Archive for the ‘Technology’ category

Microsoft public preview of Azure SQL Database Managed Instances – running SQL Server workloads in the cloud

March 10th, 2018

Microsoft released the public preview of Azure SQL Database Managed Instances – a new option for running SQL Server workloads in the cloud.

Managed Instances (or Azure SQL Database Managed Instances, are a new PaaS database offer that joins the Azure SQL Database and Elastic Pool services. Within this PaaS family, Managed Instances take care of operational aspects like ensuring: high availability, backups, and applying patches, making these simpler and less time-consuming to administer.

While many organizations have benefited from using Azure SQL Database for new applications, it has been a significant challenge to migrate existing workloads because of key functionality gaps versus on-premises SQL Server.

Managed Instances address that problem, by providing vastly improved compatibility. Organizations can therefore more easily migrate existing on-premises SQL Server workloads to the cloud while retaining many of the manageability benefits of a PaaS offering.

Managed Instances require less operational oversight compared to traditional on-premises SQL Server,. Use of the service however, doesn’t free you from the responsibility for checking availability or ensuring that security is configured appropriately. It also remains the DBA’s responsibility to optimize performance, and to handle other operational concerns like making sure jobs complete successfully, or general troubleshooting – its platform as a service. High availability, automated backups, point-in-time restore, automatic plan correction, threat detection, vulnerability assessment, and other intelligent features are built-in into service without any additional charge. OS patching and database upgrades are handled automatically and do not require any action.

In addition to built-in monitoring and maintenance features, you can use any 3rd-party tool to monitor and manage your instance, because most of the system views are exposed.


Azure SQL Managed Instance is not a service on public endpoint. Azure SQL Managed Instance is placed on private IP address in your VNET. It is just hosted and managed by Azure cloud.

Currently, Azure SQL Database PaaS has two main offers for the customers who use SQL Server database and want to migrate to PaaS:
1.Managed Database – isolated and self-contained database service that has database scoped functionalities.
2.Elastic pool – a group of Azure SQL databases that share the same resource.

However, current Azure SQL Database offers don’t provide entire SQL Server “Instance as a Service” as PaaS model. As a result, some of the instance-level features in Azure SQL Database PaaS such as SQL Agent or linked servers are not supported because they are not applicable on the database level.

Currently, the only way to get the full SQL Server instance in Azure is to use Azure SQL VM that handles underlying infrastructure (e.g. disks), but still not have some SQL PaaS features as Azure SQL Database.

Managed Instance is a SQL Server Instance in Azure cloud that shares the same code with the latest version of SQL Server Database Engine and has the latest features, performance improvements, and security patches. It has most of the SQL Server 2017 features (excluding some on-premise Windows features such as Windows logins or potentially harmful features such as extended stored procedures) and enables you to put almost any database that you have in on-premises SQL Server instance. Every instance is fully isolated from the other customer instance and placed in your dedicated subnet with assigned private ip addresses.

Security/Isolation. Managed Instance is a resource in your network hosted by Azure cloud. You have to create Azure VNET and a dedicated subnet where the instance should be deployed. There are networking constraints for the VNET/subnet that you should review before you create a managed instance.

There is no public IP address dedicated to the Managed Instance. Only applications in customer network can access Managed Instance. Network administrators have the full control and can configure access to Managed Instance using standard methods such as Network security Groups and firewalls.

Choose how many CPU cores to use and how much storage you need. You can create a Managed Instance with 16 cores and 500GB storage, and then increase or decrease these numbers depending on your needs. Changing CPU or storage in instance can be done via Azure portal using simple slider.

Managed Instance has split compute and storage components. There are compute nodes with 8, 16, or 24 cores, that work with database files stored on Azure Premium disk storage. Every database file is placed on separate Azure premium disk, that guarantees that database files cannot be lost. Although Managed Instance relies on Azure Premium disks, it also has separate backup mechanism that ensures that even if something would happen with the files, platform would still be able to restore files from backups.

SQL Server 2017 Cumulative Update 4

March 4th, 2018

Last month Microsoft released SQL Server 2017 Cumulative Update 4, which is Build 14.0.3022.28.

There are 55 hotfixes in the public fix list. Run the special T-SQL script in the release notes if you are using Query Store and previously ever had SQL Server 2017 CU2 installed (and you were using Query Store on any of your databases at that time). The script will look for any plans that were forced while you were running SQL Server 2017 CU2, and if it finds any, it will unforce those and then clear those from Query Store.

