It’s about time one of these brilliant ideas worked out.

Microsoft SQL Server 2008 R2 Free Hosted Trial Offer Sign up for a FREE SQL Server 2008 R2 account and experience and test Microsoft’s newest, most intelligent data platform in a MaximumASP-hosted lab environment.

smart hosting. smart choice. Get Started at

Dell, MaximumASP and PASS have partnered to bring you a Microsoft® SQL Server 2008 R2® trial account, absolutely free. Try it out online in a secure hosted lab environment—you don’t have to download or install a thing.

Explore the powerful functionality of SQL Server 2008 R2 running on DellTM PowerEdgeTM servers: • Improved security, reliability and scalability • Streamlined development and management tools • Flexible reporting and data tracking

To sign up for a FREE account, go to:

Copyright 2009 Professional Association for SQL Server

Untitled-1 1 1/18/11 9:38 AM Foley: 5 Microsoft Technologies of the Future



Google and Microsoft are both battling for cloud supremacy— but they’re employing diff erent strategies. + IT Jobs: How Bad Things Got and How Much Better They’re Getting It’s Time to Ditch File Replication Service BETTER BUSINESS INTELLIGENCE AT A BETTER PRICE UP TO 72% LESS

Untitled-8 2 6/15/10 3:19 PM S Turn your raw data into a powerful strategic advantage with Business Intelligence solutions from DellTM and Microsoft®—and do it for up to 72% less per terabyte than the competition.* Built on industry standards, Microsoft® SQL Server® 2008 R2 systems from Dell are designed to speed implementations, lower risk, and reduce complexity—all while delivering the best price-for-performance in the industry.


*72% claim based upon a comparison of list prices of typical Business Intelligence off erings from leading hardware manufacturers versus Dell/Microsoft combined off erings. Benchmarked systems confi gured with 4-5 TB of data storage, database application software, and Business Intelligence analytic software. Dell is a trademark of Dell Inc. ©2010 Dell Inc. All rights reserved.

Untitled-8 3 6/15/10 3:20 PM ULTIMATE: [uhl-tuh-mit] –adjective, –noun.

The best or most extreme of its kind; original


The UltraBac Ultimate Bundle gives you the reliability of UltraBac fi le backups and the fast restore times of UBDR Gold’s image-based disaster recovery; backing up to tape, disk, SAN/NAS or UNC path, using optional AES Encryption. When a failure occurs, restore your system or your data anywhere, including to dissimilar hardware or any type of virtual platform. The basic bundle safeguards one server and up to 10 clients all for the low price of $895. ULTIMATE BUNDLE And best of all, it includes one year of product maintenance and in-house technical support. $ THE ULTRABAC ULTIMATE BUNDLE — THE PINNACLE OF PROTECTION. 895 SAFEGUARDS 1 SERVER / 10 CLIENTS



© 2010 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, UBDR Pro, Continuous Image Protection, and Backup and Disaster Recovery Software for People Who Mean Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies.

Untitled-4 1 11/15/10 10:51 AM Redmond The Independent Voice of the Microsoft IT CommunityContentsFEBRUARY 2011

REDMOND REPORT 9 Where Are the Windows Tablets? Microsoft misses CES opportunity to wow industry with tablet innovation, but shows new foundations for future Windows-based devices. COVER STORY Clouds Collide

Microsoft and have radically different cloud strategies. The outcome of their battle is still very much up in the air. 10 Embedded Entertainment Windows Embedded Standard 7 products featured at CES. Page 24 12 Top 10 Important Dead Technologists Though they’re no longer with FEATURES us, these men had a lasting infl uence on the IT industry. 33 IT Graduates Find Diffi cult Job Market TECHNET PRACTICAL APP The class of 2010 struggled to get a foothold, and the challenges 19 Protecting Workgroups facing the class of 2011 could with Microsoft Forefront be just as diffi cult. But new IT You can use Microsoft pros and veterans alike can forge Forefront Threat Management careers if they take the right steps. Gateway as intended with Active Directory, or use it to secure a workgroup setting. 39 DFS Best Practices It’s time to ditc h File Replication Service COLUMNS and move completely to Distributed File 6 Barney’s Rubble: System. Here’s how to do it. Doug Barney A Cloud Doofus 44 Decision Maker: Don Jones Why Role-Based Access REVIEWS Management Is Hard 46 Windows Insider: Product Reviews 16 Offi ce Live Greg Shields 15 Toughen up Stumbles Make Sure You’re Compliant Your Databases Offi ce Live isn’t bad for Sentrigo Hedgehog DBscanner a Web-based suite, but it 48 Foley on Microsoft: offers enterprise-class can’t begin to compare to its Mary Jo Foley vulnerability assessment and client-based counterpart. 5 Futuristic security scanning for databases. Microsoft Technologies

ALSO IN THIS ISSUE 4 | 8 [email protected] | 47 Ad and Editorial Indexes COVER ART FROM SHUTTERSTOCK FEBRUARY 2011 Questions with ... First Sales Figures for Jeff rey Schwartz Windows Phone 7 Redmond Editor at Large Jeff rey n its Web site, Microsoft debuted its fi rst Windows Phone 7 Schwartz reports that Osales numbers in an interview with Achim Berg, VP of Microsoft is launching business and marketing for Windows Phones. Berg said: “We are its newest cloud pleased that phone manufacturers sold over 1.5 million phones in services-dedicated the fi rst six weeks.” datacenter. Read more Jeff rey However, reports Becky Nagel, that fi gure could be misleading. Nagel writes: about the new facility Schwartz “What Berg failed to mention, as ZDNet and Redmond magazine on his blog, The columnist Mary Jo Foley pointed out, is that those sales are to carriers, not end Schwartz Cloud Report, at users. ... In the interview, Berg did not release details on how many Windows . Phone 7 activations there have been, which would give a more accurate measure How will this new datacenter of the phone’s popularity.” enhance Microsoft cloud off erings? Read more about Windows Phone 7 sales. It will give additional capacity and redundancy, and showcase advances in Microsoft’s ITPAC technology.

Super Scripting What are ITPACs? IT Pre-Assembled Components. They eff ery Hicks, also known as Professor PowerShell, has some great scripting have a highly engineered server, Jtricks to share about using the Windows PowerShell Integrated Script Editor storage, networking, and power and (ISE). The ISE, he writes, is “a terrifi c no-frills script editor at a great price ... free! cooling platform. It’s installed by default on Windows 7 and can be set up as an optional component on other operating systems. What I especially enjoy about the ISE is Will Microsoft be developing other that it has its own object model, which means you can automate its confi guration. datacenters for its cloud services? … At the heart is the intrinsic $psise object, which you can see in the ISE.” Yes. The company is already working Hicks shows you how to use the $psise object to change the color background on new sites in Virginia and Iowa, for an output pane (as well as other features), change the font and even use a which are scheduled to go online theme script. Check out these Windows PowerShell tips and more. later this year. REDMONDMAG.COM RESOURCES What Are FindIT Codes? What we once called FindIT codes are now Resources Enter FindIT Code easy URLs. You’ll see these embedded >> Daily News News throughout Redmond so you can access any additional information quickly. Simply type >> E-Mail Newsletters Newsletters in followed by the FindIT >> Free PDFs and Webcasts TechLibrary code into your URL address fi eld. (Note that >> Subscribe/Renew Subscribe all URLs do not have any spaces, and they are >> Your Turn Editor Queries YourTurn not case-sensitive.) • • • • • • • • • •

4 | February 2011 | Redmond | | Untitled-2 1

Is There a Dark Side to Your Company? Monitor Employee Desktop and Online Activity with SPECTOR 360

Free SPECTOR 360 Evaluation. Download Today! 1/11/11 2:54PM TOP TEN REVIEWS Download a Free Evaluation ofSPECTOR 360 Today GOLD AWARD

© Copyright 1998-2011 SpectorSoft Corporation. All rights reserved. PC Magazine Editors’ Choice Logo is a trademark of Questions? Call Toll-free:1.877.344.1427 Ziff Davis Publishing Holdings Inc. Used under license. All other trademarks are property of their respective owners. Barney’sRubble by Doug Barney Redmond THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY


FEBRUARY 2011 ■ VOL. 17 ■ NO. 2

Editorial Staff Editor in Chief Doug Barney A Cloud Doofus Executive Editor, Features Lee Pender Editor at Large Jeff rey Schwartz Managing Editor Wendy Gonchar Associate Managing Editor Katrina Carrasco

on’t you hate people who don’t practice what they Contributing Editors Mary Jo Foley Don Jones preach? Well then, steer your anger toward me, for Greg Shields Art Staff I am a hypocrite. I not only preach about the cloud, Art Director Brad Zerbel D Senior Graphic Designer Alan Tao

I wrote a huge feature about data and fi le synchronization Online/Digital Media Online News Editor Kurt Mackie over the Internet (“Secrets of the Data Sync Masters,” May Executive Editor, New Media Michael Domingo Director, Online Media Becky Nagel Associate Web Editor Chris Paoli 2010). I looked at the best tools and I was too lazy to reactivate Carbonite Site Administrator Shane Lee Designer Rodrigo Muñoz advocated that we all have an active when I switched out my old Dell. replica of our fi les—not just for Mistake No. 2. backup, but for access from any device, My third mistake isn’t entirely my

anywhere. It was a pretty good idea fault. Whenever I crank out a certain President Henry Allain and pretty good advice. number of words, I print them out in Vice President, Publishing Matt Morollo So what did this nincompoop do? Vice President, Editorial Director Doug Barney Director, Marketing Michele Imgrund I ignored my own advice. I started Online Marketing Director Tracy Cook writing a cover story about Internet Explorer 9 at my home offi ce, and

was doing a fi nal edit while watching President & Neal Vitale my son’s Taekwondo class a few miles Chief Executive Offi cer Senior Vice President & Richard Vitale down the road. I fi red up my Dell Lati- Chief Financial Offi cer tude E6500 and was hit with security Executive Vice President Michael J. Valenti

alerts and what looked like a virus scan Senior Vice President, Abraham M. Langer Audience Development & that launched and ran on its own. Digital Media my Vice President, Finance & Christopher M. Coates When I realized it wasn’t virus Administration scanner I knew I was in trouble. Task Vice President, Erik A. Lindgren Information Technology & Manager couldn’t shut it down—in Application Development Vice President, Carmel McDonagh fact, I’ve never seen so many unrec- Attendee Marketing Vice President, David F. Myers ognizable tasks running at one time. Event Operations Microsoft Security Essentials was case of a total disaster. And of course my hosed as well. I was ready to give that old workhorse HP LaserJet 7000 was on Chairman of the Board Jeff rey S. Klein

laptop a fl ying hook kick. the fritz. So I had no hardcopy backup. Reaching the Staff Staff may be reached via e-mail, telephone, fax, or mail. The machine was fried and had to go I guess admitting my fl aws—even A list of editors and contact information is also available back to IT. I reconstructed the almost- something as simple as not activating online at E-mail: To e-mail any member of the staff , please use the complete article more or less from a cloud backup system, which takes following form: [email protected] Framingham Offi ce (weekdays, 9:00 a.m. – 5:00 p.m. ET) scratch on my daughter’s old college about two minutes—is a lesson for Telephone 508-875-6644; Fax 508-875-6633 HP laptop (with a missing “I” key). many of us. Cloud storage and backup 600 Worcester Road, Suite 204, Framingham, MA 01702 Irvine Offi ce (weekdays, 9:00 a.m. – 5:00 p.m. PT) I have only myself to blame. As are great, but they don’t run them- Telephone 949-265-1520; Fax 949-265-1528 16261 Laguna Canyon Road, Suite 130, Irvine, CA 92618 someone who often works from a selves. They need to be set up correctly Corporate Offi ce (weekdays, 8:30 a.m. – 5:30 p.m. PT) Telephone 818-814-5200; Fax 818-734-1522 home offi ce, my IT department wisely and monitored. And end users, like 9201 Oakdale Avenue, Suite 101, Chatsworth, CA 91311 The opinions expressed within the articles and other contents bought me a Maxtor external drive. myself, have to take responsibility for herein do not necessarily express those of the publisher. The 500GB unit has plenty of space— their own data. but the backup is hopelessly out of What’s the dumbest IT mistake, as date, because I use Carbonite to back an end user or manager, that you’re up fi les. The problem is this latitude willing to admit to? Come clean at E6500 is a relative new machine, and [email protected]. PHOTO ILLUSTRATION BY ALAN TAO

6 | February 2011 | Redmond | | Smarter technology for a Smarter Planet: What database integration means to this blood sample. It means doctors in Ethiopia will be able to instantly compare this blood sample to over 41,000 HIV treatment histories to help their patients receive the best treatment regimen possible. The EuResist Network is helping doctors predict patient response to various HIV treatments with over 78% accuracy—outperforming 9 out of 10 human experts in a recent study. The tool is built on an IBM analytics solution that integrates a variety of disparate databases onto a flexible IBM DB2® platform to process complex metadata more effectively than anything else on the market. A smarter organization is built on smarter software, systems and services.

Let’s build a smarter planet.

A data visualization of 41,000 HIV case histories.

The EuResist Network is a nonprofi t partnership composed of Karolinska Institutet (Stockholm, Sweden), Max Planck Institute for Informatics (Saarbrücken, Germany), University of Siena (Italy), Informa s.r.l. (Rome, Italy) and University of Cologne (Germany). The EuResist project has been cofunded by the European Commission. IBM, the IBM logo,, DB2, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at © International Business Machines Corporation 2010.

Untitled-4 1 12/2/10 11:26 AM [email protected]

Password Problems In his January Decision Maker column, “It’s Time To Lose the Passwords!” Don Jones suggested companies should stop forcing users to remember long, complex passwords, and instead make the move to token-generated, one-time passwords. Here, two readers weigh in: Despite Don Jones’ pedigree, I must point out that his entire article is based on a false premise: that users are stupid and/ or lazy. I’ve been able to implement password policies in organizations that use complex passwords—with an average

length of more than 40 characters— There’s a lot that IE 8 does that’s not with a 95 percent rate of user approval. generally known. Microsoft marketing (I guess the other 5 percent were lazy could be better. Tom and/or stupid). The reset rate was Posted online close to 0 percent. It’s not diffi cult to do, it requires less than fi ve minutes Flaw Kerfuffl e of training and it makes rainbow In a Jan. 15 blog post (“New Year, New an irrelevance. Microsoft Flaws”), Redmond Executive When Google informs the public Christopher D. Bell Editor of Features Lee Pender wrote instead of Microsoft, yes. That’s like Glossop, United Kingdom about an active Microsoft security fl aw crying “Fire!” in your competitor’s revealed by Google. He asked, “Is Google restaurant, instead of telling the waiter My problem is that the people highest the stove is fl aming a little too high. up in the company think that a Phil Bossardet 10-character password (let alone a There’s a lot that Posted online 12-character or 40-character password) IE 8 does that’s not is unnecessary. If I can’t convince generally known. If the product is defective, remove it them, it doesn’t matter what the other from the public. Don’t beat up the 90 percent or 95 percent or even 99 Microsoft marketing whistleblower. Anonymous percent think. Bob could be better. Posted online Texas acting irresponsibly by disclosing Having given Microsoft more than Marketing Miss un-patched Microsoft fl aws?” Here, adequate notice (nearly six months), I A reader responds about the Google readers respond: think it was perfectly fair to release the “Omnibox,” an address bar/search Anyone who fi nds a security risk in information. Anonymous box combo described in the recent any software and makes it public instead Posted online feature “Internet Explorer to the 9s” of letting the software maker know ( January, 2011): about it is irresponsible. In addition, “Google innovated on top of [search they should be held responsible for any boxes located right in the browser] by “hacks” created after it was made public, Whaddya Think Send your rants and raves to ?! making the Chrome address bar for because they told everyone about it. URLs also serve as a search box.” Google is very unethical in how it runs [email protected]. Well, IE 8 does this, too. If you place a its business, and will do anything it Please include your fi rst and pre-pending ‘?’ (plus a space afterwards) can to hurt the competition. last name, city and state. If we and then type what you want to search Anonymous use it, you’ll be entered into a drawing for a Redmond T-shirt! for, it works. Try it. Posted online

8 | February 2011 | Redmond | | PHOTO FROM SHUTTERSTOCK RedmondReport

Where Are the Windows Tablets? Microsoft misses CES opportunity to wow industry with tablet innovation, but shows new foundations for future Windows-based devices.

