Business Intelligence Info - What's happening in the BI World

Budderfly raises $55 million to cut companies’ energy bills

June 25, 2019 Big Data

Budderfly, which aims to bring corporate customers energy savings without out-of-pocket costs, today announced it has raised $ 55 million in a growth equity and debt funding round led by Balance Point Capital, with participation from Connecticut Innovations. The fresh funds follow a $ 22 million funding round that included Edison Partners and the state of Connecticut (via the Department of Economic and Community Development). CEO Albert Subbloie says the money will fuel the startup’s go-to-market efforts and accelerate its product growth.

“Successful energy management is a real problem for most organizations, due to the complex and fragmented nature of the energy space. It is a daunting challenge for companies to navigate and implement energy efficiency measures with the many and complex energy savings solutions being offered by hundreds of vendors. We make it simple,” said Subbloie. “Our service combines accurate point of consumption measurement and controls with our energy efficient infrastructure upgrades, maintenance, expertise, and monitoring to provide a one-stop, single vendor energy management solution that delivers real savings to our customers.”

Shelton, Connecticut-based Budderfly’s “energy efficiency as a service” model aims to address the roughly 30% of power used in commercial buildings that’s lost to inefficient infrastructure — equating to nearly $ 60 billion annually. (Researchers at MIT estimate that office structures account for 20% of all U.S. energy usage). The company’s solution combines over 30 savings categories, such as monitoring, maintenance, and upgrades like LED lighting, solar and battery solutions, insulation improvements, and environmentally friendly HVAC systems, as well as custom-designed internet of things (IoT) sensors, temperature and refrigeration controls, and renewable energy sourcing.

Budderfly pockets a portion of the resulting savings, but provides the upfront capital for these installations and maintains all devices and software used to reduce inefficient consumption and bring down energy bills. It also handles electricity bills and payments and delivers “continuous” technology and energy upgrades, in part through proprietary connected sensors that meter and report on power use.

Budderfly says it has contracted nearly 1,000 locations across North America to date, including office buildings, retail stores, restaurants, schools, recreational buildings, and health care facilities. Over the next 10 years, it hopes to manage over $ 3 billion in customer energy spending.

“Energy management is complex and fragmented, and Budderfly solves companies’ energy challenges and achieves tangible cost savings. Budderfly has done a terrific job bringing their holistic energy management solution to market and accelerating growth,” said Edison Partners general partner and Budderfly board member Gary Golding. “Their leadership and industry-changing technology makes them a great fit in our enterprise software-as-a-service portfolio.”

Sign up for Funding Daily: Get the latest news in your inbox every weekday.

Let’s block ads! (Why?)

Big Data – VentureBeat

Goodbye Spreadsheets, Hello Industry 4.0: Continental Standardizes Manufacturing Processes

June 25, 2019 SAP

Continental is one of the world’s largest producers of automotive components for passenger and commercial vehicles.

The company develops pioneering technologies and services for sustainable and connected mobility of people and their goods. Founded in 1871, the company offers safe, efficient, intelligent, and affordable solutions for vehicles, machines, traffic, and transportation. Products include internal-combustion, hybrid, and electric power trains, injection, chassis, and brake systems, and innovative electronic systems for connected cars.

With about 245,000 employees in 60 countries and markets worldwide, Continental is a truly global organization, but when the company wanted to standardize manufacturing processes and seize the advantage in the area of smart manufacturing and Industry 4.0, it had the good sense to start small.

A test case for digital transformation

One of the company’s business units is acting in the field of air-spring technology – making the vibration absorbers used in cars, trucks, rail vehicles, and industrial machinery. Operating worldwide, this business unit is now serving as a test case for digital transformation.

The project at Continental is led by Hendrik Neumann. He says its air-springs unit ran multiple manufacturing execution systems from different vendors. “We had a lot of manual process steps,” he says. “A lot of paper and spreadsheets, too. There was no real-time global visibility into manufacturing.”

This state of affairs also impacted workforce staffing. Non-existent support for multiple languages made it difficult to move employees around. At the same time, Continental was in competition for suitable, highly qualified personnel, such as engineers with the skills to maintain and further develop a highly customized, heterogeneous system landscape.

The journey to the smart factory

What Continental sought was a single, standardized manufacturing executions system with comprehensive functionality, capable of digitalizing shop-floor processes while running on a global scale. As processes varied across plants and locations, Continental also wanted flexible configuration for modeling the way air springs get made from plant to plant.

Integration was important. “We wanted to integrate with our ERP application and the in-memory computing database – both of which we run as a company,” says Neumann. “We also knew that our transformation would pivot on machine integration and data visibility, which is why we wanted a bi-directional flow of information – from machines to the system and back again.” This required a system that supports Internet of Things (IoT) technology for digesting, managing, and analyzing machine sensor data – and using this data to automate processes.

The ultimate objective is nothing short of the smart factory. Neumann talks about paperless and spreadsheet-less processes, data visualizations that reveal insight, and intuitive interfaces that minimize training. “We want KPIs that report on automated processes so that our teams are free to focus on other activities,” he says. “We’re also aiming for analytics on demand, integrated with business processes, so that we can take action in the here and now. More sensing and responding, less meeting and planning.”

Small means small

This is a solid vision – but first, Continental needed to move forward with the new manufacturing execution system. Continental chose to deploy a manufacturing execution application.

According to Neumann, Continental decided to focus the implementation on the five facilities responsible for the majority of production. These include its Hannover and Hamburg plants in Germany as well as plants in Mexico, Hungary, and Turkey.

If starting small was a guiding principle for the implementation, Neumann’s team executed according to plan. “At first, we focused our efforts on a single machine in a single production area of our plant in Hannover, Germany,” Neumann recalls. “From there, we were iterative, building on successful go-lives in succession.”

Eventually, the team was up and running on numerous machines spanning a complete production process for air springs in the Hannover plant. “Based on our efforts in Hannover,” says Neumann, “we formed a template for implementing elsewhere.”

Plants serving Continental’s air springs business run a variety of production processes. For this reason, Neumann and his team are following a process-by-process approach rather than plant-by-plant. “When one production area is moved to the new system, we replicate it across facilities,” Neumann says.

Configuration first

One goal for Continental is to keep to the standard code base as much as possible. This will help minimize complexity and maintain the ability to consume future innovations based on the standard.

Thus, when it comes to meeting unique needs for individual plants (needs that may have to do with regulatory compliance or serving niche markets, for example), Continental has remained committed to configuration over customizations.

“We’ve found that for the vast majority of cases, we’re able to model the process in the software,” says Neumann. “In the rare cases where we’ve had to develop customized code, we’ve done it in a standardized way so that the same customizations are reused across plants.”

Standardization and transparency

Today, while Continental is still in the process of rolling out its new manufacturing execution system, the company is already bringing its vision for Industry 4.0 into sharper focus. Digitization of the shop floor is now underway. “IoT sensors now connect our machines to our system and processes,” says Neumann. “And all of it is based on a foundation of standardization and transparency.

Standardization can be seen as a synonym for simplicity. By bringing uniformity to processes across plants and locations, Continental’s new manufacturing execution system reduces landscape complexity and, thus, costs. This makes it easier to shift manufacturing workload to different plants – helping to maximize the productivity of employees who can now jump from process to process (rail, trucks and buses, industrial machinery) with minimal training.

