Redmondmag.Com Group Policy Grows with Windows

0506red_cover.v6 4/18/061:31PMPage1

MAY • $5.95 page 29 Tough toBeat Features Are New Admin 05 > page 29 Tough toBeat Features Are New Admin

7125274 867 27 Attack oftheBall-PointPens Attack Attack oftheBall-PointPens Attack Nobody DoesItBetter Readers’ ChoiceAwards 38 A 06WWW.REDMONDMAG.COM MAY 2006 That FitonYour Keychain Apps To Go:20 Programs 61 61 53 Project1 4/11/06 3:14 PM Page 1

8)&/ %*4"45&3 i)FMMP IFMQEFTL w 453*,&4 3&"$) '03 "%.*/*453"5034 1", 3FQBJS BO VOCPPUBCMF TZTUFN $IBOHF B MPTU "ENJOJTUSBUPS QBTTXPSE 3FDPWFS EFMFUFE PS MPTU EBUB %JBHOPTF TZTUFN BOE OFUXPSL JTTVFT 3FNPWF NBMXBSF XIJMF B TZTUFN JT PGnJOF #VZ POF "ENJOJTUSBUPST 1BL BOE HFU B TFDPOE GPS 4FFCBDLGPS EFUBJMT '3&& &WBM 8JOUFSOBMTDPN#VZ(FU Project1 4/11/063:15PMPage2

ª 8JOUFSOBMT 4PGUXBSF -1 "MM USBEFNBSLT BSF QSPQFSUJFT PG UIFJS SFTQFDUJWF PXOFST JO UIF 64 BOEPS PUIFS DPVOUSJFT 8JOUFSOBMT EJTDMBJNT QSPQSJFUBSZ JOUFSFTU JO UIF NBSLT BOE OBNFT PG PUIFST

0GGFS MJNJUFE UP B TJOHMF "ENJOJTUSBUPST 1BL QFS DVTUPNFS "ENJOJTUSBUPST 1BL MJTU QSJDF JT $FSUBJO SFTUSJDUJPOT BQQMZ 0GGFS FYQJSFT V POF #VZ 5IF5PQ5FO5PPMT"CTPMVUFMZ&WFSZ"ENJOJTUSBUPS/FFET XD I SUDJO SDJOP I PU DPTU UIF PG GSBDUJPO " QSPUFDUJPO UIF 5XJDF O F FPEDQ GPS DPQZ TFDPOE B HFU BOE FFF SNUFSDDFCJO SFDZDMF CFFO UIF IBWF GSPN UIFZ EFMFUFE XIFO FWFO mMFT EFMFUFE 3FTUPSF 'JMF3FTUPSF %04 GSPN WPMVNFT /5'4 "DDFTT /5'4%041SPGFTTJPOBM NBLF UP SFQBJST TZTUFN VOCPPUBCMF BO BDDFTT 3FNPUFMZ 3FNPUF3FDPWFS DBO ZPV UIBU SFQBJST TP SBQJE DSBTIFT NBLF TZTUFN PG DBVTF UIF 1JOQPJOU $SBTI"OBMZ[FS8J[BSE FOWJSPONFOU SFQBJS EPXTMJLF #PPUBEFBETZTUFNGSPN$%JOUPBGBNJMJBS8JO&3%$PNNBOEFS 8JOUFSOBMTDPN#VZ(FU F PS'& WMBJO5PEBZ &WBMVBUJPO '3&& :PVS (FU 0SDPOUBDUZPVS8JOUFSOBMT1BSUOFS0GGFSFYQJSFT EJJUBP 1BL "ENJOJTUSBUPST PSDBMM JQBTBMBUW $ O % OQJU O SFMBZT EBUB BOE BDUJWJUZ FOEQPJOUT 5$1*1 6%1 SFBMUJNF BOE 5$1 BDUJWF BMM %JTQMBZT 5$15PPMT PCKFDUT NPEJGZ BUUSJCVUFT BOE UIFJS mOE BOE UP TUSVDUVSF "% UIF &YQMPSF "%&YQMPSFS TZTUFN B PO USBGmD -%"1 BMM PG SFQPSUT SFBMUJNF 7JFX *OTJHIU B PO BDUJWJUZ SFHJTUSZ TZTUFN BMM PG SFQPSUT SFBMUJNF 7JFX 3FHNPO TZTUFN B TZTUFN PO mMF BDUJWJUZ BMM PG SFQPSUT SFBMUJNF 7JFX 'JMFNPO OZ POMZ UMT QSJDF MJTU BU GPS"DUJWF%JSFDUPSZ

Project2 4/6/06 4:54 PM Page 1 0506red_TOC_1.v5 4/18/06 12:31 PM Page 1

MAY 2006 WWW.REDMONDMAG.COM

Winner for Best Computer/Software Magazine 2005 RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY

REDMOND REPORT 9 Hasta La Vista Is the latest Vista slip a disaster or just a distraction?

COVER STORY Tour de SQL Part II: Administrative Features 12 Microsoft and Every year, the Tour de France is won or EU in Showdown lost in the mountains. In this stage of our Attacks on EU tour of SQL Server 2005, we look at the monitoring trustee fail to slow critical administrative features that make down pace of ruling. or break the new database. Page 29 Shades of Netscape Microsoft, VMware in virtualization showdown. PHOTO BY GRAHAM WATSON 14 Beta Man FEATURES Exchange 12: Unified Messaging Rules 38 The Best of the Best COLUMNS The 2006 Redmond Readers’ Choice Awards 4 Barney’s Rubble: Doug Barney The readers have spoken. Computers Make You Stupid Here are the results of the 21 Mr. Roboto: Don Jones 2006 Redmond Readers’ Choice Does Anybody Really Know What survey—45 categories of the Time It Is? tools and utilities that keep your networks running smoothly. 61 Never Again: David Harding Out of Control 53 Productivity on the Go Never install software again! We 62 Windows Insider: Greg Shields look at 20 top portable apps, from Extending Security office suites to IP scanners. Page 39 67 Security Advisor: Joern Wettern Microsoft at Your Service REVIEWS 72 Foley on Microsoft: 16 Still Beating 22 Reader Review Mary Jo Foley Neverfail can keep your SQL Server 2005 Is the Microsoft Live: A Six-Month Exchange server running One to Beat Report Card through just about any disaster. Super-fast performance, robust ALSO IN THIS ISSUE toolset and better security options make Microsoft’s latest database 2 Redmond Magazine Online management system a must for 6 [email protected] most shops. 71 Ad and Editorial Indexes

COVER IMAGE BY GRAHAM WATSON 0506red_OnlineTOC_2.v6 4/18/06 12:06 PM Page 2

Redmondmag.comMAY 2006

MCP Radio/ENT Questions With ... Emmett Dulaney Group Policy Grows with Emmett Dulaney, author of Windows Vista Redmondmag.com’s new Linux/Windows integration column, esides security enhancements, Group Policy undergoes FullArmor CTO Integration Station (FindIT code: Bvast improvements in Windows Vista, and that’s what Danny Kim says LinWin), on the state of interop today: Microsoft has gets FullArmor CTO Danny Kim excited. “The number of been focusing Group Policy settings is doubled in [the beta version of] lots of attention Biggest challenge for Windows IT on refining Windows Vista,” says Kim—upward of more than three thousand. Windows Vista pros who want to integrate Linux But he loves that Microsoft provides a nifty search filter to help Group Policy. and Windows? you narrow down what you’re looking for. “Kind of like a Convincing management not to blindly Google for Group Policy,” he adds. It’s among several of Kim’s favorite features believe everything they read or hear. he discusses with MCPmag.com Editor Michael Domingo on MCP Radio. FindIT code: MCPDK One piece of Linux software that For in-depth coverage, ENTmag.com reporter Stuart J. Johnston looks at every Windows admin should have? which Windows Vista and IE7 features will favor the IT environment. The latest Samba docs in a form FindIT code: ENTFeat you’re comfortable with. Samba is simple, yet robust; it’s important to know how to interact with it to get MCPmag.com exactly what you need.

What’s the most compelling aspect Who Wins with Vista, Office Delays? of Linux/Windows integration? FileEngine is leasing Linux servers to ho benefits most from the announced delays in Win- companies running Windows clients. dows Vista and Office 2007? According to a recent W [Its] marketing strategy is that users MCPmag.com Web poll that garnered 90 responses, more never need to be concerned with than 30 percent believe early adopters are the true winners, what’s on the server, they just need who will eventually get more secure, solid releases from the the server to perform the functions Redmond giant. In a close second at 22 percent is Apple, who you believe may expected of it. It’s a brilliant idea. be selling more of those dual-boot, Intel-based Macs during the 2006 holiday shopping season. See the results of the also-rans. FindIT Code: MCPDelay FACTOID “Global PC shipments REDMONDMAG.COM RESOURCES [will] grow by 10.5 percent this year to 229.4 Resources Enter FindIT Code million units, up from >> Daily News News 207.6 million last year.” >> E-Mail Newsletters Newsletters — From Redmondmag.com news >> Free PDFs and Webcasts TechLibrary story “PC Market Growth To Slow for a Few Years” >> Subscribe/Renew Subscribe (FindIT code: RRPCship) >> Your Turn Editor Queries YourTurn REDMOND MEDIA GROUP SITES: Redmondmag.com • RCPmag.com • ENTmag.com MCPmag.com • CertCities.com • TCPmag.com • TechMentorEvents.com

2 | May 2006 | Redmond | redmondmag.com | Project2 3/31/06 12:09 PM Page 1

WE FIND THEM BEFORE THEY FIND YOU.

Web Security

Web Filtering

Endpoint Security

Websense® Security LabsTM

You can’t afford to sit around and wait for the next attack, and neither can we. Websense® Security Labs™ scans over 450 million websites a week, discovering spyware, viruses and other web-based threats before they get to you. Get proactive. www.websense.com/security

Barney’sRubble Doug Barney

RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY

Computers MAY 2006 ■ VOL. 12 ■ NO. 5

Group Publisher Henry Allain Make You Stupid Redmond Media Group Editorial Director Doug Barney Redmond Media Group hat happened the last time your computer Group Associate Publisher Matt N. Morollo Redmond Media Group croaked? Did you feel lost, paralyzed, unable to Editor in Chief Doug Barney [email protected] work or communicate? Editor Keith Ward W [email protected] One day this winter, the power died in goes down. Then we have no idea who Executive Editor, Reviews Lafe Low our plush, normally well-lit Redmond to call or how. [email protected] Editor at Large Michael Desmond offices. Writers, artists and editors slunk E-mail and IM has replaced the phone [email protected] out of their caves, rubbed their eyes and or a walk down the hall. We use emoti- News Editor Scott Bekker stood around talking sports. (This is cons to mimic the real thing. Personal [email protected] Managing Editor, Wendy Gonchar when I discovered my co-workers don’t relationships and business relationships Web Editor [email protected] consider pro wrestling to be a real sport.) have become automated. Editor, Redmondmag.com, Becky Nagel CertCities.com [email protected] One by one, we drove home to where Redmond readers share these concerns. Editor, MCPmag.com Michael Domingo our wireless networks hummed along “Everyone’s been ‘stupidized’ by comput- [email protected] merrily so we could get some real work ers these days. Here’s an example: retail Editor, ENTmag.com Scott Bekker done. It could have been store, computers crash, [email protected] Associate Editor, Web Dan Hong worse. If we were home lines of people. Heaven [email protected] when the power went out, forbid that they get Contributing Editors Mary Jo Foley we’d be forced to interact out the paper pads and Don Jones with our loved ones or do write up the sales!” Greg Shields something really crazy complains Don. Joern Wettern like crack open a book. Reader J. Peter was Art Director Brad Zerbel Many of us are addicted caught in a similar circle Senior Graphic Designer Alan Tao to the computers and of computer hell. It all the Internet, but weak- started when he was Director of Marketing Michele Imgrund willed or not, all of us are transferred to another Senior Web Developer Rita Zurcher Marketing Programs Associate Videssa Djucich dependent upon them office and needed some for work. As a result, we do whatever information sent over. He asked for it a Director of Print Production Mary Ann Paniccia we can to never be without some kind half dozen times and it was transmitted of computing gadget, be it a Black- three times before it finally arrived. “All of

Berry, data-ready cell phone or access this could’ve been resolved in one day if Enabling Technology Professionals to Succeed to Web services. they just used the damn phone,” he says.

At a higher level, businesses rely too I did my little part to break the cycle President & CEO Jeffrey S. Klein much on these fragile machines. When and wrote the first draft (my critics are Executive VP & CFO Stuart K. Coppens they fail, businesses fail. This is unac- astounded that I do more than one draft) Executive VP Gordon Haight ceptable. In the wake of Katrina, Home- of this editorial with an actual pen and Senior VP & General Counsel Sheryl L. Katz land Security Chief Michael Chertoff piece of paper. The first problem was I Senior VP, Human Resources Michael J. Valenti blamed poor electronic communica- could barely read the words. I type tions, overloaded Web servers and poor so much I forgot how to write! Then Redmondmag.com shipment tracking for the slow response. halfway through transcribing this onto The opinions expressed within the articles and other contents herein do not necessarily express those of the publisher. Part of the Katrina problem is that my laptop, Microsoft Word crashed Postmaster: Send address changes to computers do things that humans (guess it choked on six open documents). Redmond, P.O. Box 2063, Skokie, IL 60076-9699 should do, or at least know how to do. Isn’t it ironic, don’t you think? Instead of calling the warehouse to see What did you do the last time your if that part is in stock, we look in a data- PC died? Let me know what happened base. That’s fine, unless the database at [email protected].—

4 | May 2006 | Redmond | redmondmag.com | PHOTO ILLUSTRATION BY ALAN TAO Project1 4/18/06 12:14 PM Page 1

- i ÕÃÌ `Ã>Li` iÀ >ÌqÛÀÕÃ ÃvÌÜ>Àit

iÀ * ÀÕÃ v>ÃÌiÀ] >ÃÞÊ`ÃÌÀ>Ì LÕÌ Ã i½Ã i«>À`âi` 7Ì Ê6]ÊÌ iÊ«ÀÌiVÌÊÞÕÊ Ì i iÌÀi V«>Þ° ii`ÊV>ÊLiÊViÌÀ>ÞÊÃÌ>i`Ê >`Ê>>}i`]ÊÃ«vÞ}Ê ÞÊ }}}ÊÃÞÃÌiÊÀiÃÕÀViÃp>`ÊvÀÕÃÌÀ>Ì}Ê >`ÃÌÀ>Ì°ÊÌ½ÃÊ>Ì iÀÊ ÕÃiÀÃpÌÀ>`Ì>Ê>ÌÛÀÕÃÊÃÕÌÃÊi>ÛiÊ Ü>ÞÊ6ÊÌ6ÀÕÃÊÃvÌÜ>ÀiÊ ÞÕÊiÃÃÊ«ÀÌiVÌi`° >ÝâiÃÊÞÕÀÊ«ÀÌiVÌ° ÃÌi>`]Ê}iÌÊÀÃvÌÊ6ÊÌ6ÀÕÃÊÃvÌÜ>Ài°Ê 7Ì ÌÃ i>ÃÞ >` ÌÕÌÛi ÌiÀv>Vi] ÀÃvÌÊ6ÊÌ6ÀÕÃÊÃvÌÜ>ÀiÊ`iÃ½ÌÊL}Ê `ÜÊÃÞÃÌiÊÀiÃÕÀViÃÆÊÃÌi>`]ÊÌÊÜÀÃÊ µÕVÞÊ>`ÊÃi>iÃÃÞÊLi `ÊÌ iÊÃViiÃ° 7Ì ÊÀiÊÌ >ÊÎäÊÊÞ>ÊÕÃiÀÃÊ ÜÀ`Ü`i]ÊÀÃvÌÊÃÊÌ iÊLiÃÌÊV ViÊ vÀÊ«i«iÊ>`ÊV«>iÃÊÃii}Ê >ÝÕÊÛÀÕÃÊ«ÀÌiVÌ°Ê "7Ê>Ã ÊÀÃvÌÊÃÕÌÃÊ>ÀiÊ>Û>>LiÊÜÌ Ê >Û>>Li ÓÞi>ÀÊViÃiÃ° «ÕÃÊÀiÜ>

, ÊÎä 9Ê/,o *ÀÌiVÌ} vÀ>Ì ÃVi ££ ÜÜÜ°}ÀÃvÌ°VÉ`VÉÀi``

-ii Ì i V«iÌi i v 6 ÃÕÌÃ vÀ i ÕÃiÀÃ] Ã> LÕÃiÃÃiÃ >` >À}i iÌiÀ«ÀÃiÃ° /Õ} ÛÀÕÃiÃ] i>ÃÞ ÕÃiÀÃ° 0506red_Letters_6.v3 4/18/06 11:02 AM Page 6

[email protected]

Linux & Apple vs. Windows We received quite a bit of feedback concerning Doug Barney’s March 2006 editorial, “Linux (and the Mac) Aren’t Even Trying.” So much, in fact, we could include only snippets from a handful of your letters. (You can read them in their entirety at Redmondmag.com, FindIT code: LinuxLetters.) Here’s a sampling of what you had to say about Windows alternatives and Linux’s paltry presence in the PR arena. Freedom of Choice Doug Barney’s editorial about Linux and 90 days I saw the amount of applications I am a developer first, a research and net- Mac not even trying. and games in the Windows section dou- work hack second and just a plain old It was the large, one-page ad for Red ble, while the Apple section stagnated. surfer and open source explorer third. Hat Linux with the frontline saying Why would I, or anyone, pay more If I want security and network analy- “We’ve made Linux easy.” Was this an ad for a better computer with fewer sis tools: Linux. If I want multimedia rep’s cruel joke on Red Hat or just a heck applications? I’m not elitist, or stupid. and general access to online services: of a coincidence? Then along comes the Mac mini. Mac OS X. Look at the Dashboard— David Brown Sweet approach, and I’ve almost taken it’s an awesome idea. For develop- Longview, Texas the plunge several times. But Win- ment: Windows. Freedom of choice must exist, and But Windows is just there—my experience is there, my apps thank God there are three great OSes, each existing not for the other but for are all based on it, however unhappy with the situation I might their own sake. As long as each OS be at times. exists for itself and minds its own best business, the others will also exist for Better Computer, Fewer Apps dows is just there—my experience is their own best business. Barney mentions “unified Linux.” Hasn’t there, my apps are all based on it, Karl Henning happened yet, and likely never will (for however unhappy with the situation I Grass Lake, Mich. the same inherent reasons there’s no might be at times. unified Unix). Easy installation is Duane Hellums Coincidence? almost there, but “application support”? Lexington, Ky. The funniest thing I have seen lately— The real crux in my opinion is not the next to a bumper sticker that said “I support, but the application itself. The Future Is Mobile would rather be shooting with Dick True, Red Hat could make it happen, The desktop is dead. Already people are Cheney than riding with Ted but once it went public it definitely relying more and more on mobile tech- Kennedy”—was right up the alley of had to start worrying about “bleeding nology. To most people, their cell phone out” in a fight against the 800-pound is more important than their PC and gorilla for the desktop. Be careful with very soon it will contain more informa- slapping the schoolyard bully in the tion that they treasure. It makes no sense Whaddya Think chops, unless you can back it up. spending money and effort trying to take Send your rants and raves to Then there’s Macintosh. a percent or two away from Microsoft [email protected]. ?! Oh my God, Apple. What an epic saga on the desktop when the future lies in Please include your first and of bewildering mismanagement. I first mobile devices. Here, too, both Apple last name, city and state. If we learned to program on an Apple IIe, but and Linux enjoy a huge advantage. use it, you’ll be entered into a never could afford one. When I almost Tim Uckun drawing for a Redmond t-shirt! could afford an Apple computer, within Taraunga, New Zealand

6 | May 2006 | Redmond | redmondmag.com | Project1 4/14/06 11:18 AM Page 1

FACT FACT IS

-ORETHAN 9OUHAVETHE OFMALWARENOW POWERTOKEEP CONTAINSSPYWARE PRYINGEYESOUT

0j jÞ¬Ä w Ä¬ßÝ?Áj ÁjWjÍ ÍÄ ¬ÄjÄ ? Ä~wW?Í ÁÄ Í ßÖÁ Á~?ã?Í¾Ä ÄjWÖÁÍß± ?WaÁ 0Á?Ä^ MÍjÍ ÝÁÄ^ jß~~jÁÄ^ a?jÁÄ q Íj Ý?ßÄ ÝW ?WjÁÄ W? ÄÍj? a?Í?^ ¬?Á jÍÝÁÄ ?a a??~j Áj¬ÖÍ?ÍÄ ?Áj Á?aW?ß W?~~ Íj Ý?ß ßÖ jja Í Ä?wj~Ö?Áa WwajÍ? wÁ?Í±

.¬Ä¾Ä Íj~Á?Íja ÍÁj?Í ??~jjÍ ÄÖÍÄ ¬ÁÜaj Áj?Mj WÁÄÄÍÁj?Í ¬ÁjÜjÍ ?a ÖÍÍjÁ ¬ÁÍjWÍ± Íj Ïy MÖÄjÄÄ^ jaÖW?Í ?a ~ÜjÁjÍ ÖÄjÁÄ ¤yå WÖÍÁjÄ Ý ?Áj?aß ÍÁÖÄÍ ÍjÁ jÍÝÁ ÄjWÖÁÍß Í .¬Ä± jÍ Íj w?WÍÄ ?Í ÝÝÝ±Ä¬Ä±W± bind-in.qxd 4/17/06 3:28 PM Page FR1 bind-in.qxd 4/17/06 3:28 PM Page BK1 Project3 3/9/06 12:47 PM Page 1

Is your application publishing solution burning a hole in your pocket?

