join now
newsletters
topics
topics
advertise with us ABA Journal Blawg 100 Award 2009 ABA Journal Blawg 100 Award 2008
Subscribe (RSS Feed)TechnoLawyer Feed

BigLaw: A Simple and Secure Way to Integrate iPads (And Other Mobile Devices) Into Your Law Firm

By Matt Berg | Wednesday, December 7, 2011

Originally published on November 23, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

No doubt you've read in BigLaw about all the midsize and large firms equipping their lawyers with iPads — or at least supporting iPads purchased by their lawyers. For example, the BigLaw Pick of the Week earlier this month, Damon Morey Makes iPads Standard Equipment.

Many methods exist for integrating iPads and other mobile devices into your legal environment. For example:

• Should you license, build, and configure mobility servers or gateways (e.g., WorkSite Mobility Server)?

• Should you encourage the installation of numerous purpose-built apps on your mobile devices directly (e.g., LexisNexis' Courtlink, WestLawNext, Linsay Associates' IPLaw)?

• Should you create a VPN connection to encrypt connections from your devices to your LAN?

• Should you implement an expensive and involved enterprise security solution (e.g., MobileIron)?

• Should you require that the IT Department authenticate/approve each device manually before it can be used to connect to your network?

• Should you require that all documents be synced when the device is on your LAN, or even when it is physically plugged into your computers, all of which must then run iTunes?

• Do you need access to applications other than document management, or web-based reference/resource apps? Wouldn't it be nice to be able to access all of your firm's various applications — from Elite to Concordance and everything in between?

Here's One Solution That Works Well

These questions can all seem daunting. There are no wrong answers or approaches necessarily. But some approaches and solutions are easier to implement than others, and some approaches are more or less secure.

Many firms want to use the iPad for a terminal services solution (e.g., Citrix or Microsoft's Remote Desktop Services) as a way to meet this challenge with a degree of simplicity. But what about security? If an employee loses his device, is there a window of opportunity in which a compromised device could be used to breach your network?

At Wolf, Greenfield & Sacks, my team and I have developed an easy-to-implement solution that is secure, and provides full access to your application environment for your iPad users. Here's what your firm will need:

1. A Windows 2008 R2 Remote Desktop Services (RDS) Server. Or a server farm if your environment could benefit from the load balancing/failover features of two or more application servers working in concert — and who couldn't really?

2. A Windows 2008 R2 Server configured as a Remote Desktop Services Gateway Server.

3. A two-factor authentication product that uses employee cell phones as physical tokens. Two options — PhoneFactor or SecurEnvoy.

4. An RDP client that supports Secure Gateways. Some possibilities include iTap RDP App for the iPad or Xtralogic Remote Desktop Client for Android, both with the Secure Gateway option, purchased from the App Store or Android Market respectively.

Security First: The Advantages of Two-Factor Authentication

So what is two-factor authentication? Two-factor authentication is based upon what you have (a digital certificate, a mobile phone, or land-line phone) and what you know (a valid login for your firm's network, and a valid password for the same). Two-factor authentication has been in use for many years (perhaps most readily recognizable in the form of an RSA SecurID token key fob), and is superior to other forms of security because it requires that you have both.

For example, if someone were to learn your password they would still be unable to connect to your firm's network without your mobile phone or a valid firm-issued digital certificate. And conversely, it is not enough simply to have the "key" (the digital certificate or cell phone) — one must also have a valid login and password pair to gain access to the network.

Using an employee's mobile phone as a physical token is an elegant way to achieve two-factor authentication. Employees will always have it with them. And use of their mobile phone to effect this authentication is as easy as (1) entering your user name and password (what you know) at the RDS Gateway, (2) answering your phone (what you have) when the service calls you to confirm the login, and (3) pressing "#" to complete the authentication process. For convenience, firm-owned laptops can be equipped with digital certificates (again, what you have) that permit access without requiring a call-back.

Install and configure the RDP client on your mobile devices
The key here is the Secure Gateway support, which permits you to specify both an externally accessible gateway (via IP or DNS), and an internal hostname for pass-through to your RDS Server or Server Farm itself once the two-factor authentication has been achieved.

This solution will work not only with iPads, but also on any Android OS tablet (Samsung Galaxy, Motorola Xoom, etc.) — so long as you purchase an RDP client app for the device that supports Secure Gateways (Xtralogic, iTap).

For that matter, any non-Windows-based remote computer (Unix, Linux, Mac) can connect using this infrastructure as well — again, so long as an RDP client that supports Secure Gateways is available (and they are).

And of course you need not worry about an RDP application when your employees use Windows PCs. With employee mobile phones serving as the "what you have" component of a two-factor authentication solution, employees can securely use any Windows computer (e.g., a kiosk computer at a conference) to remotely access your network.

Conclusion

If your firm has struggled with architecting a solution that provides the level of access to firm applications you would like to support, I think you can recognize the simplicity, security, and power of the solution provided above.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Laptops/Smartphones/Tablets | Networking/Operating Systems | Privacy/Security

BigLaw: Using System Center Operations Manager (SCOM) to Monitor the Health of Your Computing Environment

By Matt Berg | Monday, December 5, 2011

Originally published on July 19, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

Many large firms use System Center Configuration Manager 2007 (SCCM), often in concert with Windows Server Update Services (WSUS), to push software updates and patches out to their server and desktop computing environment. Many even use it to deploy new operating systems.

