Select the backup paths you want to backup on the client or configure appropriate default directories to backup on the server.
- The server will automatically start backups once the client is connected.
- Red – not connected
- Yellow – backup running
- Green – backup complete recently
- Download the portable binary Linux client from http://www.urbackup.org.
- Run the installer.
- Select one of the available snapshot mechanisms. If none is available consider installing your Linux on LVM or btrfs. Otherwise you will have to stop all applications during backups which are modifying files via pre/post-backup scripts.
- The server will automatically find the client and start backups.
- Add a new Internet client on the status page.
- Download the client installer for the Internet client and send it to the new client. Alternatively, create a user for the new client (in the settings) and send the user the username/password. The user can then download the client installer from the server on the status page and install it.
- Select the backup paths you want to backup on the client via command line (“urbackupclientctl add-backupdir –path /” or configure appropriate default directories to backup on the server.
- The server will automatically start backups once the client is connected.