Publish applications the easy way for FREE with 2X ApplicationServer

Use 2X ApplicationServerTM for Windows Terminal Services to seamlessly tunnel any Windows application onto remote desktops, saving on administration and support.

Publish applications, rather than installing locally Tunnel an application, not a whole desktop Seamless integration with local desktop and taskbar Publish applications based on username, group membership or IP Tunnel to Mac and Linux clients (coming soon!)

Download your FREE 2X ApplicationServer now - at www.2X.com!

THE POWER OF 2X. GO THIN AND WIN.TM

May 2006 INSIDE: Beta Man looks at unified messaging in Exchange 12. RedmondReport Page 14 Hasta La Vista Is the latest Vista slip a disaster or just a distraction?

BY MICHAEL expectations when DESMOND they are sure the hen product is done,” Microsoft he says. W announced But Burk calls that on March 23 that it would tack unrealistic, given how delay the release of the consumer ver- many businesses rely on detailed sion of Windows Vista into the first information from Microsoft to make quarter of 2007, it set off a firestorm of their own plans. “I think that we need industry speculation. to be as transparent as possible,” And no wonder. In a season crowded he responds. with major product releases (starting Cherry, who used to work in the with SQL Server last year and stretch- Windows development team, says ing to new versions of Exchange the real problems are internal. “I Server and Office in 2007) none is just think they are not disciplining more important to Microsoft than themselves. They have to ruthlessly Vista. Pushing Vista beyond the manage features,” he says. “Don’t lucrative holiday season will sting take on so many dependencies. Don’t The project once known as Longhorn has Microsoft and PC OEMs alike. been in the works since 2001. try to change so many things at once. “This one is particularly painful,” Don’t try to put in new plumbing says industry analyst Rob Enderle. “It code needs to be rewritten (“That is like all the frameworks… and make comes late in the cycle. It happens in absolutely false,” responds Microsoft major changes to security in the the fourth Windows Product Manager Michael same release.” quarter. And Burk), could it be folks are over- Prior to the latest delay, Microsoft NewsAnalysis it hits in the reacting? Peter O’Kelly, research had pulled several features from consumer director for the Burton Group, a the initial Vista release, including market particularly hard.” research and advisory services firm, the anticipated WinFS file system, Michael Cherry, lead analyst argues just that point. the Microsoft Shell (MSH) command for Windows and Mobile at Direc- “Is it indicative that Microsoft has lost line interface, and most recently tions on Microsoft, believes an over- its game and can no longer develop support for the Extensible Firmware reaching design team is behind the complex software? No,” he says. Interface (EFI) to replace the PC problem. He complains that the fea- BIOS. Work on Vista’s User Account ture-complete beta he’s been working Finding a Vista Fix Control—a key security feature— with has show-stopping issues with Depending on whom you ask, Vista was rumored to be a sticking point, mainline applications like Microsoft development is either profoundly though Cherry says it would be Visual Studio and Office 2003. broken or simply moving along at an just one factor in a “more systemic” “Sometimes I joke that they never imperfect pace. Yet the question problem. met a feature they didn’t like,” says remains: How can Microsoft avoid To help get development back Cherry. “I’m not convinced by any such issues in the future? on track, Microsoft brought over stretch of the imagination that this is Perhaps the simplest fix would be Steven Sinofsky from the Office the last slip Vista is going to take.” better managing expectations. Enderle Group to serve as senior vice presi- Still, with bloggers passing rumors points to Apple’s cryptic approach as dent for the Windows and Windows that up to 60 percent of the Vista a model. “They only start setting Live engineering group. He arrives

| redmondmag.com | Redmond | May 2006 | 9 0506red_RedReport_9-14.v7 4/18/06 12:20 PM Page 10

RedmondReport

as part of a “broad restructuring” address every aspect of the company. that Microsoft announced in March. But Burk doesn’t see any such make- “Here’s somebody who has estab- over in the wings. For the Vista pro- lished a really great track record on gramming group, it is business as the Office side for having a great usual. “I don’t anticipate any dramatic process, predictable schedules, very changes in the development process or well received releases of the product, how we deliver daily builds,” he says. and no catastrophic security things Burk’s assertion aside, could Vista [appearing] on page one of USA be delayed yet again? Both Enderle Today on a regular basis,” says O’Kel- and Cherry think it’s a real possibility. ly. “They are promoting from within. Current Windows head Jim Allchin They need to have their most sea- won’t hang up the cleats until after soned and successful managers work- Vista ships, but the early arrival ing on their most important products, of Sinofsky means the new team and that is what they are doing.” exec may have a big say in Vista’s Beyond “stirring the folks around,” final schedule. Enderle believes Microsoft must “His directive historically has been, if contend with a challenge that affects you are going to delay the product, many large companies—isolated Industry watchers have praised the delay it a lot. And then make sure you executive management. appointment of Sinofsky, who brings hit that date,” says Enderle, who notes an impressive on-time record to the “People learn that executives over Windows Group. that, “the restatement of the date was time like to hear good news, so they done without [Sinofsky].” don’t tell them the bad news,” he otherwise would have been made to explains. “As a result, executives start correct the problems.” Michael Desmond is Redmond magazine’s to get manipulated into a sequence of The solution, according to Enderle: editor at large. You can contact him at bad decisions or non-decisions that A deep corporate cleaning that would [email protected]. Project2 4/5/06 2:34 PM Page 1

Continuous Data Protection for Microsoft® Exchange

He Lost Everything. Feeling Sick Yet? As the Exchange administrator, your reputation and job is on the line. 72% of Exchange Administrators have experienced an Exchange disaster.* Downtime has ranged from two to over None of This Had to Happen 96 hours. The cost to the organization in DonÕt get blamed, get up-to-the minute lost productivity and restoration can exceed protection with DigiVaultTMÑproviding Put Out The Pain tens of thousands of dollars per incident. Continuous Data Protection (CDP) with An Exchange crash only has to happen TM ¨ SingleTouch recovery for Microsoft once...before you are scrambling to find You Thought You Were Covered Exchange. this ad to call us. Why not call now, You thought your organization was learn how to reduce your risk, and avoid With DigiVault you can quickly restore the panic. protected by implementing clustering, just your exchange database exactly as it replication, archiving and nightly tape was minutes prior to failureÑminimizing backups. Even if restoration from nightly data loss and reducing downtime. It backs Find out more NOW! backups succeeds, your organization can up your data on fast and redundant hard lose an entire day of dataÑoften hundreds drives, not slow and unreliable tape. With to thousands of invaluable documents and a single touch, you can often restore and Limited Time e-mails! go live in minutesÑnot hours! introductory offer DigiVault is the Cure 30% off ¥ Safe, efficient and reliable compression; This is Your E-mail Loss reducing storage up to 91% See Web site for details ¥ Ability to enable 256-bit encryption Go to www.Lucid8.com/DV2 to protect data during transmission Call 425.456.8478 and storage E-mail: [email protected] ¥ Integrity validation to ensure clean and reliable backups ¥ Integrates with GOexchangeÑfor clean data Continuous Data Protection with Exchange data changes so fast, it SingleTouch™ Recovery for Microsoft Exchange justifies an application-specific CDP. DigiVault is a perfect-compliment to How Much is Your E-mail Worth? traditional backup and adds the advantage of high availability and granular recovery. Creators of GOexchange

Copyright © 2006 Lucid8. All rights reserved. Microsoft® Exchange Server is a registered trademark of Microsoft® Corporation. All other trademarks are the property of their respective owners. * Refers to 12/2005 Survey conducted by Lucid8. See press release for more details. 0506red_RedReport_9-14.v7 4/18/06 12:20 PM Page 12

RedmondReport Microsoft and EU in Showdown Attacks on EU monitoring trustee fail to slow down pace of ruling.

icrosoft may have painted and alleging that he had conspired Despite the fireworks, Microsoft itself into a tight corner when with Microsoft’s competitors during General Counsel Brad Smith sounded Mit decided to attack Neil Bar- the autumn of 2005. “Boy, you better an optimistic note on March 31, after rett, the British computer scientist make that one stick if you are going two days of closed-door meetings assigned as the European Commission’s to do that to somebody in that role,” with EU commissioners, telling monitoring trustee to says industry watcher reporters, “I believe that we have had oversee Microsoft’s com- Rob Enderle. a breakthrough.” pliance with a March 2004 As if that weren’t enough, The hearings could help forestall the anti-trust ruling. The Barrett had been selected threat of daily fines, which the commis- commission had found from a list of candidates sion could have applied retroactive to that Microsoft withheld submitted by Microsoft Dec. 15, 2005—the original deadline information software ven- itself. The accusations for compliance. But even if the attack dors needed to link their prompted the commission works as part of a delaying effort by server products to the to publish a public Microsoft, Enderle says the long-term Windows Server operat- Microsoft General Counsel response, detailing the role cost to Microsoft may be high. In ing system. Nearly two Brad Smith declared a of the monitoring trustee. March, the EU contacted Microsoft years later, Microsoft had “breakthrough” after a “Because [Microsoft] co- with concerns about technologies bun- two-day session behind yet to satisfy the commis- closed doors. selected him and because dled into Windows Vista. sion, leading to the threat his integrity has not been “It’s the lack of trust that has become of heavy daily fines—up to 2 million successfully impugned, they now have a an endemic problem for this compa- Euros per day or $2.4 million US— problem because the EU is going to ny,” Enderle explains. “As long as they until Microsoft complied. move to defend,” Enderle explains. don’t trust you, as long as they view Microsoft responded by blasting “And they clearly are taking the attacks you as a criminal organization—this Barrett, questioning his independence on their enforcer very personally.” stuff doesn’t end.” — M.D.

the operating system. Shades of Netscape Multiple operating systems can run Microsoft, VMware in virtualization showdown. side-by-side on ver the next two years, a battle formats document the top of this for the multi-billion dollar virtual machine’s layer—each in its Ovirtualization software market environment and how own virtual machine. will be won or lost. it is stored. Microsoft Virtual Server only In a free-for-all competition reminis- But VMware Presi- runs on top of Windows Server 2003. cent of the IE-Netscape browser wars, dent Diane Greene warns in her blog Microsoft’s own hypervisor is expected file formats have emerged as a key bat- that Microsoft’s restrictive licensing in 2007, as part of the “Longhorn wave” tleground. IT customers demand com- could create “a defining control point of releases. patible, standardized formats for over virtualization.” VMware has a year to widen its lead, managing virtualization infrastructures. VMware opened its virtual server but Netscape had a lead of its own. The “Three or four years ago, it was interfaces and started giving away both difference this time could be the deep companies virtualizing four to 10 VMware Player and VMware Server. pockets of EMC, the multi-billion dollar servers—now it’s thousands,” says Dan The move is reminiscent of Netscape’s company that owns VMware. — Chu, senior director of developer and decision to give away its browser. ISV products for VMware. VMware has an edge with its “hypervi- Stuart J. Johnston has covered technology, VMware’s Open Virtual Machine sor” architecture, a low-level control pro- especially Microsoft, since February 1988. Disk and Microsoft’s Virtual Hard Disk gram that fits between the hardware and Reach him at [email protected].

12 | May 2006 | Redmond | redmondmag.com | Project4 4/13/06 3:49 PM Page 1

Fig. 1a

Seeing desktop management problems everywhere?

Desktop Authority® Triumph over your worst desktop management phobias. Script writing stress syndrome? Compliance access issues? Deep-seated spyware phobia? Now there’s a comprehensive, award-winning solution that relieves these conditions — and more — by centralizing desktop management for you. With Desktop Authority®, you can gain control over desktop management and break through to heightened productivity.

Download a FREE 30-day trial of Desktop Authority® now and get a FREE T-shirt! © 2006 ScriptLogic Corporation. All rights reserved. The ScriptLogic and Desktop Authority logos are registered trademarks of ScriptLogic Corporation in the United States and/or other countries. All trademarks used are owned www.scriptlogic.com/triumph by their respective companies. T-shirt offer valid while supplies last. Allow 4 to 6 weeks for delivery. 0506red_RedReport_9-14.v7 4/18/06 12:20 PM Page 14

BetaMan RedmondReport

Exchange 12: the high road and acknowledge that other browsers are just as deserving of Unified Messaging Rules full-featured OWA support as IE. Say What? By Beta Man E12 will also introduce another unified messaging feature called Out- ith all the architectural to play back your mail. This is the look Voice Access (OVA). By dialing changes and new features perfect solution if you’re checking into Exchange from a normal tele- Wcoming in Exchange 12 messages in a public place like an air- phone, your users can use voice (E12), the biggest deal by far has got to port. You can also jot down notes commands to access their mail and be unified messaging. So what is it? within the voicemail message. This calendar. Remember, the E12 server Unified messaging means you can keep lets you copy down phone numbers as essentially becomes an extension of all your messages—voice, text and you hear them. You can then search your phone network. fax—in a single, centralized inbox in these notes in Exchange, which makes E12 embeds Microsoft Speech Server the E12 mailbox store. it much easier to find a particular technology. This provides both text- E12’s unified messaging starts with voicemail message later. to-speech and speech recognition built-in support for SIP networks (the Speaking of OWA, it gets a major capabilities so E12 can read back your protocol used to power VoIP solutions). overhaul in E12—with tons of new e-mail and appointments. You can tell Essentially, you can give E12 a phone it to delete messages, accept appoint- extension just like anyone at their desk. Product: Exchange 12 ments and so on. Once you’ve connected your phone Version reviewed: Beta 1 system to E12, you can configure it Better for Users as the destination for voicemail and Current status: Beta 2 (mid-2006) This new version of Exchange will fax messages. You can use Active Expected release: Late 2006/early 2007 probably provide more user-centric Directory—the Exchange address features than any other prior version. book—as your corporate phone The major overhauls make unified directory. Exchange even provides asynchronous client-side functionality messaging easier and beef up OWA an automated attendant, so callers like auto-complete when typing enough that it may finally convince can “talk” to Exchange to look up addresses. This is the biggest thing even die-hard OWA haters to settle extensions, transfer to appropriate most OWA users currently miss over down and start accessing e-mail via the departments and so on. Even small regular Outlook. The upshot is that Web. That’s good news for admins, businesses will be able to set up inter- OWA will behave more like the full who find remote e-mail access much nal VoIP phone systems with “big version of Outlook. Of course, OWA easier to configure and secure via OWA company” functionality—all in their works best with Internet Explorer 6 than any other approach. mail server. or 7. There is a “lite” mode for other It’s also nice to see Microsoft putting browsers, but it generally provides a some play into Web services by expos- Anywhere Access much less-rich experience. ing E12 functionality that way. E12 will also give you some sexy This is disappointing. Microsoft E12 is worth a good, hard look. new hooks for accessing those unified claims it’s too difficult to provide a rich You may need some new hardware mail messages. For example, the new experience on a wide range of (remember, it only runs on x64 Outlook Web Access (OWA) has browsers, but sites like Google’s Gmail machines), but it’s shaping up to be built-in capabilities for accessing generally disprove that claim. The real- a scalable, feature-filled messaging voicemail messages, as well as regular ity is that Microsoft wants to push its center for any sized business. — e-mail messages. own browser, not invest resources in Don’t want to listen to voicemail providing you with a better experience Beta Man has gone under cover to give through your PC speakers? No prob- with whichever browser you prefer. you some of the earliest and most lem. You can have E12 call you at Given IE’s shoddy security record, it unflinching takes on important software another phone number or extension would be nice to see Microsoft taking under development at Microsoft.

14 | May 2006 | Redmond | redmondmag.com | Project3 2/14/06 11:31 AM Page 1 0506red_ProdRev_16-18.v3 4/18/06 12:08 PM Page 16 ProductReview Still Beating Neverfail can keep your Exchange server running through just about any disaster.

