JANUARY 2013 VOL. 19 NO. 1 REDMONDMAG.COM

Get Tier 1 resiliency without experiencing the sticker shock. To learn how, turn the page.

0113red_CoverTip.indd 1 12/12/12 5:20 PM Introducing HP 3PAR StoreServ 7000 Storage. Get Tier 1 resiliency at a midrange price.

HP 3PAR StoreServ 7000 Storage, powered by Intel® Xeon® processors, delivers the agility, efficiency, and simplicity you need to grow without limits. All for a price that’s surprisingly affordable. The power of HP Converged Infrastructure is here.

To learn more about other HP storage solutions, like information protection and deduplication, see the ad on page 25 or visit hp.com/learn/convergedstorage

HP 3PAR StoreServ 7000 Storage

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Intel, the Intel logo, Xeon, and Xeon inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries.

0113red_CoverTip.indd 2 12/12/12 5:20 PM Who’s on the Short List to Succeed Ballmer?

JANUARY 2013 VOL. 19 NO. 1 REDMONDMAG.COM ADAD BLOWOUT!BLOWOUT! Group Control Dynamic Access Control in Windows Server 2012 can help IT improve fi le server security by reducing Active Directory groups. Plus: › Readies Windows Azure Active Directory › How to Set up the Right Topology › Create an Active Directory Appliance with Windows Server 2012

+ › Inside System Center 2012 SP1 › Eschewing Windows 8 Is a Misguided Strategy › Microsoft CAL Increases Take Eff ect www.netsupport-inc.com Take a product tour - Scan the QR code with your smartphone

Be anywhere, instantly and securely with NetSupport Manager Remote Control Software Multiple Device Control - Full Security & AES Encryption - Hardware / Software Inventory - Optimized File Distribution Internet Gateway - Chat / Audio - 64Bit Support - NEW Control from any iOS or Android device

Remote Control for any Platform IT teams are constantly under pressure to do ‘more with less’ - less manpower, less resources, less budget. But the support demands of the modern, dispersed business environment are greater than IT Asset Management ever.

Web-based Servicedesk With comprehensive multi-platform support for Windows®, Linux and Mac® combined with advanced system management functionality, NetSupport Manager remote control software gives helpdesk Powerful Desktop Alerting professionals the power to support more systems and users – whatever the platform, whatever the location. Desktop Security And with our new mobile control, free to download from iTunes, Google Play and the Amazon app Classroom Management for Windows store, you can now support your NetSupport-managed machines from any iOS or Android device.

Classroom Monitoring for Mac & Linux Learn more at www.netsupportmanager.com and download a free 30-day trial.

w: www.netsupport-inc.com | e: [email protected] | t: 1-888-665-0808 (toll free)

Untitled-1 1 12/3/12 11:03 AM Redmond The Independent Voice of the Microsoft IT CommunityContentsJANUARY 2013

COVER STORY REDMOND REPORT 7 New Year Brings Price Group Hikes from Microsoft Organizations hit with a Control 15 percent increase in user CAL costs. Dynamic Access Control 8 Outlook 2013: in Windows Server 2012 Predictions for IT Pros can help IT improve fi le Analysts foresee continued server authorization and enterprise technology shifts authentication by reducing in the coming year. Active Directory groups. TECHNET PRACTICAL APP Page 22 18 Active Directory Your Way The way you set up your Active Directory topography will have a direct impact on how well you’re able to organize your users and resources. COLUMNS FEATURES 4 Barney’s Rubble: 30 Inside Microsoft System Doug Barney Center 2012 SP1 Bookmarks Are Lame Improvements include extended OS compatibility, upgrades to Data Protection Manager and a boost in virtualization performance, along with support for the latest Hyper-V release.

33 Decision Maker: Don Jones REVIEWS Eschewing Windows 8 Is a Misguided IT Strategy Product Review 38 Windows Insider: 12 Acronis Shortens Greg Shields Backup Windows, Create an Active Directory Simplifi es Recovery ‘Appliance’ with Windows The new Acronis Backup Server 2012 & Recovery 11.5 is 40 Foley on Microsoft: optimized for hybrid cloud Mary Jo Foley environments and provides fl exible application support. Microsoft’s Next CEO: Who’s on the Short List? ALSO IN THIS ISSUE 2 Redmondmag.com | 6 [email protected]

COVER IMAGE FROM SHUTTERSTOCK Redmondmag.com JANUARY 2013

Redmondmag.com Keep up with the Windows Tablets Jeff rey Cloud Schwartz Forecast: Poor Be sure to check out The Schwartz arket research fi rm IDC has released Cloud Report Blog by Redmond Mits latest projections for the worldwide Executive Editor Jeff rey Schwartz, tablet market, and while overall growth is where he keeps you up-to-date on expected, the forecast for Windows-based the latest happenings in cloud devices isn’t positive. Gladys Rama reports: computing. Access all of The “Reports indicate slowing consumer device sales for Windows products, as well Schwartz Cloud Report entries at as a poor showing by Microsoft during this year’s Black Friday shopping day. Redmondmag.com/CloudReport. “According to brokerage fi rm Detwiler Fenton, part of the problem, at least Recent topics include: for the Surface, is low consumer exposure … Currently, it’s only available for purchase online and at locations—a factor that has hurt its Citrix Announces Plans to Acquire chances for commercial success, the fi rm said.” MDM Supplier Zenprise Read more about IDC’s expectations for Windows tablets and others. Citrix wants to ensure its place in Redmondmag.com/Rama120712 managing employee-owned tablets, PCs and smartphones—as well as cloud-based fi le sharing— ADTmag.com with the planned acquisition of leading mobile device management New Role for Maritz (MDM) supplier Zenprise. Redmondmag.com/Schwartz120612 ormer VMware Inc. CEO and onetime Microsoft senior exec Paul Maritz is now chief strategy offi cer at EMC Corp.—and the company has F Amazon Cloud Service—Growing Fast announced his newest role. John K. Waters reports: As Amazon’s cloud business grows, “Maritz … will lead a new corporate spin-off that will manage products from company offi cials say the economics several divisions, including its Spring line of Java products, its vFabric of off ering its services also expand, Gemfi re data management software and its Cloud Foundry Platform as a by virtue of the fact that they’re Service (PaaS). Dubbed the Pivotal Initiative, the new venture will also adding more capacity and therefore include the EMC Greenplum big data analytics group and the Pivotal Labs able to off er services at a lower cost. agile software development tools and services.” Redmondmag.com/Schwartz112912 Find out more about the new EMC organization. ADTmag.com/Waters120512

ID STATEMENT Redmond (ISSN 1553-7560) is published monthly by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offi ces. What Are Complimentary subscriptions are sent to qualifying subscribers. Annual subscription rates payable in U.S. funds for non- qualifi ed subscribers are: U.S. $39.95, International $64.95. Subscription inquiries, back issue requests, and address FindIT Codes? changes: Mail to: Redmond, P.O. Box 2166, Skokie, IL 60076-7866, email [email protected] or call (866) 293- 3194 for U.S. & Canada; (847) 763-9560 for International, fax (847) 763-9564. POSTMASTER: Send address changes What we once called FindIT to Redmond, P.O. Box 2166, Skokie, IL 60076-7866. Canada Publications Mail Agreement No: 40612608. Return Unde- liverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box 201, Richmond Hill, ON L4B 4R5, Canada. codes are now easy URLs. You’ll COPYRIGHT STATEMENT © Copyright 2013 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproductions see these embedded throughout in whole or part prohibited except by written permission. Mail requests to “Permissions Editor,” c/o Redmond, 4 Venture, Redmond so you can access any Suite 150, Irvine, CA 92618. LEGAL DISCLAIMER The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any additional information quickly. information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, Simply type in Redmondmag.com/ there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. CORPORATE ADDRESS 1105 Media, 9201 Oakdale followed by the FindIT code into Ave. Ste 101, Chatsworth, CA 91311 www.1105media.com MEDIA KITS Direct your Media Kit requests to Matt Morollo, VP your URL address fi eld. (Note that Publishing, 508-532-1418 (phone), 508-875-6622 (fax), [email protected] REPRINTS For single article reprints (in minimum quantities of 250-500), e-prints, plaques and posters contact: PARS International Phone: 212-221-9595. E- all URLs do not have any spaces, mail: [email protected]. www.magreprints.com/QuickQuote.asp LIST RENTAL This publication’s subscriber list, and they are not case-sensitive.) as well as other lists from 1105 Media, Inc., is available for rental. For more information, please contact our list manager, Merit Direct. Phone: 914-368-1000; E-mail: [email protected]; Web: www.meritdirect.com/1105

2 | January 2013 | Redmond | Redmondmag.com |

1&1 is celebrating its 25th anniversary. Over the past 25 years 1&1 has grown to become one of the world’s leading web hosts. Today, with 12 million customer contracts and 5000 employees 1&1 provides superior web hosting and server solutions to support your business. In celebration here is a gift from us to you. SAVE 80% Dual Hosting for Maximum Reliability Your website hosted across multiple servers in two different 1&1 STARTER data centers, and in two geographic locations. Package features 50 GB Webspace, Unlimited Traffi c, 10 MySQL Databases (1 GB each), Host Multiple Websites, IPv6 Ready. $ 0.99per month 1&1 Webspace Recovery (fi rst year) This tool allows you to recover website data that you have accidentally deleted with a simple click of your mouse. A $48 DOLLAR SAVINGS The 1&1 Webspace Recovery tool is easy to use through the 1&1 Control Panel.

®

1and1.com

* Offers valid for a limited time only. 12-month minimum contract term and 3-month pre-paid billing cycle apply for web hosting offer. Standard pricing applies after fi rst year. Visit www.1and1.com for billing information and full promotional offer details. Program and pricing specifi cations and availability subject to change without notice. 1&1 and the 1&1 logo are trademarks of 1&1 Internet, all other trademarks are the property of their respective owners. © 2013 1&1 Internet. All rights reserved.

Untitled-2 1 12/10/12 11:41 AM Barney’sRubble by Doug Barney Redmond THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY

REDMONDMAG.COM

JANUARY 2013 ■ VOL. 19 ■ NO. 1

Editorial Staff Editor in Chief Doug Barney Executive Editor Jeff rey Schwartz Bookmarks Are Lame Group Managing Editor Wendy Hernandez Associate Managing Editor Katrina Carrasco

Contributing Editors Mary Jo Foley Don Jones ix years ago I complained about how poorly Firefox Greg Shields

Art Staff handled bookmark functions. Right after that Creative Director, Media and Events Scott Shultz Art Director Brad Zerbel SI just happened to meet with a couple of Mozilla Senior Graphic Designer Alan Tao Production Staff Director, Print Production Jenny Hernandez-Asandas gurus, and I fl oated the idea of actually bringing some kind Print Production Coordinator Anna Lyn Bayaua

Online/Digital Media of rationale to bookmarks. I was talking learning? Why, after so many browser Online News Editor Kurt Mackie about having a logically categorized versions ( is nearly up Executive Editor, New Media Michael Domingo Senior Director, history of searches and bookmarks, to version 10), are they so random, and Online Media & Events Becky Nagel Associate Web Editor Chris Paoli one that could be gone back to and handled so poorly? Site Administrator Shane Lee shared with others. All we really had I can’t for the life of me see any true Designer Rodrigo Muñoz were folders and the ability to sort by browser advances since Netscape. Advertising and Sales Group Publisher Dan LaBianca name. Big whoop! Video is easy and social networking is Associate Publisher, Eastern Regional Sales Manager JD Holzgrefe The Mozilla gurus assured me this an application based on what the Western Regional Bruce Halldorson Sales Manager was coming in the next rev of Firefox. browser provides. Come on, guys! Microsoft Account Manager Danna Vedder I was fl attered, but really, they made it Where’s the browser revolution? Certifi cation & Training Al Tiano Advertising Sales Associate Tanya Egenolf sound like it was their idea to begin Chrome, Safari, Internet Explorer, Firefox … they’re all minor variations

on the same old cola. RC, Pepsi, your President Henry Allain Vice President, house brand. Not a lot of differentiation. New Content Initiatives Doug Barney Senior Director of Marketing Let’s face it. We spend more time in and Audience Engagement Michele Imgrund our browsers than most any other app. Director of Online Marketing Tracy Cook New Web sites are cool, but the

browsers themselves are lamer than President & Neal Vitale Chief Executive Offi cer the fi rst round of “American Idol.” Senior Vice President & Richard Vitale Chief Financial Offi cer The heart of the browser is browsing, Executive Vice President Michael J. Valenti and bookmarks and history are our Vice President, Finance & Christopher M. Coates records. But there’s virtually no Administration Vice President, Erik A. Lindgren intelligence in either. How about my Information Technology & Application Development idea from my June 2006 column (“The Vice President, David F. Myers Barney Browser,” Redmondmag.com/ Event Operations with. Once the new version came out Barney0606)? I wrote: “The Google Chairman of the Board Jeff rey S. Klein I was no longer charmed—instead, I Barney Browser integrates searching Reaching the Staff Staff may be reached via e-mail, telephone, fax, or mail. felt misled. The bookmarks were with a fi le system so the intelligence A list of editors and contact information is also available online at Redmondmag.com. utterly unchanged. that comes from searches can be E-mail: To e-mail any member of the staff , please use the following form: [email protected] I’m about three more versions in, organized, used, shared and built upon. Framingham Offi ce (weekdays, 9:00 a.m. – 5:00 p.m. ET) Telephone 508-875-6644; Fax 508-875-6633 and bookmarks—whether in Internet Perhaps these strings of pages can be 600 Worcester Road, Suite 204, Framingham, MA 01702 Irvine Offi ce (weekdays, 9:00 a.m. – 5:00 p.m. PT) Explorer or Firefox—are lamer than cached, so if the site goes down the Telephone 949-265-1520; Fax 949-265-1528 4 Venture, Suite 150, Irvine, CA 92618 Quasimodo. information isn’t lost.” Corporate Offi ce (weekdays, 8:30 a.m. – 5:30 p.m. PT) Telephone 818-814-5200; Fax 818-734-1522 Bookmarks remain just a bunch of Is there truly a lack of browser 9201 Oakdale Avenue, Suite 101, Chatsworth, CA 91311 The opinions expressed within the articles and other contents URLs you happened to save, kept in innovation, or am I just jealous of the herein do not necessarily express those of the publisher. what amounts to a fl at fi le. Hey, the ’60s folks who bring us few or lame new called, they want their database back. features? Biased opinions are But don’t bookmarks represent the especially welcome and reasonable important places you’ve been to, and thoughts should be sent exclusively to shouldn’t they refl ect your process of [email protected]. ILLUSTRATION BY ALAN TAO

4 | January 2013 | Redmond | Redmondmag.com | Adventures in SQL Server performance management

YOU CAN BE BRILLIANT TOO! FIND OUT HOW!