By Kurt Mackie The single tablet device presented by xpectations were high that Angiulo was an Asus tablet running Microsoft would kick off the Windows 7. This device features a Eyear at the Consumer Electronics bright touchscreen that uses 20 percent Show (CES) in Las Vegas with a major less power than devices with similar- tablet or slate announcement to claw sized touchscreens, according to back the momentum of the Apple iPad Angiulo. Users can apply colored “ink” and Google Android-based devices. on the screen using a special stylus. Microsoft executives did indeed talk The screen can distinguish between a The Samsung Sliding PC 7 Series about tablets and slates at CES, but user’s hand and the stylus, making it runs on Windows 7 and features a slide-out keyboard. only in a way that guarantees to keep easier to apply the ink. alive for many more Angiulo also showed off some As part of this effort, Microsoft is months the ques- different PC form factors running working with chip-making partners tion of whether Windows 7, including an Acer that are leveraging the ARM architec- Microsoft will be a machine featuring dual ture. Those partners include Nvidia serious player or touchscreens. The Corp., Qualcomm Inc. and Texas an also-ran in the bottom screen of the Instruments Inc., according to the market for the devices. Acer PC can serve as Microsoft announcement. The The Acer Iconia PC, running a keyboard for input. A announcement was quick to add that on Windows 7, features a dual- Samsung PC on display has Microsoft isn’t neglecting its long- screen design in which the lower a keyboard that slides out from established x86 hardware partners, screen can serve as a keyboard. the body of the machine. Angiulo specifi cally Intel Corp. and AMD Microsoft CEO Steve Ballmer said that this Samsung PC was run- Inc., which also are planning SoCs kicked off CES with lots of positive ning the Intel Oak Trail CPU. with the next-generation stats, along with a few gizmos. The The tablet Ballmer had Windows OS. gizmos shown on stage—which on stage was ARM-based proces- ranged from laptops and PCs to a Windows 7-based. sors are notable for single tablet device and a slimmed- Microsoft’s most their low power down Microsoft Surface table-top signifi cant CES tablet consumption, device—were quickly presented announcement, how- something that toward the end of the keynote talk by ever, involved the next has become Michael Angiulo, Microsoft corporate version of Windows. The Asus EeeSlate EP121 vice president for Windows Planning, Just before Ballmer’s device was the sole Hardware and PC Ecosystem. keynote, Microsoft Microsoft Windows 7-based tablet showcased at the CES kickoff event. Missing from the lineup was the announced plans to inte- Microsoft star attraction at last year’s grate its next-gen Windows client OS increasingly important as CES, the Hewlett-Packard Co. slate on system-on-a-chip (SoC) hardware users move from using desktops to prototype, which Ballmer had promi- and to use the architecture developed by various portable devices. It’s a trend nently displayed. Cambridge, U.K.-based ARM Holdings. that conceivably could diminish the HP currently offers its Windows 7- The SoC deals are wholly associated use and status of Windows should based Slate 500 Tablet PC, but the with what Microsoft described as its consumers move toward using mobile company will also create a slate device “next version of Windows.” Many devices running the Apple iOS, the based on webOS, the observers think that new client OS will Google Android or even the emerging that HP acquired when it bought be called “Windows 8,” although OS, among many mobile device maker Palm in July. Microsoft refused to describe it. other options. Microsoft is trailing

| | Redmond | February 2011 | 9 RedmondReport

other OS makers on its consumer mobile strategy, although it success- fully wrested the netbook market from initially predominant Linux use after a brief challenge. Microsoft also rede- signed its Windows Mobile OS for consumer phones with the release of its Windows Phone 7 Series late last year. Microsoft’s lack of urgency on tab- lets in its public CES presentations

Microsoft CEO Steve Ballmer delivered the news at CES that the next-generation Microsoft Windows OS would run on chips made by ARM, as well as traditional partners Intel and AMD. doesn’t refl ect attitudes inside the response to this, but they do need a company, according to IDC analyst short-term solution.” Al Hilwa. Hilwa added: “Having the full capa- “I’d expect a move by Microsoft into bility of a PC is an extra bonus that the tablet space before the next version Android devices and the iPad don’t of Windows, which is easily a year or have. Microsoft has to try this two out,” Hilwa said in an e-mail approach as it evolves the PC in the interview. “I have no doubt that long run to embrace a more specialized Samsung worked with Microsoft to produce a thinner Microsoft Surface Microsoft understands the stakes in media-consumption device as an alter- table-top computer, the SUR40, that the media tablet wars and how they native form factor.” can also be used as a kiosk. The device may evolve to affect the PC in the omits cameras and instead uses Kurt Mackie is the online news editor for Microsoft PixelSense infrared technology medium to long term. Running to sense touch commands. Windows in the future on ARM is a the 1105 Enterprise Computing Group. Embedded Entertainment Windows Embedded Standard 7 products featured at CES. indows Embedded Media Center. The OS is used across Standard 7 made the scene the Evolve product line, including W at January’s Computer lifeStation, lifeStream and lifeStore Electronics Show (CES) in Las Vegas. home server. The componentized OS was Reycom, based in Aarau, Switzerland, incorporated in a number of home unveiled its REC100 hybrid set-top box entertainment and set-top boxes. using Windows Embedded Standard 7 Companies such as Acer Inc., Evolve at CES. REC100 handles multimedia Media, Haier, Prime Time and across a home server, PC and Windows Reycom AG have built “connected Phone 7, and it can extend Media Center living room” boxes based on Windows using the Xbox 360 gaming console. Embedded. These entertainment Reycom plans to launch a U.S. retail The Reycoms REC100 hybrid set-top systems enable access to TV, social version of the product in the fi rst box provides a home entertainment networking apps and library stores of quarter of this year. It plans distribu- hub running on Windows Embedded Standard 7. It integrates with a home music, photos and videos. They also tion through U.S. cable companies and server, PC and Windows Phone 7. work with Windows Home Server as telcos by the middle of 2011. well as Windows Phone 7. Microsoft fi rst released Windows The service pack enables RemoteFX Evolve Media, a brand of U.K.-based Embedded Standard 7 to original support for richer graphics on thin- Passive Technologies, uses Windows equipment manufacturers back in April client devices. Microsoft plans to Embedded Standard 7 to sync applica- of 2010. A test version of Service Pack 1 release SP1 sometime in the fi rst quarter tions and services with Windows (SP1) was rolled out in mid-December. of this year. —K.M.

10 | February 2011 | Redmond | | Smarter technology for a Smarter Planet: What 99.9% system uptime means to a kilo of gold. It means that the futures contract for that gold can trade instantly and more securely. The Dubai Gold & Commodities Exchange (DGCX) has maintained their complex network of worldwide members for four years without a single security breach due to malware, and without any unplanned downtime. The DGCX worked with IBM Security Solutions to help implement an intrusion prevention system that builds security into every aspect of their online trading services and proactively adapts to ever-evolving threats. A smarter business is built on smarter software, systems and services.

Let’s build a smarter planet.

A data visualization of the settlement prices for gold, silver and other commodities from March 1 to September 1, 2010.

IBM, the IBM logo,, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at © International Business Machines Corporation 2010.

Untitled-4 1 12/2/10 11:28 AM RedmondReport

10 by Doug Barney Top 10 Important Dead Technologists Though they’re no longer with us, these men had a lasting infl uence on the IT industry.

1. Daniel L. Lewin: Not to be confused , bought the intellectual property machine from Cray Research in 1976. with Dan’l Lewin, a former Apple exec rights to DR-DOS. The company was sold, re-launched and now with Microsoft, Daniel L. Lewin exists as Cray Inc. to this day. co-founded Internet content caching 4. : Novell was hurting and distribution company Akamai in 1982 before Ray Noorda came 8. Dr. Jim Gray: I discovered Jim Technologies, where he served as along, took it over and turned it into a Gray when I wrote two feature articles CTO. In 1999, Akamai went public network OS powerhouse. Novell under about how Microsoft links their and all three founders became worth Noorda’s watch owned the market with research scientists up with academics more than a billion dollars each. Lewin NetWare, but became myopically and researchers from around the world didn’t sail off into the sunset, but focused almost entirely on Microsoft. to help solve our most pressing issues, instead buckled down to move Akamai That led to ill-advised moves—for such as disease and hunger. Gray was a ahead. Fatefully, he found himself on a instance, buying WordPerfect to go up superstar at Microsoft Research, and business trip on Sept. 11, 2001, sitting against Offi ce, as well as QuattroPro worked on making supercomputers on American Airlines fl ight 11 from from to battle Excel. Noorda, super-cheap by using low-cost, off-the- Boston to Los Angeles, when his plane a member of the Church of Latter Day shelf parts. On the software side he was taken over by terrorists and fl own Saints, left the world in 2006. helped build an online telescope that into one of the Twin Towers. took feeds from around the world, and If there was no Ed applied leading-edge database tech- 2. Philip “Don” Estridge: Like niques to problems such as cancer. Daniel L. Lewin, Don Estridge also Roberts, there may have Gray went sailing one day off the West died in a plane crash. Estridge was on a been no . Coast and his craft was never found. Delta Airlines fl ight in Dallas on Aug. 2, 1985, when the plane crashed due to 9. Ed Roberts: If there was no Ed wind shear. This happened four years 5. Edgar Frank “Ted” Codd: Back in Roberts, there may have been no Bill after the IBM PC was essentially the ’80s, there was a big debate over Gates. Roberts invented the Altair, con- invented. Estridge formed a team of what was and what wasn’t a truly rela- sidered to be the fi rst personal computer, about a dozen technicians who built tional database. The ultimate arbiter was and Bill Gates and Paul Allen adapted the industry-standard IBM PC in Ted Codd, the British-born inventor of BASIC (invented at Dartmouth) to the record time—at least for IBM. the relational model, who passed away machine. Roberts never made billions. In in 2003. The model remains the theo- fact, he later became a humble country 3. Gary Kildall: Gary Kildall retical foundation of DB2 to this day. doctor. He had a long battle with pneu- could’ve been Bill Gates. When Don monia, which he lost on April 1, 2010. Estridge was building the IBM PC, 6. Adam Osborne: Adam Osborne IBM had the hardware down pat, but was a true character, both elegant and 10. Ed Foster: Ed Foster wasn’t really no OS. The company scouted around aggressive. After his pioneering foray a technologist, but instead a longtime and fi rst on their list was Digital into hardware, he tried to reduce the editor at InfoWorld, with whom I worked Research, which had CP/M. Kildall price of PC software with Paperback for the better part of three years. reportedly was too busy and missed Software. His company developed a Foster was most famous for his Gripe the IBM meeting. The next stop for clone of Lotus 1-2-3 that was much Line column. He was really a consumer Big Blue was Microsoft and the rest is cheaper. Lotus promptly sued and won. advocate for IT folks burned by bad history. But there was a bit of a post Osborne died in India one year shy of 65. products and shady dealings. We lost mortem comeuppance for Kildall. him in 2008 from a heart attack. He had a product called 7. Seymour Cray: Seymour Cray is was a year shy of his 60th birthday. DR-DOS, which let DOS apps multi- widely credited as the father of the task. Ray Noorda, former CEO of supercomputer, having released the fi rst Doug Barney is editor in chief of Redmond.

12 | February 2011 | Redmond | | DISASTER RECOVERY. THAT WORKS.

When you’re not dealing with downtime from unexpected problems, you’re worrying about potential downtime. And then there’s the stress of hoping your disaster recovery solution will really save you.

Vision Solutions offers the most reliable, comprehensive and affordable disaster recovery and high availability solutions for virtualized and physical server environments. In other words, our Double-Take products work. 20,000 companies can vouch for that.

White Paper: The One Essential Guide to Disaster Recovery Download at or call 800-957-4511.

Leaders Have Vision™

© Copyright 2010, Vision Solutions, Inc. All rights reserved. IBM and Power Systems are trademarks of International Business Machines Corporation. Windows is a registered trademark of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds.

Untitled-4 1 12/9/10 3:33 PM Untitled-2 1 1/11/11 2:53 PM ProductReview

Toughen up Your Databases Sentrigo Hedgehog DBscanner off ers enterprise-class vulnerability assessment and security scanning for databases.

By J. Peter Bruzzese ere’s the business problem: Sentrigo Hedgehog DBscanner There are databases in your Price: Licensing starts at $1,000 per database instance found Henvironment you may not Sentrigo Inc. | 408-970-3300 | even know exist. Then again, there are databases in your environment you on a Windows Server or desktop system and take immediate action. If you absolutely know about—but perhaps running Windows XP, Windows Vista decide you want to take things to the you aren’t aware of how open they are or Windows 7), the next step is to reach next level with real-time monitoring, to targeted attacks. In addition, you out and scan your entire environment you can install the sensor and utilize may also have data on the wire that’s through IP addresses and port ranges to additional features in the Hedgehog not in harmony with regulatory com- fi nd all the databases you might have in Enterprise suite of tools. With this in pliance standards covering passwords, your environment. mind, Sentrigo gives you a 14-day Social Security numbers and credit- Once you have a list of databases (and limited trial of the product that lets card information. For these key reasons, after removing any that are not of concern) you scan your environment and work it’s becoming essential for shops both you can immediately perform various with all the different features of the large and small to have some form of a tests on those existing databases. This is company’s tools, and lets you decide scanning solution that locates your where DBscanner is an excellent in-the- if you want to purchase licensing that databases—both known and rogue— moment scanning tool. Should you will unlock all the features. and assesses the data that’s on the wire. desire to utilize additional monitoring DBscanner licensing starts at $1,000 That’s where Hedgehog DBscanner tools from Sentrigo, which incidentally per database instance found. Obviously from Sentrigo Inc. comes into play. work through the same Web console not all databases need to be scanned (the second component in play), you can and offl ine sales discussions to negotiate Deployment Structure install sensors on your database man- that pricing are always helpful when There are three components that come agement system (DBMS) host servers. It purchasing through Sentrigo or one of together with a DBscanner deployment. works with Oracle, IBM DB2, Microsoft its channel partners, especially when It starts with the installation of the SQL Server and MySQL databases. volume discounts may apply. Hedgehog Server, which is a J2EE server Sensors, the third component, are I give DBscanner a thumbs up. It was that you use to perform your scans, small-footprint processes that aid in the easy to deploy and use. Support was confi gure your initial testing analysis monitoring of all local and network incredibly helpful, and I needed it and monitor systems that have sensors access to the DBMS(es). because the documentation wasn’t deployed. Once the server is installed (it always clear. But what really hooked doesn’t have to be installed on a dedi- Scan, Assess, Take Action me on this solution was how powerful cated machine, and it can be installed DBscanner is easy to deploy for the it was even before installing a sensor most part. Once you install the server agent on a system. It reached out and RedmondRating and are looking at the Web console, it fl agged a variety of issues within my may appear to be a bit complex because environment with little effort on my Installation: 20% 10.0 the enterprise console shows you part—and it told me how to fi x those Features: 20% 9.5 additional tabs for monitoring and issues, as well. The fact that it can Ease of Use: 20% 8.0 dashboard results that won’t be fully expand into a new monitoring role if Administration: 20% 9.0 functional if you haven’t purchased all required is just icing on the cake. Documentation: 20% 7.5 of the components. With just the DBscanner license, you’ll need to know J. Peter Bruzzese ([email protected]), Overall: 8.8 your limitations, and they may not be Triple-MCSE, MCT, MCITP: Messaging, Key: readily apparent. is a longtime contributor to Redmond 1: Virtually inoperable or nonexistent 5: Average, performs adequately All on its own, DBscanner provides magazine and the Exchange 2010 instructor 10: Exceptional a great way to scan your environment for Train Signal.

| | Redmond | February 2011 | 15 ProductReview

Offi ce Live Stumbles Offi ce Live isn’t bad for a Web-based suite, but it can’t begin to compare to its client-based counterpart.

