Select Page
Hidden Ransomware as a VM Valentine (Video)

Hidden Ransomware as a VM Valentine (Video)

Apparently ransomware is now installing a virtual machine inside the hacked computer in order to avoid detection.  We’ve entered a new phase of devious behavior!  How will your company avoid the new forms of ransomware hidden in your system’s shadows?

Hidden Ransomware

Hackers Exploit Your Pixie Dust Trust

Please make sure your users are safe!  I think the only way to avoid all this malefic malware is to adopt a Zero Trust attitude, bringing in an IT expert with a Zero Trust philosophy if necessary.  Think of it this way — do you let a technician into your home to work on the AC unit, just because they have the right shirt on?  Did you call them?  Are they “safe”?  Do they take their shoes off and keep their N95 masks on?  Some of us will allow them in, some will not.  At this time, I have immune-compromised folks at home, and that technician isn’t coming in.  I’ll live with a busted AC unit for now — it’s not worth the risk.

 

Is your PC worth the risk to allow untrusted software in and run whatever, wherever it wants, with whatever bugs it brings with it?  I think not.  When it comes to the technology that enables your business, it can be easy to trust your users because you see them as good people, as your helpful team.  But the magical thinking of an IT fairy tale will not protect your team from hidden ransomware dangers, especially those that appear deceptively dressed in a VM.  You can trust your team without trusting their machines or their software.

 

Made in the Shade

Are your systems safe from ransomware hidden in the shadow of a VM?  Companies enabling remote connectivity for their teams may have put their data at significant risk by taking shortcuts to ensure business continuity.  Rushed IT policy often creates vulnerabilities that hackers can easily exploit.  Malware can get into your network by posing as something friendly to your system.  Hidden ransomware, now lurking as an amicable virtual machine, creates troublesome tenements for remote teams.

 

Ghosting the Hackers

Hidden malware is only one challenge you have when connecting your teams to company data.  Fortunately, remote access and remote control utilities, when done properly, are tools that allow companies to connect home users to corporate data securely and efficiently.  You can keep your team safe from malicious valentines, even when they appear in the form of a friendly VM.  With protective IT policies in place, including a Zero Trust approach to the machines that make your business run, you can ghost the bad guys trying to unlock your data and prevent their hidden ransomware from accessing your system.

 

 

 

To learn more about remote access and remote control utilities, please watch one of our IT strategy videos here:

 

 

IT Strategies for Remote Teams (Video)

IT Strategies for Remote Teams (Video)

Brad Feakes Director Professional Services
Brad Feakes

SVP Epicor Services, Professional Services

Daryl Sirota – Director, Technical Services
Daryl Sirota

Technical Services Director

 

Brad and Daryl talk about IT strategies for remote teams

 

Brad and Daryl sit down this week for a Q&A style chat to unravel a few of the complex IT issues in today’s work from home (WFH) environment.  At a high level, Daryl emphasizes how we should not make the mistake of trying to plug pieces of cloud software together expecting them to work properly.  That is almost impossible to do effectively without the appropriate policy to guide the technology.  You will need to understand how you will provide guidance to your end users faced with a variety of remote work environments (working for a cafe, home office, etc) and the new tools you will use to manage staff.

 

They move on to talking about some of the end-user WFH problems from asking the question “what does work from home mean?”  to discussing what technology can be used to help get users up and running while also creating business efficiencies.

 

Throughout the discussion, Daryl covers a variety of other topics such as data security, public vs. home wifi, two-factor authentication, remote access vs. remote control utilities, data access, machine vulnerabilities and many other topics.

 

Brad and Daryl do an excellent job of taking some big, complex issues around WFH and explain the issues that every business owner needs to be aware of as they navigate moving their staff into the cloud and potentially hiring a company like EstesGroup to help them with their remote IT management.

 

Of course, you can always reach out to our managed IT services team.  We’ll help you throughout the entire process of moving your company into the cloud and help you avoid the costly mistakes that can put your entire business at risk.

 

Are you having issues with or have questions about your current IT management? Contact us today.

An End User’s ERP History – from Baan IV to E10

An End User’s ERP History – from Baan IV to E10

ERP

Back when I still worked for a manufacturing company, in a magnificent sprawl of factory and office buildings, I had a reputation for being a fast walker.  I’d bustle through the labyrinthine hallways of the office and scale the grand aisles of the factory.  With my head down in a shoegazer’s stride, I’d often come into near collisions with whiteboards or drill presses.  At the time, I was shaped roughly like a college linebacker, and my coworkers would clear the path when they saw me coming.  “Slow mind, fast feet,” one of my supervisors once remarked.  When people asked why I walked so fast, I replied, “It’s hard to hit a moving target.”  In a company that had a reputation for random layoffs, this was a sufficient answer — an insider’s aphorism.

