Rich Hillard

Rich Hillard

Business Technology Consultant

Richard J. Hillard, Jr. is an effective information technology executive whose strongest skill is the ability to provide practical, focused advice to business managers. He clearly communicates technical problems, challenges, and solutions while building consensus among teams to ensure a high-level of success with IT projects. With more than 15 years of information technology management experience, he works from offices in Londonderry, New Hampshire and Boston, Massachusetts.

Rich is a cloud computing expert and advocate who has successfully migrated multiple businesses to the cloud using Amazon Web Services (AWS), Microsoft Office 365, Microsoft Remote Desktop Services, thin-client computers, and hosted VoIP. When analyzed over a three to five-year period these businesses have realized a 40-60% reduction in their overall IT and telecom costs.

EPM Hosting with Microsoft Active Directory Integration

Easy to manage user authentication One of the common challenges with cloud deployments is managing user authentication. Most cloud services require the creation of a new database of usernames and passwords that needs to be managed independently of the existing corporate user database. With Strafford Technology’s Managed EPM Cloud service, we don’t require this added level of complexity or hassle for your staff. In most enterprise IT environments user logins are already being centrally managed by a Microsoft® Active Directory database. We integrate our hosted servers with our clients’ existing Microsoft Active-Directory implementations, allowing for seamless, single-sign-on access to hosted EPM applications. A unique approach This level of integration is a fairly unique service offering requiring expertise with network infrastructure, server administration, and EPM implementations. Strafford’s extensive EPM expertise, as well as our deep understanding of corporate IT infrastructure, network, server, and security requirements gives us the ability to confidently recommend, deploy, and support this solution. We work cooperatively with our clients’ IT staff to create a permanent, secure connection from the corporate network to the cloud known as a site-to-site Virtual Private Network (VPN). This connection is implemented at the network level, and acts as a bridge to the cloud allowing users to access their EPM applications running on hosted servers as if they were on the corporate network. The fact that the EPM application servers and databases are hosted on the cloud is completely transparent to the users of the EPM software. An independent system For those clients who want to maintain separation of their hosted EPM applications from the corporate network, we provide an independent Microsoft® Active Directory...

Data Encryption on the Cloud

At Strafford Technology, we take data security seriously. We leverage Amazon Web Services (AWS) to create a secure cloud hosting environment optimized for our clients’ Enterprise Performance Management (EPM) applications and storage of their sensitive financial data. Many of our Enterprise clients are particularly concerned about data security for regulatory or compliance reasons. As an AWS Consulting Partner, we’ve designed our EPM hosting solutions to meet or exceed these requirements. When discussing data security on the cloud we need to address two key areas of concern: data-in-motion and data-at-rest. Data-in-motion, (sometimes referred to as data-in-use) is information currently being accessed or transmitted. Data-at-rest is all information being stored physically in digital form, which would include all of the information stored on the cloud in volumes (virtual server hard drives). We protect data-in-motion with Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) for our connectivity solutions delivered via Virtual Private Networks (VPN), Secure Web Browser (HTTPS), or Microsoft Remote Desktop Services Protocol (RDP). These are the same transmission-encryption techniques deployed by banks for use with online-banking or payment transactions. We also utilize 2-Factor Authentication during the user authentication for each of these connection methods. The AWS platform allows us to secure data-at-rest with server-side encryption for Amazon S3 volumes. Each volume is encrypted using 256-bit AES encryption, one of the strongest block cipher encryption methods available. The entire encryption process and system is verified and audited regularly by AWS. Through the proper planning and implementation of this available technology, our clients’ hosted EPM applications are in full compliance with regulatory guidelines around data...

Microsoft Hosted Exchange (Office 365) In-Place Personal Archive Missing with full-version of Microsoft Outlook

For some clients who currently use Microsoft Hosted Exchange accounts with the In-Place Archiving feature enabled, the In-Place Archive Mailbox is not appearing in their full-version of Microsoft Office Outlook 2013 software connected to their Exchange account. Users can see their Archive in Outlook Web App, just not in the full-version of Outlook 2013. The Microsoft Hosted Exchange service does in-fact support this feature, but the In-Place Archive feature requires specific Outlook licenses. For organizations using Microsoft Corporate Licensing Agreement or  Microsoft Service Provider Licensing Agreement (SPLA) versions Microsoft Office Standard 2013 does not support the In-Place Archive feature, while Microsoft Office Professional Plus 2013 does support this feature. This is not a Microsoft Hosted Exchange feature or licensing problem. This is a Microsoft Office Outlook 2013 version issue. SUPPORTING ARTICLES: Here is a link to the feature comparison of the Exchange Online plans: http://office.microsoft.com/en-us/exchange/compare-microsoft-exchange-online-plans-hosted-email-for-business-FX103764022.aspx Here is a link to the Outlook license requirements for use with Microsoft Hosted Exchange Online features:...

