How Can VPN's and the Cloud Benefit Your Business?
Dan: And good morning. It's 8:30, and yes, it's that time. It's time for Bit-Wizards. Thanks to Vince and Sam for coming in this morning. Can you hear me? You can, maybe, sort of.
Vince: I can hear you great, Dan, thanks.
Sam: I can hear you.
Dan: Okay, good. I know where headphone jacks are like [inaudible 00:00:00:14]. Kind of weird. Not doing real well.
Sam: Needs a technology upgrade here.
Dan: Yeah, I think so. Bit-Wizards, do you guys do headphone jacks?
Sam: I don't know.
Dan: No we don't! Okay, we'll find somebody to do that. But we really need to hook you guys up. But anyways, we had a question come off of Facebook, and who was it from? I forget.
Vince: It's from bill and Niceville.
Dan: That's who it was. Bill.
Vince: So we're going to deviate on the show here a little bit.
Vince: Bill asked us to talk about VPNs and so I'm going to let Sam lead that off this morning, and then after we get done with that, we're going to come back and talk about the cloud.
Sam: Absolutely, yeah.
Sam: We just found out just like two minutes ago that the question came in, so I've been quickly Googling to find out what VPN is. I'm just kidding. So that we can talk about it.
Dan: Very perfect man. That's it.
Sam: So VPN stands for virtual private network. And so, network is obvious, the part of that. That's where our computers are joined and can speak to each other. This is very important in a normal work environment, business environment, need to be able to transfer files back and forth amongst the different computers in here. We can do it through wifi, we can do it over a hardwired connection if we have that. But the next part in there is that private, virtual private network. And that's usually where we talk about a network that is locked down from the outside, so you can't get into it. The only traffic that can happen in there is amongst the computers within that network. And that's important to have a private network for your business. So the virtual part of this comes in, where if we say a network typically happens within one building, and in a traditional organization, you have your entire company in one building. You don't have to worry about VPN, you don't have to worry about anything because you already have your private network. But what happens if you have multiple locations for your organization, and you got to have them all talking to each other? Or even better, more use case, is what if you have employees who are on the road? Sales representatives or field techs or a C-level executive who is traveling for work? How do you make sure that they're on that private network but that they're protecting your network? They're not just opening it up to the internet and to the whole wide world to get in there.
Sam: But you've got these different locations or you've got these remote employees that need to be able to be a part of that. And so what we have there is a technology called VPN, virtual private network. And we talk about these as tunnels, a VPN tunnel. So what you're establishing when you have a VPN is a connection from either one network to another as a tunnel through the internet, through the public internet, but it's completely encapsulated and encrypted along the way. So all traffic that goes from one end of the VPN to the other end of the VPN cannot be hacked by anyone else. Even though it's traveling over the public internet, it is completely 100% secure along the way. So why would you want to do a VPN? Well, there's lots of reasons, maybe, but the two biggest ones are, because you have multiple locations, we call that a site to site VPN, where you have each, your companies organizations, or if you have someone who works from home, you set up a site to site VPN from their house back to the main headquarters. And that means anyone who's on either of those networks, it's assumed they're on both networks. They can see the printers on either side, they can send each other files and emails or anything else like that amongst those two private networks. Or the other use case is if you're out and about and you're traveling , or you're on the road, and you need to make sure that your computer has a secure connection back to your primary network. And so there's a couple of ways we can do that. There are some software solutions out there that will help you be able to take care of that. You just buy a program on both ends to do it, but the absolute best way if you're doing this for a business of any size, the right way to do this is with a hardware solution. So we've talked about this in the past on the show. We talk about firewalls, what we call edge devices, the things that you have on your network, on the edge of your network, that connects you to the internet and connects your internal network to the internet. A lot of those have a VPN capability built in.
Sam: And so you've just got to turn it on basically on there and set up a few different things, some secure protocols you got to set up and some passwords you've got to establish between them, so that when the two networks talk to each other, they authenticate that they are who they say they are, and they can get some really deep encryption protocol standards here and talk about the Diffie-Hellman stamina and the AES 256-bit encryption that happens-
Dan: Okay, you just lost me there.
Sam: .. and how the hand shake hands off. But really what it boils down to-
Vince: He's just showing off now.
