Mick Huxley

Social Media Infographic

Haven’t blogged in a while and will get back to it at some point.. but this was worth a post..

DashBurst – Your Guide to the Web & Social Media

Will Windows 8 Be A Flop??

It seems about the right time to write a follow up piece.  The previous post in this series, “Why Windows 8 Will Be A Flop!!”, invoked a variety of follow up posts. 

Firstly from Ashley Knowles with “Windows 8 – to be or not to be?”, which, from where I sat, was a very similar article to mine, however where I focused on the negatives, I think Ashley offered a more balanced approach. 

Secondly from Alan Burchill, an MVP, who penned “Why Windows 8 is NOT going to be another Vista”. His was an article which I found particularly peculiar because of one sentence: Alan opens and mentions both Ashley and My post along with a ZD Net article by Steve J. Vaughan-Nichols entitled “Five Reasons why Windows 8 will be dead on arrival” and then goes on to say “What is totally perplexing to me is that people seem to have made up their minds about the new OS before they have even used the final product.” The article then continues, along the lines of the title, to defend Windows 8.  Sorry Alan, but looks like you made up your mind on this product as well, you just have a different opinion to the rest of us.

Along with these posts, I think I can say that I did open up a technical debate amongst IT Pros on twitter that is probably the biggest I’ve seen.  I managed to annoy a lot of people, battle lines were drawn and at the time I decided it best to let sleeping dogs lie, rather than write a further reply, get people onto Coal Face Tech to discuss or further fuel the debate too much.  I thought this was important mostly because I tend to agree somewhat with Alan’s statement quoted above: It’s pre-release and there was (and still is) plenty of time for things to change. 

So why post again now?? Well, a few things have changed since my last post.  I began to use the Consumer Preview on my everyday work machine, and then last week Release Candidate arrived.  To start I want to look back at the 5 failures I identified previously and see what’s changed.

Failure #1 – Device Support

I stated that, somewhat like Vista which required us to update hardware, Windows 8 will work best with new hardware.  Whilst, Windows 8 runs perfectly well on the same hardware I was running Windows 7, it begs for a touch device.  The ability to open the charms menu with the mouse (especially on a multi monitor setup) is difficult.  Trying to power the OS down is even harder.

Yet device support, whilst a way off, does look to be coming.  In a CNET article recently by Seamus Byrne, titled “Dozens of touch Ultrabook designs for Windows 8”, it looks as if already touch enabled Ultrabooks are coming, albeit slowly.

Whilst this is good news, is this OS still ahead of its time?  Are too many people, myself included, going to run it on a traditional device and suffer our way through this?  Keep this in mind when watching the YouTube video I’ll mention later.

Failure #2 – Ease at home

I see no real difference in what I wrote here previously to my current views so let’s leave this one.

Failure #3 – The Big One – The Anti-Trust Case

Again this still hasn’t changed a great deal.  I stated that whilst Apple are including more and more apps in OSX, Microsoft are failing to provide any apps of much use by default.  Calendar, Mail, People, Sports, Store, Video, Travel, Weather these apps aren’t anything special and certainly not anything like some of the apps we are seeing included in OSX, Time Machine, Twitter, Facetime to name a few. 

I stand by what I wrote previously; find a way to give users a full Office experience in the OS bundled with photo and video editing software.  Not a live download, there ready to go.  I can’t see this happening but it should.

Possible Failure #4 – 1 OS

Notwithstanding the WOA vs Windows platform debate, let’s look at this whole 1 experience.  Today I can purchase a Samsung Series 7 Slate for ~$1300 AUD or an Acer W501 for ~$1000 which will run Windows but are either as slick as the top of the line iPad which is ~$900 and does as much as I want in a device of that form?

This 1 OS failure, which I listed as a possible failure for a good reason, given time, could be the best move Microsoft has made in this space.  App portability could be a big point in the future, unless HTML 5.0 takes over the world.  

One point worth making here, as mentioned above is.. look at what can happen when the tablet and desktop OS is combined.  http://www.youtube.com/watch?v=v4boTbv9_nU

I will concede that this video is very targeted and possibly slightly biased, however, having worked in organisations with a diverse workforce from tradesmen in the bush who rarely sit at a computer to highly technical folk, such as the people who read this blog.  I can state that people will be heavily confused by these changes.  In the coming weeks I plan to undertake a similar exercise and introduce my parents, whom had no issues with Windows 95, Office 2007, Windows 7 or even my iPad to Windows 8 and see if they are the same.  I’ll keep you updated on how this goes.

Failure #5 – The Enterprise

I still need to find a good reason for an Enterprise to move to Windows 8.  Much like Windows XP is still embedded in many organisations, I can see Windows 7 hanging around for some time yet.  Will BYOD impact the uptake of Windows 8 in the enterprise?  I cannot answer this question.  What I can say, having used it for a while at work, I can’t see any real benefit to moving from Windows 7.

Final Thoughts.

At this point, having used the OS for a few months, what can I say?  Firstly; Hyper-V on Windows 8 is great, but is a client OS.  Microsoft need to add the option for a NAT’d network connection.

I spend the majority of my day in the desktop and not in Metro, so I don’t see a lot of the features of Windows 8. 

The search is massively improved, hitting start and typing to find an app is lightning quick, compared to Windows 7 or Spotlight search in iOS. 

Metro has a downfall too: whilst the concept of a Chromeless window is great for full screen apps, and a PDF reader in the OS is awesome, the snap left and right are so limited if you want to spend any time looking at a PDF and a document both half screen, forget it. 

Live tiles are great, but how much time are you going to spend looking at them?  I’d prefer to have my weather forecasts in Outlook somewhere; I spend time there.  Whereas tiles on the phone are great: you often grab the phone in meetings and sneak a peek, on the start screen I rarely look at them.

I like that Flash is included in Metro IE

But the question sure to be on everyone’s lips… Will Windows 8 Be A Flop?  I still say yes.  I can’t see this OS grabbing the home or the enterprise with any aggression, and if it’s not selling it’s a flop, regardless of whether it’s actually any good or not.

Why Windows 8 Will be A Flop!!

I asked the question on twitter the other day, I’m @thehuxman if you wanna follow me, whether I should start blogging again and the response was some what positive.  So here is the 1st return post in a while and I hope is sparks some thoughts in you all.

As the host of Coal Face Tech (www.facebook.com/coalfacetech) I stated in Episode 23 that I believe that Windows 8 will be a flop.  The episode should be released shortly after this blog post is written.  I have a number of reasons for this statement and it’s not one that I have made lightly.  Here is my thoughts on the potential failures that I can foresee in Windows 8 and some changes that could help to give it some hope.

Failure #1 – Device Support

Somewhat like Microsoft’s ugly step child, Windows Vista, the hardware that will really make Windows 8 sing isn’t available.  In Vista this was due to performance, the OS simply required too many resources.  Combine this with the new Driver requirements from Kernel changes and older hardware often never had a chance.  Was this entirely Microsoft’s fault?? Yes and No.  The codebase was not very refined and the resource requirements where ridicules.  Remember that we were mostly running a 32-bit OS pre-vista and machines with greater then 4GB of memory were the rarity not the norm.  At the same time Microsoft weren’t to blame if OEM’s didn’t update drivers.  Despite this a number of frustrated users were angry that Microsoft would make such drastic changes that render their hardware useless under Vista. 

So what devices are needed for Windows 8?  Touch devices.  The Metro interface, new start screen, application switching by dragging from side of screen, live tiles (just like the Windows Phone) are great when moving around with big fat fingers.  Touch has always been an area that Microsoft was lacking in previous versions of the OS and it looks that in Windows 8 they are looking to improve this.  But other then the new shiny Metro apps with buttons big enough for fingers how does the OS perform on the mainstay stage, the mouse and keyboard?  Not well enough in my opinion.

This year at CES we saw it as the year of the Ultrabook (http://en.wikipedia.org/wiki/Ultrabook) and these devices look great.  But none of them are touch devices. 

For my mind the touch device that will make Windows 8 sing is a dockable slate similar to the Fujitsu Stylistic (http://www.fujitsu.com/au/products/pc/tablets/stylistic/q550/features.html).  A slate that is essentially a complete laptop replacement that can be used as a slate on the run, and docked as a workstation when returning to the office.  Complete with 2-3 monitor support, 4-5 USB ports and perhaps even an optional optical media drive in the dock.

Even with this type of hardware the question of ease of interaction with a mouse and keyboard remains.  Certainly the gestures on the Microsoft Touch Mouse (http://www.microsoft.com/hardware/en-us/products/touch-mouse/microsite/) would help… but they are not there yet.

Failure #2 – Ease at home

The biggest draw card away from a Windows environment in the home is in some aspects the biggest draw card to it.  The inter-device relationships, whilst allowing almost complete flexibility in Windows are often seen as too complex.  I have many, less technical, friends who are quiet happy in the home with an Apple TV, a Mac and an iPad, rather then a Windows PC.  This is due to many reasons, but the simple catch cry I hear from all of them is that Apple “Just Works”. 

I will admit that Apple devices work fantastically together and most are happy with the Vendor lock in.  Unfortunately I have found the choice of devices with Windows and DLNA simply baffles most and being able to simply plug their Apple devices together is a dream of simplicity. 

There is also the common misbelief that updating Windows devices every month is over the top and difficult.  Whilst this is less true today, I certainly have no issues with everything on Auto-Update, Microsoft is paying for the crimes of the past and it will take some time to shake this stigma

Failure #3 – The Big One – The Anti Trust Case

Remember the Anti Trust case that Microsoft faced?? (http://en.wikipedia.org/wiki/United_States_v._Microsoft)  All of this was simply about including IE in Windows.  IE, an internet browser, who’s competition, Mozilla (www.firefox.com) and Opera (www.opera.com) and others, gave their product away for the price of $0.00 FREE!!!

The Anti Trust case, in my opinion has scared Microsoft and it’s OEM partners.  Yet such as case has never been bought against Apple for bundling Safari, or a twitter client, or iCAL, or iChat or Facetime or Time Machine or Address Book and so the list goes on.  The advantage here is that when it comes to OS X, for the home user most of the applications they are going to want, or need, are there in the box When they’re not the Mac App Store is just a click away.  Yes I am aware of the Microsoft Store in Windows 8, I’ll get to that in another post.

Ever see driver issues on a Mac?? Of course not a closed ecosystem ensures that is not the case.  Microsoft can simply not compete with this.

What Microsoft need is their OEM’s to start putting apps on the box for the customer, or better still, do it by default in Home Editions of Windows.  The Live suite is a fantastic set of apps.  Yet few people would know you can connect Messenger to Facebook Chat, probably Skype soon as well.  The photo gallery app, can look for faces and tag them automatically.  The application I’m using right now Live Writer is great for blogs.

Further more they need to include Office with every copy of Windows sold outside the corporate environment.  The number of programs that enable users to get Office for almost nothing are plentiful.  There is the Office University Program (http://www.microsoft.com/student/office/en-au/default.aspx), the Home and Student Program (http://office.microsoft.com/en-au/home-and-student/) and the Home Use Program under Software Assurance (http://www.microsoft.com/licensing/software-assurance/home-use-program.aspx).  Why bother Microsoft? Simply add it to the Home Editions of Windows along with Live. 

Additionally I would place stricter controls on OEM’s ability to bundle bloatware with the OS.  Any software which mimics that features already in Windows should not be allowed.  Further encouraging users to look at the rich features buried in the OS and sell them as benefits as Apple does with the 250 features of OS X (http://www.apple.com/au/macosx/whats-new/features.html).  Unfortunately this would probably end up with Microsoft back in court.

Possible Failure #4 – 1 OS

This failure probably sits closely along side failure #1.  I understand what Microsoft are attempting to do in this space, by more closely aligning the Desktop OS and the Phone OS they are making it easier for developers to transport code between the platforms.  Good idea? Let’s look at the other players in this space.

Apple has IOS is a tablet and phone OS with OS X for the desktop.  Whilst many of the now familiar gestures, such as pinch and zoom, work on the touchpad the desktop itself is quiet different. 

Android, similar story, the tablet / slate OS is more aligned to the phone and it would have to be said you’d be looking at a Linux distribution for a real desktop equivalent.

Why then would Microsoft try and align all three?  Sure as stated earlier it’s easier on Dev’s but.. is it really want the customer base wants?  I can’t see why not.. Remember when the iPad launched and the non-fanboi’s looked at it as a giant iPhone that didn’t make phone calls.  I even blogged about it 8 months ago (http://www.mickhuxley.com/?p=136) and asked “Why do I need a separate device for creating and consuming content? “

Why then, is this a possible failure? Simply because the world has changed.  We like having a device with enormous battery life, integrated 3G, that’s lightweight and great for simple things on the run.  With the abundance of cloud services why do we need a full PC when out and about or travelling?  Despite my previous post about not needing an iPad I will be buying one next week for this very purpose.

Is this where Microsoft can make up ground?  There is a reason that I called this a possible failure and why I believe that it is closely aligned to Failure #1.  If, and this is a big If.  IF OEM’s can produce a device that is as slick as a Samsung Galaxy Tab, a device which Samsung market as a Smartphone (http://www.samsung.com/au/smartphone/galaxy-tab/index.html) or iPad (www.apple.com/ipad) and as useful as a full PC, when docked, we will have a winner.  The OS will need to support this too though, and being able to switch Metro off completely when docked, as an option, would go a long way to also solving this problem.

Failure #5 – The Enterprise

Many would regard The Enterprise as Microsoft’s last great Bastian of hope, and I agree.  Just as above I spoke about how nicely the Apple products connect in the home, Microsoft owns the Enterprise.  From the Client, the Server, Active Directory, Exchange, Lync, System Centre, Office and SharePoint there is no better story.  But… the big question is, will The Enterprise see Windows 8 as a consumer product rather then an Enterprise Product. 

