Project4 6/18/08 11:56 AM Page 1 Project8 6/18/08 4:05 PM Page 1

I think we’ve ignored this fi le data problem a little too long.

Get your FREE fi le management ebook at www.brocade.com/ take_control

FEEL LIKE YOU’RE STORING EVERYTHING AND MANAGING NOTHING? BROCADE FILE SOLUTIONS HELP YOU TAKE BACK CONTROL.

With Brocade File SSolutions,olutions, yyouou can automaticallautomaticallyy and transparentltransparentlyy migratemigrate files to the optimum types of media based on your rules. So you can dramatically lower data management costs and gain more control of your fifilele environment without compromising users’ needs. And get a lot more breathingbreathing room. Get your free eBook on File ManaManagementgement at: www.brocade.com/take_controlwww.brocade.com/take_control

© 2008 Brocade Communications SSystems,ystems, I Inc.nc. All rights reserved. Brocade is a registered trademark, and the B-wing symbol is a trademarktrademark ofof Brocade Communications Systems, In Inc.c. 0708red_Cover.v8 6/17/08 9:38 AM Page 1

Live Mesh: What’s the Net for Business? 64

JULY 2008 REDMONDMAG.COM

Cloud Man As Bill Gates departs, Ray Ozzie takes over Microsoft’s online strategy. 30

+Will Windows Live Live Large? 11 Improved SCCM Gets Readers’ Thumbs Up 20 ISVs Unify Microsoft’s Communications Puzzle 45 Project5 4/16/08 10:02 AM Page 1 Project5 4/16/08 10:03 AM Page 2 Project3 6/17/08 9:52 AM Page 1

Automate IT > Green Computing with Kaseya

Kaseya provides the

power management

tools necessary to

minimize environmental

impact and maximize

power efficiency.

> Visit Kaseya.com/download for a FREE TRIAL

How often do you get a chance to do something good for the environment and save Automate IT money too? Managing the power on your desktops and laptops is a great way to save energy and save money. Going green with Kaseya not only saves on your energy bill it makes your systems run better too. What’s more, you can do it all remotely so you • Computer Inventory/Audit • Help Desk/Trouble Ticketing don’t need a truck roll just to fix a problem. All this reduces your carbon footprint • Remote Desktop Management • Network Policy Enforcement while improving service levels. • Out-of-Band Management with INTEL® vPRO™ Technology It’s about Automating IT and Kaseya delivers the ultimate solution. It’s web based, • Cross Platform Support (PC and Mac) cost effective, easy to deploy and has all the capability to remotely manage, secure • Patch Management and protect the health of IT systems. And, by automating IT processes, implementing • Backup and Disaster Recovery best practices and providing consistent customer service levels, even while going • Network Monitoring/Alerts green, you can still wake up an out-of-band PC or Laptop to perform software updates, • Endpoint Security patches, backups and more. • Windows Event Monitoring • User State Management Kaseya raises the bar for the future of IT automation - with everything you need to • Software Deployment/Update provide proactive IT service delivery.

Why compromise – Automate IT with Kaseya!

kaseya.com 0708red_TOC3.v4 6/17/08 9:19 AM Page 3

Redmond JULY 2008 The Independent Voice of the Microsoft IT Community Contents

COVER STORY REDMOND REPORT 11 How Large Will Flying Windows Live Live? Microsoft’s Brian Hall Solo looks to better integrate the Windows Live As his boss Bill Gates departs, Ozzie online strategy. takes Microsoft’s online strategy into the cloud. Page 30

Page 11 FEATURES Page 39 14 Beta Man 39 The Secrets of Sysvol Working Together Windows Server 2008 has a new way to migrate COLUMNS Group Policies. 6 Barney’s Rubble: 45 The Unified Communications Puzzle Doug Barney ISVs look to fill in Cloudy Cloud Costs some of the pieces 51 Never Again of Microsoft’s unified communications vision. Derryl Steib Please Tell Me That Was a DDS-2 Tape Byron Sisson Which One Is for Production? Page 45 54 Mr. Roboto: Jeffery Hicks REVIEWS At Your Self-Service Product Review Head-to-Head 58 Windows Insider: 16 Lock the Door 26 Automation Nation Greg Shields Best Configuration WinMagic SecureDoc’s full-disk encryption IT workflow-automation Manager Queries provides easy-to-use security for laptops and products could be the key to remote users. accelerating your day-to-day 60 Security Advisor: IT tasks and helping you Joern Wettern Reader Review build IT processes. Forget Your Passwords 20 Big Efficiencies for 64 Foley on Microsoft: Big Environments Mary Jo Foley SCCM 2007’s new maintenance, configuration- Does Live Mesh Have a tracking and updated reporting features make Business Future? it a must-have for large Windows sites.

ALSO IN THIS ISSUE 4 Redmondmag.com | 8 [email protected] | 63 Ad and Editorial Indexes

COVER PHOTO BY BRIAN SMALE/BACKGROUND BY CORBIS PHOTO/PHOTO MANIPULATION BY PHILIP HOWE 0708red_OnlineTOC4.v4 6/17/08 9:40 AM Page 4

Redmondmag.comJULY 2008

VirtualizationReview.com Questions with ... Server Virtualization Shoot-Out Per Farny Executive Editor Michael t’s a war out there when it comes to your server virtualization dollars. Domingo talked with Per Farny, ICitrix’s Xen Server, VMware’s ESX and Virtual Iron are three of the Microsoft’s director of advanced products battling it out every day to grab the fastest-growing area of the training and certification, about the virtualization market. new Microsoft Certified Master Peter Varhol recently reviewed these three products head-to-head. “Don’t series. FindIT code: MCPMaster expect any slam-dunk winner from this evaluation,” he writes. “Every approach involves tradeoffs, typically in the areas of cost, features and Where does Microsoft Certified openness. Choosing the best approach for your organization depends on a Master fit into the MCP program? combination of goals, budget and other resources, and the amount of control It fills in the gap between the you have to exercise over the environment.” Microsoft Certified Architect and Find out how the products fared in Varhol’s roundup. FindIT code: VRServRound Professional series.

VisualStudioMagazine.com We’ve been hearing about a ‘Series III’ track for some time. Is this now the Masters series? Identify Blocked SQL It’s partly that, but it’s largely an evolu- Processes Quickly tion of our internal ‘Ranger’ program, bringing it into a more public forum. any application performance issues relate to the database. Not Msurprisingly, if you’ve got SQL processes that aren’t functioning the How does the Master series differ way they should, your application isn’t going to run well. from the Technology Specialist and However, finding those blocked processes isn’t always easy. Ian Stark Professional series certs? offers his tips for creating a utility that will help you track these down. Master will require three weeks of “The database block-tracing utility, which I’ve named dba_BlockTracer, training in Redmond [with] five to extracts data about the running processes by inspecting the system view seven different instructors. It’s very sys.sysprocesses,” he explains in this tutorial. “This view queries the under- rigorous and focuses on core lying system table sysprocesses.” technical aspects. It’s not for Get the instruction and code you need to build this unique tool now. everyone, just those whose job FindIT code: VSMSQLUtil allows them to specialize.

REDMONDMAG.COM RESOURCES What Are FindIT Codes? Resources Enter FindIT Code Throughout Redmond, you’ll >> Daily News News discover some stories contain >> E-Mail Newsletters Newsletters FindIT codes. Key in those codes >> Free PDFs and Webcasts TechLibrary at Redmondmag.com to quickly >> Subscribe/Renew Subscribe access expanded content for the >> Your Turn Editor Queries YourTurn articles containing those codes.

Redmondmag.com • RCPmag.com • RedDevNews.com • VisualStudioMagazine.com • VirtualizationReview.com MCPmag.com • CertCities.com • TCPmag.com • ENTmag.com • RedmondEvents.com • ADTmag.com • ESJ.com

4 | July 2008 | Redmond | Redmondmag.com | Project3 6/2/08 9:38 AM Page 1

Another fi le management problem. Another late night microwave burrito.

Clear the clutter with the FREE File Insight utility download at www.brocade.com/ cleartheclutter

FEEL LIKE YOU’RE STORING EVERYTHING AND MANAGING NOTHING? BROCADE FILE SOLUTIONS FOR WINDOWS FILE ADMINISTRATORS CAN HELP. With Brocade File Solutions for Windows File Administrators, you can automatically migrate fi les to the optimum types of media based on your rules. Stop spending late nights and weekends manually migrating file data and start providing your users with access to the data they need. Clear the clutter with the FREE File Insight utility download at www.brocade.com/cleartheclutter

© 2008 Brocade Communications Systems, Inc. All rights reserved. Brocade is a registered trademark, and the B-wing symbol is a trademark of Brocade Communications Systems, Inc. 0708red_Rubble6.v3 6/17/08 9:41 AM Page 6

Barney’sRubble by Doug Barney

RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY REDMONDMAG.COM JULY 2008 ■ VOL. 14 ■ NO. 7

Editorial Staff Editor in Chief Doug Barney Cloudy Cloud Costs Editor Ed Scannell Executive Editor, Features Lafe Low Executive Editor, Reviews Peter Varhol Managing Editor Wendy Gonchar n the late ’70s and ’80s cable TV snuck into our lives Associate Managing Editor Katrina Carrasco Contributing Editors Mary Jo Foley through gentle enticement. A few bucks a month and Jeffery Hicks Greg Shields you got a clean signal and MTV. For a few dollars more, Joern Wettern I Art Staff you could go for HBO with real movies and no commercials. Art Director Brad Zerbel Senior Graphic Designer Alan Tao

Next we needed cell phones. Another Online/Digital Media Editor, Redmondmag.com Becky Nagel monthly expense. Once we were all Executive Editor, New Media Michael Domingo hooked on basic voice, we got roped Associate Editor, Web Gladys Rama Web Producer Shane Lee into paying a bit extra to text, e-mail, Director, Web Development Rita Zurcher surf the Internet and download music. Web Developer Rohan Christian More recently, Sirius and XM have been trying to get us to pay for radio. Radio!? And of course our iPods and Zunes (you do have a Zune, don’t you?) President Henry Allain Vice President, Publishing Matt N. Morollo are often complemented by music Vice President, Editorial Director Doug Barney subscriptions—just another $15 a month. Vice President, Digital Media Abraham M. Langer Director, Marketing Michele Imgrund I added up my bills and here’s how Senior Marketing Manager Tracy S. Cook much I give each month to service Marketing Programs Manager Videssa Djucich providers. I have a regular house and a summer house. I pay $600 a month for

three phone lines, two sets of cable TV President & Neal Vitale service, one cell phone, one Blackberry Mesh, an all-new approach to Web serv- Chief Executive Officer Senior Vice President & Richard Vitale with Internet access and two sets of ices, data sharing and synchronization. Chief Financial Officer broadband Internet access plans. I There’s no word as to price. If these Executive Vice President Michael J. Valenti President, Events Dick Blouin could buy a mansion in Nebraska or services are dang cheap, that’s good. Vice President, Finance & Christopher M. Coates lease a Jaguar in Massachusetts for that But don’t forget, cable TV didn’t start Administration kind of dough. And that doesn’t include at $100-plus bucks a month. The price Vice President, Information Erik A. Lindgren Technology & Web Operations my kids’ or spouse’s cell phones. just crept up before we could stop it. Vice President, Circulation Carmel McDonagh Redmond readers spend about half what And if Microsoft’s new online services Vice President, Print & Mary Ann Paniccia Online Production I do, but $300 is still a decent car pay- are to be free, they have to be sur- ment. A few smart folks wrote me and rounded by ads. In some places, this is Chairman of the Board Jeffrey S. Klein

said they have no cable, no Internet and OK. But imagine trying to write a Reaching the Staff no cell phone. They are my new heroes. report or edit a spreadsheet while being Staff may be reached via e-mail, telephone, fax, or mail. A list of editors and contact information is also available Now Microsoft wants in on this pummeled by car and beer ads? online at Redmondmag.com. monthly gravy. Redmond has had As for me, I’m shifting to more bun- E-mail: To e-mail any member of the staff, please use the following form: [email protected] OneCare, a subscription security service, dled services, though I’m finding these Framingham Office (weekdays, 9:00 a.m. – 5:00 p.m. ET) for a couple of years. Now, with its new have hidden and escalating costs as Telephone 508-875-6644; Fax 508-875-6633 600 Worcester Road, Suite 204, Framingham, MA 01702 Albany project, Microsoft is offering well. As for Web services, I have Irvine Office (weekdays, 9:00 a.m. – 5:00 p.m. PT) Telephone 949-265-1520; Fax 949-265-1528 more. Currently in beta, subscribers get enough software installed on my hard 16261 Laguna Canyon Road, Suite 130, Irvine, CA 92618 Office and offline storage in addition to drive to last a lifetime. Corporate Office (weekdays, 8:30 a.m. – 5:30 p.m. PT) Telephone 818-734-1520; Fax 818-734-1528 virus and hacker prevention. How do you keep your costs down? 9121 Oakdale Avenue, Suite 101, Chatsworth, CA 91311 Microsoft is working on a range of Toss out your TV and read a book? The opinions expressed within the articles and other contents herein do not necessarily express those of the publisher. other services, whether pure Web serv- Steal your neighbors’ wireless? ices like Hotmail, Software plus Services Send your saving tips to me at where the services add value to software [email protected] and I’ll already on your hard drive or Live pass ’em along.

6 | July 2008 | Redmond | Redmondmag.com | PHOTO ILLUSTRATION BY ALAN TAO Project13 6/12/08 3:43 PM Page 1 0708red_Letters8.v4 6/17/08 9:44 AM Page 8

[email protected]

Multi-Core Mess Is Nothing New I couldn’t agree more with Doug Barney’s “Multi-Core Morass” rant (Barney’s Rubble, May 2008). In 1992 I won Apprentice of the Year for my state, and the award was a trip around the United States and Canada to visit tech companies and learn. One of the more exciting experiences was a visit to Cray Computer’s office in Los Alamos, N.M., where one of the

architects gave me the tour and then and automate processes? This dilemma spent more than an hour with me talking is what most admins experience. We about the problems that must be want to make our job easier, but we overcome in supercomputing. don’t have the time to learn a “new and This catch-22 will continue until all the One of the takeaways for me was that easier” way of doing tasks. fires are put out or there are more than the hardware was the least of the issues. I personally find myself spending 24 hours in a day. James Brister At that time—1993—they had just more time trying to write and test received by e-mail released their 2000-CPU unit to replace scripts than it would’ve actually taken to the YM-P supercomputer, and most of install the application manually on Thanks for your comments. I’m sorry you the conversation was about writing every computer. My budget is stretched disagree. In my own personal experience as scheduling hardware and software and I can’t justify buying more software. a systems administrator, I discovered that engines to manage the “horsepower.” once I learned those core skills of scripting, This isn’t a 5-year-old problem—it’s a packaging and automation, I was immedi- 15-year-old one, and Microsoft has I’m aware—as most admins ately more capable of solving problems, been incredibly shortsighted with are—that Windows has a lot of resolving situations and ultimately getting Windows Vista to not include more built-in tools to use, but I home to friends and family after a 40- multiprocessor power. My Core 2 Duo hour week instead of one that used to be can’t even seem to keep the anti-virus haven’t had the time to fully much longer. on its own core, let alone individual tabs learn all of them. Why? I’m What I think you’re missing in my argu- in Internet Explorer. “putting out fires” all day. ment is that there’s an initial extra amount Without real competition it seems of learning that’s required before you reap shame is the best way to keep the the rewards of what you’ve learned. I argue company moving forward. We’re waiting for articles to help us that if you put a few months now into Stuart French with built-in tools that we already have, learning the automation skills you need, Dandenong, Victoria, Australia instead of saying that we need to buy you’ll recoup that expenditure over and more software to do our jobs. Is that over again for years to come. The Admin’s Catch-22 not continuing the problem? We’ve got Greg Shields While I agree with Greg Shields’ asser- no time to learn software, but we Contributing Editor tion in “Wagging the Finger” (Windows should buy new software that we as Insider, May 2008) that the command admins have to learn? line and scripting can help with admin- If I had to choose between learning Whaddya Think istration, I think that it’s a far-fetched new software and learning how to idea for some administrators. You state better use what I already have, I’d go Send your rants and raves to [email protected]. ?! in the article that network admins for the latter. I’m aware—as most ?! “should be home with their families.” admins are—that Windows has a lot of Please include your first and last name, city and state. If we Yet what good is being home with your built-in tools to use, but I haven’t had use it, you’ll be entered into a family if all you’re doing is spending the time to fully learn all of them. drawing for a Redmond T-shirt! your spare time learning how to script Why? I’m “putting out fires” all day.

8 | July 2008 | Redmond | Redmondmag.com | Project5 6/6/08 10:38 AM Page 1

7BJ;HD7J?L;
J>?DA?D=
78EKJ
L?HJK7B
IJEH7=;0

>F
IJEH7=;MEHAI
;L7**&& L?HJK7B?P;
IJEH7=;
DEM$ Kf
je
/,J8
l_hjkWb
ijehW][
YWfWY_jo$ 7
fem[h\kb
Xki_d[ii
_ddelWj_ed
_d
ZWjW
ijehW][
_i
dem
m_j^_d
oekh

š
;dj[hfh_i[#YbWii
f[h\ehcWdY[ h[WY^$
J^[
d[m
>F
IjehW][Mehai
**&&
;dj[hfh_i[
L_hjkWb
7hhWo
_i
^[h[$

š

El[h
)&
X[jj[h
YWfWY_jo
kj_b_pWj_ed š

Kf
je
-+
b[ii
j_c[
d[[Z[Z
je

?j
l_hjkWb_p[i
kf
je
/,J8
e\
ijehW][ÅWYheii
dkc[heki
ijehW][
i[hl[hi
WdZ
YedÒ]kh[
WdZ
cWdW][ fbWj\ehciÅi_cfb_\o_d]
ijehW][
cWdW][c[dj
WdZ
if[[Z_d]
WYY[ii$
B[ii
š

;Wio
Wffb_YWj_ed
_dj[]hWj_ed b_c_jWj_edi$
Ceh[
\h[[Zec$
J[Y^debe]o
\eh
X[jj[h
Xki_d[ii
ekjYec[i$

DemÉi
j^[
j_c[
\eh
l_hjkWb
ijehW][$ L_i_j
^f$Yec%]e%l_hjkWbijehW][''

ž(&&.
>[mb[jj#FWYaWhZ
:[l[befc[dj
9ecfWdo"
B$F$
J^[
_d\ehcWj_ed
YedjW_d[Z
^[h[_d
_i
ikX`[Yj
je
Y^Wd][
m_j^ekj
dej_Y[$
IekhY[0
;Z_ied
=hekf$ Project15 6/6/08 2:44 PM Page 1 0708red_RedReport11-14.v4 6/17/08 9:47 AM Page 11

RedmondReport

How Large Will Windows Live Live? Microsoft’s Brian Hall looks to better integrate the Windows Live online strategy.

