Evolution of my IT workspace

I’ve just reached my 6th year of working as an independent consultant and having just bought myself a new Microsoft Surface Pro 3, I find myself thinking about what has changed in the way I work, and what changes may be to come.

In my day to day work I find myself split between working from my home-office and working onsite with clients. Sometimes that’s in an office and sometimes that’s sitting crossed legged on a datacentre floor.

Working as an IT consultant gives me a very good excuse to have as many gizmos as possible and this means the tools I use day-to-day have changed quite a lot.

The Laptop phase

When I left my previous company, I was used to working on a high-spec laptop. This worked well for me, so I immediately invested in a top-spec 15” Dell laptop, docking station and used it with my existing Dell UltraSharp 24” monitor. This allowed me to carry everything I needed with me, and meant I had all the tools I could possibly need wherever I was.

As time went by I realised that having a monstrous laptop was a pain. It got hot, had terrible battery life (even though it had the chunky battery that stuck out the back) and was very heavy and seemed quite easy to damage. It also had a frustrating firmware bug that meant the motherboard would throttle down the CPU to an unusably slow speed whenever it got warm!

After a couple of years, I thought it was time for a change. I wanted something smaller and better built.

As an aside, I occasionally DJ and fancied making the shift from CDs and vinyl to digital DJing (I was hooked on Native Instruments Traktor Scratch Pro and later the Kontrol S4).

The small laptop and desktop phase

Having had an iPhone for a while I decided to jump ship to a Mac. Many thought it strange for someone who fundamentally works with Microsoft software to turn up with a Mac! BUT Mac’s can run Windows very nicely J

I bought a 13” MacBook Pro, the aluminium ‘Unibody’ type. I just love the design and build of these machines. They were absolutely fantastic. The main benefit was VMWare Fusion. This allowed me to run Windows as a Virtual Machine. I had a clean Mac environment, used for music, Traktor DJ software, photos and syncing my iPhone; and I had Windows running everything I needed for work. At the time it was still really important to have things like a DVD drive!

It went through several upgrades – RAM and hard disks, culminating in a ridiculously expensive 512Gb SSD. I’ll never forget that first switch to an SSD – what a phenomenal difference, I would never go back!

In the office I had also built a custom PC. Having always had many spare PC parts around, it was easy to knock something together. It was a nice Intel i7 machine that I ran on the 24” monitor. I also purchased a 2nd 24” monitor. This was a dream setup for productivity in the office. I was doing a lot of work from the office, so it was great to have decent setup.

So what was I doing with my data at this time? Previously having just one laptop, meant I always had everything with me. But I now had two machines. This was a bit awkward, but I had setup a SharePoint 2010 server which is where I kept my critical data. I still had some things I could only get to from the office – like payroll and other irritating stuff like that.

My desktop PC lasted me for over 5 years, without modification and my MacBook Pro I had for 3 years – it was brilliant. I even sold it for 60% of what I paid for it new! Try that with a PC laptop!

My work patterns had shifted and I was doing a lot more work onsite. This meant doing a lot of work from my laptop.

The larger laptop and desktop phase

Apple had just released the new retina MacBook Pro range and I couldn’t resist. I sacrificed the DVD drive – but by now I never used it. It was thinner, still had the amazing build quality and was a properly powerful machine. The 15” screen was also much better for long days working on it.

I forgot to mention that I have also always had an iPad since they first came out.

The iPad has built in 3G, so is always connected, it’s also on the network Three (cheap!), and my iPhone is on a different network – giving me a bit of redundancy in connectivity in emergency remote situations. My laptop allows me to do everything I could need to, but I often wouldn’t want to take something that large. I can get by really well with an iPad, for times when I am travelling, but only going to a meeting for example. I can email, and can even do remote desktop connections for emergency system fixes, but it’s certainly not something you can work on all day. So I always had that dilemma – particularly when going on holiday – can I just take my iPad, or should I take the laptop too, just in case?

About 3 months ago I took the plunge and migrated my email on to Office365. It was an emotional moment, having tried to ignore its existence for so long – thinking to myself ‘I run my hosted services a lot better, I want it in my control’, but then realising that it would be a lot simpler and one less thing to worry about. Getting it effectively free also helped (I have a Microsoft Action Pack subscription to give me internal and test licenses and you get 5 Office365 E3 licenses with it).