By Brien M. Posey ast year, as Microsoft prepared Offi ce Live to release Offi ce 2010, the com- Price: Free Lpany announced that it would Microsoft Corp. | 800-642-7676 | also release Offi ce Live: a free, Web- based version of Microsoft Offi ce. that time. I fi gured that using Offi ce as those are the most widely used Admittedly, I didn’t pay all that much Live for all of my work for a week would Microsoft Offi ce applications. attention to the Offi ce Live news. After give me a good idea of how well Offi ce all, I tend to spend a lot of time working Live stacks up against Offi ce 2010. Microsoft Word offl ine when I’m traveling, so a cloud- When you open Microsoft Word based version of Microsoft Offi ce just Accessing Offi ce Live (which is offi cially known as Word didn’t seem to be practical for me. There are a number of different ways Web App), you’re prompted to create a Shortly after Offi ce 2010 was released, to access Offi ce Live, but I think the new document. You must supply a fi le- I started getting calls from friends and easiest way to access it is through a name for this document, and you must family members who were asking me if Hotmail account. After signing into also tell Word whether you want to be they could get around purchasing Offi ce Hotmail, you’re taken to the Windows the only one with access to the new 2010 by using the free Web-based ver- Live page. As you can see in Figure 1 document, or if you want to share the sion instead. Lately, I’ve been receiving (p. 18), this page contains an Offi ce document with another Windows Live an ever-increasing fl ood of calls and tab, which provides access to the vari- user. Once you’ve entered this infor- e-mail from people who want ous Offi ce Live apps as well as to the mation, click Save, and Word Web App to know whether or not Offi ce Live is a documents you’ve stored online. will open so you can begin editing viable alternative to Offi ce 2010. As Offi ce Live offers the most basic your new document. such, I decided that it was time for me to Offi ce applications, including Word, When I fi rst began using Word Web take Offi ce Live for a test drive. Excel, PowerPoint and OneNote. App, I felt like a fi sh out of water When I contacted the editors at Other Microsoft Applications such as because the program lacks an option to Redmond about reviewing Offi ce Live, I Outlook and Publisher are not included save documents to the local drive. already had an idea of how I wanted to in Offi ce Live. If you’re wondering Instead, documents are saved to the approach the review. As someone who why Microsoft chose not to include cloud using Microsoft Sky Drive. writes about technology for a living, I Outlook in Offi ce Live, it’s because it Offi ce Live also lacks the ability to use Offi ce 2010 every day (especially exists in Exchange Server 2010 in the open documents that are saved locally. Microsoft Word). Therefore, my idea form of Outlook Web App. This doesn’t mean that you’re lim- was to abandon Offi ce 2010 for a week For the purposes of this review, I’ll ited to solely using cloud storage. Sky and use Offi ce Live exclusively during be focusing solely on Word and Excel, Drive contains a mechanism with which you can upload or download RedmondRating fi les to or from local storage. The Offi ce tab found within the Windows Criteria Standalone Ranking Based on Ranking Comparison with Offi ce 2010 Live interface also contains an option Installation: 20% N/A N/A for opening your documents within Offi ce 2010. In other words, once you Features: 20% 8.0 2.0 create a document using Offi ce Live, Ease of Use: 20% 9.0 9.0 you aren’t locked into using Offi ce Administration: 20% N/A N/A Live exclusively for that document. Documentation: 20% 0.0 0.0 However, if you do want to work with Overall: 5.6 3.6 the document from outside of Offi ce Live, you’ll have to jump through a Key: 1: Virtually inoperable or nonexistent 5: Average, performs adequately 10: Exceptional few hoops.

16 | February 2011 | Redmond | | The new math of consolidation.

Two virtualized IBM Power® 730 Express systems can easily handle the workload of 36 existing scale-out HP ProLiant DL360 G5 servers. Yet many organizations might not consider an 18:1 consolidation job because of the typical up-front cost associated with higher-end systems like Power. The math underlying that assumption has changed. Today, two Power Express systems can cost less than the annual software subscription and support on 36 HP ProLiant servers, while consuming up to 92% less energy and using up to 89% less rack space.1 In addition, the two Power systems may cost up to 26% less than migrating to the latest HP x86-based servers.2 Can systems be built to do more for less? On a smarter planet they can.

Smarter systems for a Smarter Planet.

1. Annual software maintenance costs on the 36 existing scale-out HP ProLiant DL360 G5 servers include Linux server support and WebSphere subscription and support. IBM Power 730 Express systems include the cost of the systems, operating system, virtualization and middleware subscription and support for 3 years. 2. Comparison based on consolidating 36 unvirtualized HP ProLiant DL360 G5 servers to fi ve virtualized HP ProLiant DL380 G7 systems and assumes the WebSphere licenses transfer to the HP ProLiant DL380 G7 systems. Actual performance, cost savings and energy usage referenced in this ad will vary depending on client actual implementation. Contact IBM to see what we can do for you. See IBM, the IBM logo,, Power, Smarter Planet and the planet icon are trademarks of IBM Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at © International Business Machines Corporation 2010.

Untitled-1 1 1/4/11 9:34 AM ProductReview

The fi rst thing I decided to try was to Word Web App was that backspacing However, the Excel Web App was able to open a complex document to see if was slow. This wasn’t a big deal if I only open all of the spreadsheets I tested— Word Web App would render it cor- needed to get rid of one word, but it even when those spreadsheets had rectly. I ended up using an insurance slowed me down whenever I had to get formulas and special formatting. form that my travel agent had sent me rid of a sentence or more. I also found I did run into a few issues with Excel because the form used a number of that some of the editing options I take Web App. The fi rst was that Excel different fonts, images and fi elds. At for granted when working in Word 2010 Web App takes much longer to update fi rst, it seemed that Word Web App were gone. For example, Word Web App spreadsheets than Excel 2010 does. didn’t render the document’s margins won’t allow you to drag-and-drop text Excel Web App automatically recalcu- correctly—but when I switched to (though you can work around this limi- lates formulas as the data in the Reading View, the problems went away. tation by using cut and paste). spreadsheet changes, but these recalcu- With that, I decided to try using Additionally, Word Web App doesn’t lations may not happen immediately. Word Web App to write an article. include the zoom feature. This is During my tests, updates took any- One of the fi rst things I noticed was important to me because my eyesight is where from about three seconds to that Word Web App is missing the not the greatest. I realize Internet more than 10 seconds to show up. This page count/word count indicator that Explorer has its own zoom feature, but isn’t a big deal if you know that Excel Web App can be slow, but it could be problematic if a user assumes that he’s looking at the most-recent calcula- tions. Another thing that bothered me about Excel Web App was that there was no mechanism for renaming indi- vidual sheets (using the tabs at the bottom of the screen). This was a barrier to completing some of my work. Documentation One area in which Offi ce Live is seri- ously lacking is in its documentation. I couldn’t fi nd any obvious documenta- tion for Offi ce Live, so I tried doing a . When Google didn’t reveal any documentation, I tried to fi nd the documentation within a set of Help fi les. However, there doesn’t seem to be a Help function for the Figure 1. The Offi ce Live applications are accessible on the Windows Live Offi ce tab, as are your recent documents. Offi ce Live applications. It may be that Microsoft assumes anyone using Offi ce Word 2010 displays in the lower-left when you zoom at the browser level, Live already knows how to use the corner of the window. Without this you increase both the size of the text basic Microsoft Offi ce features. information, it would be diffi cult for and the size of the Offi ce Ribbon me to make sure the article I was (which can cause it to outgrow the The Verdict writing was of the correct length. screen). Finally, I found out the hard I found Offi ce Web App to be lacking I realized the missing word count way that Word Web App doesn’t have in features. It will do in a pinch, but I feature would stop me from being able an auto-save feature. By pure coinci- wouldn’t use it for day-to-day work. Of to use Word Web App for writing arti- dence, the electricity went out while I course, I can’t gripe too much, because cles. However, I’m in the process of was composing a document in Word you can’t beat the price—it’s free. Keep writing a book. As the book’s word Web App. When that happened, I lost in mind that Offi ce Professional 2010 count is irrelevant, I decided to write a everything I hadn’t saved. retails for $499.99. chapter using Word Web App. As I typed words in, the document Excel Brien M. Posey, MVP, is a freelance bounced up and down. The bouncing Most of the issues I mentioned in technical author with many articles and stopped when I stopped typing, but it regard to Word Web App are common books to his credit. You can visit his Web was distracting. Another issue I had with to all of the Offi ce Live applications. site at

18 | February 2011 | Redmond | | Content provided by TechNet Magazine, Microsoft’s premier publication for IT Professionals MAGAZINE PracticalApp Protecting Workgroups with Microsoft Forefront You can use Microsoft Forefront Threat Management Gateway as intended with Active Directory, or use it to secure a workgroup setting. By Brien Posey onnectivity yields collaboration, yet it can also However, you can’t perform Enterprise Management Server replication in a Cyield risk and exposure. You can confi gure your workgroup environment. workers in a workgroup and still protect them, your Certifi cate Authority data and your corporate network with Microsoft Forefront One of the biggest requirements for installing Forefront in a workgroup Threat Management Gateway (Forefront TMG) 2010. environment is that you must have a server certifi cate installed on the While generally regarded as an environment, you won’t be able to use Forefront TMG server. Because you’ll enterprise-class application set automatic Web proxy detection. only use this certifi cate internally, designed for use within an Active Similarly, without an Active Directory Microsoft recommends creating your Directory environment, you don’t domain, you won’t be able to confi gure own Enterprise Certifi cate Authority absolutely need to deploy Forefront Forefront using Group Policy settings. as a way of avoiding the costs associated within Active Directory. You can Instead, you’ll have to use local with purchasing a commercial certifi cate. effectively deploy Forefront TMG in a security policies on each individual Windows Server has everything you number of different topologies and for machine running Forefront. need to confi gure it to act as a Certifi cate various purposes. Other limitations warrant more- Authority. But given the sensitive nature In a workgroup environment, you’ll careful consideration. For example, of server certifi cates, you should deploy want to set up Forefront TMG at the running Forefront TMG certifi cate services on a server other than network perimeter so it can inspect Standard are typically joined to an the one that will act as your Forefront inbound HTTP and HTTPS packets Enterprise Management Server. gateway at the network perimeter. for malicious content. You can also use it to fi lter the types of Web sites your users visit. Because the Forefront TMG server will sit at the network perimeter, it should have a minimum of two network adapters. One adapter will connect to the private network, while the other will connect to the outside world. Microsoft recommends that both of these adapters be confi gured with a static IP address. Microsoft designed Forefront to be deployed within a Windows domain. Although you can use it within the context of an enterprise workgroup, there are some minor limitations you would not normally encounter in a domain environment. For example, if you’re deploying Forefront into a workgroup Figure 1. Choose the Forefront TMG Services and Management option for installation.

| | Redmond | February 2011 | 19 XenDesktop

Untitled-1 1 12/13/10 8:52 AM MAGAZINE

Once you’ve chosen a server to act as a certifi cate authority, open the Server Manager. Go to the Roles container and click on the Add Roles link. Windows will launch the Add Roles wizard. Bypass the wizard Welcome screen and you’ll be taken to a screen that asks you to pick the roles that you want to install. Choose the Active Directory Certifi cate Services role and click Next. You’ll see a warning message telling you that once you install the Active Directory certifi cate services, you won’t be able to change the server’s name or domain status. You’ll be prompted to choose the role services you want to deploy. Choose Certifi cation Authority and Certifi cation Authority Web Enrollment services and click Next. At this point, Windows will ask you if you want to deploy a standalone or an Figure 3. The Getting Started Wizard walks you through the confi guration process. enterprise certifi cate authority. Because you’re setting up for a workgroup envi- When Windows displays the wizard now ask you to specify a location for ronment, choose the Standalone option. Cryptography screen, click Next to the certifi cate database. Use any loca- Click Next, and you’ll be prompted to accept the defaults. Then you’ll be tion you like, but you must be sure to choose the Certifi cate Authority type. prompted to supply a common name regularly back up whatever location As this is the fi rst certifi cate authority for the Certifi cate Authority. Enter the you choose. in the organization, choose the Root name of your choice and write it down. Then the wizard will display an CA option and click Next. You’ll need to know this name later on introduction to IIS. Click Next again The wizard will now ask you whether when you deploy Forefront. and you’ll be able to install additional you want to create a new private key You’ll be prompted to select a cer- role services for IIS. The required or use an existing private key. Create a tifi cate validity period. Click Next to role services are already selected, so new private key and click Next. accept the defaults. The wizard will just click Next, then Install to deploy the required role services. When the process completes, click Close. Preparing Your Server You’ll need to prepare your server before you install Forefront TMG. Begin by installing all the latest Windows Server patches on your server. This is important to do— Forefront did not install correctly when I inadvertently skipped this step. Once your server is up-to-date, insert the Forefront TMG 2010 installation media. When Windows displays the Forefront splash screen, click on the Run Preparation Tool link. When you do, Windows will launch the Forefront TMG Preparation Tool wizard. Bypass the wizard Welcome screen and you’ll be prompted to accept the license agreement. You’ll see the screen shown in Figure 1 (p. 19), which Figure 2. Choose the adapter connected to your internal network. asks you which type of Forefront

| | Redmond | February 2011 | 21 MAGAZINE PracticalApp

installation you’ll be performing. When you’ve specifi ed your adapter Bypass the wizard’s Welcome screen Choose the Forefront TMG Services and all internal IP address ranges, click and you’ll be taken to a screen asking and Management option and click Next. Next. You may see a warning message you to select the network template that Windows will now install any telling you you’ll have to restart some best represents your topology. Because necessary roles and features. When services. If you see such a warning, just we’re going to confi gure the Forefront the process completes, make sure the click Next again. server to provide perimeter protec- tion, select “Edge fi rewall” as shown in Figure 4. You’ll be prompted to select the net- work adapter connected to your internal network. This also lets you specify addi- tional routes, but doing so will rarely be necessary in a workgroup environment. After making your selection, click Next and you’ll see a screen asking you to choose the network adapter connected to the Internet. Make your selection and click Next, followed by Finish. Confi guring System Settings Now it’s time to confi gure your system settings. Click the Confi gure System Settings button that’s shown in Figure Figure 4. Select the “Edge fi rewall” option. 3. When you do, Windows will launch the System Confi guration Wizard. Launch Forefront TMG Installation At this point, you may see a message Bypass the wizard Welcome screen Wizard check box is selected and then telling you remote management is and you’ll see a screen similar to the one click Finish. being enabled from your IP address. If shown in Figure 5 (opposite page). In a you see such a message then be sure to domain environment, you’d have to pro- Installing Forefront TMG make note of the IP address before vide a domain name and a DNS suffi x. Windows will then launch the Forefront clicking Next. Because we’re setting up Forefront in a TMG Enterprise Installation Wizard. You should now see a message telling workgroup, we don’t have to do any- After the Welcome screen and accepting you you’re ready to install Forefront. thing. Click Next, followed by Finish, to the license agreement, click Next again Click the Install button and the instal- complete the system confi guration. and you’ll have to provide your product lation process will begin. As you can key. Click Next once more and the see in Figure 2, the wizard provides Defi ne wizard will ask you to confi rm the you with an estimate of how long the Deployment Options installation path. Assuming everything installation process will take to com- The last step in the confi guration looks good, click Next to go to the plete. When the installation process process is to defi ne the deployment Defi ne Internal Network screen. completes, click Finish. options. Click the Defi ne Deployment Forefront TMG is designed to be Options button shown in Figure 3. deployed at the network perimeter, so Confi guring When Windows starts the Deploy- it needs to know which IP addresses Forefront TMG ment Wizard, click next to bypass the are included in your internal network. Now that you’ve installed Forefront Welcome screen. You can provide your internal address TMG, open the Forefront TMG Man- Then you’ll be asked if you want to range by clicking the Add button. agement console and select the top node use Microsoft Update to check for At this point, you’ll be taken to the in the console tree. Click on the Launch antivirus updates. Choosing Yes is Addresses dialog box. Click the Add Getting Started Wizard link, located in highly recommended. Click Next and Adapters button and then pick the the Actions pane. When you do, you’ll be taken to the screen shown in adapter connected to your internal Forefront will launch the Getting Started Figure 6 (opposite page). network, as shown in Figure 2 (p. 21). Wizard, shown in Figure 3 (p. 21). As you can see in Figure 6, you must If the adapter is using a dynamic IP Click the Confi gure Network Set- activate your Forefront license. Enable address, you may have to go back to tings button to begin the confi guration the Network Inspection System, which the Addresses dialog box and specify process, shown in Figure 3. This will will look for malicious code at the your internal address range manually. launch the Network Setup Wizard. HTTP/HTTPS packet level. You

22 | February 2011 | Redmond | | MAGAZINE should also select the Enable Malware Inspection check box; you may also enable URL fi ltering if you like. You’ll set an option to control how frequently Forefront checks for antivirus updates. By default, the update will check every 15 minutes. You can also confi gure a notifi cation if update checks fail over a prolonged period of time. Then the Wizard will ask you if you want to participate in the Microsoft Customer Experience Improvement Program. Make your selection and click Next, followed by Finish to complete the confi guration process. Click Close to close the Getting Started Wizard. Windows will now automatically launch the Web Access Policy Wizard. This wizard lets you control the types of Web fi ltering Forefront performs. Click Next to bypass the Welcome Figure 6. Activate the complementary license and enable malware inspection. screen and you’ll see a screen asking you if you’d like to create a default box to block encrypted ZIP fi les that You can either have Forefront generate rule that blocks potentially malicious could potentially contain malicious fi les. a self-signed certifi cate or use a custom URLs. Click Yes, followed by Next. You’ll be asked if you want to let certifi cate. Using a custom certifi cate At this point, you’ll see a screen asking users use SSL-encrypted HTTP ses- isn’t even an option in a workgroup you about the types of Web sites to sions (HTTPS). Inspecting HTTPS environment, so you’ll have to choose which you’d like to block access. For content is recommended, but Forefront the Custom Certifi cate option. Then example, you can block access to sites cautions that doing so could potentially you’ll have to provide the name of your containing hate speech or anything have legal consequences. Consider certifi cate authority. This is the friendly obscene. The list of blocked content is your decision carefully. name you defi ned when you created the automatically populated, but you can If you choose HTTPS inspec- certifi cate authority, not necessarily the adjust the list as needed. tions, you’ll be asked whether or not server’s computer name. Then the wizard will ask you if you you want to notify the users of those Finally, you’ll see a screen indicating want to apply malware inspection rules inspections. You’ll also be informed that you’ll be forced to manually to the Web Access Policy. Choosing Yes that a certifi cate is required for the export and deploy the certifi cate. is recommended, as is selecting the check inspection process. Provide the wizard with a destination folder to which the certifi cate can be downloaded and click Next. When prompted, enable the default Web caching rule to fi nish the process. This procedure installs Forefront TMG in such a way that you can have it inspect HTTP/HTTPS packets as they pass through your network perimeter. Keep in mind, however, that Forefront TMG offers many additional features, such as the ability to inspect e-mail messages. This is a simpler deployment suitable for securing workgroups.