By Ed Scannell have different reasons for going There are a ton of reasons why we t should be an interesting next year online; they’re all trying to accomplish think browser-based access to stuff is or two for Brian Hall, general man- different things. We think, however, really important. We think we can do Iager of Microsoft’s Windows Live there are three distinct centers of gravity more so that when you boot your PC, business. Over that time, Hall will be across which you must have a good you’re immediately logged into your stepping up efforts to pull a range of networking strategy. community and are getting at all the online products and services together First, when you want to search for stuff you need to. This is where you’ll into a more cohesive strategy that takes something, having a great destination see Microsoft investing more than Microsoft’s most daunting competitor— search offering is incredibly important. anyone else. Google Inc.—head on. Hall will be Second, as the PC and other devices doing this without the help of Yahoo! become true tools in both the personal One more way to ensure the fat Inc.’s products and services, thanks to and professional realms, people will use client lives on? Microsoft’s failed attempt to buy that them more to keep in touch with Yes. Making sure you’re having a rich company earlier this year. people they care about. That’s certainly e-mail client experience, a rich photo Included in the Windows Live lineup true with IM and e-mail, and now with experience, a rich video experience, as are Hotmail, with some 350 million active social networks. Third, is keeping in well as blogging and composing. And users, and Messenger, with more than 300 million active users, so Hall does have some formidable weapons to fight We think we can do more so that when Google in the search and advertising you boot your PC, you’re immediately markets. He’ll have to give Live’s branding image a B-12 shot, however, as many logged into your community and are people remain confused about the getting at all the stuff you need to. This nature of the services under its umbrella. is where you’ll see Microsoft investing While the focus of Windows Live is largely consumer-oriented, Hall believes more than anyone else. many of Windows Live’s products and Brian Hall, General Manager, Windows Live Business, Microsoft technologies can be adapted for busi- ness, and he sees opportunities there. Hall sat down with Redmond Editor Ed Scannell to discuss how Microsoft will better integrate its Windows Live offer- touch with what’s happening in the all that comes together in a way that’s ings, as well as how those offerings world. The more that becomes person- not just about an application that helps might integrate with the company’s Live alized and is focused on what you want me do specific things I want to do. It’s Mesh and a number of social networks. to learn about, the better. We feel there also about drawing things together are centers of gravity in each of those into an integrated, what’s-going-on- Redmond: Some analysts have three domains, but they need to work in-my-life kind of way. We think that’s criticized Microsoft’s overall online well together. rife with opportunity. strategy as scattered and needing to be more integrated. How do What role might the PC have in How much missionary work is you see it? this overall integration strategy? there to convince larger companies Hall: We look first at what customers We think there’s an opportunity for to adopt some of this consumer- are looking for and how can we use integration in a PC-based experience. oriented technology? technology to deliver on what they There has been a huge swing in the last It’s not so much missionary work, but need. So your point about integration six or seven years in the center of gravity has more to do with an opportunity to is an important one. People really do for applications being in the browser. prove it. I don’t think it’s something we

| Redmondmag.com | Redmond | July 2008 | 11 0708red_RedReport11-14.v4 6/17/08 9:47 AM Page 12

RedmondReport

need to get up on our stump about and share in an integrated fashion. Whether It’s something that can help draw you say, ‘no, you should be building this and you call that a portal or not, is a different into your community or social net- that for Windows.’ It’s a case where question. We think there should be a works. It can be more than just a set of seeing is believing, and what can be good starting point that brings all that links and a Web site. done with things like Silverlight or the together. When we look at it today, the Windows Presentation Foundation. average consumer has multiple e-mail Where does Live Mesh fit in? addresses and IM accounts, and a number On the platform side—that’s the core of What are you doing to attract of social networks. This is causing Live Mesh. So rather than having one developers to your platforms in people to go from place to place to place monolithic [application] release that the online world? What’s the mix to place to communicate in different takes in all three critical components— going to be of new-age developers ways with different sets of people with namely cloud storage, peer-to-peer and and your more traditional ISVs? different modalities. We think there’s a the platform—there’s Live Mesh. We It’s a critical part of our strategy. We’ve good opportunity for a central hub for need to make strong forward progress always had developers at the heart of how you communicate and share. on all three of those components to what we do. We’ve always known that if where the storage systems are the same, we build a platform that allows people So what is MSN’s role in the the people model is the same and to take advantage of the resources and company’s larger online strategy? things can be seamlessly shared across infrastructure, we could attract people MSN will help by fusing content into them all. You’ll see more integration to build great things we couldn’t have that experience. In fact, a lot of what I across them in the midterm. We know dreamed up, and then we’re going to be communicate with other people about we must have great cloud storage, and a way more successful. involves content. When I read an article peer-to-peer model that can include Macs and mobile devices like phones— plus a platform that lets anyone access A key part of our Live Mesh vision is making it into something and share data easily. that’s enterprise-controllable, federates into the enterprise, and Any interest coming from corporate works with storage and applications models that are most IT shops to adapt this for them? important in an enterprise. There are two areas that are really Brian Hall, General Manager, Windows Live Business, Microsoft important there. First, people at work want to keep in touch with their [per- sonal] world. So we looked at making There are three important layers to on MSN or the Wall Street Journal, for our communications services—especially our online platform. There’s the base instance, that’s what sparks a conversa- calendaring, contact lists and e-mails— infrastructure layer—how you get an tion I want to have with someone. I’d work great with Outlook. But we’re also app up and rolling—that we call the bet that right now there’s more content- making sure it works great with phones Global Foundation Services. We’re sharing happening in a month in that are used in a business context. investing a lot there. The second layer Hotmail than there is in all of the Digg, We’ve done a lot of work with Nokia is the core infrastructure services with Del.icio.us and all the social-network and Windows Mobile to where when I things like the address book, federa- discussions in an entire year combined. get a new phone I can put my Exchange tion, storage and tunneling—the gory credentials in, put my Windows Live stuff that makes it possible for an appli- With hundreds of millions of credentials in and 15 minutes later all cation to be aware of all the resources. e-mail addresses at your disposal, the stuff I care about is all right there. The third layer is finished services it would seem Hotmail would be The second area is the platform. where people can build on the assets an important part of your online Increasingly, people are working more we’ve built out. strategy for a couple of reasons. from home or remotely. So a key part of Well, not just the e-mail addresses, but our Live Mesh vision is making it into Recently Microsoft seems to be the fact people are spending time com- something that’s enterprise-controllable, gravitating more toward a portal municating with others through that federates into the enterprise, and works strategy with MSN and delivering tool. For certain demographics this is with storage and applications models that more services from there. the primary way they communicate. are most important in an enterprise. — What you’re referring to is less a portal One thing that Messenger serves as, for strategy and more about how we offer a instance, is as a natural jumping-off Ed Scannell ([email protected]) is way for people to communicate and point when you boot up your computer. editor of Redmond magazine.

12 | July 2008 | Redmond | Redmondmag.com | Project6 3/11/08 11:05 AM Page 1

Quintum’s ® Intelligent VoIP Switches and Gateways ® are The Perfect Fit for Microsoft® Office Communications Server 2007

Quintum, a Microsoft Gold Certified Partner, unifies VoIP applications and traditional telephony. And now, Traditional VoIP Quintum's VoIP solutions allow easy integration of Microsoft Office Communications Server 2007 with gateways just aren’t existing telephony communications the best fit for networks. Tenors offer real-time, seamless communication between Microsoft Unified Communications Office Communications Server 2007 and the legacy world. Tenor’s unique ‘MultiPath’ switching design assures the easiest deployment and minimum disruptions to the existing communications network.

Quintum Tenors feature a unique Unified Communications Proxy which provides 'Any to Any' connectivity between the Microsoft UC cloud and any existing network, including the PSTN, TDM equipment and SIP-based VoIP equipment. Check out our animated display at: www.quintum.com/microsoft

Frost and Sullivan found the Tenor VoIP solutions were The Perfect Fit for business VoIP networks, thus Have questions on deploying Microsoft OCS2007? recognizing Quintum with its 2007 Global Product Differentiation Ask Dr.Q at [email protected] Innovation Award.

1.877.SPEAKIP (877.773.2547) Outside the U.S. 1.732.460.9000 www.quintum.com 0708red_RedReport11-14.v4 6/17/08 9:47 AM Page 14

BetaMan RedmondReport

Working Together Forefront Stirling’s integrated components By Peter Varhol give it an edge over single-purpose products.

ast month I looked at the server inside out, and used a worm that through the integration of all of the and client components of opened ports on the SharePoint system components is unique. To my knowl- LForefront Stirling, as well as the to the outside world. edge, while there are solutions that administrative console. Forefront Within minutes, the Threat Manage- span the enterprise, no one has this Stirling is meant to be used as an inte- ment Gateway notified the administrator level of integration among individual grated set of components, including console of a potential problem. I could parts of the solution. client, server and threat gateway to the zero in on the console to see just what I didn’t encounter any difficulties in outside world. It may also incorporate was happening. It noted that there were installing and configuring the Forefront the security component for SharePoint, ports opening on the SharePoint system server and client components, or the which contains Web-hosted documents directly to the Internet. Behind the admin console. However, my Forefront and workflows that may be more easily scenes, the Threat Management installs were on fresh systems. I can’t attacked and infected. Gateway also contacted the SharePoint vouch for the same experience with The compelling part of Forefront component, raising the issue. In fact, servers that have been working for Stirling is not the individual tools or the SharePoint component may already months or even years. even the family of tools in the aggre- have known, but the communication gate. Rather, it’s the way they work from the Threat Management Gateway What You Need together to identify threats, notify in effect made it clear that the problem The server components require administrators about the nature of was having an impact on the network Windows Server 2003 Standard Edition those threats and then remediate them. and beyond. with SP2, either x64 and x86 editions, Best-of-breed tools from different ven- Once Forefront made that connec- the .NET 3.0 Framework and Power- dors, or even separate tools from the tion, the SharePoint component Shell, with other common components. same vendor, don’t tend to use data col- removed its host system from the net- Other than the Vista requirement for lected by the other tools in their work. work. In this case, it was also able to the standalone console, there’s nothing close the offending ports and cleanse out of place in these configurations. Working with Stirling the system of the worm. Even if it can’t Most enterprises should be technically I set up a small subnet on my main do that, you’ve isolated the machine able to incorporate Forefront Stirling as network, where I installed the threat from doing any more damage. If you soon as it’s released. gateway and SharePoint component have to clean it yourself, you’re still The big question is whether enterprises onto separate systems. I also installed a ahead of the game. that have already made significant investments in other, less comprehensive tools will be willing to rip them out to Most enterprises should be technically able to incorporate Forefront Stirling install the Microsoft solution. Despite as soon as it’s released. The big question is whether enterprises that the obvious benefits, IT tends to move have already made significant investments in other, less comprehensive slowly, and removing existing software that works well to install something tools will be willing to rip them out to install the Microsoft solution. better is pretty far down the priority list. Still, IT needs to look carefully at how copy of the administrator console on a That’s a powerful argument for an IT Forefront Stirling can make its life client on the subnet. The separate subnet investment in Forefront Stirling across easier, and in some cases swallow the was so I could introduce malware, the enterprise. Individual Forefront cost and make the move. — thoughtfully provided by an anti-malware components have little that more company on CD, onto the network. To mature competitors don’t have, yet the Peter Varhol ([email protected]) is be on the safe side, I worked from the ability to leap ahead of other offerings Redmond’s executive editor, reviews.

14 | July 2008 | Redmond | Redmondmag.com | Project5 1/11/08 1:00 PM Page 1

Introducing an integrated approach to complete SharePoint protection and management

DocAve™ Software for SharePoint Changing the way Administrators manage SharePoint

FREE 30 DAY TRIAL Download at www.avepoint.com

SharePoint management made simple. Complete SharePoint protection. Now you can control and manage the back-end of With item-level backup and full-fidelity restore, all your SharePoint environments from one place. DocAve allows for fast recovery of business critical DocAve is the only truly integrated, easy-to-use documents and content. Complete SharePoint software that offers a complete set of SharePoint platform backup allows for quick and painless backup, recovery, and administration tools. One recovery of the entire system during a disaster. solution, with many mix-and-match functions, With DocAve, you’ll have complete confidence now gives you power like never before. in your SharePoint environment.

Call 1-800-661-6588 or visit www.AvePoint.com for more information or to download a free trial.

© AvePoint, Inc. All rights reserved. DocAve, AvePoint, and the AvePoint logo are trademarks of AvePoint, Inc. All other names mentioned are property of their respective owners. 0708red_ProdRev16-18.v6 6/17/08 9:50 AM Page 16

ProductReview

Lock the Door WinMagic SecureDoc’s full-disk encryption provides easy-to-use security for laptops and remote users.

By Peter Varhol SecureDoc 4.3 ’ve never lost my laptop computer— Price: $129 per user knock on wood—but I’m rarely at WinMagic Inc. | www.winmagic.com | (905) 502-7000 Ian airport where I don’t hear the PA system announcing, “Will whoever left It goes without saying that if you have SecureDoc asks you to define a key file, their laptop at security please come people outside of the office with laptops, disk password and at least one key (see back to claim it.” Out of curiosity, I you need to plan for occasional loss or Figure 1). You can also specify the use asked about that the last time I was at theft. Everyone hopes it never happens, of a hardware token here in addition to San Francisco International. “We have but of course it does, and rarely at con- a password. Then it will reboot, spend a about half-a-dozen a day from this ter- venient times and places. few minutes encrypting the entire disk, minal that aren’t claimed on the same In addition to lost laptops, WinMagic and ask you to log in and select a key day they’re left here,” replied the TSA SecureDoc also protects data from file, if necessary, to gain access to the supervisor at the station. Multiply that unauthorized copying to removable disk. In my case, with a typical laptop, by all terminals at all airports across the media such as USB memory sticks, pro- the installation and encryption process country, and you have a lot of spare lap- tects data on authorized memory sticks took less than 15 minutes. tops floating around. and helps in the secure disposal of dam- A couple of caveats are in order. As aged or obsolete hard disks (you don’t you can imagine, in order to encrypt want your data sitting in the bin at the the disk, SecureDoc has to write to the second-hand computer shop). I’ve lost master boot record (MBR). This can be memory sticks, so I can appreciate at a dangerous activity, and the documen- least one of these characteristics. tation warns that bad disk sectors or There are a couple of ways of using any other software that writes to the SecureDoc, and I’ve tried both. First I MBR could cause a problem. If there’s did a single-system installation, which any question as to whether your hard- offers encryption for an individual ware is in reasonable shape, you should system. This approach makes the most do some testing first. It also does not sense if the users are mobile and often support dual-boot USB encryption. If don’t have the need to connect to a server you have a Linux partition, you have to in the organization. The second way of separately encrypt that partition from using SecureDoc is as an enterprise solu- within Windows. tion managed by a server. The system requirements are emi- Figure 1. When you install SecureDoc, you can select a drive, key and type of My next step was to install the server nently reasonable: a low-end Pentium encryption you want to use. version of the product and interact with it as a network user might. In a server RedmondRating With a certain percentage of those configuration, the primary focus is files Installation: 20% 10.0 laptops that are for business use, it’s on shared drives living on those servers, likely that there’s confidential or at least so you’d probably want to use this ver- Usability: 20% 8.0 proprietary data residing on those disks. sion in conjunction with the individual Features: 20% 8.0 Most systems use Windows and domain user version, especially if your users Administration: 20% 8.0 passwords, but usually they’re not diffi- disconnect from the network to work in Documentation: 20% 9.0 cult to get around. So for someone with standalone mode. Overall Rating 8.6 ill intent, or just someone with curiosity Installing and Encrypting Key: and computer skills, your secrets could 1: Virtually inoperable or nonexistent become public—or it may cost you to Installation is largely automatic and 5: Average, performs adequately 10: Exceptional keep them private. takes only a few minutes. On install,

16 | July 2008 | Redmond | Redmondmag.com | Project17 4/11/08 3:15 PM Page 1

ALTERNATIVE THINKING ABOUT ASSURANCE: Nobody ever got fired for buying a dependable server.

There is a certain amount of confidence that comes with the HP ProLiant DL385 G5 Server, featuring efficient Quad-Core AMD Opteron™ processors. Not just because it is the best-selling server of its kind.* But with time-tested features like Pre-Failure Notification and Remote Access Management, it unfailingly delivers on the promise of never letting I.T. down.

Technology for better business outcomes.

HP ProLiant DL385 G5 HP StorageWorks Ultrium $2525 (Save $1420) 448 Tape Drive SAS Bundle Lease for as low as $63/mo1 for 48 months $1649 (PN: 464211-005) Lease for as low as $41/mo1 for 48 months • 2 Quad-Core AMD OpteronTM processors (PN: AG739A) • Supports small form factor, high-performance • 400 GB compressed capacity in half-height SAS or low-cost SATA hard drives form factor • Redundant Power • Ships with Data Protector Express Software, • Integrated Lights-Out (iL02), Systems One Button Disaster Recovery, a 1U Insight Manager, SmartStart Rackmount Kit, and a Host Bus Adapter

Get More: 24x7, 4 hour response, 3 years (PN: UE894E) $689 Add 2 GB additional memory (PN: 408851-S21) $159

10,000,000 I.T. folks can’t be wrong. To learn more, call 1-888-226-7475 or visit hp.com/go/dependable18

*Based on IDC, Worldwide Quarterly Server Tracker, February 2008. In calendar 4Q07, IDC reported worldwide HP ProLiant server shipments at 681,445 units, well ahead of Dell PowerEdge’s 499,715 units at #2. IDC also reported ProLiant factory revenue at $2,743 million vs. $1,580 million for Dell’s PowerEdge family. Prices shown are HP Direct prices; reseller and retail prices may vary. Prices shown are subject to change and do not include applicable state and local taxes or shipping to recipient’s address. Offers cannot be combined with any other offer or discount and are good while supplies last. All featured offers available in U.S. only. Savings based on HP published list price of configure-to-order equivalent ($3945 - $1420 instant savings = SmartBuy price of $2,525). 1.Financing available through Hewlett-Packard Financial Services Company (HPFS) to qualified commercial customers in the U.S. and subject to credit approval and execution of standard HPFS documentation. Prices shown are based on a lease of 48 months in terms with a fair market value purchase option at the end of the term. Rates based on an original transaction size between $3,000 and $25,000. Other rates apply for other terms and transaction sizes. Financing available on transactions greater than $349 through July 31, 2008. HPFS reserves the right to change or cancel these programs at any time without notice. AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof are trademarks of Advanced Micro Devices, Inc. © 2008 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice. 0708red_ProdRev16-18.v6 6/17/08 9:50 AM Page 18

ProductReview

or AMD processor, 128MB of RAM, 128MB of disk space, and either In addition to lost laptops, SecureDoc also protects data from Windows Vista, XP SP2 or 2000 SP4. unauthorized copying to removable media such as USB memory sticks, You may also have to install the Visual C++ 2005 Redistributable Package. The protects data on authorized memory sticks and helps in the secure documentation is extensive and impres- disposal of damaged or obsolete hard disks. sive. Perhaps the only negative here is that there’s far too much for a typical user to read and understand. Fortunately, From the standpoint of an admin, 140-1 Level 2 certification, and is most tasks are transparent to such users. there are a number of things you can certified by the National Security do. For example, if the computer has Agency for SECRET data for U.S. Little Negative Impact multiple user accounts, you can add and government agencies. It also supports Under ordinary usage, a computer user delete users, passwords and keys. You smart cards, USB tokens and popular won’t notice any difference between an can also manage boot options between Public Key Infrastructures (PKIs). encrypted computer and an unencrypted those users. This product has some heavy certifica- one, beyond the initial log-in. There’s no The SecureDoc Control Center tion horsepower behind it, so users noticeable difference in system per- provides a multitabbed interface for shouldn’t be worried about attacks formance, and nothing else at all for a accessing these functions. Once you against the encryption itself. have it installed, you can log into it using your disk log-in password, and work in interfaces for boot control, disk encryption, customization and logging (see Figure 2). Once logged in, you can move among the tabs and accomplish finer-grained actions involving encryption (see Figure 3). Users can also encrypt individual files and folders with specific keys. This is useful if you’re e-mailing around documents or otherwise trans- porting them on unencrypted media. Figure 2. The SecureDoc Control You have to set up separate keys for Center provides a log-in with tabs Figure 3. The Control Center boot for boot control, disk encryption, those objects and manage them in the control tab lets you manage key customization and logging. Control Center. Once you’ve encrypted files and designate boot modes for a file it’s given the file name extension different users. user to do. If they want to copy data .SDE so you can readily identify your from the system onto a USB stick or encrypted documents. If you have employees outside of the CD/DVD, the process becomes a little Working from a server is pretty corporate network, or people who travel different than they may be used to. seamless. Passwords for individual on business with their laptops, you have Writing to external media involves systems and users are propagated to the two security concerns. The first, which creating a container, which is repre- server, so once logged in, there’s little many enterprises have addressed, is sented on the desktop and in Windows need to worry about further passwords secure access to the corporate network. Explorer as a virtual disk. To use con- for server access. However, if you want Despite many high-profile lapses, how- tainers, a user has to work with keys to use removable media, you still have ever, most have not yet addressed the and the container manager to create, to create and manage containers. problem of the lost or stolen laptop or open and close containers. other device. However, encryption is get- The default SecureDoc key configu- Certified Secure ting more straightforward to use, both ration wizard makes it easy to set up I’m not a security expert, and didn’t individually and as an enterprise-wide keys and passwords. However, it won’t try to break the SecureDoc encryp- solution. It’s time to move forward with help you change passwords or provide tion. However, it’s worthwhile noting full-disk encryption, and SecureDoc is an self-help password recovery. For that the product has AES validation enterprise-friendly way of doing so.— these activities, you want to use the from the National Institute of key-management features to be able to Standards and Technology, Federal Peter Varhol ([email protected]) is manage and recover passwords. Information Processing Standards Redmond’s executive editor, reviews.

