Computer Lab & Private Cloud 2.0
Productivity

Computer Lab & Private Cloud 2.0

Posted On April 21, 2023 at 6:16 pm by / Comments Off on Computer Lab & Private Cloud 2.0

In our new office, there is an upgrade on our private cloud 2.0. This is our commitment to our clients with continuous development for our technical team. We are providing the best cybersecurity, network and IT infrastructure services, etc. Supermicro Xeon Server Archsolution Design Open Frame Rack with Supermicro Servers Meanwhile, we would like to share our new computer lab 2.0 using our tailored racks for hosting servers.  Our own design 25U open frame #rack is #adjustable and able to support #400KG.  It is a rack able to be installed or uninstalled within 45 minutes. So, it is fit for temporary projects or even home-use.    
Read More
Moving Notice
Uncategorized

Moving Notice

Posted On October 30, 2022 at 5:32 pm by / Comments Off on Moving Notice

It is our pleasure to announce that we are expanding our business with a new office location at Sheung Wan. Our new address is: 1301, 13/F Shun Kwong Commercial Building, 8 Des Voeux Road West, Sh...
Read More
Commitment on Bitdefender Support
Information Security

Commitment on Bitdefender Support

Posted On November 28, 2021 at 5:24 pm by / Comments Off on Commitment on Bitdefender Support

As Archsolution is focused on providing best service quality, our team is always learning new skills and getting more experienced with the investment in people and technology    . In November 2021, our team have renewed all required technical and sales certificates in Bitdefender for the coming year.  We are qualified to provide local first tier support with certified engineers and sales specialists.  We are commited our skills and knowledge updated with different vendors. For Bitdefender, our commitment is already started since 2013.  Please see our achievements.
  1. Certificate Requirements
Bitdefender - Our Archievement
  1. Specimen of Certificates Archieved
Bitdefender Consumer Product Sales Certificate Bitdefender Consumer Product Technical Certificate Bitdefender Business Product Sales Certificates Bitdefender Business Product Technical Certificate (Remarks: The sample above is just part of our achievement.)
Read More
Backup ESXi, vCenter, ESXi Free, Hyper-V and Database with Lowest Possible Investment
Data Protection

Backup ESXi, vCenter, ESXi Free, Hyper-V and Database with Lowest Possible Investment

Posted On May 24, 2020 at 8:13 pm by / Comments Off on Backup ESXi, vCenter, ESXi Free, Hyper-V and Database with Lowest Possible Investment

Even we are migrating application and database servers to an Open-stack environment, but there are still lots of Virtual Machines being maintained by our clients and our team. Unfortunately, most of the Enterprise class backup solutions are not able to backup ESXi free version.  Otherwise, many other tools are allowed to backup ESXi free images but counted by each guest nodes.  The cost will be extremely high and not worth for ESXi free or other virtual environment like Hyper-V.  We will spend some time to try and test different products in the market.  Finally, we have picked up Iperius – a software vendor in Italy for doing the backup task for 10 guest live images of ESXi free.  It is powerful, complete, and extremely easy-to-use. It supports incremental and differential backup of ESXi (CBT/VDDK) virtual machines, including the free ESXi Free version. Further, Iperius supports the replication of virtual machines from datastore to datastore and from host to host, to have an exact copy of virtual machines always ready to be started in case of malfunction or crash of the main machine. Replication can also be planned and performed on multiple destinations, thus enabling an optimal failover policy. The most significant features of Iperius for this kind of backup are being list below:
  1. Incremental and differential backups of virtual machines (full support for Changed Block Tracking (CBT/VDDK));
  2. Backup of ESXi Free (the free vSphere Hypervisor version), including incremental and differential backups;
  3. Replication of virtual machines from host to host and from datastore to datastore (to have an immediately bootable copy in case of crash)
  4. Incremental Replication even between ESXi Free hosts
  5. Backups only of the disk space that is actually being used;
  6. Restore of individual files (file-level restore)
  7. Full support for connecting to VMware vCenter Server and ESXi Cluster
  8. Auto-restore of virtual machines, including on different hosts (also useful for the replication/cloning of virtual machines);
  9. Extremely lightweight and stable software (Iperius is also portable and does not install anything that will affect the performance of the server);
  10. Compatible with all ESXi (4.x, 5.x, 6.x) versions;
  11. “Application Consistent” backups even of Linux virtual machines, by quiescing the file system with pre-freeze and post-thaw scripts.
  12. There is also the possibility to exclude specific virtual machine disks and manage independent disks;
  13. One of the lowest prices on the market (€ 269), perpetual license, both support and updates are for free;
(Buy from us with further discount!!!)
  1. Agentless: with just one installation, you can back up any virtual machine on the network
  2. Only one license needed for unlimited host and virtual machines;
  3. Complete backup utility with many other features.
Apart from the great features for VM backup, it is possible to use Iperius backup for common database engines such as Microsoft SQL server, Oracle, MySQL and PostgreSQL.  It provides fundamental features like export DDL and data as text.  However, with their scheduling function, it is basically fulfilled most of the small network needs.  Apart from these fruitful features. They offer cloud storage for remote backup. In order to share the great tool using by system experts, we are partnering Iperius to offer this tools for the Hong Kong market.  It is better to have a trial and you can find better price from your local reseller than direct from them.  Also, you can enjoy local support with the reseller with your mother language locally. Please contact us for more information.
Read More
IT Infrastructure Tips for Small Business #1 (Communication Tools)
Productivity

