Feeling fairly pleased than the launch of our new web site using Umbraco CMS platform has gone smoothly.  Looking forward to the upcoming client projects using Umbraco as it has some very clear advantages over SharePoint publishing

We are giving away our top 5 one time password (OTP) integration points to give you some pointers and assistance in the right direction when setting up and configuring your strong authentication solution.

Our Top 5 includes: Integration with Microsoft Outlook Web Access (OWA), Miscrosoft Internet Information Service (IIS), Microsoft Internet Security & Acceleration (ISA) server, Microsoft Threat Management Gateway (TMG), Microsoft Internet Application Gateway (IAG), Microsoft Unified Access Gateway (UAG), Citrix Web Interface (CWI), Citrix XenApp, Citrix XenDesktop, Microsoft Inernet Authentication Service (IAS) and Microsoft Network Policy Server (NPS).

Download your copy of SymTex Top 5 One Time Password (OTP) Integration Points

We've just released a free tool for DBAs and systems administrators to check common and well known problems with Microsoft SQL Server databases.

The tool supports all editions of Microsoft SQL Server 2000, 2005 and 2008 providing the user with a graphical PDF set of recommendations and environmental information.

To download and install the small tool visit http://www.symtex.co.uk/healthcheck

As the economic climate continues its hold managers and business owners are continuing to seek tangible opportunities to reduce costs and increase efficiencies. On initial consideration the feasibility of this appears to be an enigma however complacency and time pressures in organisations of all sizes reveal intensive manual processes, repeat data entry, disconnected systems and burdensome administrative tasks which can easily be streamlined with a low investment in custom software.

• Streamline Operations
• Increase Workforce Efficiencies
• Connect your Mobile Workforce
• Increase Operational Efficiencies
• Slash Duplication of Effort
• Reduce Operating Costs
• Remove burdensome Administration

Successful departmental and core line of business applications can quickly outgrow their original purpose leaving slow performing spreadsheets and database applications which are prone to corruptions and support only a few simultaneous users.   
Typically many organically emerged in-house application do not perform well over mobile and wide area network connections and as business acquisitions, new offices setup and home working grows in trend supporting mobile field staff and a disparate workforce needs smart and secure connectivity solution along with specialist and custom software solutions.    
Return on investment can be easily calculated to support investment justification by calculating the amount of man hours saved versus the cost of development.    
For example an estate agents inputting new rental property has spend the past five years inputting the property information to internal spreadsheets then check with the accounts team then re-enter the information onto the company web site and place the property with several advertising media taking 3 hours each. The custom software removes duplication in this pipeline, provides integration with accounting systems, third-parties and internal departments to reduce the operation to 30 minutes freeing up the salesperson to generate more leads and develop new opportunities. In this real world scenario the business gained over 83% efficiency saving in a workforce of 12 staff for processing sales of rental properties.    
The business case writes itself and as a department manager or business owner you can decide to run the operation with a smaller team or increase volume.    
Custom Software is not for every requirement but does allow you to define the way you want to work without confirming to an off-the-shelf package that is designed for the mass market.    
SymTex are specialists in custom database and software development building robust solutions for SME public and private sector clients including big banking corporations, insurance giants and national utility companies working nationwide.

Tell us about your database and software challenges.   

Security of data is a primary concern for many businesses and securing the network identities that have access to this critical business information is a key success factor for business operations. This increased concern is greatly due to the change in the way applications are developed and accessed giving users the ability to perform their business tasks from outside the security and confines of a business's private network. Allowing this additional flexibility of working beyond the confines of the private network brings with it an increased level of risk from unwanted attacks.

Strong authentication solutions such as one time passwords (OTP) with tokens and Public Key Infrastructures (PKI) based logon with smart cards, which have the ability to withstand many common attacks, help to protect an organisations valuable data. The implementation of this strong authentication is very flexible and can be integrated into a business infrastructure at various key points dependent upon the business requirements.

Strong authentication methods can be applied to user logon at:-

•A domain
•Internal Websites
•Intranet applications
•Outlook Web Access (OWA)
•Virtual Private Networks (VPN)

Which in turn gives a user the ability to securely perform their daily work tasks from anywhere with an internet connection. Two factor authentication (2FA) and three factor authentication (3FA) can drastically reduce the frequency of online identity theft and other online fraud due to the victim's password no longer being sufficient to give an attacker access to their information.

Both Public Key Infrastructures (PKI) and one time passwords (OTP) introduce a second factor in to the authentication process. It is the introduction of this second factor that increases the security of the authentication process. When referring to authentication, a factor is a piece of information used to verify a person's identity for security purposes.

The three most commonly recognized factors are:-

•'Something you know', such as a password or PIN
•'Something you have', such as a credit card or hardware token
•'Something you are', such as a fingerprint, a retinal pattern or other biometric

A one time password (OTP) is an effective method of implementing a strong authentication solution. The OTP is commonly generated on a physical device such as a token and is entered by the user at the time of authentication, once used it cannot be reused which renders it useless to anyone that may have intercepted it during the authentication process.

By replacing your businesses weak user name and static password security with this one time password strong authentication solution, you are guaranteed to increase the security of your network infrastructure by eliminating the possibility of a users logon credentials being stolen while using an unsecure network location. Even if a hacker can obtain the user's name and password, they will be unable to copy the content of the token which generates the OTP, and therefore will be unable to access corporate network resources.

