Secure your business and enterprise IT systems with Multi Factor Authentication (MFA)

Duo Security Logo

When you’re looking for additional or enhanced options to secure you’re business and enterprise IT systems, MFA/2FA can help you achieve this. Get away from the traditional single password, and implement additional means of authentication! MFA provides a great compliment to your cyber-security policies.

Here at Digitally Accurate Inc, we’ve been using the Duo Security‘s MFA product in our own infrastructure, as well as our customers environments for some time. Digitally Accurate is a DUO Partner and can provide DUO MFA Services including licensing/software and the hardware tokens (Duo D-100 Tokens using HOTP).

What is MFA/2FA

MFA is short for Multi Factor authentication, additionally 2FA is short for Two Factor Authentication. While they are somewhat the same, multi means many, and 2 means two. Additional security is provided with both, since it provides more means of authentication.

Traditionally, users authenticate with 1 (one) level of authentication: their password. In simple terms MFA/2FA in addition to a password, provides a 2nd method of authentication and identity validation. By requiring users to authentication with a 2nd mechanism, this provides enhanced security.

Why use MFA/2FA

In a large portion of security breaches, we see users passwords become compromised. This can happen during a phishing attack, virus, keylogger, or other ways. Once a malicious user or bot has a users credentials (username and password), they can access resources available to that user.

By implementing a 2nd level of authentication, even if a users password becomes compromised, the real (or malicious user) must pass a 2nd authentication check. While this is easy for the real user, in most cases it’s nearly impossible for a malicious user. If a password get’s compromised, nothing can be accessed as it requires a 2nd level of authentication. If this 2nd method is a cell phone or hardware token, a malicious user won’t be ale to access the users resources unless they steal the cell phone, or hardware token.

How does MFA/2FA work

When deploying MFA or 2FA you have the option of using an app, hardware token (fob), or phone verification to perform the additional authentication check.

After a user attempts to logs on to a computer or service with their username and password, the 2nd level of authentication will be presented, and must pass in order for the login request to succeed.

Please see below for an example of 2FA selection screen after a successful username and password:

Duo MFA 2FA Prompt on Windows Login

Duo Security Windows Login MFA 2FA Prompt


After selecting an authentication method for MFA or 2FA, you can use the following

2FA with App (Duo Push)

Duo Push sends an authentication challenge to your mobile device which a user can then approve or deny.

Please see below for an example of Duo Push:

Duo Push Notification to Mobile Android App

Duo Push to Mobile App on Android

Once the user selects to approve or deny the login request, the original login will either be approved or denied. We often see this as being the preferred MFA/2FA method.

2FA with phone verification (Call Me)

Duo phone verification (Call Me) will call you on your phone number (pre-configured by your IT staff) and challenge you to either hangup to deny the login request, or press a button on the keypad to accept the login request.

While we rarely use this option, it is handy to have as a backup method.

2FA with Hardware Token (Passcode)

Duo Passcode challenges are handled using a hardware token (or you can generate a passcode using the Duo App). Once you select this method, you will be prompted to enter the passcode to complete the 2FA authentication challenge. If you enter the correct passcode, the login will be accepted.

Here is a Duo D-100 Token that uses HOTP (HMAC-based One Time Password):

Duo D-100 HOTP Hardware Token

Duo D-100 HOTP Hardware Token

When you press the green button, a passcode will be temporarily displayed on the LCD display which you can use to complete the passcode challenge.

You can purchase Hardware Token’s directly from Digitally Accurate Inc by contacting us, your existing Duo Partner, or from Duo directly. Duo is also compatible with other 3rd party hardware tokens that use HOTP and TOTP.

2FA with U2F

While you can’t visibly see the option for U2F, you can use U2F as an MFA or 2FA authentication challenge. This includes devices like a Yubikey from Yubico, which plugs in to the USB port of your computer. You can attach a Yubikey to your key chain, and bring it around with you. The Yubikey simply plugs in to your USB port and has a button that you press when you want to authenticate.