Dan: I know. He's lost me completely.
Sam: ... these are the things that we worry about when we're sending these things up.
Dan: My eyes are starting to glaze over when you do that.
Sam: But the reason we do this is so that we do this for all of our clients right out of the gate, so that if any of their employees are out on the field or out and about, that they're sitting in a coffee shop or in a hotel or in an airport somewhere, that they are on the internet, but they are not being able to be ... their traffic's not able to be sniffed because it's all going down this direct tunnel. And so that usually is a piece of software that sits on your laptop when you're traveling, and it talks directly to the firewall back at your home base and it establishes that connection. And as soon as that connection is established, all of your traffic is happening back and forth and there's no chance of anybody being able to access your stuff. And additionally, you can still get to the file shares back at your home office. You can still print to the printer if you need to back at your home office.
Sam: And if you do that from a firewall to a firewall, that's a permanent connection, and you don't have to set anything up on anybody's laptops or workstations. As long as they're on the wifi, they're already on that private network.
Dan: That's interesting. Because that was one of my questions, like, if you're sitting in a coffee shop, can you still do that? Because it always says other people can see our information. So if that's the VPN blocks those people out, that's a great deal.
Vince: Yeah. Yeah. The other place that we do this is when we tie you in with the cloud. So one of the things that we're going to talk about today is the cloud.
Dan: Let's do it.
Announcer: Bit-Wizards bits and bytes.
Vince: So today, in talking about the cloud, I wanted to say in a win for ... it was reported by USA Today, in a win for Amazon, that a US judge halted the Pentagon, who awarded a contract to Microsoft for $10 billion to provide a cloud for the Pentagon. And a federal judge ordered that temporary halt of Microsoft's work on the military cloud contract, which is sort of a win for Amazon. Amazon kind of has sour grapes. They say that basically poor President Trump afforded their efforts at winning that contract, but it's part of what's called the Joint Enterprise Defense Infrastructure, or JEDI. Leave it to them to come up with some cool acronym like that.
Dan: Oh yeah.
Vince: And it's going to store and process vast amounts of classified data, and it's intended to improve the Pentagon's communications with soldiers on the battlefield and would use artificial intelligence to speed up its war planning and fighting capabilities. Now the reason why we talk about this is because when we meet with customers, they're often worried about the cloud. I don't want any of my data on the cloud. And the reality is, the cloud is more or less, it's sort of a sexy buzzword for the internet, or at least the next evolution of the internet. And most large enterprises have moved to one of three global cloud platforms. And when I say global, I mean global. They actually have physical cable run underneath the seas and connecting the different continents together. You had the Google cloud, you have the Amazon AWS cloud and Microsoft's Azure. And for small businesses, the cloud is a technology equalizer. Most SMBs, or small and medium business, have neither the hardware budget or the internal support to own any sort of a massive internal network infrastructure. So previously, like I said, only large companies have had the money to invest in that kind of IT infrastructure. But the cloud really democratizes computing and levels the playing field, giving small businesses access to resources that was typically only reserved for large companies.
Dan: So when you do that, though, with the cloud, then you can put your resources, no matter what small business that you have, and with the cloud you can access that from other areas, and it's secure because we've talked about that before. People worry about their information getting hacked, where the cloud is very secure. Like you were talking about before, they've got lots of servers and they've got lots of protection.
Vince: Yeah. I've been to one of Microsoft global data centers, the one in Chicago, and it rivals what I went through to go to Cheyenne Mountain once and go visit Cheyenne Mountain.
Vince: So they do a small background check before you go. Everybody's got special access. You're escorted all the way through. But what I want to point out is what I noticed was that that network operations center, they had a global board up and you could see the lines that ran across the different ocean, and they have basically around 3500 security industry engineers that are looking at 65 trillion threat assessments every day. So they are constantly on top of the security. So when I hear people talk about security in their office and I look over there, and they've got a server room that's a closet, and the passwords taped up on the wall, and anybody can get access into it, and then they tell me they're afraid to put their data in the cloud, I kind of have to chuckle.
Sam: Absolutely. It's something we run into quite a lot, when I'm speaking with potential clients or or people who are looking for us to shore up the security, evaluate their security. A lot of times, they'll talk about how safe it is because, " I've got this storage device here on the network, and if it's on my network then I know it's safe, because nobody else can get in here."