There are several updates both for Columnstore indexes and for Availability Groups.

There will not be any Service Packs for SQL Server 2017, so test and deploy SQL Server 2017 Cumulative Updates as they become available.

SQL Server 2017 and later versions will no longer receive SPs
The Modern Servicing Model (MSM)

Starting from SQL Server 2017:
• SPs will no longer be available. Only Cumulative Updates (CUs) and critical updates (GDRs) will be provided.
• CUs will contain localized content if it’s necessary as what SPs have done.
• CUs will be delivered more frequently at first and then less frequently: every month for the first 12 months, and then every quarter for the final four years of the five-year mainstream lifecycle.

Note The MSM only applies to SQL Server 2017 and later versions.

Earlier versions of SQL Server are not affected by this SP policy change. Service Packs (SPs) will continue to be provided for the reminder of mainstream support for SQL Server 2014 and SQL Server 2016.

February 24th, 2018

Dynamics 365 Finance and Operations Enterprise is Microsoft’s flagship cloud-based ERP system, Dynamics 365 for Finance and Operations is optimized to deliver improved global visibility, scalability and digital intelligence.


Financial dimensions



EAM, field service, IOT and Holo lens -ask Synergy Software Systems, Dubai

February 17th, 2018

The digital world is already here and what seemed science fiction few years back we now accept as everyday. Voice activated commands on our smear phone now also query our databases and update our dashboards, remote medical checks are done at an atm, artificial intelligence and big data influence our live every time we log onto google, amazon, facebook or ring a callcentre.

We have been investigating IoT for over a year, particularly with regard to condition monitoring for asset management and several of our team were involved in recent training that included a hands on session for Microsoft Field Services. This is built on the Dynamics 365 platform as an extension of CRM and offer comprehensive features for field service: help desk, engineer scheduling and mobile operations. Field service is aimed at service companies with a large field force of service engineers and is typically integrated with erp systems and thus the overall project can be quite complex. To reduce the risk and implementation time we offer a proven accelerator.

We also offer a Enterprise Asset Management suite which is successfully deployed in several leading UAE companies for a number of years particularly for asset tracking.

In Dynamics 365/2012 for Ax EAM also needs to consider that both engineers and equipment may be sued is production or on projects. Thus engineering and maintenance scheduling also has to consider in house planned and breakdown maintenance and servicing and more complex overhauls and asset structures, the impact of equipment downtime on production schedules and much more. We offer a Microsoft certified isv integrated suite of EAM modules built on the Ax 2012/D365 platform that covers both field service and mobile as well as in in house maintenance.

Predictive maintenance and SCADA integration and extensive condition monitoring., embedded and Power BI analytics are no longer rocket science.

At a recent client 4 day workshop we demonstrated HOLO lens assisted reality to support engineers. This can for example be used to provide step by step guidance or for collaboration from the field with an OEM a remote manufacturer, or your chief engineer.

“Meltdown” and “Spectre and azure.”

February 10th, 2018

Last month as reported on this blog, Intel revealed two critical vulnerabilities they found in Intel chips. These vulnerabilities allow cyber-attackers to steal data from the memory of running apps. This data can include passwords, emails, photos, or documents. Intel dubbed these as: “Meltdown” and “Spectre.”

Microsoft released a patch for Azure the very next day. Just as well because Microsoft Azure is a shared-computing environment by default. One server hosts applications and development of applications, and various Virtual Machines tap into the server to allow employees to and others to access these applications. As such, the Meltdown vulnerability allows an attacker to compromise the host and read all the data from every operating system tapping into it. Around 3-10 million physical servers host Azure, and these servers in turn host tens of millions of Virtual Machines. So impressively Microsoft developed deployed a patch for these vulnerabilities in less than a week’s time. Azure is a cloud-based application and so Microsoft could focus their security team to work on the cloud servers and only the cloud servers. This way, these millions of servers and users had a patch and all applications hosted on the Azure cloud-platform were immediately protected.

A good business case example for business to move to Azure cloud services.

Malware developers are still out there. German antivirus testing firm AV-Test reported 139 samples of malware trying to attack the Meltdown vulnerability in January to exploit those who have not patched.

Microsoft patched their cloud servers, but non-Azure users (as well as all Windows users, period) still need to apply their operating system patches to ensure complete protection. This is one vulnerability you definitely don’t want cyber-attackers to exploit, whether it’s your personal computer or your business’s server.

Microsoft Office 2019 coming soon but only on Windos 10

February 3rd, 2018

Microsoft launched Windows 10 in June 2015, two and a half years ago.

