Your IT-Systemhouse for your desired technology

IT-Security

IT-services like Internet, Internet security, E-mailing get more and more important in our everyday life.

That is why we think it is important to make the components, which ensure these services, fail-safe.

The final consumer should not notice a failure. If a firewall malfunctions there should be another one which immediately subs for the malfunction one. This area is one of the core competences of double-D-IT.

Nowadays good firewalls are able to filter applications in every detail. Exemplary would be Skye. The language of Skye is permitted while the Skye data transmission is prevented.

If you generally want to deactivate Webmailing independent on your provider then we can do that for you.

E-Mail-Security

E-Mails are one of our primary means of communication and will be come even more important in the future. This is the reason why we have to check our e-mail communication in regards to viruses, trojans and every other possible danger. In addition it is also very useful to use a spam-filter. Here you should be aware of the fact that every spam-filter has a different quality and you should only rely on the ones of high quality. Furthermore we also use external anti-spam-providers. This often happens with the use of fail-safe firewalls e.g. Sophos, Sonic Wall, WatchGuard,...




Fail-safe Firewalls

For a possibly smooth business we recommend to use a second firewall of the same system. This HA-Cluster can be active-active such as active-passive. Depending on requirements the services will be forwarded to both firewalls or only one firewall will be used. In the event of any failure the other firewall will be used. We use fail-safe firewalls from Sophos, Sonic Wall, WatchGuard,...




Datasecurity

Nowadays a simple virus scanner is insufficient. The threats get more complex and nearly invisible even for IT-experts. For this purpose we use virus scanners, which integrate into the firewalls. It means in effect that they are constantly communicating with the central IT-security device of the business.

Server and Client concepts

Classic server, client-concept

This model is a comparatively old one, which requires an installation on every PC. This framework approach concentrates on installing the program directly on the client computer. This has the advantage that every client PC has its own individual program installation. The disadvantage of this concept is that a change of place is not possible. A secretariat PC is prominent for this concept. In case of a failure the device has to be replaced by a model, which has the same program and system settings. A part of the data is saved local on the PC which can influence the backup-concept in a negative way.




Terminal server concept

This concept centralized manages the program installations. A client PC gets only a session that is embedded in the screen of the client PC. The advantage is that workplace change is easily possible. The screen of the session can be made on any Smartphone, I-pad, and on future computer systems. Through special Software optimizers, WAN accelarators, the Terminal Server screens can be passed through optimally on narrow-band Internet cables.




Virtual Desktop

A Virtual Desktop is the symbiosis of both versions. Namely the Server-Client and the terminal server concept. The result is an individualized desktop with properties of terminal servers.

Cloud Computing versus Inhouse

Cloud Computing

Nowadays it is nearly impossible to not think about resource conservation. A today new server landscape can tomorrow be everything put up to date. Consequently a server change is necessary. In a few cases it can be useful to be having an output buffering. These components should be taken in account when thinking about an Inhouse. To bypass the expenditure one can rent a place in a computer center. Here one can adjust the delivery as needed. This option is called Cloud Computing which basically means that you place your servers in a computer center. You can change the computer center at any time because there is no connection between the hardware and the virtual server..




Inhouse

The Inhouse solution is a server concept. Herr you can fin up to X serves in a cellar, a cupboard or other non specific places. In this case one has to bear the costs for the backup, the securing, data storage and all that is included. A technician is needed if a hard failure happens. The server system should report the current state to evaluate the data. Faulty behavior should always be taken serious and one should take prompt action.




Virtual or physical Server?

If you are building a new system today, the question arises whether the server operating system is installed on the hardware host server itself or if a virtualization software such as VM ware, XEN or Hyper-V is used. In individual cases, direct access to specific server components can be desired. The virtual system has three major advantages over physical installation. The first is the simplest and optimized backup option for virtual machines. The second is the snapshot option. You can define, modify, discard, or even paste the test scenarios at different times. This offers enormous advantages in the maintenance situation. It frees the physical server to upgrade, optimize or even repair. The normal PC user gets nothing from the process.

Backup-Service

Every IT-situation needs it own backup-strategy.

Classic Backup

The basis for this backup concept is the used server-technology. Data is saved on physical servers. There are 'real' database servers in service. In this case you need a classic backup-software, e.g. Symantec-Backup, Veritas or others where appropriate Agents are used.




Virtual Backup

A virtual backup in contrast saves the whole system. This means that the peripheral data plus the systems status is kept. Very often so called difference back up procedures are used to administer a daily backup.




Disaster Backup

To receive a valid disaster-recovery-backup the backup-technology is relevant. The aim of a disaster-recovery-backup is to mirror the main system. The approximation of the main system with the disaster-recovery-system is acquired through narrow-band lines (internet). In the virtual world the approximation is much easier as in a classic server-system.

Voice over IP (VoIP)

Telephone systems of today and in the future will only transfer voice over the network.

Internal VoIP with ISDN breakout

One type of transitional solution is the concept of internal VoIP external ISDN breakout. Here, the telephones are integrated into the network by means of LAN technology. The 2-wire bus technology that has so far often been used is no longer used in new systems. The transport of the voice data can be prioritized via intelligent switches to prevent possible noise such as rushing. The actual incoming and outgoing calls are made via classic ISDN connections.




VoIP in and extern (SIP)

The next potential design stage is almost basically identical to the previously mentioned system. However, incoming and outgoing calls are realized by means of SIP. This variant does not require explicit NTBA devices for the provision of voice channels. In the VoIP area, the voice channels (ISP trunk) are only limited by the bandwidth of the Internet connection.