No doubt the maturity of an Organisation will greatly influence their view.  “Bring your own device” is on the rise and the consumerisation of IT is strengthening, but how will users connect and work more efficiently.  Many would say the answer here is in the Datacentre with a VDI solution, but what to run it on?  Will Windows 8 really provide a feature rich experience when across an RDP or ICA session? 

The other sticking point in the Enterprise space is training, both of Admin staff and Users.  Having worked in recent years with Organisations that have a very non-technical user base some simply don’t want to re-skill in Windows or Office.  During an Exchange 2003 to 2007 migration I had 1000’s of complaints about Office upgrades also from 2003 to 2007.  An upgrade and the introduction of the Ribbon or Fluent UI was a pain and not something users wanted to learn.  How are these people going to adapt to Metro if it can’t be turned off?  Remember when XP launched and nearly every SOE turned off the new double width start menu?  This proved as a great way to ease users into the changes and allow them to still work like they always had should they prefer.  Windows 8 needs to allow for the same transition.

The other big killer in the Enterprise is again more aligned to a comment above.  Earlier I stated that we are suffering now for the pains of Windows Update past.  We are know, more then ever in my opinion, also suffering from the locked down SOE’s of years past.  Having seen it in a number of Orgs, the consumerisation of IT is not about giving users a choice of device, it’s about locking IT out of their computer.   All those years when Admins were busy locking down SOE’s to the point of minimal use have come back and many workers today feel they are skilled enough to look after their own computer.  Many of the enterprise Mac users I speak to, claim this as one of the biggest reasons they love their Mac.

Will Windows 8 be a flop? 

The points I have raised here could be seen as somewhat, pre-mature?  I am casting criticism on a product that is not due to ship for months.  About hardware that doesn’t exist, about mistakes that were made in the past.

In the end, only time will tell, but on the 2nd of February 2012 – I went on the record to say Windows 8 will be a flop, and I will stand by that statement, whilst hoping I am wrong.

Style Trumps Functionality

Cast your mind back to the early days of Blackberry in the Enterprise. Not only was it ‘executive bling’ but it also introduced new functionality. Secure email anywhere in the palm of your hand. It worked well for IT Security due to the security, the ability to kill the device and the encryption. Finally IT Administrators loved the ease at which devices could be provisioned.

However what the blackberry devices excelled at was also a weakness… email was limited in functionality, plain text only, not all attachments could be rendered and S/MIME were all problems back in the early days but as devices and servers matured and new non-blackberry devices appeared on the market much of this functionality improved.

Then a new device joined the market.. not as a corporate device, but as a consumer device. The iPhone. At this point let me preface my comments to come. I have used the following devices to connect my corporate email account over the years. A Blackberry (the old blue one) and a 9700 Bold, a JasJam, TyTN II, HTC Diamond, HTC Snap, iPhone, some Sony device I can’t remember and most recently a HTC Mozart Windows Phone 7.

What continues to shock me is that despite the number of devices on the market today and the functionality available, this is no longer the driving factor in Enterprise mobile email… these days the very same people who previously complained about the lack of functionality are the ones running to the iPhone. The iPhone that doesn’t sync new contacts to Exchange by default, doesn’t show clearly when an appointment is updated or cancelled, can’t edit office documents do I need to continue.

I could keep going about the lack of encryption, limited supported for Exchange policies, the need for a 3rd party solution to manage them, the cost of the device awful calendaring experience or I could just leave it there. One day when functionality catches up to executive bling the world will be a better place… but until then need accept the simple fact that users, executives and generally everybody is a hypocrite if they can get what they’re after.

Run As Radio Episode 167–My Thoughts

I’ve been listening to Run As Radio for some time now and I found episode 167 thought provoking and wanted to share these thoughts.  A bit of background.. Run As Radio is run by Richard Campbell and Greg Hughes.  Some of you many know Richard from Dot NET Rocks his other podcast, others may have heard the episode of Coal Face Tech we recorded this year at Tech.Ed Australia where Richard was a guest.

Episode 167 featured Mark Minasi an IT trainer, consultant and author of well over 25 books based in the US.  Ep167 featured a discussion around current server environments that both Richard and Mark have and thoughts on features that they would like to see in Windows 8.

Firstly the big point to note for both Mark and Richard they are both still running Windows Server 2003 for their web servers.  By far the most complex servers in their respective environments.  I found this an interesting point, certainly I tend not to muck around too much with my site as I don’t want to break it too badly, it was interesting to see the guys both felt the same way.  Although plans to upgrade are underway and Server Core was touted as an option now that ASP.net is supported on Windows Server 2008 R2.

One point that Mark makes is the number of reboots a Windows box requires.  It was noted that an update to IE required a restart of the system.  This is not uncommon as IE is a core component of the Operating System and Microsoft have convinced the Dept of Justice of this fact.  One idea by Mark was require the approval of Steve Balmer for any update or configuration change that results in a reboot of the operating system.  Certainly not a bad idea but let me discuss my thoughts.

1. A desktop or Windows sever is not a mainframe

Sure there are machines in the data centre that shouldn’t be rebooted very often.  However a desktop machine or a Windows Server is not a mainframe and a reboot doesn’t generally cause many issues. 

2. A regular reboot cycle helps to prevent issues.

Whilst this statement is not technically true the theme here is.  If you regularly reboot your servers you are aware of the process for starting and stopping services if required.  Generally it forces Administrators to fix issues rather then ignoring them or, at least, develop a work around or process.  This can greatly assist when an entire data centre moves to DR.

3. Offline administration tools are much better today. 

Unlike years gone by the iLO, DRAC, RSA cards provide much better offline administration then in previous versions.  This means offline remote administration considerably easier.  The advent of Virtualisation improves this again.

4. Other technologies ensure server availability.

Mission and Business critical applications should not be effected by the outage of a single server.  Clustering, Load Balancing and other High Availability technologies can ensure that an outage of a server is doesn’t result in the service being effected.  This basically makes the reboot irrelevant.

Another feature Mark would love to see he named Hyper-D for a desktop Hypervisor.  The conversation discussed running applications such as IE in a separate OS and simply rolling it back after use.  This way the core OS is separated from IE which would help protect it from Internet based threats.

I don’t agree that this is a valid option, purely from a resource perspective.  Whilst I will concede that desktops and laptops are arriving with more memory and proc then ever before and the guys even mentioned the new AMD 12-core proc as an example of this.  I don’t believe that running another OS is the answer.  IE protected mode did a good job and the Windows Integrity Mechanism works well also.  If this is to be expanded then I believe that App-V is the answer.  Virtualising the application and controlling access in and out of the application sandbox is a much easier and simpler option.  Using a control mechanism similar to the AdminSDHolder in AD would then protect the ACL’s between the application and the underlying OS.

A final feature that Mark said would be cool is a reboot to BIOS option in Windows.  I have to agree with that one, cool idea.

You can follow:

Richard Campbell on twitter @richcampbell

Run As Radio on twitter @RunAsRadio, at www.runasradio.com or on iTunes

Mark Minasi on twitter @mminasi

Microsoft Deployment Toolkit Share Migration

<** Disclaimer **> I am not going to be describing how the technologies discussed here operate at a high level.  Some prior knowledge of deployment will be required. </** Disclaimer **>

I’ve been working with the Microsoft Deployment Toolkit in a lab recently to start testing some image deployment options.  I was running Oracle Virtual Box but found that the boot.sdi (the initial download from WDS during deployment) was taking up to 8 or 9 minutes to download and it’s only about 3MB.

I decided that I would switch to VMWare Workstation.  I am unable to use Virtual PC as I need x64 guests.  The boot.sdi was download in < 3 seconds and the boot.wim also with speed.

To take a step back the environment I am running is very simple. A single deployment server running Windows Server 2008 R2.  This server hosts DNS, ADDS, DHCP, WDS and has the WAIK and MDT 2010 U1 installed. 

Once I had rebuilt the server in VMware Workstation rather then re-creating the work in MDT I simply copied the deployment share from the Virtual Box server to the new VMWare Workstation Server.  This works very well and the deployment share holds all of the configuration data required.  To save time I just added the existing boot.wim to WDS and booted my host.

When presented with the Authentication prompt in PE it failed.   I hit F8 to bring up a command prompt and went straight to the logs at “X:\MININT\SMSOSD\OSDLOGS\Wizard.log” and could see that PE was attempting to hit the path “\\Old-Server\DeploymentShare$”.  Ahh simple I thought, update the deployment share, import the updated boot.wim into WDS and done.

Nope. Did that, same story, checked the logs still trying to connect to “\\Old-Server\DeploymentShare$”  Knowing that this data would be stored in either a text or xml file in the Control directory I jumped on my deployment server and headed to “C:\DeploymentShare\Control”  This is where you can find all of the configuration data for MDT.  First up I cracked the “CustomSettings.ini”, nope nothing.  I then opened “BootStrap.ini” and bingo

[Settings]
Priority=Default

[Default]
DeployRoot=\\Old-Server\DeploymentShare$

But as I’ve learned in the past these config files can be overwritten when updating the deployment share so it’s best to edit them from the MDT.  Opening MDT I hit properties on the Deployment Share and on the “Rules” tab is a button “Edit bootstrap.ini”

Updated the values to “\\New-Server\DeployementShare$”, saved, update deployment share, reboot target and voila all done.

The big takeaways here are.

1. F8 will bring up a command prompt in PE

2. X:\MININT\SMSOSD\OSDLOGS is the place to look for errors

3. Go running through the Control folder in the deployment share and look what you can update

** Tip for young players **

If you are using Windows Live Writer Beta you will need to disable “Replace text emoticons with emoticon graphics” or every time you try and type a drive letter as in C:\ it will come out as C.

Time to Bring It #auteched 2010

This is possibly the most excited I have been heading in to any Tech.Ed.  Last year I really involved myself in the community side of Tech.ED and met a bunch of awesome people.  This year #autechheads has formed and through it I’ve had the opportunity to meet even more awesome folks.

So this year, as well as the content, the community side of Tech.Ed will rock.  I will be party of the #EyeForce crew filming interviews with speakers and delegates to discover the unspoken side of Tech.Ed.

If you want quick and punch updates follow me on twitter @thehuxman or follow the #auteched tag. I will be blogging everyday as well with more in depth coverage of my time here at Tech.Ed.

Of course don’t forget to become a fan of Tech.Ed Australia on Facebook to see the video’s the other #EyeForce and I.

Lenovo X201T – Review

Last week I become the proud owner of a Lenovo X201 Tablet.  This device is a loaner for Lenovo to my company and I am lucky enough to be given the 1st opportunity to review it. 

First things first was to rebuild the OS.  The x201T was delivered with Windows 7 Professional x86. That’s right x86 Windows on a computer that boats the following hardware stats.

Whilst it only boasts 4GB of memory the processor alone is enough reason to run a 64-bit operating system.  So as mentioned above I rebuilt the OS with Windows 7 x64 Enterprise.

I was disappointed that the Intel NIC (an 82577LM) was not able to use any of the built in drivers and as such I needed to grab a copy of the driver and install from USB.  At this point I was hoping that a quick visit to Windows Update would pick up the majority of the drivers, oh how wrong I was.

Next step was to trek over to lenvovo.com and I downloaded the Think Vantage package and all the drivers.  This was a relatively painless process and I was getting ready to start using the tablet to it’s full potential.

Next I installed the Windows 7 Touch Pack which includes cool “Microsoft Surface” style apps  such as photo collage and the garden pond screensaver which simply screams to passes by “THIS IS A TABLET AND IT’S COOL”

My first point of note about this tablet is that the accelerometer doesn’t seem to be working correctly.  Even before the rebuild it didn’t seem to detect change of orientation.  Other reviews that I have read about the x201 stated that this feature worked really well.  We are currently talking to Lenovo to confirm if there may simply be an issue with this one. 

Getting into the tablet and how Windows 7 plays in tablet mode.  Firstly I will say it’s not a replacement for a traditional keyboard and mouse.  I initially tried to use it in this manner and spent a large amount of time attempting to get the handwriting recognition to improve.  The biggest problem here is my handwriting.  It is, to be honest horrible.  I doubt I would be given my pen license if I was in primary school today and this is simply an indication of how much I type.  Don’t get me wrong the handwriting recognition is very good and there is a set of 50 sentences and phrases that can be used to train recognition.  This information is stored in your user profile  (%userprofile%\AppData\Local\Microsoft\InputPersonalization) and can be transferred to another computer using the “Windows Easy Transfer” to save re-doing it after rebuilding your tablet.

The first of the applications I was really wanting to try was OneNote.  Unfortunately I bitterly disappointed with how it worked in tablet mode.  I was wanting a better experience then with a keyboard and mouse and this wasn’t the case. The keyboard shortcuts are so good in OneNote that the touch interface just didn’t keep up. 

Keeping with the office theme I opened up Excel and Word and used a few of the ink features.  I really liked being able to scribble all over a spreadsheet whilst in a meeting, taking notes and highlighting info.  But again the handwriting was limited and really withdrew from the potential of the touch interface. 

Office Communicator was another app that didn’t really shine with the touch interface.  Sure a few colleagues were a little stunned to see my handwriting appear on the screen but after the ‘oh shiny’ moment was gone they were left simply struggling to read my handwriting.

