Archive for December, 2017

Dynamics Ax 2012 and SQL version compatibility – Synergy Software Systems your Dubai Dynamics Partner

December 27th, 2017

There are no plans to support Microsoft SQL Server 2017 with AX 2012 R3.

Management Reporter 2012 is also currently not compatible with Microsoft SQL Server 2017. When you try to install Management Reporter 2012 on SQL Server 2017, you receive this error:

The database deployment failed. Additional information: Microsoft.SqlServer.Dac.DacServicesException: Could not deploy package. —> Microsoft.Data.Tools.Schema.Sql.Deployment.DeploymentFailedException: Unable to connect to target server.

Management Reporter for Ax 2012 is supported with a minimum of SQL Server 2012 Standard Edition
We recommend you should be on SQL 2016 at least sp1, for both Dynamics Ax 2012 and for MR 2012.

SQL version – when should you upgrade – ask your Dynamics U.A.E. Partner, Synergy Software Systems

December 23rd, 2017

SQL Server for many years on a two-year release cycle. SQL Server 2017 arrived less than 18 months after SQL Server 2016 became available.

Since 2005 each release of SQL Server brings exciting new features and improvements to existing capabilities. Many organizations are running instances that are several versions of SQL Server behind.

To keep up with the latest SQL Server versions is a challenge, but risks losing mainstream support and missing out on beneficial features. Often database administrators must support multiple versions at once, and consultants face an even greater range of versions across their customers.

Microsoft has not committed to any specific release cadence for ersions of SQL Server. Many clients it seems are still running SQL Server 2008 R2. One reason why companies are hesitant to make the move off 2008 R2 is because of the change to per core licensing. The effort to test and to upgrade is discouraging, but it is best to do this on a planned basis than a reaction to a crisis..

It was a painful experience to upgrade from SQL Server 2000, but the compatibility gap between versions is much narrower once past 2005. To make upgrading easier, provides a tool called The Upgrade Advisor for each new version that will spot issues and provide a chance to resolve them before starting the upgrade process. Virtualization also makes setting up testing environments much simpler and quicker.

With each new version there are enhancements to T-SQL, improved availability and disaster recovery functionality, more security options, and additional ways to get better performance. 2016 service pack 1, was a game change – many previously Enterprise only features were ported down to more affordable editions.

Another consideration is support. It doesn’t take long to reach the end of mainstream support. SQL Server 2008 R2, for example, has been out of mainstream support since 2014. While it’s still in extended support, which will ensure security hotfixes, other support features are available only on a paid basis.

When you look at erp upgrades it makes sense to also review your SQL upgrade plans.

Dynamics Partner- Dubai, U.A.E., G.C.C. Global – Ax, erp, CRM

December 20th, 2017

As we near the end of 2017 we look back on 25 years of partnership with Microsoft and 15 years as one of the oldest Dynamics global partners, and the longest established ,Dynamics certified regional partner.

For the last 10 years we have also been the regional representative for Ax Pact global projects.

Our Ax journey from Axapta 2.5, 3, 4, then Dynamics Ax 2009, 20012, RTM. R1, R2, R3, and now Dynamics 365 Finance and Operations Enterprise, as well as Dynamics CRM though all versions since v 3 ahs taken us across the world and into many verticals and international companies. Our experience encompasses Manufacturing Trading, Construction, Oil and gas, Financial services, Utilities, Education, Government, PSA, Retail ……. we have implemented our Dynamics Ax GCC localised HR and Payroll in more than 40 companies.
We currently have Dynamics projects running in KSA, Oman, Africa, and a dozen projects in the U.A.E.

Now we have the full Dynamics technology stack with which to support customers in their digital transformation to a more agile future at a time of disruptive innovation. Dynamics 365, , Power apps, Power Bi
Flow, Common data platform, Talent, and much more. The power of the new SQL databases and of the azure cloud platform , and Edge computing open up the world of IoT, Big data, predictive analytics, Mobile any time any where, Social media monitoring and integration, new means of collaboration from teams to Surface hub to Holo lens.

Its a brave new world ahead – let us help you charter a safe course, or join us in the journey as part of one of the best certified teams globally..