According to data gathered in January 2018, Windows 10 reached 42.78% in terms of worldwide internet usage, compared to 41.86% for Windows 7, 8.72% for Windows 8.1, and 3.36% for Windows XP.

Windows 7 – end of extended support nearing —January 2020
Office365 might be the jewel in the crown for Microsoft, but a new version of standalone Office has been announced for Windows 10. Office 2019’s desktop applications will only run on Windows 10 – and has shortened support.

In an update published on February 1st, the company revealed that the beta apps for the perpetual version of Office 2019 – as opposed to the subscription Office 365 – will appear in 2018’s second quarter and a final release will ship in the second half of the year.

When the software lands, it will only run on Windows 10 or the next Long-Term Servicing version of Windows Server. For Windows 10 users, only the Semi-Annual or Long-Term Servicing Channel editions of the OS will run Office’s apps.

In the past, perpetual versions of Office were released under the Microsoft Fixed Lifecycle Policy, with a term of 5 years of standard support and 5 years of extended support.Office 2019 will get the usual period of standard support, but just two years of extended support. That will mean the suite’s planned death day is October 10th, 2025. (Which is the same day on which Microsoft will end extended support for Office 2016.)

Microsoft said this is because “As the pace of change accelerates, it has become imperative to move our software to a more modern cadence.” Which is a bit inconsistent with news that Windows 10 Enterprise LTSC 2018 will land “in the fall of 2018” and get five years of extended support.

Another change Microsoft’s is to make Office 365 ProPlus, the business-oriented version of the service, available only on Windows 10’s semi-annual channel. As of January 14, 2020, Windows 8.1, Windows Server 2016 or older and Windows 10 LTSC releases won’t run ProPlus. Nor will unsupported Windows 10 semi-annual releases.

This will keep Windows 10 and ProPlus in synch for security reasons. Those companies that deliver ProPlus to virtual desktops or over remote access will have a chllenge. Later this year, “new Remote Desktop and desktop virtualization capabilities within the SAC release cadence of Windows 10 Enterprise and Windows Server.” Windows Server Insiders will see those changes before other users.

Office 2019 will add new user and IT capabilities for customers who aren’t yet ready for the cloud. For example:
New and improved inking features—like pressure sensitivity, tilt effects, and ink replay—will allow you to work more naturally.
New formulas and charts will make data analysis for Excel more powerful.
Visual animation features—like Morph and Zoom—will add polish to PowerPoint presentations.
Server enhancements will include updates to IT manageability, usability, voice, and security.’

Cyber attacks doubled in 2017 – expect 2018 to be worse.

January 27th, 2018

Cyber attacks on businesses nearly doubled in the past year. A new report, the Cyber Incident & Breach Trends Report, released by the Online Trust Alliance (OTA) found 156,700 cyber incidents last year, compared to 82,000 in 2016. The OTA is a Internet Society initiative designed to improve online trust.

The organization believes that since a majority of cybersecurity attacks are never reported, the number of cyber incidents last year could actually be closer to 350,000. “Surprising no one, 2017 marked another ‘worst year ever’ in data breaches and cyber incidents around the world,” said Jeff Wilbur, director of the OTA initiative at the Internet Society. “This year’s big increase in cyberattacks can be attributed to the skyrocketing instances of ransomware and the bold new methods of criminals using this attack.”

The OTA claimed that most of the incidents could have been prevented easily – 93 percent of breaches could have been avoided by regularly updating software, blocking fake emails, and training people to recognize phishing attacks.

52 % of security incidents were the result of an actual attack.
15 % resulted from a lack of security software,
11 % were caused by credit card skimming,
11% resulted from companies not having controls to prevent employees’ negligent or malicious actions,
8 % were the result of phishing scams.

Electron is a node.js, V8, and Chromium framework created for the development of cross-platform desktop apps with JavaScript, HTML, and CSS, The Electron framework is popular and widely used by a range of desktop app services. Skype, Signal, Slack, Shopify, and Surf are among the users, A critical vulnerability affecting Electron desktop apps has recently been disclosed.

Regular patching has always been a best practice and neglecting it is a known cause of many breaches.

In 2017 the Equifax breach brought home that message

In 2018 a patching strategy needs to be integral to your processes because of the Spectre and Meltdown vulnerabilities reported (see our earlier posts) when it was highlighted that nearly every computer chip manufactured in the last 20 years was found to contain fundamental security flaws.