Feeling a little dejected about the whole tablet piece I decided to sue the x201 as a traditional laptop for a while.  This is important to cover because most people will spend a fair amount of time using the x201 in this manner.  Firstly it’s a nice improvement over the x200, and includes a touchpad as well as the thumb bum for mousing.  The battery included on this demo is the 8 cell and on full charge Windows says it will last for 5 hours and 45 minutes.  I would say this isn’t too far off the mark, although it also seems to take an eternity to charge.  One of the biggest battery saving functions is the removal of the optical drive, also absent in the non tablet x201.  The optical bay is included in the base docking station and for most users this is probably enough. I’m torn by the removal of the optical drive, in reality I don’t use it that often but as an IT Pro sometimes need to burn an image on the run. 

As a laptop the x201 therefore is a nice choice, but I kept thinking that there had to better use of the tablet.  I started to think about which apps would make better use of the touch screen and couldn’t think of a lot other then Media Centre, which isn’t too bad.  Rather then thinking what would work well in tablet mode I started to think about the applications that seem limited when using a mouse.  Visio sprung to mind. 

I tend to spend a lot of time in Visio and it seemed like an application that would work well with touch and the stylus.  Boy was I right.  Visio ROCKS with touch.  Being able to switch from pointer to connectors is fast, made even easier by the Fluent UI (Ribbon) which has made it’s way into Visio 2010.  Moving shapes, connectors, lines and drawing is easy and works so well.  If there is no other reason to get a tablet then this reason is enough for me.

With my new found enthusiasm for the tablet I started thinking about other apps that I often spent time moving shapes around in…… Ahhh PowerPoint.   Creating animations is a breeze with touch and creating custom motion paths which is near impossible with a mouse is a breeze with touch.

Not that many readers will be effected by this but the incident logging software used by the State Emergency Service in New South Wales, Australia is awesome with touch as well.  It needs the stylus as the checkboxes are only small, but wow.  I was using it for a few hours this morning and had a mouse sitting next to me but found it easier to grab the stylus and tap away on the screen. A number of other members had a look as well and thought it was a really great way to interact with the application.

Does the tablet warrant the cost.  Well I’m not sure.  Certainly I found the tablet most useful when the screen was positioned as a traditional laptop and just reaching over the keyboard every now and again.  The exception is Visio of course which tablet mode rocks for.  Whilst not a corporate use flipping the tablet around and sitting it up is a great way to watch video’s as well.  Using the tablet is useless without wireless, sitting in tablet mode with a patch lead stuck in the top looks weird.

At the end of the day there aren’t many really great touch devices on the market and in my opinion the best of them are made by apple namely the iPhone and iPad.  What really sets these two products apart is that they were purely designed with fat fingered touch in mind.  Windows 7 is better then previous versions of the OS when using touch but it has a long way to go.  There are a number of rumours doing the rounds the touch will be a focus of Windows 8 and this would be great however OS is only the start, applications need to be designed for touch as well.

SQL Server 2008 R2 and Exchange 2010 SP1

I prefer to keep things separate but I wanted to draw your attention to a couple of announcements and features that I discovered today.  Firstly SQL Server 2008 R2 hit RTM but more importantly SQL Express 2008 R2, you know the free one, has grown from a 2GB to a 10GB database. Smiles all around on that .. and thanks to Catherine Eibner (@ceibner) for the heads up.

Secondly with Exchange 2010 SP1, Administrators will be able to set rules around the naming of user created DL’s.   For those who missed Exchange 2010 details, users can now create and manage their own DL’s (if you allow) and with SP1 you can configure rules.  So if a user creates a list called yellowteam the list can be formed using pre-defined rules and queries from AD and may end up looking more like DL-AU-Sydney-Accounting-yellowteam.  I’ll blog more about this soon but the Exchange product team have a good post on this today at www.youhadmeatehlo.com.

Microsoft Business Productivity Suite (BPOS)

Lately I’ve been working away with the same products and haven’t had anything of note to blog about technically.  One technology though I have had the pleasure of using recently is the Microsoft Business Productivity Suite.  At Tech.Ed Australia in 2009 along with Netbooks we were all provided with a Microsoft Online Services logon which provided delegates with SharePoint, Exchange and Office Communications Server accounts.  Whilst this provided all delegates with the chance to collaborate I believe it wasn’t used to the full potential.

I am a member of the State Emergency Service as a volunteer in New South Wales (Australia) and recently all volunteers were provided with a BPOS account for SharePoint and Exchange.  I’ve been led to believe that Microsoft provided these accounts free of charge and if that’s true than Thank You. 

As a Service the State Emergency Service is an interesting body.  Funded partially by the states and partially by local councils different Units have different levels of funding available to them.  My unit has had a Small Business Server for some time and we hosted mailing lists for members, however not all units were that fortunate.  At a State level IT was not a focus area, particularly for members.  We have had a corporate Intranet for some time with training materials and policy documents and a centralised tasking and incident management solution but collaboration had never been addressed.  I don’t know the reasons for this but can only assume that the limited resources were a factor.

Enter BPOS.  The SES rolled out the BPOS branded as EOS (Everybody’s Online System) and it was immediately clear to me that Microsoft BPOS was the underlying platform. 

All members were provided with an Exchange Mailbox, Skydive and access to SharePoint.  The solution was structured around the Organisation with data grouped by Unit, Region and State.

Personally I have seen EOS/BPOS yield immediate results for my unit.  We have Distribution Lists, owned by our Controller for the distribution of incoming pages.  He is able to update the list membership on the fly to ensure that only unit members whom are active are notified.  Likewise each week an automatic email is sent advising of the Duty Officer, Team Leader and Operations Controller for the week. 

SharePoint has provided us with a location to store our unit documents online and work on them away from Local Head Quarters (LHQ).  This has improved my Units ability to focus on training and incidents.  Whereas previously some members would skip training to complete “paper work” they can now work on the docs, outside of training nights, and spend training time increasing their skills.

The Service allows us to forward our email to a personal account and the “redirect message” option preserves the sender details.  This way, with Outlook Server side rules at work, I can dynamically place SES emails in specific folders and choose what to sync to my mobile device.

One feature, which may or may not be a custom feature, emails tips to users about use of the solution.  This is particularly useful for non-technical members and has improved utilisation of the solution. 

For the implementation we were each provided with a sealed envelope with our email address, username and initial password.  The package included a CD loaded with demonstrations and instructions.

Is the SES the only Organisation that would benefit from BPOS?? No, not at all.  Hosting these solutions outside the Organisation can reduce time to provision, reduce technical headcount, reduce carbon footprint, reduce datacentre requirements for cooling and power and reduce Capital Expenditure, whilst improving availability and potentially security. 

If a hosted solution, where your data is located offsite, is a possibility for your Organisation then serious consideration should be given to BPOS.  Exchange 2010 even provides the ability to have a spilt cloud model with some mailboxes located onsite and some in the cloud.  This feature allows Organisations to slowly transition or investigate the benefits of a cloud offering whilst maintaining control of critical data.

The Changing Face of Infrastructure Part 3

The first post in this series I discussed the employee vs employer owned workstation (laptop) and the centralised vs distributed VDI infrastructure.  In the second I spoke about Server Virtualisation in the Enterprise.  This post I will take up where I left off and discuss the Private Cloud.

Cloud computing is not a new concept, it is simply a new way of looking at existing infrastructure.  To start I will define what I mean when I discuss these concepts.

Firstly the “Cloud” is a highly available infrastructure which can either be used to host services, infrastructure or software either for a private Enterprise or as a public hosting platform.

The “Private Cloud” is a Cloud for use by an Enterprise solely for the purpose of running their Infrastructure and Software.  Whilst some servers hosted in the Private Cloud may offer external services, such as a corporate Internet site, FTP, SharePoint or Business 2 Business portal, the Infrastructure is owned and run for the sole purpose of the Enterprise. 

The “Public Cloud” is a hosted platform which provides services to customers.  An example of a Public Cloud is Amazon’s EC2 (Infrastructure as a Service) , Microsoft BPOS (Software as a Service) or even Gmail (Application as a service).  Each of these offerings provide a different layers of compute to the end user.

A Private Cloud is really just new terminology to refer to a dynamic datacentre.  The biggest challenge with cloud computing is the management of the Infrastructure hosting the platform and the applications, services and servers which utilise it. 

The idea of a cloud is that it is highly available and the only way to provide high availability is to distribute the Infrastructure across multiple sites to remove Single Points of Failure (SPOFs). Ideally a cloud should have no SPOF’s however this isn’t possible because at some point the Earth becomes that SPOF.  Generally most SPOF’s can be removed by simply increasing the distance between datacentres, however be aware of International Borders, and Earthquake Fault Lines can sometimes add a level of complexity.

Inside the datacentre Server Virtualisation is the key, I covered the benefits of virtualisation of Part 2 and so won’t cover it again here.  Whilst Server Virtualisation is the corner stone of a private cloud, for the cloud to be dynamic many other technologies need to introduced. 

The first technology is monitoring.  Monitoring is more then just a simple is a server up or down.  All monitoring applications will also provide details about services, processes, monitor performance and even alert based of event log entries.  However the real benefit of monitoring is the ability to recognise trends in Infrastructure health and performance and use the data to proactively resolve issues before they cause outages.  The data can also be used as a trigger to further investment in Infrastructure as the existing server resources and storage are utilised. In the world of public cloud providers monitoring is also tied into the billing system where the user pays for the clock cycles they use. 

Management of the Infrastructure needs to be flexible and dynamic and allow for users with differing levels of Administrative control.  For the datacentre Administrator the ability to create, destroy, power on / off, move VM’s between hosts etc. needs to be a seamless activity that can be controlled interactively or scripted and scheduled as required.  For end users there maybe a requirement for a provisioning portal to spin up and destroy VM’s as required for projects.  This ability though adds more complexity again.

Once a server has been spun up in the cloud the virtual instance needs to be managed though lifecycle.  It needs to be licensed, backed up, have the correct anti virus settings applied, monitored and patched, domain joined and basically managed like any other server in the environment.  All of these activities need to occur with the little or no manual work by the Datacentre Administrator.

Having discussed at a high level the idea of a cloud and some of the technologies required for a private cloud it becomes clear that the biggest requirement when building a cloud isn’t technology but process.  Without process and strategy many Organisations suffer from server sprawl as spinning up a new server no longer requires a CAPEX.

In the next post I will dive into a few of the products that I’ve used and discuss how their use can increase the ROI of a private could.

Why I Love My iPhone

The smart phone market is heating up with the launch of Andriod 2.1 from Google running on HTC hardware and called the Nexus One.  Late last year Microsoft release Windows Phone 6.5 and again HTC is the hardware of choice for running the platform.  In the background is the iPhone 3G and 3GS. 

In the last two years for work I’ve had a Palm Treo 750, HTC Dopod 838 Pro and currently a HTC Touch Pro.  In previous lives I also used Blackberry devices.  For a corporate device I don’t believe that you can go past the Blackberry devices.  (Note : I haven’t used Windows Phone 6.5 so can’t speak for it).  In a work device I really want a device that does the following:

1. Is a phone that is easy to use, easy to look up contacts make calls etc..

2. Is easy to SMS

3. Has Bluetooth

4. Is easy to read and compose emails

5. Manages and makes good use of Contacts and Calendar items.

6. Has Over the Air (OTA) sync ability to my Exchange mailbox.

That’s it.. Ideally if a Bluetooth PAN can be configured for Internet access that’s a nice bonus but really the above list of 6 is all I really need and use for work.  I find Windows Mobile is very clunky for dealing with contacts and some email work, particularly if you have a lot of folders in your mailbox.  Worse still is the TouchFlo 3D on the HTC devices.  This interface (which I disable) is extremely resource intensive and not intuitive at all.  I will caveat the above comments by stating that the device running Windows Mobile has a large impact on the performance of the OS.  I have found the Touch HD is a much nicer device then the previous two, the PALM particularly.

Of course the features mentioned above are in the context of a user and not an IT Professional.  The device must also support Full device encryption, Remote Wipe etc.. All the functions of ActiveSync that I need to ensure the data security of my employer.

Now let’s move onto the iPhone.  To be far I’d like to start by looking at the list above.  It is very easy to make calls and handle contacts, has Bluetooth and is licensed for Active sync.  However I find Calendar and email is a little underdone and the IT Pro features, whilst improving, aren’t there yet.

But… as a personal device the iPhone is possibly the best device I have ever owned.  First and foremost it has a large market share, which results in a large number of developers and a large number of apps.  I contently use Shazam (records a portion or a song and it returns the title and artist), Facebook, LinkedIn, Tweetdeck, BOM Radar, Trip View (Sydney Public Transport info), UrbanSpoon and Around Me (for finding restaurants etc..) Flickr, e-buddy (Messaging App that hooks into MSN, Facebook, Yahoo etc..), Foxtel Guide to view the guide and remote record to my iQ, Cricket Live and F1 Live Timing 2010.  Don’t forget it’s also an iPod and runs Safari for some Web Surfing.  Also a number of companies have iphone versions of their sites (detected with cookies) which improves the web experience.

The bad side of the iPhone is that iTunes is the interface and I’m not a big fan and also the size of the updates.  Rather then releasing ‘meta’ updates each update is a full OS load of about 330MB.

Moving forward I’ve got a big decision come December when my contact is up as to whether I will get a new iPhone or another device.  If I was making the decision today I’d probably hang onto the iPhone for another few months and wait and see how the Nexus One and Windows Phone 7 looks.  Personally though I find the iPhone easy to use and the number of apps is awesome with over 100,000 in app store compared with < 20,000 for WinMo.  I do believe it’s the apps and interface that makes the iPhone such a great device, but probably not for the Enterprise.

A Year in Review

As we call in the end of the year it’s worth looking back at some of the product launches for the year initially and then some major events that made 2009 in IT.

1. Microsoft Windows 7

I doubt you’ll find anyone who wouldn’t put the launch of Windows 7 at the top of their list.   Many regard Windows 7 as the OS that Vista should have been.  However without Vista, Windows 7 would not have been what it is.  Arguably the most important operating system release since XP Windows 7 has received acclaim from Industry experts and IT Professionals across the globe.