Don’t struggle like Chris and waste hours troubleshooting SQL Server performance problems! Do what Chris did and get the award-winning SQL diagnostic manager.

SQL diagnostic manager gives you:

24x7 agent-less monitoring

History browser DOWNLOAD A FREE

Troubleshooting tools 14-DAY TRIAL

Intelligent Alerts

Monitor On-the-Go

Untitled-1 1 12/12/12 4:05 PM [email protected]

Cloud Confusion In her December 2012 column (“The Next Big Thing for Microsoft”), Mary Jo Foley wrote about “the new Offi ce”—new versions of the Microsoft productivity suite that are subscription- and cloud-based. A reader reacts to this vision of Microsoft’s future. I really don’t get the push to the Microsoft cloud. Sure, there’s a market there—a huge one—but when Microsoft to support the Kindle e-book reader based on its roots as an online book- starts competing with itself and taking away from its best seller. The more robust the ecosystem, parts, it just doesn’t seem right. the more successful the competitor. Microsoft came late to the party, but it has had remarkable success Offi ce and Exchange are the specifi c move to the cloud, and replicate the success with and Windows Live. pieces I question in this all-or-nothing of consumer Apple products that “just Combined, these services endow the cloud push. Offi ce has been pretty plain work.” Barney asked readers: “What Windows 8/Windows RT ecosystem standard in offi ces around the world. do you think about Surface? Does with great potential. Exchange Server is pretty much the Microsoft have a compelling cloud story?” The important point is that, while undisputed king of the corporate I agree that Microsoft is going to maintaining its historical business e-mail universe. The huge Offi ce 365 some interesting places with this new model, Microsoft is—for the fi rst push will take away from that—and it approach. But the needs of consumers time—targeting consumers directly. already has where I am. Microsoft reps are radically different than the needs These are not traditional Windows have pushed 365 so hard that my com- of the enterprise. The enterprise needs notebook buyers. Many are new con- pany is actually taking down Exchange a robust OS that’s generally hardware- sumers, and they’re buying tablets. and Offi ce on-premises. Some need only limited services. For And what if Microsoft is successful them, the Surface with Windows RT at pulling people to the cloud? While Microsoft reps have offers them a superior choice to the Gmail is no threat to corporate pushed 365 so hard iPad because it retains Windows com- Exchange on-premises, I think it will that my company is patibility. For others, the Surface with be a threat to hosted Exchange. Google Windows 8 Pro offers “the best of all Apps isn’t a real competitor to Offi ce actually taking down possible worlds”—portability in a on-premises, but in the cloud it could Exchange and Offi ce remarkably mobile, fully Windows 7- be a much more level playing fi eld. on-premises. compatible platform. Microsoft is pushing existing, loyal, By ignoring the very different needs unquestioning customers to change of Microsoft’s two types of customers, from what they’ve automatically done agnostic. The enterprise also needs a the pundits are unnecessarily creating for years to something unknown. And variety of hardware options from com- fear, uncertainty and doubt. once in the unknown, Microsoft isn’t peting vendors. This model works for Also, far too much emphasis is being king, as it always has been. Google has Microsoft as long as the enterprise has placed on enterprise adoption of demonstrated an ability to compete a predictable hardware lifecycle. As Windows 8. In my mind, it’s not with anyone on the Internet—it’s the market becomes saturated and nearly as important for Windows 8/ Google’s realm. Kirk demand is met, it becomes harder to Windows RT to be adopted in the Posted online sustain growth. enterprise as it is to win back the Consumer needs are quite different. hearts and minds of consumers Consumers vs. Enterprises Simplicity is the mantra. The ecosys- considering buying iPads and getting In his December 2012 column, “Ballmer’s tem is the key to that simplicity. Apple them to buy a Surface instead. Apple Envy,” Editor in Chief Doug Barney built its ecosystem on the iPod/iTunes C. Marc Wagner wrote about recent Microsoft efforts to model. Amazon created an ecosystem Bloomington, Ind.

6 | January 2013 | Redmond | Redmondmag.com | IMAGE FROM SHUTTERSTOCK RedmondReport

New Year Brings Price Hikes from Microsoft Organizations hit with a 15 percent increase in user CAL costs.

By Kurt Mackie He continues: “A Windows CAL urchasing Microsoft software in costs $31 and an Exchange CAL costs Products Subject to the new year will cost customers $68—though lower prices are available Licensing Price Hikes Pmore, thanks to a 15 percent for larger purchases—so they could • Bing Maps Server CALs increase in user Client Access Licenses be required to spend $297 for device • Core CAL Suite (CALs) that took effect last month. In CALs. But even with a 15 percent • Enterprise CAL Suite addition, Microsoft hiked license fees increase, the required user CALs • Exchange Server Standard and Enterprise CALs for its servers. Still, much of the would cost only $114.” • Lync Server Standard and pricing for its 2013-branded software The price increase affects more than Enterprise CALs products remains the same compared a dozen key Microsoft products • Project Server CAL with prior releases. including Exchange, Lync, SharePoint, • SharePoint Server Standard and While user CAL prices go up, System Center, Visual Studio Team Enterprise CALs • System Center 2012 Client device CALs remain at the same Foundation Server and Windows Server, Management Suite prices. The rationale for the user notes U.K-based Microsoft partner • System Center CAL price hike is tied to the concept Softcat Ltd. Confi guration Manager that workplaces will start to see mul- The user CAL price increase applies • System Center tiple devices used by employees. That to new contracts. Customers with Endpoint Protection • Visual Studio Team Foundation change in behavior causes user CALs existing multiyear volume licensing Server CAL to have more value, at least according agreements in place won’t face the • Windows Multipoint Server CAL to Microsoft’s calculations. price increase until the end of their • Windows Server CAL Licensing expert Paul DeGroot, contract term, according to Softcat. • Windows Server Remote Desktop principal consultant of Camano Island, Services, Rights Management Services, Terminal Services CAL Wash.-based Pica Communications Server Licensing Source: Softcat Ltd. LLC, accepts that Bring Your Own Price Increases Device (BYOD) rationale. “I’d buy that,” According to Softcat’s calculations, he says. “I recommend that customers SharePoint 2013 server licensing will including SharePoint for Internet— switch to user CALs—even with a 15 cost about 38 percent more than that of and extranet—sites; Enterprise percent increase, it’s still reasonable.” SharePoint 2010. Lync 2013 server Search [FAST]; and SkyDrive Pro, DeGroot notes that Microsoft licensing will cost as much as 400 the new document-storage service for revenues—as much as 80 percent— percent more than that of Lync 2010 SharePoint, in the main unifi ed server come not from server licensing, but Standard. The good news, according license. Previously, access to those from CALs. Still, he makes the case to Softcat, is that there’s no change in technologies required separate or for opting for user CALs for organiza- the server licensing costs of Exchange different licenses.” tions that permit BYOD scenarios. 2013 and Offi ce 2013 relative to Microsoft also points to added “Someone who connects their laptop respective 2010 server licensing costs. improvements in Exchange 2013, and their smartphone to get e-mail Microsoft believes the new server including built-in anti-malware and from the corporate Exchange mail pricing changes are justifi ed. For improved management capabilities, but server when they’re out of the offi ce instance, SharePoint 2013 will be the server licensing price didn’t needs at least six device CALs: one available in one edition that will increase relative to the prior product, Windows device CAL and one include a bundle of features that used according to the Microsoft statement Exchange device CAL for each of their to cost extra. explaining the licensing increases. devices—work PC, portable PC and “The array of previous server licenses “We’ll also be retiring the separate smartphone,” DeGroot says. “If they have been combined into the new external connector licensing, but had user CALs, they’d need only two: SharePoint Server [2013] license,” there’s no change to price.” one Windows user CAL and one according to a statement issued by Exchange user CAL would cover all of Microsoft. “We increased the value of Kurt Mackie is the online news editor for their devices.” the SharePoint Server license by the 1105 Enterprise Computing Group.

| Redmondmag.com | Redmond | January 2013 | 7 RedmondReport

Outlook 2013: Predictions for IT Pros Analysts foresee continued enterprise technology shifts in the coming year.

he beginning of a new year behind Android and iOS always seems to bring forth by 2015. Half of all laptop Ballmer Predicts Tpredictions about what IT shipments at that time Microsoft’s Future departments should expect in the near will be tablets, according Late last year, Microsoft CEO Steve future. Such expectations are perhaps to Gartner. Ballmer told shareholders the com- as old as Janus, the two-faced Roman Cloud Is Key. Gartner pany is now a “devices and services god of transitions and beginnings, who sees cloud computing as company,” not just a software company. In addition to that tagline, Ballmer wrapped up the company’s lends his name to “January.” Whether an enabler for three other annual shareholders’ meeting address with a few you believe predictions or not, prog- trends: mobile, social and predictions. To hear Microsoft tell it, the fi ve big nosticators such as technology research big data. No one cloud upcoming trends are natural UIs; machine learning fi rm Gartner Inc. have already formed platform will dominate, so and big data; unlocking application capabilities opinions about how IT shops will be IT pros will need to man- through the cloud; social networking; and the emer- gence of a single unifi ed Windows platform across affected by some emerging trends. age diversity—and they PCs, mobile devices, the server and the cloud. (Other key researchers, such as IDC should have the ability to Here are the areas where Ballmer says Microsoft and Forrester Research Inc., as well as manage mobile devices. will lead: smaller fi rms, have articulated similar Mobile Workforce. By • “The fi rst area is new form-factors that have, forecasts.) Get ready, and good luck! next year, IT shops will be increasingly, so to speak, ‘natural’ ways to use them: touch, gestures, speech, pen and handwriting. Slow Windows 8 Enterprise Adop- using private online app • “The second big area is making technology tion. Gartner believes most enterprises stores to deliver mobile more intuitive and able to do what we mean and aren’t ready for Windows 8. The fi rm apps to end users. In that act on our behalf instead of at our command, by predicts 90 percent of enterprises will respect, the role of the IT using new technologies in the area of what we call skip deploying Windows 8 on a wide- pro will shift from being a machine learning and big data. • “Third is building and running cloud services in scale company basis through 2015. centralized planner to being ways that unleash incredible new application Windows PC Dominance Fading. a market manager. Apple opportunities for businesses and for individuals. Windows is becoming one of many iPad devices will be more • “Fourth is fi rmly betting on and establishing platforms in a “post-PC” world full of common than BlackBerry one platform—Windows—on the PC, the tablet, mobile devices. Rather than standardize devices for businesses in the phone, the server and the cloud. • “And the last is really to deliver life-changing on one platform, enterprises should about two years. By 2016, improvements to people with new scenarios that support a greater variety of devices, 40 percent of the work- help us learn, work, play and socialize with one according to Gartner. The consulting force will be mobile, another. Inventing those new applications, delivering fi rm predicts that through the next according to Gartner. By them on these new devices, and sustaining them —K.M. four years, 90 percent of enterprises 2018, about 70 percent of with the cloud will be key to our future.” will be supporting at least two mobile mobile workers will use a OSes. In the next fi ve years, 65 percent tablet or hybrid tablet-like device. grow such that it will produce a demand of enterprises will use some kind of Social Collaboration. Social com- for 4.4 million jobs worldwide, or 1.9 mobile device-management solution to puting is becoming central to business million jobs in the United States. How- manage trusted devices, tolerated operations. “Social computing will ever, only one-third of those jobs will devices and non-supported devices. move organizations from hierarchical get fi lled. A new skill set will be needed Employee-owned devices will be hit with structures and defi ned teams to based on running these big data systems, malware at twice the rate of company- communities that can cross any but also in terms of having business owned devices over the next year. In organizational boundary,” says Peter expertise and analytics skills, including this year, the most common way of Sondergaard, Gartner senior VP and visual design skills. “Data experts will accessing the Web will be by mobile global head of research. However, be a scarce, valuable commodity,” phone, rather than by PC. By 2015, there’s some loss of control associated Sondergaard says. There will be a need more than 80 percent of handsets sold with the phenomenon, as 40 percent of to create predictive algorithms and deal will be smartphones, but just 20 per- an enterprise’s contact information is with both structured and unstructured cent of them will be Windows phones. expected to leak to Facebook by 2017. data, he adds. Expect various commercial Microsoft will fi nd a place in the tablet Big Data, or Your Next Job? The in-memory technologies to arrive over world with Windows 8, but it will lag demand for big data deployments will the next two years. —K.M.

8 | January 2013 | Redmond | Redmondmag.com | FOLD PERF

Key Code: w642v Visit www.apc.com/promo or call 888-289-APCC x6490 Three ways to prevent human error in IT spaces!

> Make the most of your IT space! Download our Top 3 solution design guides today!

Name: Title:

Company:

Address: Address 2:

City/Town: State: ZIP Code: Country:

Phone: Fax:

Email:

www.apc.com

©2012 Schneider Electric. All Rights Reserved. Schneider Electric and APC are trademarks owned by Schneider Electric Industries SAS or its BGGJMJBUFEDPNQBOJFT"MMPUIFSUSBEFNBSLTBSFQSPQFSUZPGUIFJSSFTQFDUJWFPXOFSTXXXTDIOFJEFSFMFDUSJDDPNt@(."64

Untitled-3 1 FOLD PERF 12/5/12 11:39 AM PERF FOLD

ATTENTION CRC: w642v 132 FAIRGROUNDS RD P.O. BOX 278 WEST KINGSTON RI 02892-9920

Untitled-3 2 PERF FOLD 12/5/12 11:39 AM Simple. Adaptable. Manageable.

Solution guides for quick and easy deployment! Simple: We are committed to making our solutions the easiest to install, configure, and integrate into either existing IT systems or data centers — or new build-outs. We ship our solution as “ready to install” as possible (e.g., tool-less rack PDU installation and standard cable management features). With our easy-to-configure infrastructure, you can focus on more pressing IT concerns such as network threats.

Configurations for any IT space! Adaptable: Our solutions can be adapted to fit any IT confi guration at any time — from small IT to data centers! Vendor-neutral enclosures, for example, come in different depths, heights, and widths so you can deploy your IT in whatever space you have available — from small IT or non-dedicated spaces to even large data centers.