Passwords aren’t enough for the Cloud

Passwords just aren’t enough, especially when people do crazy things like this. Yes, this is real. Someone actually wrote the password to their Remote Desktop Session on their keyboard. I’ve seen the password on a sticky-note under the keyboard, in an unlocked desk drawer, even taped right on the monitor, but I’ve never seen a password written on a keyboard! I have to admit, it’s a very convenient place for the password, you don’t even have to lift up the keyboard to look at it. Despite this consideration it is probably not a good idea to ever do this. One of the biggest challenges facing IT Administrators and Business Executives is balancing the demand for convenience vs. the need for security. While technology is getting more convenient since the advent of the Cloud, it is more important than ever to maintain proper security of these systems. How can you possibly hold someone accountable for anything they do while using a corporate data system if the company uses a standard convention for usernames (such as firstname.lastname) and the user has written down their password for anyone to use? Even if a person hasn’t written it down, it’s too easy for people to simply share their passwords. Microsoft recently acquired a great company called PhoneFactor (www.phonefactor.com). What PhoneFactor does is simply call you on your mobile phone when you log in. All you have to do is answer, hit the # key, and you’re done. Instant multi-factor authentication using a device everyone already has in their pocket. At SiteVentures, we use PhoneFactor to secure the Microsoft Remote Desktop Servers running in...

Why Microsoft should give away Windows Thin PC

Microsoft Windows Thin PC enables businesses to repurpose existing PCs as thin clients by providing a smaller footprint, locked down version of Windows 7. This provides organizations with significant benefits, including: Reduced End Point costs: Windows Thin PC empowers companies to leverage their end point hardware investments to access virtual desktops that are delivered using Remote Desktop Services. Excellent Thin Client experience: Windows Thin PC offers many of the benefits of a thin client. Organizations can improve security and compliance on their repurposed PCs, by using write filters to prevent data from being written to disk. Enterprise Ready platform: Windows Thin PC is built on the proven Windows 7 platform. Enterprise features such as BitLocker andAppLocker further help IT secure their devices. Sounds great, right? Unfortunately, Microsoft has made it difficult to obtain a license to use this thin client operating system. In order to buy Windows Thin PC a company must obtain a company-wide site license through Microsoft’s Open Licensing Program. They’ve layered a complicated, expensive, and time-consuming process on top of a technology that is supposed to reduce time, cost and complexity. Instead of drawing people in to the Microsoft world, they’re actually pushing people away from adopting this great technology. I’m a die-hard Microsoft fan: Microsoft Certified Systems Engineer (way back NT 4.0 style), Microsoft Certified Partner, Cloud Accelerate Partner, etc., but it is so painful to watch a great company make so many bad decisions regarding emerging cloud technologies. At SiteVentures, we help businesses move to the Cloud by migrating their corporate servers and desktops to Virtual Private Clouds on Amazon Web Services (AWS). Our clients login to their corporate desktops on the cloud using Microsoft’s Remote Desktop...

A Practical Guide for Moving to the Cloud

Is your business on the Cloud? Do you know what the cloud is, or what it can do for your business? Given all the attention on the Cloud, have you found yourself wondering how it could potentially benefit your business? Until recently, businesses have had to own and maintain complex technology needed to communicate and operate efficiently. These voice and data systems are vital to the success of any business, and without reliable, well-managed technology most businesses simply can’t compete. Today’s available cloud computing options present an opportunity to take the complexity, unreliability, lack of security, high-costs of ownership, and sheer frustration out of the equation for just about any business, regardless of size. Here are a few tips for how to leverage the cloud from a practical, down-to-earth perspective. Move your Business Phone System to the Cloud It has never been easier to save money and lower your headaches than now by moving to a cloud-based phone system. This is not to be confused with Voice over Internet Protocol (VoIP) phone service. This is a different approach, which completely eliminates your on-premise phone system and phone service. A cloud-based phone system replaces the ‘master switch’ in the back room that connects all of your phones together and handles all your calls. Instead of this being a hardware box hanging on a wall somewhere (ready to fail anytime) a cloud-based phone system is a service delivered from a datacenter by a cloud service provider. The hardware, software, power, connectivity, phone lines, etc. are all part of the package. You still have what looks like a regular business phone on...