2. Exchange 2010

Despite the name Exchange 2010 launched this year and includes a number of architectural changes from the previous version.  Firstly the storage engine has been re-written to improve the performance of Exchange on low cost Enterprise SATA disk.  High availability has also had a major work with the introduction of Database Availability Groups (DAGs) and MAPI on the Middle Tier.  From a client perspective speech to text voicemail, moderated DL’s, mail tips and Enterprise availability sharing through the Microsoft Federated Gateway add some nice new features.

3. Windows Server 2008 R2

Built on the 6.1 Kernel (the same as Windows 7) Windows Server 2008 R2 is significant as it’s only available as a 64-bit release.  Windows Server 2008 R2 also introduces new Active Directory features, and a bunch of new features such as Direct Access and Branch Cache, that make Windows Server 2008 R2 and Windows 7 better together.

4. VMWare vSphere 4.0

vSphere is an important release and the new name of ESX Server.  vSphere and vCentre have introduced features including thin provisioning and integration with Nexus completely integrating the Virtual Infrastructure seamlessly with the datacentre.  Additional features also include Distributed switching and Fault Tolerance.

5. Microsoft Security Essentials

Put very simply, it’s a free Anti Malware solution for Windows.  I’m using it on multiple Windows 7 and Windows Vista boxes and for home environments I strongly recommend it.

6. Forefront Threat Management Gateway

The update to ISA Server, TMG is the first gateway solution from Microsoft that runs in 64-bit.  I won’t dive into TMG too much at this point as I’ll be posting about it shortly.

7. 64-bit

64-bit computing is not new however 2009 and particularly Windows 7 has started to get a lot of home users and Enterprises considering the move to 64-bit in the datacentre and on the desktop. 

8. Twitter

Twitter moved from the corner of IT geeks and celebrities further into the mainstream and if Ruby Rose’s comments are anything to go by it’s now on the way out.  The micro-blogging service has changed the way many communicate.  If you want to know what’s happening get on Twitter.  If you want to find out what’s already happened enjoy Facebook.

9. The NBN.  How could I leave the National Broadband Network off the list of the 2009.  To date I believe the NBN has been nothing but a waste of time and tax payers money.  The majority of the news around the NBN has been to do with the members of the board rather then the technology, benefits and costs to the Australian Families.  Personally I think that the NBN will be a disaster unless Industry experts are bought in and the politics and bureaucracy removed.  The NBN whilst new for Australia is not a new concept with countries around the world already providing fast internet access to the home.  More attention should be payed to the technologies already available and in use internationally.  Get it right Rudd, remove the politics and get the right people working on a solution.

I’m leaving it at 9 events and launches for the year as it’s 2009.  Happy New Year all.

The Relevance of Certifications

For many years I was an IT Pro with basically no proof of my skills.  I was a Microsoft Certified Professional in both Windows XP and Windows 2000 Server and nothing else.  I, like many of my colleagues, viewed certifications as worthless.  A piece of paper that shows the ability to read a book and answer some multiple choice questions in an exam room.

What really put me, and I’ll assume others, off certifications was the ease at which they could be obtained.  Though the years I’ve met a lot of people who claim to be an MCSE or equivalent that can’t perform even the most simple of tasks.  Engineers (a term I’ll use very loosely here) who know the text book but have no real world knowledge or skills to back them.  Many may not know but I am a member of the State Emergency Service and one point our Rescue Officer harps on is our ability to take the text book and apply the knowledge, not replicate the knowledge.  He wants us to use the text book for reference but not as a Bible and to be able to adapt techniques we’ve learned and apply them to different situations.  Again the same is true for Certifications, if we all simply followed the guides there would be a lot of Active Directory forests called Contoso, Fabrikam, Tailspintoys or Litwareinc.

One thing that always caught my eye though was the number of presenters at Tech.Ed and alike that had a multitude of certifications.  Often times spanning multiple products and technologies.

In order to get the motivated to do some more exams I had becoming an MCSE 2003 and MCITP : Enterprise Administrator added as meet and stretch targets in my annual career goals by my manager in 2008.  6 months into the year I began exams and finished the year with both certifications.  At the time there was less then 7000 MCITP:EA’s globally.  Since that time I have participated in two beta exams each a PRO series exam for Windows 7 and Exchange 2010, I’m still pending the result of the Exchange exam.

What did this process teach me??  It showed me personally the value of certifications.  I don’t believe that the certifications demonstrate my knowledge in any area, what they do demonstrate is my willingness to study (although I didn’t read a single book for my last 11 exams) and more importantly my interest in new and emerging technologies.  Becoming certified in a new technology soon after launch shows potential employers that I take my career seriously and that I stay ahead of the curve.  It is one thing to talk about reading tech news or watching webcasts, attending events etc.. in an interview, but being able to demonstrate this with a recent certification just helps that little bit more to hammer home the point.

Microsoft particularly have now raised the bar of certifications with the introduction of the Microsoft Certified Architect and Microsoft Certified Masters programs.  Candidates who have successfully completed the requirements of these two programs are the best in their fields.

Moving forward I will continue to certify in new technologies because I believe that it demonstrates my willingness to study and interest in technology.  It also keeps employers happy as certifications = points towards higher Partnership levels with Microsoft.

The Changing Face of Infrastructure Part 2

In my last post I spent some time discussing the potential benefits of both Employee and Employer owned Desktop Virtualisation Solutions either hosted in the Datacentre or distributed and run on the end user hardware.  In this post I’ll cover Server Virtualisation and the the advantages it can bring to the Enterprise.

Like many IT Pro’s I started using virtualisation solutions back in the late 90’s / early 2000’s for running virtual servers on my desktop for training and testing.  It wasn’t until about 5 years ago that Server Virtualisation began to take off and initially it was limited to running legacy servers or development, test and lab environments.  VMWare bought server virtualisation into the mainstream with ESX, a server operating system based on the Linux kernel.  This change significantly changed the Datacentre improving hardware utilisation, management, provisioning, availability and disaster recovery.

For many years I have been speaking with colleagues about Mick’s Laws of Server Management (I will post the list soon).  The first law is “Single Server, Single App, Single Purpose”.  This law simply states that a single server should never host multiple applications.  Whilst there are some exceptions, such as an Active Directory Controller also hosting DNS, DHCP and WINS, it stands true most of the time.  This law was designed to improve availability of services as a file server that also ran the backup software might need a reboot to fix an issue with a tape device which would also require an interruption to file sharing.

The downside of the first law is utilisation and cost.  Buying server hardware to host applications that only required limited resources is an expensive exercise.  These servers often spent a the majority of the time idle whilst using valuable power, rack space and cooling in the Datacentre.  This is the first advantage of a virtualised server infrastructure.  By running these small applications servers as Virtual Machines (VM’s) I can collocate the server instances on one physical server and maintain an average of 60-70% utilisation rather 5-10%.  Whilst this may appear to increase risk as a hardware failure would now result in a multiple server outage, there are technologies which allow for automatic failure in the event of a disaster. 

Years ago a number of servers in the Datacentre would never have been made highly available.  Clustering and replication technologies were expensive and limited to a handful of Tier 1 applications, maybe Email and or ERP solutions.  Server Virtualisation gives every server high availability.  VMware ESX and Microsoft Hyper-V 2008 R2 have the ability to move VM’s seamlessly between hosts.  Let me explain this a little more.  When correctly configured I can move VM’s between physical servers.  This process is called vMotion on VMware or Live Migration in Hyper-V.  This allows for protection of the underlying server hardware.  If an outage occurs or maintenance needs to be performed the VM’s can be moved online to another host.  This move requires no downtime and users are unaware of the change.  Unfortunately this type of move won’t be quiet as seamless if a physical server crashes.  In  this example the VM’s would be moved and started on another node but they would reboot.  VMware have a new technology called Fault Tolerance which protects against this type of failure also. 

The next advantage of the virtualised Infrastructure is flexibility.  Using technologies that build on top of Server Virtualisation the ability to not only move VM’s between hosts but also between Datacentres becomes a reality.  Therefore not only providing a high availability option, but also a Disaster Recovery one.

Provisioning also becomes a much simpler process.  If the capacity is available spinning up a new VM can be done in minutes, without the need to raise a CAPEX, quote, order and await delivery of Hardware. 

Development and Test scenarios are also greatly improved from a cost and benefit perspective.  VM’s can be cloned and added to an isolated network providing an up to date copy of a production system for testing and development.  Environments can also be updated faster and more accurately represent their production companions.  Again both Microsoft and VMware have products for replicating test environments with System Centre Virtual Machine Manager and Lab Manager respectively.

The efficiency and high availability of VM’s, ability to move them between hosts or Datacentres, the speed to provision and the duplication possibilities when used together deliver a dynamic infrastructure.  This dynamic infrastructure is refereed to, by some, as the “Private Cloud”.  More on that topic to come in Part 3

smh.com.au Technology articles

The false claims, outright lies and sensationalism of the smh.com.au technology articles has gone too far.  Every article they write about a new technology is how it will power over a competitor and not about a simple review.

Today there are two articles that demonstrate this “Android set to topple iPhone” and “Windows 7 may test Apple’s winning streak”.  I honestly don’t care if Android is better than iPhone or Blackberry or a 15 year old Nokia.  I want to know what it does and how it works.  Likewise with Windows 7 article, paragraph 4. “Microsoft’s Vista operating system, released in early 2007, was plagued by problems and bad press. For Apple, this meant an opportunity that the company seized upon”.  I don’t care who has market share, it’s not an outright competition.  Just review the products as they are and stop wasting my time.

That’s my vent

smh.com.au #fail.

Exchange 2010 RTM

Ironically on the first morning I place an Exchange 2007 Server into production, Exchange 2010 has been Released to Manufacture.  This is a major milestone and one that I’ve been expecting for a couple of months following Tech.Ed Australia.

I’ll be dishing up more valuable information about Exchange 2010 in the coming months.

The Changing Face of Infrastructure Part 1

This will be a series of posts in which I will explore the benefits and misconceptions of the changing Infrastructure and Services model we are experiencing today in IT.  I will cover a number of topics including Cloud Concepts, Server and Desktop Virtualisation and try and connect the business drivers with the technical advantages that each can offer the Enterprise.

Whilst I’m only young I do remember the days of Mainframe computing.  Where the dumb terminals sat on the floor and the grunt processing is performed in the Datacentre.  In this post I will cover desktop virtualisation, the idea of the dump terminal or uncontrolled laptop on the floor either hosting a virtual machine locally or connecting to one in the hosted in the Datacentre.

One of the concepts being floated today is that of removing the end computing IT costs and risks from the Enterprise’s responsibility to the employee.  Here is the example.  I start work at Company Inc.  On my first day my boss and I head down to the local computer retailer with $2000 to spend.  With the $2000 I can buy which ever computer I wish and if I want to put some money in myself and buy a $3000 computer no worries.  Likewise if I already have a computer that meets the minimum requirements I can simply bring that along and pocket my $2000 computer allowance.  The asset as it stands is now mine, not my companies.  I am responsible for the host operating system, it’s updating, anti virus, applications and all data on the host.  Remember these responsibilities as I’ll reference them frequently.

Example 1 – Distributed Virtualisation 

Upon returning to the office with my computer I’m provided with VMWare Player and an ACE image.  VMWare ACE essentially wraps some additional security and policy around images built with VMware Workstation.  I fire up the image on my workstation and the image is domain joined, connects to the corpnet and off I go. 

Advantages :

There is never a need to update this image with new drivers as the drivers are all VMWare specific, so whilst ever I’m using the same version of VMware there is no need to update, unlike laptop and desktop models which change processors etc.. every couple of months.

The image is contained and I can give the employee all the tools required to perform their job, whilst still allowing them to control the host operating system.  They can install software, personalise it etc..

Any data not contained within the VMware image is not a Corporate responsibility, want to put music and movies on the Hard Disk?? No problems the employee owns the asset.

Portability, with VMWare ACE I can put the image on a thumb drive and run it on my home pc at night without having to carry my laptop around.

Disadvantages :

Today there are no real options when we start talking about parent partition separation or a desktop Hypervisor.  What this means is that data from the hosts, including Trojans etc.. can slip onto the virtual image.

If the host is unprotected and connected to my corpnet I need to ensure I have measures in place to prevent the host operating system from connecting to my resources.  This will mean require something like Cisco NAC or IPSEC.  I will also need measures to ensure that an infected host can’t cause an outage through a Denial of Service Attack preventing my Virtual guests or other clients from network access.

If the hosts is compromised I have no control over it and it becomes the employees responsibility to resolve the issue.

Hardware failures are not the problem of the employer, excepting when we start to think about the decline in productivity because there are is no spares pool and each employee needs to wait individually for their asset to be repaired and returned.

When an employee calls the service desk because they either have a problem with the hosts, or require a password reset the Service Desk will simply state it’s not covered by SLA and won’t be able to assist.

Example 2 – Centralised Virtualisation.

In this case the employee will still own the asset but rather then host the Desktop image it will be accessed from the data centre.  In this way we have a few options, we can either provide the employee with a full desktop environment or published applications.  With Windows Server 2008 R2 we can also determine whether each employee will be given a VM from a pool or they will have their own that is simply hosted in the Datacentre.

Advantages :

Unlike the previous example where I had two operating systems on the one piece of desktop hardware and had to allow the guest to access my servers whilst blocking the host, here I can simply block all connections from everybody and simply allow through port 443 to the Remote Desktop Web Server. 

There is no data on the desktop it is 100% hosted in the Datacentre which removes any chance of data loss through lost or stolen laptops.