Monitor and manage your IT spaces from anywhere!

Manageable: Local and remote management are simplifi ed with “out-of-the-box” UPS outlet control, integrated monitoring of UIFMPDBMFOWJSPONFOU BOEFOFSHZVTBHFSFQPSUJOH.BOBHFBCJMJUZ over the network and robust reporting capabilities help you prevent IT problems and quickly resolve them when they do occur — from anywhere! What’s more, our life cycle services ensure optimal operations.

Easy-to-deploy IT physical infrastructure Solution guides make it easy to determine what you need to solve today’s challenges. Integrated InfraStruxure™ solutions include The core of our system, vendor-neutral enclosures and rack PDUs, makes deployment everything for your IT physical infrastructure deployment: backup power and power distribution, incredibly headache-free. Easily adjustable components, integrated baying brackets, cooling, enclosures, and management software. pre-installed leveling feet, and cable management accessories with tool-less mounting Adaptable solutions scale from the smallest IT facilitate simple and fast installation. spaces up to multi-megawatt data centers.

Business-wise, Future-driven.™

Make the most of your IT space! Download our Top 3 solution design guides today! Visit www.apc.com/promo Key Code w642v Call 888-289-APCC x6490

©2012 Schneider Electric. All Rights Reserved. Schneider Electric, APC, InfraStruxure, and Business-wise, Future-driven are trademarks owned by Schneider Electric Industries SAS or its BGGJMJBUFEDPNQBOJFT"MMPUIFSUSBEFNBSLTBSFUIFQSPQFSUZPGUIFJSSFTQFDUJWFPXOFSTXXXTDIOFJEFSFMFDUSJDDPNt@(."64

Untitled-2 1 12/5/12 11:23 AM Untitled-3 2 10/1/12 12:44 PM Twice the virtualization. Lower management costs. None of the compromises.

You’ve been looking for IT solutions that meet the increasingly sophisticated demands on your infrastructure. IBM Flex System,™ featuring Intel® Xeon® processors, provides simplicity, flexibility and control in a system that doesn’t require compromise.

It supports up to twice the number of virtual machines as the previous generation of blade servers.1 And IBM Flex System Manager™ can help reduce management costs by providing visibility and control of all physical and virtual assets from a single vantage point.2

You can select individual elements and integrate them yourself or with the support of an IBM Business Partner. Or you can choose an IBM PureFlex™ System and leverage IBM’s expert integration for an even simpler experience. Learn more at ibm.com/systems/no_compromise

Learn why Clabby Analytics says IBM Flex System is the best blade offering in the market. Download the paper at ibm.com/systems/no_compromise

1 Based on IBM testing and documented in IBM System x® Virtualization Server Consolidation sizing methodology. IBM Flex System x240 supports 2.7X more Peak Utilization Virtual Machines (VMs) than previous generation BladeCenter® HS22V. 2 Based on IDC white paper “The Economics of Virtualization: Moving Toward an Application-Based Cost Model,” Michelle Bailey, November 2009, http://www.vmware.com/fi les/pdf/Virtualization-application-based-cost- model-WP-EN.pdf Optional IBM Flex System storage node available fourth quarter 2012.

IBM, the IBM logo, System x, BladeCenter, PureFlex, IBM Flex System Manager and IBM Flex System are trademarks or registered trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. For a current list of IBM trademarks, see www.ibm.com/legal/copytrade.shtml. Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. ©International Business Machines Corporation 2012. All rights reserved.

Untitled-3 3 10/1/12 12:44 PM ProductReview

Acronis Shortens Backup Windows, Simplifi es Recovery The new Acronis Backup & Recovery 11.5 is optimized for hybrid cloud environments and provides fl exible application support.

By Derek Schauland ackup and recovery remains one Acronis Backup & Recovery 11.5 of the most critical IT priorities, Server version starts at $859 Byet one that many continue to Acronis International GmbH give short shrift. I often wonder why so 877-485-3240 | acronis.com many shops are attentive to ensuring enterprise or organizational backups are completed while regular system backups fall by the wayside. A number of vendors are addressing the system-backup issue. In this new year, Redmond magazine will review a number of new products that have already eased the process. I’ll kick off the series of reviews with the latest offering from Acronis International GmbH. The company’s new release, Acronis Backup & Recovery 11.5, simplifi es the process of data protection by supporting cloud environments and provides fl exible application support. The product made its debut in June 2011. Figure 1. The Acronis Backup & Recovery 11.5 dashboard shows the status of the It’s targeted at hybrid environments, machine and lists various alerts and activities. being more tailored for modular envi- ronments and optimized for the cloud. By automating disk-to-disk-to-cloud multiple endpoints. At this point, you To accomplish this, the company has backup, Acronis believes it will shorten can also choose to select components added disk-to-disk cloud staging into the backup windows for both live phys- individually, but Acronis does a good what it calls its unifi ed backup and ical machines and VMs, while making job of categorizing these items to recovery platform. both easier to manage via a common improve the installation experience. management interface. Here’s what I observed when testing the new release. Licensing RedmondRating Acronis Backup & Recovery has many Installation: 20% 8.0 Getting Started components for different scenarios. As Features: 20% 9.0 The installation process for Backup & your environment grows and more Ease of Use: 20% 9.0 Recovery 11.5 is straightforward, but computers are managed with this Administration: 20% 9.0 there are quite a few components to be product, you’ll need to license various installed so the process might take components necessary for the appli- Documentation: 20% 9.0 some time. During installation, you’ll cation features to operate on each Overall: 8.8 be asked to choose from the compo- computer. Such components include

Key: nents to install by selecting the actions support for Microsoft Exchange Server, 1: Virtually inoperable or nonexistent you need to perform, from administering SQL Server, and various virtual envi- 5: Average, performs adequately 8 (or above): Redmond MVP status local machine backups to managing a ronments including Hyper-V and 10: Exceptional centrally located backup store for VMware vSphere.

12 | January 2013 | Redmond | Redmondmag.com | Earn your degree and IT certs at the same time. Online.

Earn up to 18 respected industry certifications with your online IT degree—at no additional cost.

UÊ Relevant Degrees AND Certifications—Accredited bachelor’s and master’s degree programs in Networking, Security, Software, and IT Management that incorporate up to 18 certifications without adding classes or costs. UÊ Opportunity to Advance Quickly—A competency-based approach to education that lets you leverage prior experience and your IT certifications to complete your degree faster. UÊ Flexible Online Learning—Log in and learn anytime. UÊ Nonprofit and Affordable—Flat-rate tuition that’s among the most affordable in the country.

Programs begin the first of every month. A smarter way to reach your future can start right now!

Learn more: Call toll-free 1-866-225-5948 or go to www.wgu.edu/redmond.

Untitled-3 1 10/16/12 11:42 AM ProductReview

The server version for Windows lists To create a backup plan, the software Online Backup service. Details about at $859, the Advanced Server for SBS is guides you to complete the following that service and pricing can be found $499 and the Advanced Server for steps: at bit.ly/TsLP0G. A 30-day trial of Windows is $1,399. You can select from 1. From the Dashboard, select Create the service is available for free. After- specifi c licensing at bit.ly/U4NybA. Backup Plan. ward, it costs $49.99 per year for 2. Because all disks attached to the 250GB of capacity. Inside Backup & computer will be included by default, For my testing, I chose a local backup Recovery 11.5 you’ll need to click “remove” for any target pointed at a dedicated volume When Backup & Recovery starts, a disks you don’t want to back up. on iSCSI storage. dashboard (see Figure 1, p. 12) is displayed to provide the ability to work with the application as well as display It’s great if your solution eases the process of recent activities and alerts. backing up your data, but the backup is only as The main functions include: good as the restores your solution allows. • Create Backup Plan: Create a recurring schedule for backing up the computer. 3. Specify a location to store the backup Once the location for backup was con- • Recover: Search for data to recover. data by clicking the Location link in the fi gured, I selected the Backup Scheme • Back up Now: Select fi les and folders “Where to Back up” portion of the from the “How to Back up” portion of to back up as a one-off process. screen. There are several options, the screen. Options here include: Creating a backup plan that performs including Online Backup Storage, • Simple: allows simple selection of the same job on a regular schedule Centralized, Personal, Local Folders, what to back up and when to do so. means you can set it and forget it. But in Network Folders, FTP Servers, SFTP • GFS (Grandfather-Father-Son): reality, backups should be reviewed reg- Servers, Storage Nodes or Tape Devices. uses full and incremental backups on a ularly and have fi les restored from them The use of Online Backup Storage daily, weekly and monthly schedule. to ensure things are working as needed. requires a subscription to the Acronis • Custom: the schedule, content and conditions for the backup are selected by the user. • Tower of Hanoi: uses full, differ- ential and incremental backups to ensure up to 16 levels of backup are maintained. • Manual Start: you can select the backup type—full, incremental or differential—and start the job as needed. Selecting the simple backup type cre- ated a backup schedule that occurred daily at midnight with indefi nite retention. Retention schedules can be modifi ed by selecting the dropdown for retention rules, which have the following options: Keep Backups Indefi nitely; Delete Backups Older than 30 Days (the number of days here can be modifi ed); Move Backups Older than 30 Days (the number of days here can be modifi ed). To see more information, such as the backup type and options for moving backup data to a second location, expand the rest of the section by selecting Show Backup Type | Second Location | Validation | Convert to Figure 2. Administrators can select from the numerous options for a backup job Virtual Machine. (I’ll explore the VM listed in the left panel of the Options dialog window. conversion feature later in this review.)

14 | January 2013 | Redmond | Redmondmag.com | ProductReview

After selecting the type of backup to perform, I was able to specify options for the backup job and a name for the job. A default set of options are confi g- ured to get you started right out of the box, and these are suffi cient for those who need to get backups confi gured quickly. For more control of the options available for a backup confi gu- ration, select the default link under “Plan parameters.” The options are showcased in Figure 2, opposite page. Converting Backups to VMs Virtualization is still one of the most popular technologies around, and appears in more places every day. Acronis has included a virtualization step in the backup process by allowing backups to be converted to VMs immediately at the completion of the backup or on a set schedule. When a schedule is used for VM cre- ation, it uses the latest backup to create the image. Depending on the agent licensed for the application, Acronis Backup & Recovery supports multiple virtualization formats, including but not limited to Microsoft Hyper-V, Figure 3. When recovering data, the administrator selects the data needed using the Data to Recover Selection dialog window. VMware and Citrix XenServer. Conversion to a VM allows you to view, which shows the archives by the navigation panel. Select an mount the backup images to the date that were created, or by Data archive to use by clicking the Source hypervisor and have these images view, which displays the hierarchy Archive link and choosing from the start as guest machines if needed. of data that you’ve backed up (see available archives. This can provide a fast recovery Figure 3). Once the archive is added, select method if certain systems need to be In addition to a recovery, which Source Backup to choose the backup offl ine for an extended period, or it places information back in its original for the operation. Finally, you’ll need can allow for faster recovery in the location, you can mount backup images to select the disk image to mount event of a disaster. to allow for a more-selective restora- because no images are mounted by tion process. For example, if you’re default (see Figure 4, p. 16). Restoring Data working on a document that’s included When the image is mounted, it’s It’s great if your solution eases the pro- in a full backup of your computer available in Windows as a volume with cess of backing up your data, but the every night and suddenly the docu- its own drive letter. This allows for backup is only as good as the restores ment becomes lost or corrupted, easy browsing of fi les and a simple your solution allows. If you’re unable recovering the entire computer from copy-and-paste to recover fi les from to restore information from a backup, backup is a bit extreme. Being able to the image. Managing simple restora- the usefulness of the backup is degraded mount the latest backup image and tion with a straightforward technique and should be investigated. browse to the fi le needed is a much like copy-and-paste is an excellent way With Acronis Backup & Recovery more reasonable approach because it to provide fi le-level recovery. Other 11.5, you select the option to recover allows only the missing fi le to be solutions provide similar fi le-level data and point the application at the recovered and takes much less time. recovery, but this is the fi rst I’ve seen backup to use as the source. Data to To mount an image for a selective that brings the image online as a disk recover can be selected from Archive restore, select Mounted Images from in Windows.

| Redmondmag.com | Redmond | January 2013 | 15 ProductReview

from the perspective of the local machine. Note that managing a remote machine uses similar tools but may have different components, including tools for Hyper-V or VMware, depending on your environment. What’s Missing? Version 11.5 doesn’t include support for Windows 8 computers or devices. Acronis says support for the latest version of Windows is coming in a future release. The disks for backup are referenced by disk number with no mention of the drive letter assigned to them. If there are multiple drives in the com- puter you’re working with, this could be an issue because the disks aren’t easy to locate. Selecting the “Items to Back up” link when creating or editing a job will show the volumes on a selected disk; however, simply displaying Figure 4. Administrators can choose which image to mount and apply the this in the main screen by default appropriate settings using the Acronis Backup & Recovery 11.5 dashboard. would be a welcome improvement for Acronis to consider. App Interface Control functionality, meaning the command The Acronis Backup & Recovery In addition to backup and recovery line and the UI don’t need to behave application doesn’t leave things to tools, Acronis provides disk- and tape- differently—which will make life easier chance and is straightforward and easy management items to allow you to on the administrator. to navigate. There are a lot of options work with these solutions directly from Sometimes recovery of a system that within this application that allow it to the application interface. This is won’t boot is required. Acronis includes fi t a majority of customer require- another great feature, because I don’t a recovery boot media-creation tool to ments. When planning backups with need to leave the application to retrieve help in these situations. When booting this application, be sure to understand information about disks or tape drives from recovery media, the backup what your backup needs are and take that might be available for use. images created by the software can be the time to work through the options accessed and recovered using similar to ensure that the backup you need is tools available from within the the backup you’re getting. Sometimes recovery Windows application. The ease of use of the program and of a system that won’t wealth of features it contains are a boot is required. Selecting Remote welcome departure from some of the Computer Support other tools in this space. When an When you open the management con- application is full-featured, usage can Acronis Backup & Recovery also sole for Acronis Backup & Recovery, seem diffi cult; but when usage is easy, includes command-line tools (installed you can select to connect to the local sometimes an application is missing separately unless using a standalone machine or a remote machine. If you key features. I think Acronis has found confi guration), which provide direct choose to manage a remote computer, the sweet spot here, and I hope the access to the application from the you’ll need to specify connection trend continues. command line. While previous versions information for the remote machine. of Acronis products executed com- Once connected, a wizard lets you Derek Schauland has worked in technology mands and carried out tasks from the describe how you want the software to for 15 years in everything from a help desk command prompt, in the latest version, manage the machine. role to Windows systems administration. the commands are sent to the applica- Because the management experience is He has also worked as a freelance writer tion that carries out the task. This the same between local and remote for the past 10 years. He can be reached at should allow for a more-similar computers, I focused on the application [email protected].