When the 2FA window pops up, simply hit the button and your Yubikey will complete the MFA/2FA challange.


What can MFA/2FA protect

Duo MFA supports numerous cloud and on-premise applications, services, protocols, and technologies. While the list is very large (full list available at, we regularly deploy and use Duo Security for the following configurations.

Windows Logins (Server and Workstation Logon)

Duo MFA can be deployed to not only protect your Windows Servers and Workstations, but also your remote access system as well.

When logging on to a Windows Server or Windows Workstation, a user will be presented with the following screen for 2FA authentication:

Duo MFA 2FA Prompt on Windows Login

Duo Security Windows Login MFA 2FA Prompt

VMWare Horizon View Clients (VMWare VDI Logon)

Duo MFA can be deployed to protect your VDI (Virtual Desktop Infrastructure) by requiring MFA or 2FA when users log in to access their desktops.

When logging on to the VMware Horizon Client, a user will be presented with the following screen for 2FA authentication:

Duo MFA 2FA Prompt on VMWare Horizon Client Login

Duo Security VMWare Horizon Client Login MFA 2FA Prompt

Sophos UTM (Admin and User Portal Logon)

Duo MFA can be deployed to protect your Sophos UTM firewall. You can protect the admin account, as well as user accounts when accessing the user portal.

If you’re using the VPN functionality on the Sophos UTM, you can also protect VPN logins with Duo MFA.

Unix and Linux (Server and Workstation Logon)

Duo MFA can be deployed to protect your Unix and Linux Servers. You can protect all user accounts, including the root user.

We regularly deploy this with Fedora and CentOS and you can protect both SSH and/or console logins.

When logging on to a Unix or Linux server, a user will be presented with the following screen for 2FA authentication:

Duo MFA 2FA Prompt on CentOS Linux Login

Duo Security CentOS Linux login MFA 2FA Prompt

WordPress Logon

Duo MFA can be deployed to protect your WordPress blog. You can protect your admin and other user accounts.

If you have a popular blog, you know how often bots are attempting to hack and brute force your passwords. If by chance your admin password becomes compromised, using MFA or 2FA can protect your site.

When logging on to a WordPress blog admin interface, a user will be presented with the following screen for 2FA authentication:

Duo MFA 2FA Prompt on WordPress Login

Duo Security WordPress Login MFA 2FA Prompt

How easy is it to implement

Implementing Duo MFA is very easy and works with your existing IT Infrastructure. It can easily be setup, configured, and maintained on your existing servers, workstations, and network devices.

Duo offers numerous plugins (for windows), as well as options for RADIUS type authentication mechanisms, and other types of authentication.

How easy is it to manage

Duo is managed through the Duo Security web portal. Your IT admins can manage users, MFA devices, tokens, and secured applications via the web interface. You can also deploy appliances that allow users to manage, provision, and add their MFA devices and settings.

Duo also integrates with Active Directory to make managing and maintaining users easy and fairly automated.

Let’s get started with Duo MFA

Want to protect your business with MFA? Give us a call today!

Got Battery Backup? Try the Eaton 9130 UPS and EBM!

Today we want to share with you an Eaton UPS and EBM (Extended Battery Module) we recently setup for one of our customers. This provides all their server infrastructure 3 hours of run time in a blackout! Additional EBM’s can be added to increase run-time significantly.

The Eaton 9130 uses double conversion to supply power to your equipment, and has an efficiency rating of over 95%.

In the configuration below, we used:

  • PW9130L1500T-XL
  • PW9130N1500T-EBM


Please see below for pictures:












PW9130L1500T-XL (Front)



Contact us for your Eaton and/or IT power requirements!

Sophos SG 230 UTM Firewall Upgrade

Sophos SG 230 UTM

This weekend, one of our customers had an aging Sophos UTM 220 which was reaching it’s end of life (EOF). The upgrade path for the Sophos UTM220 is the new Sophos UTM SG 230.