Dan: Nobody can hack that.
Sam: Well, Vince is talking about the the data centers. I mean, Microsoft does everything short of putting a black bag over your head and pulling you into a van off of the street when you're going to go visit one of these things, because you're not out to know the location of them. They're walking the perimeter constantly with armed guards and dogs, and that's just the physical security side of things. And then there's the virtual side of the security in these data centers, and it just makes a lot of sense to have somebody else dedicate all of their time and money and resources into making the absolute most secure environment you could get. You can't win a contract with the Pentagon, whether they take it back or not. You can't win that contract if you can't prove that your security is better than anything anybody else has.
Vince: One of the cool things I saw when I was there, they make you sign an NDA, but certain things are okay to talk about. They're publicly available. But what they have at the Chicago is, they use these shipping containers. Shipping containers, they're divided in half and they use waterside economization in order to make sure that they can provide this in an environmentally friendly way. So basically, what it does is it transfers the heat from one side to the other. And inside of the shipping container are just basically racks and racks and racks of all kinds of computers, all together, just inches apart. And basically, what they do is they come in, and they lower this thing in on the main floor, and they plug it in, the internet connection and the cooling and the electricity and everything. And they let it run. And then the global brain, or the Azure fabric in Microsoft's network monitors this in real time. And when about 67% of these computers go offline or are bad, they basically just unplug it, roll in a new shipping container, and they take those computers out and they refurbish them. Then they also pull the disk out, and I saw how they do the disks. The disks actually, it's almost like a chain of custody the way that they do it. But They walk them over, they put them in locked containers. There's a two-people custody rule type deal, and they take these things and then they come in and they wipe them and then they basically shred these disks up afterwards. It's kind of crazy. They do the full encryption like the DOD does, where they wipe the disk over and over and over again, and then after that, they destroy the disk when they're done.
Dan: Oh gosh.
Vince: And I mean, they literally munch them up into little pieces and stuff. It's crazy.
Sam: And powder. Yeah.
Dan: So there's was just no way they're going to get information outlaws.
Vince: Oh, no. Correct. The security involved there is there's a log chain of custody on every single drive. That way, you know as a client, if you put some sensitive information, a customer of Microsoft cloud, that you put some information on a server up there, even when that server has lived its life span, that your data is still protected and that it has been completely destroyed with evidence from Microsoft to say, " This has absolutely been destroyed," because a lot of people don't even think about what happens. " I'm going to buy this server now. I'm going to put my QuickBooks on there, or my Sage on there, or my ERP software that I have for my locksmithing company, whatever that is." But while they're not thinking is, " Okay, well maybe in five, seven years, I'm going to replace this thing." But you also have to think through, " What am I going to do with this when I'm done?" Because it's had all of this very important information on here until now, which is why when we wipe a laptop, one of the things we talk about is we do a DOD wipe on it. And that's the reason why is because the DOD, the Department of Defense, has decided if you're going to wipe a hard drive, it's not enough just to say, " Format my C drive and now I'll put this on eBay, see if I can get a couple of bucks for it," because it is super easy to retrieve that data from a formatted hard drive. And so Microsoft's going to jump through all of those steps, so you don't even have to worry about it when you're getting a cloud server versus thinking about buying one for your own.
Dan: Wasn't it you can make sure the company is hooked up to the cloud and they're secure and you can take care of all of that for them.
Vince: Yes, we set up that VPN connection for every single one of our clients. We set them up with an Azure tendency with a failover to it with backups to it. But we set up a VPN connection directly from their firewall, directly into Azure. And so any communication they have is also being completely encrypted so that the data is encrypted while it's at rest, while it's just sitting there, but it's also encrypted in transit while it's moving back and forth.
Dan: Good. So they can sleep at night knowing their information is not going to be compromised.
Announcer: **crosstalk** Bit-Wizards. What's up our sleeve?
Vince: That's all right. We're going to continue to do talk about the cloud cause that's sort of our theme today.
