Do you get bogged down trying to both maintain sufficient performance across your Microsoft applications, while troubleshooting related problems as they happen? If so, here are seven tips that will help you manage your software from Redmond:

1: Don’t Try to Manage the Unknown

Ensuring optimal Microsoft application performance starts by automatically maintaining an up-to-date network and server inventory of hardware and software assets, physical connectivity, and configuration. This helps to truly understand what is being supported in your environment. Doing this will also save time identifying relationships between devices and applications, and piecing them together to see the big picture. You may even find discrepancies in application versions or patch levels within Exchange or IIS server farms. You can correct these by through discovery, mapping and documenting your assets.

2: Monitor the Whole Delivery Chain

There are multiple elements responsible for providing Microsoft services and application content to end-users. Take monitoring Lync, for example. Lync alone has:

  • A multi-tier architecture consisting of a Front-End Server at the core
  • SQL Database servers on the back-end
  • Edge Server to enable outside the firewall access
  • Mediation Server for VoIP
  • And more..

You get the idea. The same applies to any Web-based application. Like SharePoint on the front-end, middleware systems and back-end SQL databases, not to mention the underling network. Don’t take any shortcuts, monitor it all.

If any of these components in the application delivery chain underperform, your Microsoft applications will inevitably slow down and bring employee communications, productivity and business operations down with it.

3: Understand Dependencies within Applications

There’s nothing worse than receiving an alert storm when a problem is detected. It can take hours to sort out what has a red status, why it has that status, and whether it was a real problem or a false positive. It’s a waste of time and delays the root cause identification and resolution.

A far better solution is to monitor the entire application service as a whole. This includes IIS servers, SQL servers, physical and virtual servers and the underlying network. Identify monitoring capabilities that will discover and track end-to-end dependencies and suppress alerts (if a database is “down,” all related apps will also be “down”). This is also the foundation to build SLA monitoring strategies aligned with business goals. Read on to find out more.

4: Look for Tools That Can Go Deep

Application performance monitoring tools let you drill down from one unified view into the offending component to reduce triage
and troubleshooting to just minutes. Even if you are not a DBA, you should be able to quickly identify that SQL is the culprit. Plus, think about automatic corrective actions as part of your monitoring strategyto restore service levels faster.  This includes using Write Event Log, Run Scripts, Reboot, Active and PowerShell scripts. For example, Exchange and SQL are well-known for their
high memory consumption and high IOs, so you may want to automatically reboot them to avoid service disruptions for your users when exceeded memory reaches a problematic level.

5: Utilize Microsoft Application Monitoring Features

Use built-in application monitoring features that come with your Microsoft applications like Exchange, SharePoint, Lync, IIS, Dynamics, SQL and Windows. Or even some free tools. Every organization is different, so there really is no one size fits all approach to this. Look for pre-packaged monitoring with capabilities to easily tweak settings, so you can also monitor custom applications or more feature-rich applications.

6: Don’t Forget Wireless Bandwidth Monitoring

It is a wireless world out there, and BYOD continues to grow. Mobility has transformed wireless networks into business-critical assets that support employee connectivity, productivity and business Ops. For example, Microsoft corporate headquarters runs Lync over Aruba Wi-Fi. Just like you want a map of your wired assets, look for capabilities to automatically generate dynamic wireless maps — WLCs, APs and Clients — from the same single point of control.

7: Keep Stakeholders and Teams Regularly Updated

Your Microsoft applications may be the backbone of your business. Slowdowns, intermittent application performance problems or failures will drive escalations through the roof. Not to mention bringing productivity, Ops and even revenue to a halt. Customizable reporting
(by application, by servers, by location, etc.) and automatic email distribution capabilities (daily, weekly, monthly, etc.) will help to keep cross-functional team members and stakeholders in the know. Get in the habit of periodically analyzing all performance data to identify problematic trends early on, properly plan capacity, and justify investment on additional resources.

Maintaining network performance can sometimes feel like a gargantuan task, with issues seemingly coming out of nowhere. However, many of these unforeseen problems can actually be anticipated and avoided with the correct monitoring solutions in place.