 

ERP systems are rarely a moving target.  A stationary target is usually either a soon-to-be-victim or a roadside misfortune.  When I first entered the business world, my company was replacing its mishmash of homegrown systems with Baan’s flagship ERP solution, Baan IV, well before the panic of Y2K.  New to the company, and still learning what I could do to get by, it was no big deal to me.  But to my wiser, more experienced coworkers, it was an all-out affront to their sensibilities.  These were folks accustomed to the keyword-laden world of green screens and shortcuts, for whom the art of the double-click was still a work in process.  So, the transition took a while, in spite of the new software being pretty solid.

old computer

Baan, as the company proper, went into a tailspin shortly thereafter, and its software was absorbed into countless versions of other applications.  I once sat down with a veteran consultant who had been with SSA Global and then with Infor during these transitions.  He gave me the entire evolutionary history of the Baan product over a burger and fries.  It was quite a mouthful coming from one of the application’s dedicants.

 

When it came time to replace our own ERP system, the manufacturing company I was with opted to move to Epicor’s Vantage ERP system.  Compared to Baan’s Unix-based architecture, Vantage’s look and feel seemed pretty modern and user-friendly, especially in the mid-to-late 2000s.  Now, Epicor’s manufacturing ERP product had its own special evolutionary history, and we happened to hitch a ride to its moving train while it was plowing forward at full speed, but still halfway from its destination.  Vantage had originally been architected using the Progress 4GL business language, both at an application and database level.  But as Microsoft became the dominant application platform, the company opted to begin a migration process to a fully Microsoft-centric stack.  And a long strange trip it’s been.

From my own starting point, I’ve been able to watch other customers navigate the challenges of simplicity and performance vs. currency and maintainability, all the way through to the challenges of new functionality vs. platform stability. 

Brad Feakes

SVP, ERP & Professional Services, EstesGroup

 

Epicor’s Vantage 8.0 version was the first step in this evolution.  Being a client-server application, they replaced the Progress client with a Windows-based client, while retaining the Progress business logic layer on the server.  Better still, they now provided the option for a SQL Server database.  The initial results were… bumpy.  One can imagine why combining so many architectural layers would certainly be a veritable middleware nightmare.  Earnest effort went into remedying these issues, and the result was Vantage 8.03, a more stable version of 8.0.

 

A major functionality uplift had been teased for a number of years, under the guise of “Version 9.”  While still possessing the same basic backend architecture, the features and capabilities of the new version were to be a real advance from the current release.  The first installment of this promise was Epicor version 9.04, and the results were less than optimal.  Sure, the functionality was there, but the performance was abysmal.  At my own company, we never got so far as to implement 9.04, given that 9.05 was released on its tail in short order and addressed some of the issues that plagued its antecedent.  But at some point, it became known that 905 itself was going to be the last major release on the current architecture, that the next major release would be devoid of the Progress-based 4GL backend, and that in its place would reside an entirely Microsoft-centric server-side stack.

product management erp module

This finally came to fruition with Epicor’s version 10.  And the challenges experienced by the user community were similar to the previous versions.  In moving to E10, Epicor essentially rewrote much of the application’s backend, turning those in the end-user community on the bleeding edge essentially into beta testers.  The challenges of working through the kinks involved were significant.  Now a consultant and no longer a customer, I experienced the application from a new perspective as I tried to confirm just which of the legacy version’s features could and could not be supported by the new version.  Working in some of the more complex areas of the application, such as product configuration and MRP, I’ve encountered many show-stopping issues that put customer implementations in holding patterns.  As with 904, a relatively small subset of Epicor customers went live on 10.0, many opting to wait until 10.1’s more stable version was released.  Since 10.1, the version has been remarkably stable, with each new version offering more and more capabilities without undermining previous functionality.

 

My ERP journey over the past 20 years has been a long, strange trip indeed.  From my own starting point, I’ve been able to watch other customers navigate the challenges of simplicity and performance vs. currency and maintainability, all the way through to the challenges of new functionality vs. platform stability.  Looking back, I’ve wondered if I’ve learned anything from my IT travels.  Though I won’t scribe any hard-and-fast rules into marble, there are a few things that are worth mentioning:

  • Software goes through cycles.  The stability, capabilities, and performance of an application all vary over time.  Understand this and plan accordingly.
  • A company’s success with an ERP implementation varies according the point in the cycle where they enter the fray.  Entering on a stable version might not give you all the bells and whistles you desire but will likely make for a more successful implementation.
  • Stability applies to an ERP vendor as much as it does to their software.  When you engage an ERP vendor, it’s good to understand the company’s stability.
  • An unstable vendor may quickly devolve into an unstable platform or, worse, into an unsupported platform.
  • When upgrading an application to a more recent version, be leery of the “bleeding edge” syndrome.  All other things being equal, it’s good to let the major version of an application settle down before taking it on.  Premature adoption can lead to catastrophic implementation.