Here’s a few pictures of the unboxing and deployment:

Sophos UTM SG 230 Box

Sophos SG 230 UTM

Sophos UTM SG 230

Here’s the specifications on the SG 210 and SG 230:

Sophos SG 210 SG 230 Specifications


Digitally Accurate Inc. is a Sophos Partner providing hardware and services in Calgary, Alberta and Vancouver, BC. Contact us today!

We’re proud to announce our partnership with Red Hat Inc!

Red Hat Ready Business Partner Logo

We’re proud to announce our partnership with Red Hat!

Red Hat is the world’s leading provider of open source solutions, using a community-powered approach to provide reliable and high-performing cloud, virtualization, storage, Linux, and middleware technologies.

By adding this partnership to our growing network, we continue to establish and maintain ourselves as a leading all-encompassing turnkey IT solution and managed services provider for businesses. We differentiate ourselves from competition by managing and advising both on the business and technical aspects of information technology, where our competitors usually strictly focus on the technical.

Contact us today for more information!

The 10ZiG 5948q Zero Client, perfect for the power class user

10ZiG 5948q Zero Client

Today we present the 10ZiG 5948q Zero Client

10ZiG 5948q Zero Client

10ZiG 5948q Zero Client

We received two of these units last Friday (from the 10ZiG 5900 series) for demo purposes and internal use at Digitally Accurate Inc. These zero clients are perfect for corporate desktop virtualization, and these specific models are targeted for power class users who require high performance from their VDI environments. The 5948q achieves this by supporting 3 displays at 4K UHD, Gigabit Ethernet, and USB 3.0 ports.

For our demonstrations, we are using these zero clients with VMware Horizon View (the part number for the device with the VMware Horizon firmware is 5948qv).

10ZiG 5900q Series Box Shot

10ZiG 5900q Series Box Shot

The 10ZiG 5948q is small but sleek device, featuring the following:

  • 2 DisplayPort connections
  • 1 HDMI connection
  • 2 Hidden USB 2.0 Ports in the swivel base
  • 2 USB 2.0 Ports on the rear of the unit
  • 2 USB 3.0 Ports on the front of the unit
  • 1 USB 2.0 Port on the front of the unit
  • 1 X Audio Line-out, and 1X Microphone (Audio In)

Our specific unit shipped with 4GB of RAM, however they can be ordered with 8GB of RAM.

Some other highlights are follows:

  • Quad-Core Intel Pentium N Series N3710 (Based on the Intel Braswell Refresh CPU @ 1.6 -2.56 Ghz Burst)
  • Intel HD 400 Graphics
  • 7 USB Ports in all
  • Supports PoE
  • Centrally managed via the 10ZiG Manager (we’ll have more on this in a later post)
  • Optional 802.11 a/b/g/n/ac internal wireless

The 10ZiG 5948q specification sheet can be found here:

We were very pleased at how well put together these devices were (heavy metal feeling, no light plastic), and they are extremely visually appealing.

10ZiG 5948q Zero Client

10ZiG 5948q Zero Client

While we specifically purchased these for use with VMware Horizon View, they can also be used with Citrix, RDP, and Parallels RAS technologies, are all easily switchable with the 10ZiG Manager (deploy firmwares on the fly). You can also order the devices shipped with your firmware of choice.

Contact us today for a demo, or if you’d like to purchase any 10ZiG products!

Digitally Accurate Inc. is based in Calgary and Vancouver and is a VMware solution provider, and 10ZiG partner. Contact us for anything VDI related!

VDI Use Case Scenario – Machine Shops

VDI Use Case Scenario – Machine Shop

In today’s use case scenario, a machine shop has a requirement for many workstations with high-end compute and GPU requirements. Instead of spending a fortune on many high-end workstations and having those resources sit idle for a percentage of time, the company could implement desktop virtualization (VDI) with VMware Horizon View on HPe proliant servers with accelerated graphics using AMD MxGPUs. Then simply roll out 10ZiG Technology zero clients!

