Let’s face it. The private club industry is a bit behind many other market segments when it comes to implementing the latest technologies. This ‘technology lag’ is mostly the result of limited budgets and a tendency to focus on member amenities first, and infrastructure last. But there’s good news on the horizon in the form of several advanced technologies that offer clubs outstanding value at a reasonable cost. Let’s take a look.
Unified Threat Management (UTM)
Ever play the arcade game ‘Whack-a-Mole’ where you take a hammer and try to pound the little critters as they pop up all around the game board? Well, that’s pretty much what network security has become over the past decade—a game of trying to whack security threats as they pop up from a variety of sources. With the usage of the Internet by club employees growing in all departments, the number of security threats popping up is getting out of hand. And each threat must be addressed with a separate device that can be costly to purchase, and complicated to administer. Enter Unified Threat Management (UTM), a technology that combines a number of powerful security measures into a single, easy to manage, low total cost of ownership device.
UTM starts with a simple premise: “put the moat outside of the castle.” The moat is, of course, the network firewall. Not just any firewall, but a new type of device that includes several security measures that once were located behind the firewall—or “inside of the castle.” UTM demands that the firewall handle all of the security chores in one box, and locates all of those services “outside of the castle.”
The UTM device delivers traditional firewall capabilities to thwart hacker intrusions and, using an e-mail proxy, turns away malicious e-mail containing viruses, spyware, spam and phishing threats. But that’s not all. UTM also deploys a Web proxy that controls which websites can be accessed by network users, logs website usage by individual users, and blocks inappropriate website access by category (to avoid sites that are loaded with malware). But that’s not all (you should be envisioning the Ginsu knives by now). This robust device adds on Intrusion Prevention/Detection that senses attack patterns before they pass through the firewall and stomps them out. But that’s not all. Some UTM devices come with a virtual private network (VPN) manager that adds much-needed security to MS Remote Desktop, allowing club employees to access the network remotely without compromising security (see sidebar for more on VPN). And finally, these ingenious devices may even include link balancing, which manages multiple Internet connections through the single firewall—dramatically increasing the club’s bandwidth at a fraction of the cost while allowing portions of the total bandwidth to be allocated to specific tasks.
The cost of individually purchasing and managing all of these network security features is beyond the reach of many private clubs. But UTM devices put everything into a single, manageable box that most clubs can afford.
A New Dawn for Data Backups
Could there be anything more boring and over-discussed than data backups? Well, we won’t let that stop us because there’s actually something new and interesting here that most clubs have missed. That is, tape is out, and disk is in. Most private clubs back up to magnetic tape—an ancient technology that has changed amazingly little over its 30+ year life span. Tape has lots of shortcomings that should scare anyone using it, including:
- Tape is unreliable. It wears out with use, as do the record and play heads on a tape device. So it’s not unusual for backup tapes to come up scrambled or blank at the most inconvenient times.
- Tape is slow to record. Eight hours per day or more for many clubs. Lengthy recording times can create havoc when the club closes late and opens early, since ideally backups should be performed with all files closed.
- Tape is slow to restore. Thirty minutes or more to find an individual file and restore it. Hours or days to restore an entire hard disk.
- Tape is cumbersome. After a while the club’s database can grow to require multiple tapes to handle a complete backup. Plus someone has to juggle the tapes, keep track of which one backed up which day, etc.
Let’s see—unreliable, slow and cumbersome. Not a great resume for a backup medium that you are trusting to save your hide when the server crashes and the club’s data is unrecoverable. So what’s available that’s better? Disk. But not just any disk. Let’s take a tour of the latest disk options to identify which is best for your club.
Disk-to-Disk (D2D) – this option is just like tape backup but without the tape. You simply copy the files to a hard disk instead of a tape. The disks are removable so you can archive them like tapes. And the disks hold 80GB to 1 Terabyte or more for a surprisingly low cost. Backup and recovery is fast and easy, and disk technology guarantees high reliability. D2D costs about twice what a tape backup system does.
Disk-to-Disk-to-Tape (D2D2T) – this option combines the best qualities of disk and tape. The first step (D2D) is obvious. But the second step employs tape backup for archiving. The twist is that the taping can take place during operating hours because you are taping the disk backup—not the live system data. D2D2T costs about three times what a tape backup system does.