Dynamics 365 v 9 Ask Dubai Dynamics partner Synergy Software Systems

January 22nd, 2018

Announced in July 2017 Dynamics 365 v9 was released for some new customers in November while existing D365 users will be able to upgrade from early 2018. This update is available for Dynamics 2016 (8.0), Dynamics 2016 UPD1 (8.1) and Dynamics 365 (8.2).

Version 9 is a mandatory update for customers using v8.0 or v8.1. This is in line with Microsoft’s update policy, which requires customers to be on the current version, or the immediate version prior to this release. With v9 being the current release, v8.2 is the previous update so system admins can choose not to take version 9.0 but remaining v8.0 and v8.1 users will be required to update.

v9 sees a fundamental change with a separation of code between the platform and apps. As well as delivering on Microsoft’s promise of an app-centric structure, this introduces a new unified user interface to provide a consistent D365 user experience across different browsers, devices and screen sizes. Dynamics 365 – Version 9.0 features a refreshed web interface, multi-select option sets, new virtual entity capability and introduces a new unified client interface.

This will be increasingly evident with the v9 release which sees Dynamics 365 break into modular apps that shift away from one platform with multiple modules hardwired in such as sales, marketing and service. With apps frequently changing and able to upgrade independently of each other, several insiders have predicted that Dynamics 365 users will see a continuous flow of improvements in a similar way that apps on a tablet or mobile device are updated.

By redefining the platform layer and breaking modules into role-based solutions for sales, finance & operations, customer service, talent, field service, to name just a few, this change will remove the need to test all at once and to upgrade everything in one big bang project. This will quicken release cycles and enable more rapid changes by allowing these apps to work independently of each other, and crucially these are all connected with a common data service.

Several legacy Dynamics CRM features will be deprecated with this release. In addition to the Outlook client, further deprecations included dialogs, contracts, mail merge and standard SLA’s. Some of those like dialogues will impact many clients

The deprecation of the Outlook client will also impact Excel dynamics worksheets.

Unlike the other mobile apps, the App for Outlook isn’t something that a normal end user can (typically) download and configure for themselves. A system administrator must take care of the deployment steps, such as switching over to server-side synchronization, approving user mailboxes (with O365 Global Admin rights) and pushing the app to either selected or all eligible users under the menu Settings – Dynamics 365 App for Outlook.

The Dynamics 365 App for Outlook in V9 is still in Preview mode, so a sysadmin needs to enable it from the System Settings – Previews tab. This is because the earlier app has been replaced with a completely new app in this release, built on UCI (Unified Client Infrastructure) that is used in the new Unified Interface. This will actually turn the previously feature limited Outlook sidebar app into a full Dynamic 365 Customer Engagement app that has similar capabilities as the mobile app mentioned above.

Microsoft has confirmed it has begun the scheduling process for upgrading instances of Microsoft Dynamics 365 to Version 9.0. v9 was rolled out in the closing months of 2017 for new instances of Dynamics 365 and will invite system administrators to run their Version 9 upgrade from February 2018.

Administrators should see a notification in the Office 365 Message Centre advising that their D365 update scheduling window is now open. Starting January 15, existing Dynamics 365 customers will be able to schedule updates to occur from February 20th through August 20th.

Microsoft intends to complete scheduled Version 9.0 upgrades by August 2018. v9.0 updates can be scheduled for any day, including weekends, but each date is limited to available bookings so admins are strongly recommended to schedule their update as soon as possible. Microsoft will allocate update slots on a first come, first serve basis.

Administrators will be able to schedule updates to sandbox instances before their production instance. View Sandbox and Production update schedules in a single view within the Dynamics 365 Admin Center.

If you have any questions about scheduling or preparing for this update then please get in touch with us.
At this stage, we do not have any timescale for when Microsoft will release v9.0 for its on-premise edition of Dynamics 365.

Dubai Dynamics Partner Synergy Software System receives appreciation award for another successful project

January 15th, 2018

A turnaround re-implementation project in Nigeria started in Oct 2017 went live on New Year’s Day thanks to an experienced team working flat out.

The customer appreciation for the consultants was confirmed by these individual awards.

The project also earned praise from Microsoft and Ax Pact.

Congratulation Synergy- Management and consultants and thank you for all your hard work and commitment to the project and the customer. Am so proud and thrilled of the below news

Thank you Synergy team for bringing this implementation on the right track
Thank you for your partnership, expertise and professional work implementing our technology the “right” way
Looking forward to more projects together.