So I moved my email, and also the data in my old SharePoint server. With 1TB of storage in OneDrive For Business (what a stupid name for a product!), I also threw all my static files in there and just let it sync up. It made sharing data with customers really easy too. Plus it has benefits like Rights Management, which means I can securely protect documents with sensitive data, and still share them with my colleagues too. Even my payroll software (12Pay) data file now resides in there, so I can access it from my laptop and desktop, wherever they are.

The revolution?

So after a long and wordy resume of the toys I’ve been buying over the years, where are we now?

I used the excuse that ‘I need to understand how tablets can work in a managed corporate environment’, to buy myself a new Microsoft Surface Pro 3 tablet. Microsoft claim this is the tablet that can replace your laptop (and desktop).

Now it’s very early days, having only had it for a weekend, but I am really beginning to think that this could be true.

It does have all the power you and storage you need (mine has an i7, 8GB RAM and 512GB of SSD storage), and it genuinely is a real tablet. On my weekly trip to Bath, where I work with Gradwell Communications, I will now only have to take this tiny device with me. I have ordered a docking station, so I can instantly connect it up to a monitor and keyboard, plus I won’t need to take a power supply with me. Thinking back to my argument for buying an expensive 15” MacBook Pro – now seems a little silly – there isn’t an office you go to that doesn’t have a monitor, keyboard and mouse you can borrow – plus being hunched over a laptop all day isn’t exactly comfortable.

I am currently on a train (returning from a holiday, where yes, I wouldn’t have wanted to take my laptop), using the full version of Word, with a decent keyboard and trackpad too. If any emergency had occurred I would have been able to cope. The only downside being that it doesn’t have separate 3G, so I tether via my phone, which is fine, and will save me £15/month on the Three contract. I even have a USB (yes it has a USB port!) Ethernet adapter, so I can connect to a wired network if necessary.

I’ll need to see how I settle in with it, but I can certainly think of many types of jobs where a Surface Pro 3 is all I would need, particularly with a docking station in the office and the power supply left at home!

So what now for the 15” MacBook Pro and the new 6-core Mac Pro in the office? Well, I still need something to DJ on (although I am thinking of trying Traktor on the Surface Pro!), and this tablet wont drive my two Dell 24” 4K monitors on my desk! I’ll allow myself that luxury and be keeping them both for now!

The Recommendations

So what would my recommendations be for anyone that has bothered to read this far? Firstly, I am an IT geek and can happily manage setups are wouldn’t be suitable for most! For someone that works independently I could see that a Surface Pro, coupled with some Cloud storage system (quick plug for Gradwell Cloud, www.gradwellcloud.com), would work wonderfully!

Also, being a Microsoft product, and a full version of Windows, it will integrate perfectly in to a larger corporate Windows network. I have many customers where I have deployed systems like Microsoft System Center Configuration Manager to manage and maintain all their IT assets. Just make sure that (being an ultra-mobile device), you have very good remote access systems setup – I cannot recommend enough Microsoft DirectAccess (ask me if you need help with this one!), it’s the (near)perfect remote access solution.

The small business still has a slightly trickier time. This is not a Surface specific issue, but now the server in the corner (aka Microsoft Small Business Server) is well and truly dead (or should be if you haven’t already got rid it!) there is a gap in the workstation management aspect of small IT networks. Savvy business will have moved their email to Hosted Exchange and their data in to some form of Cloud Storage (e.g. Office365, OneDrive For Business, second shameless www.gradwellcloud.com plug), but there is still a lack of workstation management, like you used to be able to get with Active Directory and Group Policy that was part of Small Business Server. There is Windows InTune, which does allow you to have some control over your IT assets. But without having any central servers of your own, you still can’t easily control logins to machines that are not part of an Active Directory Domain (this is the central user database that everything used to authenticate to – disable a user there and they are locked out of everything, email, file servers, workstation login etc – not so easy now!). I hope Microsoft will bring out a version of Azure Directory Services that will allow machines to join the domain and be managed by Group Policy (without having your own local AD). In the meantime just make sure your workstations and laptop are well managed and are as secure as possible! That could be the next blog post!

What is digitally signed email, and why do I sign my emails?

I may be being slightly evangelical here, but I believe there are huge benefits to be had by making use of digital signatures and secure email. I would like to explain what it is all about, how it works (basically) and why you may want to do the same.

So what is digitally signed email?