Disk-to-Disk-to-Online (D2D2O) – this option replaces the tape portion of D2D2T with an online backup service accessed over the Internet. The device includes a network disk storage box (250-500GB) that quickly and reliably backs up the system, and then automatically connects to an online backup service to transfer the data offsite. Two things make this option the most attractive of the bunch. First, it’s totally automatic, so it gets done every day with no excuses (i.e., no tapes or removable disks to load and keep track of). Plus, it’s cost effective—just 25-50 percent more than a traditional tape backup system for the initial hardware. However, there is a cost associated with online backup services. Luckily those costs are dropping fast, and are now down to as little as fifty cents per GB per month for a reliable, business-grade service. So overall, the cost of D2D2O is about three times the cost of a traditional tape backup system.
Virtualization
This technology is so smart and elegant that you have to wonder why everyone isn’t using it. In a nutshell, virtualization uses a software application to divide one physical server into multiple isolated virtual environments. These environments are sometimes called virtual machines, but they are also known as guests on the host server. Each guest runs on a virtual imitation of the hardware layer, which allows the guest operating system to run without modifications. For instance, a guest could run on NT 4.0 with an older DOS application—such as the club’s previous club management system—fully intact.
The guest has no knowledge of the host’s operating system because it is not aware that it’s not running on real hardware. It does, however, require real computing resources from the host, such as memory, disk space and the processor. Virtualization is most popularly available from major providers like Microsoft and VMware, but it is also available from a number of smaller companies. A free limited version of virtualization is available from some providers, as well as a more robust enterprise version for a fee. So why should you care about virtualization?
First, this advanced technology can save you scarce IT dollars by allowing you to reduce the number of physical devices needed to house your applications and data. A rule of thumb is: if you have three or more physical servers, you’ll save money with virtualization. Hardware maintenance will be less. Power consumption will be less. Heat generation will be less. The room needed to house multiple servers will be less. It all adds up to more bang for your technology buck.
Second, virtualization is the absolute best in providing fast and reliable disaster recovery. Better than tape. Better than D2D, or D2D2T, or even D2D2O (is that enough acronyms for you?). That’s because all of those methods only back up the data—not the applications and the operating system. Virtualization on the other hand captures it all, so you can restore the environment, apps and data all at once on any virtualized server with adequate resources. Traditional restoration methods have three steps: First, build the environment on a new server; second, reinstall all of the apps (good luck finding all of your old CD’s containing the original software plus all of the updates); and third, restore the data. At best this is a half day process. More likely, it’s a two-day ordeal that may not even be possible if the apps can’t be restored. Virtualization turns restoration on its head by getting it all done in a matter of minutes. You just locate a virtualized server with adequate capacity, and copy your virtual machine onto it. Voila, you’re back in business.
Virtualization delivers other benefits that increase its value even more. For example, say your club wants to keep its legacy club management system available for research and reporting purposes. You dedicate a server to that task, and spend good dollars keeping that fossil alive so you can make occasional queries to the database. With virtualization you can maintain that machine and all of its contents on a new and reliable host server, and not worry about maintaining a separate server.
Plus, individual desktop PC’s can be virtualized. If you like your old machine running Win2000 and some ancient apps, just make a virtual copy and install it on a host. When you log into that machine it will look and behave like you were back on your old PC. No worries about migrating old files from your existing PC to your new PC. Just take it all over to a virtualized host.
Of course, nothing could be this good without a catch. And here it is. Some older generation club management solutions won’t run in a virtualized environment. So before you get too excited about keeping your legacy beast alive virtually, make sure that your legacy vendor guarantees that those solutions will operate properly on a host server.
Bill Boothe is President of Northstar Technologies, Inc. a leading provider of club management software solutions. Prior to joining Northstar, Bill served as Director of Club Consulting Services for RSM McGladrey, Inc., the nation’s 5th largest accounting, tax and consulting firm. While at McGladrey, he has assisted more than 300 private clubs and resorts with the planning, evaluation, selection and implementation of computer technology in all facets of their operations. Bill can be reached at [email protected] and at (561) 281-0459.
Brian Warren is President and Owner of VersaTel Net, Inc. a vendor-neutral solution provider offering expertise in voice, data and video. Brian’s 15 years of professional IT experience, and his 10 years of work in the private club industry, makes him uniquely qualified to address the broad technological challenges facing clubs of all sizes. His industry experience is bolstered by a number of certifications including CHTP (since 2004), MCT, MCSE, MCNE and others. Brian can be reached at [email protected] and at (561) 630-1600.
Definitions
Terms from this article include:
Network Security: The terms network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers). Information security, however, focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of data loss prevention techniques. One of these techniques is to compartmentalize large networks with internal boundaries.
Remote Desktop Protocol (RDP): RDP is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer for an application sharing protocol.
Unified Threat Management (UTM): UTMs are all-in-one network security appliances that carry firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management, and centralized reporting as basic features. The integrated security solutions work in tandem to provide network security to organizations.