While SCCM, if properly configured with all the appropriate levers pulled and buttons pushed, is a powerful tool for managing and manipulating the desktop and server environment, it falls short as a proactive monitoring tool of these same environments.

Enter System Center Operations Manager (SCOM).

How Does SCOM Work?

Once the server, service accounts, and database are configured (much like SCCM), SCOM has a Discovery wizard that can use the Active Directory or IP address subnets/ranges to identify new "target" computers or devices. Devices and appliances are a bit different (see below), but for computers running a Windows OS, the SCOM server can then push out the SCOM agent to these discovered computers automatically.

And then the magic happens. Once the agent is installed, it begins to monitor a myriad of data points accessible on its host — from event logs, to application states, to CPU, memory, and disk usage. And really, that is just the beginning of what SCOM can monitor and report back to you.

Microsoft's Management Packs: From Basic to Best Practice

If the SCOM agent is up and running on a given target computer, and it is able to call home, then a basic heartbeat is established. But if the target computer is a Microsoft Windows-based computer, and the appropriate "Management Pack" (downloadable for free from Microsoft) is installed on the SCOM server, then the alerts can report a whole lot more than just an up or down OS state.

The Windows 7 client agent, for example, monitors everything from boot performance to memory exhaustion analysis to shell performance to hardware and software component failures.

On the server side, when using the SQL Management Pack for example, the monitor will not only tell you that a backup failed, or let you know about a long-running SQL Agent job, but it will also let you know if your databases aren't configured according to Microsoft's Best Practices (e.g., "The auto close flag for database Northwind is not set according to best practice.")

The Exchange Management pack reports delays in SMTP queuing, log file growth, mailbox availability, etc. You get the picture.

What About Non-Microsoft Servers, Appliances, and Network Devices?

If your non-Microsoft servers, appliances, and network devices can be configured with Simple Network Management Protocol (SNMP), you can create your own device Management packs (if you are familiar with the data being served up by a given device), or download or purchase the non-Microsoft Management Packs pre-configured to give you access to all of the minutiae detail that the SNMP agent on a given device provides.

As with Microsoft SCOM agents, SNMP-managed devices operate via a software agent installed on each device, the sole purpose of which is to report on device-specific health data. And if it's a name-brand, enterprise class product (e.g., Cisco routers, EMC SANs), you can be sure that every major manufacturer provides SNMP ready to go on all of their shipped products.

When freebie Management Packs are not available (e.g., VMWare), you can buy them from companies that know how to "speak" your server/appliance/device's SNMP language. Some examples:

Veeam Software's nworks Management Pack for VMware

Jalasoft's Smart Management Pack for VMware VirtualCenter

Bridge Ways' System Center Ops Manager

Or you can browse for your product in the SCOM Management Pack Marketplace.

Conclusion

Whether you work for a massive, multi-site international law firm, or a midsize law firm with one, two, or three locations, SCOM is an invaluable tool for staying on top of the health of your firm's computing environment. With SCOM, you can manage your environment as proactively as possible. Don't wait for your users to tell you that you have a problem. Get SCOM up and running and you'll know before they do!

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Desktop PCs/Servers | Networking/Operating Systems

BigLaw: Review of Microsoft's Personal Archive in Exchange 2010 as a Replacement for Third-Party Email Archive Software

By Matt Berg | Friday, December 2, 2011

Originally published on October 11, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

Does your email archiving solution leave you wanting more? Tired of dealing with an Outlook plug-in that doesn't play nice? With archived email and attachments that are sometimes available and sometimes not (usually when you need them the most … like in a client meeting)? With the need to perform two separate searches, often via two different interfaces, to search your "live" email and your archived email?

On the administrative side, are you tired of backing up two separate environments, administering your email archive through a separate admin console, possibly one without the most intuitive knobs, dials and levers for making it behave and perform?

Have you considered eliminating your third party archiving solution altogether, and implementing Exchange 2010's native Personal Archive?

The thought may seem daunting when you let yourself dwell on all of the problems you encountered implementing your third-party archiving solution in the first place, and when you extrapolate the problems you likely will have moving your messages to Exchange 2010's native archive. But there are a number of very sound reasons, from compliance, to recovered software licensing fees, to improved administrator and user experience, that merit serious consideration.

What Is Personal Archive and Why Should You Care?

Personal Archive is a new product name from Microsoft that is entirely unrelated to PST files. In fact, Exchange 2010 has tools for importing any old PST files you might have lying around. Also, Exchange 2010 Archiving requires an Exchange Enterprise Server License and Enterprise CALs sufficient for all user mailboxes using the technology.

Microsoft espouses the ability of native archiving to achieve compliance through the following means: "preservation, discovery, control, protection, reporting, and availability."

At first blush, it appears as though Exchange 2010's toolbox of features could go a fair way toward achieving compliance if used properly in the context of a business compliance policy and practice that is at least moderately disciplined. And yes — Microsoft is careful not to make too grandiose a set of claims about Exchange's native compliance-supporting features being a silver bullet/complete solution for all your compliance needs. But really, there's a lot here.

Some highlights of features that support compliance (and which provide general utility):

Multi-Mailbox Search Support: Configurable through the use of roles to be a process which can be managed outside of IT.

Support for Litigation/Legal Hold: Once applied, all items which are deleted are searchable/recoverable for the duration of the hold.