IT Infrastructure Tips for Small Business #1 (Communication Tools)

Posted On March 31, 2020 at 4:25 pm by / Comments Off on IT Infrastructure Tips for Small Business #1 (Communication Tools)

There are a number of articles being written for small businesses and will be published. During the Coronavirus crisis since 2020, there are lots of people working at home remotely.  In the first article, it is going to discuss communication tools for remote work.   WhatsApp / WeChat, etc. are not classified as communication tools for work and not to be discussed in this article.  However, there are still lots of tools needed to be in-place like Remote Access, Sharing of document, etc.  We will discuss them later in other articles with tips. There are many software able to do video conferencing with both freemium and paid software.  It is important for this type of software with features below:
  • Screen Sharing
  • File Sharing
  • WebCam Connection
  • Computer Audio Connection (Mic+Speaker/ Headset)
  • Options for toll-free diag-in
  • Options for recording
We would like to introduce some of the choices as below: 1. Google Hangouts Let’s start with freemium first.  This is again a free tool provided by the giant – Google.  You can just type Google hangouts at google search.  On the left hand side, you will see your contact list at the left hand side.  Then, you can invite anyone to join the call. 2. Zoom Zoom is now the most popular conference call or even webinar services in the world.  You can use Zoom free under some limitations like 40 minutes for multiple participants.  However, you can also pick paid services with options to provide toll free calls across 100 countries with a lower price than WebEx. Unfortunately, more users found that it is possible to expose the meeting to strangers without setting the security carefully.  Also, Zoom had shared the meeting information with servers located in China.  It is very sensitive for information leakage due to the American Chinese founder.  In APR 2020 (latest update), they have fixed their security issues. 3. WebEx For me, it is still the number one in the market with its stability and security.  However, it is still one of the most expensive one.  For user outside UK or US, the price is extremely high for those corporations seeking with toll-free support. Furthermore, Cisco WebEx is the pioneer for providing video conference solutions with the best security.  So, it is better for businesses with higher budget. 4. Jitsi Meet This is an Open Source solution.  You can use their service freely at https://meet.jit.si with starting a meeting room.  Even anyone could start a meeting, but you can have your own password for the target participants to reach the unique meeting room for privacy & protection. Also, you can have a choice to host the Jitsi at your own server and add security protection like authorized account to start a meeting.  As many other open source solution, it is possible to integrate your own LDAP server for installation on-premises.  We can help you or your organization to set up Jitsi-meet server with a very low charge. 5. Microsoft Teams If you are using office 365, you may have Microsoft Teams to connect to your team members or making calls.  If you have Microsoft Teams available in your organization, you don’t need to shop around. It is quite easy to manage and fully integrate with Microsoft Active Directory.  For the functionalities, it is basically similar to WebEx but in a different user interface. 6. Others There are other different vendors providing similar monthly subscription plans like Zoom or Cisco including: To conclude, it is better to have a big vendor for more resources available for the underlying infrastructure being invested by the vendor.  Basically, all of these solutions could be used in PC (Windows), MAC OSX and even mobile devices.  However, Jitsi Meet is an alternative for not paying any service charges to have your own solution with internal IT resources.  For small team, it is possible to pick Google Hangouts – freemium version.
Read More
Professional Service Arrangement (30 Jan 2020)
Data Protection

Professional Service Arrangement (30 Jan 2020)