Networks between branches

Two basic concepts are opposed here. On the one hand, there is the installation of a centralized telecommunication system (PBX) in the data center or the main branch office. All telephones, including those of the branch offices, are connected in a star shape with the central PBX. The approach makes sense if there is a manageable number of participants in the branch offices and, for example, flexible telephone numbers are required in all branches. The second concept is the decentralized PBX. It is often used when the branch offices are to have their own call pool and exceed a certain number of TC subscribers. The TK master system is continuously connected to all branch PBXs. Calls are cost free over the internet.

Branchbinding (VPN)

By the use of specialized Firewalls / Gateways it is possible to create Hardware or Software-VPN-tunnels.

VPN-binding between Master- and Slave-Firewall

The connection between individual branches can be realized by means of intelligent firewalls. Here it's not usually up to the manufacture. Modern firewalls, from different manufacturers, can be combined with each other. This procedure makes sense, if you want to use a special set of routing rules within the branch. If you need a network routing, this procedure is the right choice. However, keep in mind is that any firewall individually caused an administrative and maintenance expenses as well as license fees.




VPN-binding Master-Firewall and Remote-Ethernet-Device (RED)

Some firewall vendors offer devices that are capable of transporting the network routing rules of the master facility into the branch without this unit acting as a true firewall. The process does not require a firewall within the branch office. This results in considerable cost savings. The remote Ethernet device is managed via the central firewall. The automatically generated tunnel between the RED unit and the master firewall is a layer 2 tunnel. This can be used for a variety of matters, for example the telephone connection, monitoring, any kind of network connection can be transmitted.




VPN connection Data center remote Ethernet device (RED)

In the event you are running your servers in our data center, your branch offices need only a remote Ethernet device. They do not have running firewall costs and still enjoy a maximum of protection.

Bring your own device (BYOD)

Use your concentrated competence of your employees.

Centralized management of different devices

Modern gateways/ firewalls are able to control Accesses of devices. In general these accesses are able to connect with the internet and to allow or block special servers the access to the network. The advantage is that there is a centralized component, with which one can overview the current accesses. These management components are offered by companies like Cisco, Sophos, Lancom, WatchGuard and SonicWall.




Internet access control dependent on time and volume

If you want to give other devices a temporary access to the internet or other networks, modern Gatways Voucher can create a limit depending on time and volume. They can be easily created on your own. The Voucher will be handed over to the guest, who receives on the basis of the given criteria access to the network.




Placing of temporary Wifi-Networks with distribution to different Access-Points

Due to the use of a centralized Access-Point-management it is possible to add and remove Wifi-networks any time. The process only takes a few minuets. Therefore you can supply invisible hand-scanner, printer, smartphones or other devices, which you do not want to be visible for others. Furthermore complete, temporary structures for Wifi-networks can be invested, e.g. an access for special devices from a group of guests for training purposes. These networks can be placed so that they only have access on special resources As fast as they are created they can be removed. The Wifi-Networks can only be published on special Access-Points.




Mobile Device Management (MDM)

Through the continual advance of smartphones, tablets, phablets and all the other devices, it is nearly impossible to manage them all yourself. The separation of company-owned and private data is possible through e.g. container technology. The increasingly sensitive data on the devices need you to think about data and contact security and access control, from the outside, or an instrument be created to publish a corresponding rules and regulations on the devices. This should enable you to make changes on your Smartphone. In case of total loss, the unit can be used to delete and block the data of the Smartphone. An MDM can allow a considerable, long-time saving of time. Not every device requires the installation of connection properties in the company or certificates, but they can be pushed conveniently centrally on the devices. All that can be achieved in follow-up, after handing over a smartphone.

Qualification

The foundation of good IT is based on a structural network.

Classic IT networking

Nowadays a structural, frequently shaped typology is the measure of all things. This network is used for more and more components. Not only for computers, printers and servers used network technologies but in the future as well refrigerators, coffee machines, and all kinds of devices. An evaluation, control and analysis of the device will be possible from any place. All this is based on a well made IT high-quality cabling.




IT networking across with others

Different needs require different IT cabling. In the horizontal integration to work is a star forward, in the vertical, it often a point to point network. At any kind of networking you should not lose sight of the goal. Not every signal can be transported via fibre optic. This is the reason why one often finds a mixture of IT-cabling consisting of CAT and fibre networks.




Validation-, qualification of network structures

The mere laying of infrastructure is not enough for us. We have specialised line attenuation, impedance in glass fibres, junctions of wires, instruments sensitive performance checks and reflections on lines which can be visualized. Simple mistakes such as open or poorly connected cables can be easily recognized. More complicated it gets by the failure of the quality of management, so that the signal is significantly impaired but not capped.




Performance check in the IT infrastructure

We have the measure technology to check whether your existing IT wiring complies with the current technical performance status. So it may be to the example occur that a defective network card causes a high potential in the system and weak the entire system, in its performance. Such mistakes are difficult to locate, because they may only occur under circumstances if the defective device is active. We can in a short time very effectively perform these checks. In addition we can highly effective recognize another failure of the same kind later.




WiFi illumination with access-point optimization

Do you need a professional WiFi illumination of your Office, your Hall or your open space? Then we can offer you our services. Please keep in mind that an unfavourably placed access point does not only provide a bad data throughput rate, but any way a needlessly high error rate, in which you can create communication and this in turn affect many participants.