G.C.C VAT transitional arrangements

December 17th, 2017

A​bout ​two​ ​weeks​ ​ago,​ ​H.E.​ ​Khaled​ ​Al​ ​Bustani,​ ​Director​ ​General​ ​of​ ​the​ ​Federal​ ​Tax​ ​Authority
(“FTA”),​ ​announced​ ​on​ ​the​ ​radio​ ​that​ ​the​ ​UAE​ ​will​ ​treat​ ​movements​ ​of​ ​goods​ ​between​ ​UAE​ ​and​ ​the
Kingdom​ ​of​ ​Saudi​ ​Arabia​ ​(“KSA”)​ ​as​ ​“Non-GCC”​ ​Exports​ ​(ie.​ ​when​ ​goods​ ​are​ ​shipped​ ​from​ ​the​ ​UAE​ ​to
KSA)​ ​and​ ​“non-GCC”​ ​Imports​ ​(i.e.​ ​when​ ​goods​ ​are​ ​shipped​ ​to​ ​the​ ​UAE​ ​from​ ​KSA).​ ​

This​ ​means that a ​transitional​ ​period​ ​will apply until​ ​an​ ​Electronic​ ​Service​ ​System​ ​is​ ​introduced​ ​and​ ​both
UAE​ ​and​ ​KSA​ ​consider​ ​each​ ​other​ ​as​ ​“VAT​ ​Implementing​ ​States”. It seems likely that will be both when the full G.C.C has introduced VAT and the electronic reporting system is established across the region.

U.A.E. reverse charge mechanism

December 17th, 2017

In a normal supply transaction, an organization is required to pay value added tax (VAT) to the government on the supplies made to its customers.

In the context of the UAE, reverse charge is only applicable when purchases are made outside the UAE.

If all purchases are made locally, the reverse charge mechanism is not applicable. it applies when imports are made from outside UAE and the seller is from another country, which may or may not have a business in the UAE.

Since a seller does not have business in UAE, it will be difficult for the tax authorities to track these sellers or suppliers. Reverse Charge Mechanism eliminates the obligation for the overseas seller to register for VAT in the UAE. Hence, the buyers who are residents of UAE are made responsible to charge VAT on a reverse charge basis.

In the UAE VAT, the Reverse Charge Mechanism is applicable while importing goods or services from outside the GCC countries. Under this, the businesses will not have to physically pay VAT at the point of import.

The responsibility for reporting of a VAT transaction is shifted from the seller to the buyer; under Reverse Charge Mechanism. Here the buyer reports the Input VAT (VAT on purchases) as well as the output VAT (VAT on sales) in their VAT return for the same quarter.

The reverse charge is the amount of VAT one would have paid on that goods or services if one had bought it in the UAE. The importer has to disclose the amount of VAT under both Input VAT as well as Output VAT categories of the VAT return of that quarter.

So, this is the mechanism under which the recipient of goods or services is required to pay VAT instead of the supplier, when the supplier is not a taxable person in the member state where the supply has been made. The Reverse Charge moves the responsibility for the recording of a VAT transaction from the seller to the buyer of a good or service. Normally, the supplier pays the tax on supply (i.e.it is a sale order for the supplier) however in certain cases (IMPORTS), the receiver becomes liable to pay the tax, i.e., the chargeability gets reversed, which is why it is called reverse charge. The receiver (I,e, the buyer, will later sell on the goods to the end customer and will charge VAT on that sales value and will reclaim the VAT is has paid on import.

U.A.E. VAT registration time is running out……..

December 17th, 2017

Companies in the UAE that have not got their tax registration number (TRN) yet will have to procure it within the next 14 days.

Companies who have not completed their VAT registration within the dates prescribed by the Federal Tax Authority (FTA) will have to pay a fine worth Dh20,000 and also stop sales until they get the TRN or tax registration certificate (TRC).

U.A.E. VAT rates

December 9th, 2017

The Federal Tax Authority (FTA) has announced the supplies that will be subject to Value Added Tax (VAT) as of January 1, 2018.Selected supplies in sectors such as transportation, real estate and financial services will be completely exempt from VAT, whereas certain government activities will be outside the scope of the tax system (and, therefore, not subject to tax). These include activities that are solely carried out by the government with no competition with the private sector, activities carried out by non-profit organisations.

The UAE Cabinet is expected to issue a decision to identify the government bodies and non-profit organisations that are not subject to VAT.

