28 Dec

SMTP Relay on IIS for Exchange Online

Microsoft Office 365

On March 1, 2018, Microsoft will disable support for TLS 1.0 and TLS 1.1 protocols in many of its online services. That means TLS 1.2 or later version will be only allowed in browser-server and client-server connections. It is a good move and security enhancement. You should not even see this change unless you use the old legacy software.

During the past few weeks, I have been working on the project related to the implementation of the GDPR law for one of my customers. One of the milestone tasks was a migration to Office365 and Exchange Online. They were using external email service from one of the national providers so far. One of the applications they are still using is the on-premise CRM – I cannot name the product, but it has support from the vendor and every few months users get a new release. However, this CRM does not support TLS at all in deployed version, only the SSL, for connection to the SMTP server. It was not a problem for previous email service provider, but Microsoft is not going to enable SSL for you just because you need it.

Even in small company changing or upgrading the CRM is not a quick and easy task, so it was not an option in this case. So I had to make changes to SMTP service. My choice was to install SMTP Relay.

 

Read More

26 May

Why having cloud load-balancer for on-premises services is not a good idea?

Cloud load-balancer for on-premise services is not a good idea

We were thinking about redundancy options for CCIE.PL today. There are few restrictions we have there, both came either from policy or our personal thoughts about several aspects of paid services and sharing admin access. But simply we are thinking how to automate failover in case our primary server or database have problems. Easiest solution would be to use Cloudflare free tier service but let’s say we don’t want to do this now. So we were looking on the other options and there was an idea that maybe we can use cloud load-balancer for on-premise services. First thought – it’s brilliant. On second thought – definitely that idea was wrong. Let me show you why.

Read More

19 Apr

How to add network device to Microsoft Operations Management Suite using syslog

How to add network device to Microsoft Operations Management Suite using syslog

Microsoft Operations Management Suite is nice, and in some cases free, tool to manage and search through logs. But it’s dedicated to Windows and Linux operating systems by default. In many environments, especially those most secure ones, huge amount of logs are generated by network devices. Firewalls placed on the edge between Internet and DMZ zone quite often are set up to log all denied connections. Those firewalls can produce significant volume of logs that need to be searched and analyzed. Microsoft Operations Management Suite seems to be perfect tool for that but there is no native support of such feature. But we can implement this doing small workaround. Let’s look how to add network device to Microsoft Operations Management Suite using syslog.

Read More

13 Apr

Microsoft Operations Management Suite – powerful log analyzer in Azure (in 10 minutes for free)

Collecting and processing logs from all systems and network devices can be a nightmare for any systems admin. Searching through them and performing security audits can be a nightmare for security team if collector engine is not powerful enough to process queries in efficient time. Microsoft Operations Management Suite is interesting solution to answer both those problems and add much more analysis giving administrators visibility and control across on-premise and cloud installations.

Microsoft Operations Management Suite runs in Azure which means it’s extremely fast in processing the data. Millions of records are not problem for OMS so we can get Insights and Analytics of what is happening on our servers or workstations, detect and respond to threads or apply proper protection or even put in place some automation in controlling. It’s quick to setup and for many users it can be for free!

Read More