If you are looking to implement Dynamics 365/dynamics Ax then why not try the Synergy way a Dynamics partner in Dubai since 2003 and a Microsoft partner since 1993. .

Meltdown and Spectre – why do these matter?

January 6th, 2018

One of the most basic premises of computer security is isolation: When you run somebody else’s code as an untrusted process on your machine, then you restrict it to its own tightly sealed test environment. Otherwise, it might peer into other processes, or snoop around the computer as a whole. A security flaw in computers’ most deep-seated hardware puts a crack in those walls, as one newly discovered vulnerability in millions of processors has done, it breaks some of the most fundamental protections computers promise—and sends practically the entire industry scrambling.

A bug in Intel chips allows low-privilege processes to access memory in the computer’s kernel, the machine’s most privileged inner sanctum. Theoretical attacks that exploit that bug, based on quirks in features Intel has implemented for faster processing, could allow malicious software to spy deeply into other processes and data on the target computer or smartphone. On multi-

Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.

Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.

It works differently from Meltdown; Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. This is a trickier one to pull off, but because it’s based on an established practice in multiple chip architectures, it’s going to be even trickier to fix.
user machines, like the servers run by Google Cloud Services or Amazon Web Services, they could allow hackers to break out of one user’s process, and instead snoop on other processes running on the same shared server.

It’s not a physical problem with the CPUs themselves, or a plain software bug you might find in an application like Word or Chrome. It’s in between, at the level of the processors’ “architectures,” the way all the millions of transistors and logic units work together to carry out instructions.

In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable. A huge variety of devices, from laptops to smartphones to servers, are therefore theoretically affected. The assumption going forward should be that any untested device should be considered vulnerable.

Not only that, but Meltdown in particular could conceivably be applied to and across cloud platforms, where huge numbers of networked computers routinely share and transfer data among thousands or millions of users and instances.

The one crumb of comfort is that the attack is easiest to perform by code being run by the machine itself — it’s not easy to pull this off remotely. So there’s that, at least.

On Wednesday evening, a large team of researchers at Google’s Project Zero, universities including the Graz University of Technology, the University of Pennsylvania, the University of Adelaide in Australia, and security companies including Cyberus and Rambus together released the full details of two attacks based on that flaw, which they call Meltdown and Spectre.

“These hardware bugs allow programs to steal data which [is] currently processed on the computer,” reads a description of the attacks on a website the researchers created. “While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.”

Both attacks are based on the same general principle, Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory, while Spectre steals data from the memory of other applications running on a machine. And while the researchers say that Meltdown is limited to Intel chips, they say that they’ve verified Spectre attacks on AMD and ARM processors, as well. With these glitches, if there’s any way an attacker can execute code on a machine, then it can’t be contained.

Meltdown and Spectre

When processors perform speculative execution, they don’t fully segregate processes that are meant to be low-privilege and untrusted from the highest-privilege memory in the computer’s kernel. That means a hacker can trick the processor into allowing unprivileged code to peek into the kernel’s memory with speculative execution.

he processor basically runs too far ahead, executing instructions that it should not execute. .

Retrieving any data from that privileged peeking isn’t simple, since once the processor stops its speculative execution and jumps back to the fork in its instructions, it throws out the results. But before it does, it stores those in its cache, a collection of temporary memory allotted to the processor to give it quick access to recent data. By carefully crafting requests to the processor and seeing how fast it responds, a hacker’s code could figure out whether the requested data is in the cache or not. And with a series of speculative execution and cache probes, he or she can start to assemble parts of the computer’s high privilege memory, including even sensitive personal information or passwords.

Many security researchers who spotted signs of developers working to fix that bug had speculated that the Intel flaw merely allowed hackers to defeat a security protection known as Kernel Address Space Layout Randomization, which makes it far more difficult for hackers to find the location of the kernel in memory before they use other tricks to attack it, but the bug is more serious: It allows malicious code to not only locate the kernel in memory, but steal that memory’s contents, too.

Tough Fix

In a statement responding to the Meltdown and Spectre research, Intel noted that “these exploits do not have the potential to corrupt, modify, or delete data,” though they do have the ability to spy on privileged data. The statement also argued that “many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits,” mentioning ARM and AMD processors as well.

Microsoft, which relies heavily on Intel processors in its computers, says that it has updates forthcoming to address the problem. “We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers,” the company said in a statement. “We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”

Linux developers have already released a fix, apparently based on a paper recommending deep changes to operating systems known as KAISER, released earlier this year by researchers at the Graz University of Technology.