VAT treatment on select industries:
Education
Private and public school education (excluding higher education) and related goods and services provided by education institution 0%
Higher education provided by institution owned by government or 50% funded by government, and related goods and services 0%
Education provided by private higher educational institutions, and related goods and services 5%
Nursery education and pre-school education 0%
School uniforms 5%
Stationery 5%
Electronic equipment (tablets, laptops, etc.) 5%
Renting of school grounds for events 5%
After school activities for extra fee 5%
After school activities supplied by teachers and not for extra charge 0%
School trips where purpose is educational and within curriculum 0%
School trips for recreation or not within curriculum 5%

Healthcare:

Preventive healthcare services including vaccinations 0%
Healthcare services aimed at treatment of humans including medical services and dental services 0%
Other healthcare services that are not for treatment and are not preventive (e.g. elective, cosmetic, etc) 5%
Medicines and medical equipment as listed in Cabinet Decision 0%
Medicines and medical equipment not listed in Cabinet Decision 5%
Other medical supplies 5%

Oil and Gas:

Crude oil and natural gas 0%
Other oil and gas products including petrol at the pump 5%

Transportation:

Domestic passenger transportation (including flights within UAE) Exempt
International transportation of passengers and goods (including intra-GCC) 0%
Supply of a means of transport (air, sea and land) for the commercial transportation of goods and passengers (over 10 people) 0%
Supply of goods and services relating to these means of transport and to the transportation of goods and passengers 0%

Real Estate:

Sale and rent of commercial buildings (not residential buildings) 5%
First sale/rent of residential building after completion of construction or conversion 0%
First sale of charitable building 0%
Sale/rent of residential buildings subsequent to first supply Exempt
Hotels, motels and serviced accommodation 5%
Bare land Exempt
Land (not bare land) 5%
UAE citizen building own home 5% (recoverable)

Financial Services:

Margin based products (products not having an explicit fee, commission, rebate, discount or similar) Exempt
Products with an explicit fee, commission, rebate, discount or similar 5%
Interest on forms of lending (including loans, credit cards, finance leasing) Exempt
Issue, allotment or transfer of an equity or debt security Exempt

Insurance and Re-insurance:

Insurance and reinsurance (including health, motor, property, etc) 5%
Life insurance and life reinsurance Exempt

Food and Beverages: 5% VAT rate

Telecommunications and electronic services:

Wired and wireless telecommunications and electronic services: 5% VAT rate
Telecommunications and electronic services:
– Sovereign activities which are not in competition with the private sector undertaken by designated government bodies Considered outside VAT system
– Activities that are not sovereign or are in competition with the private sector VAT rate dependent on good/service ignoring provider

Not for Profit Organizations:

Activities of foreign governments, international organisations, diplomatic bodies and missions acting as such (if not in business in the UAE) Considered outside VAT system
Charitable activities undertaken by societies and associations of public welfare which are listed by Cabinet Decision Considered outside VAT system
Activities of other not for profit organizations (not listed in Cabinet Decision) which are not business activities Considered outside VAT system
Business activities undertaken by the above organizations VAT rate dependent on good/service ignoring provider

Free zones:

Supplies of goods between businesses in designated zones Considered outside VAT system
Supplies of services between businesses in designated zones VAT rate dependent on service ignoring location
Supplies of goods and services in non-designated zones VAT rate dependent on good/service ignoring location
Supplies of goods and services from mainland to designated zones or designated zones to mainland VAT rate dependent on good/service ignoring location

Other:

Export of goods and services to outside the GCC implementing states 0%
Activities undertaken by employees in the course of their employment, including salaries Considered outside VAT system
Supplies between members of a single tax group Considered outside VAT system
Any supplies of services or goods not mentioned above (includes any items sold in the UAE or service provided) 5%
Second hand goods (e.g. used cars sold by retailers), antiques and collectors’ items 5% of the profit margin

The UAE and Saudi Arabia are the two GCC member countries which will implement Value Added Tax (VAT) Reform from 1st January 2018 whereas the remaining member countries will implement over the coming years.

According to the UAE tax officials, it is anticipated that the new tax reform will help to generate nearly Dh12 billion (around 0.8 percent of GDP) revenue in the initial year after the introduction of the VAT. It might increase to Dh20 billion (around 1.2 percent of GDP) in the succeeding year (2019).