Brien Posey, MVP, is a freelance technical author with thousands of articles and dozens of books to his credit. Visit Posey’s Figure 5. Verify that Forefront is confi gured for a workgroup deployment. Web site at

| | Redmond | February 2011 | 23 Clouds

Microsoft and Google have radically diff erent cloud strategies. The outcome of their battle is still very much

up in the air. By Jeff rey Schwartz

his is new territory. In fact, it’s not territory at Chrome for Business lets IT admins control updates, all: It’s the cloud, and that’s part of Microsoft’s customize deployments, manage Group Policies and set problem. The software titan has long dominated authentication protocols. Google Apps for Business, the Tthe market for on-premises software, but the company’s suite of productivity applications, now has an battle for supremacy in cloud computing is just administrative console that lets IT set Group Policies. beginning. And Microsoft’s chief enemy, Google Inc., is Plus, Google keeps adding new features to Apps for armed and ready to shoot down its old-school rival. Business, putting the suite on more even footing with This isn’t just about the Microsoft cloud versus the Google Offi ce, SharePoint and Exchange. Google further proved its cloud anymore, either, although that war is heating up rapidly. cloud commitment when, in December, it released thousands Google is also hitting Microsoft where it hurts: in the OS and of test computers loaded with the Chrome OS. These Web- server markets, the products that made Microsoft the giant only Chrome OS machines boot up instantly. it is today. Of course, Microsoft isn’t exactly hurting yet. It recently The more big cloud accounts Google wins, the more its reported huge sales of the latest versions of Windows and services will displace the dominant Microsoft desktop Offi ce. As a result, some observers say that it’s diffi cult to model. Some observers believe that the Google offerings will take any threat from Google seriously. After all, Google have a limited impact, but others say that the search giant’s isn’t the fi rst company to try to dethrone the Redmond critics are underestimating its enterprise wherewithal. software king. Novell, Netscape Communications, Sun The two Microsoft moneymakers Google threatens the Microsystems Inc. and Red Hat Inc. have all tried and failed. most are Windows and Offi ce. The search giant wants to This time, though, the battle is different. Microsoft has no replace those client-based applications with purely cloud-based virtual monopoly in cloud services, no insurmountable lead alternatives, including Chrome OS and Google Apps for that Google will struggle to overcome. And Redmond is Business. Google services replace desktop computing with a clearly aware that Google is gunning for it. pure-cloud model, so Exchange and SharePoint are at risk, too. “They’re coming after us, guns blazing; they’re all over Microsoft, on the other hand, talks about being “all-in” for us,” said Microsoft COO Kevin Turner in a speech at last the cloud but doesn’t offer the cloud-only play that Google summer’s Microsoft Worldwide Partner Conference. touts. Redmond’s approach involves more of a hybrid model, However, Turner predicted that Microsoft would eventually with on-premises and cloud services working together. win back customers that defected to Google. Google CEO , a longtime battler of Google Takes the Off ensive Microsoft, knows that the fi ght is different this time. Nearly Key to the Google offering is its enterprise browser, Google 15 years ago, Schmidt, then Sun’s CTO, predicted that Chrome for Business. Equipped with a Microsoft Installer, network computers (NCs) would sweep Internet computing

24 | February 2011 | Redmond | | Collide

Early Chrome OS machines will come with 12-inch displays and allow eight hours of continuous use. They’ll also have constant broadband connectivity thanks to a deal inked with Verizon Wireless to provide 3G service when WiFi service is unavailable. But users will receive only 100MB per month for free, and Verizon hasn’t provided further details on packages other than an offering of services for $10 a day. Schmidt, once reluctant to allow Google to jump into the browser and OS market, now appears ready to take another shot at Microsoft: “Cloud computing will essentially defi ne computing as we all know it,” Schmidt said. “With Chrome OS, we have the development of a viable third choice in real and sweep desktop software out. Ultimately, he might have operating systems on the desktop. There just hasn’t been an been right; the vision for NCs presaged what has become alternative that took advantage of cloud computing, and now the cloud. we fi nally have a product that’s strong enough, technical But the NCs that Sun, IBM Corp. and others introduced enough, scalable enough and fast enough that you could at the time never took off, in part because they suffered build actual powerful platforms on it. It’s different in ways from bandwidth and back-end infrastructure constraints. that matter if you build in cloud computing.” Those problems, however, are less prevalent today. “We were right then, but we were wrong then,” Schmidt Enterprise Play said during a speech given at the launch of the Chrome OS Some observers argue that the , dubbed beta in San Francisco. “We were wrong in understanding Cr-48, will appeal to consumers rather than to enterprise how complex and subtle the problems were. We couldn’t users. But Google announced a partnership with longtime build great applications on the Web technologies of the Microsoft ally Citrix Systems Inc. that will allow users to run time. We could build information resources, but you the Citrix Receiver on Chrome OS. With that connection, couldn’t build Web applications that were at the scale and users will be able to render server-side Windows apps and power of the then-existing desktop applications.” data on the Google-based computers. (The Citrix Receiver Schmidt now believes that NCs running Chrome OS can is also available for the Apple iPad). compete with machines running Windows and the Mac OS X. “The Receiver itself is HTML5, so there’s nothing you Acer Inc. and Samsung are scheduled to release Chrome OS have to download, there’s nothing you have to run locally; if devices later this year, and other vendors say they have plans you have a Web browser, you can access that desktop,” says as well. The machines will be diskless systems with limited Rajen Sheth, a Google product manager. onboard solid-state memory. They won’t have the nuances Early reviews of the Cr-48 are lukewarm. In a PC Magazine of traditional notebook PCs—such as function keys and a column, analyst Tim Bajarin of Creative Strategies pointed caps-lock button—but they will save all data in the cloud, out that the machines are very Google-centric. “It’s where their apps will also run. completely tied to your Google account, or any other Verifi ed boot provides security for Chrome OS machines. Google-related service for which you have an account, such Verifi ed boot ensures that the OS hasn’t been modifi ed on as , or any Google app that requires the system, and if it has, the system rolls back to a previous registration,” he wrote in December. “That means you are version. Upon login, users see a browser desktop that’s driven through a Google view of the world, or more Google-centric—the interface offers access to , specifi cally, its browser/apps world.” Search, Gmail, YouTube and a Web store consisting of a Others are skeptical as well. “Chrome OS is not going to marketplace of third-party browser-based apps. happen until there’s high-speed, low-cost Internet access

ILLUSTRATION FROM SHUTTERSTOCK | | Redmond | February 2011 | 25 Clouds Collide

everywhere,” says Andrew Bradley, the Windows platform alternative. Google recently boosted the suite with new supervisor at Rea Magnet Wire Co. Inc. “It’s a nice idea, but enterprise features that support collaboration and offer just that—a lab idea. The cost of ownership is just too high richer functionality and better administrative support than to require someone to have a 3G cell data plan just to run a ever before. laptop with this OS.” And Google isn’t just going after Offi ce. It’s also trying to While success isn’t guaranteed, Google Apps for Business displace Exchange with its own hosted e-mail service, as appears to be gaining a foothold with users. Microsoft has well as SharePoint with its cloud-based sold 500 million copies of Offi ce, but Google Apps for offering, which can be customized with Business is steadily becoming an increasingly competitive running atop of .

Google: Betting what they can actually put in the cloud. I think you’re going on Evolution to see a transformation happen in terms of the desktop, as Google Inc. Product Mananger well—and client devices, as well. I think in a few years the Rajen Sheth talks about how his average user is going to have multiple access points. company believes it can displace Whether it’s their mobile device, whether it’s their desktop, many of Microsoft’s mainstay whether it’s a laptop, whether it’s a home computer, they’ll off erings, including Windows, be using all of those as work devices. That’s a fundamental Offi ce, Exchange and SharePoint. shift. The other thing, though, is I think the form factor and You can read a longer version of the makeup of the desktop device is going to become this interview online at diff erent, and that’s everything from things like simple stateless Chrome notebooks to tablets to mobile devices and smarter and smarter mobile devices. If you look fi ve Microsoft argues that, with client-side software, you get years out, the way that people will be accessing and a richer experience and you have the data locally. running their applications will be diff erent from what you What’s your take on that argument? see now and what you saw fi ve years ago. I think it’s defi nitely a myth that you can get a richer client-side experience with thick-client software than you Regarding Cloud Connect [the new tool that will let can with Web-based software. If you asked me that same users link Microsoft Offi ce to Google Apps], Microsoft question four or fi ve years ago, I’d say you’re absolutely sees that as a sign that Google is waving the white fl ag. correct. If you ask me that question now, I’d point to a Microsoft believes Cloud Connect proves that organizations variety of the applications that are out there that are built really do want to have a rich data experience. in HTML5 and have tremendously rich client-side experi- That’s completely incorrect. I think really what we’ve ences. The benefi t beyond the tremendously rich client-side found in talking to customers is a vast majority of users experience is you don’t have to download anything. within an organization don’t need the functionality that’s there within Microsoft Offi ce. So we believe where we are What about the notion that some people want their with Google Docs right now is a great solution for the data locally? vast majority of users within an organization. With that The benefi ts of having data locally are waning. A few said, there are users for one reason or another who want things are driving that. The fi rst thing is just connectivity. to use Microsoft Offi ce. It could be they like Offi ce better, People are connected more and more often. What you’re it could be there’s functionality in Offi ce that we don’t yet going to see is over time, the times when people are have. We’re going to work to close that gap, but we want offl ine are going to shrink more and more and more. That to make it such that they have a good bridge to the cloud. said, I think offl ine is an important use case and I think one The great thing about Cloud Connect is all of a sudden, of the things we were showing at the Chrome OS launch without any new server-side software or any upgrades to was talking about offl ine. What happens if your Chrome Offi ce, you have strong collaborative functionality versus OS notebook is not connected, and how can you use some having to upgrade your entire infrastructure to Offi ce of these applications offl ine? I think that’s one of the great 2010 and upgrade and implement SharePoint 2010 on the advances with this new generation of HTML applications server side to get collaborative functionality that actually with HTML5: there’s that ability to have good amounts of is not on par with Google Docs. What we’re providing is a offl ine caching that serve two purposes. One, it makes the great bridge to the cloud, so you can deploy collaboration user experience faster for the end user, and [two], it also to all of your employees and give them the choice of lets people use it when they’re not connected. whether they want to use Google Docs or whether they want to use Offi ce. Is it Google’s belief that this cloud model will replace the traditional PC, or will it coexist with it? What’s your take on Offi ce 365? I think we’re in the midst of a fundamental shift in computing. My take is it’s defi nitely good to see that what we’ve been You’re going to see this shift happen over the course of the doing has had a strong aff ect on the market. Competition next few years, and you’ve seen parts of this happen over is always good, [and] what you’re going to see as a result the last few years. I think the concept of cloud computing [is] more and more software vendors working in this has been the fi rst part of that fundamental shift. We’ve space and more and more cloud vendors working in this seen computing go from a few years ago—where customers space. You’re going to see the innovation rate continue to wouldn’t even consider the notion of having their applica- go through the roof. What we’ll see is, in the next 10 years, tions hosted by somebody else—to now most companies there’s going to be an order of magnitude greater innova- are developing a cloud strategy and trying to fi gure out tion than we ever saw in the last 10 years. —J.S.

26 | February 2011 | Redmond | | With fax as a cloud service from Esker, you can get the reliabllity you need and the simplicity you want. Deploy fax across your landscape quickly and cost- effectively, with real-time status and 24x7x365 availability. All without installing any hardware or software!

ƒ Control and manage fax usage ƒ Reduce fax infrastructure costs ƒ Free-up resources for core business

Find out more at

Untitled-2 1 1/5/11 9:33 AM Clouds Collide

“We’re to the point where with the Google Docs suite, we Google’s challenge will be to grow that number exponen- can say that it can be an offi ce productivity tool for the vast tially. At the same time, Microsoft is aggressively moving majority of end users,” Google’s Sheth says (see “Google: its Offi ce and Exchange customers to the cloud as well, Betting on Evolution,” p. 26). “A vast majority of users within touting recent wins with the City of New York and the U.S. an organization don’t need the functionality that’s there Department of Agriculture. The rhetoric from both within Microsoft Offi ce.” companies is at fever pitch. Google has scored some high-profi le cloud wins, such as “They’ve been in the cloud productivity space for the last the U.S. General Services Administration, Motorola Inc. four years, and the results haven’t been stellar,” Tom Rizzo, and Genentech Inc. The company says it has 3 million Microsoft senior director of online services, says of Google customers and 30 million users of Google Apps. That’s a (see “Microsoft: Hybrid Strategy,” this page). “Most of their pittance compared to the Offi ce installed base, and customers sit on the free version. They’re not paying customers

Microsoft: at less than 1 percent is not a good place to be after all the Hybrid Strategy hard push they had. There’s a couple of reasons for it. Microsoft Senior Director of Online They’re trying to shoehorn consumer products into the Services Tom Rizzo talks up enterprise space. That’s like us trying to take things like Redmond’s hybrid cloud off erings Hotmail and Skydrive and saying, “It’s enterprise ready, and its desktop/server solutions, customers should start using it for business.” Those and shrugs off any threat from weren’t built for business to begin with—they were built Google Inc. See a longer version with the consumer in mind. of this interview online at The other thing we hear from customers and partners is Google is not good at providing roadmap support. All the enterprise class things that businesses need and the partners How’s the Offi ce 365 beta going? need to be able to service their businesses, Google has no More than 2,000 organizations sign up every day for the roadmap [for]. They kill products like Wave, they cut off beta. It’s a limited beta. We don’t provision them support so customers are left kind of stranded if they’ve immediately as we sign them up; it’s staged over time. We invested in anything that never comes out of beta or do off er diff erent editions through the beta, so we have comes out of beta and then is killed. I think Google has a Offi ce 365 for Small Business and we also have Offi ce 365 lot of learning and growing up to do in the enterprise, and for Enterprise. When you sign up for the beta you can I think you can also see that through the partner ecosystem, decide which editions you want; you can try multiple they just don’t have a lot of commercial partners building editions. Those organizations can provision multiple services on top of their products. users—typically 10 or 15 or 20 users—to try all the diff erent services inside of the actual beta. We continue to have What’s your reaction to the Cloud Connect tool Google good momentum on the BPOS [Business Productivity released that links Offi ce to Google Docs? Online Suite] side of the house. I think it’s a little bit of them waving the white fl ag. When they fi rst came out, they were very aggressive against What types of migrations will customers and partners Offi ce, four years ago they said you can replace Offi ce on have to go through? the desktop and Google Apps is going to be that replace- It will depend on which pieces of the product set that ment. Then they quickly backed away from that and said, you’re using, whether you’re using e-mail, like in Exchange, “Maybe Google Apps isn’t a replacement for Offi ce; it will be or whether you’re using SharePoint, or whether you’re a companion to Offi ce.” Now they’re building technology to using OCS [Offi ce Communications Server] or Live Meeting try and connect it together. At the end of the day, with the or that sort of stuff . It also depends on whether you’re all Cloud Connect technology they’re waving the white fl ag, online or you’ve got a hybrid sort of solution that you’re [admitting] that Offi ce is winning on the desktop. I’d say running where you’ve got some online and some on-premises. customers looking at Cloud Connect defi nitely should It’s an upgrade [to BPOS]. It will be pretty seamless for look at Offi ce connecting to our cloud services because customers and partners. Obviously, if you did a lot of it’s Offi ce in both places in terms of our Offi ce Web Apps customization on SharePoint and those sorts of things, and Offi ce on the desktop. you’ll want to test that. With e-mail it’s pretty straightforward. If you did a lot of customization on SharePoint where you What’s your take on how on-premises and cloud-based built custom sites and maybe uploaded some code and solutions will coexist? that sort of thing, you defi nitely will want to test that I think hybrid is around for a while, especially in the before you move it over, but we provide guidance and enterprise. In SMB [small to midsize businesses] I think it tools on helping you make that transition. goes faster where they move to an all-cloud model. I think in the enterprise on-premises isn’t going anywhere, both in What’s your take on Google’s push into the Offi ce market? enterprise and large government. I think that presents They’ve been in the cloud productivity space for the last opportunity to make that integration easier and to also four years and the results haven’t been stellar. Most of have folks help us with the transition to the cloud over their customers sit on the free version. They’re not paying time. I think it also opens the opportunity for the Windows customers into the Google service. We were just talking to Azure technologies where people can develop applications. the Gartner guys: Google in four years has less than 1 per- And the Windows Azure appliance, as well, will allow people cent of the enterprise e-mail market, and you could argue to move stuff into their private clouds. We hear a lot of Gmail has been their longest product in this space. Sitting conversation around private clouds. —J.S.