Vince: And when I look at the cloud and we talk about what are some of the benefits. So let's just recap. So Bit-Wizards, we utilize Microsoft's global Azure cloud infrastructure to help scale businesses in a cost effective way. And Azure, just to kind of re put is a global cloud network of server services, wire security infrastructure that provides mass computing at scale and minimizes your physical infrastructure on premise at a lower total cost of ownership. And so some of the initial things to think about is that it changes how you purchase things. So, for example, Azure is is what we call an operations and maintenance funding model, right? So you basically, it's like leasing or renting the servers or the space versus what you do when you buy equipment on premise, on when you buy equipment on premise, it's a capital purchase. I go out, I buy a computer, I pay $5, 000 for it, I go and I put it in structure, and then I depreciate it over some period of time.
Dan: That's your hardware. Gotcha.
Vince: So in this particular case, you don't have to worry about that. Microsoft takes care of all that. They buy the physical hardware, they provide the infrastructure and you basically, for lack of a better way, you rent or lease the-
Dan: The service, yeah.
Vince: ... services and the things that are on there. And it's based upon compute cycles and it's based upon storage and it's based upon bandwidth. So you pay based upon metered services, much like what you do for your water or for your electricity or lights.
Sam: This is a really great thing for everybody, because what you're doing is you're taking capital expenses and turning them into operating expenses. And this is important for any business because, as we know, cash flow is king.
Sam: And so when it comes time to say, " Okay, we're going to need this new piece of software." I was just having a conversation with somebody about this yesterday. It's not just the cost of the software because that might be a couple thousand dollars. Let's say this program that my company needs is $4, 000, but then turns out it's also another $6, 000 a year for the support contract that goes with it. And then I also have to have a minimum set of specs for my server, and I go price that up and now I need to have those servers, so if one of them fails, now we're talking $20,000 worth of hardware, so now I've got to figure out, go sit down with a bank manager somewhere and convince him to let me have the money to go ahead and do all of this. Whereas with Azure, we can start without needing any of that up front. We can test it out on something as small as 30 bucks a month with no upfront costs at all, and then determine, " How much do I need to scale this up or scale it down?" And it completely changes your model because you're only paying for what you're going to use. So here's no really buyer's remorse here because if you don't like it, you get rid of it and you don't pay for it anymore.
Vince: And the nice thing about this is this allows your computing resources to scale with your business. As you add more people, you can scale up. Or if you have a business, its unpredictable cycle or a predictable cycle, where, like for example, during Christmastime, you're going to need more computing access because you're running an eCommerce site because more people are buying stuff on that Thursday right after Thanksgiving, right? Or that Friday after Thanksgiving.
Vince: You can scale up the resources then and pay for as you use them, and then scale them back down for the rest of the part of the year.
Dan: That makes a lot of sense.
Sam: You can also, you can get creative with it. One of the things we do with some of our clients is they're not using their server after hours, so we shut it down for eight hours a night, their cloud server, let's just say. It's being billed the minute. Actually, I think a lot of these being billed by the second now, like they're tracking how many seconds you've used it and they bill you for that. So if we shut it down for eight hours at night, you just cut the cost of that down by a third, instantly, because out of those 24 hours. You can't do that. If you go by your own server. You've already paid for it and you're going to be paying for it for the next couple of years and you can't adjust that. But with a cloud resource, you can do some creative things to say, because I can scale it up and scale it down on the fly that for four days out of the week, it hardly does anything. So I have it doing just the bare minimum. But then on Fridays, it's a big day for us, when all of our shipping goes out and all of our orders are coming in. We can, on the fly, scale that thing up to be a little bit faster, a little bit beefier, and then scale it back down again. And that way you're only paying for what you use as you go.
Dan: Oh, that's good information to know because oftentimes, people aren't usually at 24 /7.
Sam: That's exactly right. So you only pay for what you use.