The system’s rollout has been standardized, too. The template approach speeds implementation by introducing standard functionality across all plants – while still accommodating unique circumstances with flexible configuration. “Our templates are like Legos,” says Neumann. “We design the process once, and then implement it in pieces. If a piece needs to be added to meet local needs – a rare occasion – we hardly break our stride.”

Transparency can be seen as a synonym for data visibility. At Continental, improved data visibility means global track-and-trace capabilities – down to the individual product level. “We put rubberized labels on all of the parts,” says Neumann. “I can tell you when the part was made, which plant produced it, what materials were used, and much more.”

Uniform data also adds to the transparency. Based on a single source of manufacturing truth, Continental can visualize data from KPIs to better understand what’s happening on the shop floor in real time. It can also generate standardized reports – all within the system without the mess and complexity of spreadsheets.

“Spreadsheets are probably the number one manufacturing execution systems in the world,” Neumann jokes, “but this is no way to get to Industry 4.0. Today, we have a single version of manufacturing truth that allows us to compare plant to plant and understand exactly where we stand.”

Next stop, Industry 4.0

All of this is a good start on the route to Industry 4.0, but what are the next steps in Continental’s journey? Topping the list is predictive quality. “With machine learning, we can detect quality issues before they impact production,” says Neumann. “This can save us tremendous resources – while also improving the customer experience with our products.”

These are the kinds of moves that will continue to push Continental toward becoming an intelligent enterprise in an Industry 4.0 world. To learn more, download the IDC report “Leveraging your intelligent digital supply chain” and follow me @howellsrichard.

Let’s block ads! (Why?)

Digitalist Magazine

14 Frequently Asked Questions About Microsoft Dynamics 365 Field Service

June 25, 2019 CRM News and Info

Dynamics 365 Field Service is a powerful addition to the Microsoft Dynamics 365 family, bringing amazing benefits for field service management. It can solve the top challenges faced by the modern field service organization.

Read: Top 5 Challenges of Field Service and 10 Ways Microsoft Dynamics 365 Can Help

From a more technical perspective, these are the key takeaways from a recent session by the Crowe CRM team:

Field Service Work Order and Scheduling

Q1: What is a Work Order? How is it different from a Case?

A: A work order has information on what work needs to be done. It is the set of instructions for the Field Technician to follow.

It is used to coordinate and schedule resources and activities. It can be used for different types of work, such as installations, repairs, or preventive maintenance.
It is usually created from an agreement, a Case, or on its own. Once the work is complete, it is reviewed and approved by a manager.
A Bookable Resource in Field Service is anything that needs to be scheduled. This most commonly includes people, equipment, and physical spaces.

Q2: What are Incident Types in Field Service?

A: These are types of issues which a customer reports based on work order. It includes all the necessary service tasks, products, services, required skills, and estimated work order duration. This is an essential parameter, from a management and worker point of view, for analytics.

Q3: What are Time-Off Requests in Field Service?

A: If one of your field technicians is going to be on vacation, it’s essential to log the request so that a dispatcher can see the time-off request on the schedule board when scheduling a work order.

Q4: What are Work Order Types in Field Service?

A: Different work order types are created to reflect the different types of work that your company offers, such as inspection, installation, etc.

Q5: What is Resource Scheduling? How can Scheduling be done for a ‘Bookable Resource’?

A: Scheduling enables organizations to regulate interactions between customers and company resources. For scenarios where the customer is expected to travel to the company’s location, the facility scheduling feature can coordinate physical spaces and related resources.

The Dispatcher or scheduler is responsible for ensuring that work orders (or requirements) are matched with the right resources in order to create bookings in a given time slot
A manual approach would be to drag and drop requirements to resource time slots.
A fully automated approach would be to adopt Resource Scheduling Optimization (RSO) that automatically schedules requirements to the best resources based on predefined rules.
A semi-automated approach would be to use the Schedule Assistant tool that recommends available and most appropriate resources.

Q6: What is a Schedule Board? How can we track resources on it?

A: The Dynamics 365 for Field Service schedule board provides an overview of resource availability and bookings you can make. Before you use the schedule board, it is important to set up the views and filters to your preference.

Q7: What is Resource Scheduling Optimization? Do I have to pay extra for it?

A: Resource Scheduling Optimization (RSO) is an add-on capability for the Dynamics 365 for Field Service application that enables you to automatically schedule work orders for the most appropriate resources by optimizing bookings for the shortest travel time, available work hours, and many other constraints.

This add-on evaluates routes and automatically schedules bookable records to minimize travel time and maximize working hours and more based on your configured objectives, such as “minimize travel time” and “maximize working hours.”
This is not available in Trial Instances. You need to purchase an RSO Add-on, and its cost is $ 30/user/month. Also, you should have at least one purchased D365 Enterprise Edition license.

Q8: What are Agreements in Field Service? How are they different from Entitlements?

A: An agreement in Dynamics 365 for Field Service provides the framework to automatically generated work orders and invoices. They are ideal for preventative maintenance-type work.

An agreement allows you to choose how often work orders will be generated (for example, daily, weekly, monthly, or yearly) and the details of the work order (such as incidents, products, services, and service tasks).
Entitlements for work orders allow field service organizations to dynamically apply price lists and discounts to work order products and services based on work order attributes and date range factors. This parallels how organizations might offer case entitlements in Dynamics 365 for Customer Service.

Field Service Mobile App

Q9: What is the Field Service Mobile app? How can it benefit organizations?

A: Field Service for Dynamics 365 brings the power of field service with smart scheduling and resource management to mobile devices. The Field Service Mobile app gives field technicians the information they need to get to a customer location and complete work orders quickly.

Q10: Where can I get the Field service mobile app?

A: To get the mobile app, search and download Field Service Mobile by Microsoft from Windows, Apple, or Google Play app stores. Field Service Mobile requires Field Service versions 7.5.5 or 8.2+.

Q11: Which pre-settings I would require to use the Mobile app?

A: Before field, technicians can use the Field Service Mobile app, a Customer Engagement administrator needs to install the Field Service Mobile configuration tool and related mobile project.

You need to install the Woodford solution for Dynamics 365 (by Resco) prior to using the Field Service Mobile app.

Q12: Can I use the Field Service Mobile without Internet Connection?

A: Yes! Field Service Mobile (mobile) lets you work online or offline. Online mode requires an Internet connection; offline mode does not.

The system administrator configures the app to sync when it launches, when information changes, or every few minutes.
When you’re working online, information continuously syncs with the server, so you don’t need to sync your device manually. To work offline, simply tap the offline button.
When you’re working offline, the information you need is downloaded to your device.

Q13: Can a Field Technician use it to complete a work order?

A: The Field Technician can deny/accept a work order, see the location of work order on a map, update work order details, add notes, pictures, recordings, and even create a follow-up booking if the customer is not satisfied. The technician can also close the work order after taking the customer’s signature once the job is done.

Microsoft Dynamics 365 Field Service

Q14: How much does the Field Service module cost?

A: The Field Service costs $ 95. per user per month. The Remote assist for Field Service mobile (an advanced add-on for the mobile app) comes with a price of $ 65. per user per month. The basic customer engagement plan that’s mandatory with Field Service comes with a price of $ 115. per user per month.