Content Retention: The ability to specify retentions periods and rules for both production and archival message data which can be different or the same across both environments.

Dynamic Email Signature Blocks: Often required for compliance (e.g., "this is not tax advice" and other such disclaimers) using data (including logos) stored in the Active Directory.

Protection/Message Encryption: Transport Layer Security (TLS), Opportunistic TLS, integrated content filtering, SSL, and more.

Auditing: Permits determination of whether users have access to and when they accessed certain email folders and messages. It can also report on any multi-mailbox searches that have been performed, etc.

Built-in High Availability (HA): Functions provide for the reliability that many compliance standards require, saving your firm from the potential for costly fines and a loss of reputation in the event that critical discovery data is not recoverable.

User Benefits

And the top three user benefits are:

1. No Outlook plug-ins to crash.

2. All email messages (live or archived) are searchable via a single interface using Outlook or webmail.

3. Along with Exchange 2010's increase in the number of messages permissible in the critical Exchange folders (Inbox, Sent Items, Deleted Items), native archiving also eliminates the need for users manually to prune and file their aging messages. The personal archive automatically creates duplicate copies of a given user's mail folder structure within the archive, and moves older messages to the corresponding archive folder (moving anything older than two years to the archive by default, but configurable based upon your firm's business rules).

Administrator Benefits

And the top five administrator benefits are:

1. Simplification of email backups and improved tools for managing retention policies.

2. Simplification of email administration through consolidation of all email and archived email under a single, unified architecture.

3. Improved access to critical administrative functions related to ongoing maintenance, operations, and archiving via webmail.

4. The provision of a native, high availability solution that performs continuous replication of mailbox data ("live" and archival) from a production mail server environment to a backup mail server environment and that simplifies and automates failover of mail services and/or data on the fly.

5. The ability to store production mailbox data on high performance data storage devices (e.g., SANs with SSDs), and either or both backup HA and/or Personal Archive data on cheaper/lower performance disk — without losing any of the seamlessness of the HA solution or of the Personal Archive being always available alongside your live message store.

Well, Should You?

Yes. Exchange 2010's native archiving solution is ready to replace your third party email archiving solution. But is your firm willing — and prepared — to do what it takes to wrestle that costly and complicated monkey from its back?

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Document Management | Email/Messaging/Telephony

BigLaw: Upgrading Your Large Law Firm to Office 2010 and Getting Everyone Trained in Three Easy Steps

By Matt Berg | Thursday, December 1, 2011

Originally published on August 9, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

If you were one of the brave few law firms to make the transition to Office 2007 at some point in the last four years, you'll find that the move to Office 2010 is an easy one. In fact, your users will probably welcome the return of the File Menu, and the many small improvements to the Ribbon — especially its customizability. Let's face it — the Quick Access Toolbar (QAT) is nice, but it's just not the same as the visually-accessible Ribbon.

But if your law firm still uses Office 2003 or an earlier version still, you'll need to take the training aspect of the new Office suite very seriously. Is it harder to use? Worse or scarier than previous versions in some way? Well, no. Office 2010 offers a much better interface. And once you acclimate, you'll never want to go back.

But if you don't manage user expectations, your rollout may not go smoothly to say the least. You could have a full-scale staff revolt on your hands and many long nights in the office.

So how can you increase the odds of a successful upgrade? Follow the three steps discussed in this issue of BigLaw, and you'll come out on the other side of the rollout feeling better than you can ever remember after such an intimidating change management challenge.

Step 1: Promote the Benefits Early

Six months before the rollout starts …

Market the rollout. Provide an early warning. Give everyone time to adjust to the idea, and to accept that it's coming. No pre-learning at the early stages (and let's be honest: you won't be organized enough yet at this point to provide it anyway). Just some marketing and some positive bullets to put a good spin on the upgrade from the get-go: "faster", "more efficient," "greater compatibility with clients," etc.

Step 2: Pre-Learning

Start the pre-learning process about 30 to 60 days before users receive their upgraded systems.

Buy professional materials. Don't try to pull it together yourself. Could you? Even if you have sufficient bench depth at your firm to create the media, collateral, manuals and reference guides, why bother when you can buy products like Traveling Coaches' Office 2010 Rollout Kit at a very reasonable price (based upon the number of employees at your firm)?

Traveling Coaches' Rollout Kit includes the following materials:

• Detailed learning plans for staff, attorneys, paralegals.

• Videos that announce the coming of Office 2010 (essentially commercials).

• An interactive flash application that reveals the top productivity gains in Office 2010.

• Pre-learning lessons (for your intranet). Short and on-point interactive "how tos."

• Training materials (sample documents, training guides, quick reference cards, etc.).

• Floor support aids.

You can also supplement these materials as you see fit with some of the free content that Microsoft provides to help you with the transition. For example:

Interactive "Then and Now" Guides. (I used to insert a footer in Excel 2003 by going to View/Header/Footer. Where is that now?)

The "Menu to Ribbon" reference guides.

Office Migration Guides

The key takeaway here is that you didn't spend any time preparing and assembling these materials. Someone else did it for you. And whether you elect to engage outside trainers or use internal trainers, these materials are still hugely helpful to wrapping your brain around what is involved in the effort, how to structure it, and exactly how to execute on the training aspects of the rollout.