18 | July 2008 | Redmond | Redmondmag.com | Project6 5/6/08 11:01 AM Page 1 0708red_ReaderRev20-22.v6 6/17/08 12:49 PM Page 20

ReaderReview Your turn to sound off on the latest Microsoft products

Big Efficiencies for Big Environments SCCM 2007’s new maintenance, configuration-tracking and updated reporting features make it a must-have for large Windows sites.

By Joanne Cummings System Center Configuration Manager 2007 he Wake Forest University Pricing begins at $155 for a Standard Management License; $573 for a Baptist Medical Center is a Server License major teaching hospital. It can’t T Microsoft Corp. | 800-426-9400 | www.microsoft.com just roll out software and patches to its 664 servers and more than 10,000 clients anytime it wants. With many “We negotiated times with each area so Once you set a baseline for an individual critical applications running 24 hours a that on certain days or evenings they computer or set of computers, SCCM day, the window for making changes is won’t use a particular OR for about three reports against that baseline to alert you extremely tight. hours, or use a particular sleep room for when the configuration changes. “We generally push our patches in the three hours,” Williams says. “It’s very It’s also effective for troubleshooting. middle of the night, but the OR [oper- granular. You can specify any possible “We all have applications where we ating room] is up and running 24/7, the combination you can think of.” know that if we click a certain box it sleep lab runs seven nights a week and That level of scheduling granularity breaks the entire application, so we tell it’s completely booked, and the epilepsy- is a key factor, agrees Redmond colum- people to never check the box,” Shields monitoring unit is another area that’s nist Greg Shields, cofounder and IT says. “With SCCM, you can drill down constantly monitoring patients,” guru with Concentrated Technology to that level, where if you know what explains Mary Whited, core client serv- LLC, a consulting group in Denver. that checkbox is and how it manifests ices technical lead at the Winston- He says he had been using SMS since itself into the registry or file system, you Salem, N.C.-based hospital. “We can’t just push updates out and reboot com- puters in those areas.” With SMS, we didn’t use WSUS, and I knew nothing about WSUS. Instead, Whited used to dispatch tech- But it’s such an easy product that I was able to bring up the WSUS nicians to these sensitive areas to do server, and I get the new Configuration Manager server to start manual updates and patches as necessary. It wasn’t just patches that caused doing the patching right away. headaches at the hospital. Any software Vicki Williams, Senior Network Systems Analyst, Wake Forest University Baptist Medical Center update was difficult. “Any kind of soft- ware update required a technician to go touch those computers,” says Vicki the 2.0 version, but sees SCCM as a can send that as a report. And you can Williams, one of the hospital’s senior big step forward. give that report to your help desk, so network systems analysts. “And that “SMS had a scheduling component, they can tell why the app is breaking.” gets to be pretty expensive.” but it was limited,” he says. “You really The Wake Forest IT department also just had one schedule. But with SCCM, uses DCM to ease software rollouts. SCCM Stat you can create multiple schedules.” All that changed when the hospital Not only is it easier, but the Wake Roll Out the OS installed Microsoft’s System Center Forest IT staff estimates it’s saving at Like SMS, SCCM can handle OS roll- Configuration Manager (SCCM) 2007, least 20 to 30 technician hours a month, outs, but a new feature called Operating the latest upgrade of the well-known as they no longer need to send techni- System Distribution (OSD) makes it far Microsoft Systems Management Server cians out to perform manual updates. easier. This is significant if your company (SMS) 2003 management tool. SCCM is looking to roll out Windows Vista sports a new feature called Mainte- Tracking Configuration and Windows Server 2008. nance Windows that lets administrators Another feature Shields says is a big “OSD is substantially easier to use,” schedule the best day and time for improvement is the Desired Configura- Shields says. “But the way it goes about patches and updates for specific sets of tion Manager (DCM). This lets you setting up your reference image is kind computers and servers. track a client’s desired configuration. of wacky. It takes a second or two to get

20 | July 2008 | Redmond | Redmondmag.com | Project1 6/4/08 10:31 AM Page 1

6jidBViZ7E6HZgkZg,\^kZh>I\jnhbdgZ [gZZi^bZidZbWgVXZi]Z^g^ccZg\ZZ`#

9dlcadVYndjg[gZZ+%"YVnig^VaViWeVhZgkZg,#XdbdgXVaa---",-+"),.+# 0708red_ReaderRev20-22.v6 6/17/08 12:49 PM Page 22

ReaderReview

your brain wrapped around it, but once you do, it makes complete sense as to Lessons Learned with SCCM why it was done that way.” here are a few tricks to getting the most out of System Center Products like Symantec’s Ghost require Configuration Manager (SCCM) 2007, according to readers. you to first build a computer with the T While SCCM is easy to install and deploy for the most part, pay proper configuration and then make an attention to these three key items. image of that machine for distribution. 1. Clean up AD: Because SCCM relies on Active Directory to gather SCCM lets you deploy standard images most of its information, enterprises need to first ensure AD is as directly to bare-bones hardware. clean as possible before rolling out SCCM. “If you have a bunch of “It actually takes a computer and it cre- machines that are no longer on the network, but are still in Active ates your scripts, installs the operating Directory, Configuration Manager will see those and put them in its system, configures it with the applica- database,” says Vicki Williams, a senior network systems analyst at tions you want, makes the configuration Wake Forest University Baptist Medical Center. “So if you have a lot changes, snaps the image and then you’re of old clients in your AD structure, they’ll come into Configuration done,” Shields says. Manager, but you’ll end up with some that Configuration Manager Easier Patching can’t install on because they’re not on the network. Then you’ll be stuck tracking them down.” SCCM also has improved patching 2. Clean up duplicate GUIDs: Microsoft recommends that you first capabilities. Now based on Windows clear up any conflicts with client IDs prior to install. “I didn’t pay Server Update Services (WSUS), users attention to that and it kind of bit me,” Williams says. “You want to say patching is easier and more robust. make sure that any duplicate GUIDs—computers having the same “With SMS 2003, and especially the kind of SMS client ID—have been cleared up. Because if you don’t, earlier versions of SMS, the patch man- SCCM will lose track of which client it’s really talking to because agement was somewhat challenging,” you have 10 machines that all have the same ID number. We had to Shields says. “Configuration Manager stop and fix all of those, and it really slowed down our upgrade.” integrates its patch management with 3. Don’t expect magic: Redmond columnist Greg Shields, WSUS, and that makes the process of cofounder and IT guru with Concentrated Technology LLC, a con- patch management really easy.” sulting group in Denver, says that although SCCM will save you Wake Forest’s Williams agrees. “With untold amounts of time and energy in performing rote, mundane SMS, we didn’t use WSUS, and I knew tasks, it doesn’t just work by magic and requires a good degree nothing about WSUS,” she says. “But it’s of knowledge up front. “You actually need a comfort level with such an easy product that I was able to the registry and application packaging, and automated scripted bring up the WSUS server, and I get the activities,” he says. —J.C. new Configuration Manager server to start doing the patching right away.” The only downside, Whited says, is track their hardware and software “The reports are really good. You can that SCCM’s patching doesn’t include a assets. “We’re comprised of two sepa- drill down into very detailed reports as delay feature like SMS 2003. “We have rate entities, North Carolina Baptist to why you’re compliant or not,” students who use laptops, but the laptops Hospital and Wake Forest University Shields says. aren’t here at night when we push out health sciences, and we use different Williams agrees. “Before, with the patches or software updates,” she says. licensing,” Whited says. “We have software updates, SMS gave you a “When they come in the next day, they health-care licensing for the hospital couple of reports, but a lot of times, join the network, and boom, they start and educational licensing for the you had to go out and write your own getting the patch or software update.” school, so when we go to buy licenses queries and reports to see which SMS had what she calls “a snooze for Microsoft products or anybody machines weren’t compliant and what feature” that would let students delay else’s, we have to be able to say 6,000 patches were out there,” she says. reboots up to three hours. “That func- are hospital and 5,000 are educational. Overall, readers say they’re pleased tionality is gone with patching, which is That’s not as easy as you’d think.” with the updates made to SCCM. a definite downside,” she says. Although she hasn’t yet entered her “Microsoft did a really good job with licensing information into SCCM, she’s this,” Williams says. — Intelligent Tracking looking forward to the improved man- Whited and Williams are looking agement it promises. Joanne Cummings (jcummings@ forward to using SCCM’s Asset Intelli- Perhaps the most improved part of redmondmag.com) is a freelance technology gence, which helps enterprises better SCCM is its reporting, users agree. journalist based in Massachusetts.

22 | July 2008 | Redmond | Redmondmag.com | Project15 6/6/08 2:46 PM Page 1

Finally, Affordable Enterprise-Class Archiving

Introducing Sunbelt Exchange Archiver. Sunbelt Up to 80% smaller message store. With SEA, you’ll Exchange Archiver (SEA) is a robust new product which dramatically reduce your Exchange storage. The benefits are delivers real enterprise-class email archiving, at a price that clear: faster backup times, better Exchange performance, won’t break your budget. Get comprehensive legal and and faster recovery. regulatory compliance. Reduce your Exchange storage by up to 80%. Securely store emails on your choice of media, Journaling not required. It’s a fact that using the using the built-in Hierarchical Storage Exchange Journaling mailbox for archiving Management. And, find archived emails dramatically affects server performance. rapidly with full-text search for e-discovery With SEA, Journaling is an option – the or compliance. program’s breakthrough Direct Archiving feature stores all emails immediately after Compliance, e-Discovery, and legal they are received, keeping load off the readiness. If you need to archive emails Exchange server. for regulatory or legal reasons, SEA has you fully covered. Emails are stored in “Exchange performance No more PST headaches! SEA gets their original form, in whatever secure is suffering. Your users rid of pesky PST files that are a major media you prefer, with complete flexibility complain about email admin headache. SEA automatically finds on retention. Need to find an archived storage. Your CEO wants them, imports them, and makes them part email? Simply use SEA’s powerful of your user’s archive. integrated full-text search of emails and legal compliance. Now what?” Great for disaster recovery. No attachments, and you’ll be ready at a matter where you email is stored, business moment’s notice for e-discovery or legal continuity is assured with SEA. Using the requests. included web client, users can continue to Seamless end-user experience. SEA see and use their email even if Exchange is is fully transparent for your users, whether down. they’re running Outlook, OWA, Blackberry Archiving’s time has come for devices or even Entourage on the Mac – with everyone. Contact us today and see how no special client software needed. Trusted SEA solves your legal and compliance end users can be delegated granular authority headaches and immediately improves the performance of with the included web-interface or optional Outlook Exchange – while saving critical budget dollars. add-in. They can do off-line synchronization, and search, edit, forward, move or delete archived emails.

Get a Free Quote and See How Cost-effective Sunbelt Exchange Archiver Really Is! Email [email protected] or call 888-688-8457

Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbeltsoftware.com [email protected] © 2007-2008 Sunbelt Software. All rights reserved. Sunbelt Exchange Archiver is a trademark of Sunbelt Software. All trademarks used are owned by their respective owners. Project4 4/16/08 11:39 AM Page 1

Advertisement Data That’s Faster, Easier and More Reliable

SECURE QUICK LEVERAGE SCALABLE EXTENSIBLE Microsoft has enhanced SQL Server 2008 is faster While SQL Server 2008 is Whether you’re running a Microsoft SQL Server the security of SQL than its predecessors and packed with new features database that’s a few 2008 can do more than Server again with SQL it comes with several for administration and hundred megabytes or ever before. You can host Server 2008. SQL Server news tools that let you business intelligence, multi-terabytes, you can databases, build data now offers encryption of tune your databases Microsoft didn’t leave out count on SQL Server warehouses, develop entire databases, data for performance. These the developer in this 2008 to handle the complex Extract, files and log files. This new tools allow for the release. New features and workload. With excellent Transform and Load can all be done on the collection of extensive data access methods, support for very large (ETL) tools, build rich and database server without performance data to a such as LINQ in Visual databases and the ability extensible reports, plus the need to rewrite or central data repository. Studio, allow you to to run on 64-bit processors, much more. With SQL change your application. This means you will access and use your you don’t have to worry Server 2008, the sky is In addition, SQL Server spend less time looking data like never before. about the data outgrow- the limit when it comes to 2008 improves on your for performance problems With SQL Server 2008, ing its home. In addition, getting things done in ability to audit servers for and more time making development is easier SQL Server 2008 now ways that you never security compliance. access to your data and less time-consuming offers the ability to thought possible. All These enhancements faster and more efficient. so you can focus your hot-add CPUs for instant these features and can help you meet any Your users want their energy on developing expansion. And when services need a solid compliancy requirement data now, and SQL new and innovative running on Dell platform on which to run. that your organization Server 2008 allows you solutions that leverage PowerEdge servers Again, Dell and AMD are may face. In addition, to give it to them the way everything SQL Server powered by AMD multi- here to help with when running on AMD they want it—quickly. has to offer. And with core processors, you can PowerEdge servers built Multi-Core processors, Combine that with the the quality and reliability be confident that your on multi-core processors. your Dell PowerEdge power and speed of of AMD multi-core servers won’t be over- database servers can running on Dell processors and your Dell loaded. Scaling out and take advantage of PowerEdge servers PowerEdge servers, you up has never been easier. Enhanced Virus complete with AMD won’t be distracted by Protection (EVP), which multi-core processors problems with your helps protect your server and your data will be servers. Spend your time A from worms, viruses, and faster than ever. where you really need to, other malicious attacks. on being innovative.

About the author Eric Johnson (MVP in SQL Server) is an author and IT Consultant whose work focuses on SQL Server. He is co-owner of Consortio Services, a company that works with small business to provide IT services and support. In addition, Eric is the co-host of CS Techcast, a weekly podcast for IT www.dell.com/sql A Professionals. You can reach him at [email protected]. www.consortioservices.com & www.cstechcast.com Project4 4/16/08 11:40 AM Page 2

Advertisement

Microsoft is at it again, releasing the latest version of its popular database management system. SQL Server 2008 is the most comprehensive release of SQL Server yet! There are many enhancements to the product that will benefit your business. SQL Server 2008 offers enhancements to security, data encryption and backup and compression technologies that will make it a complete data management platform. In addition, many of the enhancements made to SQL Server 2008 are developer-friendly. New data types, language syntax and data-access methods for writing applications that access SQL Server are much faster than ever before. SQL Server 2008 offers many improvements to its robust set of high availability solutions. Ready to make the move to SQL Server 2008? Today Dell offers a wide range of technology solutions to run your new SQL Server 2008 systems. Dell has the expertise to help you to migrate from your older SQL Server environments to the latest in enterprise performance and reliability. Dell’s line of PowerEdge servers and PowerVault storage systems provide the high-performance and high-availability platforms for your new SQL Server 2008 environment. Use the following nine reasons to justify migrating to SQL Server 2008 on Dell PowerEdge servers with PowerVault Storage.

REDUNDANT VERSATILE EFFICIENT RECOVERABLE Your data is extremely important Whether you’re managing SQL Server 2008 provides In the event that you do lose a and losing it can cost you time, hundreds of small databases several features to make it more server, you have excellent st money and customers. SQL or a single, very large database, efficient than ever before. You options with SQL Server 2008. Server 2008 offers several SQL Server 2008 can handle can use the Resource Governor Backup compression has been redundancy solutions to help your needs. From high availa- to provide a consistent and added to reduce the space protect you and your data. bility for critical always-on appli- predictable response to your required by backup files, and Database mirroring has been cations, to the ability to process users. Resource Governor restore times have been d enhanced to allow more robust hundreds of thousands of allows you to define limits and increased. Quicker backup and recovery and less data loss. transactions, SQL Server can priorities to your users’ work- restore mean you save on Clustering has also been cover the spectrum of your loads. This ensures that the resources and mitigate possible enhanced to allow you to host business and your data. This server can handle everything losses that your company o more servers on a single cluster, allows you to build versatile the users toss at it and your could incur during an outage. which allows you to better systems to do exactly what you users will get their workloads No outage is a good outage, but leverage your resources in need them to do, no matter the back in the same amount of the shorter they are the better. addition to protecting your data. requirements. When using Dell time every time. In addition, SQL Server 2008, Dell Using peer-to-peer replication? and AMD you can be confident you can now implement plan PowerEdge servers and AMD Good news, you can now add that the infrastructure will freezing, which allows adminis- multi-core processors will allow . peers without taking down remain just as flexible as the trators to lock down query you to build a platform that can replication so your data is rest of the system. Your data, plans. With Dell PowerEdge be recovered quickly in the always available. Now you can your way—that’s the power of server and AMD multi-core event of a loss, giving your protect your data without Dell, AMD and SQL Server 2008. processors running SQL company and your users more s. unnecessary outages. Rest Server, you can ensure that of what they need—uptime. assured that with SQL Server everything is as efficient as it 2008, Dell PowerEdge servers can possibly be. and AMD multi-core processors, your data won’t be lost.

About Dell Dell Inc. (NASDAQ: DELL) listens to customers and delivers innovative technology and services they trust and value. Uniquely enabled by its direct business model, Dell is a leading global systems and services company and No. 34 on the Fortune 500. For more information, visit www.dell.com, or to communicate directly with Dell via a variety of online channels, go to www.dell.com/conversations. To get Dell news direct, visit www.dell.com/RSS. ©2007 All Rights Reserved. Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Microsoft and Windows are registered trademarks of Microsoft Corporation in the U.S. and/or other jurisdictions. Linux is a registered trademark of Linus Torvalds. Other names are for informational purposes only and may be trademarks of their respective owners. References: * Enhanced Virus Protection (EVP) is only enabled by certain operating systems, including the current versions of the Microsoft® Windows®, Linux®, Solaris, and BSD Unix operating systems. After properly installing the appropriate operating system release, users must enable the protection of their applications and associated files from buffer overrun attacks. Consult your OS documentation for information on enabling EVP. Contact your application software vendor for information regarding use of the application in conjunction with EVP. AMD strongly recommends that users continue to include third-party antivirus software as part of their security strategy. 0708red_Hed2Hed26-29.v4 6/17/08 9:53 AM Page 26

Head-to-Head

Automation Nation IT workflow-automation products could be the key to accelerating your day-to-day IT tasks and helping you build IT processes.