Virtual hosting is a method for hosting multiple domain names on a computer using a single IP address. This allows one machine to share its resources, such as memory and processor cycles, to use its resources more efficiently. One widely used application is shared Web hosting. Shared Web hosting prices are lower than a dedicated Web server because many customers can be hosted on a single server.
Virtual private network (VPN) manager: An extension of a private network, a VPN encompasses links across shared or public networks. VPN connections use the connectivity of the Internet plus a combination of tunneling and data encryption technologies to connect remote clients and remote offices.
Virtualization: Operating system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources among a large number of users. It is also used for consolidating server hardware by moving services on separate hosts into containers on the one server. Separating several applications to independent containers improves security, provides hardware independence, and adds resource management features.
Other Tech Trends
Remote Desktop, Meet your Bodyguard: VPN Management
The most common way for employees to access the club’s network from home is through Microsoft’s venerable Remote Desktop Protocol (RDP). The problem is, RDP let’s everyone else in, too. That’s because RDP resides behind the firewall and doesn’t ask for authentication until the user/hacker is already “inside of the castle.” The only thing standing between a would-be hacker and the club’s sensitive data is a user-created password, which can usually be broken straightaway by a readily-available password cracker. Plus, RDP is a service that runs on the club’s network. It can be accessed from any PC, and a simple firewall scanner can quickly identify the open port tied to RDP.
A virtual private network (VPN) management system does two things better than RDP alone. First, when a remote session is initiated, VPN management creates a secure encrypted tunnel before RDP is allowed through the firewall. VPN locks unwanted users out by requiring a small piece of software (a client) to be installed on the remote PC. That means a hacker can’t get through the VPN manager without access to the employee’s own computer. Second, a VPN manager issues a unique certificate to each remote user (included in the client) that is needed for access. Ex-employees with a grudge are easily locked out by disabling their unique certificate. And all of this is accomplished “outside of the castle” and within a UTM device.
Offsite Backup Services – What You Should Know
All offsite backup services are not created equal. Start by avoiding “consumer” services that offer bargain basement prices. These services use an indexing system to store your data, which works well if you only want to restore a file or two. But restoring an entire hard drive can be a nightmare. We’ve heard stories of clubs waiting up to ten days to receive their restoration files for a crashed server disk. Even with commercial-grade services, make sure that you receive a written guarantee that all of your files can be restored within 24 hours.
Next, take good care of your encryption key. This is a string of characters/digits (usually between 8 and 64) that runs the algorithm needed to “unlock” your encrypted data files. Offsite services encrypt your club’s data to provide assurance that your information cannot be read by service employees. Your encryption key may be given to you by the service provider, or better yet, your key should be something you have made up on your own. However, it’s up to you to keep a copy of your encryption key in case the offsite service loses it, or doesn’t store it for you. That means you need to write down or type out your encryption key and store it in a safe place that club management can access.
Digital Signage – On Its Way to a Club Near You!
This cool technology is a no-brainer for clubs looking to appeal to tech-savvy members by keeping them informed and engaged. Now appearing in club lobbies, outside of meeting rooms and in pro shops, these devices are starting to replace wall cases, easels and bulletin boards. What’s needed is pretty straightforward—flat panel TV, a networked (wired or wireless) digital player for each TV, and content management software. Figure about $2,000 per player and you’re up and running with today’s dynamic visual communication device.
Six Measures for Assessing Technology ROI
Is it worth it? That is a question asked daily by many people in many situations.
In the nonprofit and for-profit worlds, however, the question very often refers to any decision to make in investment in personnel, plant and property, or equipment, to name a few.
In the book “Managing Technology to Meet Your Mission,” edited by Holly Ross, Katrina Verclas and Alison Levine, Beth Kanter, in the chapter “Measuring the Return on Investment of Technology,” emphasizes that while technology has proved to be a huge help to many organizations, and will do so in the future, conducting a return on investment (ROI) assessment of technological additions can be extremely useful.
The financial analysis in an ROI check is more than subtracting expenses from projected income. An ROI process helps because:
• It quantifies the technology’s benefit to the organization’s mission by forcing the organization to quantify the benefits into monetary value.
• It provides the organization with important data, such as how much time it takes to complete a task.
• It helps start a discussion about change needed within the organization before the technology is purchased.
• It helps set priorities for an organization’s investments.
• It helps with forecasting staffing patterns and allocating available resources.
• It alters management and program staff perceptions of technology.
Reprinted with permission from The Nonprofit Times weekly e-newsletter. Visit www.nptimes.com to sign-up for a free subscription