How to eliminate ‘winmail.dat’ with Microsoft Office 365 or Hosted Exchange Server accounts

We recently helped migrate one of our clients to Microsoft Hosted Exchange. Several weeks after the migration the Owner began experiencing a persistent problem sending file attachments. Every time he sent an attachment to certain contacts, all that would show up on the other end was a WINMAIL.DAT file. It didn’t matter what the original attachment file type was – we tried .pdf, .txt, .xls, .zip, etc. The root cause of this problem is TNEF, or Transport Neutral Encapsulation Formatting. If the message is sent using TNEF and the recipients’ email client does not have the capability of translating TNEF, the message can’t be ‘decoded’ and all that arrives is a binary WINMAIL.DAT file. There are many posts online discussing this problem being related to Outlook and the Rich Text Format (which uses TNEF), such as this one: http://support.microsoft.com/kb/278061 Even after following these steps and many others to make sure the Outlook 2007 mail client was not sending email in Rich Text Format, recipients were still getting winmail.dat in place of the attachments. We discovered that somehow the Hosted Exchange Account had started transmitting this TNEF data no matter what format the Outlook mail client sent the message. If the mail format was HTML, RTF, or Plain Text the attachments would not be properly received. The problem was actually with the Server-side settings on his account, not Outlook as most of the Articles related to this problem will discuss. Here’s how to fix it: This is a link to the Microsoft Knowledgbase Article discussing TNEF and Hosted Exchange details: http://help.outlook.com/en-us/140/gg263346.aspx To correct this problem for this customer on a Global level, we used PowerShell...

‘Windows Update service is not started’ error on HP Z400 with Windows 7 Pro

Recently, I was trying to run ‘Windows Updates’ on a relatively-new HP Z400 Workstation with a Windows 7 Pro 64-bit operating system. Each time I would attempt to run Windows Updates, I would get an error message stating the “Windows Update Service is not started.”  I would stop/start the already running service – same problem. Weird, frustrating, waste of time. After hours of searching for the fix, and being led down the ‘Is it malware?‘ road, and then down the ‘You’re going to need to run an in-place upgrade of the Windows 7 Operating System to restore all of your system files’ road, I finally discovered a support forum post which correctly identified the problem and provided the solution. The underlying cause of the problem was actually with the version of the Intel Rapid Storage Technology driver. This is the software that allows Windows 7 to use the on-board RAID controller (hard drives) on the HP Z400 Workstation’s motherboard. Here is the link to the updated driver and solution to this problem:  “Error Messages Appear During Windows Update.”  Download it, run it, reboot the computer. Windows Updates and all other installations work properly after this driver is applied. 3+ hours of my life I’ll never get back! This is one of the many reasons why at SiteVentures we try to avoid deploying new pc’s whenever possible, and why we love the...

Microsoft Office Document Imaging (MODI) and Microsoft Office 2010

Microsoft Office Document Imaging (MODI) was removed as a component of Microsoft Office with the release of Office 2010. It was included with Microsoft Office 2007 and many users rely on it while processing scanned documents in the multi-page TIF format. It does a great job of displaying the individual pages in a column on the left, while the full-page view of the selected page is in the main window. People love this program, and when upgrading users’ systems I always try to include it by following this Microsoft article: http://support.microsoft.com/kb/982760 “Microsoft Office Document Imaging (MODI) is removed in Microsoft Office 2010. This article provides methods you can follow to install MODI on the computer. It also describes the alternative methods that you can use to regain the functionalities of certain MODI...

Windows 2008 R2 Remote Desktop Services Keep-Alive Configuration

Recently, I came across an invaluable piece of information I’d like to share regarding the use of Remote Desktop Services on a Windows 2008 R2 host: We were experiencing frequent Remote Desktop Services session ‘lockups’ using all types of RDP (Remote Desktop Protocol) client software and hardware end-points. The sessions weren’t timing-out, dropping, or disconnecting – they were just freezing up, more often after minimizing the RDP session for a short interval. I checked everything – all the server and client-side settings were 100% correct, there was no obvious reason for this problem. I found a few references to a Registry setting that can be applied to the Remote Desktop Services host locally via gpedit.msc, or through a Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host(Terminal Server)\Connections\Configure keep-alive connection interval: Enabled and value specified I have been using a value of 1-minute and it seems to have mitigated this problem substantially. Now, if I minimize an RDP session for an extended period of time, for example 45 minutes, I can restore it and begin working in the session right...