28 | February 2011 | Redmond | | TOP 10/ Bagley “Independently reviewed by industry experts these free tools proved to be useful for IT pros.”

Top 10 Free Tools for System Administrators Audit Active Directory and file servers, detect inactive users, block USB devices, and more – for free.

he following freeware tools by Redmond Readers’ Choice Active Directory Object Restore Wizard (Windows IT Pro: Award-winner NetWrix Corporation can save you a lot of 6—This tool can save the day if someone WLPHDQGPDNH\RXUQHWZRUNPRUHHI¿FLHQW±DWDEVROXWHO\QR accidentally (or intentionally) deletes important Active Directory objects. It cost. Some of these tools have advanced commercial versions provides granular object-level, and even attribute-level restore capabilities with additional features, but none of them will expire and stop that allow quick rollbacks of unwanted changes (e.g., mistakenly deleted working when you urgently need them. XVHUV PRGL¿HG JURXS PHPEHUVKLSV HWF  'RZQORDG OLQN www.tinyurl. T com/23um4w2 Active Directory Change Reporter (Windows IT Pro VMware Change Reporter (TechTarget/SearchVirtualDesktop: 1 Sep’09: InstantDoc ID 102446, TechRepublic: www.tinyurl. 7—If you don’t know what is being com/3xq7rqm)—This simple auditing tool keeps tabs on what’s going FKDQJHGE\\RXUFROOHDJXHVLQWKH90ZDUHLQIUDVWUXFWXUHLW¶VYHU\HDV\WR on inside your Active Directory. The Windows IT Pro 2010 Community get lost and miss changes that can affect things that you are responsible for. Choice and Editors’ Best Award-winner tracks changes to users, groups, This 2010 Windows IT Pro Community Choice and Editor’s Best Award- OUs, and all other types of AD objects, sending detailed daily reports with ZLQQHU WUDFNV DQG UHSRUWV FKDQJHV LQ90ZDUH9LUWXDO &HQWHU VHWWLQJV DQG lists of changes. Download link: permissions, such as newly created virtual machines, containers, alerts and USB Blocker (Windows IT Pro Nov’09: InstantDoc ID 102860)— more. Download link: 2 7KHLQFUHDVLQJPRELOLW\RIÀDVKGULYHV03SOD\HUVFHOOSKRQHV Windows Service Monitor ( www. and iPods makes the threat of data theft greater than ever, and with a couple 8—This very simple monitoring tool alerts clicks of the mouse, this aptly-named tool blocks unauthorized usage of you when some Windows service accidentally stops on one of your servers. removable media via USB ports. USB Blocker hardens end point security The 2010 Windows IT Pro Community Choice and Editor’s Best Award-win- by preventing the spread of harmful malware and restricting the transfer of ning tool also detects services that fail to start at boot time, which can hap- FRQ¿GHQWLDOLQIRUPDWLRQ' SHQIRUH[DPSOHZLWK0LFURVRIW([FKDQJH'RZQORDGOLQNwww.tinyurl. 3DVVZRUG ([SLUDWLRQ 1RWL¿HU 5HGPRQG 0DJD]LQH )HE¶ com/35oo29c 3 4sysops:—This tool automatically Bulk Password Reset (reviewed by SoftPedia: www.tinyurl. reminds users to change their passwords before they expire, helping keep 9 com/38do6ts)— While most companies have strong password helpdesk administrators safe from password reset calls. It works nicely policies for their employees, one critical issue is still neglected— local Ad- for users who don’t log on interactively and, thus, never receive standard ministrator passwords on all servers are usually managed in a “set-and-for- password change reminders at log on time (VPN and OWA). Download get” fashion, often using “well-known” passwords that open a major hole for link: security attacks. The Bulk Password Reset tool quickly resets local account 4 Inactive Users Tracker 067HFK1HW0DJD]LQH0D\¶www. passwords on all servers at once, making them more secure and easy to man-, TechRepublic: age. Download link: — This tool tracks down inactive user accounts (e.g., terminated employees) Disk Space Monitor 067HFK1HW0DJD]LQH6HS¶www.tinyurl. so you can easily disable them, or even remove them entirely, thus eliminating 10 com/33ny3qk)— Even with today’s terabyte-large hard drives, potential security holes. The tool sends reports on a regular schedule, showing server disk space tends to run out quickly and unexpectedly. This simple ZKDWDFFRXQWVKDYHEHHQLQDFWLYHIRUDFRQ¿JXUDEOHSHULRGRIWLPH HJ monitoring tool will send you daily reports regarding all servers that are months). Download link: UXQQLQJORZRQGLVNVSDFHEHORZWKHFRQ¿JXUDEOHWKUHVKROG'RZQORDGOLQN File Server Change Reporter ( www.tinyurl. 5 com/2w2fvvu ²7KLV LV D PXVWKDYH WRRO IRU DXGLWLQJ ¿OH VHUYHUVDQGDSSOLDQFHV7KHWRROGHWHFWVFKDQJHVPDGHWR¿OHVIROGHUVDQG SHUPLVVLRQVDQGWUDFNVQHZO\FUHDWHGDQGGHOHWHG¿OHV7KHWRROLVXVHIXO JOHN BAGLEY ([email protected]) is an award-winning IRUGHWHFWLQJPLVWDNHQO\GHOHWHG¿OHVDQGLWDOORZVTXLFNEDFNXSUHFRYHU\RI professional writer and independent consultant, who contributes to accidental changes. Download link: newspapers and magazines.

Untitled-4 1 1/10/11 1:21 PM Clouds Collide “When you start looking at the entire suite of off erings, you still really can’t compare the two; you get a tremendous amount of value from Google.” Mike Cohn, Founder and VP of Product Management and Marketing, Cloud Sherpas

into the Google service. Google has no roadmap. They kill For its part, Google seems to understand that the products like Wave; they cut off support so customers are left Microsoft desktop-based model won’t go away overnight. kind of stranded if they’ve invested in anything that never Google recently released the beta for Cloud Connect, a comes out of beta or comes out of beta and then is killed.” plug-in that will let users work in Microsoft Offi ce and store Still, Microsoft isn’t taking Google for granted. The com- that data in the Google Apps cloud. pany held a webcast for its vast partner base in December on “We see this as a great bridge to the cloud,” Sheth says. “It how to compete with Google. Molly McCarthy, Microsoft makes it such that within an organization, you’re not going U.S. Google compete lead, offered a laundry list of problems to get every user to convert on day one—but this makes it with Gmail. She said the enterprise version lacks the ability to such that you can convert a good majority of your users and assign priority to messages, doesn’t support the sending of then also provide the collaborative functionality to the return receipts, offers no delegation of tasks, lacks rich-text users. The great thing about Cloud Connect is all of a sudden, e-mail signatures and presents numerous formatting issues. without any new server-side software or any upgrades to Google’s Sheth says that McCarthy is exaggerating. “I’d Offi ce, you have strong collaborative functionality versus contend a lot of those, some of those are blatantly incorrect,” having to upgrade your entire infrastructure to Offi ce 2010 Sheth says. “We do have rich-text signatures and that’s part and upgrade and implement SharePoint 2010 on the server of the platform. And for prioritization, we actually go several side to get collaborative functionality that actually isn’t on steps further than just having the end user to be able to set par with Google Docs.” priority on a message.” Microsoft’s Rizzo sees Cloud Connect differently. “I think Google’s offensive approach has Microsoft on its heels. In it’s a little bit of them waving the white fl ag,” Rizzo says. her webcast, McCarthy gave a four-pronged strategy for “When they fi rst came out, they were very aggressive competing with Google. The fi rst is to assume that Google against Offi ce. Four years ago, they said you can replace is already inside some accounts to some degree. The second Offi ce on the desktop and Google Apps is going to be that is to protect the base by nurturing relationships. The third replacement. Then they quickly backed away from that and revolves around seeking green-fi eld opportunities by selling said, ‘Maybe Google Apps isn’t a replacement for Offi ce; it the virtues of the forthcoming Offi ce 365 service. The will be a companion to Offi ce.’ Now they’re building tech- fourth and fi nal is to try to win back accounts that have nology to try and connect it together.” already defected to Google. That misses the point, Sheth responds. “That’s completely “As much as we’ve tried to compete really hard and win, incorrect,” he says of Rizzo’s retort that Google is waving we’ve defi nitely had a few losses and Google is great about the white fl ag with Cloud Connect. “I think really what talking about them in the press. But we’re really wanting to we’ve found in talking to customers is a vast majority of get super aggressive about going back after some of those users within an organization don’t need the functionality losses we’ve had to ultimately build them back into the that’s there within Microsoft Offi ce. So we believe where we Microsoft fold,” she said. “I’m so amazed at how many times are with Google Docs right now is a great solution for the I get pulled in with customers that may or may not have vast majority of users within an organization. With that heard of some of our cloud stories, may not have seen a lot said, there are users who for one reason or another want to of our offerings around [Offi ce] 2010, particularly around use Microsoft Offi ce.” some of the Web-app type of functionality.” Google’s Momentum Diff erent Approaches boasts 2,000 enterprise partners for Google Google and Microsoft have very different go-to-market Apps, a number that doubled in 2010. (Microsoft, on the strategies when it comes to the cloud. Google isn’t weighed other hand, has 16,000 Microsoft Business Productivity down by a legacy of on-premises software and, in fact, offers Online Suite, or BPOS, partners and more than 400,000 only cloud-based services. Microsoft, still relying on revenue total companies in its channel.) Some partners sell both generated by Windows and Offi ce, has a hybrid vision for Google and Microsoft offerings. Others, however, work the cloud. Redmond hopes that some users will prefer to only with Google. One such provider is Atlanta-based keep data on their desktops or in their corporate datacenters, Cloud Sherpas, which offers the Google stack and says its while others will store data in the cloud or use both models. business grew 500 percent last year.

30 | February 2011 | Redmond | “There are lots of wins to be had,” says Mike Cohn, Cloud goes a long way,” says Tim Wessels of Oort Cloud Computing, Sherpas founder and VP of Product Management and a New England-based consultancy to small and midsize Marketing. “These are sizeable opportunities. We’re taking businesses. “My needs are pretty standard and Google Apps out Microsoft Exchange; we’re taking out Lotus Notes, works well enough. I like the recent release of a Google we’re taking out GroupWise.” ‘connector’ [the aforementioned Cloud Connect] to Google has spun 60 of its apps into Google Apps for Microsoft Offi ce, which allows Microsoft Offi ce users to Business, including Google Voice, Analytics, Adwords and save their fi les in native format to Google Apps.” Picasa. “For $50, you get a complete messaging and collabo- Wessels continues: “Unfortunately, Microsoft’s C-suite ration solution from Google. When you start looking at the execs haven’t given up on selling licenses for premises-based entire suite of offerings, you still really can’t compare the software like Offi ce despite being warned by the retiring two; you get a tremendous amount of value from Google,” Ray Ozzie that they should give it up. If you look carefully Cohn says. at BPOS, aka Offi ce 365, you’ll see that it’s tied at the apron Like many Google partners, Cloud Sherpas offers strings to a copy of Offi ce installed on a PC or laptop or data-migration services and its own custom-designed netbook. Offi ce 365 is a case of Microsoft talking the talk management console. The company also develops both but not walking the walk when it comes to SaaS [Software as systems-management and line-of-business applications for a Service]. And at up to $24 per user per month, Offi ce 365 customers using Google App Script running on the Google will be an additional $288 per year over and above a license App Engine cloud platform. for Offi ce 2010. No bargain here, but if you can’t live without it, “We’re playing here in a big way,” Cohn says. “In fact, we’ve then you have no choice but to pay the price.” got a number of customers that have come to us essentially to Other customers, though, fl at out fear Google. “Yes, I use help them write applications on App Engine, and it goes beyond on Web sites for my clients—but I just just applications. It’s also intranet, so when we combine Google wouldn’t trust them with any of my data,” says Bernie Sites—which is Google’s Wiki platform—along with Google Haberer, of BH Enterprises of East Lake Inc. “I just have App Engine, we have a winning combination for building this gut feeling that Google is becoming the ‘evil empire’— robust intranet and applications for our customers.” worse than anything all the Microsoft haters hate.” Best of Both Worlds The Bottom Line Some partners that are bullish on Google also offer The year 2011 will be critical for the Google enterprise Microsoft BPOS, which will morph into Offi ce 365 this cloud effort. It’s taking on not only the Microsoft hybrid summer. Offi ce 365 will consist of Exchange Online, Offi ce cloud strategy, but also Redmond’s dominance in the OS and Web Apps and Lync Online, the Microsoft unifi ed server markets. But Google, with its pure-cloud approach, is communications (UC) offering that allows users to control a challenger the likes of which Microsoft has never seen their telephone systems. before, and the cloud is a whole new battle for everybody Microsoft Offi ce Plus, meanwhile, will offer the rich involved. Competition will be tough, but it might also Offi ce desktop but will work in the cloud as well. Microsoft produce positive results for users. is under pressure to deliver Offi ce 365 as soon as possible. Safoian, of SADA Systems, says the cloud rivalry is a The forthcoming offering will allow Offi ce 2010 users to benefi t to the industry. “It’s great to see the evolution of share native documents in the cloud as well as access them these platforms; we feel the competition is great. It’s healthy via browser or phone. Offi ce 365 will be available in SKUs for the market, and in the end it means that customers win,” targeted at small businesses, enterprises and educational he says. “They get the right tools at the right price point, institutions, and will provide business-grade e-mail and and we think it’s healthy for the market that Google is there collaboration with features such as the ability to federate pushing the envelope in the browser and that Microsoft is calendars among organizations. there innovating as fast as it can.” Tony Safoian, president and CEO of North Hollywood, Calif.-based SADA Systems Inc., works with both Microsoft Jeffrey Schwartz is editor at large for Redmond. and Google in the cloud. “Google is very much focused on Jeff says: enabling tools and features and functionality all in the Google has some compelling off erings that could give Microsoft a run browser. Microsoft’s focus has been allowing a lot of for its money. If Chrome OS and Google functionality in the browser, but full functionality enabled Apps catch on with students and younger through the use of Microsoft Offi ce suite on the desktop,” users, Microsoft may have a problem in Safoian says. “[Microsoft has] more of a desktop-dependent the future. Nonetheless, I’m not ready to vision of cloud versus a fully browser-immersed vision of write off Windows, Offi ce, Exchange and SharePoint, and the forthcoming cloud, and I think that’s the basis for the rest of the Microsoft Offi ce 365 should address those who want to differentiation that we see.” move to the cloud. On the other hand, it appears Google Google customers like the low price tag of Google Apps is in this for the long haul, and the company has an and are happy with its limited functionality. “Personally, I opportunity to pick up some meaningful share and help use Google Apps Premier Edition. $50 per user per year change the economics of computing.

| | Redmond | February 2011 | 31 Get Your FREE Copy of Email Archiving For Dummies®

Learn to reduce cost, minimize storge, and take control of email.