Step 3: Training

Start the actual training itself as close to the time of your users receiving their upgraded systems as possible. Ideally, arrange the training to occur while their system is being upgraded/swapped out.

A lot goes into determining exactly how much training you need for Office 2010. Are you also upgrading any non-Microsoft products at the time? How many "power users" do you have? What third-party applications do you use and how do they integrate with Office 2010? Etc.

If you needed a wild but sophisticated guess as to how much training each user will require for Office 2010, I would suggest that you plan on about three hours of training per user for a basic level of introductory training when coming from an Office suite of 2003 or earlier (or from alternative suites such as WordPerfect).

If you've purchased the Rollout Kit mentioned above, by the way, the included learning plans contain a minute-by-minute breakdown of the training topics broken down in a very granular manner. If you're going to train this material with in-house staff, Traveling Coaches ensures that you can customize its training guide to coincide with the topic selections your firm identifies in the learning plan(s). For large firms with permanent staff dedicated to systems training, the Rollout Kit is really all you'll need to feel confident about the challenge in front of you. And more important perhaps than even your team's confidence, the included materials will make a lasting impression on your user base.

Conclusion

Why build it yourself when somebody has already done the heavy lifting? There are many freely or cheaply available resources out there that can help you achieve success with your Office 2010 rollout. And not only will they save your technology team from excess sweat and tears, but many of these resources are top notch, and will ensure that your Office 2010 rollout is a smashing success.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Business Productivity/Word Processing | CLE/News/References

BigLaw: What You Need to Keep Your Firm's Computers and Network Secure Plus a Review of Microsoft Forefront Endpoint Protection

By Matt Berg | Thursday, July 14, 2011

Originally published on May 31, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

I wish it were otherwise, but malware isn't going away. If your midsize or large law firm doesn't have a comprehensive and layered defense in place to prevent infections, you run the risk of your firm's data being exposed, the personal (and too often financial) information of your employees being compromised, your billers losing valuable time from the infection itself or its remediation, and the malware "cleanup crew" in your IT Department developing nervous twitches.

This issue of BigLaw first lays out the basics for those of you in management (you can stop there), and then delves into some of the nitty gritty details for those of you in the IT Department.

The Basics: What You Need to Keep Your Firm Secure

A sound defensive strategy for your firm should include all six of the following protections at an absolute minimum.

1. Hardware firewall protecting your LAN.

2. Web-filtering server/proxy/appliance for all internal Web browsing. For example, Websense or Microsoft Forefront.

3. Anti-spam (and anti-malware) hosted email services (which can also queue your mail in the event you have an ISP or mail server outage). For example, Postini or Barracuda Networks.

4. Anti-malware client on all of your PCs. For example, Microsoft Forefront Endpoint Protection (FEP), Symantec, Kaspersky, ESET, or Sunbelt.

5. A software firewall on all of your PCs. For example, Windows Firewall or ZoneAlarm.

6. User Access Control (or UAC) on Windows Vista and Windows 7 PCs. Learn it. It's your friend. Don't disable it.

Servers: 64-Bit Can Prevent a Performance Hit

Admittedly, some folks turn off UAC and the Windows Firewall because they "get in the way." I would humbly suggest that you can't afford to permit that. But what can get even stickier is whether you take it any further than these core defenses. The following four options are often skipped because of the CPU and I/O overhead they can introduce in the server and client environment respectively.

1. Anti-malware on Exchange.

2. Anti-malware on SharePoint (because of the high volume of user-originated content).

3. Anti-malware on other Windows Servers in your environment — especially file and Web servers.

4. An endpoint Web filtering/protection product on all of your PCs for safe-browsing off-LAN. For example, ZoneAlarm, or Websense's Data Security products.

I am not here to preach. Okay, well, I guess I am. As such, I strongly recommend reconsidering your decision not to have antivirus solutions in place on your most vulnerable server environments.

Once you make the jump to Exchange 2010, your 64-bit hardware should have more than enough juice to fulfill its own mission as well as carry a slight added burden of providing anti-virus scanning. If you absolutely refuse to install antivirus on your mailbox server(s), you can always install it on your edge transport server(s). Read some of Microsoft's own thoughts on the matter.

Clients: Microsoft's "Free" FEP v. The Competition

No matter the complexity or simplicity of your solutions and policies, the most critical (and vulnerable) component of your layered defense is ultimately where the rubber actually meets the road (or more accurately: the user meets the Internet) — the anti-malware client installed on your user PCs.

Why is the word "free" in quotes above? Well, if you want antivirus on your home PC, or if you have a home-based business, then Microsoft Security Essentials (same product as FEP minus the ability to centrally administer it via System Center Configuration Manager (SCCM) is a truly free anti-malware product. If you fall into either of those two "home" classifications, go for it.

But importantly for this newsletter's audience, FEP is included under the Core CAL license (I assume that, as a medium to large firm, you have a volume licensing agreement including at least the Microsoft Core CAL license). If you are an Enterprise License customer, you are licensed for nearly the entire Forefront Architecture (Exchange, SharePoint, Lync Server, Unified Access Gateway, Exchange Online, etc.) minus only the Threat Management Gateway, which you must license separately.

But does FEP work as well as Symantec, Kaspersky, ESET, or any of the other products out there? From our firm's anecdotal experience, yes!