I can easily backup all of my users data, including that data hosted on their hosted desktop computer.

Requires a lower spec machine as all the processing power is performed on servers in the Datacentre.  This could assist in a migration to an x64 platform.

Disadvantages :

Storage.  I need to keep a copy of all of my virtual desktops on fast, highly available and expensive storage.  Technologies such as de-duplication will assist in lowering this requirement.

If my employees need to work outside the office there is no way for them to maintain a local copy of their applications without purchasing a licensing. 

Again, the employee is owning the hardware so there is no support or spares available.

Of course both of these examples could be changed slightly if the employer owns the hardware.  Then we have support, spares and regain some of that lost productivity.  Let’s quickly review both examples again in the Employer Owned scenario.

Example 1 – Distributed Virtualisation

Advantages

None, that really stand out above those already mentioned.

Disadvantages

I need to support, maintain and license two copies of the operating system.

Example 2 – Centralised Virtualisation

Advantages

The refresh cycle can be extended as the local computer only needs to run a remote desktop session.

Provisioning mean time is lowered as the images are simply cloned on the server and applied to the users.  To upgrade the client operating system I can create the new images, USMT the settings across and then the next morning present Windows 7 instead of Vista to my users.  To roll back simply present Vista again.

Disadvantages

Again, there are no additional disadvantages then those mentioned previously.

Of course there is always the alternative.  Stay the way we are or select a mixture.  There are a number of technologies which can provide just as much control to the physical hardware as their virtualised partners, group policy, my document redirection, offline files, Bitlocker drive encryption, direct access, WSUS and System Centre Configuration Manager, Altiris, CA Unicenter or similar to deploy and control software.  Additionally MED-V can provide distributed desktop virtualisation for specific application compatibility issues.

In summary there is no silver bullet and the requirements of the SME compared with a large enterprise, government or academia will be different.  There are clear advantages to moving some applications into the Datacentre and “presenting” (to use an old Citrix term) them to the user through RDS or Xen.

In the next post I will cover Server Virtualisation and the role it plays in the changing face of Infrastructure, it’s effects on Disaster Recovery and advantages it can present as a stepping stone towards cloud computing.

Tech.Ed Wrap

So the posts slowed down later in the week, due to a combination of socialising and work chasing me down in my spare time.

The full wrap and verdict for this year is disappointed.  Microsoft appear to be suffering through the GFC with a very small contingent of International speakers and even Australian’s present at the event.  This resulted in sessions which were not as diverse as previous years.

My biggest disappointment this year was the lack of PKI or ADCS sessions.  Microsoft has been integrating PKI into everything over the last couple of years.  It all started with Smart Cards in AD and has extended to Exchange, OCS for MTLS, most of the System Centre products, AD RMS, ADFS, Terminal Services and the list goes on.  This is a great move as it provides a great level of security across the enterprise, however the amount of self-signed certificates in use forcing users to select the “Non-Secure” option does more harm then anything. 

A number of Organisations I work with still haven’t implemented a PKI either and not presenting on the topic was very short sighted.

Overall, I’m not sure whether I’ll be back at Tech.Ed next year, but with Windows 7 and Windows Server 2008 R2 on the horizon I’m sure there is still plenty of work to keep us moving.

Tech Ed Day 3

Well despite it being day 1 of the conference proper, I think I did less today then I have covered off in the previous 2 days.  It started with the Keynote this morning, which was presented by a number of different speakers and finished with a few Hands On Labs this afternoon.

This morning I attended a bringing it all together session for Office which covered client integration across SharePoint, OCS and Office and showed a few new features in Office 2010 that I hadn’t discovered.

I then headed off to an Exchange breakout session which tended to cover the same information I had in pre-conf.  From there it was MED-V and Virtual PC 7 and then two HOLS, one on PKI and the other on deploying A/V Edge with OCS.

That is a wrap for Day 3, I’m about to head back to the hotel and work out the plans for the rest of the night…

Tech.Ed Day 2 | Full Wrap

So Tech.Ed day 2 is really now over and I’m back in the hotel room, sorted a MOSS issue and have a minute to myself..

So today..once again the labs in the Exchange 2010 workshop didn’t work too well, to his credit Gordon Ryan was outstanding as a trainer and coped well with the set backs.  All 9’s from me on the eval (labs excluded) although massive thanks goes to Corey (Sorry if i get this wrong… but from Hayes IT) who created the HOL experience.  He came in and explained the Hardware incompatibilities with Hyper-V RTM which forced a change to Hyper-V in Windows Server 2008 R2 which had other issues.  Either way doesn’t matter it was a great 2 days with Gordo so thanks for that.

Tonight was the opening night and it was great to run into both Paul Grant and Wal Komar two friends from Canberra.  Spent some time with David McGhee from Microsoft and also with Dean Corcoran and Roland Leggat from DDLS (DiData Learning Services) talking Win 7 and WS2008R2.  A really great start to the week

On other news through my absolute persistent tweeting today I scored a Windows 7 hoodie.  Check out either #auteched or #shamelesswantahoodyplug for a list of today’s fun with @ohcrap and @themolk.

Tomorrow conference proper kicks in with the key note at 0815.  Sadly I’m already sad that we are two days in.  The week goes so fast.

On a last minute note and this really should be at the top of the blog rather than the bottom but I had the privilege of chatting with Adam from TechNet Edge today.  Awesome guy and really glad he is out here for Tech.Ed Australia.  Can’t wait to see Scott Schnoll speak either.

Tech.Ed 2010 pre-registration is now open and from www.msteched.com you can catch up with all the latest, including some presentations available to non-attendees of the conference. 

Tech.Ed Day 2

So this is the third time today I’ve opened Live Writer and only the first that I’ve been able to start blogging.

Exchange 2010 is good.  My initial favourite features though are still the user interaction components though.  The Exchange Control Panel (User self service), Moderated DL’s and Mail tips.  Would love to see the the ECP become integrated into Outlook 2010.

The biggest thing that I’ve picked up is that only a single 2010 CAS is required to connect to the Microsoft Federated Gateway to organisational free/busy sharing.  This makes deploying the technology easier in the short term.

Welcome To Tech.ED 2009

Well, I’ve arrived and am sitting at Tech.Ed Australia 2009 on the Gold Coast.

I’m just heading into the Exchange 2010 pre-conference training, so I’ll be blogging about it later today.  I haven’t had the chance to install the RC of 2010 yet so I’m looking forward to it.  Also hoping that we will be working on Windows Server 2008 R2 because I haven’t worked with that too much either.

Windows 7 A Week Away

It may seem strange that a Server Architect is more excited about the release of a desktop operating system than it’s server brother but that’s how I feel.  Next week Volume License customers (myself included) and TechNet / MSDN subscribers get their hands on the RTM version of Windows 7, Windows Server 2008 R2 and Hyper-V Server 2.  So why am I excited about Windows 7 and not 2008 R2??  Simple.. it has more chance of getting deployed to it’s full extent sooner.

Many Organisations that I work with are not interested in Hyper-V, personally though, I quite like it.  When coupled with System Centre Virtual Machine Manager it is a great alternative to ESX.  However like all products it has it’s place in the market and until R2 and ‘live migration’ become a reality it’s place is somewhat limited inside the Data centre.

Score check: Windows 7 – 0, Windows Server 2008 R2 – 0

For many organisations that haven’t taken the plunge into full volume encryption, Bitlocker and particularly Bitlocker-to-go offer a great breakthrough.  With key escrow in Active Directory, rapid deployment times and being included as an out-of-the-box product on Ultimate and Enterprise SKU’s it’s a great way to get end point encryption deployed.

Score check: Windows 7 – 2 (Bitlocker and Bitlocker-to-go both score), Windows Server 2008 R2 – 0

Direct Access is a brilliant addition to Windows Server 2008 R2.  Basically it provides an always on VPN.  You fire up your corporate laptop on the Internet and it will tunnel back home and allow you to access devices as if you were sitting at your desk.  The downside is the amount of infrastructure required to get Direct Access working and the investment most Organisations already have in Remote Access so it can’t score a point here.  It also requires Windows 7, so would remain score natural either way.

Score check: Windows 7 – 2, Windows Server 2008 R2 – 0

MED-V and XP Mode in Windows 7 allows for Intel-VT and AMD-V procs to run a virtual Windows XP environment to run apps that are not compatible with Windows 7 inside a VM with full network connectivity making the transition to Windows 7 possible without the immediate requirement to get all the apps either updated or shimmed.

Score check: Windows 7 – 3, Windows Server 2008 R2 – 0

Branch Cache is another cool feature in Windows Server 2008 R2 which basically acts like a WAN acceleration device, think Riverbed or Expand, and caches files which have been accessed across the WAN, speeding up access times for all subsequent users.  Similar to Direct Access it requires Windows 7 and many Organisations already have an investment in this type of technology which rules out an immediate gain.

Score check: Windows 7 – 3, Windows Server 2008 R2 – 0

Staying on Windows Server 2008 R2, Active Directory Recycle Bin and Power Shell AD Administration.  The first requires 2008 R2 Domain Functional level so start upgrading, the second just a single 2008 R2 DC.

Score check: Windows 7 – 3, Windows Server 2008 R2 – 2

Finally at the end of the day I never forget that whilst we are IT Pros or Dev’s we are still users ourselves and therefore need to look at the user experience in Windows 7.  The performance gains over Vista, Jump Lists, search and library functions are enough to keep me happy.

Final score Windows 7 – 4 and Windows Server 2008 R2 – 2. 

Enjoy the RTM trip and I’ll see you @ Tech.Ed

Windows 7 RTM

Yesterday Microsoft announced that Windows 7 has been released to Manufacturing.  This is the next major step in the software deployment lifecycle and represents one of the final stages.  With this announcement Microsoft are confident of meeting October 22nd for General Availability.

Other dates to be aware of are August 6th for all TechNet Plus subscribers, SA customers and MSDN subscribers will be be able to download Windows 7 in English, with the other locales to follow.  For a complete list check out the Windows Team Blog.

AUTHENTIFICATION

Dealing with colleagues from around the globe, the language barrier is always a factor.  Most people are aware of the www.engrish.com which looks at Japanese signs which have translated incorrectly.  My example today is Franglish, a French dialect and the word is “Authentification” which looks like a combination of two English words with almost opposite definitions.

The first word, and the word intended, is Authentication.  Without delving into the exact definition, it is essentially a process which results in a validated proof of identity.

The second word is fiction, again loosing translated to imagination, fantasy and NOT fact.

Herein lies the comedy.. As far as I can make out, the definition for Authentification is a process which validates the proof of a fictional identity.  It is probably how Shrek logs on at DreamWorks each morning.

OCS Install Error 0xC3EC796C

I have been haunted by 0xC3EC796C when attempting to add the first server to my Enterprise Pool with OCS 2007 R2.  After many attempts I entered service accounts with no spaces in the passwords and it all worked.  Not sure if this will fix everyone’s issues but it worked for me.

See You in QLD

Just a quick note… I’m booked in for Tech.Ed Australia 2009 8-11 September at the Gold Coast Convention Centre.  For those looking at attending the early bird registration offers a few hundred dollars off the full price and is available until around July 14.

Windows Server 2008 R2 Availability

Windows Server Marketing, Group Product Manager Ward Ralston has just announced that Windows Server 2008 R2 should be released close to the dates announced last night for Windows 7, that being RTM in late July with a 22 October General Availability. 

WDS Update

Following on from yesterdays post about WDS Errors when using the Enhanced vmxnet adapter in Windows PE, I’m happy to announce that embedding the drivers from VM Tools from ESX 3.5 U4 didn’t work either.

Windows 7 Dates Announced

Microsoft has confirmed in Taiwan during the Computex keynote, that Windows 7 will RTM in the 2nd half of July and hit General Availability (Retail and OEM) on October 22.  This means TechNet, MSDN, SA Customers and customers with Select or Enterprise Agreements should see it on their download portals soon, although no date has been given.

On the Windows Server 2008 R2 front there is still only a date of H2 2009.

WDS Error ESX 3.5 U4

It’s been sometime since I’ve blogged about a technical issue I’ve had to overcome but seeing as I couldn’t find an answer anywhere on the Internet for this one, I thought it best if I shared a little.

I have a WDS Server which is used to compile the build for our Windows Server 2008 environment, however we don’t utilise PXE and so a Media deployment point is used for the majority of installations.

Yesterday I went about updating the unattended.xml using the Windows Automated Installation Kit (WAIK) and validated the file before updating the deployment point.  I’m still developing the Windows Server 2008 SOE and wouldn’t be updating things once they were in production.  When I started to deploy an image, using a Datastore ISO on a new ESX 3.5 Update 4 Server, as the change occurred from the Windows Boot PE environment to the installation phase I received the following error.

Hitting OK I was presented with the failed deployment wizard screen. and the error: Non-zero return code executing command “X:\Deploy\Tools\X64\TsmBootstrap.exe” /env:SAStart, rc = –214746259.

Firstly I went for the easy solution www.google.com and was only able to find a single reference to the error on Ben Hunter’s BDD Blog and the fix listed is to re-import source files on the deployment point.  This didn’t seem like the issue I had, as the install.wim was injected to MDT directly from media and hadn’t been modified.

I decided to take a look through a few of the log files that WDS creates.  This can be done from within the Windows PE environment which the installation had returned too.  I fired up notepad from the command line browsed to the log path X:\MININT\SMSOSD\OSDLOGS, changing the file type to “All Files” displays all the log files in the common dialog.  I thought I’d start with the BDD.log.

No errors in BDD.log and the last command run was the format of the system disk.  Next I opened LiteTouch.log and the last line is “<![LOG[About to run command: “X:\Deploy\Tools\X64\TsmBootstrap.exe” /env":SAStart]LOG]!> and time/date stamp.  I was getting closer as this was the command the returned a non zero exit code. 