It’s not just financial companies that are subject to government records retention requirements. Most New 2nd entities are subject to one or more federal, state, or local records retention requirements. If you Edition! employ people, if you sell goods or services to the government, or if you are subject to federal civil litigation, you have retention requirements.

Email Archiving For Dummies will help you recognize those retention requirements you

515 Ellis St. are subject to and suggest ways to meet your Mountain View, CA 94043 obligations. Request your free copy today.

©2010 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks and registered trademarks are property of their respective owners.

Untitled-2 1 12/13/10 1:24 PM IT Graduates Find Diffi cult Job Market

The class of 2010 struggled to get a foothold, and the challenges facing the class of 2011 could be just as diffi cult. But new IT pros and veterans alike can forge careers if they take

the right steps. By Paul Korzeniowski

n the fall of 2006, wide-eyed, vibrant adolescents pushed the U.S. economy into its deepest recession since descended upon campuses across the country in hopes the Great Depression. The stock market fell by 50 percent, of gaining the skills needed to start carving them- and housing prices dropped by 20 percent. The net worth of Iselves career paths upon graduation. At the time, American households declined from $63.7 trillion in January Facebook founders were trying to determine how to spend 2008 to $51.5 trillion in January 2009, a decrease of $11.2 the $27.5 million they had raised from venture capitalists, trillion, or 18 percent. with the goal of reaching the 10 million mark in users later A ripple effect occurred: Companies tightened their purse that year. Microsoft Chairman Bill Gates had announced strings, new projects were put on hold, employees were let that he would be transitioning from full-time work at the go and turbulence ensued. “There’s no doubt that 2009 was company to full-time work at the Bill and Melinda Gates a diffi cult, diffi cult year for the IT industry,” says John Foundation. Jack Dorsey, Isaac “Biz” Stone and Evan Challenger, CEO at Challenger, Gray & Christmas, an Williams were working at podcasting company Odeo and outplacement consulting fi rm. “Many IT graduates simply kicking around ideas for a new company, which eventually could not fi nd work.” became known as Twitter. As the 2010 graduates polished their resumes, they Dramatic change has long been a mantra in the IT encountered a job market in fl ux. The financial maelstrom industry, but it’s unlikely that anyone foresaw the changes had ebbed, and the quick, dramatic cuts companies made to that last year’s graduates would face as they entered their IT budgets in 2009 had subsided. However, residue from the senior year. The fi nancial meltdown in the fall of 2008 downturn was still evident. Salaries remained at best fl at in

IMAGES FROM SHUTTERSTOCK | | Redmond | February 2011 | 33 IT Jobs

2010, and job creation remains a volatile issue. Allison Nawoj, our job listings dropped by 45 percent,” notes Tom Silver, corporate communications manager at CareerBuilder, says senior vice president, North America, for, a Web that companies seem positive about the future. Still, they site serving technology and engineering professionals and were and are a bit skittish about adding new employees, companies searching for such individuals. The end result was which makes it especially diffi cult for recent graduates to that fewer openings were available to students searching for fi nd work. Though better than 2009, 2010 was not as entry-level work in the spring and summer of 2009. In 2009, welcoming a job market as IT graduates have found in the 43 percent of employers planned to hire recent college grad- past. While there’s some optimism for 2011, unemployment uates, down from 56 percent in 2008 and 79 percent in 2007, remains high and tension persists regarding the outlook for according to CareerBuilder’s Annual College Job Forecast. jobs. The IT class of 2011 will likely face many of the For the industry overall, research fi rm Janco Associates challenges that the class of 2010 encountered. Inc. found that the IT employment picture in 2010 wasn’t much better. In October, Janco found in data from the Declining Fortunes Bureau of Labor Statistics a 0.66 percent drop in IT So how bad has the economic downturn been for the IT employment compared to the year before. In a statement, industry? Market research fi rm Gartner Inc. found that the company offered ominous news: “In subsequent follow-up 2009 was the worst year ever—even worse than the dotcom interviews with CIOs and CEOs at a number of large fi rms, bust. In 2009 IT spending declined 5.2 percent worldwide. the consensus is that the recession is not over and that According to the U.S. Department of Labor, IT employment budgets for 2011, which had assumed a marked improve- peaked in the fall of 2008, when more than 4 million indi- ment in the economic climate, will need to be revisited and viduals held jobs in IT departments. possibly reduced.” After the fi nancial meltdown, those numbers dropped by Those who were fortunate enough to be hired in the last more than 10 percent as companies quickly let employees go couple of years found a dour workplace. reported a and banished new projects to the backburner. “In June 2009, 1 percent average pay increase for IT professionals (the

Top 10 Cities for IT Professionals located in the city are considered startup businesses. By Chris Paoli Although the cost of living in the city may be a bit high compared to other entries on our list, it does have an o you’ve spent the money, time and eff ort to average IT base salary of almost $100,000. become an expert on anything IT. Now where do Notable Employers: Hewlett-Packard Co., you go? Using the Redmond 2010 Salary Survey Inc., Twitter, Wells Fargo Sfor reference, factoring in lists from publications such as Forbes, Marketwatch and Kiplinger, and then 8. Boulder, Colo. sticking all applicable data into some sophisticated This is a great location for those making their living behind a algorithms created specifi cally for this list, we’ve narrowed computer screen who also love to spend their free hours down the top U.S. cities to relocate to—for those both just outdoors. While Boulder may be nestled at the base of the starting their careers and those who are looking for a Rockies, this isn’t a quiet mountain town. Forbes has it as one change. And we’ve also taken into account that, once your of its 10 best cities to live in the next decade due to its scien- nine-to-fi ve is over, you’ll still have to live there. tifi c and environmental business community. And both IBM Corp. and Microsoft have strong ties in the Colorado town. 10. Baltimore, Md. Notable Employers: IBM, Ball Aerospace & Technologies Baltimore’s economy has shifted away from its heavy Corp., Level 3 Communications LLC, National Center for manufacturing roots to be a leader in the service-oriented Atmospheric Research market. While much attention is paid to its biotechnology park, with John Hopkins Hospital and John Hopkins 7. Hartford, Conn. University being the largest of the city’s employers, it’s It may not be the biggest city on our list—it’s not even the also home to six Fortune 1,000 companies. And these biggest city in Connecticut. But for those in the insurance companies pay well; Baltimore cracks our top-10 list game, there’s no place bigger than Hartford. And you thanks to it having one of the highest IT base salaries of know what insurance companies need? IT maintenance any major metro area in the ($81,261, and support. There’s also a strong showing of engineering according to our 2010 Salary Survey). and science industries in the city, which helped to land it Notable Employers: Black & Decker, Firaxis Games high on the Forbes list for best places to fi nd a job. A Inc., Sinclair Broadcast Group Inc., Erickson recent article ranked Hartford as Retirement Communities the geekiest city in America due to its large hub of science and engineering jobs. 9. San Francisco, Calif. Notable Employers: Travelers, Co. Inc., Moving to San Francisco just to say your home team won United Technologies Corp., Xerox Corp. the World Series may not be a compelling-enough reason to transfer. You still need to fi nd a job. And what better 6. Richmond, Va. place than the ocean-side city that’s home to the Web 2.0 For the past few years in a row, Marketwatch has ranked boom. It’s also a great place to get in on the ground fl oor Richmond high on its list of top places for business. And it’s of a new company—85 percent of fi rms and companies no wonder: With a handful of Fortune 500 companies

34 | February 2011 | Redmond | | average salary being $78,845) in 2009. Janco’s 2010 data was somewhat more encouraging, but not much: “Overall com- pensation for all IT professionals has shown a slight increase “There’s no doubt from $77,690 to $78,210; however, the study shows that there that 2009 was a was a 13 percent decrease in the number of employees receiving personal performance bonuses and a 7 percent decrease in diffi cult, diffi cult those receiving enterprise-based performance bonuses,” the year for the IT fi rm said in a statement. Grumbling became quite common industry. Many IT in many company datacenters: found that close to half (47 percent) of all IT employees said their employers graduates simply were doing nothing to keep them motivated. could not fi nd work.” John Challenger, CEO, Bright Spots and Opportunities Challenger, Gray & Christmas Yet even during the downturn, there were a few silver linings among the dark clouds. While the national unemployment rate was in the 10 percent range, it was about half that in the IT space. along. Hiring growth was also seen in vertical market seg- Dave Willmer, the executive director of Robert Half ments, such as health care and the federal government. In Technology, an IT staffi ng provider, noted that even during fact, reported that technology pros in the govern- the worst of times, unemployment was less than 2 percent ment and defense sector enjoyed a 4.4 percent average salary for database administrators and business intelligence increase in 2009—nearly equal to the previous year’s 4.6 analysts. In addition, demand for individuals familiar with percent salary surge. In 2009, Washington, D.C., area IT mobile and social networking technology continued to hum workers’ salaries averaged $89,014, making it one of the

calling the Virginia city home, it’s a great place to get your for the young professional looking to have an adventure career started or to reinvent yourself. Thanks to the large in the city that never sleeps. That also means that IT amount of government jobs, IT pros in Richmond bring support can never sleep. home some of the highest-average salaries in the country. Notable Employers: Citigroup Inc., Verizon Wireless, Notable Employers: U.S. Government, Dominion Resources, Time Warner Cable Inc., American Express Co. MeadWestvaco Corp., CarMax Business Services LLC 2. Washington, D.C. 5. Austin, Texas Surprisingly, Washington, D.C., has weathered the rocky Austin has blossomed into a hub for Web startups and economic times and boasts one of the lowest unemploy- new music in the recent past. And with its annual South ment rates in the nation. Why? Congress needs tech by Southwest festival, you get a heaping helping of both, support. Even if a cushy government job isn’t for you, the making this the perfect settling grounds for the too-cool- area features a plethora of private tech companies. This for-school young professional. Forbes agrees: It has this city tops the Forbes list for the best place to fi nd a job, city, dubbed the second Silicon Valley, as one of the best holds the No. 1 position for best place to live for young places to live for young professionals. professionals and has the second-highest IT base salary Notable Employers: Dell Inc., Freescale Semiconductor ($112,501) in our salary survey. Inc., Cisco Systems Inc., Intel Corp. Notable Employers: Intellimar Inc., iDirect Technologies, Liquidity Services Inc., U.S. Government 4. Boston, Mass. Most of the time, talent goes to where the jobs are. In 1. San Jose, Calif. Boston’s case, the jobs go where the talent is. High-tech While many of our entries, including Austin and New York industries thrive in the Massachusetts town, thanks to the City, are becoming known as the next Silicon Valley, they readily available talent pool from the local prestigious aren’t the Silicon Valley. You’d be hard-pressed to fi nd a colleges and universities. Even if you didn’t go to one of U.S. area that has a higher concentration of computing, the big-name schools, you can always fake a Boston engineering and other high-tech jobs, as San Jose accent, cheer for the Pats and blend in with the rest of employs more than one-quarter of a million people in the the IT community. technology sector. If a company is a player in the Notable Employers: Liberty Mutual Insurance Co., applied-sciences market, it more than likely has a strong Raytheon Co., Rockstar New England, EMC Corp. showing in San Jose and the surrounding region. If you have the talent, this is the place to go. And San Jose pays 3. New York City, N.Y. well—topping all other major U.S. cities with an average As a hub for several transatlantic fi ber optic lines, one of IT base salary of $114,450 a year. New York’s economic staples is in the technology sector. Notable Employers: Cisco Systems Inc., IBM, Brocade Many startup and established companies make their Communications Systems Inc., eBay Inc. bread and butter in the software development, Internet services and biotechnology fi elds. While this busy city Chris Paoli is the associate Web editor for the 1105 Enterprise may not be the ideal location to raise a family, it’s perfect Computing Group.

| | Redmond | February 2011 | 35 IT Jobs nation’s most-attractive cities for IT pros. These few bright Challenger of Challenger, Gray & Christmas. The newbies spots stood out from the overall gloomy picture. could also fi nd themselves battling with other young people who received their diplomas within the last fi ve years, had Uptick in Hiring jobs and found themselves back in the labor pool once the Other positive indicators emerged more clearly later in 2009 recession hit. The outlook is very much the same, if not and early in 2010. worse, for inexperienced graduates who are preparing to “At the end of 2009 and in early 2010, the economy saw walk the stage this spring. increases in the hiring of part-time workers and manufac- As graduates hone their job search strategies, they need to turing employees,” says Mark Roberts, CEO at TechServe determine which positions have the best short-term and Alliance, an IT services industry group that analyzes unem- long-term potential—and so do current IT workers. “Social ployment data. “Traditionally, such changes are precursors media skills represent an area of high growth,” notes to an overall increase in employment numbers.” In early CareerBuilder’s Nawoj. The company found that nearly one 2010, companies seemed to be loosening up the purse in 10 employers (about 9 percent) planned to hire a new employee to focus on social media as of the second quarter of 2010. An additional 13 percent expected to add social media management to current employees’ responsibilities. Other skills gaining interest include wireless and mobility; for example, many companies are looking for programmers who can develop applications for the Apple iPhone. Cloud computing and virtualization are two other areas where corporations are trying to gain additional expertise. Lutz Ziob, general manager of Microsoft Learning, encourages those interested in pursuing IT jobs to hone their skills in networking, virtualization and anything related to the cloud. Aspiring IT professionals should also look at developing programming skills. Security is another hotspot. Also, there’s a growing need for those with both programming and design skills. “There’s a growing demand for people who have a graphical user experience kind of thinking to be

Keeping Your Skills Current OBOL programmers were once in high demand, but now they sit idly by the phone hoping it will Cring. IT skills, perhaps more than those in any strings somewhat. CareerBuilder found that 23 percent of other industry, are perishable commodities. Technologies employers increased their full-time permanent staff in the emerge, rise and disappear in a couple of years. As a result, it’s imperative that IT professionals keep current fi rst quarter of 2010. This number is up from 13 percent in with the latest trends. But how can they do that? the same period in 2009 and up from 20 percent from the Opening the lines of communication is one way. fourth quarter of 2009. As a result, IT employment grew by “Individuals need to ask the IT manager to put on new 11,000 jobs in January of last year and 14,000 jobs in February, projects where they can develop their skills,” says Tom which marked the strongest month-to-month gains since Silver, senior VP, North America, for Some- times, managers think employees are comfortable in 2008, according to TechServe Alliance. An uptick was also their current positions and don’t want to change. evident in college hiring. CareerBuilder found that one in Training is important as well. Individuals should try to fi ve employers (21 percent) who were hiring recent college make it to trade shows or industry conferences so that graduates said they’d hire more than they did last year, and they can gauge the latest trends. In addition, there’s a 16 percent also reported that they’d offer higher starting wide and ever-growing array of certifi cation programs. Companies such as CBT Direct, Dice Learning, salaries than they did in 2009. and the University of Phoenix off er various classes, usually online, where IT profes- Bumpy Recovery sionals can gain new skills. Still, the job market last year fell short of utopia for the class Corporations often include such training as part of of 2010. Rather than a smooth transition, the recovery has their budgets. If a company isn’t willing to underwrite such investments, it’s still important for IT pros to keep been a bit bumpy. The job increases in January and February their skills up-to-date. “There’s tremendous competi- of last year, for instance, were followed by a slight dip in tion for IT positions now, so employees have to make March. Competition for new positions continues to be sure they have skill sets that will attract employers,” fi erce. Young graduates “could end up vying with [other concludes Mark Roberts, CEO at TechServe Alliance. —P.K. recent] graduates, who still may not have found work,” notes