Posted On January 31, 2020 at 12:07 pm by / Comments Off on Professional Service Arrangement (30 Jan 2020)

Due to the new corona virus impact and epidemic spread, we may provide remote support to our clients via: 1. Zoom 2. WebEx 3. Microsoft Team 4. Slack Please contact us via email and phone for any arrangement and / or update. Thanks. Regards, Archsolution Limited
Read More
Our Own Private Cloud
Productivity

Our Own Private Cloud

Posted On December 12, 2019 at 2:46 pm by / Comments Off on Our Own Private Cloud

There are many different organizations moving their infrastructure and application to different cloud vendor.  Once the platform is being built on 1 cloud vendor, it is difficult to move to another environment.  In recent years, many business owners found that the cost on using cloud platform is more expensive than hosting their own infrastructure with the price increment but also the expensive database / big data storage charged by cloud vendors by the growing data volume. In order to maintain the scalability and flexibility, it is possible to host a private cloud environment free from "vendor lock-in".   Moreover, it is very important to apply their own security policy easily at the private cloud and with serious security concerns on the public cloud or any other cloud services connecting to the Internet.  This project is not only preparing our own private cloud environment for different applications but also a proof-of-concept for a data science consulting company.  For building the platform, there are a number of physical servers leading different roles including control, compute, block storage and object storage nodes. Let’s see the architecture diagram as below. Figure 1: Open Stack – Architecture for the Private Cloud in Archsolution Limited   For hardware, they are basically listed below:
  Node No of nodes Configuration
1 Control 1 1*Intel Xeon 2.2Ghz 10C20T, 64G Ram, 2* 256G SSD
2 Compute 2 1*Intel Xeon 2.2Ghz 10C20T, 256G Ram, 2* 512G SSD
3 Block Storage 1 1*Intel Xeon 2.2Ghz 10C20T, 32G Ram, 2* 128G SSD 4* 1Tb SSD
4 Object Storage 2 1*Intel Xeon 2.2Ghz 10C20T, 32G Ram, 2* 128G SSD 6* 1Tb SSD
We are using our stock of Supermicro and ASRock mainboards with Team-group SSD.  For system memory, we are using ECC registered memory with Mircon chipset.  Also, the raid cards are all LSI (Broadcom) 9200-8i and 9200-16i with both battery module and the hardware key for the SATA SSD drives.  We don’t take SAS disk drive due to the cost concerns.  You can contact us to order any of these items. However, the SATA SSD is suggested to use either top-end models of Intel or Crucial for production environment.  If you are going to invest SAS SSD, it is recommended to take Seagate Nytro series with many different choices for the disk size. This is the first time for all machine running on top of SSD storage. Also, this successful example is being replicated to a Data Science consulting company.  We are helping them to deploy the solution at their lab and provide training to support their daily operations. Figure 2: Open Stack architecture – for a data science consulting company The data science consulting company is aimed to build their own private cloud with open source technology for research and training purposes.  There are some vital R&D projects like IoT and AI running in this platform. If it is required to have HADR, it is just needed to duplicate 1 set to another data center with the synchronization to maintain the information stored at near real-time basis.   For the management of Open Stack cloud, we use chef and compass to maintain the daily operation for the private cloud.  With the continuous development of Open Stack framework and improvement in different Linux distro, Open Stack is now a reliable and scalable platform without any software investment like VMWare / Citrix / Microsoft, etc.  Thus, this is a promising solution for enterprise with HADR features and live deployment of VMs.  All-in-all, the private cloud solution should be a good answer for the public cloud security concerns and also the flexibility & scalability within a corporate environment.
Read More
Open Source Firewall Real Examples
Information Security

Open Source Firewall Real Examples

Posted On November 25, 2019 at 12:21 pm by / Comments Off on Open Source Firewall Real Examples