By Ben Brady and Peter Varhol Head-to-Head e all use tools to automate and accelerate the day-to- AutoMate BPA Server 7 Wday IT tasks that make up Standard Edition $2,495; Enterprise Edition $9,995 much of our workload. PowerShell and Network Automation Inc. | (888) 786-4796 | other scripts help us sequentially exe- www.networkautomation.com cute commands on servers or across servers. We can even set up timers to Altiris Workflow Solution automatically execute the scripts at pre- $25,000 for the Workflow Server (includes one determined times, or in response to Workflow Designer license); additional Workflow other events. Designer licenses are $4,000 each Ultimately, however, scripts and similar Symantec Corp. | (888) 252-5551 | www.altiris.com automation solutions only address part of the automation issue. They can’t RedmondRating perform multiple tasks in sequence, AutoMate BPA Altiris Workflow pass data among those tasks or allow Server 7 Solution for human input and intervention. Installation: 20% 9.0 9.0 That’s where IT workflow software Documentation: 20% 7.0 8.0 comes in. These tools are an outgrowth Tutorials: 20% 10.0 9.0 of general-purpose business process Features: 20% 10.0 10.0 management (BPM) tools. They let you Ease of use: 20% 9.0 9.0 take multiple tasks and arrange them into a workflow. Workflow tasks can Overall Rating 9.0 9.0 include operations on servers, desktops Key: or executing scripts. Your workflows 1: Virtually inoperable or nonexistent | 5: Average, performs adequately | 10: Exceptional can also include manual operations like filling out and sending an e-mail form quite mastered the topic and may not repository of all previous development or letting a manager check an approval have even cracked open the book. items, which simplifies using previously box before further processing. Beyond basic scripting and creating created tasks in future designs. If you have myriad tasks buried within batch files, I’ve just never found the time The Server Management Console has your processes, and you have to perform to learn all that code and syntax. If that a crisp, clean, well-organized interface. each task individually, then you’re a can- sounds like your situation, Automate You can create new processes and didate for workflow-automation solu- BPA Server 7 may be the answer. workflows with drag-and-drop actions tions. Either Symantec’s Altiris Workflow Network Automation’s AutoMate BPA using the Automate BPA Workflow Solution or Network Automation’s Server 7 is a multitiered client-server Designer, which will seem like second AutoMate BPA Server 7 could serve your business process automation platform nature to seasoned Windows users. needs well, depending on your focus and for Windows. With both client-side and The client “agents” let you distribute skill set. If your workload is growing too server components, AutoMate facilitates your workflows throughout your enter- large, automation may represent the only centralized workflow development on prise. You can run your tasks on, or push practical solution to bringing it back to a the server and enterprise-wide deploy- processes to, the various agents. You can manageable level. ment with clients. have as many agents installed in your The server piece is called the enterprise as you wish, but you must AutoMate BPA Server 7 AutoMate BPA Server Management have client access licenses for each agent You probably have at least one book on Console. This lets you create and manage concurrently accessing the BPA server. scripting sitting on your bookshelf or workflows, users, agents, reports and AutoMate BPA Server 7 lets you desk. If you’re like me, you’ve never various other options. There’s also a manage users and assign different roles

26 | July 2008 | Redmond | Redmondmag.com | Project4 4/16/08 3:06 PM Page 1

Password Management for the Windows Enterprise

Do your users have the optimum level of password complexity? Perhaps you are limited to a single complexity model. Using a “one size fits all” pass- word complexity model for high and low risk user groups is not a secure enterprise solution. Are you able to create truly strong password policies? Passwords containing familiar words and user names, similar repeated passwords, passwords that are too long or too short, passwords that are too complex or not complex enough and passwords that never expire all present significant security risks to your organization. Is your helpdesk overloaded with routine password reset issues? Most studies indicate that routine password reset and unlock calls represent 20%-40% of all help desk inquiries. Is your organization struggling with security audit and government complian- ce regulations for passwords? The ever increasing number of password and security related regulations combined with organizational changes present a significant challenge in meeting compliance targets.

For a free trial installation please call 1.866.857.5325 or go to: www.specopssoft.com

Going to Tech·Ed IT Professionals, please visit us at booth 415 for a demo!

NEW

Specops Password Policy enables Specops Password Reset completes organizations to meet all of the the enterprise password management above challenges in a quick, cost solution providing secure end user effective manner with no network password reset services! architecture changes!

Windows is a trademark of Microsoft Corporation. Specops is a trademark of Special Operations Software. Other company, products or service names may be trademarks of their respective owners.© 2008 Special Operations Software. All rights reserved. 0708red_Hed2Hed26-29.v4 6/17/08 9:53 AM Page 28

Head-to-Head

throughout the system. You can use The Task Builder is perhaps the most summarize and centralize the data for existing Active Directory user accounts intriguing piece of this package. With management meetings. I let BPA Server for your AutoMate deployment. You all the actions included, you’re just a collect the data, merge it into my existing still assign the rights and roles through few drag-and-drops and right-clicks workbooks and automatically print the reports for me about 30 minutes before my manager meeting. From the Reports section of the Server Management Console, you can create custom reports from eight different categories related to your workflows and processes. During the evaluation, I created reports to show the success and failure of task workflow execution. You can display reports in colorful, easy-to-read charts. Automate BPA Server 7 is an ideal tool for the IT manager with too much on his or her plate. It can quickly and efficiently automate processes and workflows. Symantec Altiris Workflow Solution The Altiris Workflow Solution provides a graphical environment for laying out workflows and a forms editor for building interfaces, with little or no scripting required. Non-technical professionals can use this tool to create, change, test, automate and manage IT processes. It connects to a number of common IT administration tools. You can also run it Figure 1. Network Automation's BPA Server 7 provides a graphical way of linking through the Altiris Task Server for auto- steps in an IT workflow. matic fulfillment. If there’s no specific adapter for your intended purpose, you the Server Console, but it eliminates away from automating any nominal or can connect via Web services, a .NET the need for multiple user accounts and complex task that normally consumes interface, a SQL database or flat files. passwords so your users can maintain a hours of time. The complete Altiris Workflow single sign-on environment. With more than 220 actions, the Solution includes the Workflow Server, Installing AutoMate BPA Server 7 was Task Builder includes encrypting and which lets you integrate and connect painless. You can download the fully decrypting files, and can create Active with other servers; and the Workflow functional 45-day evaluation from Directory items; access dial-up net- Designer, a graphical tool for building Network Automation’s Web site. The working connections; program functions workflows. Consider the Workflow 114MB self-extracting file has an like loops, start, stop and various XML Designer the development tool, and the installation wizard that walks you functions; start and stop services; launch Server the execution environment. through the process. While the docu- terminal emulation and even empty the There’s also an Enterprise Server mentation is limited at best, there’s a recycle bin. option, which adds a Web portal, readme file with links to tutorial videos You can automatically create a mobile forms and a messaging bus. I on the Web. Where the written docu- Microsoft Excel workbook, which is a used the simpler Workflow Server for mentation was lacking, the video particularly helpful task. If you manually executing automations, although if you tutorials set the standard. The initial store a lot of information in your Excel need to work with mobile devices and tutorial walks you through setting up files, you can have Automate BPA Server do highly complex automations, you’ll your first workflow. Other tutorials 7 do this for you. For example, I pull want to use the Enterprise Server. include such topics as agent deploy- information from various departmental You can download the product from ment and managing users. reports into an Excel spreadsheet to the Altiris Web site for evaluation.

28 | July 2008 | Redmond | Redmondmag.com | 0708red_Hed2Hed26-29.v4 6/17/08 9:53 AM Page 29

Head-to-Head

Installing the Workflow Designer and You may find you have to break IT Adapters are a big part of the Server was easy, and only took half an tasks down into multiple workflow Workflow Designer. In addition to the hour. Configuring the server took a bit components, but starting with a one- adapters that provide access to current longer, because you have to make sure to-one relationship between IT tasks Altiris/Symantec tools, you can also it has access to the systems upon which and the automation step provides a access common productivity tools like it has to execute tasks. For example, if it good benchmark for adjustments. Microsoft Office and make database has to send an e-mail, it needs access to With almost no experience using the calls using a wizard. If you’d like to Exchange, as well as an e-mail address tool, I laid out a simple three-step connect to a third-party tool that to use. If it has to execute a script on a workflow in less than an hour. For my doesn’t have a defined adapter, you can server, you need to make sure it has workflow, I created a form and executed either use Web services with an the ability to get to that server and off a script based on data entered in that HTTP/SOAP interface, or build your privileges to do so. Depending on the complexity of the workflows you want to execute, it could take some time to configure the server. I spent most of my time in the Workflow Designer, where I set up sev- eral different workflows as potential automations. Before you sit down with the Workflow Designer, however, it’s important that you thoroughly research the process you want to model. If you’re discovering new things about the actual process as you’re modeling it, it can be slow and arduous work. Once you understand the process, using Workflow Designer to build the workflow is a breeze. You can define individual tasks, which are represented as glyphs in the workspace. There’s an enormous range of tasks that you can instruct a glyph to perform. Basically, if a task can be automated, you can con- figure Workflow Designer to do it. Figure 2. Symantec’s Altiris Workflow Solution lets you easily build complex workflows for execution. Installing AutoMate BPA Server form. More complex IT processes will own interface using Microsoft Visual 7 was painless. You can surely take longer to build and debug, Studio and .NET technology. download the fully functional but the Workflow Designer gives you a The bottom line with Altiris Workflow highly efficient means of creating Solution is that it works, and works well 45-day evaluation from Network almost any workflow IT may require. enough to save you a lot of time. If you Automation’s Web site. Perhaps the bigger challenge will be the have IT processes that require two or cultural one—getting the owners of the more steps, and those steps take up a process to agree to automation and to significant part of your day, then the time There are a number of predefined work toward that goal. you’ll save by automating those processes components that accelerate workflow Once you have your workflow with Altiris Workflow Solution will building. You can select these compo- designed and debugged, the Workflow quickly add up.— nents from a palette, place them on the Server can execute your new workflow. design canvas and configure them to do Install it on the server, make sure Ben Brady, BSBA, CCNP, MCSE has just what you want them to do. Gener- access and permissions are properly set worked in IT for more than 15 years, and ally, the best approach is to consider and the server takes care of the rest. is co-owner of Ciphertek Systems LLC, each component as the equivalent of an The workflow is usually started by an based in Livingston, Tenn. Peter Varhol IT task. You could also consider it an external event including an e-mail, (pvarhol@1105media) is Redmond’s action if it’s normally a manual step. alarm or timer. executive editor, reviews.

| Redmondmag.com | Redmond | July 2008 | 29 0708red_F1Ozzie30-36.v8 6/17/08 12:50 PM Page 30

RAY OZZIE PHOTO BY BRIAN SMALE/BACKGROUND PHOTO BY TRACIE HOWE 30 | July 2008 | Redmond | Redmondmag.com | PHOTO MANIPULATION BY PHILIP HOWE 0708red_F1Ozzie30-36.v8 6/17/08 12:50 PM Page 31 Flying Solo platforms and Web services. Despite As his boss Bill Gates departs, the extent of Microsoft’s influence and the size of its war chest, making a suc- Ozzie takes Microsoft’s online cessful transition to the online world may prove to be one of the most diffi- strategy into the cloud. By Ed Scannell cult transitions the company has ever had to face in its 33-year history. He is finally flying solo. At the same time, he’s playing a game “Microsoft’s online strategies so far While departing Microsoft Chairman of catch-up against Google Inc. and its have been not particularly effective. Bill Gates handed over the chief soft- online disciples on the consumer side. They’re either losing money while ware architect title a full two years Microsoft first thought it could dra- increasing revenue or they’ve been ago, Ray Ozzie now grips the controls matically close the gaping lead Google able to be profitable, but at the of Microsoft’s flight into the icy alti- has with one fell swoop by trying to expense of increasing revenues. So I tudes of cloud computing without a acquire, and then hostilely take over, don’t know if that on its own is going backseat co-pilot. The flight promises Yahoo! Inc.That maneuver was to be enough,” says Matt Rosoff, an to be adventurous—full of the usual designed to better fill out the “Services” analyst with Directions on Microsoft. pockets of turbulence Microsoft hits side of the company’s S+S equation. Financially, Redmond comes from when venturing into new markets— “They looked at Yahoo! and said, way back in the online pack. For this but it’s one Ozzie seems ready to take. ‘We have the software and they have year’s third quarter, Microsoft’s Internet Since he has been the chief software the services. Put them together like operations suffered a loss of $228 mil- architect, Ozzie’s impact on the world’s peanut butter and chocolate and we lion, compared to a $171 million loss in largest software development organiza- have the best treat on the market,’” the same period last year. During that tion has been significant. He has says Dana Gardner, principal analyst period, however, sales increased from served as the prime mover in shaping with Interarbor Solutions Inc. in Gil- $603 million to $843 million. In com- Microsoft’s Software plus Services ford, N.H. “Well, that didn’t work, so parison, Google’s revenues for the (S+S) initiative. He has also fostered a now they have to come up with things quarter—just from its own search more enlightened attitude about like services and search technology— sites—were $3.4 billion, an increase of Microsoft’s once bellicose approach to but do it in a way that doesn’t drive 9 percent over the previous quarter. open source. That’s no easy task for a people into the arms of Google.” Improving its fortunes in this Microsoft “outsider” to accomplish in a market—some analysts believe—will relatively short period of time. Tough Transitions take a monumental shift in Microsoft’s However, the hardest days of achieving Since the Yahoo! deal crumbled—and corporate culture, competitive mindset meaningful success in the online with no other major online competi- and eventually its business model. market still lie ahead for Ozzie. He’ll tors left to acquire—Ozzie’s job has “Instead of simply buying out a rival, have to continue evolving Microsoft’s become a lot harder. Microsoft is left Microsoft would be better off online server-based products and to organically grow its own online reinventing itself to better compete with strategies to remain competitive with technologies, products and services. Google. But [Microsoft CEO Steve] the likes of Salesforce.com Inc. and the This is particularly true in search, Ballmer will have to reform the cul- raft of more traditional competitors where the company holds less than 10 ture, the people, the company’s speed, such as IBM Corp. and Oracle Corp. percent of the market, advertising how it sees software, its design sense,

| Redmondmag.com | Redmond | July 2008 | 31 0708red_F1Ozzie30-36.v8 6/17/08 12:50 PM Page 32

Ray Ozzie

its quality of standards, its tired and [when you’re] facing somebody who’s “It’s not just the number of e-mail annoying strategy of migrating cus- running very fast and they’re ahead, addresses, but the fact that people are tomers through predictable software you have to find alternative ways,” actively spending time communicating versions and its old method of devel- Ozzie continued. with others through these tools and oping software (which produced the creating content through all the Vista flop),” writes George Colony, Going Live attachments,” Hall says. “This is CEO and chairman of Forrester Ozzie and other Microsoft executives something that can help draw you Research Inc., in a recent blog entry. are not making it abundantly clear, into your social networks in a way Working in Microsoft’s favor is the however, how they plan to catch that’s more than just a set of links fact it has been forced to make Google’s taillights. As company execu- and a Web site.” challenging transitions before. The tives explain why they’re confident Another important piece of company had to switch gears in the about narrowing the gap, they often Microsoft’s online strategy is Live Mesh, though company officials have not clearly articulated how it will Microsoft is a very interesting integrate with the other pieces. “ Another Ozzie-driven project, the company in that, by necessity, it’s concept of Live Mesh is to help pull together a seamless network of users had to build up a culture of crisis. and a wide range of devices and make the content of each accessible to a Since the early days, the company single user or groups. “Live Mesh creates a file system that, through compatible applications, can has faced some amazing competitor access storage on a PC, phone or a lot of other devices without necessarily that looked like it was going to be knowing where those files are. The mesh service takes responsibility for a roadblock to success.” coordinating all that,” Hall explains. In his presentation at the Sanford Ray Ozzie, Chief Software Architect, Microsoft Bernstein conference, Ozzie said the opportunity for Live Mesh to flourish mid-1980s when it took on and con- pepper their speech with stats about is here, thanks to the abundance of quered Lotus in the desktop apps the large numbers of active users of cheap storage, computing power and market. Again, in December 1995, it their core online products, which the ubiquitous communications that almost overnight changed its direction include Windows Live, Hotmail and have saturated data centers and homes to focus on the Internet. Most recently, Messenger, among others. alike. He said the confluence of these it began working cooperatively with According to Brian Hall, general elements gives architects like himself the open source community, described manager of Microsoft’s Windows Live a clearer idea of where to allocate only a few years earlier as a “cancer” business, Microsoft currently has 448 resources to solve problems for both by Ballmer. million active Windows Live users, business users and consumers. In a presentation at the Sanford Bern- 350 million Hotmail accounts and Based on these resources, Ozzie says stein Strategic Decisions Conference in 300 million Messenger users. Another he has come up with three guiding late May, Ozzie attributed Microsoft’s number meant to impress people with principles for Microsoft’s product ability to adapt to wave after wave of Microsoft’s online presence is that its groups to help structure their thinking new competitors to a “culture of crisis” products account for 11 percent of all about online products and services: the company has created. Internet minutes. • The Web is the hub of a mesh for “Microsoft is a very interesting com- However, Hall contends, it’s not all people and devices. pany in that, by necessity, it’s had to just numbers, but the amount of con- • Business users have the power of build up a culture of crisis. Since the tent being generated and stored in choice as they transition from data early days, the company has faced these products. It’s also the level of centers to cloud-based computing. some amazing competitor that looked collaboration being conducted by • Developers must gravitate away like it was going to be a roadblock to both business users and consumers. from creating monolithic applications success,” he said. “It takes persever- It’s about how Microsoft might use on a single computer and toward a ance, investment and an understanding this content and collaboration to world where they use tools to create that you can’t compete by just chasing extend and build up other facets of its applications on many computers taillights. You have to find some way of consumer-oriented online strategies existing up in the cloud that can run outflanking or leapfrogging, because such as social computing, Hall adds. on a wide range of devices.

32 | July 2008 | Redmond | Redmondmag.com | 0708red_F1Ozzie30-36.v8 6/17/08 12:50 PM Page 33

Will They Come? “Everyone is going gaga over in that awkward phase of trying to figure More important to Microsoft’s online Google, but [Google] could prove the out how to make it all work,” Azaleos’ success than simply integrating the core riskier proposition given the business Gode says. components of Windows Live, Live unknowns and its being very dependent There was clear evidence of Mesh and its MSN portal will be the on one technology breakthrough, Microsoft’s ambitions for its server- number and range of services the com- namely search. Microsoft is much based online products in comments pany and its third parties can build on more diversified across markets, geog- made in late May by Chris Capossela, top of those components. This is some- raphies and developer ecosystems,” senior vice president of Microsoft’s thing the Yahoo! acquisition might says Dwight Davis, a vice president Information Worker Product Manage- have covered. Now there’s more pres- with Ovum Summit, an IT consulting ment Group. Capossela said that by sure on Microsoft than ever to develop and analyst firm with offices in Boston. 2012, some 50 percent of all Exchange platforms attractive enough for the old- Far from the media glare of its frantic seats would be hosted. By comparison, school and new-age developers upon chase to catch Google in the con- a recent Gartner Inc. report predicted whom it has always depended. sumer market is Microsoft’s online that in that same time frame, only 20 “The question is, can Microsoft come battle in the corporate world. Here the percent of those seats would be hosted. up with enough compelling services to company is quietly having a bit more “If you believe the analyst numbers turn that pile of gold—the millions of success. But even here, the company that there are 150 or 160 million active Windows Live users—into an isn’t much past the first phase of its Exchange seats out there now, and so in ongoing set of opportunities for them- strategy. At least on this battlefront, four years it could get up to perhaps selves? That’s what this services play is Redmond isn’t facing a foe attempting over 200 million, that’s a pretty extraor- all about,” says Scott Gode, VP of to fundamentally redefine both the dinary claim,” Gode says. “To me 20 marketing and product management technology landscape and introduce a percent is a more believable number.” for Azaleos Corp.—a provider of remote new business model at the same time. managed services for Exchange—and a So far, the company has shipped New Business, 15-year veteran of Microsoft. CRM Online, Exchange Online and New Model While this collection of online SharePoint Online. The first two The fact that it has taken Microsoft a products and technologies is aimed have received favorable reviews from long time to pull together its enterprise primarily at consumers, Hall says many users. The online version of online strategy isn’t surprising. There some of them will find their way into SQL Server and the Business Pro- are a number of reasons for this, not the IT shops, where corporate users could ductivity Online Suite—made up of least of which is the company’s reluc- take advantage of the same time- and cost-savings and productivity benefits. He says corporate users, especially if Can Microsoft come up with enough they’re working from home, need to “ tightly integrate their e-mails, mobile compelling services to turn that pile of phones, calendaring and contact lists with server products like Exchange gold—the millions of active Windows and SharePoint. “A key part of our Live Mesh vision is Live users—into an ongoing set of making something that’s enterprise or IT controllable, federates into the enterprise and works with storage and opportunities for themselves? That’s applications models,” Hall says. “This is in line with the general trend of the what this services play is all about.” consumerization of IT.” Scott Gode, Vice President of Marketing and Product Bulletproof by Design Management, Azaleos Corp. Despite Google’s huge lead, some analysts believe Microsoft could prove Exchange Online, Outlook Web tance to gravitate to a new business more bulletproof than Google over Access, SharePoint Online and model where it would charge customers the long haul. Redmond’s strength LiveMeeting—are in beta. The monthly fees for server-based products across several large and lucrative mar- online version of Communications and services. This type of revenue kets that span both the business and Suite is about to tiptoe into beta. would come in much smaller chunks consumer sectors, and its greater “I think of Microsoft as an adolescent than the up-front, one-time fees Red- international presence help with that even in this [enterprise] market. You mond takes in for its physical products. perception, as do generous invest- know they’re likely to grow into a Most analysts think Microsoft ments made in Microsoft Research. dashing man, but right now they’re still wouldn’t necessarily take in less revenue

| Redmondmag.com | Redmond | July 2008 | 33 Project2 6/10/08 10:16 AM Page 1

readyWho makes sure 18,000 forContinental tA Project2 6/10/08 10:17 AM Page 2

Flight crews don’t have an offi ce to check into. At Continental Airlines,® they have the Web-based Crew Communications System, where they log on, check schedules, and trade shifts. To ensure everyone arrives on time, they migrated to Windows Server® 2008. Get the full story at serverunleashed.com ra l takeoff?Airlines® crew members are 0708red_F1Ozzie30-36.v8 6/17/08 12:50 PM Page 36