Neverfail Pricing begins at $4,400 per pair of single-CPU servers Neverfail Group Ltd. 512-327-5777 www.neverfailgroup.com

BY BEN BRADY such as Exchange, SQL Five years after living through Server, IIS, SharePoint and a particularly nasty e-mail file servers. There’s also a outage due to a drive failure, module to support BlackBer- I’m more dependent on e- ry Enterprise servers. mail than ever. That’s true of Neverfail uses a cloned just about anyone. In fact, server approach to achieve Figure 1. You’ll do most of your day-to-day administration tasks in most companies would be lost high availability. In a typical Neverfail Heartbeat’s Management Client GUI. without their e-mail, the pri- Neverfail setup, your pri- er. I encountered a small hur- replicates data from the primary means of communica- mary server hosts your criti- dle installing on the second- mary server to the secondary tion between customers, cal data and applications and ary server, as I was using server to keep the “clone” employees, partners, suppliers a secondary server functions different types of hardware. current and intact. One safe- and vendors. And Microsoft as your failover unit (with My testing scenario includ- guard you might want to Exchange servers are critical the “cloned” data). ed Exchange and all the consider here is Neverfail’s for maintaining those open Before starting, you should transient working files, Reg- Data Rollback module, lines of communication. run Neverfail’s Server Check istry entries, data stores and which can help you recover Neverfail Heartbeat is Optimization Performance so on. Using Windows Back- from replicating bad data. designed to keep those Evaluation (SCOPE) on both up during the Neverfail servers running—no matter your servers. This inspects installation on the primary Total Control what. It’s a high availability your hardware, services, server, Neverfail creates a The Neverfail client GUI is package for critical applications, network con- backup copy of all the relat- where you’ll do most of the Microsoft server applications nectivity, utilization and sys- ed system files, applications, day-to-day administration. tem performance. Gathering data files and Registry You can use this from either REDMONDRATING this data helps ensure there entries for keeping the server or from any worksta- Documentation: 10% ____ 8 are no performance issues Exchange server running. tion within the same subnet Installation 10% ______9 or conflicts. It also helps After backing up the as the primary server. Feature Set: 20% ______9 establish a baseline for later Exchange server data, From the client GUI, you ______Performance: 40% 9 performance monitoring. Neverfail installs on the can control the activities and ______Management: 20% 8 After analyzing your secondary server where the behavior of your servers. The Overall Rating: 8.6 SCOPE data, you’ll be ready backup is restored, creating servers will each assume a ______to install. The documentation the cloned server. After role of either “active” or “pas- Key: is very clear and concise. I was completing installation and sive” server. Right after instal- 1: Virtually inoperable or nonexistent 5: Average, performs adequately able to quickly install the connecting a channel lation, your primary server 10: Exceptional package on my primary serv- between the two servers, it will be your active server, and

16 | May 2006 | Redmond | redmondmag.com | Project3 3/27/06 3:34 PM Page 1

Prevent data theft and viruses through network connected USB sticks, PDAs & media players

Control user access to endpoint connections with GFI EndPointSecurity

Network-wide control of portable storage devices You have invested in network anti-virus software, firewalls, email and web content security to protect against external threats. Yet any user can come into the office, plug in a USB stick and take in/out over 2 GB of data. Users can take confidential data or they can introduce viruses, trojans, illegal software and more actions that can affect your network and company severely. Yet, as an administrator you had no way to control this until now! GFI EndPointSecurity allows administrators to centrally manage user access to: Media players, including iPod, Creative Zen and others USB sticks, CompactFlash, memory cards, CDs, floppies and other storage devices PDAs, Blackberries, mobile phones and similar communication devices Network cards, laptops and other network connections. Controlling user access to such connectable devices allows you to: Protect your network by ensuring users dont introduce viruses and other malware GFI EndPointSecurity configuration Stop the alarming rate of insider data theft Increase employee productivity by preventing them from bringing other work, games or personal projects to their workplace Prevent users from introducing illegal or unauthorized software on their machines. Download your FREE trial version from www.gfi.com/esr/

tel: +1 888 243 4329 / +1 919 388 3373 | email: [email protected] | url: www.gfi.com/esr/ 0506red_ProdRev_16-18.v3 4/18/06 12:08 PM Page 18

ProductReview

your secondary server will be I tried several other meth- your passive server. ods of taking the Exchange You can maintain and moni- server offline, including a tor the connection between manual “switch over” from the servers, the status of the the client GUI without any replication, whether or not problems. Finally, I decided the data is currently synchro- to stop all Exchange services nized, start and shut down the on the primary server, dis- service and manually start a connect both the network switchover from your active cable and the channel cable to passive server. The inter- between the two servers and face also lets you maintain then quickly shut off the logging information, view power to both the primary and parse logs, e-mail logs and secondary servers. to admins and set up alerts Later, I reconnected all based on certain application Figure 2. Deeper within the Management Client GUI, you can config- the cables and powered and or performance attributes. ure the connection between your primary and secondary servers. booted the machines. Every- The GUI also lets you make meeting requests and pen to a server, I tried a few thing started up as expected. monitor other applications. calendar updates. more tests. I turned off a cou- I found just a few small For example, in the event of That was easy enough, but it ple of Exchange services. quirks during my testing. a failover to your secondary was only half of the process. After about a minute, they Both the primary and sec- server, you probably would- After restoring power to my were all back on again. Then I ondary servers use the same n’t want your Exchange serv- primary server, I had to unplugged the network cable; IP address, but Neverfail er up and running without restart the Neverfail service. again, all my Outlook clients installs a packet filter on the your anti-virus and anti- From the client GUI, I initi- were back up and running passive server to avoid IP spam applications running. ated a “switch back” and after about one minute. address conflicts. This may You can configure Neverfail monitored its progress as the Switching back to my interfere with some types of to monitor services, perform- secondary server prepared for primary server after network traditional troubleshooting, ance and network connectivi- the switch and made the connectivity was restored so keep that in mind. ty. You can also control the change. Once again, my was as seamless as before. Also, some of the services various tolerances of these Outlook clients lost connec- I received several alert you would expect to be run- attributes and how Neverfail tion for a little more than a messages on the secondary ning on the passive server will reacts to these triggers. minute, then everything was server each time it detected not run under normal opera- back up and running on my a failover trigger. You can tions. This may irritate some Outage Time primary server. configure the outage thresh- administrators who prefer to Neverfail’s primary purpose Because a power failure isn’t olds and the response time start those services manually is to ensure high availability the only thing that can hap- for initiating failovers. or set them to “Automatic.” of Exchange servers. To fully test this claim, I yanked out A Healthy Heart the power cords. The box I had a very positive experi- immediately went dead. The ence with Neverfail. Regard- clients in my lab all had Out- less of the various types of look open and were connect- outages I threw at it, it helped ed to the Exchange server my Exchange servers bounce when it went down. Each right back.— client was set to check mail every minute. Ben Brady, MCSE, CCNP, is The failover to the sec- general manager of The Multi- ondary passive server took Pro Network, a Tennessee-based less than two minutes. company that provides network Going around to each of the services, Web development and clients, I was able to send Figure 3. Neverfail Heartbeat’s straightforward wizard guides you training. Reach him at and receive, update tasks, through setting up your servers. [email protected].

18 | May 2006 | Redmond | redmondmag.com | Project5 4/12/06 1:15 PM Page 1

When information comescomes together, together, youryour softwaresoftware putsputs youyou atat the the toptop ofof the the food food chain. chain.

Information lives at companies that run EMC® software. As one of the world’s largest software providers, we help companies of all sizes store, manage, protect, and share information. We can do the same for you—across applications, across platforms, across oceans. Information lives at companies that run EMC software. As one of the world’s largest software providers, we help companies of all sizes To learn more about how the full range of EMC software can help you and your company move up in the world, visit software.EMC.com. store, manage, protect, and share information. We can do the same for you—across applications, across platforms, across oceans. To learn more about how the full range of EMC software can help you and your company move up in the world, visit software.EMC.com

EMC2, EMC, and where information lives are registered trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners. © copyright 2006 EMC Corporation. All rights reserved. Project3 3/9/06 10:46 AM Page 1 0506red_Roboto_21.v3 4/18/06 12:01 PM Page 21 Mr. Roboto Automation for the Harried Administrator | by Don Jones Does Anybody Really Know What Time It Is?

admit, it seemed kind of silly when someone told me, “we that’s possible) and doing it manually. Weirdly, I still can’t find any good have no idea what time zone our computers are set for, and tools to remotely change the time it’s causing problems.” What, were the computers showing zone; I can’t even find it in a Group I Policy setting, which would be the up late for dinner or something? perfect place (just link the GPO to a site, right?) for it. You can write a script to It turns out that the time zone setting nect to each targeted computer via RPC, modify HKEY_LOCAL_MACHINE\ in Windows is very important in Active and you’ll need to be a local Administra- SYSTEM\CurrentControlSet\ Directory domains. Time synchroniza- tor on each computer in order for the Control\TimeZoneInformation in the tion is essential to authentication, not to tool to query the information. Figure 1 registry, but I’ve had some inconsis- mention the time displayed in the system shows two runs of the tool: Once with tent results with that—an OS restart clock in the Task Bar. For this particular the optional /verbose switch person, the time zone offset was also that provides more detailed out- affecting a corporate application, causing put, and once without, just incorrect timestamps to be logged to a showing the time zone offset (- database application. In short, the wrong 480) for each targeted computer. time zone setting was messing up a lot What does a time zone offset more than just dinner plans. of -480 mean? It’s the amount of And, strangely, I couldn’t find any time, in minutes, that the time tools that could readily inventory a zone setting in the queried sys- batch of computers to tell me exactly tem is behind Greenwich Mean which time zone they were on. It Time (GMT)—also known as seemed like it should be a pretty Universal Time Constant straightforward task, so I built a tool to (UTC). So a value of -480 indi- do it. Like many of the tools I make, cates a PC that is eight hours this one’s in VBScript. behind GMT, which corre- If you’re not a scripter, don’t worry, sponds to Pacific Standard Time because you can use it just like any (PST). Each computer in a Figure 1. The results of the script to find a other command-line tool. Run it with /? given location should ideally have the computer’s time zone. to see available options. Or, to check a same time zone offset; any that doesn’t list of computers, just run listtimezone deserves your immediate attention. seems to be required in order for /list:computers.txt /ping. The /ping While remotely setting time or time Windows to re-read that key. argument forces the tool to ping com- sync is easy with the built-in Net Time I’ll keep plugging away on this, but in puters before trying to query them; command, remotely setting the time the meantime you’ve got a tool that can note that you’ll need to be able to con- zone can be trickier. Without the cor- at least identify rogue time zone miscre- rect time zone setting, time sync won’t ants in your environment. And knowing, work properly. Time sync always works as they say, is half the battle.— DownLoad on GMT/UTC; the computer’s local Download this month’s tool from time is calculated using the configured Don Jones is a columnist and contributing ScriptingAnswers.com/roboto/col4.zip. time zone setting, so if the time zone’s editor for Redmond magazine, and the wrong, local time will be off. founder of ScriptingAnswers.com. His latest What Windows admin task would you like Obviously, a Remote Desktop con- Advanced VBScript for Windows automated next? Send your suggestions to book is [email protected]. nection makes it easy to change the Administrators (Microsoft Press). Reach time zone, as does just walking over (if Don at [email protected].

| redmondmag.com | Redmond | May 2006 | 21 0506red_ReaderRev22-26.v3 4/18/06 2:46 PM Page 22

Your turn to sound off on the ReaderReview latest Microsoft products D ER R INSIDE: I D V Check out this A E month’s cover story SQL Server 2005 Is E N for in-depth coverage R of SQL Server 2005’s administrative features. Page 29 the One to Beat Redmond Super-fast performance, robust toolset and better security options make Microsoft’s latest database management system a must for most shops.

BY JOANNE CUMMINGS Microsoft SQL Server t’s easy to be overwhelmed by the raft of new features in SQL Server 2005. In 2005 fact, many users are, but once they delve a bit deeper, that sense of shock turns Processor License Fees Ito pleasant surprise at the functionality and performance of Microsoft’s new Workgroup Edition: $3,899 enterprise-class database management system. Standard Edition: $5,999 SQL Server 2005’s new SQL Server Management Studio (SSMS), its revamped Enterprise Edition: $24,999 Reporting Services, granular security controls, native Web services and XML sup- Microsoft Corp. port are just some of the new features that have users talking—that and its speedy 800-426-9400 performance. Although most are taking a cautious approach to fully implementing www.microsoft.com SQL 2005—citing a lack of good documentation and strong migration tools (see “SQL Server 2005 Wish List,” p. 24)—many have no qualms about an eventual upgrade. Most say the investment in both time and money will be worthwhile. Brandon Haag, director of IT at “It’s absolutely worth the upgrade. The whole SQL Server 2005/Visual Studio Gainesville State College, recently 2005 integration is extremely developer-centric,” says Jeremy Grecco, SQL Server went into production with the x64 DBA at Gainesville State College in Gainesville, Ga. “It shows that Microsoft Edition of SQL Server 2005 running went out and spoke with developers about what was needed, what was lacking in on Windows Server 2003 x64 Edition. previous versions and how it would best suit developers—and it delivered.” “We did some performance testing and it was unbelievable. I didn’t have The Need for Speed enough data to actually do loads that The first thing users notice about SQL Server 2005 is over-the-top performance, took more than a second or two,” he especially on a 64-bit platform. Although the Enterprise Edition of SQL Server says. “We ended up going back about five years and loaded it up with about 2.8 million records. Only then would it finally take a few seconds.” Haag Typically, my philosophy would be to hang back a says he benchmarked the performance bit, especially for a high-profile, high-availability at 44,000 records per second on his database. But I haven’t seen anything in SQL dual-processor 64-bit machine with Server 2005 that would lead me to wait. 4GB of RAM. Jeremy Grecco, SQL Server DBA, Gainesville State College Studio Time In SQL 2005, Microsoft replaced the 2000 supported 64-bit processors, SQL Server 2005 offers much more. old Microsoft Management Console For example, while SQL Server 2000 maxed out at 64 processors and a data- (MMC)-based management utility with base size of a million terabytes, the Enterprise Edition of SQL Server 2005 has SQL Server Management Studio no practical limit on either of those factors. SQL Server 2000 could address a (SSMS). SSMS is an integrated toolset maximum of 512GB of memory. SQL Server 2005 doubles that, fully leveraging that combines what the Enterprise the 1TB of addressable RAM supported by Windows Server 2003 Datacenter Manager and Query Analyzer tools used x64 Edition. to do. This is proving to be another

22 | May 2006 | Redmond | redmondmag.com | Project3 4/4/06 1:24 PM Page 1 0506red_ReaderRev22-26.v3 4/18/06 2:46 PM Page 24

ReaderReview

popular change. Developers like the new look and feel of the management interface, which is much like that of Visual SQL Server 2005 Wish List Studio 2005, and having it all in one sers are generally happy with SQL Server 2005, but some say a few place enhances productivity. Umore tools would make it complete, including: Alan Archer, an IT specialist for a government agency, says the combined > Data Mirroring: Included in the SQL 2005 beta program, data mirroring tool saves him between 20 percent and was removed when the product went gold. Microsoft added the new data mirror- 30 percent of his development time ing capability to the first Community Technology Preview for Service Pack 1 (SP1), right off the top. When he writes a released in March. “It would’ve been nice to have at the beginning,” says Walter query with Query Analyzer, he no Crosby, a developer at Everyday Wireless, “especially because it was in the beta.” longer has to switch out of it and go into Enterprise Manager to check on > Documentation: Not surprisingly, Microsoft hasn’t provided much in the names of tables or columns. the way of documentation for SQL 2005. “It hasn’t provided real documentation “Before, I ended up switching back and in 10 years,” Crosby says. Even third-party books are few and far between. forth a lot [between Query Analyzer “Reporting Services actually has some pretty good documentation, and there and Enterprise Manager], but in SSMS, are a few books out on it now that seem pretty good,” he says. “Integration everything is there,” Archer says. “It’s Services has next to nothing out there. And I haven’t even begun to look at really nice not having to switch Notification Services and Service Broker. It’s just nearly impossible to find real between applications.” documentation about those products.” Timothy Carroll, network manager at XS Inc., a Web and e-commerce soft- > Conversion Tools: There also seems to be a lack of conversion tools, ware group in Research Triangle Park, specifically to upgrade from SQL Server 2000 to 2005. “Our existing apps are in N.C., agrees. “The [SQL 2005] manage- SQL Server 2000, and we’d like some good tools to help with the move, to make ment interface is much better than the security consistent from the old version to the new version,” Crosby says. The 2000,” he says. “With the Query Analyz- one tool he has found, the SQL Server Migration Assistant (SSMA), seems er and Enterprise Manager integrated focused only on migrating from Oracle to SQL. into one package, you can just go from tool to tool and immediately get results.” > Upgrade Tools: Similarly, Jeremy Grecco, SQL Server DBA at Carroll does miss the MMC plug-in, Gainesville State College, has had trouble moving from the beta version of SQL however. “I like to have all my manage- 2005 to the gold version. “There was no clear path to uninstall the beta and install ment tools in one MMC console, but the gold version, and the beta uninstall left a lot of artifacts in the registry that Microsoft moved it out and made it its hindered the setup for the gold version,” he says. “I went through the suggested own stand-alone application,” he says. uninstall procedure from the MSDN Web site. Even going through those steps in “I think I see the reasoning behind this the exact order they list them, it still didn’t work.” Grecco ended up rebuilding his because it does so much more than the machine to get the gold version installed properly. MMC plug-in did, but it would’ve been — J.C. nice to have more control over some of the database features, user management very pleased with how DTS has the database, without needing IIS or and stuff like that through the MMC.” evolved into Integration Services,” some other Web server. “Putting the Grecco says. “Before, with 2000, I endpoints into the database lets you Developing on Overdrive would have to program some tasks expose SQL Server as a Web service Grecco says that overall, SQL 2005 is a manually using VBScript, but now itself, without relying on MS XML or huge productivity boost. He figures his there are several predefined tasks, for some toolkit to be installed,” Grecco application development time on the doing things like FTP in a reliable says. “It simplifies the process.” new platform has been cut in half, manner. In 2000, the FTP task really He also likes how Microsoft has thanks to several of the new features like didn’t do FTP very well. But now it’s a integrated the Common Language Integration Services, Web services sup- predefined task and it works great.” Runtime (CLR) into the database. port and using the Common Language Grecco also likes SQL 2005’s new Introducing CLR into SQL 2005 Runtime (CLR) within the database. support for HTTP endpoints. End- helps developers write stored proce- “I do a lot of work with DTS [Data points make it easier to develop and dures, triggers, user-defined functions, Transformation Services], so I was support Web services directly within user-defined aggregates and user-

24 | May 2006 | Redmond | redmondmag.com | Project1 1/13/06 11:24 AM Page 1 0506red_ReaderRev22-26.v3 4/18/06 2:46 PM Page 26

ReaderReview IT Education

online from defined types using .NET languages developer at Everyday Wireless, a com- like VB.NET and C#. pany that provides GPS-based school- an accredited “I’m calling Web services from bus tracking. “You have to be careful inside stored procedures within SQL with it because you could end up going university. Server 2005, and I’m using custom nuts and spending most of your time programmed stored procedures just doing security management.” using the Visual Studio interface to Others say the granular security con- do that,” Grecco says. “I’ve placed trols make it easier to ensure that the Master’s degree these assemblies inside the database, right users have access to the right data. specializations include: registered them and I’m actually “I can delegate to users more responsi- calling them from stored procedures.” bility without giving them system • Project Management These are specific to SQL 2005 in administrator rights,” Carroll says. and Leadership terms of how it works with the CLR “That alone is a big plus to me.” and .NET Framework. Native encryption capabilities also • Information Security earn praise. “Encryption is a big plus,” All XML, All the Time Grecco says. “The student data we • Network Architecture SQL 2005’s native-XML support is work with is sensitive by nature. and Design another big hit. Archer is currently Sometimes we have social-security testing SQL 2005’s Reporting Services numbers and the fact that we can • Business Administration with XML. After working through a encrypt those natively means we don’t small hiccup, he expects the new XML have to incorporate a third-party add- (MBA) functionality will give his agency a lot on to go ahead and perform that more flexibility. encryption for us.” • IT General “We publish a lot of our stuff on internal Web sites and we use XML to To Wait or Not To Wait call it. We also have our archive files in The overall performance of SQL You may be closer than you think. XML format,” Archer explains. “So I 2005 and its new features add up You can apply to earn credit think the XML rendering in the to a robust system that many compa- for the technical knowledge Reporting Services will be key.” nies will want to adopt, but when? and skills you have gained Archer began playing with this fea- “Typically, my philosophy would be from real-world experience, ture a couple of weeks ago, although to hang back a bit, especially for a training, certifications (such his first attempt printed the output as high-profile, high-availability data- ® ® as CCNP, MCSE, CISSP, and raw XML. “After I figured that out, it base,” Grecco says. “But I haven’t seen ® PMP ), and previous education. was great,” he says. “I can see the new anything in SQL Server 2005 that Reporting Services with the XML would lead me to wait. It’s stable and I rendering opening up a whole new haven’t seen the number of bugs that frontier for us.” He plans to use the would warrant waiting.” XML rendering to let users search For some, the advantages of adopting archives, which are currently stored in SQL Server 2005 right away are many. XML, and generate reports on the fly “If someone’s doing straight ANSI with a Web browser. SQL and they aren’t using any of the The introduction of more granular new features, then the benefit to going 1-888-CAPELLA ext. 22041 security controls is an important devel- to 2005 isn’t really there,” Grecco says. opment. Instead of having services like “But for us, we’re taking advantage of www.capella.edu/redmond endpoints, Transformation Services or the CLR inside the database and we’re Reporting Services turned on by taking full advantage of native XML in Capella University is accredited by The Higher Learning Commission and a member of the default, everything is turned off. This the database. And we got results right North Central Association of Colleges and instantly makes SQL 2005 more secure. off the bat.”— Schools, 30 N. LaSalle Street, Suite 2400, Chicago, IL 60602-2504, (312) 263-0456; Granularity is also a theme for user www.ncahigherlearningcommission.org. Capella University, 225 South 6th Street, access. “You can get very granular, right Joanne Cummings is a freelance technology 9th Floor, Minneapolis, MN 55402. © 2006 Capella University down to the command for each object journalist based in Andover, Mass. You can in the database,” says Walter Crosby, a reach her at [email protected].

26 | May 2006 | Redmond | redmondmag.com | Project1 4/18/06 11:31 AM Page 1

NTA Thin Client Terminals. Forward-Thinking IT Transformation.

“Anyone?”