36 | February 2011 | Redmond | | able to work with IT pros and developers, and we’re trying Microsoft certifi cations were part of three of those: Microsoft to facilitate that,” Ziob says. Certifi ed Systems Engineer was second; Microsoft Certifi ed Professional was sixth and Microsoft Certifi ed Systems Where to Go Administrator was eighth. If entry-level IT workers possessed such skills, where might How graduates go about the job search has been changing they fi nd employment? says that the top areas for because of the emergence of online job sites, such as IT hiring are Philadelphia, New York-New Jersey, CareerBuilder, and, which have Washington, D.C.-Baltimore, Silicon Valley and Los Angeles enabled companies to broaden the reach of their searches. (see “Top 10 Cities for IT Professionals,” p. 34). In fact, in 2010, job postings were up 40 percent or more from 2009 in Silicon Valley and New York, according to CareerBuilder teamed with and found that the top fi ve cities for recent graduates are Indianapolis, Philadelphia, Baltimore, Cincinnati and Cleveland. (The company’s criteria included the highest concentrations of young adults ages 20 to 24, inventory of jobs requiring less than one year of experience, and the average cost of rent for a one-bedroom apartment.) What can a recent or expectant graduate anticipate in terms of pay? Salaries for entry-level programming posi- tions average $43,000, according to, but there is

It’s now common for a company to have thousands of respondents to a job posting. Consequently, it’s important for an applicant to develop a résumé that will catch a poten- tial suitor’s eye. The online job sites offer various résumé polishing tips and services that can help individuals present themselves in the best light. Another hurdle newbies must clear is their lack of experience. Graduates need to be creative and show how what they’ve done in school or in a particular class corresponds to skill sets that companies desire. Social networking sites, such as and LinkedIn, can help individuals broaden their bases of contacts. “Landing a job is usually as much about personal relationships as it is a person’s skill set,” Challenger says. Social networking sites some variance in the numbers. A degree in computer science could help someone fi nd a connection that he may not know from a prestigious university boosts a person’s salary sub- about and provide that person with a needed introduction. stantially. Carnegie Mellon University (CMU) has about Job seekers need to be creative in the current employment 140 graduates from its IT program, and their average climate. The soon-to-be graduates of 2011 are entering a starting salary is $76,000. “Companies such as Apple, market that looks better than it did back in 2009, but one Google and Microsoft, along with dozens of others, hire our that’s likely more diffi cult than they envisioned when they graduates,” says Mark Stehlik, assistant dean for undergrad- decided to major in computer science. uate education at CMU. “To get into the IT space, graduates will need to be fl ex- Once they gain entry into the IT market, individuals may ible,” concludes Robert Half Technology’s Willmer. “They want to develop expertise that will earn them more money. may have a dream job but may have to sacrifi ce items, such Topping’s salary list are Advanced Business as job title, location or salary, in order to get their foot in Application Programming (ABAP) at $115,916, followed by the door.” service-oriented architecture (SOA) at $107,827 and extract, transform and load (ETL) at $105,844. Janco notes signifi - Paul Korzeniowski is a freelance writer base in Sudbury, Mass. cant job growth in system design and IT services, as well. He’s been covering various IT issues for more than two decades. Certifi cation programs also remain attractive to employers. Redmond Executive Editor of Features Lee Pender and Editor at In March 2010, listed 10 positions in demand, and Large Jeffrey Schwartz contributed to this story.

| | Redmond | February 2011 | 37 Simplified identity and access management is within your grasp. Quest® One Identity Solution’s revolutionary approach reduces multiple user identities, strengthens authentication and streamlines management – without adding infrastructure. Our solutions work across all systems and applications, giving you consistent identity and access management. Say goodbye to confused users, a disgruntled help desk and security breaches with Quest One. Overcome your identity crisis. Get a free custom analysis and recommendations from Aberdeen research at Just another way that Quest Software is “Simplicity at Work.”

© 2011 Quest Software, Inc. ALL RIGHTS RESERVED. Quest, Quest Software and the Quest Software logo are registered trademarks of Quest Software, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. ADW-QuestOne-Redmond-Q12011-MJ

Untitled-1 1 1/14/11 10:29 AM DFS Best Practices It’s time to ditc h File Replication Service and move completely to Distributed File System.

Here’s how to do it. By Gary Olsen

istributed File System (DFS) has been around since Windows NT and comes in a variety of confi gurations and options. While DFS is avail- Dable in standalone and domain confi gurations, this article will specifi cally discuss the domain option. DFS is a popular and effective technology that provides redun- dant replication of fi les and folders between remote servers. It can be organized under a common namespace to allow users to connect without needing the name of the server that the DFS share is hosted on. Unfortunately, at least to my knowledge, Microsoft has Legacy Windows Server never developed a comprehensive DFS best practices 2003 DFS/FRS document. This is my attempt to summarize all the best The legacy DFS in Windows 2000 and Windows 2003 practices I’ve used, learned and recommended over the used a cumbersome and confusing administrator console years. Note that new information is always posted to the and terminology, as well as the problematic FRS. With Microsoft Web site, so you should periodically check Windows 2003 now out of mainstream support by Micro- for new articles. soft, it’s time to migrate to the new DFS/DFSR available The term DFS is used to refer to the legacy namespace in Windows 2003 R2 and Windows 2008. This section product available in Windows 2000, Windows 2003 and will identify problems and best practices associated with Windows 2003 R2, and available as a legacy product in the legacy DFS and FRS. Windows 2008. DFS used the problematic File Replication Service (FRS) for the replication engine. But, in Windows Known Problems with FRS 2003 R2, Microsoft introduced a new DFS namespace product FRS has historically been fraught with problems. Windows along with a much-improved replication engine. For clarity, 2003 attempted to mitigate some of the issues but was I’ll use “legacy DFS” to refer to the legacy DFS product unable to actually fi x them. Microsoft delivered a completely available in Windows Server 2000, Windows Server 2003 and new replication engine (DFSR) for Windows 2003 R2, and Windows Server 2008. I’ll refer to the new DFS namespace Windows 2008. DFSR is described later in this article. product as DFSN and the new replication engine as DFSR. First, let’s touch upon the problems of FRS.

IMAGES FROM SHUTTERSTOCK | | Redmond | February 2011 | 39 DFS Best Practices Other best practices include: • In initiating data on DFS shares for a series of target servers, seed the data on a single share and let it replicate. Do this in smaller quantities. Adding large numbers of fi les in multiple shares at the same time will make it diffi cult for FRS to catch up. If the data exists on multiple DFS servers, add and replicate data from one server a time. That way, after the initial seeding, FRS only has to repli- cate changes. • Ensure that your antivirus, defragmentation and similar Figure 1. A typical confi guration for the legacy DFS. programs that scan fi les and folders are “FRS aware.” Most FRS detects changes via the New Technology File System well-known programs that have been around for a while will (NTFS) journal, which is modifi ed when a change is made to have this feature, which prevents the needless replication of a fi le or folder in the file system. Unfortunately, FRS can’t fi les due to scanning. detect whether the change actually requires replication. • Create multiple root targets on multiple machines for Applications that scan fi les—including antivirus, disk redundancy of data. Root targets contain confi guration data. defragmentation and other apps—typically modify the • Provide redundancy for data on shares by creating security descriptor of the fi les, which triggers a change in multiple targets for DFS links. This ensures the same data NTFS journal, which in turn triggers FRS to replicate the is continuously replicated to multiple targets, and if one fi les even though there are no changes in the . Changes target server is down, the users will be directed to another were made to FRS in Windows 2003 that minimized the server with that data. DFS uses the “client awareness” problems but did not fi x them. They included: • Suppressing excessive replication. When FRS determines that certain fi les are fre- The legacy DFS in Windows quently being replicated, an event is logged and replication is suppressed for those fi les. 2000 and Windows 2003 This prevents the staging areas from fi lling up and stopping FRS, but you could unwittingly used a cumbersome and delete valid fi les. • Not stopping when the staging area is full. confusing administrator When the staging area gets to 90 percent full, old fi les are deleted until the directory is only console and terminology. 60 percent full, thus preventing FRS shut- down. But this might delete updates you need. • Making it impossible to proactively seed data on multiple feature of Active Directory to locate DFS servers closest servers to avoid replicating large amounts of data over the to the user. WAN. Workarounds are to copy small amounts of data at a • Replication of DFS data is not required but is recom- time until you have it all copied. mended for data redundancy. Without replication, DFS provides only a common namespace for the shares. • Do not host DFS shares on domain controllers (DCs). Because SYSVOL uses DFS on DCs, it’s easier to isolate replication issues if the SYSVOL and DFS shares are not on the same server. Note that SYSVOL uses the DFS service and can’t be disabled on DCs. The point here is not to host DFS links or root targets on DCs. • Confi gure one-way FRS replication between link targets in a hub-and-spoke confi guration for best practices in con- trolling and managing data. Data created on spoke targets Figure 2. The DFSR console. won’t replicate to the hub. Best Practices Limitations of FRS and Legacy DFS Best practices for the legacy DFS/FRS revolve around the FRS replicates the entire fi le even if only a few bytes have central concept that keeping dynamically changing data on changed. There’s an approximate limit of 65GB in a share DFS shares is inherently a bad idea. The previously noted that can effectively be replicated by DFS/FRS. Exceeding problems with FRS cause it to get overwhelmed easily with this limit results in inconsistency and poor performance. large numbers of fi les and have a hard time replicating data Other limitations include: that changes frequently. It’s not recommended to use FRS • Only one DFS root per Windows 2003 Server Standard to house My Documents for users’ profi les, for example. edition (though there’s no limit with the Enterprise version).

40 | February 2011 | Redmond | | DFS service start-up time increases with the number of basis, only replicating changes in a fi le rather than replicating DFS roots. the whole fi le. For instance, changing a title on a slide in a • Limit of 5,000 links per domain-based DFS namespace. PowerPoint fi le that’s 3MB in size would cause the entire More links will cause performance degradation when 3MB fi le to be replicated by FRS for the old legacy DFS, but changes are made to DFS confi guration. DFSR would only replicate a few bytes. This can make a • Limit of 260 characters in the DFS path. Exceeding this huge difference not only in the network load but in disk will cause applications to fail to access the DFS data. Data performance, as well as in user-perceived performance of can be accessed by mapping explicitly to a drive letter. getting the change replicated. DFSR thus handles large • Domain-based DFSes can’t be confi gured on clustered amounts of data and dynamically changing data effi ciently. nodes; use standalone DFSes only. DFSR is available only in Windows Server 2003 R2 and • For multiple-domain DFS confi gurations: Windows Server 2008, and can only be used to replicate •Root targets for a domain-based DFS root must be in DFS data in Windows Server 2003 R2. But it can replicate the same domain. However, link targets can exist in DFS and SYSVOL data in Windows Server 2008 and domains other than the root. Windows Server 2008 R2. In order to use DFSR for replica- •Clients can access DFS servers in trusted domains. tion, only the DFS servers must be Windows Server 2003 •When accessing link targets in other domains from R2, Windows Server 2008 or Windows Server 2008 R2. It’s the client, use Fully Qualifi ed Domain Names not necessary to upgrade DCs. (FQDNs) for link targets. See Microsoft Knowledge Base 244380 for more information. Best Practices • FRS can be used to replicate on a DFS link whose Note that installing the new DFS/DFSR in a Windows targets are in different (trusted) domains (this 2003 domain will require a schema change. You can review requires enterprise admin rights). the DFS Replication Frequently Asked Questions (FAQ) For further reference, see the Distributed File System: page at Frequently Asked Questions page ( • Installing the new DFS/DFSR in a Windows 2003 domain will require a schema change. This will likely Signifi cant Improvements require approval from your change-control process, so plan The new DFSN and DFSR available in Windows Server in advance. 2003 R2, Windows Server 2008 and Windows Server 2008 • Replication groups are effectively used to replicate data R2 have made signifi cant improvements over the legacy from branch sites to fi le servers in the hub site, where data DFS and FRS products. DFSR replicates on a block-level can easily be stored on large SAN disks. In this scenario,

Earn up to 10 respected industry certifications with your online IT degree—at no additional cost. • Relevant Degrees AND Certifications— Fully accredited degree programs in Networking, Databases, Security, Software, and IT management Earn your that incorporate up to 10 certifications without adding classes or costs. degree and IT certs • Opportunity to Advance Quickly— A competency-based approach to education that at the same time! lets you leverage prior experience and your IT certifications to complete your degree faster. • Flexible Online Learning—Log in and learn Online. anytime, anywhere you can find the time. Programs begin the first of every month. A smarter way to reach your future can start right now!

Find out if WGU is the right non-profit university for you: 1.800.918.4830

DFS Best Practices make sure new data is only added at the remote site. If an • On each server, the number of replication groups multi- existing fi le is modifi ed at the core (hub) site, it will replicate plied by the number of replicated folders multiplied by the back to the remote sites and overwrite the fi le there. number of simultaneously active connections must be kept • Take advantage of DFSR for SYSVOL replication in to 1,024 or fewer. Windows Server 2008 and Windows Server 2008 R2, espe- • A replication group can contain up to 256 members. • A volume can contain up to 8 million replicated fi les, and a server can contain up to 1TB of replicated fi les. • The maximum tested fi le size is 64GB. • DFSR can’t communicate with FRS. For more details, see the Microsoft TechNet article on this issue at There’s also an excellent FAQ at

Figure 3. The legacy DFS component, Distributed File System. cially in large domains with large numbers of Group Policies deployed. This requires a migration, as FRS is the default replication engine for Windows Server 2008 domains. • Refer to the TechNet blog by the Microsoft Directory Services team, “DFSR SYSVOL Migration FAQ: Useful trivia that may save your follicles,” at ( • Apply these hotfi xes prior to SYSVOL migration to DFSR: Figure 4. The interface for migrating existing DFS namespaces. • 972105 • 969688 • 978326 Recommendations • 959114 Overall, my recommendations are simple: Get off of FRS. • 978994 Seriously. It’s old, junky technology that Microsoft threw • Migrate legacy DFS shares to DFSN and DFSR tech- in the dumpster years ago. It’s perhaps some of the worst nologies as Windows Server 2008 R2 begins to phase out code to come out of Redmond. Bite the bullet and migrate legacy DFS and FRS. Both will eventually go away. all DFS shares (Windows Server 2003 R2 and newer) and • Design the replication topology for replication groups SYSVOL replicas (Windows Server 2008 and newer) to prior to deployment. There are a lot of options for topology DFSR. Take advantage of the robustness and vast in DFSR that weren’t available in DFS/FRS. Be sure that performance improvements, and spend your time doing the replication method suits your fi le-deployment design. more productive things. • Monitor the state of DFSR replication. System Center With the depreciation of legacy DFS and FRS in Operations Manager contains a management pack for DFSR Windows Server 2008 R2, Microsoft is sending a message monitoring. There may be third-party tools as well. Note that that it’s time to move to better technology. There are no the old Ultrasound and Sonar tools don’t work with DFSR. downsides, in my mind. I’ve recommended migration to DFSN and DFSR to many customers who’ve asked for help Limitations fi xing DFS confi gurations. We should all quit trying to While DFSR provides more robust and effi cient replication make the old stuff work. and handles dynamic data quite well, it’s important to understand the scalability limitations for DFSR when planning Gary L. Olsen is a systems software engineer in the Hewlett- a DFS infrastructure. Replication groups can be defi ned Packard Co. Worldwide Technical Expert Center for HP Services independently of DFS namespace confi guration. One is not in Atlanta, Ga. He’s worked in the IT industry since 1981. Olsen dependent on the other. Note the following limitations: is a Microsoft MVP for Directory Services and president of the • Each server can be a member of up to 256 replication groups. Atlanta Active Directory Users Group. He’s the author of • Each replication group can have up to 256 replicated folders. “Windows 2000: Active Directory Design and Deployment” • Each server can have up to 256 connections (for example, (New Riders, 2000) and coauthor of “Windows 2003 on HP 128 incoming connections and 128 outgoing connections). ProLiant Servers” (Prentice Hall, 2004).

42 | February 2011 | Redmond | | STAND UP IT HERO

As you save the day behind the scenes - solving problems, optimizing services, working on the next big software installment — know that we understand your challenges big and small.