Ray Ozzie

over the course of the year if it could made it clear that capability would not suite shows little signs of weakening in gracefully move to a heavily flavored be in the hosted version. And it was the the corporate arena. Office still has no annuity business model. They believe same thing with the hosted version of serious competition from traditional the company’s reluctance is rooted SharePoint. They’re going to have to competitors such as OpenOffice.org, more in what Wall Street and work out this services-server parity and Office Suite or StarOffice, nor from investors would have to say about the make clearer to users the advantages of the Web-based Google Apps. switch from the old business model to either managing these server environ- “They may have to do something the new riskier model. ments themselves or having someone with Office for online, but not any- “Software plus Services is about pro- else do it for them,” says Gode. time soon. The other reality is that for tecting [Microsoft’s] presence on the While Microsoft does have its online the Software as a Service model, the desktop and the old [business] model. server products rolling, an even bigger server stuff is more amenable to moving Who can blame them? No one wants question left hanging is when and if into the cloud than the desktop stuff,” to be the guy at the next shareholders the company will deliver an online or Ovum’s Davis says. meeting who says, ‘We were getting hosted version of Office. The venerable With Microsoft’s energies and $500 a pop for this product, but now desktop suite accounts for approxi- capital focused on online technologies we’ll be getting $5 a month,’” says Jim mately $18 billion of the $51 billion in and services the last few years, some Burleigh, CEO of on-demand inven- 2007 revenues, and it still delivers fat observers believe its online progress tory and warehouse management margins. With no serious competitors has come at the expense of neglecting solutions provider SmartTurn Inc., in the corporate space, many observers the products that continue to pay the based in Oakland, Calif. believe Redmond will wait as long as bills. The outstanding example, some Analysts also believe Redmond doesn’t possible before delivering an online point out, is Windows Vista. This is a want to cannibalize sales of its lavishly version that may not be as profitable. disaster Microsoft can’t afford to profitable core server products by “The $18 billion question is when or repeat with any more of its bread- moving to an online model too soon. will they ever have a Microsoft-hosted and-butter products competing in the “It’s a momentous decision to go from version of Office. Office is a great and physical world. a non-annuity to an annuity pricing profitable business for them right now, “All the flash, glamour and cool scheme. Once Microsoft picks out so I wouldn’t expect it any time soon,” surrounding Live Windows and annuity pricing it will be hard to go Directions on Microsoft’s Rosoff says. Mesh is blinding [Microsoft] to the back and make it more expensive,” says Azaleos’ Gode. “They certainly don’t want to leave money on the table, but All the flash, glamour and cool they don’t want to allow competitors “ to undercut them too much either.” surrounding Live Windows and Another reason for the slow, perhaps calculated move to online products is Mesh is blinding [Microsoft] to the Microsoft’s fear of alienating its large network of third-party companies that fact that someone still has to keep host and support products like Exchange. Redmond needs to find the right pricing model for its online server the basic revenue flow coming in products, and determine how to clearly differentiate the services it offers from from the core products.” those of its partners. Microsoft must also better fine-tune Michael Cherry, Analyst, Directions on Microsoft the set of capabilities it includes or doesn’t include in online server ver- Rosoff and others have suggested fact that someone still has to keep sions, as compared to the core product. that it wouldn’t be a difficult step to the basic revenue flow coming in For instance, with the first hosted turn Office 2007 into an online or from the core products,” says versions of Exchange, the company hosted service from a technical per- Michael Cherry, an analyst with omitted unified messaging. That was spective. Microsoft could use its Soft Directions on Microsoft. “One of the part and parcel of the core product Grid application virtualization it things I’d like to see come out of all and Microsoft didn’t make it clear acquired from Softricity two years this is a focus back on the fundamentals what the subsequent responsibilities ago, which could adapt Office as a of running a Windows and desktop were for customers who now had to hosted service without having to apps business.” — manage their own communications. rewrite the whole suite. “One of the nice features of Exchange Like many of its core server applica- Ed Scannell ([email protected]) 2007 was unified messaging, but they tions, though, Microsoft’s desktop is editor of Redmond.

36 | July 2008 | Redmond | Redmondmag.com | Project6 4/9/08 4:01 PM Page 1

Advertisement Speed up Your Systems in Real Time The 8 Essential Benefits of Automatic Defragmentation

ragmentation is unavoidable. function is automatic, I don’t Itwreakshavoconharddisks, The 8 Essential Benefits that have to manually check it.” F ® causing crashes, hangs and Diskeeper Provides complete system failures. 5. Saves Money and Time Diskeeper 2008 eliminates frag- As chosen by 254 Diskeeper Customers “Prior to installing Diskeeper, mentation—automatically. It’s the we were manually defragmenting. Transparent Defrag Runs Unnoticed real-time solution to your perfor- Some of the drives would take mance and reliability problems. 78% hours to defrag and within a few Diskeeper is absolutely indispens- days we would need to defrag Reliability Restored able. It speeds up boot times, makes again. Installing Diskeeper ba- applications launch faster and 77% sically paid for itself within improves the efficiency of backups Pushes System Performance to Its Peak a month by reducing off-hour and anti-virus scans. Diskeeper’s salaries.Alsothedefragmented 71% benefits have proven time and time drivesperformbetterandlast againtobeavitalpartofsystem Saves Money and Time longer. It’s a no-brainer for pro- administration. duction machines.” 71% We asked 254 of our customers what were the essential benefits of Eliminate Costly Hardware Upgrades 6. Speed Up Virus using Diskeeper. This is what they 71% Scans and Boot Ups had to say: “Diskeepersavestimeindoing Extreme Condition Defragmentation virus scans, backing up, indexing 1. Pushes System 62% and searching the files. There are Performance to Its Peak also faster download times for “We had one machine that had Defends Critical System Files from Fragmentation users because of the lower load afailingdriveinaRAID5array 61% on the defragmented RAID.” andwhenwereplacedthatdrive, performanceimprovedby300%. Speed Up Virus Scans and Boot Ups 7. Extreme Condition AndthenwhenIranDiskeeper 35% Defragmentation for a week, again it improved “OnedayourSQLServercame over 300%. A disk intensive pro- Thanks to all our customers who participated. toahalt.Idideverything:ran cess that was taking 1.5 hours is spyware software, deleted nu- now taking 15 minutes.” merous .TMP files, ran Windows® update,etc.Butnothinggottheservertorun.ThenIinstalled 2. Reliability Restored and ran Diskeeper; I found that the hard drive was horribly frag- “We use Microsoft® SQL Server®.Wewerereceivinghundreds mented. But after Diskeeper finished defragging the system, the ofmessagesperdayintheloglikethisone:SQLServerhas server came up.” encountered 21 occurrence(s) of I/O requests taking longer than 15 seconds to complete on file [E:\mssql\data\…] 8. Eliminate Costly Hardware Upgrades “Weresearchedthiserrorandfoundthatitisusuallycaused “Wewerelookingathavingtoreplaceorupgradesomeofthe bybadlyfragmentedharddrives.Whileourdrivesarepartof servers because they were so slow. Since the Diskeeper install, alargeSANsolution,wewerenottotallyconvincedthatthis theyareperformingwellenoughthatwearenolongerlooking should be causing the problem. We downloaded a trial version of at the upgrades and replacements.” Diskeeperandafterrunningit,alloftheseerrorsdisappeared! Wehavepurchased5copiesofDiskeeperandweareinstalling Diskeeperisessentialformaximumspeedandreliabilityon them on all of our production databases with the expectation to networked systems. Accelerate your systems’ performance. never see this error again!” Restore reliability. Try Diskeeper 2008 for free now!

3. Transparent Defrag Runs Unnoticed SPECIAL OFFER “The server automatically defragments only when there are idle resources. No more worrying about when I can schedule defrag- mentation, no more worrying about if the defragmentation will Try it FREE cause performance issues. InvisiTasking™ hasworkedgreatfor us on everything from file and print servers to SQL servers.” for 45 days! Download a free trial at 4. Defends Critical System Files from Fragmentation www.diskeeper.com/rdm “I have been using Diskeeper at my office on the 63 work- stations and 4 servers over the last year. The addition of Frag (Note: Special 45-day trialware is only available at the above link) ™ Shield 2.0eliminatesthetaskofmanuallychangingtheMFT. Volume licensing and Government/Education discounts are available by calling InthepastmostofmyMFTsneededadjustment.Nowthatthis 800-829-6468, extension 4048.

© 2008 Diskeeper Corporation. All Rights Reserved. Diskeeper, InvisiTasking, Maximizing System Performance and Reliability—Automatically, and the Diskeeper Corporation logo are either registered trademarks or trademarks owned by Diskeeper Corporation in the United States and/or other countries. All other trademarks and brand names are the property of the respective owners. Diskeeper Corporation t

/
(MFOPBLT
#MWE
#VSCBOL
$"

t

t
www.diskeeper.com Project12 2/4/08 2:26 PM Page 1 0708red_F2Sysvol39-43.v10 6/17/08 2:00 PM Page 39

Windows Server ou already know that Windows Server 2008 brings a lot of changes. You’ve probably heard about the product’s Read Only Domain Controllers (RODCs), Server Core and Yfine-grained password policies. There’s another factor that almost no one seems to 2008 has a new know about: Server 2008 replaces a vital piece of Active Directory. This change is along the lines of replacing the engine in your car as you’re driving 70 miles per hour down the highway: way to migrate If done badly, it could shut down Group Policies and negate your log-on scripts. You’ve worked so hard to get every security setting configured into a Group Policy. Don’t Group Policies. let replicating those changes from one domain controller (DC) to another be your downfall. There’s a special folder that contains your Group Policy settings, default profiles and log-on/log- off/startup/shutdown scripts. This folder is created and shared when you successfully pro- mote a member server to a DC by running DCPromo: it’s called Sysvol.

By Rhonda Layfield

ILLUSTRATION BY ROBERT KAYGANICH | Redmondmag.com | Redmond | July 2008 | 39 0708red_F2Sysvol39-43.v10 6/17/08 10:22 AM Page 40

The Distributed File System Replication lets you carefully create and review your selections when using the Sysvol folder for Group Policy migration.

There should be a Sysvol folder on every DC. When a user Domain Functional Level. You should see an appropriate logs on to a computer that’s a member of a domain, their dialog box after that. Group Policy settings, profiles and scripts are downloaded Starting from the top: my domain name is Bigfirm.com. locally from a DC’s Sysvol folder. It makes sense that all The current domain functional level is Windows 2000 DCs need to have the exact same Sysvol content. If some- Mixed (yours might be Windows 2000 Native). In the thing changes on one DC (usually the PDC Emulator), you “select an available domain functional level” drop-down need to copy, or “replicate,” those changes to all other DCs. list, choose Windows Server 2003 and click the Raise button. In the past, we had no choice. The engine that replicated Next, from the Server 2008 DVD’s Sources\Adprep folder Sysvol was the File Replication Service (FRS). Any net- run Adprep /domainprep from a command prompt as I did work admin who has had the pleasure of troubleshooting earlier with the forestprep switch. Then upgrade the PDC morphed files and folders or journal wraps can attest to the and all DCs to Server 2008. Last, you can raise the fact that FRS’s replication of Sysvol leaves a lot to be Domain Functional level to Server 2008 (just like you desired. Server 2008 finally offers a new replication engine raised it to Server 2003). option: Distributed File System Replication (DFSR). Before you begin your migration, I highly recommend that DFSR was first introduced in Windows Server 2003 R2 you test Sysvol replication to ensure it’s working properly. but could only replicate Distributed File System Name- FRSDiag is a free tool you can download from Microsoft’s spaces (DFSNs). Sysvol was still a slave to FRS. Here, I’ll download site. This tool lets you perform a propagation test, explain the process to migrate from FRS to DFSR for your which will create a brand-new file in Sysvol and track its Sysvol replication step-by-step. replication progress so you can see if any DCs are currently having replication issues. To perform a propagation test Before the Migration using FRSDiag, click on the Tools menu and choose To begin with,my environment is a Windows Server 2003 “Propagation File Tracer.” SP1/R2 domain named Bigfirm.com (migration from FRS If your Sysvol is healthy and replicating throughout your to DFSR is performed at the domain level). Bigfirm.com domain, make a backup of Sysvol. However, I prefer the contains two DCs named FRSRIP (PDC Emulator) and idea of taking a DC that’s current with AD and doing DC2. I like to run the migration process from the FSMO Sysvol replication completely offline, physically unplug- role holder of the PDC Emulator. ging it from the network. I like this approach just in case I So, from the PDC Emulator put in the Server 2008 need to quickly get it back up and running. This doesn’t DVD, go to a command prompt, change the drive letter to have to be a physical machine; it can be a virtual machine your Server 2008 DVD, change directories to the (VM). VMware Inc. makes it a snap to put a VM on a custom \Sources\Adprep folder and run Adprep /forestprep. Next subnet so it can’t talk to any other machines that are not you’ll need to raise the domain functional level to Server also on the same subnet. At this point you should place 2003 if it’s not already there.To raise the domain functional Sysvol in a lockdown state. There should be no changes level to Server 2003, open Active Directory Domains and that occur in Sysvol until the migration is complete. I’ll Trusts, right-click your domain name and choose Raise explain why a little later.

40 | July 2008 | Redmond | Redmondmag.com | 0708red_F2Sysvol39-43.v10 6/17/08 10:22 AM Page 41

Migration GlobalSettings will replicate from one DC to another until Before we get into the actual migration process, I’d like to all DCs have the object. Then, the msflags attribute is set give you a 10,000-foot view of what’s supposed to happen at based on what state the migration process is in at the time. each step along the way. I like to call these steps stages, while To begin with,the msflags attribute will be set to 16. So if Microsoft calls them states. First, you should know there are you brought up a new DC in the middle of migration— two different types of stages/states: Stable states and Transi- though this is not recommended—the fact that this msflags tional states. The stable states mark the big milestones of the attribute is set to 16 would tell DFSRMig to begin the migration process, where the Transitional stages can be migration process. Sometimes you may have one DC that’s viewed as the “working processes” that take you from one taking to long to get to state 1, like my DC named DC2. I’ll stable state to the next. Again, I can explain the states and what happens in each. The tool used for migration is a Any network admin who has had the pleasure of command-line utility called DFSRMig.exe and can be found on a Server 2008’s Windows\System32 folder. troubleshooting morphed files and folders or All DCs begin at state 0. State 0 means that all DCs are journal wraps can attest to the fact that FRS’s currently replicating the SYSVOL folder using the FRS. replication of Sysvol leaves a lot to be desired. Microsoft recommends running the DFSRMig.exe utility on the PDC Emulator. To kick off the migration process on the PDC Emulator, open a command prompt and type need to move it along a bit by forcing AD replication (to get the following: the DFSR-GlobalSettings object) and then force dfsrdiag to Dfsrmig /SetGlobalState 1 read the AD object. To force replication,you’ll use the You should see the following output: repadmin command-line utility, which looks like this: Current DFSR global state: 'Start' Repadmin /replicate destinationDC sourceDC New DFSR global state: 'Prepared' domain components Migration will proceed to ‘Prepared’ state. DFSR service So, my sourceDC that I know contains the DFSR- will copy the contents of Sysvol to SYSVOL_DFSR folder. GlobalSettings is FRSRIP and the DC that’s taking too If any DC is unable to start migration, try manual polling, long to begin the migration process is DC2, which will or Run with option /CreateGlobalObjects. Migration can be the destinationDC for the DFSR-GlobalSettings take anywhere from 15 minutes to one hour to start. object. Here’s an example: Repadmin /Replicate DC2 FRSRIP Succeeded dc=bigfirm,dc=com The DFSRMig commands are not case-sensitive, so dfsrmig To tell dfsrdiag to read the AD object, I would type the /setglobalstate 1 would have worked as well. State 1 is following from a command prompt: called the Prepared state, but to get to state 1, Transitional C:\ dfsrdiag pollad states 4 (T4) and 5 (T5) must be performed. What do they If this doesn’t work, then you’ll have to manually create do? T4 creates a new object in Active Directory Users and the SYSVOL_DFSR folder in the Windows folder—the Computers (ADUC) that will be used for DFSR replica- same folder as the existing Sysvol—and run the robocopy tion of Sysvol (very similar to the File Replication Service command to populate the SYSVOL_DFSR folder. object that exists for FRS). The new object is named The log file that tracks the migration process can be DFSR-GlobalSettings and can be found in the System found in the Windows\Debug folder. It’s named Dfsr- container; you’ll need to click the View menu and choose Mig_###.Log through however many log files there are. Advanced features to see the System Container and it’s On my system at this point I had three: contents. T5 creates a new folder in the Windows folder DfsrMig_001.Log.gz, DfsrMig_002.Log.gz and Dfsr- named SYSVOL_DFSR; you can see this in Windows Mig_003.Log. Explorer. Then, robocopy runs the following command: The extension of .gz shows that once a file is full it’s ROBOCOPY c:\Windows\Sysvol\Domain c:\Win- compressed using Gzip. You can check to see if all your dows\Sysvol_DFSR\Domain /Copyall /MIR /B /R:0 DCs have reached the prepared state by typing the following /XD "Do_Not_Remove_NtFrs_PreInstall_Directory" command at the command prompt; I always do it on the "DfsrPrivate" "NtFrs_Prexisting__See_Eventlog" PDC Emulator: "NTFRS_CMD_FILE_MOVE_ROOT" /XF Dfsrmig /GetMigrationState "DO_NOT_REMOVE_NtFrs_PreInstall_Directory" You should get a listing of all DCs and the state they’re "DfsrPrivate" "NtFrs_PreExisting__See_Eventlog" currently in. In the following output I have two DCs, "NTFRS_CMD_FILE_MOVE_ROOT" FRSRIP (PDC Emulator) and DC2: This copies the Sysvol and domain folders from the The following Domain Controllers are not in sync Sysvol folder to the new SYSVOL_DFSR folder. with Global state ('Prepared'): The object created in ADUC called DFSR-GlobalSettings Domain Controller (Local Migration State) - DC Type contains an attribute named msflags. The object DFSR- ======

| Redmondmag.com | Redmond | July 2008 | 41 0708red_F2Sysvol39-43.v10 6/17/08 10:22 AM Page 42

======IPTS DC2 ('Start') - Writable DC SYSVOL = Windows\SYSVOL_DFSR\sysvol FRSRIP ('Waiting For Initial Sync') - Primary DC If you’re following the progress in the event logs you Migration has not yet reached a consistent state on should see the following events in the DFS Replication all Domain Controllers. event log: State information might be stale due to AD latency. Event ID 8008: The SYSVOL migration global state is If you’re tracking things through event viewer you should set to 'Redirected' and the current local state is 'Pre- see the following events in the DFS Replication event log: pared'. Event ID 8000: The DFSR global settings have been Event ID 8015: Starting the process of redirecting created. replication of the Sysvol share on DC FRSRIP. NTFRS Event ID 8008: SYSVOL migration global state is set will continue to replicate the Sysvol share located at to 'Prepared' the current local state is 'Start'. C:\WINDOWS\SYSVOL until the local state transi- Event ID 8010: DFSR will now create the tions to 'REDIRECTED'. SYSVOL_DFSR folder, and objects in the local AD. Event ID 8017: DC FRSRIP has successfully migrated Event ID 8012: DFSR has successfully created the to the 'REDIRECTED' state. DFSR is replicating SYSVOL_DFSR folder. SYSVOL_DFSR folder located at Event ID 8008: DFSR has started the transition to C:\WINDOWS\SYSVOL_DFSR. global state 'Prepared'. TO CONTINUE MIGRATION: If you choose to continue Event ID 1210: DFSR successfully set up an RPC lis- the migration process and proceed to the 'ELIMI- tener for incoming replication requests. NATED' state, it will not be possible to revert the Event ID 6804: DFSR has detected no connections migration process. The Sysvol folder located at configured for replication group Domain System C:\WINDOWS\SYSVOL will be deleted. Volume. No data is being replicated for this replica- At this point the old Sysvol folder is being replicated tion group. And the Replication Group and Member using FRS—it isn’t shared any more, but that’s no problem ID GUIDs for FRS—and the new SYSVOL_DFSR folder is being Event ID 4112: DFSR initialized the replicated folder replicated with DFSR. Remember that long and ugly at local path C:\WINDOWS\SYSVOL_DFSR\domain. robocopy command that ran in T5? Well, if someone were This member is the designated primary member for to edit a log-in script, or anything else, that lives in the old this replicated folder. Sysvol folder, those changes would never get copied to the – SYSVOL Share new SYSVOL_DFSR folder. This is the reason you want – Replicated Folder ID: GUID Sysvol to be in lockdown. Of course, when you have many – Domain System Volume admins, there’s always the chance that someone will edit – Replication Group ID: GUID something in the old Sysvol folder and then be very sur- – Member ID: GUID prised when they can’t get the changes to work.