Microsoft announced in their security bulletin for November that a vulnerability in SChannel could allow remote code execution, nicknamed WinShock (CVE-2014-6321). The Microsoft Secure Channel (Schannel) is the security package that implements SSL/TLS in all supported versions of Windows server and client operating systems. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. It has an overall CVSS severity rating of HIGH with a exploitability rating of 1.   Winshock

Ipswitch immediately assessed all of its products as soon as we became aware of the vulnerability. Many Ipswitch products rely on Microsoft Windows Schannel security provider for secure communications. To protect against this vulnerability, it is recommended that all customers apply the November 2014 patches to all Windows servers and clients running Ipswitch products. The November patches also include other critical security fixes, including another remote code execution vulnerability (MS14-064), so please install all of the updates.

Please find specific instructions in this Ipswitch Knowledgebase article. As always it’s recommended that you test updates and carefully monitor the production system after making any changes.

If you have additional questions, please contact your Ipswitch account manager or preferred reseller.


Yesterday we announced that we are providing systems administrators and IT teams with free tools to monitor application availability and performance for Microsoft™ Active Directory, Exchange, IIS and SQL Server applications. Systems administrators thrive in an open source world. These free tools are powerful, yet designed to be as easy to download and use as apps from the Apple or Google app store.  free

The four free application performance monitoring (APM) tools will pinpoint problems stemming from Microsoft IIS, Active Directory, SQL and Exchange.  Sysadmins can use these tools to help solve the problem they are currently having with these popular applications.

Ipswitch Free Tools that monitor availability and performance in Microsoft environments include:

Simple Solutions for Complex IT Problems

For organizations that need more robust monitoring solutions, Ipswitch WhatsUp Gold™ network and server availability monitoring software empowers IT teams in to improve the performance and availability of their complex IT infrastructure. Ipswitch WhatsUp Gold allows IT teams to gain the visibility and intelligence they need to solve problems on their networks, applications, and servers before end users experience problems.

Word has quickly spread that a serious weakness has been discovered in the Secure Sockets Layer (SSL) protocol that allows attackers to silently decrypt data that’s passing between a web server and an end-user browser.

All reports indicate that this vulnerability affects the SSL protocol itself and is not specific to any operating system, browser or software/hardware product.  This is an information disclosure vulnerability that allows the decryption of encrypted SSL 3.0 and TLS 1.0 traffic.  It primarily impacts HTTPS web traffic, since the browser is the primary attack method.

SSL and TLS are two of the industry standard technologies that Ipswitch File Transfer solutions use to encrypt data while in-transit.  Additional technologies such as AES transport encryption, PGP file encryption, and the encrypted FTPS and SFTP protocols are also used to secure data.  As always, we recommend a defense-in-depth approach for protecting sensitive data.

At this point the vulnerability is not considered a high risk.  Ipswitch is closely monitoring the situation closely and will implement recommendations and provide updates if this turns into a serious threat.  We agree with Microsoft’s recommendation to prioritize  the RC4 cipher suite and to enable TLS 1.1 in client and server.  And given the choice, use the unaffected FTPS and SFTP protocols (and not HTTPS) until this vulnerability investigation is complete.  Microsoft has also issued a fix fix that enables support for TLS 1.1 in Internet Explorer on Windows 7 and Windows 2008.

Take a quick read of Google’s Terms of Service or Amazon EC2’s SLA Exclusions and you’ll see examples of how cloud platform vendors limit their governance and control responsibility.

So what happens when you put your business in the cloud and then the cloud goes down?  Just ask Foursquare, Hootsuite, Reddit, Quora and others who endured the recent EC2 outage that hobbled their websites, resulting in lost revenue and strained customer support teams.

Chances are some of your critical business processes have already moved to the cloud.  But you still need to know the instant one of them fails.

So how should you treat vendor platforms such as, Amazon EC2, Rackspace Cloud Files and Microsoft Azure?

As the saying goes, “don’t rely on a fox to guard the chicken coop”.   Don’t rely solely on your service providers to alert you of inaccuracies or outages that they themselves have caused…. Service provider dashboards will be of no use when they themselves are responsible for failure.  A governed pipe will instantly give you that information.

Our suggestion is to treat cloud platform vendors the same way you would treat any other vendor.  Manage all file and data interactions, with visibility, management and enforcement… And carefully craft SLAs that represent end-to-end services and link them to easily trackable key performance indicators.  Cloud does not solve all your data issues on its own, but you can and should leverage your Managed File Transfer (MFT) solution to extend and govern the cloud.