Data security – how secure should we be?

December 9th, 2017

The back story to this is that a British politician (Damian Green) is presently in hot water for allegedly accessing porn on his gov PC. U.K> politician https://twitter.com/NadineDorries recently tweeted :

Nadine Dorries
✔ @NadineDorries

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!

10:03 PM – Dec 2, 2017 “

So Nadine is implying it could have been someone else on his PC using his identity.

So should politicians share passwords? What are the problems with doing so? So what about your own staff?
Well it seems the practice is widespread -read here for example: https://www.troyhunt.com/the-trouble-with-politicians-sharing-passwords/?utm_source=DBW&utm_medium=pubemail

It’s an interesting read, and certainly points out that the expediency for users to share a workload but it has plenty of downsides in accountability and auditing of actions.

I see little excuse for sharing security credentials in UK government – there are other solutions to handle this issue.

I am more sympathetic in real time environments, like hospitals, where the login process might literally cause a death in the event of a delay.

Authentication aside we often share data among individuals inside of an organization. Outside of sysadmins, not be many people really understand or consider who should have access, let alone who does have access, to some data.

Over time organizations tend to lean towards allowing an ever-growing number of people having access to data in file shares. Knowledge gives power to take decisions- functional silos are out ….but segmentation of duty, compliance, are the other side of the argument. In these days of self serve internet access and social connectedness people expect access to information.

While we might prevent database access and grant/revoke this at times, the output from our systems also often ends up in Excel sheets or other files, fg hard copy print out, and people that do not have direct access still see the data.

People may leave data lying around on desks or tacked to a wall or on printer, or just on screen in an open plan office to be viewed by passers by. Many do not log off or shutdown their pcs at night. Why? They have never been trained or told to do so, and there is no management oversight to enforce it.
The trend to BYOD means data leaves your premises and then you have no control over it. Removable usb devices, 0r just uploads to one drive or emails to a hotmail account are all possible holes in your security defences.

Credentials on a post-it stuck only your monitor? Server rooms that are not locked?

It’s not just your co-workers, but also janitorial staff, tradespeople, and others likely wander regularly through your office spaces.

Security is a tough battle, and most of the time we don’t need much more than good passwords. Most people don’t have the time or inclination to deal with their own data, much less yours. However, when an attack is targeted on your organization, from outside or within, it’s extremely difficult to ensure your data won’t get lost or corrupted.

There is no magic bullet. There are good reasons to limit access to data on our systems, not the least of which is auditing and accountability. Beyond that, inculcate users to exercise judgment about with whom they may share or to whom they expose reports and other data.

Data breaches and what it means for a Middle East Board of Directors

December 6th, 2017

The new wave of cyber-attacks does appear to be unstoppable. With the increase in data breaches across the world, the UAE holds the world’s highest increase in breaches. Data breaches in the region have risen by 20% from $4.12m in 2016 to $4.94m in 2017, according to a report by Ponemon Institute.

The Middle East also has the highest spend on data breach response, roughly costing $1.43m per organisation.
Early this year, approximately 15 government agencies and private institutions in the Kingdom of Saudi Arabia were attacked by the Shamoon virus. This was followed by a tidal wave of Wannacry and Petya ransomware attacks.

An IDC research states that organisations are expected to spend $101.6 billion by 2020 on security-related hardware, software, and services. Additionally, Gartner states that by 2018, 10% of all enterprise organisations will have adopted deception technologies into their security solutions. A board of directors must engage in a continuing balancing act between the cost of information security and potential risks.

Although information security is essential to corporate compliance with existing laws and regulations, directors are often required to focus less on ensuring “best security” in favour of “good enough” security. The lack of a clear definition of “best security” is largely responsible for this thinking.

What was previously viewed as good enough, will not keep up with the advanced or insider threats of today.

• Important messages that CISOs should communicate to their boards about the importance of focusing on information security:

Information security is now required, and disclosure is no longer solely at a company’s discretion. Between existing laws, insurance mandates, industry regulations, and shareholder demands, robust information security is now a corporate requirement.