The Re-Directed State To prevent people from making changes in the When you type DFSRMig /getmigrationstate at a command prompt and receive the following message, wrong folder you can move to the last state— migration has reached a consistent state on all DCs: called the Eliminated state—but, beware, there’s All Domain Controllers have migrated successfully to Global state ('Prepared'). no rolling back from this state. You’re ready to move onto the Re-Directed state.The purpose of this state is to direct the old Sysvol share to the At this stage, if you were to edit a Group Policy by new SYSVOL_DFSR folder. To do that,Transitional state launching GPMC.msc, you’d now be connected to the new 6 (T6) runs. T6 edits the registry key HKLM\System\ SYSVOL_DFSR share. To prevent people from making CurrentControlSet\Services\Netlogon\Parameters and changes in the wrong folder you can move to the last sets the SysvolReady key to False, then the Sysvol path is state—called the Eliminated state—but beware, there’s no changed to \WINDOWS\SYSVOL_DFSR\sysvol. rolling back from this state. Then the SysvolReady key is set to True and you’re back In the Eliminated state Transitional state 7 (T7) runs.T7 in business, but now your Netlogon and Sysvol shares actually deletes the old Windows\SYSVOL folder. FRS point to the new directory. If you go to a command continues to run, just in case you have some distributed file prompt after this completes and type C:\ Net share, then systems that are being replicated with FRS. you should see the following paths for your Netlogon and SYSVOL shares: Oops, I Changed My Mind Netlogon = Microsoft has built in rollback capabilities to the migra- Windows\SYSVOL_DFSR\sysvol\DomainName\SCR tion process in case you change your mind. For example,

42 | July 2008 | Redmond | Redmondmag.com | 0708red_F2Sysvol39-43.v10 6/17/08 2:37 PM Page 43

if you had migrated to state 1 you could go back to state Event ID 8004: The NTFRS member object for the 0 by typing: Read-only Domain Controller FRSRIP was deleted dfsrmig /setglobalstate 0 successfully. If you had completed migration to state 2 you could roll- I’m not exactly sure why I got the 8004 event. This DC back to state 1 by typing: was a read/write DC, not a read-only DC, so if you get one dfsrmig /setglobalstate 1 as well, know that it’s probably OK. But if you migrated to the Eliminated state, the old Event ID 8019: DFSR has successfully migrated the DC SYSVOL is gone and there’s no rollback procedure for FRSRIP to the 'ELIMINATED' state. DFSR migration for this. You should be fully committed to DFSR replicating the Domain Controller FRSRIP is now complete. SYSVOL before you go to state 3. Once state 3 is com- There are certainly many more questions that need to plete you’ll see the following four events in the DFS be answered about SYSVOL and DFSR. These questions Replication event log: include: Now that DFSR is replicating Sysvol, how often Event ID 8008: The SYSVOL migration global state is does it happen? What kind of control do you have over set to 'Eliminated' and the current local state is Sysvol’s replication? Can you change the schedule of how 'Redirected'. often replication occurs? What sort of control do you Event ID 8018: DFSR will now migrate the DC have over how much network bandwidth Sysvol’s replica- FRSRIP to the 'ELIMINATED' state. Please note that tion uses? What monitoring tools are currently available there is no going back. DFSR will now proceed to that can give you the entire picture of Sysvol’s health in delete the SYSVOL share located at your domain? C:\WINDOWS\SYSVOL. DFSR will also delete the These are questions to be answered in future articles. But local Active Directory objects corresponding to if you’re one of the admins who has been waiting for FRS NTFRS and the NTFRS member object for the to be replaced, it’s time to rejoice. DFSR is a much more Domain Controller FRSRIP. The NTFRS service will scalable and robust replication engine than FRS ever also no longer depend on the NTDS service. dreamed of being. Additional Information: Sysvol NTFRS folder: C:\WINDOWS\SYSVOL Rhonda Layfield ([email protected]), MCT, NT/2000/2003 Domain Controller: FRSRIP MCSE, MCSE: Security, is a consultant and trainer. Las Vegas October 13-17, 2008 The Mirage

IIn-Depthn-Depth ITIT TrainingTraining forfor WindowsWindows ProfessionalsProfessionals

Don’t Gamble with Your Network! Join IT professionals for 60 sessions worth of deep technical content presented by industry experts and professional educators. These knowledgeable instructors will give you techniques and strategies to automate, design, migrate, manage, secure, optimize and control Microsoft Windows server systems.

• Did you just inherit a disastrous network? • Do you need to fi x something before Find out why 97% of it breaks? attendees reported they • Are you tired of being pigeonholed in met their goals at last your job? year’s Las Vegas event. • Do you want to pick up new Visit: IT bomb squad skills? www.TechMentorEvents.com/LV

Learn Valuable Tips, Techniques and Strategies at TechMentor Las Vegas

Windows Fundamental Automation & Windows PowerShell Windows Technologies Becoming an IT Architect Proactive Windows Management Exchange Server Administratio

Virtualization Windows Security, Auditing, & Compliance Register by August 6, 2008 and save $300! www.TechMentorEvents.com/LV 1-800-280-6218

Media Sponsors

6/11/08 2:18:41 PM 0708red_F2UC45-50.v5 6/17/08 10:24 AM Page 45

The Unified Communications Puzzle

ISVs look to fill in hen we’re communicating with someone else, we let some of the pieces the medium dictate the contact. It determines how we exchange information, maintain contacts’ of Microsoft’s unified records—even how we speak or write. E-mail has its Wown client, server and set of protocols. It’s the same communications vision. deal with telephone service. Instant messaging (IM) also has its own set of rules. Even if we’re talking on the telephone, it matters if we’re using a By Peter Varhol traditional telephone company, a wireless provider or Voice over IP (VoIP).

GETTY IMAGE | Redmondmag.com | Redmond | July 2008 | 45 0708red_F2UC45-50.v5 6/17/08 10:24 AM Page 46

Unified Communications

Here’s where The Next Big Thing will play out for single UC platform. The goal was to deliver a platform Microsoft. It’s not about advertising or the Web or services: for routing communications to specific devices based on It’s about unifying how we interact with others using tech- the needs of the individual at that moment. nology. Microsoft is willing to leave face-to-face interaction Why should large IT shops care? Today, responsibility alone for now, but anything that puts electronics and soft- for enterprise communications is broken up among different ware in the middle is fair game. Unlike advertising, it’s a groups, including server, telecom and even facilities. The natural extension for Microsoft, as Windows already handles ability to bring responsibility for enterprise communica- many types of non-voice communications, including voice tions under a single umbrella can bring significant services like Skype. efficiencies for enterprises as they seek to maximize investments in telecommunications, Internet and complementary technologies. As far as users are concerned, the need “Office Communications Server for myriad gadgets hanging from their offers the best way for us to work belts becomes a thing of the past. No longer do users have to battle phone, with Microsoft technologies. e-mail, IM, text and other communica- tion formats. There’s also the potential In time, it will be thought of for fewer support calls to make devices as a kind of switch for work together. Today, how we communicate depends on communications between the both the medium and the device. For example, for a Web meeting, we typically end user and the transport.” use a computer to transmit and receive John Joseph, Vice President of Marketing, Envox Group presentation slides or demonstration views. We use a telephone for the audio portion. We can record both—either with software or a voice-recording device—but Microsoft envisions a seamless blend of media that auto- merging the recordings requires mixing software or a studio. matically changes and adapts based on the user’s needs at We should be able to do all of that from a single device, that moment. The goal is to tie different media to different using integrated software and approaches. Microsoft wants devices in such a way that as they work in concert, they that device to be the PC, and is delivering tools and make you more productive and not dependent on certain roadmaps to help make that happen. devices to communicate in certain ways (see “Microsoft’s Vision for Unified Communications,” p. 47). Will the ISVs Be There? ISVs that specialize in communications have good reason Promise or Peril? to support Microsoft, especially those serving markets like So where does the large and diverse community of call centers. There’s good business supporting Microsoft’s independent software vendors (ISVs) stand on the issue? initiatives, especially those clearly on a growth track, such Microsoft has been pushing unified communications as unified communications. (UC) in one form or another for at least five years, with Most communications vendors are treading carefully. little market acceptance outside of call centers. In 2004, it The initiative is broad and encompassing, so almost released Microsoft Speech Server, which was meant to every vendor working with Microsoft on UC is now help you route e-mails to your voicemail system and examining their core competencies and determining aggregate calls from several different numbers to a where they fit in. That may be the most difficult thing central repository. for ISVs—figuring out how and where their technolo- That announcement also included the notion of a gies and strategic direction fit with Microsoft’s roadmap partner ecosystem. At the time, Microsoft announced and architecture. new business alliances with Hewlett-Packard Co., Even those committed to supporting the Microsoft platform Motorola Inc. and Siemens AG to deliver on its vision of are taking it a step at a time. unified communications. HP provides hardware devices “It’s a broad and ambitious vision,” says Robert Clark, an and systems-integration services for new and enhanced analyst for Technology Strategy Research.“There are products based on Microsoft’s UC platform. Motorola many parts to it. Individual vendors can’t support all of delivers mobile devices and network hardware. Siemens them, or even a big chunk of them. They have to look at works to transform telephony, audio-, video- and Web- their core competencies as well as Microsoft’s grand plan, conferencing services, instant messaging and e-mail into a and see where the touch points exist.”

46 | July 2008 | Redmond | Redmondmag.com | 0708red_F2UC45-50.v5 6/17/08 10:24 AM Page 47

There’s even more to consider. Microsoft is experienced with the technology practice of “co-opetition” with part- ners in specific markets, so ISVs also have to ask whether Microsoft’s Vision for or not they can add unique value in an area Microsoft is Unified Communications unlikely to enter in the near term. More often than not, they have to devote a significant amount of resources to keep up with new Microsoft platforms and stay ahead of Here’s what Microsoft sees on the horizon competitive offerings. for unified communications (UC). Standards are a big factor. Emerging technologies— VoiceXML, the Session Initiation Protocol (SIP), service- The computer starts to work like a phone. oriented architecture (SOA) standards and the H.323 bill To call someone, you just click on his or her before the U.S. House of Representatives—will help name. The computer places the call. vendors better understand how they can work together. Microsoft is better at supporting standards than it has been The phone starts to work like a computer. in the past. It’s also more willing to work within the con- With UC technologies, you click to call. Click fines of those standards. This makes it easier for partners once more and you can launch a conference to fill in the missing pieces of Redmond’s solutions. call. Do you need video? That, too, is just a Microsoft cites many industry partners who are con- click away. tributing technologies and services in the fulfillment of its roadmap. In fact, this list of partners is so long that it’s nat- Voicemail becomes e-mail. When voice- ural to wonder if the company simply accepted everyone mail becomes e-mail, you can annotate who asked to be a partner, or if there’s a grand strategy and forward it just like any e-mail—to a behind those extensive partnerships. single person, to a group or team, or to an One path ISVs can pursue is to adapt existing products entire department. to ensure users are more productive. For example, Quest Software Inc. has enhanced its MessageStats and VoIP as you are. Microsoft Office Password Manager products to integrate with Microsoft Communications Server 2007 delivers Office Communications Server 2007. Quest customers presence and instant messaging, plus audio can use the MessageStats Report Pack in that server and video conferencing. It also integrates software to assess the cost-efficiency of their UC envi- with many existing telecommunications ronment. The voice-driven version of Quest Password infrastructures, including PBX systems. Manager lets users reset passwords over the phone. These steps are real improvements in IT responsiveness UC streamlines infrastructure. Microsoft’s and productivity. UC technologies use Active Directory to HP has singled out Office Communications Server unify the entire corporate directory: 2007 support as a part of its UC strategy. “Office Com- names, PBX extensions, e-mail addresses munications Server 2007 speeds up the process of real-time and log-ons. communications and transforms it into real-time busi- ness,” explains Mike Grady, portfolio manager for HP Use speech technology for self-service via services, consulting and integration, Microsoft messaging the telephone. Voice portals let you get to and unified communications. Besides supporting this and information using natural language. other off-the-shelf systems and other hardware, the Microsoft Office Communications Server company focuses on bringing value-added services and 2007 helps deliver communications through software to the Microsoft solution. HP also tests Office speech-enabled, self-service applications via Communications Server with different hardware and in the telephone. different configurations. One area that could contribute effectively to UC is Phone calls become digital assets. You application development. One vendor supporting can log, review, publish and archive voice Microsoft’s strategy through integration with its premier conversations and messages. Having Visual Studio development environment is Envox Group. records and recordings of every phone call The company’s CT ADE is a widely used interactive is growing increasingly important as voice response tool for building applications using UC businesses attempt to fulfill legal and technologies. It can create IP communications solutions, regulatory requirements. including video messaging, short message service (SMS) —P.V. and conferencing solutions, and can leverage Microsoft

| Redmondmag.com | Redmond | July 2008 | 47 0508red_BrocadeAdvertorial_final 4/8/08 3:32 PM Page 1

ADVERTORIAL

Where Are All Those Files? f this question is hard to answer now, or branch office are fully as essential as the think about how it will be in a scant few files in the headquarters network. months. The number of files to be managed in your data center only keeps The consequences of minimal to absent file growing, with no real end in sight. management include costs run wild, and a I level of complexity that would frustrate the The question is going to be asked by your calmest systems or storage administrator. company’s executives, government auditors, The consequences consultants, lawyers, judges, your account- A business-threatening helplessness of minimal to ing firms and your own subordinates. embodied in the “I’m not sure…” answer is not new to the data center. In the 1990s, absent file And you will have to supply them with the move to open systems empowered the management answers. “I’m not sure…” is an increasingly data center to use and share the storage threadbare option, assuming it remains an infrastructure broadly across business include costs run option at all. processes. wild, and a level of complexity that For the most part, the files that are The solution to the complexity at that time processed and preserved in the data center was the Storage Area Network (SAN), which would frustrate the are business records—records vital to handles block-level data. The SAN is a high calmest systems ongoing transactions and operations, speed sub-network made up of shared policy-making in corporate governance, storage devices. A SAN makes those or storage compliance with government regulations, or devices available to all servers in a LAN or administrator. “e-discovery” for litigation support. WAN. In most cases, the server merely acts as a pathway that traffics data between the The raw numbers of the files that an user and the storage repository. enterprise needs to manage is intimidating, but providing data access and management Enter FAN across a geographic crosshatch is downright Fast forward to the modern day, where a large fearful. The records processed in a remote and growing number of business records take

To read the Brocade white paper, go to: Redmondmag.com/showcase/brocade/take_control 0508red_BrocadeAdvertorial_final 4/8/08 3:32 PM Page 2

the form of files, especially “unstructured” important to remember that all file data is files like .doc files in Microsoft Word or .ppt ultimately stored in block format, and block Powerpoint presentations. The growing data is now routinely stored on a SAN. number of files, the complexity of the file system, and the business-based demand for Where Are All Those Files prompt and ready access and retrieval called Enterprise data centers are not the only out for the same kind of solution that block- ones being asked this potentially damaging based data management enjoys. question. According to Government Executive.com in October of last year, the That solution is here and now, in the Internal Revenue Service could not find more expansion of the “area network” architec- than 10 percent of case files requested in ture to files—the File Area Network (FAN). recent audits. IRS generates millions of Articulated by industry consultant Brad paper or electronic files each year on tax O’Neill in 2006, a FAN is simply a logical returns, audits, investigations and other way to describe the hardware and software actions, often sending them to storage technologies used to sites when closed. The Federal Records Act organize, route, and other mandates require keeping the switch, and provide records ready for review. consistent access to those massive But in a September 2008 report, the amounts of files. The Government Accountability Office (GAO) ultimate goal of a FAN said an inability to find files often creates is to provide a more problems for the agency and taxpayers. flexible and intelligent The report says IRS’ Wages and Income platform to move and Division, in a recent review, could not manage your file data provide 46 percent of 900 requested cases in the most cost- within 25 days to meet scheduled tax court effective and dates. GAO cites several instances where controlled manner. the IRS filed liens for tax debts but lost the revenue when it could not locate original A full range of At a fundamental level, FANs provide files for a hearing. Brocade Information several key functions: Management Solutions Every file has three states of existence: at are as close as a • Enterprise-wide control of file informa- rest, in transit, or in use. And your business mouse click. tion, including the management of file expects you to know where they are. They attributes care that you can provide them accurately • The ability to establish file visibility and and in a timely fashion. The question is, access rights regardless of physical “How quickly can you get them?” You have device or location to optimize for retrieval. • Non-disruptive, transparent movement of file data across platforms and/or Your response: “I’m not sure…” will no geographical boundaries longer serve. The other question: “Isn’t • The consolidation of redundant file backup enough? I’m storing things already... resources and management tasks If I need it I can find it because it’s there somewhere” is just another way of saying A FAN is not a SAN, but SANs are a you’re not sure. The problem is, what you’re requirement for the most robust FAN really being measured on is how quickly you solutions, and FAN solutions consist of can get the files out and useful. Timeliness tools that SANs simply cannot provide. The is king, and a FAN architecture enables time- fact that FANs make management easier at liness as well as management confidence. the file level allows for continued growth in To access the Webinar and white paper data on the underlying storage subsystems, on this subject, go to RedmondMag.com/ which are usually SAN attached. It is showcase/brocade/take_control 0708red_F2UC45-50.v5 6/17/08 10:24 AM Page 50

Unified Communications

.NET technologies in building complete Windows- that it provides and make sure both the platform and integrated applications. applications can use it to its fullest advantage. ISVs like Envox look to Microsoft and other vendors to provide a platform for applications and services. These Moving Target vendors typically pick the segment or component where Perhaps the reason Microsoft’s UC strategy hasn’t yet they can add the most value for the most users. achieved broad market appeal is because it remains a moving “Office Communications Server offers the best way for target. Communication has meant dramatically different us to work with Microsoft technologies,” says John Joseph, things, even over the short span of four years. Efforts to Envox’s vice president of marketing. “In time, it will be unify emerging technologies and techniques are likely to thought of as a kind of switch for communications between be a never-ending proposition. If the goal line is always the end user and the transport.” being moved forward, Microsoft has to modify the details Joseph believes that, in time, the term “unified commu- of its message almost annually. That’s not conducive to nications” will become a misnomer. “It will just be convincing organizations its approach isn’t vaporware. communications,” he predicts. Whether voice, data or Another obstacle is that unified communications sounds some combination—it won’t matter to the user, who will nice on paper, but few groups use all the different media it have a single device to access all communications. encompasses. For many interested in bringing together Of course, some ISVs are practicing a similar form of two or three communications platforms, the entire strategy co-opetition as Microsoft. Cisco Systems Inc., for example, and its components can be difficult to comprehend. is a Microsoft partner in its UC strategy. It’s also pursuing a similar path of its own. Cisco takes a hardware focus, which both capitalizes on its strengths and differenti- “Office Communications Server ates itself from Microsoft by working lower 2007 speeds up the process in the communications stack. At the foundation of the Cisco UC of real-time communications solution is its Cisco Unified Communica- tions Manager. Many of the solutions on and transforms it into top of that product, such as Microsoft real-time business.” Windows, are either provided by partners or offer a large additional hardware Mike Grady, Portfolio Manager for Services, component. The Unified Communications Consulting and Integration, Microsoft Messaging Manager provides call processing for and Unified Communications, Hewlett-Packard Co. different combinations of applications, devices, networks and operating systems, bringing together data and communica- tions into a single point. The value of the product, Even though it remains a solution in search of a problem however, depends on both the server OS and the commu- to some extent, Microsoft’s vision for unifying a wide range nications applications. of communications media is an important missing link in The co-opetition between Microsoft and Cisco is the puzzle. It provides both direction for those implementing necessary because no one vendor, including Microsoft, the solutions, and expectation management for those seeking has all the pieces. Microsoft doesn’t make communica- those solutions. tions hardware, and it’s a relative newcomer to the world Vendor support is mandatory because many of the of communications standards. pieces of this puzzle are beyond Microsoft’s core Windows is the clear software platform of choice as the competencies and resources. Even as Redmond defines a integration point for communications applications. compelling vision of voice, IM, SMS, e-mail and other Microsoft needs the credibility offered by both hardware technologies integrated and accessible through a single vendors and application vendors in order to provide a device, it’s apparent that Microsoft can’t deliver on that credible solution. Additionally, the company needs to win vision alone. So while the chances are good that you’ll over those application vendors who have already use products like Windows and Office Communications established themselves in the telecom or data communi- Server as the base for your unified communications plat- cations markets. form, the applications are likely to come from a wide On the other side, Cisco has the IP hardware that’s per- variety of sources.— vasive in the enterprise and across the Internet, but lacks a single OS upon which it can deliver communications. Peter Varhol ([email protected]) is Redmond magazine’s Cisco has to take the foundation for IP-based communication executive editor, reviews.