If you are interested in evaluating Microsoft Dynamics 365 Field Service contact us online, at 877-600-2253 or [email protected].

Find out why Crowe should be your Microsoft Dynamics 365 specialist.

By Uma Kaliaperuma, Crowe, a Microsoft Dynamics 365 Gold Partner www.CroweCRM.com

Let’s block ads! (Why?)

CRM Software Blog | Dynamics 365

TIBCO NOW Day 2: Turning Data into Success

June 25, 2019 TIBCO Spotfire

TIBCO NOW day two in the Windy City has concluded, but the messages shared and relationships forged will continue to inspire innovation everywhere. Thursday morning was all about being Better Together, with the breakout sessions dedicated to customers from a variety of industries sharing their experiences with TIBCO solutions.

The Imperative to Innovate

The General Session continued the theme, with keynotes from TIBCO’s Dan Streetman, CEO, and Steve Hurn, executive vice president of global sales, discussing the importance of creating an inviting culture of partnerships and aligned goals. “We have the imperative to innovate,” Streetman stated. “Culture includes leadership. We’ve got to continue to evolve our strategy, and it’s going to start with culture. We have a tremendous heritage of innovation.”

Streetman went on to highlight a number of partnerships near and dear to TIBCO, detailing how proud we are to be instrumental to their success. Part of TIBCO’s sponsorship of the Formula One Mercedes-AMG Petronas Motorsport team includes equipping the team with data analysis software that helps them analyze car and driver performance. “TIBCO technology and TIBCO data scientists are embedded in every aspect of this team,” Streetman exclaimed.

Another relationship we’re proud of is Grupo Xcaret’s usage of TIBCO solutions to turn their properties into the ultimate customer experience. Streetman “Xcaret uses TIBCO Data Science and TIBCO Spotfire to see their parks in real time, and by doing so they are able to create phenomenal customer experiences.” To read more about Xcaret, read the Trailblazer Awards blog, as Xcaret received this year’s Visionary Award.

Sometimes, TIBCO customers do much more than provide great experiences—sometimes they save lives. The University of Iowa Hospitals and Clinics is one such customer. At a time when many hospitals accepted the fact that 1 in 20 patients would develop infections during their stay, Dr. John Cromwell, associate chief medical officer at the University of Iowa Hospitals and Clinics, decided to do something to change those odds. By looking at a variety of factors that could indicate the likelihood of infection, and employing TIBCO Data Science to analyze those factors, the hospital system was able to reduce the amount of operating-room infections by 74% over three years.

All three examples are brilliant cases of collaboration, where culture, strategy, and technology are leveraged to drive innovation everywhere. Before leaving the stage, Streetman reiterated one of his most popular quotes from the previous day, reminding the crowd, “if you want to go fast, go alone. If you want to go far, go together.”

Glued Together by TIBCO Technology

Customers and Partners occupied the mainstage for the duration of the General Session, beginning with Goya Foods’ Head of IT Suvajit Basu. Basu shared how Goya has grown from a small family-owned business into the fastest-growing Hispanic food brand in the United States. While the company had done well on their own over the past 80 years, they had a new, lofty goal of doubling that success in only 8 years.

“We felt the need to integrate at our core, so we chose to go with the best enterprise integration platform out there. We are glued together by TIBCO technology,” Basu stated. We’re glad we can play a role in the motto, “If it’s Goya, it has to be good.”

Innovate to Make an Impact

“To be relevant, innovation has to impact a challenge or help a community,” said Equifax’s David Ferber. Which is why the company’s next step in its digital transformation is focused on helping people live their financial best.

Equifax turned to TIBCO in its quest to help customers access credit. In order to do so efficiently, the company needed to build an analytics platform that integrated all of its data assets. By removing data silos and maximizing data value, Equifax was able to show credit lenders how to improve credit granting practices.

The Digital Transformation is Not Optional

Caesars, this year’s Transformer Trailblazer Award recipient, proved that even an industry that’s been around for thousands of years—gambling—has to continuously innovate in order to remain relevant. “Behavior has changed, and technology dominates,” said Les Ottolenghi, executive vice president and chief intelligence officer at Caesars. “The digital transformation is not optional.”

Similar to Grupo Xcaret, Caesars understands that guests want to be fully connected for the best customer experience, and doing so means focusing on culture. “The experience needs to be different, exciting, and fun—it needs to be immersive and in real time,” Ottolenghi explained.

With the help of TIBCO, Caesars provides guests an integrated experience where they feel safe, valued, and as if their digital sovereignty is a top priority.

Helping Customers Focus on Innovation, not Infrastructure

Official TIBCO partners also shared strategies and successes with the audience, further verifying the idea that we are Better Together. Prashad Joshi from Infosys, one of TIBCO’s longest-standing partners, explained that because industries are digitizing faster, and enterprises are transforming at a scale and speed to match, there is an urgent need to reconsider strategy. “We went from solving problems in small R&D groups and siloed focus groups to identifying problems in innovation at every level, by listening to every end user.”

AWS also outlined their strategy for working together with TIBCO in order to improve customer experience. “We usually encounter customers early on in their digital transformation path. We press them to find out what is core to them, what is their superpower,” explained Bill Marozas. By helping people discover that faster, they can focus on their own innovation, rather than their infrastructures. “We’re trying to pave the road so customers are able to self serve better and so partners are able to deliver solutions to them more effectively.”

For more on TIBCO partners, check out the TIBCO NOW Partner Summit Recap blog.

Beyond the Keynotes

The afternoon on the final day of TIBCO NOW was jam-packed with more Breakout Sessions, Certification exams, and Hands-On Labs. The day didn’t end there, however. The crowd moved into the Technology Hub for one final opportunity to share a drink and a bite with colleagues, sit behind that Mercedes F1 simulation wheel, and hop on the TEAM TIBCO bicycle to square up with our professional cyclists.

Thank you to all who joined us on our American leg of the 2019 TIBCO NOW Global Tour. We look forward to seeing many of you in London this fall and our continued quest to be better together.

Check out our recap of day one in Chicago, or visit now.tibco.com to learn more about the final stop on our tour, London. For real-time updates, follow us on Twitter and Instagram, and use the hashtag #TIBCONOW to spread the word.

Let’s block ads! (Why?)

The TIBCO Blog

Everything You Need to Know About the Wayfair Decision and How NetSuite Can Help

June 25, 2019 NetSuite

Everything You Need to Know About the Wayfair Decision and How NetSuite Can Help

Posted by Kendall Fisher, Executive Producer and Host of The NetSuite Podcast

After the Supreme Court’s Quill decision in 1992, e-commerce companies were not required to charge sales tax in states where they did not have a physical nexus. This resulted in two major issues with the explosion of e-commerce over the last decade: 1) Brick-and-mortar stores had a major disadvantage because they had to charge sales tax, while online retailers could sell the same goods tax-free, and 2) States were losing out on billions of dollars in tax money—at least $ 13 billion, to be exact.

But this all started changing a year ago.