The result? A small fortune saved! In an environment with 20+ workstations, the company could realize up to 50% in cost savings.

Added Benefits:

  • Enhanced disaster recovery options (backup is done on the VDI server, new backup capabilities are added)
  • Higher up time (server has redundant systems, end user zero clients are easily swappable if failure occurs)
  • Reduce hardware management costs (zero clients require almost no management and have a very small support requirement footprints)
  • Reduce software management costs (easier to manage virtual desktops, less time spent resolving issues)
  • Resource over-allocation (No more idle CPUs or  GPUs. Allocate what’s needed from a shared pool of resources)


Digitally Accurate Inc. is a Calgary and Vancouver based VMware solution provider partner! Contact us today for more information on Desktop Virtualization, VMware vSphere, VMware Horizon View, or 10ZiG Zero Clients.

Elevated risk of cyber-attacks on the Oil & Gas (Energy) sector

Oil Pump Jack

While cyber-attacks aren’t anything new and are part of everyday business risk, the increased number of attacks against the Oil and Gas industry is alarming. Traditionally when companies get “hacked”, for the most part it’s software bots scanning the internet for companies that have unpatched servers or open security holes (for example, Equifax was hacked due to an unpatched Apache Strut vulnerability). When it comes to Oil and Gas, the stakes are higher, and so is the payoff. Hence, why more and more businesses in the energy sector are coming under attack.

When there’s a specific target the above methods are still employed, however there’s the added vector of the individual and human factor actually putting effort in to compromising the systems. The added human factor bringing potential social engineering, expertise, and putting all their effort into a single target, with sometimes numerous individuals, is what makes this so dangerous. Finally, actual hacker groups often have access to “0-Day vulnerabilities”. These are vulnerabilities that haven’t been discovered to which the software developer hasn’t created a patch for. These are often used when groups are specifically targeting an organization, person, or entity.

With the decline and recession of the energy industry from 2014 to 2017, numerous companies have reduced (and in some rare cases even completely cut) their IT budgets. This includes laying off staff which actively monitor these systems, changing IT providers, and even moving to external resources (such as cloud providers) so that the company doesn’t have to maintain their own systems.

This dynamic and changing approach to IT has had its own consequences. Numerous businesses have removed most of their IT infrastructure just because they have moved to the cloud, removing all their internal IT security systems which are still required no matter where their data is stored. These systems include centralized endpoint (computer) protection, perimeter protection (corporate firewalls and unified threat management systems), active monitoring systems (monitoring the environments and security), and the infrastructure that make all these systems work. Even though some of these companies now have small or no data on their actual physical network, their credentials have become very easy to compromise, which allows attackers to access their cloud resources. They’ve essentially stripped away numerous security layers.

The recent hack on Deloitte brings emphasis to the ease of compromising some cloud based systems. The attacker gained access to their Microsoft-hosted e-mail mailboxes by getting access to the main single administrative account (username and password) which controls everything. I firmly believe in general situations that staff actively monitoring these systems could identify and stop intrusions, even stopping them from ever occurring. I also believe it would have been a different story with everything on-premise, restricted behind firewalls, perimeter security, and the complexity of the attacker not knowing or being familiar with the internal corporate network.

In addition to the move to cloud resources to save costs, companies have changed IT providers for low-cost “discount” providers. These companies advertise as providing the same services that a company is accustomed to receiving but at a fraction of the cost. These providers often don’t provide the same services, outsource support/services to other 3rd party companies (sometimes in other countries), store sensitive information on 3rd party servers, and don’t take security seriously since they focus on the number/volume of their client base and not on the quality of their work. With the added pressure of clients restricting budgets, these companies can sell and implement incorrect solutions that are often sized for a different type of business. All of this contributing to their security vulnerabilities.

Traditionally, Oil and Gas has always been big bucks! As situations and issues have arisen, money was often thrown at these issues to resolve them, this also being true with their IT systems. Over years and years, management at these companies would rarely get involved, just paying bills expecting it to work. With the decline and recession in the industry, they just assumed that they could get the same service when switching to discount providers mentioned above or migrating to cloud based resources.

