Do’s and Don’ts for Hosted Exchange Migrations

Trends are trends, and the reason there’s often no stopping trends is because there’s a darn good reason everyone’s doing whatever it is. These days one such trend that’s got solid legitimacy behind it is moving from an on-premises Microsoft Exchange deployment to Exchange, and for most people it is nothing short of a huge undertaking. It’s often full of major issues along with considerations and decisions galore, and for a lot of people they won’t know what they’ve gotten into with moving to hosted Exchange until they’re well into the process.

But you’re going to do what you’re going to do, and especially if it’s something you feel you need to do. I remember when I was very young and my grandfather said to me ‘some birds do, and some birds don’t. Some birds will, and some birds won’t.’ I had absolutely no idea what on earth he was talking about but I stared up into the sky anyways. The few birds I saw were flying around being birds like any other and I remember thinking what is it they would or wouldn’t be doing in the first place.

But enough about that. Our discussion today is not necessarily about trends and about who is going to do what. It’s about getting your organization into Exchange Online and for some people it’s full of pitfalls that can make the whole thing far too unpleasant, especially if you have on choice but to continue on with it.

So here’s what we know about what you should do, and what you shouldn’t do.

Don’t underestimate the time required for moving the entirety of data over

A whole bunch of factors can make this a lengthy ordeal. How many users do you have? How much data does each mailbox have stored? Do you have bandwidth constraints? The list can go on. Migrating email to the cloud can take anywhere from a few days to several weeks. In fact, Microsoft can contribute one major slowdown of their own – a less-obvious protective feature of Exchange Online makes it so that inbound sustained connections are throttled in order to prevent system overwhelm risk. A noble aim, but it may have you getting frustrated pretty quick if you’re hoping to continue moving ahead with your migration.

However, once you’re up and running and fully in the cloud you’ll come to appreciate this defense line, which works to benefit the general subscription base. But when you are trying to ingest data you may have it slowing to a crawl. That’s just the way it is, and there may not be a way around so you’ll have to be patient.

Do use a delta-pass migration

A delta-pass migration rather than a strict cutover migration reduces time pressure on you down the line and further on into the migration. With delta-pass migration, multiple migration attempts are made while mail is still being delivered on-premises. For example, the first pass might move everything from Tuesday, Mar 1 backward and then another pass is made later in the week to move the “delta” — or changes — from that day through Wednesday, Mar 4, and then in succession until mailboxes are up to date.

This is a useful technique with each successive migration batch being smaller than the last and taking less time. Your users won’t lose historical mailbox data because theirs already holds their data.

Don’t skip configuring edge devices and intrusion detection systems to recognize & trust Exchange Online

Forgetting or choosing not to may mean your migrations are interrupted because your IDS thinks a DoS attack is happening. The fix though is that Microsoft makes available a regularly updated list of IP addresses used by all 365 services, and you can use it to configure your edge devices for trusting certain traffic flows.

Do start with running the Office network health and connectivity tests

Microsoft offers a comprehensive tool capable of alerting you to routing or latency issues between you and the Microsoft 365 data centers. Speeds, routing, latency, jitter, and more – all covered on your network connection to identify and isolate common issues that could lead to a lessened experience for Microsoft 365 users. This is particularly true for voice applications.

Do plan on implementing 2-factor authentication

A primary advantage to moving to Exchange Online and Microsoft 365 is how you are ablet to use all of the new security features available in the cloud. Tops of them of is the ability to turn on two-factor authentication. It will diminish your attack surface significantly as soon as you turn it on, and since Microsoft has seen to the rewiring of the directory and Exchange security model on its servers to make it work, all that’s required of you is flipping the switch and show your users where to enter mobile phone numbers.

An even better choice is to use the Microsoft Authenticator app to cut down on the security and social engineering risks of using SMS text messages. Now of course deploying Authenticator across thousands and thousands of phones can be difficult, especially with BYOD setups and environments geared for remote work where employees don’t have IT support on hand. SMS requires nothing from the end user and is done entirely by IT. So 2-Factor Authentication really is the better choice.

In a hybrid environment, don’t remove your last exchange server

Keeping at least one Exchange Server running on premises in order to manage users is a cardinal rule for Exchange users who’ve recently made their migration. It is possible to continue to use the Active Directory attribute editing functionality to manage recipients, but it’s not supported particularly well. At least not at this time.

It is preferable to use the Exchange admin console of your on-premises server to manage recipients in a hybrid environment, and without leaving an Exchange Server running in your on-premises deployment you can’t do that. Microsoft has said a solution for this should eventually be made available but even after all this time there’s been little progress toward solving that problem. Really is the only stain on Exchange as of this time, and it doesn’t take away from the overall advantages to it much if at all.

Managed Open Source Increasingly Driving Business Growth

Sharing the wealth is a pretty good rule to go by if you’re able to share it, and there’s been plenty of examples where if you don’t you end up with someone like Robin Hood who will share it for you. When it comes to the world of web development there’s never been any doubt about that, and that’s why source code is made available as open source as readily as it is. The widespread adoption has been of immense benefit to anyone who ‘builds’ anything worthy of mentioning for design and functionality.

Here at 4GoodHosting we’re like any good Canadian web hosting provider in that there’s some of us around here that speak Programmer, but there’s others that don’t speak it at all and that’s alright. Some weeks our entries here may be a little bit more digestible for the less web-savvy of you all, but this likely isn’t going to be one of them. If you’re a coder or if your someone who can appreciate what web development is doing for marketing and promotion capacities for your business then this is something that will be of interest.