On a side topic an exit code of zero indicates that the application or command ran successfully, thus a non-zero means that an error has occurred.

Opening ZTIValidate.log the first line caught my eye. <![LOG[The task sequencer log is located at X:\windows\TEMP\SMSTSLog\SMSTS.log.  For task sequence failures, please consult this log.]

Opening the SMSTS.log I can see some errors about being unable to write logs, then I see the C:\ get formatted, so I assume as the disk hadn’t been formatted when trying to write the logs before caused these errors.  Sure enough following the format the log is able to be saved.  As I continue through the file I can see the steps from the Task Sequence successfully completing, “Inject Drivers”, “Apply Patches” etc.. then I find this error.

<![LOG[Failed to run the action: Install Operating System.  A device attached to the system is not functioning.  (Error: 0000001F; Source: Windows)]LOG]!>

Since this is a VM I figure isolating the hardware should be fairly quick.  To assist in my troubleshooting I decide it would be easier to get the logs of the server and onto my workstation where I could search them easier so I jumped back to the command prompt and checked I had an IP address. 

Hmm a little strange, then I remembered that I had selected “Enhanced vmxnet” as the type of Network Adapter when creating the VM.  That had me thinking that perhaps I should have selected E1000 or built the server without the adapter at all (at least initially).

Taking the easy option I simply “unconnected” the network card and rebooted to restart the deployment.  It once again failed so I completely removed the NIC and it completed with no problems.  Once the deployment was complete I simply added the NIC.  Now things are working, and moving forward I’ll try and get the drivers injected into PE.

Vista and Windows Server 2008 Service Pack 2 RTW and the SVVP Updates

Vista and Windows Server 2008 Service Pack 2 is out and available for download by clicking here.  I won’t run through the features as I’ve blogged about them previously.  It should be noted at Exchange 2007 is fully supported on the platform. 

The SVVP hasn’t been updated to include Windows Server 2008 SP2 but ESX 3.5 Update 4 is there…. still waiting for vSphere to make it’s appearance.

Windows Server 2008 R2 Easy Admin

One feature that was available in Hyper-V server (not Windows Server 2008 with Hyper-V enabled) was a text based config menu to set the IP address, computer name etc… Well this guy is now available in Server Core on Windows Server 2008 R2.  The command is sconfig.exe and allows a text menu based config of all the standard options that previously needed a number of commands (think netsh, net computer etc..) or Core Configurator to be installed.

This will greatly help IT Pros get their Server Core installations up and moving.  Also don’t forget that Server Manager can now be used to connect to remote installations and that includes Server Core also.  All up making Server Core management a little nicer. 

P.S don’t forget that Powershell is there too

Windows 7 /2008 R2 RC and some other releases

Windows 7 / Windows Server 2008 R2 both hit Release Candidate last night (for TechNet and MSDN subscribers).  Whilst most will need to wait for the public release on May 5.

This is a significant release as it marks the end of the development cycle at Microsoft, in terms of features, with the focus now on bug fixing.  I’m yet to download the RC and test it out but if it’s as stable as the Beta this should be a good indication of a fantastic Operating System in the wings and a well needed boost to Microsoft’s reputation following the backlash against Vista.

As for other announcements, Windows Vista and Windows Server 2008 Service Pack 2 has just completed the RC phase and notes around the release are available, no date as yet though.

Along the Service Pack 2 lines, Microsoft Office 2007 SP2 went RTW a day or so ago.  The release addresses some performance issues around start up an shutdown of Outlook among other things.  Seems to be stable enough on my Vista SP1 machine so go and grab it.

Moderated Distribution Lists

How many of us have seen people who are authorised to send to large Distribution Lists make a mistake.  An embedded picture that doesn’t fit, formatting issues, spelling mistakes, maybe the message is sent to the wrong DL??

Well fear no more as Exchange 2010 introduces Moderated Distribution Lists which allow for emails to be approved prior to being sent.  This picture should sum up the options:

I would like to see a tick which prevents members approving their own emails to add extra protection…. however moderators are bypassed by default. 

The moderation model is explained in detail at http://technet.microsoft.com/en-us/library/dd297936(EXCHG.140).aspx

Expect more on some new Exchange 2010 features as I discover them.

Vista in perspective

I will be the first to admit when I first used Windows Vista back in a pre, pre, pre Alpha release I was impressed but by the time the Release Candidate came around I was a little shaky.  It was fraught with performance and compatibility issues and the lack of Administrative tool support really annoyed me.  Furthermore UAC was a technology I wasn’t fully understanding at the time and applications such as the Cisco VPN client were not working for me at all.  But this was, after all, a pre-release copy of Windows and I was to expect that there would be issues.

Fast forward to release, Microsoft Windows Vista RTM and a subset of the issues remained.  Anti-Virus / Malware products needed to be updated as did the Cisco VPN client.  UAC prompted me 4 times to create a folder in “Program Files” and I still had some performance issues.  This prompted me to take a trip down memory lane to when Windows “Whistler” (that was the pre-release codename for Windows XP) was launched back in 2001. 

The fancy new start menu and bubble like task bar, multi coloured large min, max and close buttons.  This looked more like a children’s toy then an operating system that was designed for both the corporate and home markets.  Furthermore compared to the more plain UI from Windows 98 or 2000 it was slow.  My Pentium 3 with 32MB of RAM didn’t need this extra overhead in the operating system… my system resources were needed for running applications.

This caused a mixed emotion in my mind… I remembered back to the Windows 3.0 days when I would happily chant.. why run an application on top of the Operating System (MS-DOS) that will consume my resources just to get some pretty graphics.  My beliefs were forced to change when Microsoft released Windows “Chicago”, aka Windows 95.  I accepted this GUI was the way forward and embraced it, although very quickly removed all the extra animated icon software that IBM had installed in their OEM release.

Back to Whistler… the outcry at the time and the number of users who dropped back to the classic start menu and theme to avoid the wasting the resources on graphics was considerable.  I persevered with the new start menu as I realised it was the way forward and I needed to keep pace.  Over the years I grew to love the new look XP and really like how it has developed further in Vista and 7.

Fast forward back to 2006 and the launch of Vista again, with my apps that didn’t work, no Administrative tools for my servers and again the question begged.. Why do I want my operating system to consume all of my resources?  It was the same question I had asked myself just 5 short years earlier.  What had happened during those years, why was I happy running Windows XP on the same hardware that I would not take near Vista.  The answer was simple… the improvements in standard and affordable hardware were streaks ahead of what was available when XP had launched.  I was now running a Core 2 processor and at least 1 GB of memory which was well beyond even the recommended hardware for XP… yet not far above the minimum for Vista.

So what happened to cause the massive uprising against Vista it was simple.. we lost the performance we had enjoyed for so many years, our applications stopped working and now we were getting prompted to perform tasks that used to happen.  It took some time for ISV’s to get software updated to run on Vista and often times this required an upgrade which costs money.  It also kept a number of corporate players away and as time passed and more and more people experienced these issues the good name of Vista turned bad.

When Service Pack 1 launched things started to turn around.  The hardware had moved along, UAC was much more refined and many ISV’s had updated their software.  In fact now if you speak to many Vista SP1 users they actually quiet like the Operating System.  This was highlighted even more when Microsoft conducted the Mojave Experiment last year.  They basically grabbed people off the street who hated, yet had never used Vista and showed them Vista, but called it Mojave (the next version of Windows).  Almost everyone liked it and they were shocked to find out they had been tricked… They were even more shocked that a good Operating System namely Vista had such as bad name.

As I continue to rant I am slowly reaching the point of this post… today the Sydney Morning Herald published an article titled “Meet Microsoft’s antidote to Vista” which introduced readers to Julie Larson-Green the Corporate VP of Windows Experience at Microsoft.  The article continued on the usual path of the Media slamming Vista and let the reader know who, moving forward, was responsible for the user experience of Windows 7.   As a side note, Julie is not new to the big roles or to big changes at Microsoft, she was responsible for the “Ribbon” in Office 2007. 

Yet the question begged, excluding performance (and UAC which is a security related feature) what was actually bad about the Vista user experience?  No one has been up in arms about Aero, the sidebar, search functionality, the start menu or the reduced system tray pop-ups.  The article it seems, had no substance and no message it is nothing more than a seed article, a piece that the Sydney Morning Herald can refer back to if the Media slams Windows 7 at the launch.

Having used the Beta of Windows 7 extensively, I will state the Beta could almost have been the RTM it is very stable and runs well on older hardware.  But Windows 7 would not have been possible without Vista.  Vista was the major facelift which pushed Windows out in front when it came to security albeit at the price of performance.  Was this a fair price to pay?  Considering the global deployment of Windows, the number of black hats actively exploiting it, wouldn’t we all rather wait an extra 5 seconds for an app to load at least knowing our data was safe?

Windows 7 will be the hedging operating system, much like Windows XP bought the corporate and home desktops together, Windows 7, will bring the security and performance together all the while building on the solid foundation provided by its ugly older step brother, Windows Vista.

Useful Links

For our internal Tech Forum @ work I recently joined a discussion about useful links and places on the net for information.  After reading it back a few times I thought it would work as a good blog post here also… so here it is.

Here’s my list

Troubleshooting

www.eventid.net – Just drop in a Windows event log ID and search.  Whilst the links won’t work unless you subscribe the results provide the KB article numbers for TechNet so just go there manually.

www.google.com – Sounds generic but it often works, I use it with the advanced searching features and often refine my search to site:support.microsoft.com.  I find it better than using live search on Microsoft.com.

Evangelism

http://edge.technet.com – A great resource for all things Microsoft.  There are links to Channel 8, 9 and Mix for those who prefer a bit of Development work also.

Blogs

Often a great source of information are blogs…

http://blogs.technet.com/windowsserver – The Microsoft Windows Server Product Team….nuf said

http://msexchangeteam.com/ – The Microsoft Exchange Product Team … The Exchange team started the blogs

from the product teams @ MS and this is brilliant.

http://blogs.technet.com/askds – Active Directory Product Team

http://blogs.msdn.com/clustering – The Clustering Product Team

http://blogs.technet.com/jeffa36 – Jeff Alexander is a Microsoft IT Professional evangelist based here in Sydney.  He is a great resource for all events based in Australia. 

http://blogs.technet.com/mkleef – Previously Michael held the same role as Jeff but based out of Perth.  Michael

is now the Program Manager of Group Policy in Redmond.  Lots of good GPO/GPP info here.

http://blogs.technet.com/security – Jeff blogs, researches and writes a lot of published articles about Security Updates, risk profiles, and vuln management.

http://blogs.technet.com/markrussinovich – Not updated that often but if you want some blow your mind technical detail this is a great place.  Mark Russinovich started the Sysinternals company which was bought by Microsoft a couple of years ago.  He is a Technical Fellow who works on Windows Kernel development.

http://blogs.technet.com/steriley – Again not updated often but Steve works with the Microsoft Trustworthy Computing Group and is one of my favourite speakers at TechNet events and TechEd.

Newsletters / Email

Not sure about other vendors but Microsoft offer a large number of subscription based newsletters.  I subscribe to many of them including the AU, UK and US Technet Newsletter.  The Technet newsletter is great as it lets me know when the TechNet Magazine is available each month.  (currently it’s only available online for non-US folk)

A few Microsoft and VMware Announcements

First up clearly we haven’t seen the release candidate for Windows 7 as yet.. although a leaked TechNet page did indicate a late May / June release.  Either way we will have to wait and see.

SQL Server 2008 SP1 was release and is mainly a collection of the hot fixes already released.  I haven’t read the full release notes yet so you will need to do so before looking at implementation.  Click here for a shortcut to some notes.

On as bigger scale as Windows 7, VMware have announced that vSphere 4 will be launched in May.  vSphere is the new name for ESX and has some vExciting features including distributed switches and fault tolerance.  Fault tolerance is a pre-staging for vMotion and HA so rather then a cold restart of a VM quest on host failure the memory is already mirrored to another host and fails over without restart.  A really cool feature which will leave ‘live migration’ in Windows Server 2008 R2 still a long way behind the 8 ball.

Windows 7 RC April10??

There is a lot of talk about a possible April 10 release for the Windows 7 Release Candidate with possibly an RTM as early as July. 

Fingers crossed

Active Directory management is growing up

First came Exchange 2007 and the integration of Power Shell.  This was closely followed by a number of applications from the System Centre family and SQL Server 2008.  Finally Active Directory is now having it’s turn to move to Power Shell based management with Windows Server 2008 R2.  

Quest Software released some free modules a while ago which worked well but this move by Microsoft will introduce the Active Directory Administrative Centre, a new Management console built on top of Power Shell 2.0, providing a completely integrated management approach.

Service Pack 2 Edges Closer

Last week Microsoft announced the availability of Service Pack 2 Release Candidate for Windows Vista and Windows Server 2008.

Click here for the full list of changes but below is a quick summary:

• Support for native writing of Blu Ray media
• Improved Power Management
• Windows Search 4.0 is included

Windows 7 | Problem Steps Recorder

Keith Combs has added a screen cast to Edge this morning about the Problem Steps Recorder in Windows 7.  This app looks great for the non-corporate environment where a remote control application isn’t available.  It also looks great for compiling screenshot documentation of an application install.  Let’s hope it works well at recording a terminal session accessed from a Windows 7 client.

Lessons from the Trenches – OCS R2 and Windows Server 2008

It’s been a little while since my last post and I’ve been busy designing an Exchange 2007 and Office Communications Server 2007 R2 (OCS) implementation.  Previously I was working on getting a Mailbox SCC cluster working.  All fine on that front but I wanted to share some experiences from the OCS R2 Enterprise proof of concept (POC) that I built as this was a little tricky.