Lessons learned from GoDaddy DNS outage

By now most people have either experienced some pain with or have heard about the apparent Denial of Service attack that took GoDaddy’s Domain Name Servers (DNS) offline for several hours on 9/10/2012. If not, here are a few links to the story at Wired, CNN, and FoxNews. Many small businesses use Domain Name Registrar’s like GoDaddy.com to maintain the registration of their domain names AND provide other services such as Domain Name Services (DNS), Web Hosting, and Email. One of the most-critical underlying services that makes the Internet work is DNS. Domain Name Servers are the phonebooks of the internet; they translate human-readable Universal Resource Locators (example – www.google.com) into Internet Protocol Addresses (example – 173.194.75.103). Both types of addresses will take you to the same place, but most services are not accessed directly by their IP Address and rely on DNS to look up the correct IP Address. DNS also provides another mission-critical service: Mail Exchanger (MX) Records. These records tell other mail servers on the internet where to deliver inbound email for the domain. No DNS = no email = big problem! Until yesterday, GoDaddy’s Registrar, DNS, and Web Hosting services have been stellar. At SiteVentures, we have managed all of our clients’ domain names with GoDaddy for 10+ years and this is the first major outage I can recall. We also use Dyn.com to provide mission-critical DNS for the domains powering our Virtual Private Cloud servers and our Cloud Phone System. We use Dyn’s DynECT Managed DNS service for our clients’ critical domains as well. After yesterday’s outage, more businesses who rely on GoDaddy for all...

Dell announces intent to acquire Wyse

The leader of the PC revolution is buying the leader in thin-client computing. Dell announced it’s intentions to acquire Wyse Technology, a manufacturer of thin-client computing devices and software that allows end users to connect to IT services in the cloud. When paired with the use of cloud services, these thin-client devices replace the traditional PC in the workplace – and cost far less to operate in the long run. This announcement serves as further indication that businesses of all sizes should be considering a strategy that utilizes cloud-infrastructure. At SiteVentures, we’ve been migrating our customers to Virtual Private Cloud solutions built on the Amazon Cloud (aws.amazon.com), and outfitting end-users with Wyse devices for the desktop or mobile user. The overall experience has been excellent, both from our perspective as the service provider and from our clients’ position. We love NOT having to respond to costly end-user PC-related problems like hard drive failures or computer viruses, and our clients enjoy the 80% total-cost-of-ownership reduction at the desktop. In addition to the resiliency and on-demand scalability of the Amazon Cloud, we have built our service offering with our strong partnership with Microsoft to provide Hosted Exchange email services, the full Microsoft Office business productivity suite, and a familiar Microsoft Windows end-user Remote Desktop experience. For the various reasons explained in the articles linked below, this is a great move for both of these industry leaders. It’s also well-received by those of us that implement and own these devices, as the product development and customer support of these systems will surely benefit from the Dell powerhouse. Dell’s Announcement Forbes Article –...

Why is Two-Factor Authentication so important, especially now?

Two-factor authentication is a method of authenticating computer system users which requires the use of two or more authentication factors during the login process: something the user knows (a password or pin), something the user has (a hardware or software token), or something the user is (such as a fingerprint). For this post, we are going to discuss using a password/pin (something you know) and a token (something you have). The importance of two-factor authentication has never been more paramount as the frequency of business users connecting to corporate resources on-demand from multiple connected devices continues to rise. The simple fact is that obtaining a person’s username/password combination is not that difficult. Most I.T. professionals already know this. Surveillance and simple observation (looking over someone’s shoulder and watching them enter their login) is easy. Keyloggers (malware that records every keystroke), packet sniffers (software that records all data packets traveling on a network or via the internet), cracking tools, etc. are readily-available for download on the internet. The use of these tools and other malicious techniques is on the rise as more internet-connected devices and people join the global network. People don’t often think about this subject from these two perspectives: accountability and deniability. Accountability – From the corporate or employer’s point of view, you need to be able to hold people accountable for their actions while using corporate resources. With the ever-connected and on-demand network, it is practically impossible to truly secure corporate data from insider-employee theft. If a savvy computer user wants to send themselves the company customer list or a .pdf file of your latest product design, they’re probably going to figure out a way to do it; whether by using a web-proxy, web-based email, thumb-drive, etc....