• Information security is a significant corporate risk. It is nearly impossible to conduct any facet of a business today without a computer. As a result, the information that resides in an enterprise’s networks is the lifeblood of the business and if not protected, could result in financial damages and negative impact on the company’s brand. This makes information security a critical business issue. Any security strategy that does not include an adaptive security plan with in-network detection to detect attacks that have bypassed prevention solutions will result in a network breach sooner or later, if it hasn’t occurred already.

Some obvious things to consider:
- Policies, procedures, and awareness – Protection via data classification, password strengths, code reviews and usage policies
- Perimeter – Protection via firewalls, denial of service prevention, and message parsing and validation
- Internal network – Protection via transport layer security, such as encryption, and user identification and authentication
- Host/OS – Protection through OS patches and desktop malware
- Application – Protection through protocols such as single sign on (SSO) and identity propagation
- Data – Protection through database security (online storage and back up), content security, information rights management, message level security.

Do your systems still cater for the digital world of a mobile workforce with smart phones, BYOD social media, low cost, high capacity flash drives, and any time, anywhere connections?.

Data breach

December 5th, 2017

We have been asked to assist several companies targeted by ransomware ad phishing attacks in the last year.

The moments after you have experienced a breach are of the utmost importance and can significantly impact your organization and the effectiveness of an investigation.

How prepared is your information technology (IT) department or administrator to handle security incidents?
According to the Computer Security Institute, over 20% of organizations have reported
experiencing a computer intrusion, and common sense says that many more intrusions have
gone unreported. No matter how much detail you know about the network environment, the risk of being attacked remains.

Any sensible security strategy must include details on how to respond to different types of attacks. Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy.

There are clearly direct benefits in responding to security incidents. However, there might also be indirect financial benefits. For example, your insurance company might offer discounts if you can demonstrate that your organization is able to quickly and cost-effectively handle attacks. Or, if you are a service provider, a formal incident response plan might help win business, because it shows that you take seriously the process of good information security.

If you suspect a computer systems intrusion or breach, then Immediately Contain and Limit the Exposure – Stop the breach from spreading.
• Do NOT access or alter compromised systems (e.g., do not log on or change passwords).
• Do NOT turn off the compromised machine. Instead, isolate compromised systems from the network (e.g., unplug the network cable). If for some reason it is necessary to power off the machine, unplug the power source.
• Do NOT shutdown the system or push the power button (because it can sometimes create a “soft” shutdown), which modifies system files.
• Preserve logs and electronic evidence. A forensic hard drive image will preserve the state on any suspect machines. Any other network devices (such as firewalls, IDS/IPSes, routers, etc.) that have logs in the active memory should be preserved. Keep all past backup tapes, and use new backup tapes for subsequent backups on other systems.
• Log all the actions you have taken, including composing a timeline of any knowledge related to the incident.
• If using a wireless network, change SSID on the wireless access point (WAP) and other machines that may be using this connection (with the exception of any systems believed to be compromised).
• Be on high alert and monitor all systems.

Alert All Necessary Parties Within 24 Hours
All external disclosures should be coordinated with your Legal Representative. Potential agencies include local and national law enforcement, external security agencies, and virus experts. External agencies can provide technical assistance, offer faster resolution and provide information learned from similar incidents to help you fully recover from the incident and prevent it from occurring in the future.

For particular industries and types of breaches, you might have to notify customers and the general public, particularly if customers might be affected directly by the incident.

If the event caused substantial financial impact, you might want to report the incident to law enforcement agencies.

For higher profile companies and incidents, the media might be involved. Media attention to a security incident is rarely desirable, but it is often unavoidable. Media attention can enable your organization to take a proactive stance in communicating the incident. At a minimum, the incident response procedures should clearly define the individuals authorized to speak to media representatives.

Normally the public relations department within your organization will speak to the media. You should not attempt to deny to the media that an incident has occurred, because doing so is likely to damage your reputation more than proactive admission and visible responses ever will. This does not mean that you need to notify the media for each and every incident regardless of its nature or severity. You should assess the appropriate media response on a case-by-case basis.

Be sure to notify:
• Your internal information security group and incident response team, if applicable.
• The card associations and your merchant bank if the breach is part of a cardholder data segment.
• Your legal advisor

Maybe your auditors.
Maybe your insurers.
Maybe the authorities/police.

Synergy Software Systems support desk.

Consider what message you need to give to staff, and to your trading partners.
Update your policies and procedures, and tools.

Thank those who helped you – you may need them again.