SAVE THE DAY! Join your fellow IT Heroes at TechMentor and equip yourself with DISNEY YACHT CLUB the knowledge you need to battle your everyday IT problems. MARCH 14-18, 2011 TechMentor. Unleash the IT Hero in you ORLANDO, FL View complete agenda and register at:

Untitled-1 1 1/13/11 2:56 PM DecisionMaker by Don Jones Why Role-Based Access Management Is Hard

hese days, we’re constantly hearing about role-based through an automated layer that uses them as a means of implementing RBA. access management. The theory is that instead of It works something like this: Someone T from Human Resources puts a new putting your users into groups, you put them into user into the “Inside Salespeople” role. roles, which correspond to their actual job titles. Magically, The RBA-management layer has been told what user groups (and other their role memberships get them access to all the fi les, implementation mechanisms) comprise that role, and so it adds the user into folders, databases, mailboxes and whatnot access Bob has. Usually, Bob’s a those groups. If the user is removed that they need. member of numerous user groups, so from that role in the future, he comes I’ve recently had some spirited con- you have to start duplicating those out of those groups, too. But this isn’t versations with consulting clients who memberships. This is not RBA. With just Windows user groups: A good don’t entirely understand the complexity true RBA: RBA system is also cross-platform, of role-based access (RBA), and who 1. You need zero awareness of the meaning the user might also be added insist that role is just another word for underlying permissions mechanisms to SAP R/3 groups, Oracle groups and the native groups in Windows. Nothing, in order to put the person into the other security implementation mecha- unfortunately, could be further from correct role. nisms. That’s the real key here: You’re the truth. 2. The people who control permissions abstracting the implementation of the Sure, you could create a domain secu- (for example, administrators) don’t security away from the business layer. rity group named “Inside Salespeople,” necessarily need to have any control But doing RBA isn’t the hard part. which corresponds to a job role. That over role membership. The hard part of RBA is deploying it. might even make a convenient e-mail That second point is important That’s because fi rst you have to defi ne distribution list, killing two birds with because it represents a separation of job roles, and then fi gure out what one stone. And provided the only duties. An admin might modify a user resources each one needs permissions resources they’ll need access to are fi les, group’s membership, but he shouldn’t for. Sounds awfully diffi cult, doesn’t it? folders and perhaps SQL Server data- be able to modify a role’s membership. Figuring out every little thing each job bases, you might well have achieved That right there tells us that user title has access to? The solution is in RBA—if all of those resources are groups alone don’t constitute RBA. fi nding an RBA-management layer within a single domain or within fully The sad fact is that Windows does not than can help with this deployment trusting domains. And if you completely support RBA natively. Even in the step. As I noted, RBA is easy from a trust your administrators. That’s a lot of smallest environments where groups software-programming perspective. caveats—and it’s why user groups don’t might be aligned directly to roles, you Getting tools that can help inventory constitute role-based administration. still can’t achieve the separation of your current permissions and map that Groups are a technical implementation, duties necessary to make RBA happen. into roles—that’s the tricky bit, and whereas RBA is a logical, policy-based In order to achieve true RBA, you’re there’s where you’ll be evaluating element of your network. Think about going to need a third-party product of potential vendors for RBA products. it for a second, and you’ll know it’s some kind that adds an additional layer true. What happens when someone to your security infrastructure. You’ll Don Jones is a senior partner and principal new joins your organization? One of the defi ne your roles in that product, and technologist at Concentrated Technology. fi rst questions anyone asks is, “What that product may well utilize user Contact him through the company’s Web access do they need?” The answer is groups as a means of granting the site at Jones will be usually, “The same access as Bob”—or necessary permissions. In other words, speaking at TechMentor Spring 2011 in Joe or whoever else is in a similar posi- user groups remain an implementation Orlando; more information is available at tion. Then you have to fi gure out what mechanism—but they’re managed


You may not have a corner office but you are the IT Hero. From servers to printers, performance to capacity, you know your network. It may not be glamorous but without you it just wouldn’t work.

Keep it working. Conquer your everyday IT challenges. Rely on us for the in-depth training you need to get the job done. TechMentor. Unleash the IT Hero in you.

View complete agenda and register at:

Untitled-1 1 1/4/11 1:14 PM WindowsInsider by Greg Shields Make Sure You’re Compliant

s I travel the country presenting and consulting on “The rights to run the four instances are assigned to the licensed server, and virtualization topics, I’m constantly bombarded all the instances can run only on the A licensed server … You may not move with questions about Hyper-V licensing. With a your rights to run [for example] an Hyper-V host being the same Windows Server as the guests additional two instances to another server. However, if you have another it runs, you can imagine the diffi culty in fi guring out exactly server that’s licensed for Windows Server what you need to license to ensure compliance. 2008 R2 Enterprise or Datacenter, you may move the two workloads to that server and run them on that server That’s why, not long ago, I dug deep such as Windows Failover Clustering. provided that by running the additional into the Hyper-V licensing language to It’s horribly named because Hyper-V instances you do not exceed the get the real scoop. While I’m no con- and Hyper-V Server sound like the licensed capacity of the new server (one tract lawyer, I found myself surprised same thing. They’re not. Hyper-V with Windows Server Standard, four by a few of the licensing terms even I Server is free, so you can use it wherever with Windows Server 2008 R2 wasn’t aware of. Read on for the short you like. That said, always remember Enterprise, and unlimited with list of those terms that could bite you that you’ll need appropriate licensing Windows Server 2008 R2 Datacenter).” in your next licensing audit. for every VM you run on top. Wow. To me, this means once you’ve First up is the question about Client exhausted your fi rst four instances, Access Licenses (CALs) for Hyper-V The Fine Print every additional VM requires addi- hosts and guests. You already know that A third realization shocked me when tional licensing. That same FAQ page CALs are required for every client that researching the much-ballyhooed continues with the statement: “If you connects to a Windows server and makes Microsoft “four-for-one” deal. want to run a fi fth instance in a virtual use of its services. What I didn’t know, Microsoft licensing language allows operating system environment, you however, is that Windows Server 2008 for four additional virtual OS instances must acquire and assign an additional R2 CALs are in fact not required for to run atop every physical instance of license to that server.” Hyper-V host computers—the computers Windows Server 2008 or Windows The moral of this story is “don’t that run Hyper-V virtual machines Server 2008 R2 Enterprise Edition. assume.” While Microsoft’s freebie (VMs). Any VMs running on top of that This buy-one-get-four-free language deals seem like an immediate win, they host obviously have a CAL requirement, but if your Hyper-V host is simply that Once you’ve exhausted your fi rst four instances, and nothing more, it’s safe without them. My second discovery deals less with a every additional VM requires additional licensing. licensing gotcha and more with a poor naming choice. You know that Hyper-V has been around since the release of come with some dangerous strings is a role that installs to an existing Windows Server 2008, and is a great attached that could cause you problems Windows Server 2008 or Windows bonus to shops that have invested in down the road. Server 2008 R2 instance. But you might Enterprise Edition’s step-up pricing. not be aware of the free—and horribly However, there’s a not-well-known Greg Shields is a partner and principal named—Microsoft Hyper-V Server restriction on that four-for-one that technologist with Concentrated Technology, product. This product is free because many shops have inadvertently an IT analysis and strategic consulting fi rm. it arrives as a severely limited version ignored. Quoting from the Microsoft Contact him at See of Windows Server Core Edition that’s Windows Server 2008 R2 Licensing Shields speak at TechMentor Spring 2011 been locked down to only run the FAQ page (, in Orlando; more information is available Hyper-V role and associated services you’ll be surprised to know that: at

46 | February 2011 | Redmond | | AdvertisingSales RedmondResources

AD INDEX Company Page URL Argent Software, Inc. C3 Citrix Systems, Inc. 20 Dell Computer C1 Dell Computer C2-1 Esker 27 IBM Corporation 7 IBM Corporation 11 IBM Corporation 17 Idera 14 IDERA.COM/SharePointdm East SALES STAFF Tanya Egenolf Iron Mountain 32 www.ironmountain/ JD Holzgrefe Advertising Sales Associate Microsoft Corporation C4 Associate Publisher 760-722-5494 phone 804-752-7800 phone 760-722-5495 fax Netwrix Corporation 29 253-595-1976 fax [email protected] [email protected] Quest 38 IT CERTIFICATION & SpectorSoft Corp. 5 Northwest TRAINING: USA, EUROPE TechMentor Events 43, 45 www.techmentorevents Al Tiano .com/ITHERO Bruce Halldorson Ultrabac Software 2 Advertising Sales Manager Northwestern 818-814-5227 phone Vision Solutions, Inc. 13 Regional Sales Manager 818-734-1529 fax Western Governors University 41 209-333-2299 phone [email protected] 209-729-5855 fax [email protected] PRODUCTION EDITORIAL INDEX Jenny Company Page URL Other Hernandez-Asandas Acer Inc. 9, 10, 25 Director, Print Production Danna Vedder 818-814-5289 phone AMD Inc. 9 Microsoft Account Manager 818-734-1528 fax Apple Inc. 9, 25, 36 253-514-8015 phone [email protected] Asustek Computer Inc. 9 775-514-0350 fax [email protected] Jennifer Shepard Citrix Systems Inc. 25 Senior Print Production Coordinator Google Inc. 9, 18, 24, 37 818-814-5285 phone Hewlett-Packard Co. 9 818-734-1528 fax [email protected] IBM Corp. 15, 25 Intel Corp. 9 Nvidia Corp. 9 ID STATEMENT tation or use of any information contained Redmond (ISSN 1553-7560) is published herein is the reader’s sole responsibility. Oracle Corp. 15, 24, 44 monthly by 1105 Media, Inc., 9201 Oakdale While the information has been reviewed Qualcomm Inc. 9 Avenue, Ste. 101, Chatsworth, CA 91311. for accuracy, there is no guarantee that the Periodicals postage paid at Chatsworth, CA same or similar results may be achieved Red Hat Inc. 24 91311-9998, and at additional mailing offi ces. in all environments. Technical inaccuracies Reycom AG 10 Complimentary subscriptions are sent to may result from printing errors and/or new qualifying subscribers. Annual subscription developments in the industry. Samsung 9, 25 rates payable in U.S. funds for non-qualifi ed SAP AG 44 subscribers are: U.S. $39.95, International CORPORATE ADDRESS $64.95. Subscription inquiries, back issue 1105 Media Sentrigo Inc. 15 requests, and address changes: Mail to: 9201 Oakdale Ave. Ste 101, Redmond, P.O. Box 2166, Skokie, IL 60076- Chatsworth, CA 91311 Texas Instruments Inc. 9 7866, email [email protected] Verizon Wireless 25 or call (866) 293-3194 for U.S. & Canada; (847) 763-9560 for International, fax (847) MEDIA KITS Foley: Microsoft Has Confl icts in the Cloud 763-9564. POSTMASTER: Send address Direct your Media Kit requests to JUNE 2010 VOL. 16 NO. 6 REDMONDMAG.COM

Foley: How Will Microsoft vs. Linux End? changes to Redmond, P.O. Box 2166, Skokie, Matt Morollo, VP Publishing, APRIL 2010 VOL. 16 NO. 4 REDMONDMAG.COM IL 60076-7866. Canada Publications Mail 508-532-1418 (phone), 508-875-6622 (fax), Agreement No: 40612608. Return Undeliv- [email protected] IT erable Canadian Addresses to Circulation More HELL Dept. or IMS/NJ. Attn: Returns, 310 Pater- REPRINTS Data, son Plank Road, Carlstadt, NJ 07072. For single article reprints (in minimum Less quantities of 250-500), e-prints, plaques Juice A comprehensive guide to COPYRIGHT STATEMENT and posters contact: center effi + ADFSAADDFFSS 2.0 UpsU the Ante on Cloud Security PARS International LLoLowerow Costs by Shifting SharePoint Workload © Copyright 2011 by 1105 Media, Inc. All weerr Cost +BackupBa Basics for Windows 7 rights reserved. Printed in the U.S.A. Repro- Phone: 212-221-9595 Yes, You Can Virtualize Exchange Clearing the Skies Around Windows Azure and BPOS ductions in whole or part prohibited except E-mail: [email protected] by written permission. Mail requests to “Permissions Editor,” c/o Redmond, SUBSCRIPTIONRIPTION INQUIRIES,INQUIRIES BACK ISSUE 16261 Laguna Canyon Road, Ste. 130, LIST RENTAL REQUESTS, AND ADDRESS CHANGES: Mail to: Irvine, CA 92618. This publication’s subscriber list, as well as Redmond other lists from 1105 Media, Inc., is available , P.O. Box 2166, Skokie, IL 60076-7866, LEGAL DISCLAIMER for rental. For more information, please email [email protected] or call (866) The information in this magazine has not contact our list manager, Merit Direct. 293-3194 for U.S. & Canada; (847) 763-9560 for undergone any formal testing by 1105 Phone: 914-368-1000; International, fax (847) 763-9564. Media, Inc. and is distributed without any E-mail: [email protected]; warranty expressed or implied. Implemen- Web: This index is provided as a service. The publisher assumes no liability for errors or omissions.

| | Redmond | February 2011 | 47 FoleyOnMicrosoft by Mary Jo Foley 5 Futuristic Microsoft Technologies

icrosoft execs love to brag that its researchers Orleans Today, the Microsoft programming invented the technology that made Kinect and model for the cloud is .NET. At some M point in the future, it may become Windows Phone 7 possible—but there’s more than Orleans. Orleans is a project in the consumer technologies coming out of Microsoft Research Microsoft eXtreme Computing Group, which is chartered with research and (MSR). There are projects that could few years ago. One of these is SafeOS, development “on the cutting edge of well drive whatever OS and browser also known as Verve. ultrafast computing.” A prototype of succeed Windows and Internet Explorer. Verve is about building an OS stack Orleans exists and a few other MSR Not just that, MSR is also building with verifi able and type-safe managed projects, like the Horton online-query leading-edge frameworks, tools and code. That stack includes a nucleus for execution tool, are built on Orleans. infrastructure for cloud computing. accessing hardware and memory, a Orleans has three main components: And in virtualization, MSR is kernel for building services on the The programming model, the pro- experimenting with new and improved nucleus and applications that run on gramming language and tools, and a programming languages and tools. top of the kernel. runtime system. Orleans uses standard Microsoft’s pat answer, when asked Type safety and improved garbage .NET-based languages (currently only about MSR projects, is that there’s no collection are the focus of two other C#) with custom attributes, according guarantee if or even when they’ll be Microsoft projects—“Redhawk” and to the Web site. commercialized. I’ve found most recent “MinSafe”—both of which were pre- MSR projects to be anything but cursors to the Midori distributed OS XAX research for research’s sake. Here are incubation, according to my sources. XAX, at its simplest description, is a fi ve I’m currently watching like a hawk. Microsoft offi cials repeatedly declined browser plug-in. It allows users to safely comment on Redhawk or MinSafe, but run x86-native code as a browser Codebook from what I hear, the efforts focus on a extension, using “PicoProcesses,” a Codebook brings social networking to a managed-code execution environment micro-virtualization framework. Appli- new audience: software developers. that’s lightweight and appealing to cations are sandboxed, making XAX Codebook connects “artifacts” and developers put off by the overhead of akin to ActiveX, but actually secure, as people in software repositories. It’s the current CLR, which is at the heart one of my contacts explained. different from the Microsoft Team of the Microsoft .NET Framework. XAX relies on both application and Foundation Server collaboration plat- system virtualization. Parts of applica- form, though I could see it becoming an ServiceOS tions and system components work in a adjunct. MSR built a social search ServiceOS, in spite of its name, is hardware virtual machine (VM). portal, “WHoseIsThat,” using the more browser than OS. It’s the newest Applications reside in PicoProcesses, Codebook framework. name for the MSR projects formerly which are in VMs. Interestingly, XAX “We improve the search experience in known as “Gazelle” and “MashupOS.” is OS- and tool-independent. Maybe it two ways: fi rst, we search across mul- ServiceOS aims to tighten security by could end up plugging in one day to tiple software repositories at once with isolating the browser from the OS. ServiceOS/Verve? a single query; second, we return not According to a note on the MSR site, just a list of artifacts in the results, but there are some defi nite and fairly near- Mary Jo Foley ([email protected]) also engineers,” researchers explain. term commercial goals for ServiceOS. is editor of the ZDNet All About Microsoft “The ServiceOS project aims to address blog and has been covering Microsoft for SafeOS/Verve many challenges faced by our Windows about two decades. Her book, “Microsoft There are many MSR OS projects that Phone platform, post-Windows 8 plat- 2.0” (John Wiley & Sons, 2008), looks evolved from Singularity, a microkernel, form, the browser platform and Offi ce at what’s next for Microsoft in the post- non-Windows-based OS developed a platform,” according to the note. Gates era.

48 | February 2011 | Redmond | | Untitled-4 1 1/10/11 10:26 AM Untitled-4 1 12/2/10 11:33 AM