In June 2018, the Supreme Court overruled the Quill decision in South Dakota vs. Wayfair, citing the immense growth of e-commerce over the previous 26 years. The case involved three large e-commerce companies (including Wayfair) that challenged a South Dakota law requiring online businesses to charge sales tax if they generated $ 100,000 in sales or processed 200 transactions from South Dakota residents. The Supreme Court ruled in favor of South Dakota, making it legal to set such thresholds for collecting taxes on online sales.

This opened the floodgates for other states to follow suit. Today, 42 states have e-commerce tax laws and many adopted the same thresholds as the original South Dakota law.

So, what does this mean for your business?

On this episode of “The NetSuite Podcast,” Oracle NetSuite Content Manager and expert on the topic, Ian McCue, breaks down the Wayfair decision and what companies need to do to comply with the new laws. Other than hiring a tax expert to help monitor all of the various laws (and any future changes to them), McCue suggests companies invest in a business management solution—like that of Oracle NetSuite—that supports or partners with tax automation software to collect the data necessary to calculate the tax rate and comply with differing laws across states.

[embedded content]

This type of visibility is key to continued success for online companies as ignorance is no longer a valid excuse, McCue says. States have already begun collecting back taxes, which can have a huge impact on the health and survival of a business.

Listen to the full episode to hear all of McCue’s insight and advice regarding the Wayfair decision on Apple Podcasts, Soundcloud and YouTube.

Posted on Mon, June 24, 2019
by NetSuite filed under

Let’s block ads! (Why?)

The NetSuite Blog

BRITS HAVE FORGOTTEN HOW TO DEFEND THEMSELVES?

June 25, 2019 Humor

Sounds like it given this story.

Alka-Seltzer tablets sometimes work.

BRITS HAVE FORGOTTEN HOW TO DEFEND THEMSELVES?

An English couple said they were unable to leave their house for nearly a week because seagulls tried to attack them every time they left.

Roy Pickard, 77, and his wife, Brenda, 71, claimed that two herring gulls — who have two chicks living on the roof of their home in Knott End-on-Sea in Lancashire — chased after them when they tried to go somewhere in a nightmare scenario.

“I’ve not been able to go out of the front door,” Roy told The Telegraph in an article published Friday. “If I try to get out of the door, the two adult birds are right there and I’ve got no chance.”

He added: “It’s genuinely frightening.”

“Thankfully, we have an integrated garage and I can get into it from the kitchen, open the garage door and drive out to get our shopping, but I have to leave the garage door open, which isn’t ideal,” Roy said.

A spokesperson for Wyre Council, the local government, told the news outlet that the gulls are protected while they nest, and said they sympathized with the Pickards’ situation.

“We have visited Mr. Pickard to assess the situation and have given advice on how he can deal with the gulls,” the spokesperson said. “For now, a solution is in place which will enable Mr. Pickard to take his wife to her private appointment.”

Let’s block ads! (Why?)

ANTZ-IN-PANTZ ……

Developing and Cultivating Strong Company Values

June 24, 2019 CRM News and Info

In today’s business world, we are accustomed to measuring the success of our organization based on factors such as growth, conversion rates, and how our overall results compare to those of our competitors. What many companies and leaders fail to realize, however, is that cultivating strong company values and promoting a healthy and thriving work environment contribute as much to their bottom line as securing and converting leads.

Your employees will ultimately help you get to where you want to be, so encouraging them to commit to your cause and remain loyal to your organization plays a huge role in motivating them to go above and beyond to get you the results you want. In fact, a study by Gallup found that teams with high engagement demonstrate a 21% increase in profitability (1). Plus, keeping your employees satisfied often leads to unintended benefits such as high employee retention, which will save you money in the long run.

An uninspiring workplace, in turn, can negatively impact your reputation in the community, lead to poor employee performance, and decrease your bottom line. Furthermore, if your prospective customers get word of your poor company culture, this can cause concern about your employee retention rates and your ability to deliver a great product or service in the future.

Still not convinced that developing strong values and a positive work environment can have a huge impact on your overall success? These tips will encourage employee engagement and satisfaction — and get you the type of results you crave.

Survey Employees to Learn What Matters to Them

An easy way to figure out what your employees value and how they perceive your brand is by simply asking them. Send out an initial survey form asking your employees to identify 3-5 values that are important to them in their current role. Using these responses, pick out the top 20 keywords/themes and send out a second survey to further narrow down your list.

After you’ve gathered employee responses from your second survey, have your leadership team or an appointed committee meet to analyze and interpret these results. From this list, pick 4-5 keywords or themes that will represent your company values and develop a strategy of how you will implement them into your work moving forward.

Ask Your Employees for Feedback

Transforming your workplace and cultivating strong company values isn’t something that will happen overnight. Occasionally, you might wonder if your efforts are having any impact at all. The reality is that some of the strategies you implement to promote this change will work better than others, and it’s up to you to figure out where it’s best to invest your time and effort.

A quick and easy way to determine what is resonating with your employees is by asking them to give you feedback through an NPS survey. At Act-On, we use AskNicely to survey both employees and customers about how we’re doing and how we can improve. Asking our employees to rate and provide feedback shows them that we care about meeting them where they’re at, and the insights they provide give us a better idea of how we can do that.

Identify How Each Department Contributes to Your Mission and Vision

Naming a few values that you feel apply to the work of your organization is not enough to promote a healthy and thriving work environment. If you truly want to gain buy-in for your new values, you have to encourage your employees to play a part in helping you realize those goals.

To do this, we suggest encouraging each of your teams to set apart some time to discuss how they see your company values reflected in their work, as well as what changes they think they can make to further promote them. From time to time, ask them to evaluate how they’re doing in terms of applying those concepts to their work and identify any areas for improvement. This practice will encourage your employees to feel connected to your company values and make them accountable for doing their part in promoting them across the organization.

Keep the Momentum Going with a Strong Internal Communications Strategy

One of the biggest contributors to dissatisfied, disconnected employees is that they feel as if they’re working in the silos. If you want to ensure your employees are happy and engaged, practicing good communication and keeping them in the know is crucial.

An easy way to do that is by implementing a monthly newsletter featuring company news and topics channeling organizational values that are of interest to your employees. If you use Act-On’s marketing automation, you can take your efforts a step further to track engagement and perform A/B testing to see what kind of content is resonating best with your employees — and then optimize your efforts accordingly.

The practical tips above will help remind your employees what you company culture is all about, why they should be proud to be part of your organization, and improve overall engagement. Let us know if you plan to implement any of these practices at your organization or if you have any activities that have served you well in the past.

Let’s block ads! (Why?)

Act-On Blog

The End of SQL Server 2008 and 2008 R2 Extended Support

June 24, 2019 BI News and Info

If you are not already aware, SQL Server 2008 and SQL Server 2008 R2’s extended support will end on 9 July 2019. Microsoft has communicated this end date for a while now, including this announcement with resources on how to migrate from these two versions of Microsoft SQL Server.

What This Means

Microsoft has a defined lifecycle support policy, but there are two separate policies at the time of this article. The one SQL Server 2008 and SQL Server 2008 R2 fall into is known as the Fixed Lifecycle Policy. Under this policy, Microsoft commits to a minimum of 10 years of support, with at least five years of support each for Mainstream Support and Extended Support. What is the difference between the two? What happens when Extended Support ends?