16 | January 2013 | Redmond | Redmondmag.com | WARP: ['wórp] –noun.

A twist or curve that has developed in something originally flat or straight

INTRODUCING ULTRABAC WARP

UltraBac Warp is a continuous data protection (CDP) backup and disaster recovery program designed so end users can easily restore fi les and folders to within a minute using a simple to navigate point-in-time recovery user interface. The twist is the software utilizes Continuous Image Protection™ (CIP) for image-based CDP as opposed to fi le-based. The CIP process protects all selected volumes as opposed to just specifi c fi les and folders. When activity occurs, changed blocks on disk are automatically backed up to a local disk or UNC path. Everything at the partition level is protected, unlike the typical CDP solution that is only application specifi c. In addition, UltraBac Warp greatly reduces the amount of storage space traditional backup software requires by not only backing up just changed blocks, but by automatically pruning the oldest data using a modifi able schedule. Providing the best of both worlds, UltraBac Warp also provides dissimilar hardware-based bare metal disaster recovery at no extra cost!

ULTRABAC WARP — THROWING THE CONTINUOUS DATA PROTECTION COMPETITION A CURVE BALL.

CALL FOR WORKSTATION OR SERVER EDITION PRICING.

BACKUP AND DISASTER RECOVERY SOFTWARE FOR PEOPLE WHO MEAN BUSINESS WWW.ULTRABAC.COM 1.866.554.8562

© 2013 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, Continuous Image Protection, and Backup and Disaster Recovery Software for People Who Mean Business are trademarks of UltraBac Software.

Untitled-4 1 12/13/12 11:17 AM Content provided by TechNet Magazine, Microsoft’s premier publication for IT Professionals MAGAZINE PracticalApp Active Directory Your Way The way you set up your Active Directory topography will have a direct impact on how well you’re able to organize your users and resources.

By Brien M. Posey

ince the release of Windows 2000 their domain structure on specifi c types of Active Directory objects. One example of this is the use of user domains. Server edition more than a decade A user domain is an Active Directory domain set up for the S sole purpose of managing user accounts. To give you an idea ago—and with it the release of of why this is useful, consider this example of an organiza- Active Directory—the time-tested Microsoft tion with a few thousand users and a high rate of employee turnover. This organization employs two people whose job it directory service has helped organizations is to create, provision and remove user accounts. maintain order amid the chaos. One strategy In this type of situation a user domain could prove useful, because this type of domain structure would help the users most organizations take (although there are tasked with account maintenance to have full administrative control over the user accounts. They could be limited, certainly exceptions) is to stick with the however, from having access to any other Active Directory simplest Active Directory deployment that objects or functions. You don’t need to implement this type of domain structure they can realistically get away with. specifi cally to isolate administrative responsibilities. There This should come as no surprise. The principle of keeping The vast majority of Active things as simple as possible defi nitely applies to the world of IT. Any seasoned IT professional knows that keeping things simple reduces the chances of problems and makes trouble- Directory deployments in shooting a lot easier. There’s absolutely nothing wrong with using a standard Active Directory topology. There’s a reason the real world are based on Microsoft set the standard topology as the default. But while there’s something to be said for simplicity, geographical structure. when it comes to Active Directory, some organizations might be better served by a more creative structure. There are other ways to accomplish this type of isolation. Never- are some alternate designs that are likely more appropriate theless, a user domain structure can help an organization for larger organizations that need to segregate the stay better organized by making the individual domains less management responsibilities. cluttered. It also provides a sense of physical administrative isolation, which some organizations might prefer instead of Domain Structure the logical administrative isolation that can exist when all Most often, real-world Active Directory deployments use a various object types reside in a common domain. domain structure that mimics the organization’s geographic structure. For example, if an organization has three offi ces, Resource Domains it’s likely to have three domains. Not every organization uses Resource domains are similar to user domains in that they’re this type of design, but it’s the most-common type of Active single-purpose in nature. These are used to enhance security Directory structure. Here are a few alternate domain struc- or make the Active Directory structure more logical or man- tures you might want to consider for your organization. ageable. There are real-world Active Directory deployments in which all of the desktop computers are grouped into a User Domains dedicated resource domain. Other organizations have placed Active Directory is really nothing more than a database. The all their servers running primary line-of-business applica- database is fi lled with various types of objects. Each object is tions into a dedicated resource domain. You can use resource assigned one or more attributes. Organizations sometimes base domains for any other class of resource as well.

18 | January 2013 | Redmond | Redmondmag.com | ADVERTORIAL Social Solutions Are on the Rise in the Enterprise

ocial business solutions are becoming Fortunately, nearly 75 percent of respon- more impactful and prevalent, dents said they were either using or Sthough they haven’t made their way planning to move to some version of into the enterprise in the way Facebook and SharePoint, Microsoft’s fl agship collabora- Twitter have penetrated consumer markets. tion system. However, over half of respon- This is in part due to skepticism about how dents are waiting to see if SharePoint 2013 much of a positive business impact they will have social components robust could actually have. However, much of that enough to fi t their organizations’ needs. doubt is dissolving and companies are looking to reap the benefi ts of internal That’s where NewsGator comes in. It social applications. enhances productivity and rewards positive behavior, improves expertise and To provide a detailed look at the market information discovery, accelerates for enterprise social solutions, Redmond training and onboarding with real-time magazine teamed with NewsGator, a learning, connects mobile workers, and provider of social solutions for the accelerates ideation and innovation using SharePoint platform, to take the tempera- often adopted by specifi c teams or existing SharePoint resources and security ture of how social applications are divisions in the absence of an enterprise- features. With SharePoint, NewsGator perceived in large enterprises and smaller wide solution being made available to allays security concerns and keeps businesses alike. The survey, hosted on everyone. The percentage of companies implementation and maintenance costs Redmondmag.com, garnered more than with widespread users is expected to grow low for businesses with 50 to over 300 qualifi ed respondents and shed some as businesses fi nd that they can improve 300,000 employees. Most importantly, light on where social solutions stand and productivity and accelerate innovation NewsGator does what social solutions where they are headed for business. Here, with social business solutions. promise to do. we present some of the critical fi ndings. Even the skeptics understand the potential NewsGator delivers on the vision and The market for social business applications value social solutions off er. More than 60 potential of social solutions by focusing on is new and growing. A large majority— percent of respondents said they believed human-centricity to drive employee more than 70 percent—of respondents social applications would enhance employ- productivity and improve collaboration. had no social solutions deployed at the ee collaboration and productivity, and half The more users who experience NewsGa- time of the survey, but more than a said social solutions would help improve tor, the more results a company realizes. quarter of respondents were evaluating employee engagement and satisfaction. SharePoint 2013 brings unprecedented social applications. Those organizations Nearly 40 percent saw an opportunity to enhancements in social functionality, and that are in the evaluation process are improve culture and morale. The benefi ts of NewsGator builds on them with functional- positioning themselves to leave behind social solutions are becoming obvious; the ity that makes social real for SharePoint. competitors that aren’t looking to execution of implementing them, though, is Now is the time for organizations, espe- implement social applications. still a bit tricky. cially those that are lagging behind, to look into social solutions for the enterprise, with While more than half of respondents who Budget, lack of maintenance resources and SharePoint 2013 and NewsGator. The social had implemented social solutions security concerns all topped the list of enterprise is here—and it’s only going to reported that users took advantage of the barriers to entry for social applications in the keep growing. apps only occasionally or not much at all, enterprise, registering with between 35 and 14 percent reported that social applica- 40 percent of respondents. More than half NewsGator is the only provider delivering tions enjoy widespread use by a broad of respondents said that solution scalability a full-featured, trusted social networking base of users in their organizations. This is is very important for their organizations, and solution at enterprise scale with successful consistent with what NewsGator sees from nearly 80 percent said data captured with deployments to over four million paid many solutions in the market, which are social tools is worth protecting. users.

For more information about NewsGator social success, please visit: http://www.newsgator.com

Untitled-1 1 12/12/12 3:56 PM MAGAZINE PracticalApp

Resource domains are probably most useful when you treat them as management domains. For example, you might want Related Content to create a dedicated Active Directory forest designed to act • Export, Compare and Synchronize purely as a management domain for Hyper-V servers. There Active Directory Schemas (bit.ly/VadPIs) are a couple of reasons why you might choose to do this. • Using Catch-All Subnets in Active Directory The fi rst reason has to do with management. System (bit.ly/U6jbRS) Center Operations Manager 2012 (and a number of other • 19 Smart Tips for Securing Active Directory management products) can only manage servers that are (bit.ly/QSadNU) members of an Active Directory domain. You wouldn’t want to join your Hyper-V servers to your primary domain organization’s geographic topology. For every wide area because all of the domain controllers for your primary network (WAN) link between offi ces, there should be a cor- domain are virtualized. You wouldn’t want to risk putting responding site link within Active Directory. Furthermore, your organization in a situation in which you were unable to the computers that reside within a physical offi ce should be log on to a Hyper-V server because the virtual DCs were placed within a common Active Directory site. Ideally, each offl ine. Adding the Hyper-V servers to a dedicated Active location should make use of a dedicated subnet because a Directory management forest solves this problem quite well. single subnet can’t span multiple Active Directory sites. Another reason you might choose to create a dedicated Active Directory site structure is important because the resource domain for your Hyper-V servers has to do with site structure has a direct impact on the volume of Active some of the new features that are coming in Hyper-V version Directory replication traffi c that will owfl across the WAN 3.0. Hyper-V 3.0 will have the ability to replicate a VM from links. For example, imagine an organization with multiple one host server to another. This type of replication is not a branch offi ces. This organization chose to confi gure its failover clustering solution, but rather a disaster recovery Active Directory as a single domain, which isn’t wrong. In a solution that lets you maintain an up-to-date copy of your situation like this, you could potentially make updates to VMs on an alternate host server. That way, if something Active Directory on any writable DC within the entire happened to your disk array or your primary Hyper-V host, organization. When an update does occur, it’s the DC’s you’d have another copy of your VMs you could fall back on. responsibility to make the update available to the other DCs. In order to use this feature, however, both the host server If this organization didn’t make use of an appropriate site and the replica server have to be authenticated. The easiest structure, a common update could pass over a WAN link mul- tiple times. For example, if there were fi ve DCs in a branch Resource domains are offi ce, an Active Directory update could potentially be sent across the WAN link fi ve separate times, once for each DC. When you use Active Directory sites, one DC in each site probably most useful acts as a bridgehead server. The bridgehead server’s job is to receive Active Directory updates from across the WAN and when you treat them as distribute those updates to the other DCs within the site. This means any Active Directory updates would only need management domains. to be sent to each branch offi ce once, regardless of how many DCs there are within that branch offi ce. way to provide this authentication is to join both servers to a What about organizations that use a separate domain for common domain and use Kerberos. As such, creating a dedi- each branch offi ce? If each branch offi ce has a dedicated cated resource domain for Hyper-V servers makes perfect Active Directory forest, you don’t have to worry about sense. This is especially true when you consider there are defi ning Active Directory sites. On the other hand, if each other Hyper-V features that also require domain membership. domain is a member of a common forest, you should Incidentally, resource domains and user domains are not defi nitely implement an appropriate Active Directory site mutually exclusive. Some organizations use a combination structure as a way to keep forest-level Active Directory of user domains and resource domains within a common replication traffi c in check. Active Directory forest. As you can see, there are lots of different ways to set up your Active Directory domain topology. Ultimately, you Geographic Topology should choose the topology that makes the most sense for While these alternate structures are indeed effective, the vast your own organization. This could be a single domain majority of Active Directory deployments in the real world model, or a multi-domain model based on geographic are based on geographical structure. Technically, there’s proximity, users or even resources. nothing wrong with using this type of Active Directory topology—but there are a few things you should consider. Brien M. Posey, MVP, is a freelance technical author with First, don’t confuse domain structure with site structure. thousands of articles and dozens of books to his credit. You can The Active Directory site structure should always mimic an visit Posey’s Web site at brienposey.com.