Still paying for PCs? NTA Thin Client Terminals for server-based computing are far more affordable, functional, and secure. And easier to maintain with no client applications to load or hard drives to fail. These Terminals—ICA, RDP, and PXE capable; plug- and-play—run Windows®, UNIX®, Linux, and mainframe applications directly from data center servers. Use as is or with the NTAVO Secure Access Appliance to integrate your IT systems. Contact Devon IT today.

Server failure. Join Us at TechEd! Booth #440

Never miss a beat.

Keeping Users Connected.

At the heart of your IT infrastructure is your server covers your back better than Neverfail. Anything less environment. And if a single server or an entire site is a lesser solution. Designed for Windows-based fails, availability to critical business applications fails, applications, Neverfail’s comprehensive suite of award- along with the productivity of users company-wide. winning software solutions will help ensure that your Whether you’re a start-up or a Global 100, server productivity stays high ... and your downtime is put to downtime will kill your business. With Neverfail, users rest — forever! are kept continuously connected to their applications no matter when, where, or why a failure occurs. To make your business a more productive — and profitable Neverfail delivers cluster-class disaster recovery, data — enterprise, visit neverfailgroup.com and download protection and high availability software solutions to your Essential Guide to Clustering Alternatives. Or every size company, and at a significantly lower total better yet, call or email us today to join companies all cost and complexity. With automatic failover response over the world that have chosen Neverfail for the most measured in mere seconds rather than minutes, and no effective disaster recovery, data protection and high avail- user or IT management intervention needed, no one ability solutions in the industry.

Keeping Users Connected. www.neverfailgroup.com [email protected]

EXCHANGE • SQL SERVER • FILE SERVER • IIS • SHAREPOINT • BLACKBERRY • ORACLE • LOTUS DOMINO 0506red_F1TourSQL2_29-34.v6 4/18/06 10:47 AM Page 29

Tour deSQL

Part II: Administrative Features

Every year, the Tour de France is won or lost in the mountains. In this stage of our tour of SQL Server 2005, we look at the critical administrative features that make or break the new database. BY ERIC JOHNSON

QL Server 2005 is so packed with new features that it Mirroring has been included in the RTM release of can be hard to keep track of it all. Like a tightly packed SQL Server 2005 for evaluation purposes only, and peloton of Tour de France riders,the new capabilities of Microsoft doesn’t support this feature for production SSQL 2005 may appear as a blur. In last month’s install- use. It is scheduled to be released in a future service ment, we introduced the various versions of SQL 2005 and pack, however. discussed which iteration is right for you. In this, the sec- Database Mirroring is a software-based, high-availability ond stage of our Tour, we dissect the database’s administra- solution that gives DBAs an alternative to hardware clus- tive features, the way renowned cycling commentator Phil tering or log shipping. Mirrors are implemented on a per- Ligget might analyze a breakaway from the pack. database basis, and can be configured for automatic You could make the case that the 2006 version of the Tour failover in the event of a problem. de France is a brand new race. Without Lance Armstrong, Two SQL Server instances are used for a mirror; the pri- the field suddenly opens up, and anyone can win. Similarly, mary server is the principal, and the server with the copy is SQL 2005 is substantially different from previous versions, the mirror. SQL sends each transaction from the principal making it essentially a new product. Microsoft has reworked to the mirror and performs the insert, update or delete it from top to bottom, and the result is the most powerful operation again on the mirror. database, business intelligence and data warehousing product Speed is a factor to consider with mirroring. The amount to ever come out of Redmond. There are a lot of changes for of latency between principal and mirror depends on several development and business intelligence, but what’s in it for factors. First is the transaction load on the principal. Because the database administrator? A lot. each transaction is actually run on both servers, the more transactions, the longer it takes for the mirror to catch up. Mirror, Mirror on the Database Secondly, if the mirror is carrying a higher load than the Microsoft has introduced a new failover technology in principal or is a less powerful server, it can take longer to SQL 2005, known as Database Mirroring. Database apply the transactions.

PHOTO BY GRAHAM WATSON | redmondmag.com | Redmond | May 2006 | 29 0506red_F1TourSQL2_29-34.v6 4/18/06 10:47 AM Page 30

Tour de SQL Part II: Administrative Features To set up automatic failover from the principal to the from the source database. When a change is made to the mirror, a third instance of SQL Server is required. This source, the page to be changed is copied into the snapshot third instance, known as the witness, watches the other before modification. This preserves the data as it was at the two servers and can initiate a failover if the principal time of the snapshot. Over time, pages will accumulate in becomes unavailable. the snapshot as source data is modified. Now, when a user Unlike clustering, mirroring doesn’t use any shared requests data, it will return from the snapshot or the source, resources or virtual machine names. Instead, when the whichever one contains the original page. At any time, you client connects to the principal, it’s also given the name of can roll the source database back to the point in time when the failover server. When the connection to the principal is the snapshot was taken. In addition, you can maintain lost, the client attempts to connect to the mirror. Alterna- numerous snapshots of a single database. tively, the name of both the principal and the mirror can Database snapshots can help in a number of situations: be specified in the client’s connection string. • Just before making a large bulk data modification, you There are a number of benefits to database mirroring could make a snapshot. Then if something goes wrong with over clustering and log shipping: the modification, you can quickly roll back to the snapshot. • By utilizing database snapshots, you can allow Read • Snapshots allow you to access a database mirror for access into a mirror. This allows the mirror to be used for reporting purposes, and not just short-term reports: You other purposes, such as reporting, rather than just as a hot can create quarterly or yearly snapshots for historical spare waiting for a failure to occur. reporting on financial data. For example, a snapshot could • The scope or protection is more granular than a provide you with a frozen picture of exactly what your hardware cluster, because mirrors can be used on a per- financial data looked like on Dec. 31, 2005. database basis. • Testing or training groups.Testing groups need a baseline • Mirroring provides a cost savings over clustering, since database to test applications against, and trainers need a con- you don’t need more expensive hardware. sistent environment from class to class. You can take a snap- • The primary advantage of mirroring over log shipping shot, and when the training or testing is complete, revert to is the ability to configure automatic failover. the snapshot. Just like that, you’re ready for the next run. Keep in mind that snapshots are not backups; they require the source database in order to function. But they can be an effective means for recovering to a point-in-time faster than performing a complete database restore.

More Reliable Backup and Restore Snapshots are quick and useful, but they’re no replacement for a full backup of your database. In SQL 2005, backup and restore operations have been retooled to provide more reliability and help prevent data loss. You can now configure up to four devices and back up your database to all of these devices at the same time. Thus, if one of the devices fails, you still have up to three other backups to use for a restore. As with older versions of SQL Server, all devices used in a single backup or restore operation must be of the same type, so you can’t back up to disk with a tape mirror. Note that mirrored backups are meant to protect against failures of the backup media, and won’t prevent backup failures Figure 1. Surface Area Configuration limits potential security caused by errors in your database. risks by disabling features that can open SQL Server to attack. Once your databases are backed up several times over, restoring presents a different set of problems. Historically, Say “Cheese” if there was an error on the backup media, the backup file Much like famed Tour de France photographer Graham was pretty much useless. SQL 2005 introduces a new Watson, SQL 2005 can take pictures; in SQL’s case, they’re restore option, “Continue After Error,” that allows the called database snapshots. When you create a snapshot, you restore operation to continue despite any errors that may provide a static, Read-only view of the database at the point have occurred. The data that can be read from the backup the snapshot was taken. Initially, all the snapshot contains device will be restored and you can then attempt to recov- are pointers to the source database pages, which makes the er the database, or at least get back some of the data. process of creating a snapshot virtually instantaneous. Another problem with restores is the time they take. In When a user requests data from the snapshot, it’s retrieved previous versions of SQL Server, users were unable to

30 | May 2006 | Redmond | redmondmag.com | Project3 4/3/06 4:02 PM Page 1

8IFUIFS ZPVWF VQHSBEFE UP 42- 4FSWFS PS OPU ZPV DBO TUJMM NBOBHF EBUBCBTFT BDSPTT UIF FOUFSQSJTF XJUI UIF TJNQMJDJUZPG&NCBSDBEFSPTBWBJMBCJMJUZTPMVUJPOT&BTJMZIBOEMFDBQBDJUZBOETUPSBHFQMBOOJOHXJUIUIFMFBEJOHDSPTTQMBUGPSN BENJOJTUSBUJPOTPMVUJPO %#"SUJTBO8PSLCFODI'JOFUVOFZPVSEBUBCBTFDPEFXJUI3BQJE42-&OTVSFUIFQFSGPSNBODFBOE BWBJMBCJMJUZ PG ZPVS PSHBOJ[BUJPOT DSJUJDBM EBUBCBTFT "OE JOTUBOUMZ FYUFOE ZPVS FYQFSUJTF BDSPTT NVMUJQMF EBUBCBTF QMBUGPSNT 5P MFBSONPSF QMFBTFWJTJUXXXFNCBSDBEFSPDPNBWBJMBCJMJUZIUNM

5".& 5)& 8*-%4 0' %"5" 4JNQMJGZ NBOBHFNFOU PG 42- 4FSWFS JO B DSPTTQMBUGPSN FOWJSPONFOU © %MBARCADERO 4ECHNOLOGIES !LL RIGHTS RESERVED

%23TUDIO 0REFERRED0RODUCT "EST31,4OOL#ATEGORY 0506red_F1TourSQL2_29-34.v6 4/18/06 10:47 AM Page 32

Tour de SQL Part II: Administrative Features access the database during the restore operation. For large schema, allowing you to grant permissions on the schema databases, that could translate into several hours of down- to HR users only. Schemas in SQL 2005 are created with- time. SQL 2005 offers a solution, with the ability to per- out tying them to user accounts, which builds a separation form online restores, which can occur even as other parts between security and schema management. of the database are being backed up. Available permissions have been greatly expanded. Most Online restores only work if you back up using filegroups. permissions take on a standard form: After the first filegroup is restored, users can access any • Alter: Grants users the right to alter objects data in that filegroup. Subsequent filegroups will continue • Create: Allows users to create objects to be restored and more and more of the database will • View: Allows users to view the properties of objects become available as the restore progresses. (You still cannot Within each of these subsets you can grant a user rights access data from a filegroup in the process of restoring.) to a specific object or all objects of a specific type. For example, you can grant a user the right to Alter the Adven- Dealing with Your Insecurities tureWorks database or you can grant the permissions to SQL security has been a sore spot for admins. It’s still not Alter all databases. Permissions work on a hierarchical perfect, but SQL 2005 has a new, much-improved security basis. The general levels of the hierarchy, from highest to model. For starters, the Surface Area Configuration tool lowest, are server, database, schema and object. Having employs an “Off By Default” approach that limits the permissions at a higher level also grants those permissions number of features, services and connections enabled in at the lower levels, so a user with Alter Database rights will SQL 2005. Figure 1 on p. 30 illustrates how many sensitive also be able to alter any object in that database. features are disabled out of the box in order to prevent potential problems. Database mail, SQL Mail, CLR integration, Service Broker, and xp_CMDShell are just some of the features that are turned off by default. Some of these features can create security holes if they’re enabled and not properly managed. By locking down SQL’s surface area, Microsoft helps limit the number of potential holes present in your installations. If you’re upgrading to SQL 2005, you’ll find that all features enabled in the previous version will be enabled after the upgrade. This opens up some holes, but prevents problems from occurring due to a feature’s unavailability. For instance, an app running on SQL 2000 using xp_cmdshell won’t break after your SQL 2005 upgrade. The terminology of SQL Server has also changed. It’s not a big change, but understanding the terms will help you manage security. Everything is now referred to in Figure 2. SQL Server permissions are more granular, allowing terms of Principals, Securables and Permissions. for more control over your systems. • Principals refer to anything that can request access to an object, such as SQL Logins, Windows Logins, Database Given the new granularity of SQL permissions, you’ll Users or Database Roles. need to create a careful security plan and implement it in a • Securables are the objects to which Principals can have logical fashion, as shown in Figure 2. Failure to do so will access. They include tables, views, databases, endpoints, result in a security model that is difficult to manage and schemas and so on. that can lead to many more problems. The expanded secu- • Permissions are the specific rights that a Principal has rity model is so detailed that, with some work, you can on a Securable. grant your DBAs access to manage all aspects of the SQL The latest version of SQL also introduces Schemas. These server without them having access to any of the data—a are collections of objects that share a namespace, allowing great step forward in this Sarbanes-Oxley era. you to separate your database along functional boundaries. Other new features advance the arena of security man- When you create an object—a table called “employee,” agement. One of the most important is certificates, which for instance—it’s placed into a schema, which you’ve SQL 2005 can use to enhance many aspects of security: named “HR.” You access the table with the convention They can be tied to logins, used for encryption, used to SchemaName.ObjectName, in this case HR.employee. secure communications between servers, or tied to Inte- This is similar to accessing objects with gration Services packages to secure execution. By utilizing OwnerName.ObjectName in previous versions. You could the Windows policy system, you can now set password have all the objects used by Human Resources in this HR complexity requirements and expiration policies.

32 | May 2006 | Redmond | redmondmag.com | Project7 3/13/06 1:07 PM Page 1 0506red_F1TourSQL2_29-34.v6 4/18/06 10:47 AM Page 34

Tour de SQL Part II: Administrative Features Context switching has also been added to the engine. Logging and auditing lets you see a history of all e-mail Jobs can be scheduled to run under a specific context other activity. Additional features include the attachment size than the SQL Server Agent. Likewise, while running a governor and prohibited file extensions, allowing you to query, a user can issue an EXECUTE AS statement and limit the attachment size or type, respectively. run queries in the context of a different user. Modules such as stored procedures, triggers or functions can also be con- Other Cool Stuff figured to run as a specific user instead of the user calling • SQL 2005 introduces the Dedicated Administrator Con- the module. This can give the module elevated rights with- nection (DAC). The DAC is a separate connection endpoint out the user having those permissions, again giving you that allows administrators to access a SQL server even when tighter control over user security. the server is otherwise non-responsive. Access is gained via a We’ve just scratched the surface of everything you can do command-line utility, sqlcmd or via the SQL Management with SQL 2005’s new security model. Your utilization and Studio. The DAC connection must be initiated from the implementation will vary greatly based upon your environ- local server; no network-based connections are allowed. ment, but there are few shortcomings to this new model, Using the DAC an administrator can connect and attempt to which is much more effective than previous versions. resolve the issue that has caused the server to become non- responsive, without having to re-boot the machine. Mailing It In • Another favorite feature among DBAs will undoubtedly Not a big fan of SQL Mail? Join the club. SQL Mail has be Instant File Initialization. Previously, when you made a been a thorn in the side of DBAs for years. With its new database file, the file was created on disk and then filled dependence on MAPI and the difficultly in using it for with zeros to ensure that the data on the disk was deleted for monitoring, SQL Mail has long needed a face-lift. security purposes. So restoring a 500GB database meant that The solution is here, in the form of database mail. Database you had to wait while 500GB worth of zeros were written to mail is an SMTP-based e-mail system with many advantages the file before SQL could even start restoring data. over SQL Mail, starting with no MAPI requirement. This This problem is now a thing of the past. SQL 2005 means you don’t have to install an e-mail client to use it. claims the space on disk without filling it with zeros, which Database mail is configured via profiles, providing several means even the largest data files are immediately available advantages. First, you can have multiple profiles with sepa- for use. If you require the added security provided by the initialization step, simply disable Instant File Initialization. • A few data type changes have been tossed into the mix for SQL 2005. The XML data type has been added, allowing you to store XML documents. You can also link the XML data to XML schema definitions. SQL Server contains an entire set of built-in methods to modify and retrieve your XML data. SQL 2005 also introduces the MAX keyword for varchar, nvarchar and varbinary data types. Using MAX, you can store up to (2^31)-1 bytes of data in one column, just about 2GB. MAX is meant to replace the text, ntext and image data types, all of which are still included for backward compatibility. Also, unlike their predecessors, there are no special methods required to access the data stored in MAX columns. Figure 3. Database mail can be configured with multiple SMTP servers for failover. Stage 3 rate security on each. So, for example, all your end users Lance Armstrong was known as the most prepared rider in can be granted access to one profile while administrators the Tour. He squeezed every drop out of his performance, have access to another. which gave him the edge. On the next stage of our race, in Each profile can be configured with multiple SMTP June, we’ll discuss performance tuning. Like Lance, SQL servers, so that mail can still be sent in the event of an must be properly maintained to work at peak form, and SMTP server failure (see Figure 3). The database mail we’ll provide you the proper training regimen to get the process is separate from the SQL process, so e-mails are most out of it.— sent to a queue and then delivered by database mail. If database mail goes offline, the e-mail simply continues to Eric Johnson, MCSE, MCDBA, MCSD, is a database queue. When the process comes back online, the e-mail administrator with Progressive in Colorado Springs, Colo. gets forwarded. When he’s not designing databases and tuning queries, he For users, profiles offer immediate response, eliminating enjoys spending time with his wife and newborn son. You can the wait while e-mails are sent. reach Eric at [email protected].

34 | May 2006 | Redmond | redmondmag.com | Project1 4/5/06 11:51 AM Page 1 0506TechEdShowcase_36-37_Final2.qxp 4/18/06 6:27 PM Page 36 Redmond’s TECH•ED Partner Showcase GOING TO TECH•ED? MEET WITH YOUR FAVORITE VENDORS ONE-ON-ONE

Tech•Ed Booth #937

When it comes to disaster recovery, it’s the recovery that’s critical. Acronis True Image provides a comprehen- Tech•Ed Booth #539 sive protection and recovery solution that gets your servers and workstations back to business in minutes, SAPIEN Technologies’ PrimalScript is the world’s most not hours or days, minimizing downtime and keeping popular and feature-filled script environment, with all the your employees productive. With versions for enterprise features you need in a script editor and much, much servers, networked workstations, and stand-alone more. Whether you’re editing VBScript, ASP, Windows and Linux servers, Acronis restores backup ActionScript, JScript, Java, JavaScript, HTML, XML, images to dissimilar hardware, supports virtual and physi- SQL, or any of more than thirty other languages, you'll cal machines, future-proofs your infrastructure with sup- find that PrimalScript offers rich, detailed tools to make port for 64-bit software, and never miss a deadline with your job faster, easier, and more efficient. With three Snap Restore, a patent-pending technology that lets your editions to choose from, download a trial to find out staff keep working even while the image is being restored. which one is best suited for you. www.acronis.com http://redmondmag.sapien.com

Tech•Ed Booth #101

Touch base with EMC! Optimize your Information Infrastructure with Winning Solutions. We’re covering all the bases with: • 10 demonstrations featuring our latest innovative solutions for Exchange and SQL • 5 alternating Theatre presentations throughout the day on the hottest Microsoft technology topics. Listen to one of our experts, and take a chance to win a 20” Samsung plasma TV. A 4-port USB giveaway will also be awarded to one thousand and Eight hundred visitors to the booth. MONDAY EVENING, 6/12, IS MYSTERY GUEST NIGHT IN THE EMC BOOTH. STOP BY. YOU’LL BE GLAD YOU DID.

Visit our online Microsoft Solution sites at www.emc.com/solutions/ microsoft/sql_server/index.jsp

36 | May 2006 | Redmond | redmondmag.com | 0506TechEdShowcase_36-37_Final2.qxp 4/18/06 6:27 PM Page 37 Redmond’s TECH•ED Partner Showcase GOING TO TECH•ED? MEET WITH YOUR FAVORITE VENDORS ONE-ON-ONE

Tech•Ed Booth #440

Neverfail is a leading global software company providing affordable cluster-class high availability and disaster recovery solutions for Windows-based applications including Exchange, SQL Server, File Server, IIS, SharePoint, RIM BlackBerry, Oracle database and IBM Lotus Domino. With failover measured in seconds rather than minutes, Neverfail’s solutions enable users to remain continuously connected to the live software application irrespective of hardware, software, operating system, or network failures. Neverfail’s mission of eliminating application downtime delivers the assurance of business continuity, removes the commercial and IT management costs associated with system downtime and enables the more productive use of IT resources. www.neverfailgroup.com

Organizations around the world rely on 24x7 Automation Suite

24x7 Automation Suite offers a quick, effective way to build robust automation solutions in minutes. It supports distributed remote jobs, event logging, centralized real-time job monitoring and reporting, and automatic fail-over. Its powerful scripting environment delivers extensive support for SQL, HTTP, FTP, DDE, RAS, TELNET, SSH, ZIP, E-mail functions (MAPI, SMTP, Lotus Notes), File Replication, Bulk-file Operations, Database Replication, and much more.