50 | July 2008 | Redmond | Redmondmag.com | 0708red_Never51.v6 6/17/08 2:04 PM Page 51

NEVER By Derryl Steib and AGAIN Byron Sisson Please Tell Me That Was a DDS-2 Tape

t was December 1999—just a few days before the big Y2K Which One Is for Production? New Year’s Eve bash. I was working at a privately owned By Byron Sisson

company that ran an AIX-based Fixed Assets system on an t my first job as a DBA and IBM RS/6000. The database was Oracle and the backup developer, I was working on an I application designed to automat- system was ARCserve. We also ran ARCserve on our Novell and Aically charge credit cards. I was provided with a set of credit-card num- Windows NT 4 systems. The AIX system At this point, I was going through bers to use for testing. used DDS-2 tapes; NT used DDS-3. everything I could think of, including I edited some customer records in the We had recently moved an application rebooting AIX and recycling power on development database to use the test from the RS/6000 to a new AS/400 the tape drive. We even pulled out the old numbers and submitted charges to the server. The move freed up some badly hard drive and shipped it to a company bank to test the application. However, I needed space, which let us move Fixed that specializes in restoring data. No dice. failed to change the connection string Assets to a larger drive. The plan was As I was examining the tape I had to point to the development database, relatively simple: Stop Oracle, back up used for the current successful backup, so I was running up some huge bills on the drive, mount the file system on the I found to my horror it was a DDS-3 a few customer accounts before I new drive and restore the tape. tape. I tried restoring it to an NT drive, caught my mistake. I contacted the bank I had done something similar a year but NT ARCserve wouldn’t recognize and got them to back the charges out earlier when we purchased it. I called ARCserve and explained the before they went through or appeared an external local situation, but they were not able on anyone’s statements, but I never storage cabinet. I to come up with a solution. heard if I obligated enough credit that loaded a new tape So there I sat, at anyone had real transactions declined. and went through 11:30 p.m. on that I was saved by the fact that I immedi- the process of epic New Year’s ately recognized my error. The devel- backing up the Eve, restoring opment database was simply a restored system. Then I a two-week- backup of the production database and removed the file old tape. our volume was low enough so that the system and Fortunately, credit-card information was unchanged mounted the new our Fixed since the backup was made. I was able 9GB drive with the Assets accountant to update the production data from the same name. had hard copies, but development database. As I kicked off ARCserve had to re-enter everything The moral of the story? Always double- and started the restore process, from the lost two-week period. To check when switching between devel- the tape ejected and the job canceled. I this day, I don’t think she has ever really opment and production data. Always put the tape back in and kicked the forgiven me. keep current backups of data, and restore off. Again, it ejected and the job We replaced the Fixed Assets system never, ever let a rookie DBA be the sole canceled. That’s when I started sweating. two years later and stopped using ARC- DBA and developer on any project. Next I dug through the backup logs, serve. I’ll never use it again. — The good thing that came out of all and found that my evening backup jobs this for me was I didn’t do any perma- had been canceling consistently due to Derryl Steib has been in IT for 20 years. nent damage and it made me extremely the lack of hard drive space. After dig- gun-shy very early in my career. — ging through tape libraries, the earliest What’s Your Worst IT Nightmare? Write up your story and e-mail it to Ed successful backup of Fixed Assets I Scannell at [email protected]. Byron Sisson is an IT professional from could find was a full two weeks old. Orlando, Fla.

ILLUSTRATION BY MARK COLLINS | Redmondmag.com | Redmond | July 2008 | 51 October 5-7, 2008 Arizona Grand Resort Phoenix, Arizona

Register by July 30 and Save $300

Adapting Architecture for Agility in Your Business

Gear up your enterprise architecture for a new era of social networks and direct customer communication. Find out how to create and adapt architectures for new models of end user and customer interaction, including blogs, wikis, social networking servers, and an entirely new generation of models and tools. The Enterprise Architect Summit will also include the latest trends from top industry experts on enterprise architecture methodologies, service-oriented architecture implementations, and innovative new techniques for building systems that last. You’ll have many networking opportunities with peers from other organizations, enabling you to share ideas and hear fi rsthand about what approaches worked and why. You’ll take away expert analyses, a dynamic network of enterprise architecture peers, and new concepts ready to implement.

Secure your spot at this exclusive event today! Register now for the Summit and you’ll receive a complimentary round in the Enterprise Architect Summit Classic golf tournament at the Arizona Grand Golf Course. Call 1-800-280-6218 today or visit us online at www.EASummit.com/AR Take Your Business to the Next Level at Enterprise Architect Summit

Day One - Sunday, October 5 Enterprise Architect Classic Golf Tournament Workshops Best Practices Strategy Boardroom to Code: Best Practices and Case Study for SOA and Domain Modeling Business/IT Alignment Welcome Reception

Day Two - Monday, October 6 Microsoft Breakfast Keynote: Visit www.EASummit.com/AR for more information Best Practices Strategy Collaborative Governance: Social Networking and the Enterprise Extending SOA to the Desktop SOA Program A Complete Approach to SOA Success Enterprise Communities: SOA Collaboration from a Business Perspective Lunch Keynote: SOA Report Card Supporting Web Services: A Balancing Act between Panel: The Impact of Social Media on Enterprise Architecture Strategies Customer Satisfaction and Cost Reduction DSM: A Bottom-Up Analysis to a Top-Down View of Software Architecture Implementing a RESTful ESB Exhibitor Reception

Day Three - Tuesday, October 7 Keynote: Enterprise Architecture: A Journey, Not a Destination Best Practices Strategy Frankly Speaking: Frameworks and Their Value in the EA Process Visit www.EASummit.com/AR for more information Assuring Performance in Mainframe-based Services How Blogs, Wikis and Social Media are Transforming Business Lunch SOA Danger Zone: Protecting the Enterprise from the Inherent Architec- What, How, When, Where and Who of Business Capabilities tural Defi ciencies of SOA Enterprise Architecture: Making it Real: Applying Change Management Optimizing SOA Investment Discipline to Maximize EA Value Extreme Geographically-Distributed Development: Tips and Tricks Panel: Collaboration in Enterprise Architecture

Should a speaker be unable to attend, all efforts will be made to replace the speaker/session with one of comparable value.

Sponsored by: Past sponsors and exhibitors include: Sun, BEA, Metallect, Compuware , DataDirect, Sonic Systems, Sparx Systems, Actional, Above All Software, Fiorano, Troux Technologies, Herzum Software, Infravio, Blue Titan Software, Netegrity

6/11/08 12:54:51 PM 0708red_Roboto54.v4 6/17/08 10:25 AM Page 54

Mr. Roboto Automation for the Harried Administrator | by Jeffery Hicks At Your Self-Service

o you use Active Directory as your authoritative • You can enable or disable Custom Attributes 1 through 15, as well as the directory service, and make its information available Employee ID, Employee Type and Das a company directory or phone book? Do you have Employee Number, Web Page, Description, Notes, Phone Number, applications that leverage AD user information, and spend more Additional Telephone Number, Manager, Secretary and Assistant properties. time than you’d like to updating user account information? • The application has the ability to If you answered yes to any of these Want to make sure everyone uses the use forms-based or integrated questions, wouldn’t it be helpful to let right value for the department? You Windows Authentication. your users take control of their own define the department names that will • You can validate required fields with information? There’s a utility that can appear in the drop-down list. Do you regular expressions so that a phone help make this dream a reality. Directory have multiple offices? Define an office number looks like a phone number. Update from Ithicos Solutions is an and when the user selects it from the • Customized help strings, help page, ASP.NET-based application that allows drop-down list, the address fields are titles and attribute labels are available. you to let your users self-service their appropriately updated. If you’ve extended • There is support for a user photo. own Active Directory administration. your schema for Exchange and are using It’s licensed per domain, regardless of the extended attributes, you can also Take a Test-Drive the number of users. manage those with Directory Update. You can learn more by visiting Because Directory Update is based on The downside to all this functionality www.directory-update.com. You can ASP.NET, you’ll need a Windows Server and flexibility is that you’ll have to make also download evaluation software 2003-based server running Internet a few modifications to the XML configu- with no forms or registration, and test- Information Services 6.0. It doesn’t ration files. You can use Notepad or an drive Directory Update online at require Exchange, although you can XML editor like PrimalScript. The files http://tinyurl.com/46pens. This product install it on the Exchange server. (One are pretty simple to figure out, even if offloads less-critical tasks to your users, of the people behind Ithicos is you don’t have a lot of XML experience. improves the AD data quality and gives Exchange MVP Jim McBee.) You have to enable or disable properties users access to “hidden” organizational Technically, you could install it on a and provide values—that’s basically it. I information, such as a user’s manager Web server running SharePoint. You’ll was up and running with minimal con- or perhaps a custom property for their have to jump through some SharePoint figuration in less than 20 minutes. designated parking assignment. hoops to get it to work properly, The customizations also extend to Based on my discussions with Ithicos though, so that’s definitely not a recom- presentation elements. If you have a Solutions, they seem very open to cus- mended approach. Windows Server corporate visual identity defined by a tomer suggestions for new features and 2008 doesn’t officially support version CSS file, you can configure Directory utilities. Even if this doesn’t interest 1.6—the current version—but I was Update to use that file. Here are some you, it’s worth your while to keep an able to install it with a few minor other key features: eye on their site. — tweaks for testing purposes. • Field types can be drop-down, text or a combination, and you can hide Jeffery Hicks ([email protected]), Customize with Ease fields or entire sections. MCSE, MCSA and Microsoft PowerShell The install is relatively simple and cre- MVP, is a scripting guru for Sapien ates a new virtual directory under Roboto on Demand Technologies. He is a 16-year IT veteran, Default Web Site. Directory Update’s and has co-authored and authored several primary appeal is that you can customize What Windows task would you books, courseware and training videos on everything by editing a few XML files. like Mr. Roboto to automate administrative scripting and automation. next? Send your suggestions to You can decide what properties a user [email protected]. His latest book is “WSH and VBScript can see and what they can update. Core: TFM” (Sapien Press, 2007).

54 | July 2008 | Redmond | Redmondmag.com | Project1 4/9/08 9:07 AM Page 1

Where you sit to earn your degree is your business. After all, you’re an adult. You know what works best for you.

Getting your degree online with WGU is like that. You make the decisions.

You customize your program. You decide when and where you do your coursework. And, since

you already have work experience, you may be able to accelerate your degree—without wasting time and

money re-learning stuff you already know. Get it done on your terms.

Find out more about the Master’s and Bachelor’s in Information Technology programs.

Call us at 888-889-2270 or visit us online at www.wgu.edu/rm.

Call 888-889-2270 or visit www.wgu.edu/rm New York September 7-10, 2008

In-Depth IT Training for Windows Professionals

Learn the Very Best Tips, Tricks, and Strategies You Can Immediately Implement in your Environment at TechMentor New York

Choose from any of the 45 educational sessions and three all-day workshops designed to help you get the most out of your Windows environment. In just a few short days you’ll learn ways to secure and protect your servers, how to proactively fi x problems before they occur, scripting tricks to speed up troubleshooting, all the new Windows technologies, and the very best ways to manage the ones you already have.

Choose TechMentor for: • Information and advice you can immediately use • Knowledge and exposure to what’s just around the corner • Sessions taught by the country’s Top IT Speakers • Zero marketing and completely independent content. Hear what works as well as what doesn’t. • In-depth, all-day Workshops with real-world applicability. • Networking Opportunities with your fellow IT pros as well as the authors and speakers you want to meet. • Access to the Virtual TechMentor Online Community

Register by July 9, 2008—save up to $350! www.techmentorevents.com/ny • 1-800-280-6218

Techniques You Can Use TODAY...

july08RED_TMny_spread_b1.indd 4 6/11/08 1:57:25 PM Register by July 9—save up to $350 Call Now 1-800-280-6218 www.techmentorevents.com/ny

Join the country’s top IT speakers for four days of the very best technical content including:

Becoming an IT Architect Proactive Windows Management • Adding Change Control and Workfl ow to • How to Automatically & Rapidly Deploy Software Active Directory in a Small Environment • Designing a Highly Reliable Active Directory • Reporting Active Directory Issues Directly from Architecture the Source • Designing a Bulletproof Exchange 2007 Architecture • Controlling Desktops and Servers Using • Designing a Virtualization Architecture: Group Policy Preferences A Best Practices Approach • Migrating XP to Vista: Don’t Fear, Stop Waiting, Here’s Why! Automation & PowerShell • The Very Best Ways to Use Windows Technologies Windows PowerShell INTERACTIVE • Tips and Tricks for Windows Backups: • Managing Active Directory Using From NTBackup to System Center Data Windows Powershell Protection Manager • Mr. Roboto’s Automation Toolkit • Resolving the Top 10 Microsoft Windows • Monitoring Performance, Events, & Confi guration Issues Alerts with Windows PowerShell • IPv6: Be Scared No More • Top Tips and Tricks with Microsoft Replication Windows Security, Auditing, Technologies - FRS & DFS-R & Compliance • Confi guring the Top 10 Windows and Windows Fundamentals Active Directory Security Settings • Learn a New OS Today: • Understanding What Industry & Regulatory Linux Fundamentals for Windows Administrators Compliance Means to Windows • Deploying Windows XP, Vista, and Server 2008: • Real World Issues Confi guring and Auditing The Rapid Way Windows Security INTERACTIVE • Encryption Fundamentals: • What You Absolutely Must Know to Successfully Safely Using Bitlocker & EFS Implement a Windows Certifi cate Authority • Making a Great Web Server Even Better: The Fundamentals of IIS 6 & 7 Virtualization • Introduction to Virtualization with Microsoft Exchange Microsoft Hyper-V • How to Automate the Administration of Exchange Server 2008 • Virtualization & Disaster Recovery: You Can Implement This! • Taking the Pain out of Transitioning from • When and Where to Use Virtualization INTERACTIVE Exchange 2003 to Exchange 2007 • Managing Multiple Virtualization Environments • Unifi ed Messaging in Exchange 2007 To learn more and save by registering early, visit www.techmentorevents.com/ny

Media Sponsors

Technologies That Prepare You for TOMORROW...

j ly08RED_TMny_spread_b1.indd 5 6/11/08 1:58:38 PM 0708red_WinInsider58.v6 6/17/08 12:53 PM Page 58

WindowsInsider by Greg Shields Best Configuration Manager Queries

often tell inquisitive admins that there’s both an art and tionMembership FCM on SD.ResourceID = FCM.ResourceID a science to getting the most out of tools like Microsoft’s Join v_Collection COL on System Center Configuration Manager (SCCM) 2007. FCM.CollectionID = COL.Collec- I tionID Join v_R_User USR on In many ways the “science” is the easy part. You can learn SD.User_Name0 = USR.User_Name0 Join the science of what you need to know popular Web site MyITForum.com. v_GS_PC_BIOS PCB on by reading the documentation, taking a Hite kindly handed over his top three SD.ResourceID = PCB.ResourceID couple of classes and simply just knowing most exciting queries. The first enumer- Join v_GS_COMPUTER_SYSTEM the intricacies of its rich interface. ates critical information about the data CS on SD.ResourceID = CS.Resour- The “art” is another story entirely. that makes up your SCCM Web reports: ceID Join v_RA_System_SMSAs- With systems-management tools like Select VR.ReportID, VR.Name, signedSites SAS on SD.ResourceID SCCM, just knowing how to use the VR.Category, VR.Comment, = SAS.ResourceID Where interface isn’t enough. SCCM’s client VR.SQLQuery From v_Report VR COL.Name = '{CollectionName}' agents are constantly pulling data from Join v_ReportParameter RP on David Mullis is a network admin out of targeted machines and depositing that VR.ReportID = RP.ReportID Indianapolis who uses his SQL-formatted useful information into SCCM’s SQL You can use Hite’s second SQL- query to list all locally installed printers database. Getting just the right informa- format query to retrieve the full name on every machine. He finds this query tion back out of that database and into a associated with a particular username to useful for tracking down rogue printers. useful form is an art form unto itself. be entered in place of {Username}. This Mullis notes that, for this query to work, query aggregates information gathered you’ll need to enable the “Printers” sec- Reader Responses through computer and user discovery: tion within your sms_def.mof file: I was thinking about this problem the Select SD.Name0 'Machine Name', SELECT Distinct other day with my own SCCM infra- SD.User_Name0 'Logon Name', SYS.Netbios_Name0, PRT.Name0, structure. There are many outlets for UD.Full_User_Name0 'Full Name' PRT.ShareName0, PRT.Driver- learning the science, but few for devel- From v_R_System SD Join Name0, PRT.DeviceID0, PRT.Port- oping your artistic skills. So I sent out a v_R_User UD on SD.User_Name0 Name0 FROM v_R_System SYS call to readers asking for their very best = UD.User_Name0 Where JOIN v_GS_PRINTER_DEVICE SCCM queries and collection defini- SD.User_Name0 = '{Username}' PRT on SYS.ResourceID = tions. I figured that by publishing some Also using both user and computer dis- PRT.ResourceID WHERE PRT.Port- new and exciting definitions that other covery, Hite’s third query can be used to Name0 like 'ip%' or PRT.Port- admins swear by and will attach their return detailed user and machine infor- Name0 like 'com%' or name to, everyone would benefit. mation from a specified collection. PRT.PortName0 like 'lpt%' or From my call for queries, I received Replace {CollectionName} with the PRT.PortName0 like 'usb%' ORDER seven query definitions from four highly name of the collection to query against: BY SYS.Netbios_Name0 artistic admins. Some arrived in SQL Select SD.Name0 'Machine Name', Next month, I’ll share the SCCM format, while others arrived in SCCM SD.Resource_Domain_OR_Work- queries submitted by readers Joseph console format. Each provides a different gr0 'Resource Domain', Corey and Steve Oravetz.— perspective of the information that can SD.User_Name0 'Login ID', be useful for managing a Windows envi- SD.User_Domain0 'Account Greg Shields ([email protected]), ronment. What’s best about this exercise Domain', USR.Full_User_Name0 MCSE: Security, CCEA, is an author, is that it can give you—the SCCM 'Full Name', PCB.SerialNumber0 instructor and consultant based in Denver. admin—an artistic view of how others 'Serial Number', CS.Manufacturer0 He’s a contributing editor to Redmond, paint their own SCCM masterpieces. Manufacturer, CS.Model0 Model, MCPmag.com and a popular speaker at The first set of three queries in SQL SAS.SMS_Assigned_Sites0 TechMentor events. His book, “Windows format comes from Don Hite. Hite is a 'Assigned Site Code' From Server 2008: What’s New/What’s Changed” well-known blogger who writes for the v_R_System SD Join v_FullCollec- (Sapien Press, 2007), is now available.