20 | January 2013 | Redmond | Redmondmag.com | YEARS OF IT EDUCATION

ANNIVERSARY

Celebrating 15 years of IT education, TechMentor returns in 2013 with immediately usable training that will keep you relevant in the workforce. Get inside the IT classroom and learn how you can build a more productive IT environment. Choose Your Campus

REGISTRATION OPEN

TECHMENTOREVENTS.COM

SUPPORTED BY PRODUCED BY

Untitled-1 1 12/3/12 11:15 AM COVER STORY | Active Directory

22 | January 2013 | Redmond | Redmondmag.com | IMAGE FROM SHUTTERSTOCK GROUP CONTROL

Dynamic Access Control in Windows Server 2012 can help IT improve fi le server authorization and authentication by reducing Active Directory groups. By Jeff rey Schwartz

anaging groups in Microsoft Active Directory The key appeal of DAC is that it extends Group Policy and is the bane of many an IT pro’s existence. Like- access-control functions applied to fi le shares managed by Mwise for security administrators, auditors and AD. It does so by integrating claims-based authentication managers who implement policies. The number using Kerberos tokens. Instead of describing users by which of groups and attributes in AD is increasing at an alarming security groups they’re assigned to, DAC also makes it pos- rate. And that number is increasing further now that IT must sible to validate claims based on different attributes in AD, enact Bring Your Own Device (BYOD) policies and govern such as a user’s department, location, role, title and security access to the growing use of cloud services. clearance, as well as how fi les are classifi ed. The problem: How does IT meet the new business impera- tive of empowering workers to access information when and “The reason we call where they need it, while ensuring sensitive information it Dynamic Access doesn’t leak out and wind up in the wrong hands? Also, how can audit groups know when an unauthorized user has Control is we’re accessed—or attempted to read, retrieve or copy—information? changing the game File servers have long secured documents by providing folders in how you can get or shares governed by Group Policy, by which an individual is static information granted access based on attributes such as his role, department or location. But the growing amount of data and security versus dynamically groups is making it increasingly diffi cult for IT organizations getting this information on the to meet the new demand for access to data from different device fl y, and a claims model allows us types and locations, while ensuring that data is protected. Microsoft’s answer is a major new feature in the recently to do that.” released Windows Server 2012 called Dynamic Access Control Uday Hegde, Principal Group Program Manager (DAC). DAC aims to make it easier to enhance authorization for Active Directory, Microsoft and authentication by applying better security, risk-management and auditing policies in AD. It promises to improve how fi les DAC also lets organizations apply more refi ned policies by are classifi ed, secured, accessed and governed based on various which a user or device can access a fi le using claims-based attributes and conditions applied within AD. authentication, says Patrick Gookin, product manager for AD DAC is perhaps the most important addition to the new products at NetIQ Corp. “The security system can have a Microsoft server OS, says Mark Minasi, an independent rule that says: If the claim that someone is a VP is true, and instructor who gives classes on Windows Server 2012 and the claim is that the department is fi nance, and the resource AD. While observers believe it will take some time before they’re accessing it from is also within the fi nance depart- DAC takes hold, Minasi believes it’ll be a key reason many ment, then I’m going to give them access to this folder,” organizations ultimately make the move to Windows Server Gookin explains. “Which is unbelievably more powerful than 2012. “For 15 percent of the Fortune 500, they’ll roll out the group model, but it also has a lot of pieces and moving Windows Server 2012 faster than they rolled out Windows parts that need to be managed and understood.” Server 2008 R2—and it will be because of Dynamic Access Control,” Minasi says. New File Security Model An organization doesn’t need to upgrade all of its fi le servers DAC also integrates Rights Management Services (RMS), to Windows Server 2012 in order to implement DAC, Minasi where fi les defi ned as sensitive are automatically encrypted, points out. As long as there’s one new fi le server running a ensuring information is protected when it’s moved from the Windows Server 2012 domain controller, the organization fi le server. A fi le may be deemed sensitive if it has a Social can implement DAC. Security number. Microsoft and many of its third-party

| Redmondmag.com | Redmond | January 2013 | 23 COVER STORY | Active Directory

partners believe this new approach to fi le management in Tools to Build on Windows Server 2012 is among the most important new fea- Dynamic Access Control tures in the OS. As organizations begin deploying Windows Server 2012, DAC promises to also change the way IT secures number of third-party ISVs and Microsoft and audits various document types that reside on fi le servers. partners have diff erent plans to enable the new Dynamic Access Control (DAC) features in “It starts with the ability to tag data, classify data, apply AWindows Server 2012. Here’s a sampling. access control to that data and then automatically encrypt sensitive information based on this specifi cation,” said Nir CA At the Windows Server 2012 launch back in September, Ben-Zvi, program manager on the Microsoft File Server CA said its DataMinder Classifi cation r14.1 tool supports DAC. DataMinder Classifi cation leverages the File team during a demo of DAC. A key benefi t of DAC is that it Classifi cation Infrastructure (FCI) feature of Windows signifi cantly reduces the constraints placed on IT versus the Server 2012 and helps organizations discover, scan and traditional implementation of Group Policy, explains Uday classify sensitive information in the file system. The Hegde, principal group program manager for Active Directory company says DataMinder Classifi cation provides at Microsoft. “precise, fi ne-grained access control.” Microsoft introduced claims-based authentication and NetIQ Corp. Directory Resource Administrator—which authorization in SharePoint 2010. But despite the prolifera- provides AD management, delegation and reporting— tion of SharePoint, experts say the vast majority of documents will gain support for DAC in a release slated for this fall. still reside in unstructured formats on fi le servers. “We’ll be introducing features for managing Dynamic “The nice thing about claims is you can apply very dynamic Access Control and will be able to provide control over that,” says Patrick Gookin, the company’s product policies at the resources,” Hegde says. “You can make deci- manager for AD products. sions that aren’t already baked into the system in a static way. For example, let’s say you have a line-of-business application NextLabs Inc. While DAC is native to Windows Server and you’re hosting it. You can say, ‘only allow access to a user 2012, risk-management software provider NextLabs now off ers software that extends those policies and permis- who has authenticated with a smart card certifi cate,’ or, ‘only sions to Windows Server 2008, SharePoint 2010, Linux allow access based on some other criteria.’ So you can make NFS and Samba fi le servers. NextLabs Control Center those changes dynamically with security groups.” Dynamic Access Control (DAC) Edition lets organizations In older versions of Windows Server, making those changes is bridge their Windows Server 2012 Central Access Policies diffi cult to do, Hegde adds. “The reason we call it Dynamic to those other systems. “We can take DAC and enforce those polices on SharePoint and earlier versions of Access Control is we’re changing the game in how you can get Windows fi le servers,” says Andy Han, NextLabs VP of static information versus dynamically getting this information products. “There’s a lot sitting in SharePoint, and people on the fl y, and a claims model allows us to do that,” he says. would like to have the same rules working in both places.”

From ‘Or’ to ‘And’ Quest Software A new version of the company’s Security Explorer, slated for release this quarter, will support DAC. Minasi says DAC is so important because it allows IT to vastly The company says Security Explorer 9.0 will let adminis- reduce the number of AD groups, while providing more fi ne- trators add, remove and modify NTFS permissions via grained fi le-access policies. Say you only want to allow managers DAC, providing simplifi ed management. It will also make it in your Omaha, Neb., offi ce access to a set of fi les or a folder. easier to manage DAC via Windows 7 clients joined to They might already be in a management group or an Omaha Windows Server 2012 domains. Administrators will also be able to restore DAC permissions when data is lost by backing group. Without DAC, an administrator must create a third it up. In the future, the Quest Secure Copy migration tool group—adding to the proliferation of such groups, while will support DAC, says program manager Tom Crane. making it harder to restrict access if one but not both of those attributes change. Stealthbits Technologies Inc. The company’s fl agship product, StealthAudit Management Platform (SMP) for “Previously all we had is groups and ‘or,’ where if you’re in Active Directory, lets IT clean up security groups so it can the management group ‘or’ the Omaha group, you get in,” move them to Microsoft claims-based expressions for Minasi explains. “So now we can say, ‘I’m in the management defi ning conditional permission. According to the company, group ‘and’ the Omaha group. That’s important. Placing the SMP for Active Directory provides data collection, analysis information we have about you in Active Directory and and bulk administration capabilities. The company says the granular visibility into AD, combined with the toolset adjusting fi le permissions—that changes the universe.” to analyze and correlate directory components, will enable organizations to build on top of DAC. Eliminating Token Bloat Why is eliminating the number of groups in AD so impor- Varonis Systems The provider of data-governance tant? A common problem today is “token bloat,” where an software has plans to help organizations utilize DAC, but it’s not revealing them at this time. “We aren’t talking inordinate number of groups in AD result in too many about our future plans just yet, but we have them,” says tokens in the repository. This makes it diffi cult to manage David Gibson, the company’s vice president of marketing. access and apply policies when users’ roles invariably change. “It’s safe to say, we’ve been helping organizations manage As the number of groups increase in an enterprise, the more access control, manage access to their data, protect it —J.S. diffi cult it is to ensure all AD tokens are up-to-date. This and manage it.”

24 | January 2013 | Redmond | Redmondmag.com | Need to back up the Library of Congress tonight?

Go ahead. HP StoreOnce Backup is 3X faster to deal with shrinking backup windows.* Exponential data growth reveals the gaps in legacy data protection processes. HP StoreOnce, powered by Intel® Xeon® processors, uses a unique deduplication engine to quickly protect remote sites or data centers, and move data efficiently between them to reduce costs. It’s all integrated with the HP Converged Storage portfolio, so you can respond to any demand, reclaim resources, and have faster backup for the next generation of IT. The power of HP Converged Infrastructure is here.

Evolve to deduplication 2.0 for 3X faster backup and 5X faster recovery.* Find out how by reading the Forrester white paper at hp.com/go/StoreOnceBackup or scan the QR code.

*For details on claim substantiations, visit hp.com/go/StoreOnceBackup

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries.

Untitled-10 1 12/12/12 4:54 PM COVER STORY | Active Directory

“Placing the information we have about you in Active Directory and adjusting fi le permissions— that changes the universe.” Mark Minasi, Independent Instructor

File Classifi cation Infrastructure When Windows Server 2008 R2 shipped, Microsoft intro- duced File Classifi cation Infrastructure (FCI) in the OS. Until now, FCI has offered limited benefi t because it let users classify data in fi les but didn’t offer access control. In essence, FCI lets business group managers and those who author documents classify fi les based on metadata tags. Those tags describe the nature of the fi le, such as if it has personally identifi able information. The author of documents can create those tags, or automated rules can generate them. For example, if fi les have credit-card numbers, the security policies applied to those documents would be tighter than makes it more diffi cult to ensure the proper access controls fi les that are less-sensitive. In the case of a hospital storing are in place. patients’ MRI images on a fi le server, FCI ensures those fi les “Groups can get very much out of control,” says Tom Crane, are only accessible to doctors or authorized people. “If it’s a program manager at Quest Software, now a division of Dell tagged as an MRI we can say: ‘You can’t look at this MRI Inc. “You don’t have any idea who has access to all of the unless your Active Directory title says you’re a doctor or resources through all of these groups.” you’re the owner,” Minasi says. “Notice you didn’t hear me Besides reducing the number of groups, DAC makes it easier to say ‘group’—you just heard Active Directory references.” assign policies to fi les and shares. For example, a user might have complete read-write access to certain fi les when at a specifi c location, but read-only access when Hear Mark Minasi Explain DAC accessing those same fi les from home. Another con- dition might include what kind of device is accessing f you’re interested in learning more about the new Dynamic Access Control (DAC) features in Windows Server 2012, expert the data, such as a user-owned computer, tablet or Mark Minasi will provide an in-depth session on the topic at the smartphone versus a company-administered system. ITechMentor Conference in Orlando, Fla., on March 7. Implementing policies defi ning how data is In the “Understanding Dynamic Access Control: The File Share, accessed is becoming more diffi cult to control as Re-Imagined and Compliance-Enabled” session, Minasi will more documents are fl oating across a larger number explain why he believes DAC is the most signifi cant change in of fi le servers, experts say. And the problem is only Windows Server 2012. exacerbated as employees generate more data and “DAC adds many new ways to control access to a fi le share,” the number of security groups increase. according to Minasi’s session description posted on the TechMentor “There’s no central place from which you can Web site. “You can require users to be members of multiple groups or you can forgo groups altogether—and stave off a control access rights to fi le systems because the pernicious disease called ‘token bloat’—by controlling access to access rights and security are controlled at each of shares based on particular Active Directory attributes.” those objects at the folder level, the share level, and Minasi, an expert in Windows-based fi le shares since 1985, will the user who owns a folder can change the permis- explain the value of DAC, outline and demonstrate seven central sions on it,” says Matt Flynn, a product manager at concepts, and show how those pieces fi t together to set an Stealthbits Technologies Inc., a provider of AD access-control policy, according to the outline. administration, auditing and data loss prevention TechMentor, produced by Redmond magazine publisher 1105 (DLP) tools. “They can open up a share and grant Media Inc., will run the week of March 4-8. —J.S. rights to everyone to change content that may be extremely sensitive.” Besides making it easier to change permissions, DAC lets IT This should appeal to enterprises with sensitive data such as and security administrators create rules and policies. At the government agencies, insurance companies and health-care same time, it allows IT to govern access rights based on those providers. FCI will also have general appeal to any enterprise rules or policies as well as other user attributes, rather than with more than 50 employees. One reason is, starting this somebody having to specify a particular group or user on year, as the Patient Protection and Affordable Care Act (aka every Group Policy Object (GPO), Flynn says. Obamacare) kicks in, organizations must ensure personally

26 | January 2013 | Redmond | Redmondmag.com | Active Directory Top thing that all organizations need to audit

“NetWrix, now in its sixth year, is almost 100 percent focused on change management and auditing. And in these days of more and more compliance requirements - not to mention the constant need for security - tracking changes to your environment is more critical than ever. Netwrix, with its tight focus on change auditing, makes Microsoft environments more secure and compliant.”

Doug Barney, Editor In Chief, Redmond Magazine

Active Directory is truly a backbone of 98% of all modern networks. It is surprising that a majority of organizations still rely on crude native log tools to audit their AD and don’t understand what’s happening until they have to investigate an event. A recent report from Quocirca found that many audits are only carried out either before an investigation or after an event such as data loss or server failure; and that very few IT teams really know what is happening in their infrastructures at any one time.

Unified Approach to Active Directory

Built-in Active Directory auditing lacks many important features and doesn’t have reporting capabilities. Active Directory Change Reporter tracks and reports all changes made to Active Directory and Group Policy, creates change audit reports and real-time alerts that show who changed what, when, and where for all changes and features subscription capability that allows to configure scheduled report delivery.

Active Directory Change Reporter includes Windows Server 2012, Windows 8 and Exchange 2013 platform support. Real-time alerts and automated scheduled report delivery via subscription, ensure administrators, security and compliance officers and interested parties receive critical information exactly when it is needed. The product uses a combination of techniques to collect data and supports both agentless mode and non-intrusive agent-based mode (with agents needed solely for network traffic compression). The tool helps organizations to comply with internal and external regulations. All changes made to your Active Directory and Group Policy can be archived and stored for years, enabling you to generate reports for your IT auditors. Active Directory Change Reporter will help you to prevent security breaches and compliance issues, saving your time and money.