Vince: So you're getting reduced costs, you're getting greater scalability, you're getting faster deployment and then there's some other benefits that go along with it. It's environmentally friendly because, let's just say that at these global data centers, it's all about power and power usage and the environment. And so what they're trying to do is, it's power usage of energy. How much they use? They try to get that as low as possible because they're trying to lower their overall total cost, so they're doing a lot of different things. For example, Google is looking at putting containers underneath the sea so that it provides the cooling. So they're looking at better ways, and it is environmentally friendly and they're trying to keep the cost down, because power usage is one of the biggest costs to you beyond the fact of your actually buying the computer, that power usage and they use a lot. The other part of it is business continuity. So, for example, when you store something in Azure, they have redundant copies of the different files there. So for example, if I put a file up there, it has six copies and it has them distributed over different computers. That way, if one of these hard drives on one of these systems fails, there's always another backup that's already there. You're only paying for the one, but it's actually got those six copies already out there replicated for you. And then there's providing that redundancy and that business continuity. Also, Microsoft has, as well as Google and Amazon, they have these globally redundant data centers. So they have your stuff stretched between the different data centers. So while you might hear about a cloud outage, that is true, they are often put over to other data centers. For example, when one of the hurricanes came up the East coast, they actually transferred a good portion of almost all of the computing resources from one of the data centers that was closer to the East coast over to the middle part of the country.
Vince: So there's disaster recovery and business continuity built in. We've already talked a little bit about the security, but the last thing is improved compliance. So some of the things that you want to be able to do, or the businesses might want to do, are already built into Azure. For example, the Microsoft data centers are ISO 2001, they're SSAE 18 SOC 2 compliant. There's a number of HIPAA, that's another one that you'll hear about, or PII, personally identifiable information or PCI compliance. Those are all compliance measures that are already built in and they list those out there. They're regularly inspected, they're regularly kept up to date. And when you put your data or you put your information there at those centers, you get to piggyback off of those specific certifications and add them to your own internal measures.
Dan: So with the different types of information, is HIPAA the same as the medical HIPAA that I'm aware of?
Vince: Yes. Yes.
Dan: Okay, so medical information as well as your business information, personal information, all in different clouds.
Sam: So if you have to be HIPAA compliant, you have to store your physical files in a certain secure manner, but you also have to secure any digital records of those in a certainly secure manner. And every time you go to a doctor, they make you sign a piece of paper that says who is allowed to see your medical history because this is such a heavily, heavily moderated compliant industry.
Sam: So if you're going to store this but you have to be HIPAA compliant and you've got these files, and now you've got to get your files over to somebody else and you're starting to think, " Well, I could just stick it on this thumb drive I bought a the Walmart checkout for eight bucks Or I could, I don't know, maybe I could email it from my Gmail to somebody else's Yahoo email." And you're thinking all through these things. When we talk about compliance in the cloud, we have documentation from Microsoft saying that if you store your data in this manner in our cloud, it will 100% be HIPAA compliant. You can get audited and we'll provide you all of the paperwork that will show you why your data is specifically secured here. And it is an easy way for small medical facilities to get themselves HIPAA compliant and not worry about an audit taking them out of business.
Dan: Oh yeah. Just because I wasn't a medical community for a while, that is a big, big deal. They can shut you down for that.
Dan: So if you keep this compliant, then you have no worries.
Sam: And every industry has some sort of level of compliance for the most part. I know not too much, but if you're dealing with credit card information, then you already have some PCI compliance that you have to be compliant with. If you're doing any kind of government contract work, or even sub contracting for a government contractor now, there's a new compliance law coming out, CMMC, the cybersecurity maturity model certification plan, that just rolled out a week or two ago. There's all of these levels of compliance, and one of the easiest way to take care of a large chunk of this is to find somebody who's already got a lot of those certifications taken care of, like Microsoft Azure, and say, " Well, let's leverage that for our own advantage."
Dan: That's got a ton of information, and no doubt that's wasting more secure than it is in Washington DC, because you don't have Adam Schiff leaking all the information out. So you have, it's all completely secure there.
Sam: It is. But you can't take out the human element on anything. There's always a Julian Assange or somebody that's-
Dan: Well, there's those guys, too. That's right. But this is a way for businesses to keep secure and you guys can help them. At Bit-Wizards, you can help them keep everything, all the information secure, so they don't have to worry about this. The backups, the cloud, everything.
Sam: Yeah. We try to give people peace of mind so that there's no reason for anybody to be uneasy about the cloud, because Bit-Wizards, as your MSP, we manage and monitor the cloud resources in real time, in addition to the ones that are already built into the way Microsoft delivers those services. And you can let us deploy you to the cloud with confidence and not have to worry about it. And just to let you know, one of the things that we do is provide around the clock and end to end visibility into the performance of your cloud services and your IT infrastructure. And with that, we probably ought to talk a little bit about some of the terms today.