58 | July 2008 | Redmond | Redmondmag.com | Project3 12/14/07 11:36 AM Page 1

$>F?NCG?CMNB?>?PCFZMJF;SALIOH> VOJAL;>?; Z >CM=IH $G?;HV

2 Z- *(+' / '4 *!!'$) 

.IG?IH?ZMAICHANIFIM?BCM $@$>IHZNA?NGS?G;CF DI<C@C>IHZNA?NOJ>;N?> @CR?> $ZGHINAICHANI HOGIFOH=B

ON$>IHZNFCE?QB?H NB?>?PCFLOCHML?=?MM

.I$AINIQILE

$H>C;HILBCH?M? $ZGMGIP?;N ;CHAMJ??> ?=;OM? HIS G?MM?MQCNBFOH=B

H>$G;E?NB? CGJIMMC

SecurityAdvisor by Joern Wettern Forget Your Passwords

asswords and user names are by far the most for smaller organizations. It offers a smartcard-management solution called common form of authentication. They’re easy to the Device Administration Service as a P set up and easy to use. Let’s face it, though—they’re Web-based hosted service. Another reason for the slow rate of not very secure. smartcard adoption is that they require a built-in or attached smartcard reader. Most users choose insecure passwords, moderate number of users. The beauty Also, the credit-card form factor doesn’t either simple birthdays or just text char- of fingerprint authentication is that it work for everyone. acters without numerals. They write can reliably identify a person and it Today’s smartcards have overcome both them down or let others look over their improves the user experience. issues. First, Microsoft has added most of shoulders as they type them. They also the software Windows needs to use frequently forget their passwords, which New Face of Smartcards smartcard readers to the OS, essentially creates extra work for you and the other When Windows 2000 came out, it was providing a plug-and-play experience. network admins. Fortunately, there are one of the first operating systems to sup- Also, many of today’s smartcards several alternatives to password authenti- port smartcard authentication. Smart- aren’t even cards at all—many of them cation that are both easier to manage and often much more secure. Many of today’s smartcards aren’t even cards at all—many of them Leave Only Fingerprints look like flash drives. They integrate with the card reader hardware The police use fingerprints to identify and you can plug them into any USB port. criminals, so fingerprint recognition ought to be a fairly reliable way to identify users. However, a few years ago cards, which look like credit cards with look like flash drives. They integrate some enterprising individuals demon- an embedded chip, are essentially tiny with the card reader hardware and you strated they could easily fool many of computers that store a private key. That can plug them into any USB port. If the current fingerprint readers using key corresponds to the user’s certificate. such a device is too big for you, or artificial fingers or actual fingerprints When a user inserts a smartcard into a you’re worried about losing it because transferred to a sheet of gelatin. reader and enters the correct PIN, the it’s too small, you can choose from a As a result, fingerprint technology smartcard can prove to Windows that it multitude of sizes and shapes. acquired a reputation for being insecure. holds the correct private key. The pri- Unfortunately, managing smartcards Since then, the technology has become vate key never leaves the card, nor can it can still be a challenge. For example, if much more reliable and is considered be copied to another card. If a smartcard you buy Gemalto’s .NET smartcards sufficiently secure. Some laptops even is lost or stolen, it permanently prevents without subscribing to their manage- include a fingerprint reader as a standard access to that private key after a certain ment service, you’ll have to build your feature. In many cases, you can use these number of incorrect PIN entries. own certificate infrastructure with readers for pre-boot authentication or Many larger organizations use smart- Microsoft’s Identity Lifecycle Manager Windows log-on. cards, either for VPN authentication to perform even common tasks like Lately, I’ve been using the USB-based or for regular interactive log-ons. changing the device PIN. Eikon To Go from UPEK.While this However, relatively few small to mid- particular device is targeted at con- size companies are using them. The Authentic Convergence sumers and has no central-management reason for this is simply that smartcard Many of today’s authentication devices capabilities, UPEK and other manufac- deployments can often be difficult, also have other useful features. For turers also sell devices you can manage. time-consuming and expensive. example, the fingerprint scanner I use This is crucial if you need to deploy One of the largest smartcard vendors, also stores Web site passwords. There fingerprint authentication to even a Gemalto, is trying to ease this process are several models of smartcards that

60 | July 2008 | Redmond | Redmondmag.com | TDWI World conference San Diego, CA August 17–22, 2008

The Premier Event for Business intelligence and Data Warehousing education

Attend and Receive... �� Unbiased, vendor-neutral education from industry leading instructors

�� Objective information on BI strategies, techniques, and technologies

�� Opportunities to network and share best practices with your peers

�� Fresh ideas and inspiration you can use immediately back at the office

RegisteR today At www.tdwi.org/sandiego2008

Premier Media Sponsors Media Sponsors 0708red_SecAdvisor60-62.v5 6/17/08 12:53 PM Page 62

SecurityAdvisor

can double as encrypted flash drives. An tooth connection to your computer and and read-write data partitions. You increasing number of smartcard devices logs you on using the certificate stored could use these to store confidential include a onetime password generator on the device. The log-on completes files that you can only access after for RSA SecurID authentication. Many before you even touch your keyboard. successful fingerprint authentication. companies use this for authenticating Throughout the day, you may use the This device also can store all the VPN connections. same method to access highly encrypted programs and shortcuts you need to These devices have a small screen that confidential files. When you finally get access your corporate network. For displays a number combination. This home and start a VPN connection to example, you could include a shortcut combination changes once every work, you turn the plusID upside down to a Web portal and automatically log minute. The numbers are unique to the to see your onetime password on the the user on with a onetime password token and others can’t reuse them, so display screen. that the device creates. anyone recording your log-on creden- The only downside is that plusID My favorite feature is that the tials won’t be able to use them later to devices aren’t cheap. They’re well Stealth MXP can hold an entire break into your corporate network. worth the price, though, when users self-contained virtual machine. You Another combination device, the need multiple authentication mecha- could even include a Citrix client, plusID from Privaris, is just a little nisms and handle highly confidential completely configured to start an larger than most flash drives. It pro- data. Privaris’ management software is authenticated terminal connection to the office. You can then plug the device into any computer. After it has My favorite feature is that the Stealth MXP can hold an entire self-contained verified your fingerprint, you run virtual machine. You could even include a Citrix client, completely your own pre-configured computer configured to start an authenticated terminal connection to the office. inside the virtual environment with little or no interaction with the physical computer. The virtual vides authentication for long-range very capable, but you’ll still have to set machine can establish a VPN connec- sensors and proximity sensors. It also up a certificate infrastructure to make tion to your office or run your holds certificates and even includes a everything work. You’ll also need to favorite apps on any computer. small display screen for SecurID one- coordinate with colleagues who handle The Stealth MXP is a great solution time passwords. You can connect it to physical security to get the plusID for creating a portable trusted computer a computer with a USB cable or device to open building doors and environment with simultaneous through an encrypted Bluetooth garage gates. access to several types of credentials. connection. The plusID also has a fin- Fingerprint authentication protects gerprint reader to ensure that only an Stealth Security both the credentials and the data. authorized person can use the device. The Stealth MXP security device from MXI Security’s ACCESS Enterprise Here’s an example of what the plusID MXI Security provides authentication, software handles device management can do. As you approach the parking but it also goes one step further. The and data deployment. garage at work, you push one of the Stealth is a slightly oversized USB flash Devices like the plusID and the Stealth device’s four buttons and then swipe drive—with a capacity of up to 8GB— MXP are among my favorite security your finger across its surface for that uses data encryption and finger- products. These are only some of the authentication. The garage gate uses a print authentication. many new authentication products that compatible long-range sensor, so it The most interesting aspect of the have recently come on the market. Take opens in time to let you drive into the Stealth MXP is the type of data you a good look at what’s available, and you garage without having to stop. Before can store and the many ways you can may find just the right one to convince entering your office building, you push use the device. Just like a smartcard, you that you can get rid of passwords another button, swipe your finger and the Stealth has cryptographic capabili- once and for all.— hold the device up to a sensor to unlock ties that let it generate certificates, the door. Fingerprint matching ensures store private keys and use them for Joern Wettern ([email protected]), that it’s really you who enters the authentication. It can also generate Ph.D., MCSE, MCT, Security+ is the garage and the building. In contrast, a SecurID onetime passwords and auto- owner of Wettern Network Solutions, a regular badge would have let anyone in matically transmit them, so you don’t consulting and training firm. He’s written who was holding the badge. have to read them off a small screen books and developed training courses on a Next, walk up to your desk. Push yet and retype them. number of networking and security topics, another button and swipe your finger. The most interesting aspect is the in addition to regularly teaching seminars The plusID establishes a secure Blue- Stealth’s ability to include read-only and speaking at conferences worldwide.

62 | July 2008 | Redmond | Redmondmag.com | 0708red_Index63.v2 6/17/08 6:37 PM Page 63

AdvertisingSales RedmondResources

AD INDEX Advertiser Page URL AvePoint, Inc. 15 www.avepoint.com Brocade Communications 5, 48-49 www.Brocade.com JD Holzgrefe Systems, Inc. Associate Publisher Dell Computer Corporation C2-1, C4, www.dell.com 804-752-7800 phone 24-25 253-595-1976 fax Diskeeper Corporation 37 www.diskeeper.com [email protected] Ektron, inc. 7 www.ektron.com Hewlett Packard 9, C3 www.hp.com Imanami Corporation 43 www.imanami.com SALES STAFF East Kaseya, Inc. 2 www.kaseya.com Tanya Egenolf John Bubello Lucid8 38 www.lucid8.com Advertising Sales Associate Special Operations Software 27 www.specopssoft.com Eastern Regional Sales Manager 760-722-5494 phone TechMentor Events 44 www.techmentorevents.com/lv 508-532-1411 phone 760-722-5495 fax 508-875-6633 fax [email protected] TechMentor Events 56 www.techmentorevents.com/ny [email protected] Microsoft Corporation 34-35 www.microsoft.com Enterprise Architect Summit 52, 53 www.easummit.com Northwest IT CERTIFICATION & Network Automation, Inc. 21 www.networkautomation.com TRAINING: USA, EUROPE Quintum Technologies, Inc. 13 www.quintum.com Bruce Halldorson Al Tiano Sanbolic, Inc. 19 www.sanbolic.com Northwestern Advertising Sales Manager ScriptLogic Inc. 10 www.scriptlogic.com Regional Sales Manager 818-734-1520 ext. 190 phone Sunbelt Software 23 www.sunbelt-software.com 209-333-2299 phone 818-734-1529 fax TDWI Attendee 61 www.TDWI.org/Sandego2008 209-729-5855 fax [email protected] [email protected] The Training Camp 59 www.trainingcamp.com UltraBac Software 17 www.ultrabac.com PRODUCTION Western Governors University 55 www.wgu.edu So Cal/Central Mary Ann Paniccia Amy Winchell VP, Print & Online Production So Cal/Central Jenny EDITORIAL INDEX Regional Sales Manager Hernandez-Asandas Company Page URL 949-265-1566 phone Production Manager Advanced Micro Devices Inc. 16 www.amd.com [email protected] 818-734-1520 ext. 101 phone Apple Inc. 12 www.apple.com 818-734-1528 fax [email protected] Azaleos Corp. 33 www.azaleos.com Danna Vedder Bluetooth SIG Inc. 62 www.bluetooth.com Microsoft Account Manager Jennifer Shepard Cisco Systems Inc. 50 www.cisco.com 253-514-8015 phone Production Coordinator Envox Group 47 www.envox.com 775-514-0350 fax 818-734-1520 ext. 112 phone Gemalto N.V. 60 www.gemalto.com [email protected] 818-734-1528 fax Google Inc. 11, 31 www.google.com [email protected] Hewlett-Packard Co. 46 www.hp.com IBM Corp. 31, 64 www.ibm.com CORPORATE ADDRESS America $64.95. Subscription inquiries, Intel Corp. 16 www.intel.com 1105 Media, Inc. back issue requests and address Ithicos Solutions 54 www.ithicos.com changes: Mail to: Redmond, P.O. Box 9121 Oakdale Ave. Ste 101 Motorola Inc. 46 www.motorola.com Chatsworth, CA 91311 2063, Skokie, IL 60076-9699, e-mail www.1105media.com [email protected] or call (866) 293- MXI Security 62 www.mxisecurity.com 3194 for U.S. & Canada; (847) 763-9560 Network Automation Inc. 26 www.networkautomation.com for International, fax (847) 763-9564. MEDIA KITS: Direct your Media Kit Nokia Corp. 12 www.nokia.com requests to Matt Morollo, VP, Publishing, POSTMASTER: Send address changes to 508-532-1418 (phone), 508-875-6622 Redmond, P.O. Box 2063, Skokie, IL OpenOffice.org 36 www.openoffice.org (fax), [email protected] 60076-9699. Canada Publications Mail Oracle Corp. 31 www.oracle.com Agreement No: 40612608. Return Unde- Privaris Inc. 62 www.privaris.com REPRINTS: For all editorial and advertising liverable Canadian Addresses to Circula- reprints of 100 copies or more, and digital tion Dept. or Bleuchip International, P.O. Quest Software Inc. 47 www.quest.com (Web-based) reprints, contact PARS Box 25542, London, ON N6C 6B2. Salesforce.com Inc. 31 www.salesforce.com International, Phone (212) 221-9595, Siemens AG 46 http://w1.siemens.com E-mail: [email protected], Web: © Copyright 2008 by 1105 Media, Inc. All www.magreprints.com/QuickQuote.asp rights reserved. Printed in the U.S.A. Skype Ltd. 46 www.skype.com Reproductions in whole or part prohibited SmartTurn Inc. 36 www.smartturn.com except by written permission. Mail LIST RENTAL: This publication’s sub- Symantec Corp. 22, 26 www.symantec.com scriber list, as well as other lists from 1105 requests to “Permissions Editor,” c/o Media, Inc., is available for rental. For REDMOND, 16261 Laguna Canyon Road, UPEK Inc. 60 www.upek.com more information, please contact our list Ste. 130, Irvine, CA 92618. VMware Inc. 40 www.vmware.com manager, Merit Direct. Phone: 914-368- WinMagic Inc. 16 www.winmagic.com 1000; E-mail: [email protected]; The information in this magazine has not Web: www.meritdirect.com/1105 undergone any formal testing by 1105 Yahoo! Inc. 11, 31 www.yahoo.com Media, Inc. and is distributed without any This index is provided as a service. The publisher assumes no liability for errors or omissions. Redmond (ISSN 1553-7560) is published warranty expressed or implied. Imple- monthly by 1105 Media, Inc., 9121 Oakdale mentation or use of any information Avenue, Ste. 101, Chatsworth, CA 91311. contained herein is the reader’s sole Periodicals postage paid at Chatsworth, responsibility. While the information has CA 91311-9998, and at additional mailing been reviewed for accuracy, there is no offices. Complimentary subscriptions are guarantee that the same or similar results sent to qualifying subscribers. Annual may be achieved in all environments. subscription rates for non-qualified sub- Technical inaccuracies may result from scribers are: U.S. $39.95 (U.S. funds); printing errors and/or new developments Canada/Mexico $54.95; outside North in the industry.

| Redmondmag.com | Redmond | July 2008 | 63 0708red_Foley64.v4 6/17/08 10:26 AM Page 64

FoleyOnMicrosoft by Mary Jo Foley

Does Live Mesh Have a Business Future?

ince Microsoft took the wraps off its Live Mesh you could use different workloads” when building or retrofitting an app to collaboration and synchronization platform in late take advantage of Live Mesh, he adds. SApril, the Redmondians still have said next-to-nothing Customer Salivation about how it might be used by consumers or business users. Microsoft isn’t the only one noodling. Some customers are already salivating I don’t interpret the silence as and when Live Mesh could find a home over what kinds of new capabilities Live Microsoft having no plans on that front. with business users. Instead, when Mesh could allow them to add to their A collaboration and sync platform defi- pressed for examples, Live Mesh officials solutions. I found a poster to one nitely has a place in the corporate fall back on examples, such as corporate computer-aided design (CAD) blog, world—a fact Microsoft archrival IBM users being able to integrate things like SolidSmack.com, speculating on how already has proven by putting REST their e-mail, mobile phones and calen- Live Mesh might affect the CAD interfaces on MQ, CICS, DB2 and daring when working from home. market. Poster “Josh” said he could see various Lotus products and exposing the Live Mesh helping customers run CAD resulting data feeds to customers. If that Enterprise Application and related programs on any device, weren’t proof enough that there are busi- In spite of their reticence to talk busi- sync CAD data across multiple devices ness uses for the services Live Mesh will ness specifics, members of the Live and locations, and enable access to CAD deliver, an entirely different business unit Mesh team have batted around a few data anywhere, either online or offline. at Microsoft has been building yet ideas of how Live Mesh might be “For example, SolidWorks could very another sync platform—the Microsoft applied in enterprise scenarios. Jeff well be tied into Mesh that syncs your Synchronization Framework—which is Hansen, general manager of Microsoft’s data to other secured computers 100 percent business-focused. (Why Live Services Marketing, explains that where people are working on the same Microsoft sees four areas that a business- projects, while live information and Microsoft has been downplaying focused Live Mesh could help address: communication about the design • The Web-ification of existing busi- process is happening right before your how and when Live Mesh could ness apps/assets eyes,” Josh posted. find a home with business users. • The federation of Web services Microsoft, from what I can tell, would • The connection of existing “stuff” in likely direct SolidWorks and its users your data center to Live Mesh; for toward its Sync Framework, rather than Microsoft didn’t use the Sync Frame- example, pushing news feeds, documents Live Mesh, to deliver on these business work as the foundation for Live Mesh, and other data through the Mesh engine goals. It will be interesting to see how instead of building the Live Mesh plat- • The offline access of Web-centric Microsoft positions its two different form from scratch, is beyond me.) business apps, via the Mesh Operating sync and collaboration technologies as Because Microsoft execs are so con- Environment (MOE) it begins to move beyond the overly vinced that the “consumerization of IT” “Think about Live Mesh by workload, simplified “Live Mesh is for con- is not just a fad, but a future trend, with workloads being synchronization, sumers” and “Sync Framework is for Microsoft has focused on rolling out storage, identity, directory and news,” business” distinctions that exist now. some of its latest and greatest tech Hansen says. “On the enterprise side, What about you? See any Live Mesh advances in the form of consumer prod- business scenarios you’re dying to test- ucts and services first. And Live Mesh’s drive in your companies?— most enthusiastic backer—Microsoft GetMoreOnline Chief Software Architect Ray Ozzie—is Mary Jo Foley ([email protected]) For more on Live Mesh, got to one of Microsoft’s biggest cheerleaders is editor of the ZDNet “All About Microsoft” Redmondmag.com. FindIT code: for consumer-centric tech. Consequently, Foley0708 blog and has been covering Microsoft for Microsoft has been downplaying how about two decades.

64 | July 2008 | Redmond | Redmondmag.com | Project24 5/9/08 2:35 PM Page 1

UBDR GOLDFAST! IS

HOT BACKUPS. BUSINESS CONTINUITY. CONTINUOUS DATA PROTECTION.

UBDR Gold is the quickest and easiest way to bring a failed server back online. The pioneering bare metal recovery solution can restore a machine in less than 15 minutes. Insert the universal UBDR Gold boot CD or USB key, and press the power button. It’s just that simple. Anyone can restore an unbootable server in the absolute minimum amount of time. UBDR Gold can also be 100% scripted so no user interaction is required. Technology doesn’t have to be complex, it just has to be good. ULTRABAC SOFTWARE — PRODUCING FAST RESULTS WHERE AND WHEN IT COUNTS.

™

BACKUP AND DISASTER RECOVERY SOFTWARE FOR PEOPLE WHO MEAN BUSINESS WWW.ULTRABAC.COM 1.866.554.8562

© 2008 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, UBDR Pro, Continuous Image Protection, and Backup and Disaster Recovery Software for People Who Mean Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies.

UB_FAST_Redmond.indd 1 5/8/08 11:58:36 AM Project14 12/11/07 3:44 PM Page 1