Mainstream Support

Under Mainstream Support, customers get support both for incidents (issues with the application or system) and security updates. In addition, a customer can request product design and feature changes. If there is a bug found that isn’t security related, Microsoft may choose to fix it and release an update. Microsoft has rolled up many of these fixes into service packs and cumulative updates over the years.

Extended Support

Extended Support ends the regular incident support as well as requests for product design and feature changes unless a customer has a particular support contract now called Unified Support. Microsoft will continue to release security updates but will not typically release updates for other types of bugs. SQL Server 2008 and SQL Server 2008 R2 are in the fixed lifecycle until 9 July 2019.

Beyond Extended Support

Without being part of the Extended Support Update Program, there are no more updates, security or otherwise for your organisation once extended support ends. Only if Microsoft deems that a particular security vulnerability is sensitive enough will they decide to release a patch even for systems that are now in beyond extended support status. Microsoft has released patches a couple of times for out of support operating systems, but it should not be something you count on. I will talk more about Extended Support towards the end of this article when discussing what to do if you cannot migrate from SQL Server 2008 or SQL Server 2008 R2 in time.

Compliance Requirements

Depending on what industry standard, government regulations, and laws that apply to your organisation, you may be in a situation where you will be out of compliance should you have unsupported software. This would mean you would have to participate in the Extended Support Upgrade Program, incurring the expense of that program.

Reasons to Upgrade

If you are like me, you do not have a lot of spare time to upgrade a system for the sake of it. In IT there is always more to do than there is time to do it. Microsoft discontinuing support is a reasonable justification, but I would hope to get more out of an upgrade and the resulting chaos that always accompanies such efforts than just staying in support. The good news is that by upgrading from SQL Server 2008 or 2008 R2, there are additional features that you can put to immediate use. These features do not even require touching any applications. In addition, newer versions of SQL Server include plenty of features that would require some modification but are worth considering. Here is a list of some of this new functionality:

word image 25 The End of SQL Server 2008 and 2008 R2 Extended Support

In Memory OLTP

Once upon a time, there was the DBCC PINTABLE() command, which allowed you to keep a table in memory for better performance. That stopped with SQL Server 2005, though the command was still present in that version of SQL Server. The idea was that SQL Server’s optimisation and fetch capabilities were robust enough to keep up with demand.

Of course, this did not hold true. As a result, Microsoft researched and developed Hekaton, which is an in-memory database option. Designed from the ground up, it doesn’t function at all like the old DBCC PINTABLE() command because how the data is stored is different. If you need the performance such an option provides, it became available with SQL Server 2014.

Columnstore Indexes

Most queries don’t require all the columns in a table. However, because a standard index is organised by row, you have to retrieve every row, and every column of every row, for each row which matches the query predicate. Conceptually, data is stored like this, with every column being kept together for a given row:

word image 26 The End of SQL Server 2008 and 2008 R2 Extended Support

In other words, the engine is probably making a lot of extra reads to get the data you need. However, since that’s the way data is stored, you don’t have any other choice.

Columnstore indexes store the data in separate segments, one column per segment. A column can consist of more than one segment, but no segment can have more than one column. At a high level, you can think of the index working like this:

word image 27 The End of SQL Server 2008 and 2008 R2 Extended Support

As a result, you just have to pull the segments related to the columns you care about, reading fewer pages and therefore achieving better performance. Continuing with the conceptual view, a query only wanting BusinessEntityID, FirstName, and LastName requires fewer reads because SQL Server doesn’t have to also grab data for Title, MiddleName, Suffix, and ModifiedDate simply to read in the entire row:

word image 28 The End of SQL Server 2008 and 2008 R2 Extended Support

Columnstore Indexes are especially helpful in reporting and analytical scenarios with star or snowflake schema with a large fact table. The segmentation of the columns and the compression built into columnstore indexes means the query runs a lot faster than with a traditional index. However, this feature is not available until SQL Server 2012.

Availability Groups and Basic Availability Groups

If you have ever worked with traditional failover cluster instances, you understand the pains that this high availability (HA) option brings with it. The good news is that there is one instance, and all databases are highly available. The biggest bear of a requirement is the shared storage that all the nodes can access. This means you only have one set of the database files, and there is only one accessible copy of the data.

With a failover cluster instance, failover means stopping SQL Server on one node and starting it on another node. This can happen automatically, but during that failover, the SQL Server instance is unavailable.

With Availability Groups, introduced in SQL Server 2012, the HA is at the database level. Availability Groups do not require shared storage. In fact, Availability Groups do not use shared storage at all. This means you have more than one copy: at least one primary and from one to eight secondaries. These secondaries can be used for read-only access. In addition, there is technology that allows any of the partners (primary or secondary) to reach out to the other partners if a partner detects page-level corruption and get a correct page to replace the corrupted page. This feature is Automatic Page Repair.

Finally, with SQL Server 2016, Microsoft introduced Basic Availability Groups. Do you want the high availability but you do not need to access a secondary for read-only operations? Then you can take advantage of a basic availability group which only requires Standard Edition, therefore, it’s significantly cheaper.

Audit Object

One of the easiest ways to set up auditing is with the aptly named Audit object. However, when Microsoft first introduced this feature in SQL Server 2008, Microsoft deemed it was an Enterprise Edition only feature. While you can do similar things using Extended Events (actually, the Audit object is a set of Extended Events), it is not as easy to set up.

With industry’s need for auditing only growing, Microsoft has changed its stance in stages. Starting in SQL Server 2012, Microsoft enabled server-level auditing for Standard Edition. Then, in SQL Server 2016, starting with SP1, you can now use the Audit object at the database level with Standard Edition. Gaining access to Audit can be a huge benefit for compliance on our SQL Servers. I have found it helpful to have a quick chart:

word image 29 The End of SQL Server 2008 and 2008 R2 Extended Support

Backup Encryption

When Microsoft introduced Transparent Data Encryption (TDE), it also introduced encrypted backups. However, initially, the encrypted backups were only for databases protected by TDE. TDE is an Enterprise Edition only feature. That meant you only had encrypted backups if you (a) were using Enterprise Edition and (b) had configured TDE on a particular database.

The third-party market (including Red Gate) has offered encryption in their SQL Server backup products for years. As a result, the community asked for Microsoft to also include backup encryption as a standard function for Microsoft SQL Server without having to use TDE. As a result, Microsoft added it to SQL Server 2014.

Backup encryption is crucial because smart attackers look for database backups. If an attacker can grab an unencrypted database backup, the attacker does not have to try and break into SQL Server. The attacker gets the same payoff but with less work. Therefore, if you can encrypt the database backups, especially if you belong to a firm without a third-party backup solution, you force the attackers to use a different, hopefully, more difficult method to get to the data. The more techniques an attacker must try, the more likely you are to discover the attempted hacking.

Dynamic Data Masking

I will admit to not being a fan of data masking. Solutions implementing data masking either leave the data at rest unmasked or they store the algorithm with the masked data in some form. This makes sense since privileged users must be able to see the real data. SQL Server is no different in this regard.