Dan: Oh boy, here we go. Here's the stuff.
Announcer: Bit-Wizards from the spell book.
Sam: So we're going to try to cover here quickly, there are three types of clouds that are out there. The first one is a private cloud, the second one is a public cloud and the third one is a hybrid cloud. And I'm going to turn it over and let Sam talk about these. [crosstalk 00:24:56].
Dan: He's a cloud master.
Vince: Yes, that's my profile on LinkedIn is cloud smith these days, I don't know.
Vince: I just thought it was better than cloud monger. I don't know.
Dan: I don't know. I kind of like cloud monger.
Vince: So, a private cloud is where you would put your data, cloud is typically you putting your information, your data, into somebody else's data center. And a private cloud is typically a smaller private internal network, maybe a local computer company that has some servers at their location, and they're basically saying to you, as a client, " You don't need to go out and buy some servers. You can store some of your stuff on our servers and we'll give you access to those servers when you need them and we'll just charge you on a monthly basis for that." This often works well for larger enterprises who have their own internal, in house IT support because they can build their own private data center to be their private cloud. It often doesn't work very well on a local level, only because the economy of scale that a small IT company in a local area can't possibly be able to purchase servers at the kind of scale that someone like Microsoft or Google can. And so they can't really disseminate that price across as many clients either across the board.
Sam: And just to piggyback on that, with the private cloud, there are also private clouds within the public cloud. So for example, the Department of Defense network that that is being built through Azure.
Sam: They're actually separating that from the public cloud into a private cloud specifically for the Department of Defense. So imagine those shipping containers I talked about. They've got a separate set of shipping containers, they've set up for the cloud computing for specifically for the DOD, and they're tied into that main network, and it piggybacks off of the resources that are there and is separate and distinct.
Dan: That makes sense. I mean that's national security. So that makes great sense.
Sam: Right, so it's a private cloud within a public cloud, because the public cloud is one of the main cloud services you've heard of. Let's find any computer services offered by a third provider over the public internet and it makes it available to anyone who wants to purchase space on it. The big ones in the game are definitely Amazon's AWS, their Amazon Web Services, Microsoft Azure. And then, by quite a distant third, is Google's cloud in that platform as well. And then you just rent from them from different models of how you want to rent that space on their clouds. But that's the public cloud. And then, probably the biggest one of the three of these, though, is the hybrid cloud. And the hybrid cloud is where you still have some of your infrastructure on premises in your building and some of it in the cloud. And we set up a hybrid scenario for you because it's better on gas where you can have, this is a different hybrid.
Sam: Where you can have in some of your resources on premises and some of them in the cloud and shift them back and forth as it makes the most sense financially and security and speed wise.
Vince: And this is where we use that VPN, too, that we talked about.
Dan: I was going to say.
Vince: The hybrid cloud scenario. So we attach, you know your on premise resources, or what we call your local resources, to your hybrid cloud.
Dan: It makes sense because you've got infrastructure on both ends, so it's got to talk to each other securely.
Vince: And a lot of people say, " You know, I know one day we're going to have to go to the cloud. I know it is the future." And I got to say it is, it was the future five years ago, 10 years ago.
Sam: 10 years ago.
Vince: It has already been the present for three or four years now, at least, I look at it like electricity. We worry about it and say, " Oh, I got to own it." You don't own. You don't generate your own electricity in your building. You're more than welcome to lease that as a service from somebody else. It is getting to the point here with computing to say, " We can treat it the same way."
Dan: Okay. Very quickly. You're going to have to endorse your client right now.
Vince: We want to say a big thank you, shout out, to our customer, Sandestin Investments. They're out in a Sandestin. They have golf and beach resort. They have the cottage rental agency out of Seaside. The Palms of Destin is part of that. Silver Shells. They've got four championship golf courses and a world-class tennis facility. A marina there, 98-slip marina, fitness center, spa, all of that. If you've been out in that neck of the woods, you know Sandestin Investments. We have been working with them on a network improvement project for them, just the last couple of days. We are so, so blessed to be able to work with fantastic clients like this. We want to thank the Bicknells, and just all of the fantastic people over Sandestin Investments.
Dan: Sam and Vince, thanks for coming in. You're talking so fast.
Vince: Thank you.
Dan: Way to go.