First let me preface this post by stating my OCS experience is near zero.  OCS to me is like a car, I can talk about all the features, why it should be purchased and implemented, but ask me to put it together and it’s a different story.  The POC was built on Windows Server 2008 EE x64 running on Windows Server 2008 Hyper-V.  All the guests are configured on an isolated network and in their own domain. 

The biggest and the first lesson I want to pass on is use the Event Logs and not the System or Application log for that matter.  Different errors during the installation provided a number of cryptic errors, displayed in a pretty HTML which proved to be useless.  Once the installation commences an Office Communications Server event log is created in the Application and Services logs node of the Event Viewer.  During the installation of my front server (I’ve split OCS FE, Archive and SQL) all the cryptic error messages and the Application / System logs left me with nothing.  But the OCS log was happily logging away telling me to install MSMQ.

The next big lesson was around SQL Server 2008 EE running on Windows Server 2008 EE x64.  The SQL Server install doesn’t update the Advanced Firewall and so you will need to open up port 1433/TCP or traffic for the SQL application exe. 

Get yourself an Administrative workstation and install Telnet (if it’s kernel 6+).  The exclusion of the telnet client from the default OS build annoys the hell out of me to the point that I’m thinking about including it in our SOE.

The final lesson for today is more around a direction I’m taking with the SOE, use Servermanagercmd it is your best friend.  Servermanagercmd is a command line utility which installs and removes roles and features of the Windows Operating System in a full installation (OCsetup is available on Server Core).  Most of the Microsoft Apps, such as SQL, Exchange have a list of the exact roles and features needed to support the application.  By using Servermanagercmd writing rebuild instructions is a lot easier as all that needs to be added to the doco is the list of commands, rather than, Open Server Manager, right click on Roles, add Role, select from the list and then select all these sub components. 

I should state I do have a working OCS R2 POC after all that and I’m looking forward to getting it into production, without Enterprise Voice…. for now.

Windows Server 2008 – Failover Clusters in a box

Well this week I’ve been looking at building a POC for Exchange 2007, basically just extending the schema, adding a HT, CAS and thought…. why not add an SCC Cluster for the Mailbox Server.

First up let me expand on what is meant by SCC.  Exchange 2007 introduced a number of storage and replication options for the Mailbox Server including Cluster Continuous Replication (CCR), Standby Continuous Replication (SCR) and Local Continuous Replication (LCR).  SCC is a Single Copy Cluster basically what we were all happy and used to running in Exchange 5.5 to 2003.

Of course this is 2009 so I am running my Exchange 2007 servers on Windows Server 2008 which uses SCSI-3 for communication with Cluster disks, which is not available on either of the SCSI Controllers in ESX 3.5 Update 3.  Here’s to hoping that VMware get working on that in the mean time I’m dropping back to iSCSI or Windows Server 2003 R2.

Microsoft IT Professional : Enterprise Administrator

Seeing as it’s taken me 6 months and 9 exams I feel like gloating about finally becoming a Microsoft Certified IT Professional : Enterprise Administrator (MCITP:EA).  Since June I’ve moved from an MCP on XP and 2000 Server to an MCSA + Messaging 2003, MCSE 2003 and now MCITP:EA.

Exam 70-649 – Upgrading your MCSE 2003 to MCTS 2008

I sat for the first of my upgrade exams from MCSE 2003 heading toward Microsoft Certified IT Professional : Enterprise Administrator on Windows Server 2008 last week.  The biggest thing about 70-649 was how easy this exam was.  Without giving too much away I would spend about an hour a day reading blogs from the likes of the Directory Services team, the Exchange Team, Jeff Alexander, Mark Russinovich, Steve Riley, Rocky Heckman and a stack of others as well as Technet newsletters and browsing Technet Edge so I do keep up to date.  So with all this reading felt I should be prepared for the exam and I was. 

Rather then blowing my own horn here the praise should really go to the speakers at Tech Ed 2008 Australia, Jeff Alexander and Derrick Buckley (Derrick runs the Sydney Windows Infrastructure User Group) who’s content both speaking and blogging have made this experience so easy.  Unlike the days of exams being almost ‘tricky’ and not evident of the ‘real world’ the new exams seem worlds apart and the speakers who represent Microsoft actually give you a lot of information needed to run off and look at doing the upgrade exam. 

That said I wouldn’t recommend just running in and doing it tomorrow if you’ve never used the Operating System but if you read a lot, pride yourself on keeping up with technology and are interested you shouldn’t find this exam too hard.

Boot from SAN

I’ve been trying to get another post out for the last week on Windows Server 2008 R2 as a follow up to the new Active Directory Features.

Reading through the Windows Server 2008 R2 Reviewers Guide I’ve come across a number of new features and whilst I’ll get a post out on Cluster Shared Volumes and Processor Power Consumption (although anyone who has seen the Intel ads on TV would kinda know where I’m going with that one) a feature that caught my eye was Boot from SAN.  Whilst this is certainly not a new technology (I was using it to replicate boot volumes four years ago) it is interesting to note that it’s listed as a feature for Windows Server 2008 R2.  It’s being pitched as a power consumption and Green Computing initiative as it reduces the power requirements of Servers and it also improves the reliability as Hard Disks are generally the major cause of a failure.

However I’d like to think it also opens up the door for greater use of Blade Technologies.  Recently I designed and implemented a VMWare ESX 3.5i embedded solution on IBM HS21 XM blades with no hard disks.  A really big win since the HS21 needs to be removed from the chassis to access the internal hard disks which means downtime.  Perhaps this move from Microsoft will help push the boot from SAN and open up the idea of Blade Technologies also.

Food for thought…..

Windows Server 2008 R2 – Active Directory Features

No doubt the biggest news this week has been around the announcement of Azure, Microsoft’s new cloud based platform, Windows Server 2008 R2 and Windows 7.  In this post I want to concentrate on the Active Directory features of Windows Server 2008 R2.  There has already been quite a lot of noise about "Live Migration" of VM’s in a Hyper-V cluster and that R2 will only be available in 64bit.  However there are always other features like improvements in ADDS that never seem to quite get the air play they deserve.

Windows Server 2008 introduced some great new features into ADDS including the RODC, GP Preferences and Fine Grained Password Policies.  Whilst these features are fantastic the next release of Windows Server is going to concentrate on the subtle improvements.  First up… How often have you deleted an account that you didn’t mean to.  Windows Server 2008 introduced protection against accidental deletion of some objects but not all.  Well bring in the humble "Recycle Bin" from Windows.  The "Recycle Bin" is domain based and will require a schema and forest functional level update to Windows Server 2008 R2 so don’t expect this feature to be too widely used on day 1.

Active Directory Centre (ADC) is the new ADDS Console which replaces Active Directory Users and Computers which has been a trusty companion since it’s release nearly 10 years ago.  At this point in time I’ve only seen a screen shot of the console and can’t confirm whether other ADDS Consoles, such as Sites and Services / Domains and Trusts, will also be migrated to this format.  The ADC (not Active Directory Connector …. I shudder when I think back to that little guy with Exchange 5.5) is a task based management console built on top of Powershell. That’s right it’s what we’ve all been asking for Powershell comlets for Active Directory management yeahhhh.

Ever wanted to join an ADDS domain but not had the box on the network at the time.  The big scenario maybe at your Vendor site where laptops are imaged prior to arriving.  Embedded in the deployment process is an XML file with all the information needed to join the domain once the laptop arrives on site.

The big ADDS feature for Operations teams is the introduction of "Managed Service Accounts".  These accounts record the usage and automatically update the password where applied when reset.  The best example would be a service account running services on multiple servers.  At the moment the Administrator needs to open a Services console, open the service, update the logon information and type in the updated password.  Then to confirm that the password has been typed correctly, restart the service which of course means an outage.  Managed Service Accounts will automatically perform this update for you ensuring consistency and removing the need for an outage.

If Exchange 2007 was the first step…. Windows Server 2008 R2 is the first day of school

When Exchange 2007 launched the big news was around three advances.  The first was Powershell, and the number of features not available in the GUI (although a lot reappeared in SP1), the second Unified Communications and finally that it would only be available (for production use) in 64bit.  Microsoft has announced at PDC (Professional Developers Conference) over night in LA that Windows Server 2008 R2 will also be the only available as 64bit. 

This is a significant announcement and one that is welcomed from me.  All procs produced in the last couple of years have been 64bit and pushing the OS to a pure 64bit release will continue to unlock the full potential of the hardware.  Moreover it will save organisations from having to download and store updates in both 32 and 64bit editions in applications like WSUS.

No doubt this announcement will see all of Microsoft’s Server applications slowly start to only be released in 64 bit as well.

Interesting Read

It’s been a while between posts and rather then actually posting something today I’m simply going to point you to a post by Mark Russinovich named "The case of the slooooow system".  Whilst this was posted a while ago I’ve only finally gotten around to reading it… which may explain why I haven’t posted either.

Have a read because it really shows some great troubleshooting skills and usage of Process Explorer

Tech.Ed 2008 Update 2

Well it’s taken me a week to get this second post out but hey, I’ve been on holidays spending a week on the Gold Coast and relaxing before the hectic run into Christmas.

Moving on the main component of Tech.Ed the sessions I spent a lot of bouncing between the Security and Server tracks.  I did an awesome Deep Dive with Gavin Carius on Network Access Protection.  Having been to a few NAP sessions previously, read about it and even setup a DHCP NAP Lab I was really happy to see NAP in action both using IPSEC and 802.1x and Gavin offered a number of options for staged deployments and considerations for distributed environments.

The other great sessions were those presented by Steve Riley who spoke about Privacy, Security and told a number of war stories as well as speaking about he’s thoughts on Microsoft products including the use of Microsoft Passport for internal web applications (available as an add on for Visual Studio 2008). 

I know this is only a short post on the event given the previous rant but hey it’s a week on..

I will close by saying get along to Tech.Ed Australia next year at the Gold Coast Convention and Exhibition Centre.

Tech.Ed 2008 Update 1

It’s been a big week in and out of the class room this week at Tech.Ed with the nightly events taking there toll on me, the mornings have been a real struggle but it’s the last day of a great week and it’s time to start writing about what has been.

The week started with two days of "Pre Conference Training", my course was run by Ryan Gordon of Longneck Consulting and covered Exchange 2007, Unified Communications and Office Communications Server.  This was a great look at how MS has extended the capabilities of their product suite to include Voice, Speech out of the box in Exchange.   The training involved a series of labs and working with Virtual PC (we needed to use an audio driver which isn’t in Virtual Server) and an Audiocodes MP-114 FXO SIP Gateway.  I used the labs on Exchange to strengthen my Powershell skills. 

Moving on to Tech.Ed proper on Tuesday night I was a little disappointed with this years Bag, whilst it is smaller than last years and that’s got it’s advantage I tend to carry a lot around

1. Laptop (Lenovo R60)
2. Mouse (Microsoft Wireless Presenter Mouse 8000)
3. Small USB hub (6cm x 6cm x 1cm)
4. A collection of mini USB<-> USB cables
5. USB cable for my phone (Palm Treo 750)
6. Cable Lock
7. Cat 6 patch lead (2m)
8. Cat 5e X-over lead (5m)
9. WD portable HDD
10. Power supply for my lappy
11. Stanton DJ2000 Pro Headphones
12. iPOD Power Adapter
13. iPOD USB Cable
14. CD Case (meant to hold about 15 discs but it’s full of nearly 30)
15. 3G Modem
16. My Leather Folder that I keep my notepad in…

So quite quickly I’ve filled the bag and having a cool pocket, lined with the reflective stuff you get in soft esky’s (chilli bins if you a kiwi) minimises the space for all my other stuff.  That said, for travelling last year’s Targus bag often had problems getting into the overhead bins on the plane.

Getting over the bag which I’ve just typed more about then was needed the Welcome Party on Tuesday night was a good chance to catch up with some of the guys that I’d worked with previously and see how things are over a few drinks.  Again the disappointment that this year the beer being served is Toohey’s New and not Crown Larger, oh well it meant I would be drinking White Wine for the week.

The only other big news on Tuesday was that Laura Chappel would not being here for Tech.Ed in Sydney….. Bit of a shame but here’s to hoping that Rocky Heckman (Security Track Owner) can get her out here for next year….

The case of the relapsing A record

Just recently I built and then shipped a server to a remote site.  As the server arrived there were a range of changes that occurred at the remote site including a large network infrastructure change and the creation of a new VLAN to host this server.  To make things worse this server is the first branch server in our new software development / desktop management solution.

The server arrived and was racked, etc.. by the local team and immediately errors started occurring with DNS.  When the network changes were finished and I was able to get onto the server I ran "ipconfig /registerdns" to update the servers A record in our Active Directory Integrated zone.  All appeared okay and the record replicated across the forest (yes we were using Forest DNS for this zone).  At some point through replication, the record reverted back to the IP from main office in DNS and of course started causing lookup errors.

With about 30 DC’s / DNS servers holding this zone troubleshooting was difficult.  So the first change was to move the zone to a domain replication and create a sub zone for this domain elsewhere in the forest.  This was done and had reduced the number of DNS servers I had to monitor down from 30 to 4 but of course failed to correct the issue. 

The next day, post change, I went about monitoring the replication of the DNS data across the domain.  After a few hours I discovered that the PDC emulator was the Domain Controller that was first writing back the old IP.  Looking at the ACL on the A record I was surprised to see a DC from another domain in the forest but located in the main office had a write ACE on the record.   Then it struck me, that DC was also the DHCP server for the site.  Looking at the properties I wasn’t surprised to see the scope properties set with  "Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0). " checked.