For further information regarding strong authentication please visit the strong authentication section of the Symtex website

Inheritance

When developing software applications the use of inheritance can greatly reduce development times by allowing the reuse of code with little or no modification by building on classes that are already defined and available to the developer.  This is achieved by forming a new class, known as the derived class, which takes over the attributes of a pre existing class which is known as the base class.   The question is how does this actually assist the developers to build a project more efficiently?

Consider a class called Person that contains a person's name, address, date of birth, sex, and phone number.  Now consider a class called Employee that will contain employee number, salary, holiday entitlement, employee name, address, date of birth, sex and phone number.  The employee class contains the same details as the person class with the addition of the employee number, salary and holiday entitlement.   Rather than creating the employee class from scratch the person class can be used as base to build on.  The employee class will inherit the pre defined attributes from the person class and the developer can add the employee number, salary and holiday entitlement to it. 

My Findings
The main issue I have come across when taking over pre existing projects is that people lose sight of which class the methods and properties should be located.  On simple class definitions like above it is easy to see why the person class has the attributes it does and why the employee class inherits the person class and adds the extra attributes.  However on larger more complex project this can become more difficult especially when the requirements of a project are constantly changing.  When I have picked up project like this making the changes to the classes to rectify these miss placed attributes can be time consuming activity but I have found that it greatly reduces development time in the future due to there being less confusion and a greater understanding of how the classes work together.

What I would like to know is if this lack of sight is a common development issue or have I been unfortunate with the projects that I have inherited from other development teams?  Your experiences of this kind of issue would interest me greatly.

This question is not unique to non-software developers, often we encounter this scenario internally, and being a development company you would imagine from the outside our software was all singing in perfect harmony with workflows, integrated CRM and web site etc... and we're working on it.  However if I had my way the choice would be to build a customised solution from the ground up; integrating with all existing applications in the environment, Accounts, CRM, Invoicing and so on using SaaS (Software as-a Service) to loosely couple distinct functional tools and products used throughout the enterprise together. 

The benefits developing bespoke SaaS solutions is that when you come to implement they behave exactly as you specified and achieve the job from day one, albeit a few minor bugs to work out.  The alternative is selecting an existing product which may well not be open-source and introducing a dependency on external vendors to build in new functionality, provide bug fixes and the like.  However the investment is normally low when considered against how much time it would take internally to develop and test internal solutions and of-course at the distraction to business as usual activities and neglecting potential business growth, networking and sales opportunities.

So how do you decide whether to build or buy?  From a commercial view the right questions need to be asked to discover total cost, timescales, ongoing support, contractual requirements, dependencies and service level agreements.  Often SLAs don't work too well internally as the concept to leverage financial weight is lost.  Techies within an organisation will already often be saturated with workload and whilst happy to take on a new requirement this may be outside of core skills and a steep learning curve is required at the cost expense, and often pain, of their employer.

What factors do you consider when choosing to build or buy?

We are giving away our top ten tips to give you some pointers and assistance in the right direction when setting up, configuring and troubleshooting your SQL Server database and estate.

Our Top 10 includes: Disaster Recovery Planning, Spotting Potential Issues, Identify Performance Bottlenecks, Don't neglect the Operating System, Understanding Transaction Logs, Choosing Index Type and Location, Planning for Growth, Locking down Security, Know your Padding and Fill Factors and Redundancy.

Download your copy of Database Administrators Top 10 Tips Guide

With comprehensive database support from SymTex relax and enjoy the holidays.  Let your technical support teams enjoy a well earned rest and put us on-call to support your important applications and keeping web-sites running.

Our support engineers have production exposure to real-world systems, managing and performing DBA duties for Fortune 100 companies. Our depth of experience extends throughout the SQL Server product suite including Analysis Services, Reporting Services, Integration Services, Core Database Engine Performance, code optimisation, clustering, replication, mirroring, log shipping, IIS, ASP.Net security and data encryption.

We setup quickly and continue pro-active monitoring and preventative maintenance for a seasonally generous small charge whilst you tuck into your Christmas dinner and take a well earned rest into the New Year.

Remote working is an essential part work life for businesses all over the world.  The ability to allow employees access to their email and work related files from anywhere with an Internet connection can significantly increase productivity.  With the recent increase of WIFI hotspots and mobile broadband speeds, a remote worker no longer has to be someone confined to working from their home.  They could be a travelling salesman sat in their car updating a sales opportunity after a meeting with a client or a director of a business catching up with their emails from an Internet cafe in an airport while they wait for their flight.  Allowing remote access to a corporate network brings with it huge risks regarding the perimeter security, however, if managed correctly these risks can be hugely reduced.  During the last month I have been working on a client's site introducing new security measures to ensure that the risks associated with their remote workers do not out way the advantages that they bring.  With the introduction of a Remote Authentication Dial In User Service (RADIUS) Server accompanied by an Internet Authentication Server (IAS), a solution was provided giving all remote workers two factor strong authentication when connecting to their corporate network.  The key requirements were to secure access to the Virtual Private Network (VPN), Outlook Web Access (OWA) and the corporate intranet.  The solution used One Time Passwords (OTP's), which were generated using tokens associated with each user, in addition to the user's regular user name and password.  Although two separate authentication methods were being used, the Single Sign On (SSO) technology used meant that the remote worker only had to provide their logon credentials once.