Interested in having us help your business?

EstesGroup and Alliance Machine Interview (Video)

EstesGroup and Alliance Machine Interview (Video)

Bryan Provo, President

Alliance Machine, Inc.

Bruce Grant, President & CEO

EstesGroup

 

Bryan Provo explains why working with EstesGroup is critical to his success

 

Alliance Machine’s Bryan Provo is President of his family’s 2nd generation manufacturing business based in Elk River, MN, north of the Twin Cities. For 30 years, his company has delivered high-value solutions to the aerospace, defense, medical and technology industries. 

 

When EstesGroup originally engaged with him over 5 years ago, Bryan’s mind was fixed on having hardware on-site (exactly where cybercriminals could access it). In conversation with Bruce Grant, Bryan explained his transition from wanting full access to his own hardware to wanting complete IT and security management from EstesGroup experts.

 

Bryan explained the challenging times that brought on his IT change: “I felt it was too difficult to manage the hardware portion.”

After a nasty ransomware experience two years ago, Bryan set out to find a managed IT service provider and, after many phone calls and after reaching out to multiple vendors, he partnered with EstesGroup. He realized, in his own words, “They had exactly what I was looking for.” 

 

Bryan summarized the success of bringing EstesGroup fully aboard for his IT needs: “It’s been an absolute heaven-sent.”

As you will hear in the interview, Bryan has experienced, and thoroughly knows, how difficult server crashes were before EstesGroup began managing his IT. Please listen to Bryan Provo explain various strengths of his partnership with EstesGroup in the following short videos, taken from the full interview with Bruce Grant:

Why EstesGroup Managed IT?

Why EstesGroup Cybersecurity?

Need help with your ERP or IT systems? Contact us today.

Epicor User Security – Allow Multiple Sessions (Video)

Epicor User Security – Allow Multiple Sessions (Video)

Your Epicor Application is In Session

 

Over the years, we’ve worked with a number of fledgling ERP administrators on resolving Epicor user security and user account maintenance issues.  One common quirk with Epicor user account maintenance relates to the flag that allows multiple concurrent sessions (in the database: UserFile.AllowMultipleSessions).  This is a powerful checkbox, significantly affecting a user’s experience of the application.  The best way to deal with Epicor user security troubles is to understand the functionality of the application, and our hope is that in this example, we can show you one way to avoid ERP administration headaches.

The multiple concurrent sessions flag itself is set via the Epicor User Account Maintenance screen:

 

The “Allow Multiple Sessions” checkbox defines whether a user can launch multiple sessions of the Epicor application.  This lets the user log in multiple times and interact with the environment and with the system from either session.  This can be helpful in performance-constrained environments, where a form might “hang” for a number of minutes and necessitate the use of a second session for subsequent parallel activities.  But none of this is possible if the checkbox is not set.  In practice, the setting of the “Allow Multiple Sessions” flag has two primary effects for a general user.

 

For customers working in multi-company or multi-site environments, when this flag is not set, a change to a user’s current company and/or site will force all open forms to be closed.  This does not occur when the flag is set:

 

 

 

If this checkbox is not selected, a user can only have one instance of the Epicor ERP application open at a time.  If they log into a new session while already logged into the system, the older session is deleted.

 

 

Once logged into the second session, the user will receive an error from the prior session, with a warning that the session has been cancelled:

 

 

Gaming the System

 

It’s surprising how significant the influence of enterprise systems is on manufacturing and distribution companies.  The configurations of these systems frequently determine the rules of the game that companies and their users have to follow.  Because of this, you have to choose your systems carefully and work to understand the rules by which they play.  

 

In an Epicor application context, dialing in the system to support the needs of your end user community is a key step in both the implementation and the ongoing maintenance of your Epicor installation.  In addition, it is important to understand how a company’s security involves more than just firewalls and endpoints.  Within a company’s domain, and within its core applications, it is important to understand what users should and shouldn’t be able to do.  In Epicor, many of these IT security permissions are defined through the User Account Maintenance screen.

 

Whatever your enterprise system of choice, make sure to leverage its security permissions to empower optimal user productivity, while also minimizing risk.  Beyond the bounds of Epicor user security, make sure to draw in all of your resources to create protective guidelines for your user community. 

 

Are you having issues with, or have questions about, your Epicor 10 ERP Application area? Contact us today.