Redmond review: Net-Security review: Download FREE Trial: www.url2open.com/jv www.url2open.com/jw www.url2open.com/trial

“In a way NetWrix AD Change Reporter is doing us a big favor, as it has highlighted some issues of which we were previously unaware. Let´s face it, who has the time to sit and review the Event Logs on all of their DCs?” Christopher Faithfull-Lisle, IT Product Manager, SICK AG

Untitled-2 1 12/10/12 11:44 AM COVER STORY | Active Directory Microsoft Readies Windows Azure AD

Latest beta aims to ease management Windows Server installations. That includes support for the new Dynamic Access Control (DAC) features in Windows tasks tapping Microsoft services. Server 2012, Hegde says. By Kurt Mackie End users benefi t from the new capability as well by not having to face multiple sign-in portals when accessing he improved federation capabilities in Windows cloud-based apps. In essence, the new federation capa- Azure, announced in late November, promise fewer bility links AD changes between Microsoft server and Thassles for the numerous enterprises that use cloud environments. So, for instance, if an IT pro removes Microsoft Active Directory to manage both premises- an employee via AD in the local environment, then that based and cloud-based access to applications. Windows change will cut off the employee’s access to cloud-based Azure will support single sign-on capabilities in conjunc- applications. tion with AD on Windows Server for domain-joined The new federation improvement also extends to setting machines. While the company hasn’t set a release date for password policies. Changes made at the local environment Windows Azure Active Directory, Microsoft said it will be using AD will aff ect the Windows Azure Management Portal off ering access control in the cloud-based version free of password settings. User identities and passwords don’t charge upon release. leave the local environment but instead get processed “If you’re building a service in Windows Azure, you can on-premises, according to Microsoft. create your own tenant in Windows Azure and create users, and we let you manage those users, who can be connected One Small Step to your cloud services,” says Uday Hegde, principal group IT pros will get simpler management from this federation program manager for Active Directory at Microsoft. capability, according to Rob Sanfi lippo, an analyst with Furthermore, Hegde says Windows Server customers the Kirkland, Wash.-based Directions on Microsoft. running AD on-premises can connect to Windows Azure “The users that will realize a benefi t from on-premises Active Directory and make use of all its features. Active Directory federation with the Windows Azure As a consequence, IT pros can now connect users to Management Portal are developers working on Windows Windows Azure services by using the permissions that Azure-based projects and IT personnel that manage an they’ve already set up with AD on their premises-based organization’s Windows Azure deployments,” Sanfi lippo

identifi able information of their employees is protected or There are basic tools in the box, but organizations wanting to risk steep fi nes. reap the benefi ts of FCI and DAC will be best served by “Everyone, including small organizations, is going to say, Microsoft third-party partners. And that doesn’t only apply ‘let’s identify the fi les that are going to get our [butts] thrown to fi le classifi cation—organizations will require help in rec- in jail or cost us a lot of money,” Minasi says. “File Classifi ca- onciling existing groups and Group Policy attributes and tion Infrastructure will let us do that, and that’s what you get other AD administration functions. in Windows Server 2012.” Indeed, there are quite a few third parties with software Today users can right-click a fi le and classify a tab in the that can help IT add value to DAC and implement fi le properties. The alternative is the built-in FCI capability that classifi cation. Among them are CA, GigaTrust, NetIQ, will scan fi les, which then looks for attributes such as credit- NextLabs Inc., Quest Software, RSA, Stealthbits, Varonis card and Social Security numbers, or even that a JPEG fi le Systems and Websense Inc. was tagged by an MRI machine. “Going forward, you really want to be able to provide the insight and management that isn’t going to be available in the Data Classifi cation Toolkit initial tools from Microsoft,” says NetIQ’s Gookin. Microsoft also recently released its Data Classifi cat ion Tool k it , Paul Dean, a security product management advisor at CA, says which identifi es, classifi es and secures data running on multiple his company’s DataMinder Classifi cation r14.1 tool will help IT fi le servers in Windows Server 2012, Windows Server 2008 and make use of DAC. “What the combination of Dynamic Access Windows Server 2008 R2. The tool lets admins manage Control within Active Directory and FCI provides is the ability Central Access Policy across fi le servers. It generates wizards to ensure that the right people as defi ned within Active Direc- that let admins confi gure, export, import, and compare file clas- tory groupings have access to the right content based on the sifi cations and then centrally manage access policies on fi le classifi cations that we provide,” Dean says. “Our role in this is to servers, according to the Microsoft description of the toolkit. understand the content and context of the information itself.” Admins and developers can also use the tool to confi gure DAC to provision user and device claim values and central Will DAC Take Off ? access policies across AD forests. A template can generate There was a lot of interest in DAC at Quest’s annual The reports on central access policies residing on fi le shares. Experts Conference this past October, where the company held “Let’s be clear—the File Classifi cation Infrastructure several sessions on the topic. But Crane believes customers will Microsoft provides is really pretty basic,” Minasi warns. move cautiously. “They defi nitely like what they see,” he says.

28 | January 2013 | Redmond | Redmondmag.com | says. “These users will gain the convenience of using their management] contexts. FIM [Forefront Identity Manager] on-premises Active Directory credentials to access the has been out for a number of years without signifi cant Windows Azure Portal, which can eliminate the need to enterprise adoption. These other players—Okta, Symplifi ed, manage a separate Microsoft account for that purpose. Ping Identity and others—are moving toward and becoming “Also, Microsoft accounts are geared more toward full-fl edged identity 2.0 cloud providers.” consumers, so providing Active Directory account access to Windows Azure is a step forward for organizations that Support for Other Products need to manage identities that work with Windows Cser does believe the new Microsoft federation capability Azure, by giving them tighter control over which users will help organizations that support Bring Your Own Device can access organizational Windows Azure accounts and (BYOD) scenarios. “This step will defi nitely accelerate deployments.” adoption of BYOD strategies,” he says. “Microsoft has been In the larger world of federation services providers, increasingly realizing that it needs to do something about Microsoft’s new capabilities won’t likely obviate the need cloud and non-PC devices.” for the growing cadre of Identity Management as a Service Microsoft uses Windows Azure Active Directory with a (IDMaaS) providers, adds Andras Cser, a principal analyst number of its services, including Windows Azure itself on security and risk at Forrester Research Inc. and all of its Offi ce 365 services. Windows Azure Active Indeed, Centrify Corp. last month launched DirectControl Directory also is used with the Intune for SaaS, a Software as a Service (SaaS) iteration of its PC management service, as well as the Windows Server identity management off ering that extends AD to hundreds Online Backup service, which is a Windows Azure-based of other applications, services and platforms. And IDMaaS service for backing up Windows Server 2012 or Windows provider Okta Inc. last month also received a $25 million Server 2012 Essentials. round of Series C funding led by Sequoia Capital, bringing Microsoft claims to have processed more than 200 billion the total amount it has raised to $52 million. authentications via Windows Azure since its cloud-based “Microsoft’s off ering won’t push these players out of their authentication service was launched about a year ago. market, because Microsoft solutions usually mainly support Microsoft infrastructure only,” Cser says. “Microsoft is Kurt Mackie is online news editor for the 1105 Enterprise usually not taken seriously in IAM [identity and access Computing Group. Jeff rey Schwartz contributed reporting.

“Honestly, I think Dynamic Access Control in Windows Server too early for it, but I just want to make sure you guys are 2012 is a good fi rst step, and it’s probably good for small deploy- thinking about it.’ And we are. This customer in particular is ments. But there are a lot of gaps to be fi lled by Microsoft—and fairly forward-thinking. I think we’re on the cusp of this, but maybe some ISVs—that will allow greater adoption.” I haven’t heard from a lot of people who say, ‘we need this In contrast to Minasi’s belief that DAC will be a key reason functionality now,’ so far.” organizations deploy Windows Server 2012, some third parties However, Gibson says he’s not betting against DAC. “Gen- think shops will move slowly. “I don’t think people are going to erally, I don’t ever want to underestimate Microsoft,” he says. “They have a pretty good track record and they have the “Groups can get very much ability to redefi ne industry standards in a lot of ways.” out of control. You don’t have In particular, Gibson welcomes Microsoft’s use of metadata and notes the implementation of expression-based claims for any idea who has access to all access control is a positive move away from the typical hierar- of the resources through all of chical access-control model. “If you’ve ever searched for these groups.” something, you know how important metadata is,” he says. “And good metadata can be the difference between good Tom Crane, Program Manager, Quest Software decisions and not-so-good decisions. The fact that they’re embracing some of the metadata in these expression-based run out over the next three months and knock down the door access-control lists, I think is a step in the right direction.” to buy Windows Server 2012 so they can roll this out,” says Others, such as CA’s Dean, believes DAC will catch on Stealthbits’ Flynn. “But one of the things we’re working with quickly. “More CSOs I meet these days say, ‘I need to enable people on is, ‘how do you identify your high-risk content so you the business to get access to information so they can do their can go stand up just a single Windows Server 2012 and put jobs.’ This is particularly relevant when you get into a hybrid these advanced Dynamic Access Controls around content environment where content can be in many places such as the that’s most sensitive to the organization?” cloud, mobile devices and the like,” he says. “DAC enables David Gibson, vice president of marketing at data gover- access to information while maintaining the controls around nance software provider Varonis, is also seeing tepid demand. who can access it, particularly from a risk perspective.” “It’s mostly the vendors that seem to be talking about it,” Gibson says. “I had one of my customers say: ‘It looks really Jeffrey Schwartz is executive editor of Redmond.

| Redmondmag.com | Redmond | January 2013 | 29 FEATURE | System Center 2012 SP1 INSIDE

Improvements include extended OS compatibility, upgrades to Data Protection Manager and a boost in virtualization performance, along with support for the latest Hyper-V release.

By Brien M. Posey

hen Microsoft announced Furthermore, Microsoft now supports clients on servers the first service pack for running Linux and Unix, as well as Apple Macintosh com- System Center 2012 last puters. These clients allow for hardware inventory collection summer, many thought it and software deployment. The Mac client also lets IT manage wasW all about supporting Windows Server 2012. But this compliance-related settings. service pack includes far more, including upgrades to Data Protection Manager (DPM), improved support for virtual- System Center Data Protection Manager ization and a large number of enhancements to System Microsoft has improved performance and added support for Center Operations Manager and System Center Confi guration Windows Server 2012 Hyper-V in System Center 2012 SP1 Manager. Redmond doesn’t always do a deep dive on service DPM. Most of the performance improvements apply to packs, but with so many additions to the fl agship Microsoft backups of Cluster Shared Volumes (CSV). DPM 2012 SP1 systems management platform, it seemed appropriate to give introduces CSV 2.0 support, which means up to a 90 percent System Center 2012 SP1 a test-drive. I’ll outline new capa- improvement in the performance of express full backups. bilities coming to System Center 2012 when the service pack, Furthermore, there’s no longer a difference in performance now in beta, ships early this year. between backing up owner nodes and non-owner nodes. Microsoft also made a number of improvements that allow Expanded Compatibility DPM 2012 SP1 to work seamlessly with live migrations. A live Arguably the most important enhancement is added compat- migration refers to the act of moving a running VM from one ibility with previously unsupported OSes and products. In Hyper-V host server to another. Although live migrations the case of System Center Confi guration Manager 2012, for have historically made backups of VMs more diffi cult, DPM example, Microsoft has added support for Windows Server 2012 SP1 is designed to continuously protect VMs even when 2012, Windows 8 and SQL Server 2012. migrated. This applies to migrations within a cluster, or

30 | January 2013 | Redmond | Redmondmag.com | IMAGES FROM SHUTTERSTOCK Microsoft System Center 2012 SP1

migrations between a Hyper-V cluster and a standalone Prior to the fi rst service pack, VMM 2012 included options Hyper-V host server. to create small or large virtual hard disks in VHD format. When protecting VMs, the service pack for DPM will enable This option still exists, but Microsoft has added the option to IT pros to exclude VM pagefi les from incremental backups. create small or large virtual hard disks in VHDX format. In This simple modifi cation goes a long way toward improving addition, VMM 2012 SP1 allows legacy VHD-based virtual backup effi ciency because pagefi le contents tend to change hard disks to be converted to VHDX. rapidly. Attempting to include a pagefi le in a backup can VMM also provides some new options for migrating VMs. increase the virtualization host’s workload while also unneces- The fi rst option is to perform a live migration. Although live sarily consuming excessive storage space on the backup target. migration capabilities have existed for quite some time, there With the added support for Windows 8, IT pros who are some new options. Previously it was only possible to live deploy the new OS will notice improvements in how volumes migrate VMs within a Hyper-V cluster. are duplicated. Such volumes can be backed up in a way that Hyper-V host-cluster migration is still supported, but it’s maintains the fi le system’s integrity, but without consuming also possible to live migrate VMs between two standalone excessive space on the backup media. Windows Server 2012 Hyper-V hosts. In order to accom- Although many of the changes Microsoft has made to DPM plish this, however, the VM components (confi guration fi les, 2012 SP1 are specifi cally geared toward backing up next- virtual hard disks and checkpoints) must be stored on a generation OSes, some of the changes are intended to make Server Message Block (SMB) 3.0 fi le share. SMB storage is working with DPM 2012 SP1 easier and more practical. For also supported for live migrating VMs within a Hyper-V starters, DPM 2012 SP1 provides for centralized management host cluster. of all of your DPM servers, and those servers can share a single SQL Server instance. Another welcome improvement is support for certifi cate- New in System Center 2012 SP1 based authentication for computers that aren’t joined to a •Compatibility: Windows 8, Windows Server 2012, domain or that are joined to an un-trusted domain. In the past, SQL Server 2012 administrators would have had to jump through several hoops if •Data Protection Manager: Continuously protects they wanted to back up data that was stored on these types of VMs when migrated, including those within a cluster machines. The support for certifi cate-based authentication now or migrations between a Hyper-V cluster and a makes it almost as easy to backup non-domain members as it is standalone Hyper-V host server to back up computers within the local Active Directory forest. •Virtual Machine Manager: Support for the new VHDX virtual hard disk format, the new VHD in Windows System Center Virtual Machine Manager Server 2012 Hyper-V; VHDXs can be up to 64TB in size and are optimized for use on physical hard disks The vast majority of new features in System Center 2012 SP1 with large sector sizes for Virtual Machine Manager (VMM) are related to Windows •Operations Manager: The 360 .NET Application Server 2012 Hyper-V. Monitoring Dashboards monitor .NET apps, giving One of the most important updated VMM features is sup- admins an aggregate view of an app’s health based on port for the new VHDX virtual hard disk format. VHDX is a the various tiers at which the application is monitored new type of virtual hard disk that’s supported by Windows •Confi guration Manager: Can generate e-mail alerts Server 2012 Hyper-V. This type of virtual hard disk can be up based on nearly all the product’s features, and to 64TB in size and is optimized for use on physical hard disks administrators can use Windows PowerShell with large sector sizes.