We have not discerned any observable drop in our protection since shifting to FEP from Sunbelt's Vipre. And even if we (hypothetically — which is not a foregone conclusion) lost a tick in performance, we would have made up for it in the improved manageability of having the updates all feed through our Windows Server Updates Services (WSUS) server and all administration and reporting effected through SCCM. (If you are already using SCCM then you could have FEP deployed today, by the way. The SCCM deployment packages for FEP are included on the install media you can download from the Microsoft Volume Licensing Service Center.)

Anecdotally, we have encountered situations in which FEP found something that Vipre didn't, just as there were situations in which Vipre found something that Symantec didn't (back when we switched to Vipre) — and vice versa. But if you'd like more than anecdotal support for justifying the switch, I think you'll find that, performance-wise, while there are a handful of products out there with a better track record, FEP is better than most, and within easy striking distance of even the best.

All large firms today have volume license agreements in place with Microsoft. To do otherwise would be financially irresponsible when you consider the per-seat cost savings alone — never mind the additional training and support benefits that come with a volume licensing agreement.

So why not take advantage of what your firm already owns? Historically, the answer you might have given is "Because I can get a better product from …" (Symantec, Kaspersky, etc.). But Microsoft's new anti-malware product is, if not at the very top of the standings, at least a solid and legitimate player in the field. And the advantages of its tight integration with SCCM, WSUS, and your Windows-based PC's native Windows Update infrastructure, give it a true edge over the competition.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Desktop PCs/Servers | Networking/Operating Systems | Privacy/Security | Utilities

BigLaw: Review: VMWare vSphere 4.1/ESX 4.1 and Its Storage Enhancements

By Matt Berg | Thursday, June 23, 2011

Originally published on May 3, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

If you're still living in the world of VMWare ESX 3.x, it's time to pack up and move to version 4.1. The move to 4.0 was important as a stepping stone to a new architecture. Upgrading to vSphere 4.1 and ESX 4.1, however, brings some real, practical improvements to your large firm's IT environment, and is entirely worth the effort. In this issue of BigLaw I'll focus on the storage-related reasons for upgrading — but there are many other reasons to upgrade (improved manageability, enhanced availability functions, additional networking capabilities, etc.).

Don't work in your firm's IT department and never heard of VMWare's ESX? Chances are your firm uses software from VMWare — most likely its ESX server OS. It's virtualization software, which enables you to run multiple "virtual" servers on a single "real" (hardware) server.

This technology helps ensure the availability of servers (and their hosted applications), helps prolong the life of aging application servers (which can be easily "virtualized" with the VMWare Converter), and can make all servers more easily upgradeable (since they aren't tied to a particular set of proprietary hardware). ESX ultimately reduces the number of physical servers you need to buy, the electricity you consume, and the number of physical servers you have to keep in fighting condition.

Servers are much more expensive than desktop PCs and laptops but they depreciate just as quickly so ESX can save law firms lots of money. And it can even host virtual desktops for users throughout your firm — to save you even more money and make your computing environment centrally manageable.

What You Should Know Before Upgrading to ESX 4.X (vSphere)

1. Check the HCL First

If you have old host hardware in place, and plan to install the new kernel onto it, please check the HCL first. (I can confirm that my aging DL385s did not take kindly to 4.0 — even though they had served me for many years, through many versions of ESX — going back to the storied ESX 1.5.2 days.) Typically, the HCL for VMWare is ever-expanding and not contracting, but they did drop some older technologies with the advent of vSphere — so do check into this before you upgrade.

2. No more ESX Without the "i"

ESX is the thicker-kerneled, non-"Hypervisor" version of vSphere. VMWare has announced that after 4.1:

"Future major releases of VMware vSphere will include only the VMware ESXi architecture."

That's right. Hypervisor only from here on out. If you don't want to upgrade a second time again in short order, take the time to go to ESXi now. But don't be afraid. It's not a bad thing. And it's not as if they're making you boot the ESXi kernel from SAN or anything. You can keep your internal hard drives if you want. That said ...

3. Mind Your Scripts

If you created any fancy scripts that operates inside the ESX kernels of your individual hosts, please build out an ESXi host soon and determine if said scripts are still needed. If so, they will need to be accommodated differently. Also, if you have a nice book of recipes/favorite esxcfg-etc commands for performing basic operations inside the old ESX kernel, you'll need to acclimate to the new world.

Fortunately, in their efforts to make the kernel as small and unobtrusive as possible, VMWare has also provided some useful tools to assist in the management of your host environment. One such tool is the vSphere CLI 4.1 (updated version of the Command Line Interface that first came out back in 2009 — installable in Windows, Linux, and also included as part of the new vMA). Another is an updated vSphere Management Assistant (downloadable, pre-installed and pre-loaded virtual machine that integrates painlessly into your environment).

vSphere ESX 4.1 Storage Improvements

Okay, I'm done with the advisories so now it's on to the good stuff! And please note that I've included highlights only here, as there are too many improvements to list in this short column. For more details, you can read VMWare's (very accessible) overview of these enhancements.

1. Lower CPU Loads Using the New Software ISCSI Initiator

More of the hardware CPU that you're paying for will be used by the running of the virtual machines themselves, and less will be consumed to handle the underlying I/O. In addition, there are now new offerings for hardware offload of I/O including support of HCL-approved ISCSI-aware Broadcom 10 GB NICs!