There are many people arguing that it is only possible to go for Enterprise firewall.  However, there are non-profit making organization or small businesses not able to afford top-end products like Checkpoint, WatchGuard, etc. Most of the open source firewall operating systems are developed for more than 1 decade and using by millions of individual and organization.  Our professional service team is delivering both Open Source and Enterprise firewall or UTM gateway solutions. In this article, we would like to share some of the real applications of Open Source firewall with happy users for at least 3 years. First of all, we would like to introduce a case for a primary school with around 100 devices connecting to the network and the internet.  This catholic school is not able to afford an Enterprise class UTM gateway and consequent annual maintenance fee.  They are using the IPCOP as a static firewall with additional add-ins to protect their web, email and even student database server.  Their solution was deployed in 2014 and there is no single case of failure by virus, malware and ransomware.  (Remarks: they are using an Enterprise Anti-virus endpoint in education discount together with the IPCOP firewall) Another case is the computer lab owned by a Data Science consulting company – Smart Data Institute Limited located in Hong Kong.  They are using 2 nodes installed OPNSense as a cluster in front of their own private cloud and their workstations in the lab.  However, Sensei is a plugin for firewalls which complement them with features like Application Filtering, Advanced Network Visibility and Cloud Application Control.  (Note: their production network is using another Enterprise firewall – contact us for details) Apart from IPCop and OPNsense, there are still many different open source firewall solutions available in the market.  pfSense and OPNsense are those options able to meet Enterprise class demand.  IPfire is the one easiest to use and maintain, which is fit for SOHO and small organization without dedicated internal IT resources. However, there is no perfect security solutions to protect everything.  In order to maintain better Information Security, it is important to apply corresponding security policies, such as Computer Security Policy, Data Retention Policy, etc.  It is important to review the related policies and the latest technologies in order to balance the productivity and security. Should you have any question, you can contact us to arrange a free consultation session for seeking the tailored solution for your organization.
Read More
Information Security

Protect Your Children with Security Suite

Posted On November 10, 2019 at 9:15 pm by / Comments Off on Protect Your Children with Security Suite

You can find anything in the internet including violence, sex and drugs information.  It is highly recommended parents should protect their own children with the help of Security Suite – such as Bitdefender Total Security.  For taking Bitdefender as an example, it is because the Bitdefender brand with OEM products are protecting over 500 million devices worldwide. In this example, we try to demonstrate the functions of a security suite with Child protection.  You should find similar functions and features in many different brands like Kaspersky, McAfee, Symantec, etc. First of all (in Bitdefender Total Security), open the Parental Advisor / Parental Control functions in other antivirus to input the child’s profiles and prepare the custom settings. Then, it will prompt for the owner’s account to avoid the “hacking” from your child. Next, you are about to create a new custom profile.  First of all, you should pick your chlid’s device(s) with Bitdefender product being installed. Input your chlid’s name It will show the related device for the settings. Pick the user for the device.
Important: For the device, it is only allowed user account(s) with profile to access the corresponding device with Parental Control switching on.
It is important to input the email account to receive alerts and for which alerts being active for the monitoring. Moreover, you can create or modify your own customized control by adding hostname(s) into the blacklist or whitelist.  In the example below, it shows “facebook.com” being blocked. You can also monitor for whom your child is always talking to. Further, you can check your chlid’s current location with the near real-time monitoring. Meanwhile, you can set for when your child is able to access or use the computer and / or surfing the internet. If your child is trying to log on outside the scheduled time, he / she should see the page below by asking the parents for special request or just switch it off as suggested. Conclusion Freedom is important for everyone.  However, it is basic responsibility for parents to protect their children from abuse or day-long usage to affect their children’s health both physically and psychologically.
Read More
Data Protection

UrBackup Server – free backup solution for SMB

Posted On November 4, 2019 at 12:48 pm by / Comments Off on UrBackup Server – free backup solution for SMB

Archsolution Professional Service Team (2019-11-4)

Backup is one of the most important method to protect your digital asset.  However, most of the backup solutions are very expensive and we would like to share one of the freeware options – UrBackup.

In this article, we will focus on the Windows installation only due to the ability to backup Windows client workstation – operating system image.  For download, you can go to the urbackup.org to download different versions.