| Redmondmag.com | Redmond | January 2013 | 31 FEATURE | System Center 2012 SP1

The next type of migration supported by VMM 2012 SP1 is As noted, Microsoft has added client support to Confi gura- known as live virtual system migration, or live VSM. This is tion Manager for Apple OS X and Unix and Linux servers. used to live migrate VMs between two standalone Windows Even so, Confi guration Manager has primarily served as Server 2012 Hyper-V hosts or within a host cluster. What a tool for managing Windows environments. As such, makes this type of migration different from a typical live Microsoft has made some improvements to the way Windows migration is that SMB storage isn’t required. In fact, if you’re clients are supported. migrating a VM from one standalone host to another, then the One such improvement is support for Always On, Always VM storage can’t be visible to the destination host. If, on the Connected-capable devices running Windows 8. The client is other hand, the migration is occurring within a Hyper-V host able to tell whether the device is plugged in or whether it’s cluster, then SMB 3.0 storage and CSV are both supported. running on battery power, as well as the amount of battery power remaining. These factors are used in making decisions about whether to perform management operations against VMM also provides some the client now, or if those tasks should be postponed until the device is plugged in. new options for migrating There are a number of other states the client can detect with VMs. The fi rst option is to Always On, Always Connected devices. For instance, the client can tell if networking is enabled, if the device is in idle perform a live migration. mode and if a metered Internet connection is being used. However, in order for Always On, Always Connected support to be enabled, the client must be running Windows 8 and The third type of migration supported by VMM 2012 SP1 it must be equipped with an x86 or x64 CPU. Windows RT is a live storage migration. When you perform a live devices are not supported. storage migration, only the VM storage is moved. In the case Another noteworthy feature for Windows 8 clients is sup- of standalone Windows Server 2012 Hyper-V hosts, storage port for metered connections. An administrator can control can be transferred between two different SMB 3.0 fi le how Confi guration Manager communicates with clients that shares—between local disks or between a local disk and an are connected over a metered Internet connection. The SMB 3.0 fi le share. In the case of a Hyper-V host cluster, administrator can allow or block client communications, or storage migrations can occur between CSVs, SMB 3.0 fi le he can limit communications so the client only talks to shares, or between a CSV and an SMB 3.0 fi le share. Confi guration Manager under certain circumstances. For

System Center Operations Manager Many of the enhancements Microsoft added in Operations Probably the most- Manager 2012 SP1 are geared toward developers. However, there are some improvements that administrators will also fi nd welcome additions to benefi cial. For example, Microsoft has included some new management packs for Windows Server 2012 and for IIS 8. Operations Manager are Probably the most-welcome additions to Operations Manager the 360 .NET Application are the 360 .NET Application Monitoring Dashboards. The basic idea is that admins can monitor .NET applications on Monitoring Dashboards. several different levels. The dashboards allow administrators to see an aggregate view of an application’s health based on the various tiers at which the application is monitored. The 360 example, an administrator might choose to allow communica- .NET Application Monitoring Dashboards provide application tions over a metered connection if the installation deadline is health information based on Web Application Availability reached for a required software deployment, but not for other Monitoring, the Global Services Monitor and .NET Applica- types of software deployments. tion Performance Monitoring. These dashboards provide full drill-down capabilities that allow you to gain valuable insight Scratching the Surface into the nature of issues that might be detected. System Center 2012 SP1 offers numerous improvements and enhancements to the System Center 2012 product line. This System Center Confi guration Manager overview just scratches the surface—for a comprehensive list Microsoft has made a staggering number of enhancements to of service pack features, check out “What’s New in System Confi guration Manager in System Center 2012 SP1. Some of Center 2012 SP1” on TechNet (bit.ly/PUohUs). these enhancements affect the overall operation of the product. For example, you can now generate e-mail alerts based on Brien M. Posey is a seven-time Microsoft MVP with more than nearly all of the product’s features. Likewise, System Center two decades of IT experience. He’s written thousands of articles and 2012 SP1 contains full support for operating Confi guration several dozen books on a wide variety of IT topics. Visit his Web site Manager through Windows PowerShell. at brienposey.com.

32 | January 2013 | Redmond | Redmondmag.com | YEARS OF IT EDUCATION

ORLANDO March 4-8, 2013 GET INSIDE THE Buena Vista Palace IT CLASSROOM

IN-DEPTH, MUST-HAVE TRAINING FOR IT PROS

Get in-depth tech training This 5-day event is for IT professionals Connect with IT experts seeking real-world, Network with peers and industry insiders in-depth and unbiased Choose from over 60 educational technical training. sessions in 9 diverse tracks (fl ip over for track listing!) ¬

0113red_TechMentor_Tip-In_Insert.indd 1 12/3/12 11:59 AM TECHMENTOREVENTS.COM/ORLANDO

TechMentor tracks are led by the best speakers, teachers and leaders in the IT fi eld:

Windows PowerShell and Automation Cisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration Microsoft Certifi cation Training

Register Before January 16 and Save $300! Use Promo Code TIP1

0113red_TechMentor_Tip-In_Insert.indd 2 12/3/12 11:59 AM DecisionMaker by Don Jones Eschewing Windows 8 Is a Misguided IT Strategy

little more than three months have passed since Windows XP, for the most part. It worked. Most companies only started Microsoft released Windows 8, and in talking moving to Windows 7 when it became A really, really obvious that Microsoft with dozens of corporate customers, the verdict would no longer extend the Windows is: “No, thanks.” XP support lifecycle and something had to be done. Unlike Windows Vista, however, this (and due to the fact it was far superior give-it-a-pass attitude doesn’t seem to to the Windows 3.11 it replaced). Rethinking Desktop be refl ective of a poor perception of Windows 98 got a pretty good uptake Homogeneity the quality or readiness of the OS. At too, and used more or less the same Now, it seems that every company most, folks are still skittish about the management and deployment tech- believes it must have one true version so-called “Metro-style desktop.” How- niques. Corporations took a pass on of Windows on the client. No mixed ever, as I’ve written before (see my IT Windows Millennium Edition. versioning. Windows 7 or bust—no Decision Maker blog post, “Windows 8: Plenty of companies moved to mixing in Windows 8 … except maybe What Microsoft Isn’t Telling You,” at Windows 2000 Workstation when it on IT staff machines, and maybe for a Redmondmag.com/Jones102312), was released. Most companies were com- few infl uential executives who just get everyone seems to like it fi ne in the fortable running mixed environments at what they want. context of a “dashboard” rather than an the time. They weren’t necessarily Now, I totally get the benefi ts of a “alternate desktop.” No, the corporate thrilled about it, but it happened, and homogenous client environment. I do. attitude of “we’ll skip this release” they got by. Sure, some companies went But who’s kidding who? We live in an seems solely a refl ection of modern IT as homogenous as possible, usually with age where we’re more heterogeneous realities. Businesses just aren’t going to the NT-track OSes, but not all. than ever. Why not just accept the fact jump on every new OS version that Then along came Windows XP or, as that we can manage multiple client OS comes down the line. Most companies I like to call it, “the beginning of the versions—or at least we should be able to—and use this as a reason to bring those skills and techniques up to speed? Now, it seems that every company believes it must We don’t freak out about multiple server have one true version of Windows on the client. OS versions in the datacenter—I have clients running nearly every version of SQL Server that’s been released in the have their Windows 7 deployment end.” At least it was the beginning of past decade, on a smorgasbord of plans well underway, if not complete, the end in terms of how IT did business Windows OS versions. They’re fi ne. and they’re just not interested in making to that point. With Windows XP, So maybe, just maybe, we should let room for Windows 8. businesses had around fi ve years to get some Windows 8 sneak into our envi- comfortable with the OS. Five years is ronments for regular users. Start getting Traditional Windows enough time to cycle through all of the adept at having the right tools, and the Upgrade Patterns client hardware in your environment, right knowledge, to manage it alongside I think that might be a bit misguided— too, as even the oldest computer would Windows 7. And Windows XP. And and it might be a strategy born in a be fully depreciated by that time. At whatever else walks in the door. world that no longer exists. In that long last, pretty much everyone could world, more than two decades ago, have a homogenous client environment. Don Jones is a principal technolo gist for most corporations deployed Windows Consequently, many companies strategic consulting fi rm Concentrated 95 pretty widely because it was the fi rst skipped Windows Vista, which further Technology. You can contact him via new version of Windows in a long time solidifi ed Windows XP. They liked ConcentratedTech.com.

| Redmondmag.com | Redmond | January 2013 | 33 YEARS OF IT EDUCATION

ORLANDO March 4-8, 2013 Buena Vista Palace

GET INSIDE THE IT CLASSROOM

TechMentor is returning to sunny Orlando for 5 days of information-packed sessions and workshops! Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce.

Untitled-3 2 12/3/12 11:18 AM TECHMENTOREVENTS.COM/ORLANDO

TechMentorTechMentor session topics incinclude:lude:

Windows PowerShell and Automation Cisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration Microsoft Certifi cation Training: 70410, 70411, 70412, Register today and get inside 70413, 70414 the IT classroom! There’s a Turn the page lot of knowledge out there just for the FULL agenda! waiting for you – TechMentor is an experience you won’t want to miss. CLASS T R I O E O

M Save H $300! T

Register before January 16 Use Promo Code TMOJAN

SUPPORTED BY PRODUCED BY

Untitled-3 3 12/3/12 11:18 AM PSH: Windows PowerShell INF: Cisco and Networking SRV: Windows Server CLI: Windows Client VIR: Cloud and and Automation Infrastructure Management Management Virtualization

70410, 70411, 70412, SEC: Identity, Access PRF: Performance Tuning MSG: Messaging MOB: Mobility and BYOD 70413, 70414 Certifi cation Management, and Security and Troubleshooting and Collaboration Meta-Tracks

START TIME END TIME Pre-Conference Workshops - Monday, March 4, 2013 (Separate Entry Fee Required)

AGENDA 8:00 am 9:00 am Registration - Coffee and Morning Pastries MW1 - Workshop: Don Jones Presents - MW2 - Workshop: Get CCNA Certifi ed! WM3 - Workshop: Getting Started with the 9:00 am 5:00 pm A Windows PowerShell One-Day Crash Course A Seven-Hour Cram Session New MCSA: Get Ready for the 70-410 Exam - Don Jones (PSH) - Joe Rinehart (INF) - Ed Liberman (SRV & 70410)

5:00 pm 6:30 pm Evening Event

START TIME END TIME Conference Day 1 - Tuesday, March 5, 2013

7:00 am 8:00 am Registration - Coffee and Morning Pastries

8:00 am 9:00 am Keynote: Details Coming Soon

T01 - Building a Microsoft Private Cloud with Hyper-V & VMM 2012 T02 - Learn the Secrets of T03 - Windows Azure & Offi ce 365 9:15 am 10:30 am Part 1 - Connecting the Fabric Windows PowerShell Remoting for Your Business 101 and Clustering Hyper-V - Don Jones (PSH) - Laura Hunter (VIR) T04 - Exam Prep 70-411: - Greg Shields (VIR, 70246 & 20247) Installing and Confi guring Windows Server 2012 T05 - Building a Microsoft Private T06 - Securely Delegating T07 - How Microsoft Implements - Bruce Rougeau (SRV & 70411) Cloud with Hyper-V & VMM 2012 Administration via Windows 10:45 am 12:00 pm Identity & Access Solutions Part 2 - Working with VMM PowerShell - Laura Hunter (SEC) Profi les & Templates - Greg Shields - Don Jones (PSH)

12:00 pm 2:00 pm Lunch & Expo T08 - Building a Microsoft Private Cloud with Hyper-V & VMM 2012 T09 - Building Your Own 2:00 pm 3:15 pm Part 3 - Creating and Deploying PowerShell Tools! T04 - Exam Prep 70-411: Server App-V Packages - Don Jones (PSH) T10 - IPv6 for the Reluctant Installing and Confi guring - Greg Shields Windows Administrator Windows Server 2012 - Edward Horley (INF) T11 - Building a Microsoft Private T12 - Making Management - Bruce Rougeau (Session Continues) Cloud with Hyper-V & VMM 2012 Reports with Windows 3:30 pm 4:45 pm Part 4 - Building and Managing PowerShell VMM Services - Greg Shields - Don Jones (PSH)

4:45 pm 6:30 pm TechMentor Exhibitor Reception

START TIME END TIME Conference Day 2 - Wednesday, March 6, 2013

7:30 am 8:00 am Registration - Coffee and Morning Pastries

8:00 am 9:00 am Keynote: Details Coming Soon

W01 - Integrating Offi ce 365 into W02 - Achieving Enterprise Class W03 - IP Management in your On-Premise Active Directory High Availability with Windows 9:15 am 10:30 am Windows Server 2012 Infrastructure Server 2012 Failover Clusters W04 - Exam Prep 70-412: - Don Jones (INF, SRV & 70413) - John O’Neill Sr. (VIR) - Bruce Mackenzie-Low (SRV & 70414) Confi guring Advanced Windows Server 2012 Services W05 - iPads, Androids and Other W06 - Manage Server 2012 Like W07 - Automating IPv6 Network- - Bruce Rougeau (SRV & 70412) 10:45 am 12:00 pm Tales from the Consumerization a Pro or, Better, Like an Evil ing with Windows PowerShell of IT - Laura Hunter (MOB) Overlord! - Mark Minasi (SRV) - Edward Horley (INF & PSH)

12:00 pm 1:30 pm Roundtable Lunch & Expo W08 - New Windows Perfor- mance Toolkit for Troubleshoot- W10 - Developing a Secure and 1:30 pm 2:45 pm ing Windows 8 and Windows Cohesive B.Y.O.D Strategy Server 2012 - Bruce Mackenzie- W09 - Using Free - John O’Neill Sr. (MOB) W04 - Exam Prep 70-412: Low (PRF, SRV & CLI) Tools to Measure and Improve Confi guring Advanced Windows Windows Performance Server 2012 Services W11 - Monitoring and Tuning - Jeff Stokes (PRF) W12 - Managing Remote PCs - Bruce Rougeau (Session Continues) System Performance on Windows 3:00 pm 4:15 pm with Windows InTune 8 and Windows Server 2012 - John O’Neill Sr. (CLI) - Bruce Mackenzie-Low (PRF)

4:15 pm 4:45 pm Sponsored Break W15 - Implementing and Integrat- W13 - Advanced Windows W14 - Taming VDI in the W04 - Exam Prep 70-412: ing Microsoft DirectAccess for Troubleshooting for Fixing the Enterprise: Performance, Confi guring Advanced Windows 4:45 pm 6:00 pm Remote Access and Everywhere Blue Screen of Death Scalability, and Reliability Server 2012 Services Mobility - John O’Neill Sr. (MOB, - Bruce Mackenzie-Low (PRF) - Jeff Stokes (VIR) - Bruce Rougeau (Session Continues) SRV, CLI & 70413)