However, the purpose of SQL Server’s data masking is to provide a seamless solution for applications and users who shouldn’t see the actual data. You can define the masking algorithm. You can also define who can see the real data using a new permission, UNMASK. As long as you don’t change the data type/length of the field used in order to accommodate the masking algorithm, you can implement dynamic data masking without changing the application code or a user’s query unless they’re doing something to key off of the actual data.

Microsoft introduced this feature in SQL Server 2016, and its implementation can solve typical audit points around protecting the data in a system or report. As a result, it’s a great reason to upgrade from SQL Server 2008/2008R2 if you need to meet this sort of audit requirement.

Row-Level Security

You could implement row-level security solutions in SQL Server for years using views. However, there are some issues with this, as there are information disclosure issues with these home-grown solutions. The attack is basic: a savvy attacker can execute a query which reveals a bit about how the solution was built by forcing an error. A true, integrated row-level security solution was needed. As a result, Microsoft implemented row-level security as a feature first in Microsoft Azure and then in SQL Server 2016.

Speaking from experience, getting the home-grown solutions correct can be a problem. You have to be careful about how you write your filtering views or functions. Sometimes you’ll get duplicate rows because a security principal matches multiple ways for access. Therefore, you end up using the DISTINCT keyword or some similar method. Another issue is that often the security view or function is serialised, meaning performance is terrible in any system with more than a minimal load.

While you can still make mistakes on the performance side, you avoid the information disclosure issue and the row duplication issue.

Always Encrypted

When looking at encryption solutions for SQL Server, you should ask who can view the data. The focus is typically on the DBA or the administrator. Here are the three options:

DBAs can view the data.
DBAs cannot view the data but OS system administrators where SQL Server is installed can.
Neither the DBAs nor the system administrators can view the data.

System administrators are usually singled out for one of two reasons:

The DBAs also have administrative rights over the OS. In this case, #1 and #2 are the same level of permissions, meaning the DBAs can view the data.
The system administrators over the SQL Servers do not have permissions over the web or application servers.

If the DBAs can view the data, then you can use SQL Server’s built-in encryption mechanisms and let SQL Server perform key escrow using the standard pattern: database master key encrypts asymmetric key/certificate encrypts symmetric key encrypts data. If the DBAs cannot view the data and they aren’t system administrators but system administrators can (because they can see the system’s memory), then you can use the SQL Server built-in encryption, but you’ll need to have those keys encrypted by password, which the application has stored and uses. In either case, the built-in functions do the job, but they are hard to retrofit into an existing application, and they are not the easiest to use even if you are starting from scratch.

If neither the DBAs nor anyone who can access the system’s memory is allowed to view the data, then you cannot use SQL Server’s built-in encryption. The data must be encrypted before it reaches the SQL Server. Previously, this meant you had to build an encryption solution into the application. This is not typically a skillset for most developers. That means developers are operating out of their core body of knowledge, which means they work slower than they would like. It also means they may miss something important because they lack the knowledge to implement the encryption solution properly, despite their best efforts.

Another scenario is that you may need to retrofit an existing application to ensure that the data in the database in encrypted and/or the data in flight is encrypted. Retrofitting an application is expensive. The system is in production, so changes are the costliest at this point in the application’s lifecycle. Making these changes is going to require extensive testing just to maintain existing functionality. Wouldn’t it be great if the encryption/decryption could happen seamlessly to our application? That is what Always Encrypted does.

Always Encrypted is available starting with SQL Server 2016 (Enterprise Edition) or SQL Server 2016 SP1 (opened up for Standard Edition). Always Encrypted has a client on the application server. The client takes the database requests from the application and handles the encryption/decryption seamlessly. The back-end data in SQL Server is stored in a binary format, and while SQL Server has information on how the data is encrypted: the algorithm and metadata about the keys, however, the keys to decrypt are not stored with SQL Server. As a result, the DBA cannot decrypt the data unless the DBA has access to more than SQL Server or the OS where SQL Server is installed.

Better Support for Extended Events

Extended Events were introduced in SQL Server 2008, but they were not easy to use. For instance, there was no GUI to help set up and use Extended Events. The only way to work with Extended Events was via T-SQL.

Starting with SQL Server 2012, GUI support was introduced in SQL Server Management Studio (SSMS). With each new version of SQL Server, Microsoft extends what you can monitor with Extended Events (pun intended). The ability to capture information about new features is only instrumented with Extended Events. If you are still in “Camp Profiler,” you cannot monitor these features short of capturing every T-SQL statement or batch. That is not efficient.

One of the most important reasons to move off Profiler server-side traces and towards Extended Events is performance. The observer overhead for traces is generally higher than extended events, especially under CPU load. This is especially true using Profiler (the GUI) for monitoring SQL Server activity. Another area of performance improvement is with the filter/predicate. You can set a filter just like with Profiler. However, with Extended Events, the filtering is designed to happen as quickly as possible. SQL Server will honour the filter as it considers whether or not to capture an event. If it hits the filter, it cuts out and goes no further for that particular extended event set up. This is different than the deprecated trace behaviour. While trace will still apply the filter, it does so after the event/data collection has occurred, which results in “relatively little performance savings.” With these two improvements, Extended Events should capture only the data you specify, and it should cut out if it determines you aren’t actually interested in the event because of the filters you specified, meaning less load on the system due to monitoring.

That’s why, in the majority of cases, Extended Events are more lightweight than traditional traces. They certainly can capture more, especially if you are using any of the new features introduced from SQL Server 2012 and later. This, in and of itself, may be a great reason to migrate away from SQL Server 2008. After all, the better you can instrument your production environment while minimising the performance impact, the better.

Windowing Functions, DDL We’ve Cried For, and More, All in T-SQL

With every new version of SQL Server, Microsoft will add new features as well as improve existing ones. With SQL Server 2012, Microsoft introduced a significant amount of new functionality through T-SQL. Some of this functionality applied to queries, but others applied to configuration and database schema management. Here are three at three meaningful examples.

Windowing Functions

Window(ing) functions compute aggregations based on defined partitions. SQL Server 2008 and 2008R2 did have windowing functions using OVER() and PARTITION BY for ranking and aggregates. With SQL Server 2012 You get LAG() and LEAD(). You can also do more with aggregate functions. For instance, imagine the scenario where you had to report the order total for each order, but you also had to show the previous order total (LAG) and the next order total (LEAD). You might have another requirement, which is to show a running total. All of this can be put into a simple query:

SELECT SalesOrderID, OrderYear, OrderMonth, OrderDay, OrderTotal,

LAG(OrderTotal, 1, 0) OVER (ORDER BY SalesOrderID) AS PreviousOrderTotal,

LEAD(OrderTotal, 1) OVER (ORDER BY SalesOrderID) AS NextOrderTotal,

SUM(OrderTotal) OVER (ORDER BY SalesOrderID ROWS BETWEEN UNBOUNDED PRECEDING

AND CURRENT ROW) AS RunningTotal

FROM

– This subquery is to aggregate all the line items for an order

– into a single total and simplify the year, month, day for

– the query

(SELECT SOH.SalesOrderID, YEAR(SOH.OrderDate) AS ‘OrderYear’,

MONTH(SOH.OrderDate) AS ‘OrderMonth’, DAY(SOH.OrderDate) AS ‘OrderDay’,

SUM(SOD.LineTotal) AS OrderTotal

FROM Sales.SalesOrderDetail AS SOD

JOIN Sales.SalesOrderHeader AS SOH

ON SOD.SalesOrderID = SOH.SalesOrderID

GROUP BY SOH.SalesOrderID, SOH.OrderDate) SalesRawData;

The neatest function is SUM() because of the ORDER BY in the OVER() clause. Note that the query uses the keyword ROWS in the framing clause. This is new to SQL Server 2012, and the use of ROWS here tells SQL Server to add up all the rows prior to and including the current one. Since SQL Server is gathering the data at one time, the single query performs faster than having multiple queries trying to gather, re-gather, and calculate the same information. In addition, the data is all on the same row:

word image 30 The End of SQL Server 2008 and 2008 R2 Extended Support

There are more window functions around rank distribution as well as the RANGE clause, which is similar in use to ROWS. SQL Server 2012 greatly expanded SQL Server’s window function support.