By Andrew Couture, Sales Manager| North America

Finally! After days, weeks, or maybe even months of researching, evaluating, budgeting, and securing approval, you got the green light to purchase new software. But now what? You know that the product meets your requirements because you were able to test it out during your evaluation period, but now the rubber meets the road, and you are tasked with implementation.

All eyes are on you and how quickly you are able to extract the value from the investment your company just made. It may be the key to your big promotion, and you know that if you could just move the deadline out a few weeks or could get some additional help, you could knock this out of the park because it is not difficult…it is just unfamiliar.

Consider this example: Let’s say you had no idea how to use Microsoft Excel and your boss suddenly needed some numbers crunched, preferably with corresponding graphs, and she needed it immediately. Now, Microsoft’s Office Suite programs are known for being pretty intuitive and there’s no doubt that with a few hours and a lot of patience, you would figure it out and do a fine job…the problem is she needs it now.

So what do you do? What most people do is find the resident Excel expert and get a crash course in the functions to use, the shortcuts to save time, the best way to display certain calculations, etc. and lean on that person to help give you the training you need in real-time. Your output is that much better, that much faster.It’s not that different when it comes to investing in Training or Professional Services for more specialized software. Sure, you can figure it out on your own and you’d do a great job at it, as long as you are given the time. But even with the most intuitive and easy to use products, tapping into a knowledge expert speeds up the implementation and provides visibility into things that you otherwise might not discover.

It’s kind of like this: Any experienced hiker can climb a mountain for the first time and eventually reach the summit, but given the choice, having a guide who has done it before will get them there the quickest.

The Basics of WMI and Why You Need to Monitor It

WMI is short for Windows Management Instrumentation. The technical definition for WMI is the infrastructure for management data and operations on windows-based operating systems. It is based upon the Desktop Management Task Force (DTMF) standard and is a specific set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification….

I know, that seems like a whole bunch of technical jargon that still sort of leaves you wondering, what the heck is WMI and why is it important?

Basically, the purpose of WMI is to define a  non-proprietary set of environment-independent specifications which allow management information to be shared between management applications. It prescribes enterprise management standards and related technologies to work with existing management standards such as DMI and SNMP, and compliments them by providing a uniform model. Based on the Common Information Model (CIM), which is an open standard that defines how managed elements of an IT environment are represented, WMI includes most of the Microsoft applications available today such as SQL Server, Microsoft Office, Internet Explorer, and others.

So why is the ability to monitor WMI enabled applications and devices? Well due to a constant increasing exposure of management data through WMI in windows, more and more IT administrators and managers started to develop scripts and automation procedures based on WMI. This has since lead most management software companies in the world to become WMI-enabled and capable of consuming and providing WMI information through various user interfaces.

WhatsUp Gold was one of the first network and application management solutions to fully support WMI and offer complete monitoring capability for WMI enabled desktop and server OSs and applications. Using WhatsUp Gold WMI monitoring capabilities, network managers can immediately understand the health of their servers and applications to pro-actively understand and resolve issues before they become real problems.

In an earlier entry, Back into the Fray, I listed what has changed and has not changed after I left enterprise networking and I joined Ipswitch. One of the items that changed was VoIP. VoIP seems to have fallen under what is now termed unified communications.

Both Microsoft and Cisco have staked places at the unified communications table. But what does unified communications really mean. Is it VoIP? Is it IM? Is it collaboration? Is it email? Or is it all of these things melded into one?

What ever it is, it means only one thing to network managers. How much effort is it going to take to manage?

From this one question we can deduce a number of other implications to an already saturated infrastructure and the ability to manage yet another cool technology someone just had to have.

If it is server centric, read Microsoft, this means more server focused hardware to manage. How will this server based infrastructure be managed? Not only is there additional server hardware to manage, but also license management (read CALs) to ensure EULA compliance. 4000 IP phones, means 4000 CALs, unless Microsoft is changing their licensing model.

Or networking gear centric, read Cisco, this fits nicely with most existing installed infrastructures and most of the management capabilities are already in place.

QoS management for VoIP is key to the whole effort of unified communications, QoS is network centric not server centric.

I’m not trying to take a slanted view of one company over another, just what make sense for an organization. If it was a network that I was responsible for, I would choose the network centric approach over the application centric approach every time.