Using digital signatures allows you to confirm, without doubt, that an email came from the person that sent it and that it has not been altered by anyone else while on route to you. It can also secure the email to ensure only the intended person can read it.

How does it work?

To send secure or signed email you first need a Digital Certificate. Digital Certificates are based on the common cryptography technique known as public/private key encryption. I am not going to go in to how this works here, but it is the same system that is used in secure websites and SSL (that padlock you see in your web browser).

To obtain a certificate you have two options. You can either generate your own (which is not recommend as I’ll explain later) or go to a certification authority who will sell you one. They will perform security checks on you to ensure you are who you say you are. This is a critical process as you need to be able to trust the certificate when it says its valid. Once this is complete you will be able to download and install your certificate. All computers have a built in list of trusted certification authorities. Any certificate generated by one of these companies will automatically be trusted and show as valid by your computer. If you generate your own certificate, the recipient will get a warning that they do not trust it, which partially defeats the point.

Your certificate consists of two parts, the ‘public’ and ‘private’ keys. The private key is very important and must be kept safe and secret. You should never give anyone a copy of your private key. Some certification authorities will allow you to download another copy of your private key, should you lose it. Please dont get worry or think to yourself ‘this sounds complicated’, these are things you don’t have to worry about since its all part of the operating system and it all just works in the background.

Once you have your certificate installed and configured, when you send an email you can choose to ‘Apply a digital signature’. This means that when you click send, the email client will look at the contents of your email, open your private key from your digital certificate and generate a signature. It then attaches this signature and the public part of your certificate in the email. When the recipient opens your email, the email client should notice that there is a signature attached. Using this signature it can then verify that your email has not been altered. It will then go off and check with the certification authority that you used to purchas your certificate from that you are valid and trusted. After all this, your recipient should just see a red rosette on the email showing everything is good and trusted.

The real benefits come in when both parties have digital certificates. Once I have sent someone my public key (which is done every time I send a signed email), if they too have a certificate their email client can use the combination of theirs and my certificate to encrypt the email to me so only I can read it. When I receive that email (which will appear as garbage to anyone else), I then use my secret private key to decrypt and display the message. Again this all happens transparently in the background by my email client, so all I see is the email (exactly as they sent it, guaranteed to be unaltered) and a small blue rosette to show it was encrypted.

There are other methods of sending secure email, typically involving 3rd party products, but I really like this way as it is the ‘purist’ way of doing it. It is the most widely accepted and secure method – mainly because nearly all email clients support it out of the box (and its not just a Microsoft thing either), it is a common internet standard (known as ‘S/MIME’).

So why do I sign my emails?

Well basically, I sign all my emails in attempt to spread the word, to get people to read this article and hopefully go and get themselves a digital certificate for email. In an ideal world everyone that I do business with would have a digital certificate. That way I can send sensitive information as easily as sending an email (simply because I AM just sending an email), and I can be confident that only they can read the email.

If you are interested in sending secure and trustworthy email, then please drop me a line via the contact page on my website. I can point you in the right direction and help you get set up.

Ben Nichols
Director

BN Information Security Limited
w: http://www.bn-is.com

Installing Windows 7 RC x64 with NVidia graphics card

Over the last few days I have been testing Windows 7 RC (build 7100). I have to say that I think it is a fantastic operating system and I am really looking forward to the final version.

I’ve been installing it on several machines, including my laptop, workstation and as of yesterday, my Media PC. I hit a fairly major snag with the last install. After the initial setup screen the setup process started to ‘Blue Screen’ showing an error with NVLDDMKM.dll. This prevents the setup from completing and the system just loops round continuously blue screening.

The system is a MSI Media Live machine. It has an AMD dual core Opteron and on-board NVidia graphics. The problem is caused by the pre-release NVidia driver that is included with this build of Windows 7. I’ve noticed previously on other machines that after installing Windows 7, one of the first updates it installs is a new NVidia graphics driver.

I thought I may be stuck – or have to try and fudge in a new driver, or just revert to the 32-bit version of Windows 7. The solution was actually much simpler. The system was still connected to my Plasma TV over an HDMI connection. When I moved the machine and connected it to a standard VGA monitor, the system stopped blue screening and setup completed fine! The system then installed the new NVidia drivers, I reconnected it to my Plasma over HDMI, and it works fine!

Strange issue, which I’m sure will be fixed when newer drivers a bundled with Windows 7. I hope this saves someone else some hassle!

Ben Nichols
BN Information Security Limited