User-Defined Server Roles

When SQL Server 2005 debuted, it introduced a granular access model. A DBA could apply security to almost every object or feature of SQL Server. Microsoft pushed for the use of the new security model over the built-in database and server roles. However, at the time some server-level functionality keyed in on whether a login was in a role like sysadmin rather than checking to see if the login had the CONTROL permissions. As a result, DBAs stayed primarily with the roles that came with SQL Server.

The other issue was that SQL Server didn’t permit user-defined roles at the server level. Therefore, if a DBA wanted to implement a specific set of permissions at the server level using the granular model, that could be done, but it wasn’t tied to a role. This conflicted with the best practice of creating a role, assigning permissions to a role, and then granting membership to that role for the security principals (logins or users, in SQL Server’s case). DBAs could carry out this best practice at the database level, but not at the server level. With SQL Server 2012, server level user-defined roles are now possible. Therefore, it’s now possible to follow this best practice. However, you need to segment your permissions at the server level; you can create a role, assign the permissions, and then grant membership.

DROP IF EXISTS

A common problem DBAs face when handling deployments is when a script wants to create an object that already exists or the script wants to drop an object that isn’t there. To get around it, DBAs and developers have typically had to write code like this:

IF EXISTS(SELECT [name] FROM sys.objects WHERE name = ‘FooTable’)

DROP TABLE FooTable;

Note that each of these statements must have the correct name. As a result, a DBA or developer putting together a deployment script updating hundreds of objects would need to verify each IF EXISTS() statement. Without third-party tools which do this sort of scripting for you, it can be cumbersome, especially in a large deployment. All that IF EXISTS() does is check for the existence of the object. Therefore, the community asked Microsoft for an IF EXISTS clause within the DROP statement that did the check and eliminated the need for this type of larger, more error-prone clause. Microsoft added this feature in SQL Server 2016. Now, you can simply do this:

DROP TABLE IF EXISTS FooTable;

If the table exists, SQL Server drops it. If the table doesn’t exist, SQL Server moves on without an error.

Ways to Migrate

Hopefully, you have gotten the go-ahead to migrate from your old SQL Server 2008/2008R2 instances to a new version. The next question is, “How?” One of the biggest concerns is breaking an existing application. There are some techniques to minimise these pains.

DNS is Your Friend

One of the chief concerns I hear about migrating database servers is, “I have to update all of my connections.” Sometimes this is followed by, “I’m not sure where all of them are, especially on the reporting side.” Here is where DNS can help.

I recommend trying to use “friendly” names in DNS that don’t refer to the server name, but to a generic name. Say there is an application called Brian’s Super Application. Rather than pointing to the actual server name of SQLServer144, you create an alias in DNS (a CNAME record in DNS parlance) called BriansSuperApp-SQL which is an alias to SQLSErver144. Then you can point the application to that friendlier name. If, at any point, the IP address on SQLServer144 changes, the CNAME will always be a reference to SQLServer144, meaning the client will get the correct IP address. Moreover, if you need to migrate to another SQL Server, say SQLServer278, simply change the alias. Point BriansSuperApp-SQL to SQLServer278, and the clients are repointed. You don’t have to change any connection information. This is an example of loose coupling applied to infrastructure.

But what if there are already applications configured to point directly to SQLServer144? Again, DNS can help. If you can migrate the databases and security from SQLServer144 to a newer SQL Server and then bring SQLServer144 off-line, you can use the same trick in DNS. Only instead of having a reference to BriansSuper-SQL that points to SQLServer278, you will delete all DNS records for SQLServer144 and then create a DNS record called SQLServer144 that points to SQLServer278. I have used this trick a lot in migrations, but it does require all the databases to move en masse to a single replacement server and the old server to be completely offline to work.

Remember Compatibility Levels

If your application requires a compatibility level of SQL Server 2008 or 2008R2, keep in mind that newer versions of SQL Server can support databases set to older versions of SQL Server via ALTER DATABASE. The compatibility designation for both SQL Server 2008 and 2008R2 is 100. All supported versions of SQL Server allow you to run a database in this compatibility mode. Therefore, you should be able to deploy to SQL Server 2017 (or 2019, if it is out by the time you are reading this).

Data Migration Assistant

What if you’re not sure if you can migrate from SQL Server 2008? Is there functionality that will break in the new version? Can you move the database to Azure? Trying to answer these questions can be a daunting task. However, Microsoft does have the Data Migration Assistant to assess your databases’ readiness to upgrade or move to Azure. Previously, DBAs would assess SQL Server Upgrade Advisor. Data Migration Assistant is extremely easy to use. First, you’ll need to create a project and tell DMA what you’re attempting to do:

word image 31 The End of SQL Server 2008 and 2008 R2 Extended Support

In this case, the assessment is for a SQL Server to SQL Server migration (on-premises). Then, you’ll need to tell DMA what to connect to and what to assess. Once DMA has verified it can connect and access the databases you’ve chosen, you’ll indicate what you what DMA to look at:

word image 32 The End of SQL Server 2008 and 2008 R2 Extended Support

Here, the target specified is SQL Server 2017 and DMA is being instructed to not only look at compatibility issues but also to examine any new features that might be helpful. DMA will churn away and return its assessment:

word image 33 The End of SQL Server 2008 and 2008 R2 Extended Support

In this case, DMA noticed that Full-Text Search objects exist in the database. While DMA evaluated a SQL Server 2014 system and DB, note that DMA still flags a SQL Server 2008 issue. Like with any tool recommendations, you’ll need to consider whether the information presented applies in your case. Here, because DMA is looking at a SQL Server 2014 DB running on SQL Server 2014, there’s no issue with upgrading the database to a SQL Server 2017 instance.

Now AdventureWorks is a tiny, relatively simple database. You wouldn’t expect DMA to find much if anything. For your databases, especially large and complex ones, expect DMA to churn for a while and to have more recommendations and warnings.

What If You Can’t?

You may be in a situation where you cannot make a move by the deadline. What are your options? There are three:

Extended Security Updates

The first option, especially if you have to stay with on-premises SQL Servers, is to join the Extended Support Update program mentioned earlier. This is a pricy option, but it is the only way to maintain support for on-premises SQL Servers. Keep in mind, though, that in order to enroll in this program, Microsoft may very well ask for a migration plan on how and when you will move to supported versions of SQL Server.