Un checking the option and just for the hell of it, removing the DHCP lease resolved the issue.  Bit of a tough one but got there in the end.

Windows Server 2003 Clusters in a box

Clustering is a great way to increase application level redundancy especially for Exchange and SQL Server and using VMWare ESX this technology can easily be deployed in a low cost and time effective manner.  I work a lot with Virtualised Servers running on ESX but I am not completely convinced of the fact that anything can run on Virtualised infrastructure.  In fact I out and out refuse to run clusters on ESX (or Hyper-V) for that matter, but when it comes to the lab and not the production network it’s a different story.

Today as you can guess I have run up my first MSCS on ESX and it’s working very well.  I’ve kept it simple using a single ESX host with just local storage.  Here’s the platform:

1 Dell PowerEdge 2950
2 x Quad Core Intel Xeon X5355 @ 2.6Ghz
32GB RAM
4 x NICS (2 onboard and 2 on a duel head NIC)
2 x Qlogic QLA2432 HBAs
3 x 300GB RAID-5 plus 1 x Hot Spare (4 disks total) in a single Datastore
VMWare ESX 3.5 (Stand Alone, no VC)

The ESX box is built with the default options all the way so I’m not going to dive into that too much. 

The Cluster nodes were build with:

2 vCPU
4096 MB RAM
2 x NICS, 1 for Private and 1 for Public Comms

The cluster is configured with 3 disk resources, 1 for Quorum, 1 for Data and 1 for Logs. 

The nodes were built up first and joined to the domain.  Next came the cluster disk resources.  This took me a little bit of time to get going as I wasn’t familiar with creating internal shared disks on ESX.  The task itself is easy firstly log into the server console, putty is my tool of choice for SSH and elevate your privileges to root.  Shared disks can’t be created using the GUI so you’ll need to use the following command:

vmkfstools -c 2G -a lsilogic -d thick /vmfs/volumes/Volume/Folder/quorum.vmdk

In this example I’m creating a 2 GB disk at the path listed using the name "quorum".  Buslogic disks aren’t supported so ensure that lsilogic is used.  Once all the disks have been created we can head back to the GUI VI Client and add the new disks to our servers.  When adding the disks ensure that the SCSI Virtual Device Node is a different channel to your system disk.  For instance choose SCSI (1:0) or (2:0) as your system is created at SCSI (0:) by default.  This is because a shared disk in an MSCS cluster cannot exist on the same bus as the system disk.  If you’ve selected the correct bus you’ll notice that a second SCSI Controller is automatically created also.  Click on the Controller and change the SCSI Bus Sharing to "Virtual".

Now it’s simply a matter of starting up the first node and configuring the cluster. 

Is IT Like Fashion??

On my desktop calendar (the old flip over the page paper kind) each day is a quote.  To be honest this is the only reason I even have it.  Each day I’m actually at my desk, I turn over the page and read the quote of the today and catch up on the days I’ve missed.   One quote that has stuck in my mind is from Tuesday 11 March "Fashion is a form of ugliness so intolerable that we have to alter it every six months" – Oscar Wilde.  Thinking about the speed and cyclical nature of the Fashion Industry, started me thinking about IT and the Technology cycle.

Unless you’ve been living under a rock (or raised floor) for the last 5 odd years the concept Virtualisation or thin computing will not be a new one.  In fact if you are old enough to remember the days before Windows or DOS this concept will not be new at all.  Back in the 3rd quarter of last century the use mainframe and thin clients boomed.  IBM had the cornerstone of the market (and still does with the Z series).  Mainframe computing continued in this fashion until the boom of the Personal Computer and more specifically Bill Gate’s Microsoft Disk Operating System (MS-DOS) and eventually Microsoft Windows.

Recently though the move to bring the desktop back into the Datacentre has started all over again.  A number of players such VMWare with Virtual Desktop Infrastructure (VDI) and Citrix with XenDesktop have already moved into this space showing the value of minimum images, backup, availability, scalability and reduced time for deployment.

Whilst thin computing on Windows has been around for a number of years with Citrix Metaframe XP, Presentation Server and Terminal Services, this is the first time that we’ve actually seen a dedicated per user desktop available running a desktop operating system such as Windows XP or Vista.

Will it work?? Personally I’m a sceptic.  I love the fact that I can carry my laptop with me and do what ever I need with it.  That said backing up my laptop, or trying to restore from bare plastic (let’s face it my Lenovo is not made of metal, at least on the outside) is not always the easiest or most time effective task.  Does it have a place in the Enterprise? Yes, but like all technologies this is by no means a "Silver Bullet"

RSS Feeds in Outlook 2007

For the last few weeks I’ve noticed that the number of RSS feeds coming into my inbox has been on the decrease.  When I compared the items in Outlook to those in IE7 I found that some items weren’t coming across to Outlook from the Common Feeds list.

By removing outlook.sharing.xml.obi, ~last~.sharing.xml.obi, and outlook.xml.kfl from

Windows XP: %userprofile%\Local Settings\Application Data\Microsoft\Outlook
Vista:           %userprofile%\AppData\Local\Microsoft\Outlook

I was able to get the feeds to download again.

Happy Blogging

Andy, IT Guy

Came across a great little blog today.  Really sums up the progression of the Engineer…..

http://andyitguy.blogspot.com/2008/06/hello-my-name-is-andy-and-i-attend.html

Enjoy

Minimum Requirements

Just noticed that you can’t install Windows Server 2008 with less than 512MB of memory.  That said, once built a Server Core DC/GC with DNS runs well with just 256MB in the lab.

Microsoft / Windows Update

Like many companies I’ve worked for our internal Patch Management isn’t any where near the level of automation that it should be.  As a result new servers are deployed and Microsoft Update is run to ensure that at the time of build and handover the servers are updated with all critical and security updates.  Not really a bad idea as the scan engine used by Microsoft Update is going to pick up any updates that a 3rd party utility could miss.

The issue I’ve been finding lately is that a number of Engineers run Microsoft Update just once.  This has the potential to still leave servers vulnerable.  Let me explain.

A Windows Server 2003 R2 SP2 server is deployed and dot NET Framework 2.0 is installed via Add / Remove Programs.  Microsoft Update is run and sure enough dot NET Framework 2.0 Service Pack 1 is needed.  The Engineer installs the update and is done.  However there are a number of post SP1 updates that are also needed.

The point is, to ensure that servers are completely updated, running Microsoft Update should be like running ISINTEG on your Exchange Stores.  Continually run and re-run until no further updates are needed.  Once this process has completed the server can be added to the scheduled update list and covered by the Patch Management team.

Happy Patching.

Standards Part 1

View article…

Server Core – Big Server – Small Footprint

I am just loving Server Core at the moment.  I’ve always found it a struggle to run multiple VM’s on my laptop for demo’s.  Especially when I wanted a DC/GC which didn’t double as an Exchange, SQL or ISA server.  Usually about 512MB of RAM was assigned to my DC to keep it running nicely but this chewed into my available memory.

My Windows 2008 Standard Server Core box is currently up and running as a DC/GC using just 256MB of RAM and it’s humming along.  Now for the same footprint as a Windows 2003 DC I can set up two Server Core DC’s and have a nice empty Forest root.

Happy Days

Windows Server 2008 – My Favourite New Roles – Part 2

Part 2 and Sever Core and Fail over Clustering.

Server Core is by far the biggest improvement in Windows Server 2008. 

In short Server Core is a streamlined install of the Windows Server 2008.  This option greatly reduces the size, complexity and most importantly the service area of attack of a Windows install.  A number of vulnerabilities have been disclosed effecting components of Windows which aren’t required in a Server operating system such as Outlook Express or Media Player.  By removing these components Windows Server has become a more stable, scalable and secure operating system.

Due to it’s streamlined install there is no GUI in Server Core instead all local administration is performed from the humble command line.  The flip side is that only a subset of roles can be installed on a Server Core installation.  A complete list is available at http://www.microsoft.com/windowsserver2008/en/us/compare-core-installation.aspx.

The only problem I ran into with Server Core was the initial configuration.  For a Windows Guy I consider my command line skills pretty good, probably from my DOS days.  I launch most Control Panel applets from a command line, when I ran a Tivoli Storage Manager environment I used the command line.  But I started to run into problems with Server Core.  Why??? Well.. Have you ever set an IP address from a command line??  What about setup configured the Advanced Firewall in Vista or 2008 Server?? Configured an iSCSI initiator??  The answer is probably not.

Sure the Remote Server Administration Tools can do most things but what about the initial tasks such as the IP Address??  I will cover a number of commands in upcoming post but in the mean time why not check out Core Configurator by  Guy Teverovsky.  This is a simple tool which completes the simple admin tasks such as setting an IP, Installing Roles and Features and completing the activation process.

Fail over Clustering is one of my favourite improvements in Windows Server 2008.  The two big wins for me are Validation Wizard and the introduction iSCSI disks for the configuration. 

The Validation wizard checks the hardware and software configuration of the Cluster.  If the tests are passed then the Cluster will be supported by Microsoft Premier Support Services.  This is a quick way to check the configuration of the cluster and instantly know it’s state.  It removes the time that previously needed to be spent trawling through the Cluster Hardware Compatibility List and finding a supported configuration.

The use of iSCSI disks isn’t one that I would approve for production but for the lab, demo’s and training it is a quick and cheap win.  A number of software iSCSI targets are available allowing for a cluster to be run on a single computer with Virtualisation.

That’s all for now….

Mick

Time Changes, The Media and NTP

Through all walks of life people have been effected by the change of daylight savings which didn’t occur this weekend.

Traditionally Daylight Savings Time (DST) in Eastern Australia has finished on the last Saturday night (well very early Sunday morning) in March.  A change to legislation has pushed this back a week to the first weekend in April in a bid to lower power consumption and thus reduce carbon emissions.  The start of DST has been bought forward by three weeks also, which comes into effect later this year.

Today the media has been reporting of ‘computer bugs’ and ‘computer glitches’ which automatically in-corrected clocks.  News.com called the error a software ‘cock up’.  What really caused the issue to occur?? It was a combination of hard coding items like DST settings into software and not having a process for updating the software.

The real issue today, wasn’t technology it, was process.  Software designers have a responsibility to ensure that their software will be usable from the factory and through life cycle.  The only way to do this is to allow updating.

IT Pros also need to wear some of the blame for the issues experienced today.  There were a number of computer systems, that support updating, which didn’t have updated Time Zone settings and were displaying the incorrect time. 

The real test will come tomorrow as the majority of users return to work.  What time will they be turning up to their appointments and meetings??

Windows Server 2008 Security Resource Kit

Just a quick wedge entry…..

I’ve had a copy of Jesper Johansson’s new book on order from Amazon since early this year and it’s finally turned up.  Don’t worry Amazon were quick enough in the delivery, I just ordered it before it was published and the delays occurred somewhere in the publication process.

Regardless, the skim read that I’ve done tonight is enough for me to give it two thumbs up!!  I’ll report more from the book with my highlights when I’ve finished more of it.

More soon….

Mick

Windows Server 2008 – My Favourite New Roles Part 1

The launch events for Windows Server 2008 have now finished here in Australia and throughout most of the world.  The new Roles and Features summarised in the Microsoft Top 10 reasons to Upgrade have been heavily pushed by Microsoft and their Partners alike. 

My list of favourite features differs slightly and I’ll cover these over two posts.  In this post I discuss the Global Names Zone in DNS, the improvements in Active Directory and Network Access Protection (NAP).

The Global Names Zone (GNZ) in DNS is an attempt to remove the reliance on WINS (Windows Internet Naming Service) on the network.  WINS was a cornerstone role back in the Windows NT4 days and is still needed in a distributed Exchange 2003 Organisation.  The Global Names zone in DNS works in a similar way to WINS by using a single label name for resolution.  This allows the computer name to be resolved without the use of the Fully Qualified Domain Name (FQDN) or by customising the DNS Client settings.  It does have a fall back GNZ isn’t dynamic and all entries need to be manually updated.  GMZ also supports IPv6  which WINS does not.

The improvements in Active Directory Domain Services (ADDS) extend from the Data centre to the branch office including the Read Only Domain Controller (RODC), Restartable Directory Services and the ability to assign an "Administrator" to a Domain Controller without granting "Domain Admin".  Snapshot technology has also been added to NTDSUTIL which allows for instant snap to be taken of the NTDS database on a DC and then mounted on a port of choice.  This makes troubleshooting security or time related data a lot easier. 

The biggest improvement for ADDS from a security standpoint is the ability to use fine grained password policies.  Previously only one Password Policy could be applied to the domain however with Windows Server 2008 multiple policies can be applied to groups of users.  Useful for implementing stronger passwords for your privileged accounts (Administrators and Service Accounts).  My only disappointment with the fine grained password policies is the lack of GUI need to use ADSIEDIT to perform the task. 

Health Validation is not a new concept but Windows Server 2008 is Microsoft’s first implementation of the technology and it appears to work very well.  I have not played with NAP yet so can’t get too involved on its inner workings but on the surface it is health and policy enforcement for Windows clients on your network.  Through the use of 802.1x (the preferred method, although DHCP can be used) computers which do not comply with the networks health policy can be restricted in their access.  This can be useful for stopping rouge machines (either from employee’s or their visitors) gaining access to your corporate network until they meet your requirements for Updates and Malware protection.  NAP requires Windows Vista or Windows XP Service Pack 3 (due out soon) on the client side and so is limited until clients are updated.

Stay tuned for Part 2 where I’ll discuss Server Core and Failover Clustering……

I’m Back

Nothing special in this post, but the site is here.

Over the next few days i’ll be re-publishing my old posts to add some content to the site.  So I apologise if you end up with doubles of some of my old posts.