Of course, you must have some seriously high I/O loads if you need dedicated 10 GB NICs to handle them! Please email me if you support an environment that just can't get it done with 1 GB ISCSI ports — I'm very curious to hear your story! I know what you're thinking: "But the 10 GB NICS are better!" True. And a Formula 1 race car has a higher top speed than your Audi, but when will you ever have a chance to drive over 200 MPH?

2. Pluggable Storage Architecture

vSphere introduced the PSA (Pluggable Storage Architecture). In short, what was once handled by VMWare via their own proprietary software (e.g., VMWare's Native Multipathing Plugin) can now be provided by your storage vendor. One game-elevating way that Dell has taken advantage of this new extensibility is through its HIT/VE — a downloadable virtual appliance that enables a robust integration between your Equallogic SAN arrays and your vSphere environment.

Hitkit integration into the VI Client enables "right-click" functionality for the following (and more): Resizing datastore volumes, creating smart copies, creating smart copy replicas, creating clones, creating and modifying replica schedules. Gone are the days of a separate UI for the VMWare-aware Auto Snapshot Manager functions of your Dell Equallogic hitkit.

3. MPIO Plugin

This is one of the chief ways that your storage vendor can take advantage of the new PSA. Download a plugin from your storage vendor (Dell, EMC, NetApp) to provide improved multipath functionality and performance for your virtual environment. Equallogic's MEM (Multipathing Extension Module), for example, can be installed manually, using the vSphere Management Assistant, or by importing the package into Update Manager's Patch Repository. Once installed, it uses what it knows about your Equallogic array(s) to provide finer control over such functions as Path Selection and even i/o throttling when resource levels have been set.

4. Storage I/O Control (SIOC)

You've been able to pull the levers on resources so that your business critical virtual machines get their share of I/O resources — on whatever host happens to be hosting that virtual machine at that time. But this capability is now extended to an awareness of all I/O connections throughout the vCenter environment, and will throttle and allocate i/o resources across all hosts.

5. Virtual Disk Thin Provisioning

Enough said.

Convinced Yet?

I hope so. And really, if you have the time, read the documentation available via the links from this article and you'll see that I wasn't kidding when I said I was only going to scratch the surface. Take your ESX environment to vSphere 4.1 as soon as you can. You'll be glad you did.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Desktop PCs/Servers | Networking/Operating Systems

BigLaw: Cool IT Tools: Top 10 Technologies You Might Not Be Using

By Matt Berg | Tuesday, May 24, 2011

Originally published on April 19, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

The ten technologies discussed in this issue of BigLaw make great additions to a large firm's technology toolbox to help manage your environment. Most are free or cheap. And even those that require you to incur a moderate expense are so important and useful that you really shouldn't manage your law firm without them.

1. Lights Out Management

This technology is now free with most servers for basic functionality. Pay to upgrade to a more robust feature set. Lights Out is one of those technologies that is, if not life-saving, then nights and weekends saving at the very least. And from a business perspective (it's not all about you), it will get your troubled system back online faster because you won't have to drive to the office.

Highlights: Your NIC dies but you can still administer your server remotely. You can "load" virtual media for installs, updates, and diagnostics. You can power on or off the server. You can establish a remote console session — and even access the BIOS of a server from the comfort of your living room.

HP Integrated Lights-Out (iLO) Advanced

Dell Integrated Dell Remote Access Controller (iDRAC)

IBM Remote Supervisor Adapter

2. Remotely Manageable Power Distribution Units (PDU)

Not free, but darn cheap. You needed power anyway, so why not buy the PDUs that are remotely administrable? Something's hinky with your Lights-Out Management interface? Your firewall, VPN device, or network switch is misbehaving? Log into the Web interface, power off the device in question, and then power it back on.

APC PDUs

3. Remote Desktop Protocol (RDP) From Your Smartphone

RDP from your Android, BlackBerry, or iPhone (free "lite" versions exist for at least Android and iPhone). Remotely manage a server, or even perform real, light work, from your phone. The nominally priced pay versions give you some features you'll want (such as improved mouse controls) if you find yourself doing more than password resets and server reboots. (Got an iPad? Even better.)

Android

BlackBerry

iPhone

iPad

4. Application Virtualization

You might not know that Microsoft includes this technology for free along with the rest of its MDOP Suite if you have current Software Assurance on your desktop OS. Free! Or at least included with the price of admission to your volume licensing. So why aren't you using it?

If you don't have Software Assurance (you like to buy your software shrink-wrapped, or perhaps just take the OEM OS that came with your PCs), or if you'd simply prefer to throw money around, you may want to invest in ThinApp, or one of the many other players out there.

Why virtualize applications? The most obvious use case is to solve the problems of application compatibility and application conflicts. It can be a bear to ensure that every application in use at your firm plays nicely with your other applications and is compatible and stable on your new OS.

Microsoft's App-V

VMWare ThinApp

5. Multipath I/O (MPIO)

The enabling technology for MPIO is free from your SAN vendors (e.g., Dell Equallogic hit kits), and also included functionality of VMWare.

So what is MPIO for? Single points of failure are bad. Like a fighter jet's fly-by-wire operation where systems are not only duplicated, but sometimes quadruplicated in case one or more of the control channels fails. That's what you want for your firm's data channels. Redundant paths for your server to ensure it can always keep in touch with its SAN-provided data. You want MPIO. Trust me on this one.