“24x7 has helped us to quickly automate many of our routine processes; we're integrating is more and more into our daily production activities. Good product, very easy to use, we save a lot of time and money using this software.” — Brian Baird, NYS Teachers’ Retirement System

SoftTree Technologies www.softtree.com 800-289-9256

| redmondmag.com | Redmond | May 2006 | 37 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 38 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 39 TheBest Bestof the The 2006 Redmond

Readers’ Choice Awards BY LAFE LOW

Every day, you deal with spyware, hackers, every category. These are the tools and integration issues, patch management, regu- utilities you use every day to keep your latory compliance and passwords. You’re systems running. monitoring Web access, monitoring performance and all the while monitoring your Back to Basics budget. The stakes are high and mistakes Network management, application manage- Eare costly, both in terms of dollars and job ment, network monitoring—these are the security. Sitting in the IT hot seat these days basics, the absolutely essential categories. is a delicate balancing act: You’re part The leaders in these categories read like a techie, part diplomat, part detective, part Who’s Who of the technology industry— business manager and part magician. trusted vendors with a long, healthy track You need to have absolute trust in the record of proven technologies. tools you’re using. You’re the one on the For best network management product, front lines, so we turn to you to help us Microsoft Systems Management Server determine the best of the best in dozens of and Microsoft Operations Manager took product categories. What are the tools you the top two spots with 23.5 percent and use every day to keep your networks run- 16.7 percent of the votes, respectively. ning smoothly? What is helping you keep HP Openview was the ISV winner with hackers, spammers and spyware at bay? 13.8 percent of the votes. Close behind How do you keep an eye HP was Cisco’s LAN on all your systems to Management Solution, at make sure there’s no 12.5 percent. SolarWinds trouble? There are a lot Network Management of choices, and making Software also fared the best choice is critical. well, with 6.8 percent Here’s a detailed look of the ballot. at how the best of the Microsoft also took the best stacked up in best application manage-

| redmondmag.com | Redmond | May 2006 | 39 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 40

The Best of the Best

NETWORK AND SYSTEMS MANAGEMENT

Best Network Best Interoperability Product Best License Management Product Management Product MKS Toolkit for Developers — Winner Microsoft Systems Management Microsoft Systems Management Server — Winner Server — Winner Centrify DirectControl – Preferred Product Altiris Compliance Suite – ISV Winner Microsoft Operations Manager – Preferred Product Centeris Likewise – Preferred Product Altiris Server Provisioning Suite – Preferred Product HP Openview – ISV Winner iInventory – Preferred Product Cisco LAN Management Solution – Best Bandwidth/Traffic Preferred Product Monitoring Product SolarWinds Network Management Network Instruments Observer — Best Compliance Tools Winner Software – Preferred Product NetIQ Security Compliance Suite — Lightspeed Systems Total Traffic Winner Control – Preferred Product Best Application Symantec/Bindview – Preferred Product Argent Guardian – Preferred Product Management Product Shavlik NetChk Compliance – Microsoft Operations Manager — Preferred Product Winner Best Web Usage Monitor NetIQ AppManager Suite – ISV Winner Websense Enterprise — Winner Best Virtual Server Product LANDesk – Preferred Product VMware GSX Server — Winner Novell ZenWorks – Preferred Product Microsoft Virtual Server 2005 – Preferred Product Best Performance VMware ESX Server – Preferred Product Management Product Microsoft Operations Manager — Best Virtual PC Product Winner VMware Workstation Edition — Winner NetIQ AppManager – ISV Winner Microsoft Connectix Virtual PC for SolarWinds Orion Network Perfor- Windows – Preferred Product mance Monitor – Preferred Product Softricity Softgrid – Preferred Product IBM Tivoli Monitoring for Transaction Performance – Preferred Product SurfControl Web Filter – Best Non-Microsoft Browser Preferred Product Firefox — Winner Best General Network SmartFilter – Preferred Product Mozilla – Preferred Product Monitoring Tool Netscape Navigator – Preferred Product Microsoft Operations Manager — Best Asset Management/Resource Winner Inventory Product Best SQL Tool Cisco Systems Syslog Analyzer – Altiris Asset Management Suite — ISV Winner Winner Microsoft — Winner HP OpenView Operations for Altiris Inventory Solution – Preferred SQL Power Tools – ISV Winner Windows – Preferred Product Product Quest Software – Preferred Product IBM Tivoli NetView – Preferred Numara (formerly Intuit) Track-It – Product Embarcadero Technology ERStudio – Preferred Product Preferred Product

ment product with Microsoft Opera- Manager again took this category, your votes. Microsoft Operations tions Manager, grabbing 41.7 per- with 36.4 percent of the vote. Manager—the Swiss Army knife of cent of the vote. The ISV winner NetIQ’s AppManager Suite also led software—again took top honors, but and Preferred Product honors are all as ISV winner with 9.2 percent. by a smaller margin than the previ- grouped quite closely. NetIQ’s App- SolarWinds’ Orion Network Perfor- ous two categories, with 20.7 percent Manager Suite took ISV winner by mance Monitor was right behind of the votes. tallying 10.5 percent. LANDesk was them with 9.1 percent. IBM’s Tivoli One reader likes what Microsoft close behind as a Preferred Product Monitoring for Transaction Perfor- Operations Manager (MOM) can do, with 10 percent. Novell ZenWorks mance garnered 7.5 percent, round- but recognizes that it’s not an out-of- came in at 9.8 percent. ing out the leaders. the-box answer. “MOM is truly an Performance management was The general network monitoring awesome solution if you have the another close race with more famil- tool category was huge, with more time to set it up and customize it to iar names. Microsoft Operation’s than 20 individual products earning your needs,” he says.

40 | May 2006 | Redmond | redmondmag.com | Project3 3/27/06 3:27 PM Page 1

ADVERTISEMENT Maximum System Performance Getting To The Bottom Of Common Reliability Problems

As an IT Professional, you know the possible in even small importance of maintaining system Top 5 reasons customers use Diskeeper networks let alone performance and reliability. If the Performance and Reliability enterprise sites. IT desktops or servers crash, slow down 83% Managers use or freeze, who gets called? That’s Diskeeper’s “Set It and “Set It and Forget It” operation ® right…you or your IT staff. This 83% Forget It” operation “break-fix” cycle leaves you little for automatic network- time to be proactive. And yet, many of Much superior to built-in defragmenter wide defragmentation. % these issues stem from a single, 44 Customers agree hidden source. Longer systems life with less maintenance Diskeeper maintains 44% the performance and reliability of their Reliability issues commonly Fast back-ups and antivirus and/or spyware scans 35% desktops and servers, traced to disk fragmentation. even reducing mainte- The most common problems From Diskeeper Customer Survey – Read the full nance and increasing caused by file fragmentation are: survey at: www.diskeeper.com/survey hardware life. • Crashes and system hangs/freezes computer: CPU, memory and disk. “We run [Diskeeper] on our The fastest CPU in the world won't • Slow boot times and boot failures improve your system's performance if client PC’s as well as our • Slow back up times and the drive is fragmented, because data servers…with Diskeeper aborted backup from the disk simply can't be accessed running daily, we can keep quick enough. • File corruption and data loss file performance at • Errors in programs Is Daily Defragmentation peak efficiency.” • RAM use and cache issues Needed in today’s environment? Tom Hill, CDR Global, Inc. • Hard drive failures More than ever! Large disks, multimedia files, applications, operating Every system on your network Having files stored contiguously on systems, system updates, virus signa- needs Diskeeper, the Number One the hard drive is a key factor in tures – all dramatically increase the Automatic Defragmenter™ with over keeping a system stable and perform- rate of fragmentation. If fragmenta- 18 million licenses sold! ing at peak efficiency. The moment a tion is not addressed daily, system file is broken into pieces and scattered performance will suffer. Frag-menta- across a drive, it opens the door to a tion increases the time to access files

host of reliability issues. Even a small for all common system activities such ® amount of fragmentation in your most as opening and closing Word docu- The Number One Automatic Defragmenter used files can lead to crashes, con- ments, searching for emails, opening flicts and errors. web pages and performing virus Special Offer (GET THE PROOF HERE: scans. To keep performance at peak, www.diskeeper.com/paper) defragmentation must be done daily. Try Diskeeper 10 FREE for 45 days! Download: www.diskeeper.com/dkred (Note: Special 45-day trialware is The weak link Advanced, automated only available at the above link) in today’s computers defragmentation Volume licensing and Government / Education The disk drive is by far the slowest Manually defragmenting every discounts are available from your favorite of the three main components of your system every day is simply not reseller or call 800-829-6468 code 4357

©2006 Diskeeper Corporation. All Rights Reserved. Diskeeper, The Number One Automatic Defragmenter, “Set It and Forget It” and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 42

The Best of the Best

The other winners for general network monitoring are familiar names—Cisco Systems’ Syslog Ana- Survey Methodology lyzer with 12.9 percent, HP Open- View Operations for Windows with he Redmond Readers’ Choice survey truly represents 12.7 percent and IBM Tivoli the opinions and attitudes of our readers. The products NetView with 5.2 percent. Only one Tselected here are the ones that drive their networks and or two percentage points separated keep their business running. The survey form this year was the next several products. approximately 30 percent longer than last year’s form. We As more organizations introduce added new categories and went through the list product by open source to their networks, product to ensure that it was as comprehensive and accurate whether running server farms or as possible. Web services or on the desktop, they This year’s survey was once again pushed out to readers need to help those systems play well who have signed up to receive one of our numerous e-mail with Windows. The MKS Toolkit for newsletters. And once again, our readers proved to be a Developers is an interoperability responsive and opinionated group (which we deeply appreciate). favorite with 49.1 percent of the Even with the significantly longer survey, we still received votes. Centrify DirectControl and nearly 2,000 completed surveys at the end of the two-week Centeris Likewise are gaining survey period. strength with 20.1 percent and 16.7 Like it or not, it’s a Microsoft world. Redmond magazine is percent of the votes, respectively. all about Microsoft technologies, but also the lively vendor Whether or not you watch your community that supports and integrates and improves what employee’s Web usage, you still have comes out of Microsoft. We noticed Microsoft clearly winning to watch bandwidth. The best band- many of the heavy duty management categories like network width/traffic monitoring product was management, network monitoring and application management. a very close race, with less than a per- After many spirited discussions, we opted to adjust the structure centage point separating the leaders. of the winning categories this year. Network Instruments’ Observer was We established an additional award level for those product the top vote-getter with 22.7 percent, categories to recognize the leading independent software edging out Lightspeed Systems Total vendors who earned the most votes. For example, Microsoft Traffic Control at 21.9 percent, and won the network management category and is duly honored Argent Guardian with 21.3 percent. as the winner. To recognize the other leading vendors in that Among our readers whose compa- category, we established the ISV winner. We did this not so nies monitor employees’ surfing much to level the playing field, but to acknowledge that in habits, two clear choices emerged. some cases, there are really two playing fields. Websense Enterprise won best Web After all the results were gathered and organized, a team usage monitor with 34.9 percent of of editors went through the list looking for any suspicious the votes, while SurfControl Web patterns to ensure there were no outside attempts to influence Filter garnered 30.7 percent. Smart- the results. Once we were satisfied that the list was an honest Filter earned a spot on the leader- and accurate reflection of our readers’ opinions, we examined board with 6.8 percent. the results and listed the winners, ISV winners and preferred products for each category. — L.L. Compliance and Asset Management In this era of Sarbanes-Oxley, the percent. Numara’s (formerly Intuit) Systems Management Server taking a Health Insurance Portability and Track-It earned 11.1 percent. whopping 61.3 percent of the vote. Accountability Act (HIPAA) and out- Track-It is gaining traction particu- Altiris was also strong, locking up the side auditing, asset management has larly well in smaller organizations. next two spots with its Altiris Com- never been more important. Altiris is “We have a department secretary pliance Suite at 14 percent, and the runaway winner in this category. who records everything in Track-It,” Altiris Server Provisioning Suite at Its Asset Management Suite took the says one reader from a small state 7.5 percent. iInventory rounded out award for best asset management/ government agency. the leaders with 5.3 percent. resource inventory product with 29.9 Microsoft showed its strength again Compliance is another critical cate- percent of the vote. Some singled out in the license management category, gory that continues to gain impor- Altiris Inventory Solution with 16 earning top honors with Microsoft tance. For best compliance tools, 22.4

42 | May 2006 | Redmond | redmondmag.com | Project3 4/10/06 10:50 AM Page 1

In the corporate habitat the irate end user (Tickedoffus userus) displays his displeasure at IT when the latest software rollout eviscerates his desktop yet again.

......

It’s a jungle out there... avoid conﬂicts and simplify software management with Altiris Software Virtualization Solution.

• Reduce downtime and help desk costs • Eliminate application conﬂicts • Instantly repair damaged applications • Signiﬁcantly reduce testing time for application rollouts

To download a free copy for personal use go to www.altiris.com/redmondmag

STANDARDIZED SYSTEMS MANAGEMENT STANDARDIZE. AUTOMATE. MAINTAIN.

Altiris Asset Management Suite 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 44

The Best of the Best

percent chose the NetIQ Security product spots with its Deployment Group Policy Manager Compliance Suite (Security Manager Solution earning 10.4 percent and its Microsoft’s free Group Policy and Vulnerability Manager) as the win- Client Management Suite bringing in Management Console dominated ner. Symantec/Bindview came in next 7.4 percent. the competition with 50.3 percent of with 17 percent. Shavlik’s NetChk the vote. ScriptLogic was the ISV Compliance tallied 15.8 percent. Server Migration winner with 8.5 percent, and NetIQ The battle for best virtual server Quest also won as the best server rounded out the top three, with its was a clash of two titans—VMware migration product with its Migration Group Policy Administrator earning and Microsoft. VMware’s GSX Server Suite for Active Directory/Exchange, 7.5 percent. won with 47.5 percent of the vote. earning 18.8 percent. As it did in the Microsoft’s Virtual Server 2005 came in general migration category, Altiris Disk Defragmentation and right behind that with 45.8 percent. Deployment Solution came in second Drive Monitoring Those same two titans clashed again and Client Management Suite third, Executive Software’s Diskeeper for best virtual PC product. VMware with 15 percent and 7 percent of the was the clear choice here, with 37.9 took a wider lead with its VMware votes, respectively. percent of voters giving it top Workstation Edition earning 58.7 percent. Microsoft Connectix Virtual PC for Windows followed with 36.1 ADMINISTRATION percent of the votes. Best Migration Product Best Network Automation and Batch Processing Tool There was really only one titan Quest Software Aelita Enterprise rolling over the rest in the battle for Migration Manager — Winner ScriptLogic Desktop Authority — Winner best non-Microsoft browser. Firefox Altiris Deployment Solution – Preferred Product HP Openview Operations for dominated with 74.3 percent of the Windows – Preferred Product Altiris Client Management Suite – votes, which earned the highest Preferred Product MKS Toolkit for Enterprise number of votes for a single product. Developers – Preferred Product Mozilla tied with Netscape Navigator Best Server Migration Product Best Scripting Tool in second place, with 7.6 percent. Quest Migration Suite for Active When it comes to SQL tools, you Directory/Exchange — Winner Sapien PrimalScript — Winner clearly trust the source. Microsoft Altiris Deployment Solution – iTripoli AdminSciptEditor – Preferred wins the SQL tool category with 60.7 Preferred Product Product Altiris Client Management Suite – XLNow OnScript – Preferred Product percent. SQL Power Tools is the ISV Preferred Product winner with 13.7 percent of the votes. Best Patch Management Product Rounding out the leaders is Quest Soft- Best Group Policy Manager ware’s Spotlight on SQL Server with Microsoft Software Update Services Microsoft Group Policy Management — Winner 9.4 percent and Embarcadero Technol- Console — Winner Shavlik Technologies HFNetChkPro – ogy’s ER Studio with 2.4 percent. ScriptLogic Active Administrator – ISV Winner ISV Winner Altiris Patch Management Solution – Day-to-Day Tools NetIQ Group Policy Administrator – Preferred Product Preferred Product Your administration tools represent PatchLink Update – Preferred Product NetIQ Security Administration Suite – another “have to have” category. Preferred Product These are the tools you use every Best Application Sharing Tool day to keep the lights on. You gave Best Disk Defragmentation and Citrix Metaframe — Winner us your top picks for migration, serv- Drive Monitoring Tool Microsoft Terminal Services – Preferred Product er migration, Group Policy manager, Diskeeper Corp. Diskeeper — Winner disk defragmentation and drive moni- Winternals Defrag Manager – New Moon Canaveral IQ – Preferred Preferred Product Product toring, remote troubleshooting, net- Raxco PerfectDisk – Preferred work automation and batch Product Best Application Conflict Testing Tool processing, scripting, patch manage- InstallShield AdminStudio — Winner ment, application sharing and appli- Best Remote Troubleshooting OnDemand Software WinInstall – cation conflict testing tools. Solution Preferred Product Altiris Carbon Copy — Winner Altiris Package Studio – Preferred Migration Netopia Timbuktu – Preferred Product Product Quest wins with its Enterprise NetSupport Manager – Preferred Migration Manager earning 18.2 Product percent. Altiris took both preferred

44 | May 2006 | Redmond | redmondmag.com | Project1 4/19/06 11:06 AM Page 1 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 46

The Best of the Best

marks. Next came Winternals Defrag Building Blocks runners-up were Altiris Package Studio Manager with 24.4 percent, and Installing and deploying new software with 16.9 percent and OnDemand Soft- Raxco PerfectDisk with 6.2 percent. is another fundamental category, ware’s WinInstall with 14.6 percent. requiring trusted tools that perform Remote Troubleshooting predictably and consistently. Here’s Drive Imaging Altiris Carbon Copy won the blue what you’re using in your arsenal: Symantec Ghost, last year’s single ribbon, with 15.3 percent of the votes. winner for most votes (and this year’s Close behind were Netopia’s Timbuktu Software Distribution close second), handily won its category with 13.9 percent and NetSupport This was another Microsoft-dominated again with 67.7 percent. Acronis True Manager at 12.8 percent. category, with Systems Management Image garnered 10.7 percent and Altiris Server leaving everyone in its dust with Migration Suite earned 5.9 percent of Network Automation 62.4 percent of the votes. IBM’s Tivoli the ballot. You liked ScriptLogic’s Desktop Netview Distribution Manager was the Authority best, giving it 31.2 per- ISV winner with 8.2 percent, while CA Lockdown cent of your votes. HP Openview UniCenter snatched 5.2 percent. Security is another essential aspect Operations for Windows was next of any technology plan. The ques- with 24.3 percent, and the MKS Software Packaging tion these days isn’t so much Toolkit for Enterprise Developers Installshield AdminStudio torched the whether or what to deploy, but rounded out the top vote-getters at field with 61.3 percent. The top two how much and covering which 10.6 percent. entry points. Experts agree a mix of technologies is best. Here’s a look Scripting INSTALLATION AND at what you’re using to lock your Sapien’s PrimalScript won the hearts DEPLOYMENT network down: of scripters, with 26.4 percent of the tally, while iTripoli AdminSciptEditor Best Software Distribution Product Firewall—Hardware-based was close behind at 22.9 percent. Microsoft Systems Management Cisco Systems PIX series, as it has for XLNow OnScript showed well with Server — Winner years, is the hands-down winner, tally- 13.9 percent. ing 55.1 percent of the vote. Sonicwall Pro and TZ series and Symantec’s Patch Management VelociRaptor won 12.5 percent and 8.8 You obviously like Microsoft’s percent, respectively. efforts here, as its Software Update Services massacred the competition Firewall—Software-based with 55.8 percent of the ballot. Shav- In a competitive race, Microsoft ISA lik Technologies’ HFNetChkPro was Server 2004 finished first with 30.8 the ISV winner with 9.6 percent. IBM Tivoli Netview Distribution percent. Check Point Software Tech- Altiris Patch Management Solution Manager – ISV Winner nologies was the ISV winner with its came in with 7.3 percent and Patch- CA UniCenter – Preferred Product Firewall-1, earning 22.5 percent of Link Update was next with 5.7 per- OnDemand Software WinInstall – the vote. Symantec Enterprise Fire- cent of the votes. Preferred Product wall was the only other significant vote-gatherer, with 18.9 percent. Application Sharing Best Software Packaging Product Another clash of two titans: Citrix Installshield AdminStudio — Security Auditing Winner Metaframe edged out Microsoft GFI LANguard Security Event Log Altiris Package Studio – Preferred Terminal Services,49.8 percent to Product Monitor took top honors in a closely 47.1 percent. No other entries were OnDemand Software WinInstall – contested category, with 15.9 percent of even close. Preferred Product the vote. Tripwire for Servers took 11.4 percent of the vote and CA eTrust Application Conflict Testing Best Drive Imaging Product Access Control got 10.8 percent. InstallShield’s AdminStudio was the Symantec Ghost — Winner big dog here, gobbling up 48 percent Acronis True Image – Preferred Intrusion Detection Product of the votes. Also showing well were The Cisco Secure Intrusion Detection Altiris Migration Suite – Preferred OnDemand Software’s WinInstall, at Product System was the top choice here, with 20.9 percent and Altiris Package Stu- 33.1 percent of the vote. Popular dio with 17.5 percent. open source contender Snort came in

46 | May 2006 | Redmond | redmondmag.com | Project3 4/12/06 11:48 AM Page 1

THE ROAD TO RECOVERY...