Adopting new business strategies or implementing new technology is a proven effective way to grow and compete more effectively. More and more regularly it’s open source technology being tabbed as some seek a competitive edge and more of the latest innovations. A published survey not long ago found that 85% of enterprises reported using open source in their organization and in simple numbers adoption of the software really taken off over the last year. Almost half of these same teams are looking to rely more on open source in response to everything that’s changed (and they’ve learned) over the course of the COVID pandemic.

The Right Fit Now

You will be challenged to find anything around us that is NOT powered by open source today, from mobile phones to household appliances and more. Being able to build on the existing foundation of technology and not be hampered in making use of what you can to build your expansion on it is what open source is all about . Open source and permissive licenses give businesses real agility and the ability to move faster, experiment and innovate to be as competitive as possible in their space.

Open source is transparent and open to inspection, and as a result businesses benefit from the capability to utilize and process their own data independent of how it goes for a single vendor or a single product. Then add to that the open development model and contributions from small and large enterprises and a few select ‘big players’ like Amazon that make it so that open source is consistently at the very cutting edge of innovation.

One huge plus is that bugs in the code can be identified, diagnosed, and resolved quickly. Many have said this alone makes open source software more secure than any proprietary software. However it is true that open source can be more difficult to implement than proprietary software as it’s usually not so plug-and-play in the same way. In order to maintain it you will also need to keep on top of patches and updates.

Because open source software code is built for the community it does come with some challenges. The worldwide open source community doesn’t give direct support for individual businesses using the technology. There are forums, online guides, and elsewhere you can often look and find the information you need.

Add Management

And here is where managed open source enters the picture. It is an express solution to some of the key challenges associated with open source software and lets businesses obtain the best out of open source software without also having to take on responsibilities for maintenance. Managed open source providers handle implementation, maintenance, and security. This frees up the in-house developers to focus more on important work contributing to business growth rather than spending time ‘running things’ on either end.

Open Source and Cloud

It’s expected that the global public cloud infrastructure market will expand massively in 2021 with some expectations being around 35% growth and some $120 billion in sales. What’s driving cloud adoption is what is driving open source adoption in exactly the same way – business agility along with the ability to innovate and experiment at a speedier pace.

In the bigger picture businesses need to find a mix of solutions that fit them and their individual use-cases. For many businesses, that mix will include some combination of open source software and cloud technology. Implementing these technologies with the right support can promote growth, agility, and innovation. Businesses are coming to see how open source can help them and because this trend will continue if you do speak the language it would make sense to be brushing up on open source.

Siloscape: Newest Super Malware Arriving on Scene

No one needs to hear how Malware has become such more sophisticated and far-reaching nowadays, as the topics been beaten to death and everyone knows that cyber security experts are hard pressed to keep pace with them. Well, here we go again with one of the more menacing ones to come out of the void in more recent years. That’s Siloscape, named that way because this is malware that’s primary aim is to escape the container, and what better way than up and out.

To get technical, Siloscape is a heavily obfuscated malware built to open a backdoor into poorly configured Kubernetes clusters and then run malicious containers to go along with other sneaky and up-to-no-good activities. If an entire cluster is compromised the attacker gets served sensitive information like credentials, confidential files, or even entire databases hosted in the cluster. Experts are semi-jokingly comparing this to the novel coronavirus, as this malware bug is pretty darn novel in itself as there’s really nothing been like it before and that’s why it’s generating fanfare.

Unlikely to be as calamitous in the big picture as this darn pandemic though, which is a good thing.

All of this stuff tends to be fascinating enough for those of us here like it would be for any Canadian web hosting provider. Nature of the business and all, and while we have a formative understanding of web security practices there’s no one here who’d be able to pull up the drawbridge in any situation like this.

So let’s have a look at his Siloscape malware and lay out what you might need to know if you’re your own cyber security expert.

Cluster Buster

For anyone who might not know, the reason this is as serious as it is is because Kubernetes is one of the most popular open-source applications around, and for good reason. Containers have been wonderful and that’s why it’s unfortunate Siloscape is engineered to do what it does. So many organizations moving into the club are using Kubernetes clusters as their development and testing environments, and the threat of software supply chain attacks has to be seen as a huge threat.

Compromising an entire cluster is much more of a big deal than just an individual container. Clusters can be running multiple cloud applications and attackers might be able to steal critical information like usernames and passwords, an organization’s confidential and internal files or even entire databases hosted somewhere in that cluster. Then there’s also the possibility of leveraging it as a ransomware attack by taking the organization’s files hostage.

What You Need to Know

Some people don’t like sulfides, even though the foods that contain them tend to be good for your health. Onions are among them, and the reason we’re talking about foods here in any way is because Siloscape uses the Tor proxy and an .onion domain to anonymously connect to its command and control (C2) server. Knowledge is power when you’re going to defending against a foe, and so we’ll share more about what we know about Siloscape’s operation and what you might be able to be on the lookout for.

Siloscape malware is characterized by these behaviors and techniques:

  • Targets common cloud applications (usually web servers) for initial access, using known vulnerabilities (‘1-days’) and often ones that already have an existing working exploit
  • Uses Windows container escape techniques to get out of it and gain code execution on the underlying node
  • Abusing node’s credentials to spread in the cluster
  • C2 server connection via the IRC protocol over the Tor network
  • Waiting for further commands

It’s very likely that we’ll hear a lot more about this new malware in the coming weeks and months, and with all the recent news of major data hacks in the USA you have to hope that we don’t hear of it in one of those contexts.

A Fix?

Microsoft doesn’t recommend using Windows containers as a security feature, and recommend Hyper-V containers instead for anything that relies on containerization as a security boundary. Processes running in Windows Server containers can be predicted to have the same privileges as admin on the host – the Kubernetes node. If you are running applications that need to be secured in Windows Server containers then Hyper-V containers may be the safer choice.