Dell EqualLogic Host Software

6. Windows Server Update Services (WSUS)

Another freebie. Manage your Microsoft Updates proactively — from your desktop to your server operating systems to SQL to Exchange, and to infinity and beyond. See which clients are up-to-date and which are not. You can fully or partially automate it or go completely manual depending upon your comfort level and preference.

Windows Server Update Services

7. Microsoft Security Essentials

Free anti-virus, from Microsoft. Enough said. This utility is no Windows Defender. This product is effective and proving (finally) to be a legitimate anti-virus solution alternative from Microsoft. Also available as an enterprise-class, managed product under the name "Microsoft Forefront Endpoint Protection."

Microsoft Security Essentials

8. Two-Factor Authentication

Free. No need for a key fob. Set up a Certificate Authority (CA) server on your network. Issue digital certificates to your clients, vendors, and employees. And control access to your Web-facing resources with not just what they know (their passwords), but also what they have (their certs).

9. Secure File Transfer

There are free ways to go, like opensource SSH. But if you do that, you have to build an SSH server, support it, ensure that it has sufficient disk space and bandwidth, and supply your clients, co-counsel, etc. with an SSH client or a custom GUI for uploading and downloading files.

Possible? Sure. But just not worth it. But, you may say, FTP is also free — and easy, right? So why not just use that? In short, it's not secure. Passwords are passed in plain text. Don't kid yourself. Don't risk losing your files.

So what's the right answer? Try one of these solutions. They aren't free, but they get the job done and won't get you fired.

Biscom Delivery Server

LeapFILE

SendThisFile

YouSendIt

10. System Center Operations Manager (SCOM)

Not even a little bit free but worth every penny. Monitors everything. Or near enough. If what you're monitoring is a Microsoft product, then the Management Packs are free. For non-Microsoft applications and devices, you can either buy a ready-made Management Pack from a third party or build your own.

For example, if you really know what you're doing you could monitor VMWare with the product out of the box. But if you don't, or don't want to take the time, you can buy a third party SCOM add-on solution like those from:

Veeam

Jalasoft

Bridgeways

Cool Tools

Hopefully these tools resonate with you. Maybe you didn't know about them. Or maybe you only had a vague sense that you should look into them more closely. But if you haven't done so yet, take my advice and make the effort to integrate these technologies into your own toolkit.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Desktop PCs/Servers | Networking/Operating Systems

BigLaw: Pilot Your Law Firm to Greater Success Using SharePoint Dashboards: What They Are and Why You Need Them

By Matt Berg | Thursday, April 14, 2011

Originally published on March 15, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

Think of a vehicle's instrument panel. With a car, the data points you need most are your current speed, engine revolutions per minute, engine temperature, and gasoline level. Other data exists, especially nowadays, but these are the essentials you really need to watch to stay out of trouble.

On the instrument panel of an airplane, however, you have a lot more going on — and more opportunities for getting yourself in big trouble fast. In addition to the same data points found on a car's dashboard, you also need to track attitude, altitude, rate of acceleration, compass bearing, rate of climb, etc.

Carry this analogy to its logical conclusion and you'll find yourself contemplating whether running a law firm without instant access to key metrics — in one location — is like trying to fly a plane with a collection of printed reports.

Houston, Our Dashboard Indicates That We Have a Problem

Okay, you get it. And because dashboards group related data collections together on the same Web page, trends and interrelationships become easier to discover. Consider this common example.

Looking at WIP (rolled up to the client and sorted by total unbilled time, fees, and costs), Aged AR (sorted by Total AR > 30/60/90/120+ days by client), and Client Funds Available in a single dashboard can give you a sense of just how much trouble that one big client could cause you.

Nothing in retainer? $1,250,000 of AR beyond 120 days? And $750,000 in unbilled time and costs? You'd better get that unbilled time and cost invoiced pronto. And you'd better light a fire under that billing attorney to get on the phone with the client.

What Dashboards Does Your Firm Need?

Let's start with three:

1. Billing Attorney/Collections Dashboard

Start with the scenario described above: AR aged, rolled up to the client level. Billers will only see their own time. But the Treasurer/Practice Group Chair/Collections Team/Executive Management will see everything rolled up across all timekeepers for a given client. WIP next, also aged. Finally, Client Funds Available.

2. Profitability Dashboard

Start with billing efficiency by Practice Group, client, client size, and attorney — then add leverage.

3. Performance Dashboard

Start with timekeeper calendars, both billable and non-billable, by working timekeeper and Practice Group.

Variations on these three themes will probably keep you busy developing, in all seriousness, for the next two years. For what it's worth, they'll also keep you on the Christmas list of the CFO, Collections Team, and Executive Management!

What Technology Should You Use to Create These Dashboards?

Any Web-based architecture in which your firm has already invested is probably a fine choice. But I propose SharePoint as an affordable framework easy for consumers to use and relatively easy for administrators to implement and maintain. That is a big reason why so many large law firms have already implemented SharePoint. But technology platform-wise, SharePoint alone is not quite enough to get started.

Several facilitating technologies can provide your firm with significant savings in development time and costs over creating your own Web parts from scratch (e.g., Visual Studio). Many law firms have implemented toolkit/connector technology solutions "on top of" SharePoint such as those offered by Handshake Software, XMLAW, and Bamboo Solutions. Using one of these toolkits will get you the fastest results.

What Steps Are Entailed in Creating a Dashboard?