...leads to the Acronis booth at TechEd 2006

While many companies talk about backing up user data, at Acronis we believe that it is the recovery of data that is most important. That is why we spend so much time in development working on how to recover data faster.

Features: • SnapRestore™ allows users to work while the system recovers in the background • Universal Restore allows a system to be recovered to dissimilar hardware • Full, Incremental, Differential, and ﬁle level backup

We understand it’s not how fast you backup, but “Acroinis’ True Image solution offers how fast you recover and become productive an unparalleled disk imaging and that matters. disaster recovery solution that few competing vendors can match.” CRN Magazine April 2006

Download a Free evaluation at: www.acronis.com/fasteval See us at Booth #937

RedMondMag_Acronis.indd 1 4/12/06 11:15:37 AM 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 48

The Best of the Best

Anti-Virus SECURITY Symantec AntiVirus dominated here, as the choice of 40.4 percent Best Firewall Product – Hardware- Best Smart Card/Biometric/Two- Based Factor Authentication System of readers. McAfee GroupShield Cisco Systems PIX series — Winner RSA SecureID — Winner was next at 18 percent and Trend Micro’s InterScan Enterprise Suite Sonicwall Pro and TZ series – ActivCard Trinity – Preferred Product Preferred Product earned 14.6 percent. Griffin Technologies Securikey Pro- Symantec VelociRaptor – Preferred fessional Edition – Preferred Product Product Anti-Spyware Best Secure Messaging Tool or McAfee AntiSpyware won this grow- Best Firewall Product – Software- Service (spam and content filtering) ing category, earning 17.9 percent. Based Microsoft Exchange Server 2003 — Trend Micro Anti-Spyware grabbed Microsoft ISA Server 2004 — Winner Winner 16 percent of the vote, while Webroot Check Point Software Technologies Barracuda Networks Spam firewall – Firewall-1 – ISV Winner ISV Winner came in third with 11.6 percent. Symantec Enterprise Firewall – Symantec/Norton Internet Security Preferred Product 2006 – Preferred Product Safekeeping McAfee Personal Firewall Plus – Trend Micro Messaging Security for As disaster recovery and compliance Preferred Product SMB – Preferred Product become bigger issues every year, having your data in a safe and secure Best Security Auditing Product Best Anti-Virus Tool location is a strategic must. Storage GFI LANguard Security Event Log Symantec AntiVirus — Winner Monitor — Winner and backup systems may not be McAfee GroupShield – Preferred Tripwire for Servers – Preferred Product Product the most exciting category, but they’re a critical component of any CA eTrust Access Control – Preferred Trend Micro InterScan Enterprise Product Suite – Preferred Product IT infrastructure.

Best Intrusion Detection System Best Anti-Spyware Tool Backup System Cisco Systems Secure Intrusion McAfee AntiSpyware — Winner Symantec/Veritas wiped out the Detection System — Winner competition, taking the top two Snort – Preferred Product slots. BackupExec dominated with 40 Network ICE BlackICE Pro – percent, and NetBackup was second, Preferred Product with 13 percent. CA BrightStor brought in 8.2 percent of the votes. Best Intrusion Prevention System Cisco Systems Okena StormWatch — Winner Storage Management Network Associates Intrushield – Readers also went with Symantec/ Preferred Product Trend Micro Anti-Spyware – Veritas here, with Storage Central Internet Security Systems – Preferred Preferred Product preferred by 24.3 percent. EMC’s Product Webroot – Preferred Product ControlCenter SRM garnered 19.1 percent and Symantec/Veritas Volume Manager was the choice second with a 17.9 percent vote, while 58.6 percent vote. ActivCard Trinity of 10.7 percent. Network ICE’s BlackICE Pro cracked and Griffin Technologies Securikey double-digits with 10.1 percent. Professional Edition each snagged Disaster Recovery 5.3 percent of the vote. The Symantec/Veritas duo continued Intrusion Prevention its stranglehold, with Backup Exec Cisco continues its run with Okena Secure Messaging earning 24.6 percent and NetBackup StormWatch, used by 28.6 percent of Microsoft Exchange Server 2003 managing 14.4 percent. Winternals respondents. Network Associates’ Intru- was the platform of choice for Recovery Manager chipped in with shield grabbed 10.1 percent and Inter- secure messaging, taking home a 8.5 percent. net Security Systems 8.9 percent. 31.1 percent vote. Grabbing 8 percent of the vote, Barracuda Clustering and Failover Smart Card/Biometric/Two-factor Networks’ Spam Firewall was the Clearly, it’s easier to use a Microsoft Authentication ISV winner, while Symantec/Norton solution for something as closely You chose RSA SecureID by a mile Internet Security 2006 made the top tied to the OS as clustering. You over the other contenders, with a three with 6.6 percent. chose Microsoft Windows Server

48 | May 2006 | Redmond | redmondmag.com | Project5 12/12/05 4:27 PM Page 1 0506red_F2ReadersChoice.v5 4/18/06 11:27 AM Page 50

The Best of the Best

Clustering Services by a huge mar- honors among ISVs, with 11.3 per- gin, with 60.2 percent of the vote. cent. Mercury LoadRunner earned TRAINING AND The ISV winner was Symantec/ 7.7 percent. CERTIFICATION Veritas Cluster Server with 16.5 percent. No other products could Most Reliable Server Platform Best Exam Preparation Product garner double-digit support. Taking the crown again,like last year, or Service was Dell with 41.7 percent. HP fin- Transcender — Winner Load Balancing ished a close second with 38.2 percent Microsoft Press – Preferred Product The same argument can be made and IBM came in with 14.9 percent. Cisco Press – Preferred Product for an operation like load balancing, and the results reflect that similarity. Know Your Stuff? Best Online, Disk-Based or Microsoft Windows Server Network Training and preparing for certifica- Instructor-Led Training Load Balancing is the most popular tion is still an essential part of career Microsoft Press — Winner with 57 percent of the vote. F5 Net- growth. Here’s where you prefer to Global Knowledge – ISV Winner works’ 3-DNS Controller took top get help: MeasureUp – Preferred Product SkillSoft (Books24x7) – Preferred Product STORAGE AND BACKUP Best Windows Certification-Based Boot Camp Best Backup System Best Clustering and Failover Solution Global Knowledge — Winner Symantec/Veritas Backup Exec — Microsoft Windows Server 2003 Winner Clustering Services — Winner The Training Camp – Preferred Product Veritas Cluster Server – ISV Winner GlobalNet Training – Preferred Veritas Global Cluster Manager – Product Preferred Product NSI Software DoubleTake – Preferred Product Exam Preparation Product Best Load Balancing Product or Service Microsoft Windows Server 2003 Transcender won by a healthy margin Network Load Balancing — Winner with 33.7 percent. Microsoft Press F5 Networks 3-DNS Controller – ISV Winner came in at 21.2 percent, with Cisco Mercury LoadRunner – Preferred Press next at 7.8 percent. Product Legato AAM – Preferred Product Online, Disk-Based or Instructor-Led Training Symantec/Veritas NetBackup – Pre- Most Reliable Windows-Based Microsoft Press took the top spot ferred Product Server Platform with 27.5 percent of the vote. The CA BrightStor Enterprise Backup – Dell — Winner Preferred Product ISV winner was Global Knowledge, with 14.1 percent. MeasureUp and Best Storage Management Product SkillSoft earned 8.7 percent and 8.1 Symantec/Veritas Storage Central — percent, respectively. Winner EMC ControlCenter SRM software – Windows Certification-Based Preferred Product Boot Camp Symantec/Veritas Volume Manager – Preferred Product Global Knowledge overwhelms the others as your choice for intense Best Disaster Recovery Product or training, with 48.5 percent of the Service ballot. Next up was The Training Symantec/Veritas Backup Exec — Camp at 16.6 percent and GlobalNet Winner Training, third at 15.1 percent. Symantec/Veritas NetBackup – Preferred Product Winternals Recovery Manager – Lafe Low is Redmond’s executive editor of HP – Preferred Product Preferred Product reviews. If you have questions about the IBM – Preferred Product products or reader survey, you can contact him at [email protected].

50 | May 2006 | Redmond | redmondmag.com | Project3 4/10/06 11:02 AM Page 1 Project3 3/9/06 11:31 AM Page 1

:ERO DAY CONTROL OF WHICH APPLICATIONS CAN EXECUTE :ERO NEED FOR USERS TO RUN AS AN !DMINISTRATOR

4FDVSJUZ EFQFOET PO NVMUJQMF MBZFST PG EFGFOTF 'JSFXBMMT BOUJNBMXBSF BOE PUIFS EFGFOTFT IFMQ CVU SFRVJSF DPOTUBOU VQEBUFT 1SPUFDUJPO .BOBHFS JT QSPBDUJWF 8IFO VOLOPXO BQQMJDBUJPOT QFOFUSBUF BMM PUIFS EFGFOTFT 1SPUFDUJPO .BOBHFS JT UIFSF PO UIF JOTJEF UP CMPDL UIFN GSPN FYFDVUJOH VOMFTT BOE 2%!, 3%#52)49 VOUJM ZPV BVUIPSJ[F UIFN 0G BMM UIF MBZFST PG EFGFOTF 34!243 /. 4(% ).3)$% UIBU ZPV IBWF BOE UIBU ZPV OFFE 1SPUFDUJPO .BOBHFS JT UIF POF UIBU JO UIF FOE JT HPJOH UP TBWF ZPVS TLJO

0/-: 1305&$5*0/ ."/"(&3

t &MJNJOBUFT UIF XJOEPX PG WVMOFSBCJMJUZ MFGU XJUI DVSSFOU BOUJNBMXBSF NFUIPET

t &OBCMFT B TFDVSF MFBTUQSJWJMFHF OFUXPSL XJUIPVU CSFBLJOH MFHBDZ BQQMJDBUJPOT

t &OBCMFT DVMUVSBMMZ BDDFQUBCMF 1$ MPDLEPXO WJB GPVS HSBEVBUFE EFQMPZNFOU NPEFT

t 1SPWJEFT EFMFHBUFE SFBMUJNF BQQSPWBMEFOJBM PG BQQMJDBUJPO SFRVFTUT GSPN VTFST

t 1SPWJEFT B DPOGJHVSBCMF QSJWJMFHFT NPEFM GPS JODSFNFOUBM QSPUFDUJPO PWFS UJNF &2%% $AY 4 WINTERNALSCOMPROTECT RIAL 4RY IT 4ODAY

¥ 7INTERNALS 3OFTWARE ,0 !LL RIGHTS RESERVED 7INTERNALS IS A REGISTERED TRADEMARK OF 7INTERNALS 3OFTWARE ,0 0ROTECTION -ANAGER IS A TRADEMARK OF 7INTERNALS 3OFTWARE ,0 !LL OTHER TRADEMARKS ARE PROPERTIES OF THEIR RESPECTIVE OWNER IN THE 53 ANDOR OTHER COUNTRIES 0506red_F2Portable53-58.v9 4/18/06 10:53 AM Page 53

Never install software again! We look at 20 top portable apps, from office suites to IP scanners.

BY MICHAEL DESMOND

nstall a Windows application and it’ll spray cryptic result was Portable Firefox, a repackaged, feature-identical files and registry changes all over your PC. In addi- version of the popular browser. tion to mucking up your configuration, these apps For Haller, what began as a simple project has turned into a I typically can’t be used elsewhere without installing full-time job. He maintains and distributes portable versions them on another PC. of nearly a dozen open source applications, which can be It doesn’t have to be that way. A new generation of found at www.portableapps.com. His work is getting noticed. portable apps runs without touching your Windows “I’ve got tons of e-mails from soldiers in Iraq and configuration. Just copy the program files and folders to a Afghanistan, saying ‘Thank you for making this available and spot on a hard disk, USB storage key or other media, and making my life easier,’” says Haller. He also recalls getting double-click the .EXE file. noted on such popular news sites as Slashdot and Digg on Portable apps can ease backup and management of pro- the day he released Portable OpenOffice. “It took out the gram settings, storing them in their local folders, rather than site for about a day and a half. That was a first for me.” a Windows program or user profile folder. Copy your Many of these apps hark from the open source movement, portable apps folders to a USB key, and all your settings and which enables developers like Haller to repackage them files travel with you. Your apps just work. and means they’re free to use. Be sure to look for the non- John T. Haller can tell you. A Web developer in Queens, installable versions—usually .ZIP files—when downloading. N.Y., Haller wanted to see if he could tune the open source Should you consider portable apps? To help you decide,we Firefox Web browser to run from a USB storage key. The look at 20 install-free programs, ranging from productivity

ProductivityProductivity onon thethe GoGo

ILLUSTRATION BY RALPH VOLTZ | redmondmag.com | Redmond | May 2006 | 53 0506red_F2Portable53-58.v9 4/18/06 10:53 AM Page 54

Productivity on the Go

behemoths like the OpenOffice suite to for plug-ins and automated program FoxIt PDF Reader ensures that you nifty utilities like XnView. The broad updates. Portable Firefox loads a bit can read any PDF, from any machine. range of mature software surprised us, less quickly than the installable version, In our tests, it displayed large and as did the overall stability and perform- but the time difference is negligible. complex PDF files with aplomb, ance of the portable code. This is a must-have app that can help opening them in a fraction of the secure your surfing. Just be sure to time of the criminally bloated Acro- Productivity Apps manually turn on caching and other bat 6 client. Scrolling and navigation The Kitchen Sink settings if you intend to run this from are also slippery fast—a far cry from OpenOffice your system’s hard disk; these settings the delayed rendering of Adobe’s www.portableapps.com/openoffice are turned off by default to streamline client. One annoying quirk: while Disk space: 147MB performance on flash-based USB keys. FoxIt PDF Reader faithfully dis- Almost ludicrously complete, this played text edit marks in our PDF Microsoft Office competitor comes All-in-One IM files, it failed to pick up the associated packed with word processor, spread- Portable GAIM Beta 2 text. The $35 Pro version includes sheet, presentation, graphics design and http://portableapps.com/apps/internet/chat/portable_gaim edit tools. database software. The massive down- Disk space: 15MB load may be too large for many USB This multi-protocol IM client replaces PIM and Proper keys, but the programs run reliably and dedicated IM software for MSN Mes- EssentialPIM Portable as quickly as the installable version of senger, Yahoo! Messenger, AOL IM, www.essentialpim.com/?r=products&pr=dvsp OpenOffice. The applications read and a host of other protocols (including Disk space: 1.7MB GroupWise, IRC and Outlook schmoutlook. EssentialPIM SameTime). Quick and could be the killer app that keeps unobtrusive, GAIM your Registry tidy and your schedule includes nice features like and contacts in order. The program Buddy Pounce for catch- offers ample calendar views and ing elusive contacts the options, including recurring appoint- moment they log on. It ments and a useful text filter for also integrates better with hunting down tasks, notes and con- Windows than Miranda, tacts. Like other options here, the another portable IM client application can import and export alternative. industry-standard iCalendar files. Most impressively, it will find and POP Goes Your import your existing Outlook or Out- E-mail look Express data, including contact, Mozilla Thunderbird schedule and other information. http://portableapps.com/apps/ Figure 1.Portable apps can do everything from manage your e-mail internet/email/portable_thunderbird iCalendar Eye Candy to sleuth system settings and ping devices on the network. Disk space: 12MB Rainlendar and write the latest Microsoft Office This capable POP3 e-mail client www.ipi.fi/~rainy/index.php?pn=projects&project= formats and include built-in PDF comes packed with junk mail con- rainlendar output—a nice plus. The one concern: trols, user-customizable e-mail fil- Disk space: TKMB application load times. Launching from ters, and capable search and sort The luscious looking Rainlendar the hard disk, OpenOffice Writer took functionality. While Thunderbird calendar program employs nifty a full 15 seconds to come up on a ably supports multiple POP3 transparency effects and features 1.6GHz Pentium M-based laptop. accounts, the configuration interface an active community of skin and is difficult and controls for managing plug-in writers to deliver great- The Tabs Have It passwords and upstream connections looking calendars for your desktop. Mozilla Firefox are complicated. The software can read and output http://portableapps.com/apps/internet/browsers/portable_ standard iCalendar (.ICS) format firefox PDF Portable files and offers a plug-in for display- Disk space: 19MB FoxIt PDF Reader ing Outlook calendar data. While The feature-identical version of the www.foxitsoftware.com you can set up recurring appoint- popular Firefox browser weighs in at Disk space: 2.6MB ments and task lists, the software just under 20MB and offers familiar Whether you work in IT or man a desk falls short as a PIM replacement. features like tabbed browsing, support in marketing, you gotta read PDF files. But it sure is pretty.