Apple released a statement Thursday confirming that “all Mac systems and iOS devices are affected,” though the Apple Watch is not. “Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown,” the company said. “In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.”

Amazon, which offers cloud services on shared server setups, says that it will take steps to resolve the issue soon as well. “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices,” the company said in a statement. “All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours.”

Google, which offers similar cloud services, pointed WIRED to a chart of Meltdown and Spectre’s effects on its services, which states that the security issue has been resolved in all of the company’s infrastructure.

Those operating system patches that fix the Intel flaw may come at a performance cost: Better isolating the kernel memory from unprivileged memory could create a significant slowdowns for certain processes.

According to an analysis by the Register, which was also the first to report on the Intel flaw, those delays could be as much as 30 percent in some cases, although some processes and newer processors are likely to experience less significant slowdowns. Intel, for its part, wrote in its statement that “performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Until the patches for Meltdown and Spectre roll out more widely, it’s not clear just what the speed cost of neutering those attacks may turn out to be. But even if the updates result in a performance hit, it is a worthwhile safeguard: Better to put the brakes on your processor, perhaps, than allow it to spill your computer’s most sensitive secrets.

Spectre, is not likely to be fully fixed any time soon. The fact is that the practice that leads to this attack being possible is so hard-wired into processors that the researchers couldn’t find any way to totally avoid it. They list a few suggestions, but conclude:

While the stop-gap countermeasures may help limit practical exploits in the short term, there is currently no way to know whether a particular code construction is, or is not, safe across today’s processors – much less future designs.

Critical Server Patches for Meltdown and Spectre – processor bugs

January 5th, 2018

There is a set of critical bugs in our processors. There are two issues, known as Meltdown and Spectre.

If you haven’t been paying attention, a serious security flaw in nearly every processor made in the last ten years was recently discovered. Initially it was thought to be just Intel, but it appears it’s everyone. The severe design flaw in microprocessors allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.
On a shared system, such as a public cloud server, it is possible, depending on the configuration, for software in a guest virtual machine to drill down into the host machine’s physical memory and steal data from other customers’ virtual machines.

This is so serious CERT recommends throwing away your CPU and buying a non-vulnerable one to truly fix the issue.

There are two bugs which are known as Meltdown and Spectre. The Register has a great summarized writeup here – no need for me to regurgitate. This is a hardware issue – nothing short of new chips will eradicate it. That said, pretty much everyone who has written an OS, hypervisor, or software has (or will have) patches to hopefully eliminate this flaw. This blog post covers physical, virtualized, and cloud-based deployments of Windows, Linux, and SQL Server.

The fact every vendor is dealing with this swiftly is a good thing. The problem? Performance will most likely be impacted. No one knows the extent, especially with SQL Server workloads. You’re going to have to test and reset any expectations/performance SLAs. You’ll need new baselines and benchmarks. There is some irony here that it seems virtualized workloads will most likely take the biggest hit versus ones on physical deployments. Time will tell – no one knows yet.

What do you need to do? Don’t dawdle or bury your head in the sand thinking you don’t need to do anything and you are safe. If you have deployed anything in the past 10 – 15 years, it probably needs to be patched. Period. PATCH ALL THE THINGS! However, keep in mind that besides this massive scope, there’s pretty much a guarantee – even on Linux – you will have downtime associated with patching.
Information that you might want to review and decide how to patch your systems.

SQL Server Versions Affected

This is a hardware issue, so every system is affected SQL Server running on x86 and x64 .for these versions:

SQL Server 2008
SQL Server 2008R2
SQL Server 2012
SQL Server 2014
SQL Server 2016
SQL Server 2017
Azure SQL Database

It is likely that SQL Server 2005, SQL Server 2000, SQL Server 7, SQL Server 6.5 are all affected. No SQL Server patches are coming.

Note: according to Microsoft, IA64 systems are not believed to be affected.

SQL Server Patches

There is a KB that discusses the attacks. Here are the patches as of this time:

SQL Server 2017 CU3
SQL Server 2017 GDR
SQL Server 2016 SP1 CU7
SQL Server 2016 SP1 GDR
OS Patches

The Window KB for guidance is 4072698. Here are the OS patches that I’ve been able to find.