Well, it depends upon how much existing content you can leverage (e.g., any stored procedures, views, or data warehouse tables that you have already created for more traditional reporting purposes). But for the most part you can break down the process into four steps (with some variation in the jargon used by the different solutions companies):

Step 1. Identify and Assemble the Data

Have a favorite collections or profitability report? Find the SQL stored procedure that it uses on the back-end. Don't have exactly the data warehouse tables you want? Create a view, or create a new table and schedule a SQL Agent job to automatically populate it with just the joined and/or calculated fields you want.

Step 2. Build a Class

It sounds very developer-ish. But really you just need to define a connection to a particular database (e.g., Elite, Aderant, or Rainmaker) within your toolkit/connector platform of choice.

Step 3. Build a Schema

A schema, in this usage, is a dataset within a particular Class wherein you define the data fields or columns in which you are interested. You'll need to know SQL, or enlist the aid of folks who do, and use the queries you developed in Step 1, above. But beyond a working knowledge of SQL, the process is pretty straightforward. In fact, many of these solutions will actually build the entire schema for you if you paste a known query into their schema-building function.

Step 4. Pick or Build a "Skin" to Present the Schema You Just Created

This step involves the "presentation layer" of the process. Essentially, you decide how to display the information (data grid, bar chart, line graph, pie chart, etc.). Another advantage of the toolkit technology solutions over developing something from scratch is that you don't have to reinvent the wheel when attempting to display your data. These solutions provide the mechanism for creating attractive charts and graphs, and will also enable all of the additional "must have" functions you will want (sorting, filtering, exporting to Word and Excel, etc.).

Conclusion

Dashboards don't have to cost your firm hundreds of thousands of dollars from Business Intelligence vendors. With SharePoint and one of a handful of solutions that you can implement essentially "off the shelf," you can build your own instrument panels to help your firm navigate its way to a more efficient and profitable future.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: Accounting/Billing/Time Capture | BiglawWorld | Collaboration/Knowledge Management | Law Office Management

BigLaw: Top 10 Tips for Surviving Large Firm Power Struggles and Office Politics

By Matt Berg | Tuesday, March 15, 2011

Originally published on February 15, 2010 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.

Through mergers and acquisitions, many of today's larger firms find that they need to recreate chains of command and reporting lines. This scenario can create tension and competition, sometimes intentionally, until a new order is established. But whatever the size of your firm, and whatever the flavor of your political tension, following the ten tips below could prove key to your survival.

1. Do Your Job and Do It Well

Add business value. Make it your primary objective — always. If you catch yourself spending time getting caught up in matters related to interpersonal politics, and unrelated to your ability to get your job done, it's time to refocus.

2. Enjoy Yourself

Smile. Having a positive mindset not only makes work more pleasurable for you, but it also makes it less likely that people will take your off mood personally. A good attitude has the added bonus of making your co-workers want to be around you, and even want you to succeed.

3. Promote Yourself

Don't assume that everyone has noticed your efforts and understands the value you bring to the firm. Don't boast or brag or openly angle for credit. Self promote through an agenda of good work and make sure that body of work is widely known, especially outside of your department or practice group. If your boss is the only one who understands your value, then your job is only as secure as that of your boss, and you only hold your job upon your boss' good will.

4. Be Forthright

Nothing undermines your reputation faster than being caught in a lie or a half-truth. And as the offenses grow larger or more involved (e.g., trying to cover up something you've done), your chance of surviving a discovery of such transgressions decreases.

5. Admit Mistakes

Failing to admit when you've missed the mark in one way or another is a close second to lying. Conversely (though not necessarily intuitively), nothing earns respect faster than being willing to stand up and take it on the chin when you've erred.

6. Be Respectful of Everyone

Don't gossip about fellow employees. Leave your personal life at home. And leave discussion of others at the door. Remove yourself (non-judgmentally) when others are doing so by letting folks know you need to get back to work.

7. Listen to People

Make eye contact. Stop thinking about what you're going to say next. Attentive listening earns you points with someone quickly. And failing to listen will erode their opinion of you just as fast.

8. Observe the Chain of Command

The first stop in resolving a problem with another employee is to talk with them directly. If this strategy fails, be aware of your respective places in the chain of command. It may be necessary to have your boss communicate with theirs. But don't let them meet without all parties present. The situation can easily be misunderstood by those not directly involved, or could even be swept under the rug.

9. Communicate

Don't leave people wondering or out of the loop. Nothing raises flags in the minds of people who might be suspicious of your motives than cutting them out of a discussion, or failing to notify them about a meeting, a decision, or a change in plans.

10. Be the Bigger Person

People generally aren't malicious. But they often operate from fear. Sometimes the source of their fear is clear — job security. Often, the source is trickier to identify. Perhaps their self-esteem is on the line, or they have personal issues at home. No matter the source of their perceived malice, it's always better not to take things personally and stay above the fray. If you can do so and remain objective, not only will you have the moral highground, but you will also avoid getting dirty yourself from having been involved in mudslinging.

Conclusion

Given human nature, it's inevitable to find yourself in situations in which politics and power struggles affect your quality of life at work. When it happens, focus on the basics as outlined above. You can't change the people around you. But if you focus on doing the right thing yourself, I can promise that at the very least you will sleep better at night.

Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..

How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.

Topics: BiglawWorld | Law Office Management
 
home my technolawyer search archives place classified blog login