Microsoft Azure

If you have the option of moving to a VM in Azure, then you will have additional coverage for three more years, as Microsoft indicated in a post on the Microsoft Azure blog. Microsoft has promised extended security updates at no extra cost if you are running on an Azure VM. In addition, the blog includes a reminder that a managed instance in Azure is another option for customers.

Again, you have to have the capability of moving to Azure. However, if you already in Azure or if you have been preparing to establish a presence, then an Azure VM may be a solution if you cannot migrate off SQL Server 2008 or 2008R2.

Go Without Support

The last option is to continue to run SQL Server 2008 or SQL Server 2008 R2 with no support. Your organisation may reason that Microsoft SQL Server has been relatively secure with only a handful of patches. There are a couple of issues, however.

The first issue is “you don’t know what you don’t know.” Someone may find a vulnerability tomorrow that is critical, easily exploitable, and which adversaries seize upon quickly. This was the case with SQL Slammer in the SQL Server 2000 days.

The second issue is around compliance. Some regulations, industry standards, and laws require systems to be running on supported, patched software. If your organisation is required to comply in such a manner, then going without support means the organisation is knowingly violating compliance and risks being caught. This is not just an immediate issue. After all, many regulations and laws can result in penalties and fines well after the period of non-compliance.

An organisation should only choose to go without support after a proper risk assessment. I know of cases where organisations decided to continue on NT 4 domains because they could not migrate to Active Directory. Other organisations have had key software that only ran on Windows 95, SQL Server 6.5, or some other ancient software. They could not find a proper replacement for that essential software and the business risk was more significant not to have the software or its functionality than running unsupported operating systems or software. However, those were informed decisions made after considering which was the greater risk.

Conclusion

With SQL Server 2008 and 2008 R2 extended support ending, it’s time to move off those database platforms. Even if you’re not required to upgrade from a GRC perspective, there’s a lot of functionality in the newer versions of SQL Server you can leverage for the benefit of your organisation. Microsoft has provided tools and guidance for upgrading. One example is the Data Migration Assistant. Microsoft has also provided additional documented guidance in SQL Docs to cover your migration scenario. If you can’t upgrade, but you require support, there are two paths you must choose from. The more costly option is to enter the Extended Support Upgrade program. The other path is to deploy to SQL Server 2008 instances in Microsoft Azure, as these will remain under support until 2022.

Let’s block ads! (Why?)

SQL – Simple Talk

In Security, It’s Usually The Basic Stuff That Gets You – Like Passwords

June 24, 2019 BI News and Info

There are some very smart hackers out there, many of whom have access to the latest techniques and exploits. But time and again, we’ve seen that attackers don’t need to deploy the latest and greatest because they can achieve their goals with older, basic techniques. Why bother with something complex, or why burn a new tool by using it on a low-value target, when simple things like reused passwords can get a hacker everything they need?

For example, suppose you use your go-to, easy-to-remember username and password at a mom-and-pop retailer,and hackers steal it. Or maybe hackers buy a block of username/password combinations on the black market. If you use the same username/password for your healthcare provider, a hacker can easily gain access to your most private and most valuable personal information.

We all know that we shouldn’t use the same password at multiple sites. We also know that we shouldn’t use the same password for work and personal accounts so a successful attack on our personal accounts doesn’t give the attacker a foot in the door to our corporate network.

But we also know that remembering multiple passwords is difficult, and best practices seem to change all the time. In fact, many of the standard password-protection schemes that we’ve become accustomed to have been deemed ineffective and outdated. That’s according to guidelines from the National Institute of Standards and Technology (NIST), which are based on the premise that ease of use is an essential component of effective security.

Do’s and don’ts of password protection

NIST recommends that companies and websites that verify credentials do away with all of the requirements that supposedly make a password more difficult to crack, but also make it more difficult to remember, such as capitalization, special characters, numbers, etc. Instead, NIST recommends long passphrases made of real words and encourages sites to allow people to enter as many as 64 characters in a single passphrase.

In addition, NIST says the common practice of requiring regular password updates should be discontinued because this has resulted in people choosing weaker passwords. Also, NIST calls for doing away with asking people to provide a “hint,” like the name of their first pet or mother’s maiden name, because hackers could gain access to that information.

NIST does recommend some additional measures, such as cross-checking a new password against a blacklist of compromised passwords and rejecting passwords that are on the list. Other criteria for rejecting passwords include repetitive or sequential characters or numbers, passwords obtained from previous breaches, and context-specific words, such as the name of the bank or the person’s own name.

Security strategies that work

The best way to handle multiple passwords is to use password manager software, which saves all of your passwords and remembers which password is associated with which web site, so you don’t have to.

Another positive trend is the increased use of multi-factor authentication (MFA), which typically means getting a random number sent to your phone or email address and then entering that number in order to access the site.

As users become more accepting of this type of authentication, it makes sense for companies to deploy access control systems that call for the appropriate MFA level, depending on the specific circumstance – for example, an employee trying to connect from an unusual location.

And since we know that it’s the basic security mistakes that come back to bite you, companies need to make a renewed push to educate employees on security best practices, including password protection and how to avoid phishing attacks.

This article originally appeared on DXC.technology and is republished by permission. DXC Technology is an SAP platinum partner.

Let’s block ads! (Why?)

Digitalist Magazine

How can I get edges to bend to avoid crossing?

June 24, 2019 BI News and Info

I want to generate a layered drawing of the Hoffman–Singlelton graph. As an example of what I want, here is a layered drawing of the Petersen graph:

Now if I right click on the output of PetersenGraph[] and do Graph Layout -> Layered, drawing, I get this:

Clearly a lot of the important visual information at the end layer is lost because the edges all overlap. Is there a way to recreate something similar to the the top image, where the edges at the last layer are visible?

My actual goal is not to do this with the Petersen, but with the Hoffman–Singleton (in Mathematica, FromEntity[Entity["Graph", "HoffmanSingletonGraph"]]). Needless to say, I got a similar output for this graph:

I appreciate any assistance with this.

Let’s block ads! (Why?)

Recent Questions – Mathematica Stack Exchange

A test case for digital transformation

The journey to the smart factory

Small means small

Configuration first

Standardization and transparency

Next stop, Industry 4.0

Everything You Need to Know About the Wayfair Decision and How NetSuite Can Help

Survey Employees to Learn What Matters to Them

Ask Your Employees for Feedback

Identify How Each Department Contributes to Your Mission and Vision

Keep the Momentum Going with a Strong Internal Communications Strategy

What This Means

Mainstream Support

Extended Support

Beyond Extended Support

Compliance Requirements

Reasons to Upgrade

In Memory OLTP

Columnstore Indexes

Availability Groups and Basic Availability Groups

Audit Object

Backup Encryption

Dynamic Data Masking

Row-Level Security

Always Encrypted

Better Support for Extended Events

Windowing Functions, DDL We’ve Cried For, and More, All in T-SQL

Windowing Functions

User-Defined Server Roles

DROP IF EXISTS

Ways to Migrate

DNS is Your Friend

Remember Compatibility Levels

Data Migration Assistant

What If You Can’t?

Extended Security Updates

Microsoft Azure

Go Without Support

Conclusion

Do’s and don’ts of password protection

Security strategies that work

Recent Posts

Categories

Archives