Windows Server (Server Core) v 1709 – KB4056892
Windows Server 2016 – KB4056890
Windwos Server 2012 R2 – KB4056898
Windows Server 2012 – N/A
Windows Server 2008 R2 – KB4056897
Windows Server 2008 – N/A
Red Hat v.7.3 – Kernel Side-Channel Attacks CVE-2017-5754, 5753, 5715
SUSE Linux – 7022512
Ubuntu – N/A

VMWare has a security advisory (VMSA-2018-0002) and patches. They have released:

ESXi 6.5
ESXi 6.0
ESXi 5.5 (partial patch)
Workstation 12.x – Upgrade to 12.5.8
Fusion 8.x – Updated to 8.5.9

When to PATCH – Immediately

If you have SQL Server 2017 or SQL Server 2016 running, then patches are available.

SQL Server (Windows) VM in your data center – Patch host OS or isolate SQL Server back on physical hardware. Check Windows OS for microcode changes.

SQL Server (Windows) on bare metal or VM, not isolated from application code on the same machine, or using untrusted code – Apply OS patches, SQL Server patches, enable microcode changes.

SQL Server Linux – Apply Linux OS patches, Linux SQL Server patches, check with Linux vendor

Note that when untrusted SQL Server extensibility mechanisms are mentioned, they mean:

R and Python packages running through sp_external_script, or standalone R/ML Learning Studio on a machine
SQL Agent running ActiveX scripts
Non-MS OLEDB providers in linked servers
Non-MS XPs

There are mitigations in the SQL Server KB.

When You Can Patch Later

If you have SQL Server 2008, 2008 R2, 2012, 2014 you’ll have to wait on SQL Server patches. They aren’t out yet. However, there are other situations that remove an immediate need for patching.

When You Don’t Need to Patch
If you are on AWS, they’ve patched their systems, except for EC2 VMS. Those need patches from you. AWS Statement

Azure is patched according to KB4073235. Guidance in ADV180002 says .This does not include VMs that don’t get automatic updates. You need to patch those manually.

Apple – If you’re running High Sierra, Sierra, or El Capitan, it looks like Apple took care of this back in December of 2017.


Chrome – It looks like Google is going to release a patch for Chrome later in January. See this link for more information.
Firefox – Version 57 or later has the proper fixes. See this blog for more information, so patch away!
Edge and Internet Explorer – Microsoft has a blog post . It looks like the January security update (KB4056890) takes care of that. So if you’re using either of these browsers, please update your OSes as soon as possible.

Details On the Exploits

Descriptions of the exploit, if you want to dig down and understand.

The Register
Ars Technia researcher blog

December 2017 release Dynamics Ax 2012 R3 – ask Synergy Software Systems

January 4th, 2018

The December 2017 release for the Dynamics AX 2012 R3 version is now available in LCS on the updates tile inside your R3 project.

This update has a number of smaller functional improvements and technical fixes.

Some important bugs are fixed in almost all areas of the software. This release is a cumulative package including all other fixes released in the prior CU13 update. This release is intended to give visibility into fixes recently shipped for R3, including some features and design changes that are newly released in this month.

• Primary Build: 6.3.6000.3475
• Number of Application hotfixes: 84
• Number of Binary hotfixes: 12

Ask Synergy Software Systems the oldest Dynamics partner in the UAE.

Dynamics Ax 2012 and SQL version compatibility – Synergy Software Systems your Dubai Dynamics Partner

December 27th, 2017

There are no plans to support Microsoft SQL Server 2017 with AX 2012 R3.

Management Reporter 2012 is also currently not compatible with Microsoft SQL Server 2017. When you try to install Management Reporter 2012 on SQL Server 2017, you receive this error:

The database deployment failed. Additional information: Microsoft.SqlServer.Dac.DacServicesException: Could not deploy package. —> Microsoft.Data.Tools.Schema.Sql.Deployment.DeploymentFailedException: Unable to connect to target server.

Management Reporter for Ax 2012 is supported with a minimum of SQL Server 2012 Standard Edition
We recommend you should be on SQL 2016 at least sp1, for both Dynamics Ax 2012 and for MR 2012.

SQL version – when should you upgrade – ask your Dynamics U.A.E. Partner, Synergy Software Systems

December 23rd, 2017

SQL Server for many years on a two-year release cycle. SQL Server 2017 arrived less than 18 months after SQL Server 2016 became available.

Since 2005 each release of SQL Server brings exciting new features and improvements to existing capabilities. Many organizations are running instances that are several versions of SQL Server behind.

To keep up with the latest SQL Server versions is a challenge, but risks losing mainstream support and missing out on beneficial features. Often database administrators must support multiple versions at once, and consultants face an even greater range of versions across their customers.