Untitled-3 4 12/3/12 11:18 AM AGENDA 12/3/12 11:19 AM IIS Crash Course IIS Crash Course Jason Helmick (SRV) - Jason Helmick Jason Helmick (SEC) - Jason Helmick AD Certifi cate Services AD Certifi - Bulletproof Tactics in Tactics TH06 - Bulletproof Anywhere, Any Time, on Any Any Time, Anywhere, - The Ultimate Half-Day The Ultimate Half-Day TH09 - - The Ultimate Half-Day TH09 - Secure Windows Management - PowerShell Web Access: Access: Web TH04 - PowerShell Securing Confi dential Data with Securing Confi Jason Helmick (Session Continues) - Jason Helmick Jason Helmick (PSH & SRV) Device - Jason Helmick - Mark Minasi (SRV) (Separate entry fee required) (Separate and System Center David Tesar (SRV & VIR) & (SRV Tesar - David Mark Minasi (SRV & INF) - Mark Minasi (SRV A Guide to Understanding and Using Windows-based Storage A Guide to Understanding and Using - Eliminating BYOD TH05 - Eliminating BYOD Enabled - Mark Minasi (SEC) Matthew B. Parks, Sr. (MOB) Sr. Parks, B. - Matthew Matthew B. Parks, Sr. (MOB) Sr. Parks, B. - Matthew Workable Tablet Solution...? Tablet Workable 8 and Windows RT: Finally, a Finally, Windows RT: 8 and TH03 - Designing and Imple- Reimagined and Compliance- Be Your Director of Protocol(s) Your Be Access Control: The File Share, The File Share, Access Control: Infrastructure with App-V, RDS, RDS, App-V, Infrastructure with TH12 - Understanding Dynamic - Better Networking, More TH15 - Better Networking, menting an Application Delivery menting an - Deconstructing Windows TH08 - Deconstructing - Workshop: Pools for the Perplexed and iSCSI for the Unitiated: Pools for the Perplexed and iSCSI for the Unitiated: Workshop: FW02 - Net Gains: How Server 2012 Can How Net Gains: Headaches with Windows 8-to-Go Headaches with er year.” er year.” techmentorevents.com Ō Lunch TechMentor Conference Wrap-Up TechMentor Registration - Coffee and Morning Pastries Registration - Coffee and Morning Pastries Registration - Coffee and Yung Chou (VIR) - Yung - Blain Barton (VIR) Windows Server 2012 David Tesar (VIR & SRV) Tesar - David Windows Administrator VMs inside Windows Azure TH14 - Deploying a Remote TH02 - Getting Comfortable Desktop Infrastructure atop Exploration for the Skeptical Exploration for the Skeptical Conference Day 3 - Thursday, March 7, 2013 March 7, Thursday, Day 3 - Conference with Windows Azure: A with Windows Azure: Half-Day - Tips and Tricks for Building Tricks Tips and TH11 - Mark Minasi (Moderator), Blain Barton, J. Peter Bruzzese, Jason Helmick, Matthew B. Parks, Sr. Yung Chou (SRV) - Yung and depth of ended. The knowledge Ʃ Post-Conference Workshops - Friday, March 8, 2013 March 8, - Friday, Workshops Post-Conference a me coming back year on keeps Ɵ - William Deniston, IT Network Analyst, Public Health - Idaho North Central District Public Health - Idaho North Central Analyst, IT Network William Deniston, - liked I lot. a learned I sessions!! onal Ɵ What to Ignore “This is one of the best technology conferences “This conferences technology is one of the best Microsoft Exchange 2013: Where to Focus, Where to Focus, 2013: J. Peter Bruzzese (MSG) Peter - J. J. Peter Bruzzese (MSG) Peter - J. J. Peter Bruzzese (MSG) Bruzzese Peter - J. TH07 - Best Practices in - Workshop: Mad About Windows Server 2012 in 7 Ways Ways Windows Server 2012 in 7 About Mad Workshop: FW01 - Adding High Availability to Availability Adding High 2010 Before Exchange 2013 J. Peter Bruzzese (MSG & VIR) Bruzzese (MSG & Peter - J. TH10 - Migrating to Exchange I have ever a ever I have - What’s New in Exchange New What’s TH01 - Virtualizing Microsoft Exchange Virtualizing Microsoft Exchange - Tips and Tricks in Smartly Tricks Tips and TH13 - informa facebook.com – search “TechMentor” – search facebook.com .com – search “TechMentor” – search linkedin.com twitter.com/techmentorevent - @TechMentorEvent twitter.com/techmentorevent 8:30 am 12:30 pm 8:00 am 8:30 am 8:00 am 9:15 am 9:30 am 10:45 am 7:30 am 8:00 am 2:45 pm 4:00 pm 4:15 pm 5:00 pm 1:15 pm 2:30 pm 11:00 am 12:15 pm 12:15 pm 1:15 pm START TIMESTART END TIME START TIMESTART END TIME Sessions and speakers subject to change Sessions and speakers “Outstanding, educa “Outstanding, sessions with in-depth introductory the of high-level excellent.” all were speakers various The ones. technical Lab Exelis Inc./Naval Research Systems Engineer, - Scott Borders, CONNECT WITH TECHMENTOR! “A great mix of technologies being covered by by being covered mix of technologies great “A presenters.” and entertaining knowledgeable Solutions CareTech Administrator, Enterprise Backup Roskey, - Rick What your fellow IT Professionals said said IT Professionals fellow What your . . . 2012 event about the TechMentor Buena Vista Palace Vista Buena | FL | ORLANDO, 2013 4-8, MARCH Untitled-3 5 WindowsInsider by Greg Shields Create an Active Directory ‘Appliance’ with Windows Server 2012

ook closely the next time you install Windows Server which can either be created manually or via the New-ADDCCloneConfi g 2012. You’ll notice a subtle wording change in Windows Windows PowerShell cmdlet. L Windows Server 2012 supports Setup where you’re asked to select the OS you want “Virtualization-Safe Technology.” DCs to install. This release’s default OS is Windows Server 2012 in Windows Server 2012 now detect when a previous snapshot is being applied (Server Core Installation). One must consciously take the and will take action to protect AD from corruption. The feature is facilitated by action and change that selection to its Deploy That Appliance! the new VM-GenerationID, which alternative: Windows Server 2012 (Server Deploying DCs has long been a detects and employs the necessary safety with a GUI). nuisance. But Windows Server 2012 measures. Note your hypervisor platform Curious about this new and changes things with its remote-friendly must also support VM-GenerationID somewhat-leading verbiage, I cornered Server Manager. Active Directory for these protections to work. Microsoft Distinguished Engineer and Domain Services (AD DS) deploy- Lead Architect for Windows Server ments in Windows Server 2012 are Manage That Appliance and System Center Jeffrey Snover to now fully remoteable via both the Many IT pros in the past shunned inquire about the change. “Server Server Manager GUI and the Windows Server Core due to worries about day- Core is our recommended confi gura- PowerShell command line. Both are to-day management tools. Too often, tion, and so we wanted people [with useful features for a Server Core OS AD management happened exclusively Windows Server 2012] to have to make that’s almost entirely UI-free. on the console of the provisioned DC. Microsoft furthers its nudge toward Admittedly, not every server might be a Server Core the DC-as-appliance with new and enhanced remote management tools. candidate, but a large and growing number are. Windows desktops get a new GUI for the AD Recycle Bin and for confi guring a conscious decision not to install it,” Provisioning the fi rst DC in a Fine-Grained Password Policy, while he told me. domain is a task that generally requires the AD Administrative Center adds a So “not” installing Server Core now interactivity. It was deploying the next Windows PowerShell history viewer. requires a conscious rejection, eh? two, three or three dozen that—in the Combine this new graphical exposure That’s a subtle and gutsy move for past—required too much manual effort with the improved Windows PowerShell Microsoft. It’s also a smart one. Server just to confi gure a few settings. DCs by experience in AD, and the notion of Core offers a smaller attack surface, design are intended to be mirror images remote management for the AD appli- reduced resource requirements, and of each other, or “clones,” if you will. ance grows ever more approachable. diminished support for the kinds of That said, until now the virtual Admittedly, not every server might apps one really shouldn’t install onto environment activity we think of as be a Server Core candidate, but a large servers such as domain controllers. “cloning” hasn’t been an option. and growing number are. For those— These servers have long served a Virtual Domain Controller Cloning such as DCs—that fi t, Windows Server specifi c and often single purpose in in Windows Server 2012 removes that 2012 offers a perfect opportunity to Windows environments. It only makes limitation. Source DCs can now be get your appliance on. sense that we begin treating them like added to a new Cloneable Domain the appliances they are. If you view them Controllers group and then cloned by Greg Shields is a partner and principal alongside all the other appliances, you your favorite hypervisor. DCs must technologist with Concentrated Technology, might just think about getting over fi rst be outfi tted with a special con- an IT analysis and strategic consulting fi rm. your Server Core wariness. fi guration fi le, DCCloneConfi g.xml, Contact him at ConcentratedTech.com.

38 | January 2013 | Redmond | Redmondmag.com | Untitled-2 1 4/9/12 3:42 PM FoleyOnMicrosoft by Mary Jo Foley

Microsoft’s Next CEO: Who’s on the Short List?

ollowing the surprising immediate departure of and Tools Business. Before that, he was senior VP of R&D for the Online Windows President late last year, many Services Division (Bing, MSN and F advertising). And before that, he led are asking who will be CEO Steve Ballmer’s successor. the Microsoft Business Solutions unit (Dynamics ERP and Dynamics CRM). The talk persists despite the fact that potentially positioned to lead the He defi nitely has cross-unit knowledge. Ballmer told The Wall Street Journal late new, devices- and services-centric The Trojan Horse (Take Two): last year he had no intentions of vacating Microsoft? Here are a few of the Stephen Elop When Elop moved from the CEO chair any time soon; he said names I’ve heard bandied about. president of the Microsoft Business he plans to stick around unt il the board The Not-So-Dark Horse: COO Division in 2010 to join Nokia as CEO, thinks he can’t handle the job. Kevin Turner Turner was at one point some joked he might be a Trojan horse. I’ve seen some individuals say Sinofsky seen as a Ballmer-backed shoo-in for The speculation—some idle, some left Microsoft because he realized he the next Microsoft CEO. If you look at serious—was that Elop went to Nokia at couldn’t take over Ballmer’s CEO seat. the latest Redmond pay and bonus Ballmer’s and the board’s behest to turn I’m not convinced (nor are a number of cheat sheet, the highest-paid exec at Nokia into Microsoft’s new Windows the Microsoft-savvy folks with whom I the company is Turner. He’s not too Phone headquarters. That talk died down chat) that Sinofsky taking over as CEO popular with Microsoft employees, but as rumors grew of Microsoft possibly was his—or the Microsoft board’s— bean counters seldom are. making its own Surface Phone. immediate or long-term plan. Still on the Short List: Windows Leading Outside Man: Reed Those caveats aside, guessing games Chief Financial Offi cer and Chief Hastings Hastings, the CEO of Netfl ix, around Microsoft CEO succession Marketing Offi cer Tami Reller joined the Microsoft board back in plans aren’t new. Not so long after Bill Reller joined Microsoft back in 2001, 2007. Until October 2012, when he Gates relinquished his CEO title at when Microsoft bought Great Plains abruptly resigned from the board with Microsoft to Steve Ballmer in 2000, Software, where she had worked since little explanation as to why, some there was lots of speculation about 1984. She moved to the Windows team believed he might be one of the few which of the so-called “Baby Bills” in 2007. She’s the lead of business and “outsiders” who could make a realistic, would rise to prominence. That list, marketing strategy for Windows lasting play for the next CEO spot. dating back to 2003, included a number devices, including Surface and OEM I’ve heard a couple Microsoft of Microsoft execs who are still with the devices, in addition to her existing watchers speculate Sinofsky could company (and an equal number who are marketing and fi nance work. make a comeback as CEO one day, now gone from Redmond). Those still Representing the New Guard: similar to the way that Steve Jobs left with Microsoft include Chris Jones, Tony Bates Bates joined Microsoft as Apple and then managed a triumphant Windows Services; Yusuf Mehdi, part of the Skype acquisition, and is now return. I’m not so sure about that. gaming; Tami Reller, Windows; and president of the Skype Division. Before Who do you think might be Ballmer’s Eric Rudder, technical strategy. working at Skype, Bates was a GM of heir apparent now? A lot has happened at Microsoft since the Cisco Enterprise, Commercial and 2003. Now, 10 years later, who’s Small Business group. The Microsoft Mary Jo Foley is editor of the ZDNet CEO needs to be a Jack of all enterprise All About Microsoft blog and has been GetMoreOnline and consumer trades, these days. covering Microsoft for more than two The Geek Guy: decades. She is author of the book For more on Sinofsky’s departure Nadella has worked across quite a variety “Microsoft 2.0” (John Wiley & Sons, and his possible successors, go to Redmondmag.com/Foley0113. of business units at the company. He’s May 2008), which examines what’s next currently the president of the Server for Microsoft in the post-Gates era.

40 | January 2013 | Redmond | Redmondmag.com | It’sIt’s thethe oneone timetime havinghaving youryour headhead inin thethe cloudsclouds isis aa goodgood thing.thing.

Call us crazy, but we think there’s a better way to fax other than relying on clunky machines or in-house servers. Esker offers Cloud Faxing solutions to achieve fax flexibility and reliability without hardware RUVRIWZDUHKHDGDFKHV¬

Discover the advantages of Cloud Faxing: ƒ No upfront investment ƒ Pay-as-you-go efficiency ƒ Repurpose IT resources to core business ƒ 24x7x365 availability

© 2010 Esker S.A. All rights reserved.Find Esker out and the more Esker logo at are www.esker.com/cloudfaxregistered trademarks of Esker S.A. All other trademarks are the property of their respective owners.

Untitled-6 1 10/4/11 2:27 PM MIGRATING TO OFFICE 365? PLAN ON ZEROIMPACT WITH QUEST.

When it comes to migration, Quest stands alone as the leader. We’ve successfully migrated more than 30 million global users to Microsoft® technologies. Meaning? Your Office 365 migration will be safe, secure and on time—without breaking the budget.

No headaches, no hassles, no impact—no competition. Migrate to Office 365 with simply the best in the business —Quest Software. Learn more at quest.com/ZeroImpactMigrating.

Quest Software is now a part of Dell

© 2012 Quest Software Inc. Quest, the Quest Software logo, and Simplicity at Work are trademarks of Quest Software, Inc. For a complete list of Quest trademarks visit http://www.quest.com/legal/trademarks.aspx. PrintAd-ZeroIMPACT-Redmond2012-KS

Untitled-1 1 12/3/12 11:04 AM