54 | May 2006 | Redmond | redmondmag.com | Project3 4/3/06 3:42 PM Page 1 0506red_F2Portable53-58.v9 4/18/06 10:53 AM Page 56

Productivity on the Go

HTML Hotness controls may be a bit unrefined, but ridiculously complete, yet intuitive, Nvu otherwise, VLC is an extremely full- image-management program. http://portableapps.com/apps/development/web_editors/ featured program for playing back portable_nvu audio and video files of every stripe. IT Tools Disk space: 10.3MB Able Uploader Creating HTML content was meant Music to My Ears FileZilla to be simple, straightforward and XM Player http://portableapps.com/apps/internet/ftp/portable_filezilla clean, but along the way vendors like www.un4seen.com/xmplay.html Disk space: 3.29MB Microsoft and Macromedia also made Disk space: 1.4MB If you need to upload and download XM Player could make you forget all files from a remote server, the popular about WinAmp. While it falls short as a FileZilla open source FTP app has true music library application—for been the ticket. The portable version instance, it won’t nest titles within artist of this client keeps the fast and well- and album entries—the software is slick designed UI, so you can carry your and fast, loading instantly on my desk- numerous server pre-sets anywhere. top. By contrast, WinAmp often needs Unlike other FTP apps, which have 10 seconds or more to do the same gone on to embrace bloat, FileZilla thing. The interface can be a tad quirky, does one thing very well—move files with its right- and left-click aware but- across networks. A must have. tons, but a broad selection of skins helps make XM Player easier to use. Password Manager Figure 2. EssentialPIM supports recurring KeePass Password Safe events and custom alarms, and lets you Pixel Perfect http://keepass.sourceforge.net/index.php import calendar and task data from Out- XnView Disk space: 750KB look and Outlook Express. www.xnview.com Password confusion is a growing mal- it expensive. The solid, open source Disk space: 14.4MB ady. Rather than keep passwords in an Nvu HTML editor lets you create Whether you manage gigabytes of digi- easy-to-snoop text file or on sticky standards-compliant HTML pages tal photos or need to retouch screen notes, store them in KeePass and pro- for nothing, and the portable version shots and graphics, the free XnView tect them with a universal password. lets you do it from anywhere. The application can do the job better. Much Because the app is portable, you can interface can be a bit brittle—for better. Fast and intuitive, XnView dis- run this secure storage utility from instance, HTML code and rendered plays virtually any graphic (and even any Windows PC. A killer app for the output reside under different tabs many video) file formats in a familiar portable set. rather than side-by-side. But the Explorer-like split screen interface. graphical interface produces clean and Powerful, rules-based batch conver- Itty Bitty BitTorrent consistent HTML that roundtrips sions let you rename, resize, compress, uTorrent reliably with Dreamweaver and other adjust and even transform images to www.utorrent.com well-behaved HTML editors. new formats. Create slide shows, out- Disk space: 155KB put contact sheets and produce attrac- This tiny app lets you tap into the vast Play Anything tive Web pages of your photos. A BitTorrent distributed file sharing Video LAN Client (VLC) www.videolan.org/vlc/download-windows.html Disk space: 35MB U3 Eases Portability Hassles Never open Windows Media Player An emerging standard called U3 could tempt mainstream software makers into the portable app arena. again. VLC is a self-contained media Founded by leading flash storage device makers SanDisk and M-Systems, U3 provides a framework tying player that supports an incredibly applications to flash memory-based storage. U3-enabled USB storage keys use a special controller that uniquely broad range of codecs and formats. identifies the device. A hidden partition lets Windows AutoRun fire up the U3 Launcher interface, a sort of Start Unlike the popular and portable Media menu for U3-smart devices. Encryption prevents a lost USB key from creating an embarrassing data spill. Player Classic (MPC) app, VLC does- Users can buy U3-smart devices today from SanDisk, including devices with pre-loaded applications. Adding n’t rely on system-installed codecs to applications is a simple matter of downloading the software to the U3-enabled drive. interpret files. Instead, support for U3 has some merits, but it’s not clear if the standard will get off the ground. The two companies leading the everything from .MPEG and .WMV to charge have yet to rope in other portable storage firms, and no major ISVs have released U3-smart versions of Dvix and XviD-encoded files are con- their software. Still, if successful, the effort could help make portable apps more commonplace. tained within the (rather hefty) 35MB — M.D. download. The volume and scrubber

56 | May 2006 | Redmond | redmondmag.com | Project6 12/8/05 1:44 PM Page 1 0506red_F2Portable53-58.v9 4/18/06 10:53 AM Page 58

Productivity on the Go

network. Used to enable everything print, e-mail or save the results as a from the download of software patch- report, including to a .CSV file. es and technical documentation to outright media piracy, BitTorrent uses Scan and Deliver an innovative distributed access Angry IP Scanner scheme to speed file transfers. While www.angryziber.com/ipscan there are plenty of BitTorrent clients, Disk space: 108KB uTorrent is smaller and more portable When I need to reach out and ping a than the rest. bunch of systems, I reach for Angry IP Scanner. This bitty utility launches in Heads up Display a flash and lets me ping and resolve Figure 4. Despite its compact size, uTor- Statbar hundreds of local and Web-based IP rent gives you helpful information about the status of your file transfers. www.statbar.nl addresses in a single go. I can discern Disk space: 330KB IP addresses from URLs and perform instance, I can display the CPU histo- To diagnose an intermittent system tasks like traceroute and geolocation. ry of each running item, so I can track or connectivity problem, you need A Favorites list keeps frequently down apps that intermittently hog situational awareness. Few utilities do pinged addresses handy and the pro- resources. The program also lets you a better job of providing heads-up gram can write out scan results to a promote or demote process priorities, system intelligence than Statbar, a variety of formats. kill or suspend processes, and even compact dashboard that displays perform system events like shutdown everything from CPU and memory False Start Finder or restart of the PC. usage to network throughput, system Sysinternals Autoruns uptime and battery charge levels. www.sysinternals.com/Utilities/Autoruns.html Handy volume and system Disk space: 333KB GetMoreOnline on/off/lock controls offer one-touch Autoruns plumbs your Registry and Want to read more about portable access to oft-used functions. system settings to find every exe- applications? Visit Redmondmag.com cutable, DLL and component invoked and check out additional product Diagnostic and between the moment you hit the reviews, a Q&A with developer John T. Troubleshooting Tools power button and when Windows fin- Haller and more when you download an extended version of this feature in Document and Overcome ishes loading. Each entry offers a PDF format. WinAudit Google link, which launches a Web www.pxserver.com/WinAudit.htm browser with Google search results for FindIT code: OnTheGo Disk space: 620KB the selected file name—great for Take stock of your entire system hard- sleuthing mystery entries (and you will redmondmag.com ware and software configuration, from find a few). Use the tabbed interface to BIOS, OS and application version explore items by category, while the information to the status of open ports Hide Signed Microsoft Entries setting Connect More and services. You can select which spots third-party components that can Sysinternals TCPview areas of the system to audit, and can be the source of trouble. A simple www.sysinternals.com/Utilities/TcpView.html checkbox interface lets you disable Disk space: 104KB components that autoload. Just be If you need to sniff out active network careful—users have hosed their boot connections on a Windows-based PC, routines by axing the wrong bits. Microsoft includes the text-based netstat utility. Sysinternals’ TCPView Task Manager on Steroids does pretty much the same thing, but Sysinternals Process Explorer offers a sensible Windows interface www.sysinternals.com/Utilities/ProcessExplorer.html that makes the resulting output much Disk space: 1.4MB easier to process. You can sort results The Task Manager’s Processes tab is so it’s easy to find specific processes, the first place IT-savvy folks go to or save a snapshot to a .TXT file for search for a runaway process or locked review offline.— up application. Sysinternals’ Process Explorer is a much more functional— Michael Desmond is Redmond’s editor Figure 3. Rich batch conversion tools let you transform entire collections in a if cluttered—utility that offers exhaus- at large. You can reach him at single step—a huge time saver. tive detail and fine control. For [email protected].

58 | May 2006 | Redmond | redmondmag.com | Project1 3/14/06 10:38 AM Page 1

Do you have a certiﬁcation from one of Microsoft, Sun, these organizations? Comptia, Cisco

Then you may have completed up to 25% of your bachelor’s degree at WGU.

Let’s face it, IT certification earns you a job. But you need a degree to advance your career. At Western Governors University (WGU), you can earn the only accredited, online competency- based IT degree in the country, including up to eleven respected IT certifications. If you already hold major IT certifications, you may be able to waive some of your degree requirements and graduate faster—and for a lot less money. WGU is ideal for working IT professionals because you can study when it’s convenient for you, under the guidance of faculty mentors dedicated to your success.

Call us today at 1.800.219.6689 or visit us online at www.wgu.edu/rdm

Bachelor of Science in Information Technology Emphasis Areas Offered: Networks, Databases, Security, and Software

Western Governors University KJHEJA =??AHAN=PA@ =BBKN@=>HA =??NA@EPA@ 0206red_RedmondSubAd 1/16/06 2:16 PM Page 1

got Windows?

get

The Independent Voice of the Microsoft IT Community

Essential. Timely. Face to Face. Each month, Redmond magazine gives you hands-on problem solving, tactical hard-core tech info, real-world reviews, expert columnists, interviews, news analysis and strategic insights into all things Microsoft. And, much more. P.S. Spread the news. Pass it along — your peers will value from this offer as well.

Subscribe/Renew at Redmondmag.com 0506red_Never_61.v5 4/18/06 12:04 PM Page 61

NEVER AGAIN By David Harding Out of Control Hell hath no fury like two employees scorned.

arly in my career, I was Computer Operations Manager horror, we found that the two AWOL employees had sabotaged all the floppies for a medical testing company that monitored employees for the locations they’d been working on, for hearing loss over a number of years. This company and the secondary backups as well. I had to inform the boss. I felt extremely was relocating from Chicago to the warm weather of bad. We’d lost at least 18 weeks’ worth of E work. We had the off-site copies, but Arizona. Being the mid-to-late ‘80s, we were using IBM AT those hadn’t been updated since the company’s move to Arizona. In addition, these computers with dual 5 1/4" floppy drives and 10MB hard two employees had essentially stolen six drives. None of our four PCs were networked at this time. months of pay. The boss’s son, a lawyer, said there wasn’t much we could do The database was managed by a custom created in another set of about it, because the amount of dBASE III+ program and used data files floppies. We had a loss wasn’t worth the legal stored on 5 1/4" high-density floppy disks third copy off-site hassles and the cost of (remember those?). Some of the database in a bank vault. prosecution. files were so large (in those days) that After about six As a result of this even trying to fit them onto the 10MB months of data fiasco, my data hard drive was difficult. The total size of entry and thou- entry personnel- the database was over 80MB, and sands of tests hiring duties were spanned hundreds of floppies. These recorded, two of removed, but I were divided up by geographic locations my personnel was given authori- or by company as data sets so that the requested a raise for ty to come up largest file spanned at most five floppies. their efforts. I asked with a solution that One of my duties was to hire data entry the boss, but he simply would prevent this personnel to enter the records of the said no. As the following from happening again. hearing tests of about 10,000 employees payday rolled around, I distrib- The following week I of large, heavy industrial companies. uted the checks and my people left for bought and installed my first After getting the computers set up and lunch. Only one returned. Novell Netware server. I wrote a dBASE training three new people on procedures, This couldn’t be good. When I asked program to take advantage of a net- they started entering the data. When where the other two were, there was just worked database, which eliminated the they were finished with a particular data a shrug of the shoulders as the remain- need for floppy disks. The database was set, that database file was backed up onto ing employee started back to work. centralized on the new Novell server floppy disks. Then a second copy was After a couple of hours, the worker with regular backups onto the tape drive. came into my office and said there were A routine was then implemented for What’s Your Worst problems restoring a data set to the PC rotating tapes to off-site storage on a IT Nightmare? for the next batch of entries. I tried the regular basis. My office became the floppy on another computer and got secured computer room, with access Write up your story in 300-800 words read errors. I spun the floppy inside its granted to only me and my manager. and e-mail it to Keith Ward at kward@ sleeve, which revealed what looked like a My biggest lesson learned? You redmondmag.com. Please use “Never crease in the media. Further research can control computers, but you can’t Again” as the subject line and be sure determined that the crease was made control people.— to include your contact information for with a ball point pen. I asked my opera- story verification. tor to bring all the floppies to me, and we David Harding is a senior programmer/ went through them one by one. To our analyst for Dakota State University.

ILLUSTRATION BY MARK COLLINS | redmondmag.com | Redmond | May 2006 | 61 0506red_Winsider62-64.v5 4/18/06 11:00 AM Page 62

WindowsInsider Greg Shields Extending Security

ast month we talked about the Windows Server 2003 If I’m using the SCW to secure my servers, I’m going to need to extend it Security Guide. That well-written document, which so that the NetBackup question is avail- uses the Security Configuration Wizard (SCW) as its able to me in the GUI. Otherwise, I L could end up with a very secure server, toolbox, is your guide to securing your servers. but with very unusable backups. To do this,you would typically locate But for all its usefulness, the SCW When you run the SCW’s GUI, the the default Extension and Localization only works with Microsoft applications. three types of files merge on your pro- KBs found in the %windir%\security\ If you’ve got Symantec AntiVirus, totype machine to make the file msscw\kbs folder. Make a copy of one, Veritas NetBackup, or any other non- main.XML. This file contains what open it in a text editor, and rewrite it to Microsoft applications running on that we’ll call “the questions.” Or, more include the necessary NetBackup service. server, the SCW’s helper functions technically, this file contains all the This can be a challenging exercise, as the won’t recognize and automatically options you potentially could select to KBs in that folder can be very long and secure them. So this month, we’re secure that machine with the SCW. very complicated. going to DIY our own SCW extensions As you work through the SCW’s GUI Fortunately, we’ve created a much to handle these apps. interface, selecting the services you simpler example you can use as a tem- want to secure and the options you want plate. This template is intended to be If I Had a Hammer to disable, you end up creating another simplistic, as there are more services Before we start constructing new exten- XML file that contains what we’ll call and network ports necessary for Veritas sions, let’s talk a minute about what’s “the answers.” This policy file, called NetBackup, but it’ll do for our purpos- going on behind the scenes when you policy.xml, is what you use to apply the es. We’ve removed all the extra bits out run the SCW. First, if you haven’t security policy to this and other of the sample Extension and Localiza- already, install Windows Server 2003 machines on your network. tion KBs and compressed them into a Service Pack 1 onto a prototype In last month’s column, we discussed single file. We’ve also highlighted in machine. Then check out the contents of how you can use the SCW to fill out “the green the sections you need to modify. the %windir%\security\msscw\kbs questions” and how to use the “Windows <> folder. In that folder, you’ll see a number Server 2003 Security Guide” to give you of Knowledge Base files with .XML the correct answers. But, as discussed extensions. These files contain the data earlier, these correct answers only work well as what descriptive text to populate products. What if you’ve got the Veritas the SCW GUI with when you launch it. NetBackup client installed on a server • The Root KB defines the basic Cutting Corners information about a particular OS For a simplistic example of how to do version and should never be modified. that, let’s pretend our servers all have The Root KB for Windows 2003 is the Veritas NetBackup client installed. • Extension KBs spell out the security SCW, the SCW’s helper functions settings for a particular server’s role. As would likely not find the NetBackup called ISA.xml. suggest that I shut down any unneces- • Localization KBs provide the text you sary network ports and services, which see on the GUI screens when you launch might include the obviously necessary the SCW.The associated Localization NetBackup Client Service that runs on KB for ISA server is named ISAloc.XML. network port 13782/tcp.

62 | May 2006 | Redmond | redmondmag.com | Project3 3/9/06 11:47 AM Page 1

When it comes to disaster, it’s not IF, but WHEN. And too often, it’s when you least expect it.

Get High-Availabilty and Disaster Recovery “In-One” Double-Take delivers real-time data replication combined With Double-Take ® with fail-over so you have high-availability and disaster recovery for your Windows Servers -- safely and securely. It is your job to keep servers up, data available and prevent downtime. Failure to protect mission critical data and This is the reason that hundreds of Fortune 500 companies applications can set your business back by weeks, months or worldwide use Double-Take to ensure their business continuity. worse. Disaster recovery is now one Three levels of data compression allow of the highest IT priorities. more data to be replicated and increase performance and scalability. In today’s business climate, you have to have a tested plan and reliable tools in place for Double-Take gives you the peace of mind your data is safe the moment your server (or site) goes down. Double-Take and your job secure. is that tool. Don’t wait. Download a free Sold more than all other High-Availability tools combined, it is 30-day eval copy right now even certified for W2K Datacenter. No other HA tool is. A whole and start protecting your department sitting on their hands can cost thousands of dollars data and applications. per minute. The ROI of Double-Take is a no-brainer.

Download Your Free Eval Copy Today

www.sunbelt-software.com Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 Email: [email protected] 0506red_Winsider62-64.v5 4/18/06 11:00 AM Page 64

WindowsInsider

Here, you give a Display Name and Description for each of the items con- textual information you’ll see in the NetBackup Client SCW GUI when you configure this Port service on your prototype machine. Used by NetBackup Be descriptive. Clients to connect to the You can leave the other text alone. It’s server necessary for the SCW to recognize that this is a custom “questions” file you’re importing. You’re nearly done. To import your it into the folder %windir%\security\ TRUE msscw\kbs with all the other Knowl- Automatic major sections: Roles, Services, and mand to import the file: scwcmd Ports for the Extension information, register /kbname: / and a separate section for Localization kbfile:. information. The next time you run the SCW on • In the Roles section, you describe this machine, you’ll see your questions the role that this Extension KB will listed right there with the default ones secure; in other words, its name and from Microsoft. type. Note here the role that your 13782 NetBackup role depends on. In our Craftsman Work example, the NetBackup Client Ser- Obviously, all this work takes some time vice role depends on the File Server and preparation before you start looking role. You’ll see that Selected Value = at XML files. You’ll need to do some True. This means that this service is research into your non-Microsoft appli- TCP enabled by default in the SCW GUI cations, the services they use, and the when launched. network ports on which those services • In the Services section, you name are listening. the actual Windows Service and its To help with this,from a command startup default. We set this service’s prompt you can use the native netstat Startup_Default as Automatic, but you tool to get a list of the ports on which can choose Default or Manual. You’ll the system is currently listening. For notice also that for the service you more detailed information, try using must use the actual Service Name netstat –ab. This command lists the rather than its Display Name. You can active connections on a machine and properties of the service in Computer cutable listening on the port. NetBackup Client Management. Lastly, we’ve marked The payoff, though, is a more secure Service this service as Optional. network. Surely that’s worth the extra Manages Backups to • For Ports, you need to give the port a elbow grease. — a NetBackup Server name, identify it as a static or dynamic port, and define its value and protocol. Greg Shields, MCSE: Security, CCEA, is Static ports never change, while dynamic a senior systems engineer for Raytheon Co. ports start on a single port and later in Aurora, Col. A contributing editor to protocol, you can select TCP or UDP. support and technical consulting in NetBackup INET • Lastly, you’ll see the Localization Microsoft and Citrix technologies. Reach Daemon information at the bottom of the file. him at [email protected].

64 | May 2006 | Redmond | redmondmag.com | Project7 4/12/06 3:07 PM Page 1 bind-in.qxd 4/17/06 3:28 PM Page BK1 bind-in.qxd 4/17/06 3:28 PM Page FR1 Project3 3/9/06 11:04 AM Page 1

’ And end-users Your life shouldn t. The always get email Windows IT Pro Readers’ Choice Winner three years in a row, from the people iHateSpam for Exchange lets you control spam according to the in their own needs of your company and users — not to mention your needs. Contacts folder. for Microsoft Exchange 5.5, 2000 and 2003 Spam detection 98.5% outofthebox: You can “configure it and Constantly updated dual spam engines: forget it” for easy, effective “hands-off” spam management. Field-tested, powerful spam detection. And setup takes Filtering based on tunable parameters: minutes, not hours Use our default engine or customize or days. Low with your own rules or blacklists. false positives: Customizable treatment of spam: Control aggres- Delete it, route it to a designated mailbox, put siveness of spam a custom message in the subject, or even quarantine it detection with to a spam folder in the end-user’s mailbox. Filter at the simple threshold server — no client software needed: Set flexible settings. Set server server-level policies for groups or single users. or user-level whitelists.