Installation of UrBackup Software on Windows
  • Download the NSIS (.exe) or MSI installer. You can only use the MSI installer, if you have a 64-bit operating system and at least Windows Vista/2008.
Install the UrBackup Server.
  • Go to the web interface ( http://localhost:55414 ) and then go to the settings and configure the folder where UrBackup should store the backup. This folder should have following properties:
      • It should be on a NTFS formatted volume (not ReFS or FAT).
      • There should be enough free space to accommodate the backups
      • Preferably the volume should be dedicated to UrBackup backups
      • The volume should be persistently online while the UrBackup Server instance is running. UrBackup does not support different backup volumes/drives
      • While migration is possible it will be lengthy and difficult. So best plan ahead.
      • You can easily increase the size of the backup storage volume, if you use Windows dynamic volumes or a hardware raid. If you are using a plain volume change it to a dynamic volume before the first backup.
      • Turn on compression for the urbackup folder (in Explorer: Right click and properties). If you are not using a really old computer it should pay off without decreasing the backup speed. Possible exception: If you plan to backup files with more than 50GB or turn off the image compression and plan to backup volumes with more than 50GB you should not turn on compression. NTFS cannot compress files larger than about 50GB.
      • Alternative to the compression you can use the offline dedup and compression build into Windows Server 2012
      • Disable 8.3 name generation on the volume. See https://support.microsoft.com/en-us/kb/121007 on how to do this. 8.3 name generation causes errors in rare cases, lowers performance and the 8.3 names are only used in rare cases.
      • If you are using Windows Server 2008(R2) (or the equivalent Desktop versions) you should consider consider applying hotfix https://support.microsoft.com/en-us/kb/967351 and then formatting the backup storage volume with
        • Format <Drive:> /FS:NTFS /L
After you have installed the UrBackup server you should perform following steps:
  • Go to the user settings and add an admin account. If you do not do this everybody who can access the server will be able to see all backups!
  • Setup the mail server by entering the appropriate mail server settings.
  • If you want the clients to be able to backup via Internet and not only via local network, configure the public server name or IP of the server in the Internet settings.
  • If you want the clients to be able to access their backups via browser and “right click -> Restore/access backups“‘ enter a server URL. E.g. http://backups.company.com:55414/. Make sure your DNS is configured such that backups.company.com points to the internal IP of the backup server if accessed from the internal network and points to the external IP otherwise. You should put a real web server in front of UrBackup and setup SSL.
  • If you want to get logs of failed backups go the “Logs” screen and configure the reports for you email address.
  • Change any other setting according to your usage scenario.
Client installation (Windows/Mac OS X client installation) If you plan on using the client in the same local network as the server, or the client is in your local network during setup time:
  • Download the client from http://www.urbackup.org.
  • Run the installer.
  • Leave the backuped items at the default, manually select paths to backup or configure the client from the server.
  • The server will automatically find the client and start backups.
If the client is only reachable via Internet/through NAT:
  • Add a new Internet client on the status page.
  • Download the client installer for the Internet client and send it to the new client. Alternatively, create a user for the new client (in the settings) and send the user the username/password. The user can then download the client installer from the server on the status page and install it.
  • Select the backup paths you want to backup on the client or configure appropriate default directories to backup on the server.
  • The server will automatically start backups once the client is connected.
This is the easiest method to add new internet clients. Notes: There are 3 different colours of the “Urbackup” client icon.
  1. Red – not connected
  2. Yellow – backup running
  3. Green – backup complete recently
  Automatic rollout to multiple Windows computers First, if you want to deviate from the default backup path selection, configure the general default backup paths so that the correct folders get backed for each client. Then install the clients using one of the following methods. On local network: Add the MSI client installer as group policy to the domain controller. Alternatively you can use the NSIS (.exe) installer with the switch “/S” to do a silent install and use something like “psexec”. The server will automatically find and backup the new clients. For internet clients: Adapt the script at https://urbackup.atlassian.net/wiki/display/US/Download+custom+client+installer+via+Python to your server URL and create a python executable from the modified script via cx_Freeze (http://cx-freeze.sourceforge.net/). Executing the python executable on the client automatically creates a new internet client on the server, downloads a custom client and runs the installer. You could also add the silent install switch (“/S”) when starting the downloaded installer such that it needs no user intervention. Client installation on Linux If you plan on using the client in the same local network as the server, or the client is in your local network during setup time:
  • Download the portable binary Linux client from http://www.urbackup.org.
  • Run the installer.
  • Select one of the available snapshot mechanisms. If none is available consider installing your Linux on LVM or btrfs. Otherwise you will have to stop all applications during backups which are modifying files via pre/post-backup scripts.
  • The server will automatically find the client and start backups.
If the client is only reachable via Internet/through NAT:
  • Add a new Internet client on the status page.
  • Download the client installer for the Internet client and send it to the new client. Alternatively, create a user for the new client (in the settings) and send the user the username/password. The user can then download the client installer from the server on the status page and install it.
  • Select the backup paths you want to backup on the client via command line (“urbackupclientctl add-backupdir –path /” or configure appropriate default directories to backup on the server.
  • The server will automatically start backups once the client is connected.
Read More