Discussion in 'Servers and Enterprise Solutions' started by TheOracle, 22 Jan 2020.
yeah I can imagine there’s some very dodgy networks out there
The issue is the return for the DSP Toolkit isn't phrased to allow you to put in we're 90% complete. It's an all or nothing statement.
Looking at what we can put in place to inform us, products such as Snow, Deskcenter, Iventi, Remedy etc but even then there will be some manual trawl to be done.
We got our cyber essentials plus certificate today
Can’t say I was impressed with the process, but we passed
Did you have any issues remediating workstations remotely? What about all the laptops for everyone working from home?
No, everything is handled automatically via SCCM and the laptops are on Microsofts always on vpn
The auditors setup a teams meeting and we simply shared the screen so he could check stuff
I wonder how much Microsoft et al paid to have 'latest versions' a requirement? I've been out of it over a decade but when I was - preipherally - involved, we had standard versions of software which were often many years out of date. We then ensured they were up to date wrt patches etc.
Everything in IT is a ticky box exercise.
Nice one. I would argue that a significant part of CyberEssentials is to get your underlying infrastructure setup properly, so when it comes time to prepare for the audit, things are pretty much already there.
Software doesn't patch itself, and as vendors release new versions of software (a market necessity to stay relevant in a constantly evolving world), by simple necessity at some point they have to stop supporting older versions (most big software companies support n-2 versions). However, security vulnerabilities and bugs are still found in older un-supported software versions, so what would you propose is the solution? Answer: you have to stay up to date if you want to be even remotely secure. It's nothing to do with "Microsoft paying", it's simple economic reality, supporting every version of software ever released is just not feasible, and would be a terrible waste of precious developer resource.
I don't get this hatred for patching. Staying up to date is essential for security, compatibility, and supportability, and anything that promotes the improvement of these practices and the underlying tools that support them (like SCCM), is a good thing.
It wasn't a hatred of patching; it weas a desire for a consistent stable platform across thousands of PCs.
Microsoft normally supports products for 5 years or more, don't they? So you're saying you want your estate to stagnate for 5 years? An estate that remains untouched for 5 years is not a stable estate. New software products that your users might need come out in that time, and they will have compatibility requirements of their own (because the vendor will have only tested against modern OS releases). And because it's been untouched for so long, there is nobody in the company that actually knows how to update the estate (there are no practices, tools, procedures), and the users are used to their machines never being touched, so it would be super traumatic for them when you did do it, and then on top of all that, when you were finally forced to update things (at which point this has become bigger than Ben Hur), the change would be so big because you'd left it for so long, that it would be a shock to the employees and error-prone to deploy. Frequent small changes are far better than infrequent big changes, not only because there is less change in between updates, but because by doing more of them, you get better at testing and deploying them.
I think windows 10 is 18 months
Our estate is 4,000 client devices managed by four front line technicians. We manage with ease. So long as you have the back end setup right, that's key.
It's a laugh trying to get CE+ when all your infra is 8 years old - Erm i could update Java, but i need version xxxx for the old SAN GUI that doesn't work with anything newer.
Why are you on this version of ESXI? Well our servers don't support the latest version...
Don't worry, you'll pass. It's a complete joke. The auditor will simply tell you to ensure at least one machine has the latest java, and they'll basically run their tests on that one machine.
We were in the same boat. The dell equalogic sans require java 6, so.... and we still passed lol
Exactly, we’ll have equallogic until the end of days.... we’ve been trying to get rid of them for years. (But I do really like them...)
Who were the auditors? (asking for a friend ) though CE was never about being accreditation as such and more about showing your "on the ball" to a degree. I did use it as an argument for getting sign off on some new equipment thanks to some servers no longer being supported by the later versions vmware so its useful for something. I see vmware are also looking at requiring tpm, so thats another one to add down the line!
re Oracles Java, dont you need to be licensed for support now? or does that not apply to the older versions? i was glad to see the back of that on our network for sure.
We went down from 4, to 1 and 1 compellent. The compellents are brilliant. Still, that one we do have means at least my machine needs java 6 lol
Yes Microsoft have silently killed AppV, the replacement is MSIX...
Separate names with a comma.