Microsoft has not committed to any specific release cadence for ersions of SQL Server. Many clients it seems are still running SQL Server 2008 R2. One reason why companies are hesitant to make the move off 2008 R2 is because of the change to per core licensing. The effort to test and to upgrade is discouraging, but it is best to do this on a planned basis than a reaction to a crisis..

It was a painful experience to upgrade from SQL Server 2000, but the compatibility gap between versions is much narrower once past 2005. To make upgrading easier, provides a tool called The Upgrade Advisor for each new version that will spot issues and provide a chance to resolve them before starting the upgrade process. Virtualization also makes setting up testing environments much simpler and quicker.

With each new version there are enhancements to T-SQL, improved availability and disaster recovery functionality, more security options, and additional ways to get better performance. 2016 service pack 1, was a game change – many previously Enterprise only features were ported down to more affordable editions.

Another consideration is support. It doesn’t take long to reach the end of mainstream support. SQL Server 2008 R2, for example, has been out of mainstream support since 2014. While it’s still in extended support, which will ensure security hotfixes, other support features are available only on a paid basis.

When you look at erp upgrades it makes sense to also review your SQL upgrade plans.

Data breach

December 5th, 2017

We have been asked to assist several companies targeted by ransomware ad phishing attacks in the last year.

The moments after you have experienced a breach are of the utmost importance and can significantly impact your organization and the effectiveness of an investigation.

How prepared is your information technology (IT) department or administrator to handle security incidents?
According to the Computer Security Institute, over 20% of organizations have reported
experiencing a computer intrusion, and common sense says that many more intrusions have
gone unreported. No matter how much detail you know about the network environment, the risk of being attacked remains.

Any sensible security strategy must include details on how to respond to different types of attacks. Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy.

There are clearly direct benefits in responding to security incidents. However, there might also be indirect financial benefits. For example, your insurance company might offer discounts if you can demonstrate that your organization is able to quickly and cost-effectively handle attacks. Or, if you are a service provider, a formal incident response plan might help win business, because it shows that you take seriously the process of good information security.

If you suspect a computer systems intrusion or breach, then Immediately Contain and Limit the Exposure – Stop the breach from spreading.
• Do NOT access or alter compromised systems (e.g., do not log on or change passwords).
• Do NOT turn off the compromised machine. Instead, isolate compromised systems from the network (e.g., unplug the network cable). If for some reason it is necessary to power off the machine, unplug the power source.
• Do NOT shutdown the system or push the power button (because it can sometimes create a “soft” shutdown), which modifies system files.
• Preserve logs and electronic evidence. A forensic hard drive image will preserve the state on any suspect machines. Any other network devices (such as firewalls, IDS/IPSes, routers, etc.) that have logs in the active memory should be preserved. Keep all past backup tapes, and use new backup tapes for subsequent backups on other systems.
• Log all the actions you have taken, including composing a timeline of any knowledge related to the incident.
• If using a wireless network, change SSID on the wireless access point (WAP) and other machines that may be using this connection (with the exception of any systems believed to be compromised).
• Be on high alert and monitor all systems.

Alert All Necessary Parties Within 24 Hours
All external disclosures should be coordinated with your Legal Representative. Potential agencies include local and national law enforcement, external security agencies, and virus experts. External agencies can provide technical assistance, offer faster resolution and provide information learned from similar incidents to help you fully recover from the incident and prevent it from occurring in the future.

For particular industries and types of breaches, you might have to notify customers and the general public, particularly if customers might be affected directly by the incident.

If the event caused substantial financial impact, you might want to report the incident to law enforcement agencies.

For higher profile companies and incidents, the media might be involved. Media attention to a security incident is rarely desirable, but it is often unavoidable. Media attention can enable your organization to take a proactive stance in communicating the incident. At a minimum, the incident response procedures should clearly define the individuals authorized to speak to media representatives.

Normally the public relations department within your organization will speak to the media. You should not attempt to deny to the media that an incident has occurred, because doing so is likely to damage your reputation more than proactive admission and visible responses ever will. This does not mean that you need to notify the media for each and every incident regardless of its nature or severity. You should assess the appropriate media response on a case-by-case basis.

Be sure to notify:
• Your internal information security group and incident response team, if applicable.
• The card associations and your merchant bank if the breach is part of a cardholder data segment.
• Your legal advisor

Maybe your auditors.
Maybe your insurers.
Maybe the authorities/police.

Synergy Software Systems support desk.

Consider what message you need to give to staff, and to your trading partners.
Update your policies and procedures, and tools.

Thank those who helped you – you may need them again.