Oil and Gas has always had strict IT requirements. This is due to the sensitivity of the data, compliance requirements (with regulatory bodies, associations, health and safety), value of intellectual property, adhering to governmental privacy and information acts, and investments they’ve made in big data. Additionally, due to political factors and human factors (such as environmentalism), the industry has always been under heavy scrutiny for liability (which requires even more care in maintaining and protecting data and records). This all adds to the need to protect this data.

So here we are approaching Q4 of 2017 at a time when the industry is finally picking up. Cash is starting to flow, as well as the oil in pipelines, and with the growing cyber security risk on the rise, it’s a dangerous combination that businesses need to be aware of.

Businesses and organizations need to pay special attention to their IT systems. Management needs to be actively involved, educated, and asking relevant questions. When things don’t seem right, it’s for a reason.

Not having a proper budget or resources for IT is like removing the insurance policy on millions of dollars worth of assets and equipment. You wouldn’t do the latter, so why do the former. Why would you put your IT systems that run your business and operations at risk?


We’ve partnered with 10ZiG to provide cutting-edge Thin Client and Zero Client endpoint devices for the latest virtual desktop solutions.

10ZiG Partner Logo

Today we’re happy to announce our new partnership with 10ZiG10ZiG Technology provides cutting-edge Thin Client and Zero Client endpoint devices for the latest virtual desktop solutions.

We have exciting plans which include providing VMware Horizon View solutions and utilizing 10ZiG endpoints (zero clients) for end user connectivity. We also have a few special projects in the work which may include 10ZiG‘s technologies, so stay posted for those!

Please feel free to contact us for your virtualization and VDI requirements!


10ZiG Corporate Website:

Here’s to 11 years in business!

Today, we celebrate our 11th year in business anniversary!

We would like to say thank you to both our clients and vendors. Without these relationships and valued business partners, none of this would be possible!

For 11 years we have been providing IT Solutions and Services, as well as Managed Services to many different types and sizes of businesses in many different sectors. We’ve maintained and supported environments in multiple cities (from Calgary, Alberta to Carlyle, Saskatchewan), and multiple countries (from Canada to Australia).

Our Managed Services offering has helped our clients achieve their I.T. goals. We focus on quality, integrity, and high uptime to provide secure and feature rich solutions and environments. We also support these solutions and customers 24 hours a day, 7 days a week, and 365 days a year.

What makes this anniversary even more special is that it marks our expansion to Vancouver, British Columbia (as well as the Lower Mainland)!

Our new Vancouver mailing address:

Digitally Accurate Inc.
Suite 302
1350 Burrard Street
Vancouver, BC
V6Z 0C2

We can be reached by telephone at (604) 901-0140

We’d love to help you or anyone you know who is looking for IT Solutions and Services, so please don’t hesitate to contact us. We have a very attractive referral program in place!

Here’s to another year!

We’ve expanded to Vancouver, BC and the Lower Mainland!

Today, 10 days away from our 11th year in business anniversary, we’re happy to announce that we have officially opened our doors in Vancouver, BC and the Lower Mainland area.

For 11 years we have been providing IT Solutions and Services, as well as Managed Services to many different types and sizes of businesses in many different sectors. We’ve maintained and supported environments in multiple cities (from Calgary AB to Carlyle SK), and multiple countries (from Canada to Australia).

Today we expand to the lower mainland in beautiful British Columbia and bring with us our experience maintaining, supporting, and managing corporate IT Infrastructure!

Our new Vancouver mailing address:

Digitally Accurate Inc.
Suite 302
1350 Burrard Street
Vancouver, BC
V6Z 0C2

We can be reached by telephone at (604) 901-0140
We’d love to help you or anyone you know who is looking for IT Solutions and Services, so please don’t hesitate to contact us. We have a very attractive referral program in place!