Microsoft Small Business Specialist         Home | FAQs | Contact | Site Map

Site Menu:

Home
Company
Product Catalog
Services
Newsletter
How it all works
Feedback

Events:

We will be one of the exhibitors at the Seacoast Chambers' Schmooze. Come by and check us out! [More...]

 

Vol 01 - Edition 07

.

Managed Service Providers (MSPs) – Coming Of Age?

 Robert Frances Group
RFG believes that some MSPs have reached the levels of technical maturity financial stability required to provide reliable business benefits to the enterprise. IT executives should review MSP capabilities, financial conditions, and service cost structures to verify if outsourcing selected parts of the IT management infrastructure makes good business sense and provides a strong value proposition.

Business Imperatives:

  • A good way to begin working with an MSP is to enter into a pilot that minimizes business risk, limits financial exposure, and tests selected services. IT executives should discuss an MSP outsourcing pilot with their technical staff and select areas that are difficult or costly for the enterprise to support internally as pilot candidates.
  • Enterprise requirements must be the foundation for MSP contractual terms and conditions and service level agreements (SLAs). IT executives should prepare a statement of work that is reviewed carefully with the MSP to ensure enterprise requirements are mutually understood and satisfied by the MSP proposal.
  • Networks and IT infrastructures are increasing in complexity and asset, fault, performance, and security monitoring and management can easily overstretch scarce enterprise resources. IT executives should focus on identifying the technical support gaps that currently exist and plan to evaluate any MSP services that can help improve technical support and overall performance.

The MSP Association defines MSP as a company that delivers information technology infrastructure management services over a network to multiple clients on a subscription basis. In many cases, there may not appear to be significant differentiation between an MSP and an application service provider (ASP), and the distinction will probably remain clouded for some time. Some MSPs have been around for almost two years, but have only recently gained widespread interest in large enterprise environments because of declining technical resources and shrinking support budgets at many larger corporations.

With most MSP offerings, the MSP maintains a set of monitoring and management tools that monitor a client's network and systems. Embedded software agents, simulated transactions, and the Simple Network Management Protocol (SNMP) are used to collect traps and alarms to obtain the required performance information. The collected information is then sorted, archived, and logged into a database for further processing and action as required by the particular customer.

The MSP value proposition, although fairly simple, can be quite effective if it clearly indicates significant cost savings and improved management solutions for the enterprise client. Some of the important benefits that an MSP can provide include:

  • Rapid deployment IT monitoring and security quickly;
  • Support of focus by customers on core competencies;
  • Saving time and money for customers via 24x7 management systems that are maintained and upgraded by the MSP;
  • Increased availability and reliability of customer networks, via expert analysis of network performance by specialized individuals and systems; and
  • Minimal start-up costs to customers for outsourced IT infrastructure monitoring and management.

However, a critical area where the "rubber meets the road" lies in the MSPs ability to monitor and report on IT network and systems performance and take defined actions that are customer-specific. For example, a third-party router vendor SLA may state that the availability guarantee is 99.99 percent, but proving conformance with this requirement can be difficult. However, an MSP can monitor the router and report any deviation from the SLA guarantee to the customer via a predetermined method, such as an instant page or exception report. IT executives should verify enterprise monitoring and reporting requirements are well defined, included in the MSPs SLA, and tested in the service pilot.

This Month's Tip:

Business continuity planning should be considered carefully.

(MSPAlliance) - Wednesday, July 26, 2006 - Organizations have been increasingly concerned with surviving a major disaster and are implementing business continuity plans in reaction. Business continuity plans should be performed by all organizations with the time and resources in relation to the level of risk and the specific constraints. The overwhelming response has been to have employees work at home in the event of a disaster, employing personal high-speed Internet connections.

However, there are many factors to consider when drafting a business continuity plan. Organizations should make sure to review their projected needs during a crisis with their telecommunications providers, as phone companies have a policy of taking care of business customers first. Telecom providers should realize that more people will be working from home and that present residential service plans will be inadequate for their needs.

Organizations should also keep several ways to connect to the Internet available, including DSL, dial-up and wireless. Also, some telecoms will not be operational during a disaster. Organizations should make sure they have the proper continuity plans in place to address infrastructure and support, and it is much better to work on solutions now than waiting for disaster to strike.

Panda Software’s Weekly Report on Viruses and Intruders

This week's PandaLabs report looks at the Ppdropper.A and Sinowal.BS Trojans and the Spybot.ADW and Netsky.BR worms.

Ppdropper.A is a Trojan that exploits an, as yet unpatched, vulnerability detected in several versions of Microsoft PowerPoint, which could allow a remote attacker to access computers with the same privileges as the active user account. It is distributed through a specially-crafted PowerPoint document, reaching users in several ways including email, the Internet or P2P networks. Once it has infected a system, Ppdropper.A allows other threats to enter the computer, such as Bifrose.QN, a backdoor Trojan that enables the computer to be controlled remotely. Given that there is no patch available to resolve the vulnerability exploited by this Trojan, it is advisable to act with caution when opening PowerPoint documents, regardless of their source.

Sinowal.BS is a Trojan that creates a series of files on the system and injects itself in the explorer.exe process to collect user information, including email passwords for the Ak-Mail, Eudora and The Bat applications, as well as in those stored in Protected Storage. It also gathers information about FTP servers configured in FlashFXP and about the Favorites links stored in Internet Explorer and Firefox, among others. The information compiled is sent to a website, along with other data such as the computer’s IP address and open ports. It also monitors data that users send when using the Internet. Sinowal.BS cannot propagate automatically by itself and therefore needs user interaction in order to infect a computer.

Spybot.ADW is a worm with backdoor characteristics that connects to IRC servers, allowing an attacker to get information about the compromised system, including its IP address. It can also install its own FTP server. This worm cannot propagate automatically by itself and therefore needs user interaction in order to infect a computer. However, an attacker can instruct it to spread via email to addresses taken from the Outlook address book. These emails have the subject “Critical Update”, in an attempt to convince recipients to run the attached file under the pretence that it is a Microsoft patch to resolve a security problem.

Netsky.BR is a new worm from this notorious family that spreads via email using addresses taken from the infected computer. Apart from this, there are no other detrimental effects. The emails it sends include an attachment that appears to be a harmless text document, with the corresponding icon, but is actually an executable file with a double extension. When the document is opened, Netsky.BR makes copies of itself under the name Jammer2nd.exe, along with other MIME format files.

Archives

If you have missed some of our earlier issues, you can view past issues via the links below:

Newsletter Subscription...

Enter your email address in the space below to receive our latest news and updates.

Email:

 
Home | FAQs | How it all works | Contact | Feedback | Resources | Other TeksOnline
from M.I.S. Gurus, LLC
© 2006