Download the 30-day FREE trial at www.sunbelt-software.com/ihred

Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]

SecurityAdvisor JoernRoberta Wettern Bragg Microsoft at Your Service

icrosoft’s latest foray into offering IT services to supplement its packaged software portfolio has M reached the security arena. This month, we’ll review what’s available today and provide a glimpse of what you can expect both from services and packaged security solutions coming out of Redmond later this year. It’s Live! The main advantage of this Microsoft You’ve undoubtedly heard of Microsoft’s offering is that it’s easy to use. Microsoft announced push into managed services, takes care of all signature and scanning including associated Web sites such as engine updates for you; all you have to Windows Live and Office Live. When do is run the tool about once a month. Windows Live started, it looked like lit- It’s been done by other security vendors Figure 1. Choosing Scanning Options in the Windows Live Safety Center. tle more than some new glue to hold since the 1990s, most notably Norton together existing online applications and AntiVirus, but at least Microsoft’s come tomers trust Microsoft to keep their services like MSN Messenger and on board. This isn’t a solution you’d see computers secure? More critical for Microsoft Search. Since that disappoint- in a corporate environment, but if it Microsoft will be how its customer will ing start, Microsoft has added more fea- helps reduce the number of infected feel about paying a monthly or yearly tures to Windows Live, and one of the computers that threaten everyone on the fee for such a service. Starting in June more interesting ones is the Windows Internet, we all benefit. Microsoft will charge for an annual Live Safety Center, currently in beta. subscription, but until then the free The Safety Center is an interesting Protection by Subscription beta period will continue. concept. Its goal is to relieve you from The Windows Live Safety Center is an Windows Defender, Microsoft’s anti- having to worry about installing and interesting concept, but it doesn’t pro- spyware product, is also currently in updating your anti-virus and anti-spy- vide continuous protection. Another beta. Built on the technology acquired ware software, and from manually per- new product, Windows OneCare Live, when it bought security vendor forming various cleanup and takes care of that. OneCare runs in the GIANT Software last year, the current maintenance tasks on your computer. background to work in real time, just beta version has a clean interface and is Instead, the Safety Center gives you an like any other anti-virus package. extremely easy to set up and use. It online application that does all of this Like more established security prod- looks a lot like OneCare, and I would- by running a single application from ucts, it goes beyond virus protection n’t be surprised if these products will be the Windows Live site. You still have to and adds a personal firewall—one more combined before they hit the market install a small scanning plugin on your capable than Windows XP’s built-in later this year. computer, but once that’s done you just version. Additional OneCare features I’ve been using the Windows Defend- need to run virus and maintenance include backup, background disk er beta for several months now and it scans from the Windows Live site. defragmentation and cleanup. It inte- appears to be working very well. How- Microsoft may just get the many grates with Microsoft Update to ensure ever, one big complaint is that it doesn’t home users who never update virus that your computer always has the lat- detect or alert you about tracking cook- signatures or perform other security est security updates. ies, which could allow someone to maintenance tasks to visit this Web site Even more importantly, it can update reconstruct some of your Web surfing once a month to check their computers itself. With OneCare you no longer habits. There are legitimate uses for for malicious software. At the same have to worry about keeping your com- tracking cookies, and Microsoft has time, users can have the Safety Center puter secure; Microsoft will do all the valid arguments for not flagging them perform a number of cleanup and work for you. Whether this concept in Windows Defender. But if you’re tune-up tasks. will work is still unknown. Will cus- concerned about these cookies, you’ll

| redmondmag.com | Redmond | May 2006 | 67 0506red_SecAdvisor67-68.v5 4/18/06 12:28 PM Page 68

SecurityAdvisor

have to use something else for spyware ices will have been renamed using the protection settings to client computers scanning, unless Microsoft makes some “Exchange Hosted” label. As Microsoft and users. changes to Windows Defender. integrates FrontBridge even closer Microsoft Operations Manager with Microsoft Exchange and invests (MOM) will most likely be used to cen- Taking It to the Enterprise in expanding its services, it should trally collect information about virus Windows Defender, Windows Live become even more appealing to any- outbreaks and other events on client OneCare and Windows Live Safety one considering using hosted services computers. Of course, SQL Server will Center look like promising products for messaging security. be used to store much of the client infor- for consumers, but just like Microsoft mation. If Microsoft continues previous Update they lack the manageability A Big Mystery patterns, you may be able to use the per- features required for the enterprise. Microsoft plans to roll out another sonal edition for SQL, but larger compa- To that end, Microsoft has also been enterprise security product, Microsoft nies will want to use a more powerful working on developing security services Client Protection, later this year. A pro- version of SQL Server. for companies. tection suite for corporate client computers, Microsoft has been unusually Get Ready for It! quiet about the details of Microsoft Until Microsoft Client Protection Client Protection. Still, the outlines becomes available to a broader audience appear obvious. Microsoft Client Protec- with a beta, we won’t know whether it tion will protect businesses against mal- will be able to compete with client pro- ware, such as viruses and spyware. tection products from other vendors. At its core, this protection should be That said, if Microsoft delivers a product very similar to that offered by Windows with comprehensive protection features Live OneCare and Windows Defender. and easy management, any organization However, how the protection is provided with an extensive Windows infrastruc- will be very different. ture will want to test and evaluate it. Just like Microsoft Update, Microsoft’s Microsoft Client Protection could turn Figure 2. Window Defender presents a other consumer products shield users out to be a blockbuster if Microsoft is clean, uncluttered interface. from having to config- successful at building a reputa- Log on to ure security for their tion for the protection program Redmondmag.com to Last year it purchased FrontBridge, computers, while offer- read more about the during its first year of existence. which has been offering a number of ing limited settings that security products On the other hand, if the product interesting hosted e-mail security serv- users can change. and services comes up short—whether it’s ices. Among them: spam and virus fil- Microsoft’s software discussed here. missing key features or faltering FindIT code: tering, encryption, archiving and robust update tools for compa- in its protection capabilities— AtURService e-mail access that works even if the nies, Windows Server Microsoft won’t gain significant mail server is unavailable. To provide Update Services (WSUS) and Microsoft market share. No matter how this devel- these features, FrontBridge maintains Systems Management Server (SMS), ops, though, you won’t be able to ignore several large data centers through don’t allow end users to make any Microsoft Client Protection. I highly which all customer e-mail is routed. changes. Instead, IT administrators cen- recommend following the development By consolidating e-mail delivery and trally configure the manner in which of this product and planning for early archiving for a large number of cus- client computers are updated. You should testing as soon as a beta is out. — tomers, FrontBridge can provide much expect Microsoft Client Protection to better e-mail reliability and higher take a similar approach. Joern Wettern, Ph.D., MCSE, MCT, accuracy rates for spam and virus detec- I expect the final product to provide Security+, is the owner of Wettern Network tion than most companies can hope to similar functionality to the consumer Solutions, a consulting and training firm. achieve. FrontBridge customers still products, while being highly manage- He’s written books and developed training run their own mail servers, but they able for corporations. Microsoft has courses on a number of networking and outsource part of their infrastructure. made it very clear that Microsoft security topics. In addition to helping compa- By the time you read this, Microsoft Client Protection will integrate with nies implement network security solutions, he will have completed a major phase of existing Microsoft management prod- regularly teaches seminars and speaks at con- integrating FrontBridge into the ucts, so it will undoubtedly work with ferences worldwide. Reach him at Exchange product group, and the serv- Active Directory to centrally assign [email protected].

68 | May 2006 | Redmond | redmondmag.com | 0506red_WebSemAd_69.qxp 4/17/06 2:06 PM Page 69

Free Web Seminars

Now Available On-Demand ➤ Implementing a High Availability Solution with Microsoft SQL Server

➤ Eliminating Risks: Addressing the Threat from Within

➤ Disaster Recovery for the Microsoft Windows Server System, Step-by-Step

➤ How to Determine Effective Permissions in Windows

➤ Exchange Management: New Self-Service Tools Give Users More Control Brought to you by: Visit: Redmondmag.com/techlibrary/webcasts 0505red_TMLasVegasAd.qxp 4/18/06 8:44 AM Page 1

TechMentor Conference October 9-13, 2006 Rio All-Suite Hotel & Casino Las Vegas, NV

TechMentorEvents.com

Presented by 0506red_Index_71.v2 4/18/06 5:31 PM Page 71

RedmondResources ADVERTISING SALES AD INDEX Advertiser Page URL Matt Morollo 2X Software 8 www.2x.com Associate Publisher Acronis Inc. 36,47 www.acronis.com 508-532-1418 phone Altiris 43 www.altiris.com Capella University 26 www.capella.edu 508-875-6622 fax CrossTec Corporation 57 www.crossteccorp.com [email protected] DesktopStandard C3 www.desktopstandard.com Devon IT 27 www.ntavo.com Diskeeper Corporation 41 www.diskeeper.com Dorian Software 49 www.doriansoft.com Northwest East EMC 19,36 www.emc.com Embarcadero Technologies 31 www.embarcadero.com No. CA, OR, WA, Alberta, British AL, CT, DE, FL, GA, KY, LA, MA, MD, GFI Software 17 www.gfi.com Columbia, Saskatchewan ME, MS, NC, NH, NJ, NY, PA, RI, SC, GriSoft 5 www.grisoft.com TN, VA, VT, WV, Quebec, Ontario, Europe IBM 51 www.ibm.com Bruce Halldorson iTripoli 20 www.AdminScriptEditor.com/redmond Northwestern Regional Sales JD Holzgrefe Lucid8 11 www.lucid8.com Manager Eastern Regional Sales Manager The Neverfail Group 28,37 www.neverfailgroup.com 209-473-2202 phone 804-752-7800 phone NSI Software, Inc. 33 www.nsisoftware.com 209-473-2212 fax 253-595-1976 fax Privacyware 37 www.privacyware.com [email protected] [email protected] Quest Software C4 www.quest.com Raxco Software, Inc. 36 www.raxco.com West/Mid West IT Certification & RedHat 25 www.Redhat.com Training—USA, Europe Redmond Subscription 60 www.Redmondmag.com AK, AR, AZ, So. CA, CO, HI, ID, IA, IL, Al Tiano SAPIEN Technologies, Inc. 23,36 www.sapien.com IN, KS, MI, MN, MO, MT, ND, NE, Advertising Sales Manager, IT ScriptLogic 13 www.scriptlogic.com NM, NV, OH, OK, SD, TX, UT, WI, WY, Certification & Training Shavlik Technologies 45 www.shavlik.com Manitoba, Pacific Rim, Australia, New 818-734-1520 ext.190 phone Softtree Technologies 10,37 www.softtreetech.com Zealand, India, Pakistan 818-734-1529 fax Sophos Inc. 7 www.sophos.com [email protected] Special Operations Software 15 www.specopssoft.com Dan LaBianca Sunbelt Software C2,63,66 www.sunbelt-software.com Western Regional Sales Manager TechLibrary 69 www.Redmondmag.com/techlibrary/webcasts 818-674-3416 phone ENTmag.com & TCPmag.com TechMentor 70 www.TechMentorEvents.com 818-734-1528 fax The Training Camp 65 www.trainingcamp.com [email protected] Tanya Egenolf Account Executive Websense 3,37 www.websense.com 760-722-5494 phone Western Governors University 59 www.wgu.edu/rdm Production Wiley Publishing 55 www.wiley.com Kelly Ann Smith 760-722-5495 fax [email protected] Winternals Software 52 www.winternals.com Production Coordinator XOsoft 35 www.xosoft.com 818-734-1520 ext.164 phone 818-734-1528 fax EDITORIAL INDEX redmondadproduction@ Company Page URL 101com.com Altiris Inc. 38-50 www.altiris.com Argent Software 38-50 www.argent.com Corporate Headquarters: 9121 Oakdale Ave., Mail requests to “Permissions Editor,” c/o Barracuda Networks 38-50 www.barracudanetworks.com Suite 101, Chatsworth, CA 91311 REDMOND magazine, 16261 Laguna Canyon Centeris Corp. 38-50 www.centeris.com www.101com.com Road, Ste. 130, Irvine, CA 92618. The informa- Cisco Systems Inc. 38-50 www.cisco.com tion in this magazine has not undergone any for- Media Kits: Direct your Media Kit requests to mal testing by 101communications and is Citrix Systems Inc. 38-50 www.citrix.com Matt Morollo, Associate Publisher, distributed without any warranty expressed or Dell Inc. 38-50 www.dell.com 508-532-1418 (phone), 508-875-6622 (fax), implied. Implementation or use of any informa- Diskeeper Corp. 38-50 www.diskeeper.com [email protected]. tion contained herein is the reader’s sole Embarcadero Technologies Inc. 38-50 www.embarcadero.com responsibility. While the information has been EMC Corp. 38-50 www.legato.com Reprints: For all editorial and advertising reviewed for accuracy, there is no guarantee reprints, contact PARS International at that the same or similar results may be achieved F5 Networks Inc. 38-50 www.f5.com 212-221-9595 (phone), 212-221-9195 (fax); in all environments. Technical inaccuracies may GFI Software Ltd. 38-50 www.gfi.com e-mail:[email protected]; online: result from printing errors, new developments in IBM Corp. 38-50 www.ibm.com www.magreprints.com/QuickQuote.asp the industry and/or changes or enhancements iInventory Ltd. 38-50 www.iinventory.com to either hardware or software components. iTripoli Inc. 38-50 www.itripoli.com List Rentals: To rent REDMOND’s or other LANDesk Software 38-50 www.landesk.com 101communications’ publications postal, REDMOND magazine (ISSN: 1553-7560, telemarketing or e-mail lists, please contact our USPS: 0015-657) is published monthly by MKS Inc. 38-50 www.mkssoftware.com list manager: Worldata, 3000 N. Military Trail, 101communications LLC, 9121 Oakdale NetIQ Corp. 38-50 www.netiq.com Boca Raton, FL 33431-6375, 800-331-8102, Avenue, Ste. 101, Chatsworth, CA 91311. Netopia Inc. 38-50 www.netopia.com www.worldata.com Periodicals postage paid at Chatsworth, CA Neverfail Group Ltd. 16 www.neverfailgroup.com 91311-9998, and at additional mailing offices. Novell Inc. 38-50 www.novell.com CONFERENCES Annual subscription rates for U.S. $39.95 TechMentor Conferences: contact Al Tiano, (U.S. funds); Canada/Mexico $54.95; out- OnDemand Software Inc. 38-50 www.ondemandsoftware.com Sales Manager, 818-734-1520 ext. 190, side North America $64.95. Subscription PatchLink Corp. 38-50 www.patchlink.com [email protected]. The Data Warehousing inquiries, back issue requests, and address Quest Software Inc. 38-50 www.quest.com Institute: contact Diane Smith, Exhibit Sales, changes: Mail to: REDMOND, P.O. Box Raxco Software Inc. 38-50 www.raxco.com 206-246-5059 ext.108, Denelle Hanlon, Publica- 2063, Skokie, IL 60076-9699, e-mail Sapien Technologies Inc. 38-50 www.sapien.com tion and Sponsorship Sales, 206-246-5059 [email protected] or call 866-293- ScriptLogic Corp. 38-50 www.scriptlogic.com ext.102, [email protected]. FCW 3194 for U.S. & Canada; 847-763-9560 Events and Conferences: contact Lucy Cooley, for International, fax 847-763-9564. Shavlik Technologies LLC 38-50 www.shavlik.com Events Director, 703-876-5081, lcooley@ POSTMASTER: Send address changes Softricity Inc. 38-50 www.softricity.com 101com.com. Syllabus Conference and to REDMOND, P.O. Box 2063, Skokie, IL Tarantella 38-50 www.tarantella.com Exhibition: contact Anne Morris, Exhibit Space 60076-9699. Canada Publications Mail Agree- Trend Micro Inc. 38-50 www.trendmicro.com or Sponsorship, 818-734-1520 ext.219, ment No: 40039410. Return Undeliverable VMware Inc. 12, 38-50 www.vmware.com [email protected]. Canadian Addresses to Circulation Dept. or DHL Smart & Global Mail, 2-7496 Bath Rd., Webroot Software Inc 38-50 www.webroot.com © 2006 by 101communications. All rights Mississauga, ON, L4T 1L2, Canada. Websense Inc. 38-50 www.websense.com reserved. Reproductions in whole or part Copyright 2006 by 101communications LLC. Winternals Software LP 38-50 www.winternals.com prohibited except by written permission. All rights reserved. Printed in U.S.A. This index is provided as a service. The publisher assumes no liability for errors or omissions.

| redmondmag.com | Redmond | May 2006 | 71 0506red_Foley_72.v2 4/18/06 10:59 AM Page 72 Foley on Microsoft By Mary Jo Foley Microsoft Live: A Six-Month Report Card ast November, Bill Gates unveiled Microsoft’s latest sea So here is my six-month Live Report Card: change—its Live strategy. Microsoft watchers have Ambition: A been struggling to make sense of it ever since. A new product or feature coming from L Microsoft almost every day is unheard Six months after kicking off the that, Microsoft is creating a growing of. Live makes the Softies seem like “Live” era of software, Microsoft has family of Windows Live applications the innovators they so desperately rolled out nearly two dozen entities and “experiences.” want to be. under that banner. Sometimes it This is where everything from Win- seems like Microsoft is using “Live” as dows Live Expo classifieds to Windows Buzz: B/C a way to re-brand MSN. Other times, Live Messenger instant messaging fits Folks know Live matters and that its Live is “Microspeak” for Web 2.0. in. Other non-Windows-specific servic- primary driver, Ray Ozzie, is the Cho- Does “Live” mean hosted? Software es—such as Xbox Live, Office Live, sen One. However, very few developers as a service? All of the above? None of Visual Studio Live (code-named “Tus- outside of Microsoft have jumped on it? Is there any method to the Live cany”) and other future Microsoft Live the Live bandwagon so far. madness? While Microsoft has done services—also plug in at this level. I almost nothing to clarify Live matters, walked out of that session, shaking my Clarity: D there actually is something there. head and muttering, “Why couldn’t Six months after launching Live, Microsoft still can’t explain what it My Microsoft Live epiphany came in late March, after attending means or why it matters in a single, a session outlining the Windows Live developer strategy at simple sentence. Microsoft’s Mix ’06 conference (the event that was thoroughly Delivery: B/C shadowed by yet another Windows Vista delay). As with arch rival Google, perpetual beta seems to be the modus operandi. My Microsoft Live epiphany came in someone have said this before now? Maybe never-ending betas mean never late March, after attending a session Now I get it!” having to say you’re sorry? outlining the Windows Live developer If you dig into another hidden gem, strategy at Microsoft’s Mix ’06 confer- the MSDN Windows Live Developer Now that we’ve had six months to ence (the event that was thoroughly Center, you’ll see the Live strategy digest it, how would you rate the overshadowed by yet another Win- even more clearly. Microsoft has crafted Microsoft Live rollout? Do you think dows Vista delay). The “aha!” moment a policy and come up with a mechanism Live will change the way Microsoft happened when Microsoft detailed the for licensing various Live properties, developers build software or the way development-platform story for Live. including Live.com gadgets, custom you buy it? If you were Ray Ozzie, Envision a typical Microsoft architec- domains, search, MSN/Windows Live what would you do next to build tural diagram consisting of three layers Spaces, Virtual Earth and Live Messen- Live momentum inside and outside here: At a core level, Microsoft is giv- ger. There are software development the company? Write to me at ing developers both inside and outside kits for each of these entities. Not that [email protected].— the company three sets of interfaces— you’d know it if you relied on contacts, identity and storage. There is Microsoft’s MSN folks to tell you. We Mary Jo Foley is editor of Microsoft Watch, an optional layer of common services unearthed this wealth of information by a Web site and newsletter (Microsoft- sitting atop those interfaces. The serv- accident while poking around in the Watch.com) and has been covering Microsoft ices include search, AdCenter, pres- Live Developer Center and clicking on for about two decades. You can reach her at ence, mapping and mobile. On top of “business model.” [email protected].

72 | May 2006 | Redmond | redmondmag.com | Project4 9/13/05 11:23 AM Page 1

LEAST PRIVILEGE COMPLIANCE IS NOW IN YOUR HANDS

In today’s corporate environment, it’s not an option. DesktopStandard’s Group Policy extensions take you beyond built-in Windows security management, giving you the power to limit rights and privileges to the least required for authorized tasks. Reduce the complexity of managing your distributed desktop environment while increasing security and compliance. Find out how at www.desktopstandard.com.

05/2006/IRedmond Smart E-mail. Get top marks in e-mail management. With intelligent archiving from Quest Software.

Pop quiz: how do you meet e-mail compliance requirements while reducing the cost of messaging data storage and increasing productivity? The correct answer: with e-mail archiving solutions from Quest Software.

Quest® Archive Manager is the versatile solution that helps your organization address e-mail compliance requirements and much more. Discover and retrieve data easily with powerful searching tools. Access and leverage the knowledge locked up in e-mail with secure information sharing. And reduce ongoing operational costs through efficient storage management capabilities.

e, Inc.All rights reserved. trademarks of Quest Software. trademarks or registered are Quest and Software Go to the head of the class with the smart choice in e-mail archiving — Archive Manager from Quest Software. ————————————————————————————————————— ©2005 Quest Softwar All other brand or product names are trademarks or registered trademarks of their respective holders. trademarks of their respective trademarks or registered names are All other brand or product To learn more, read our new white paper “E-mail Controls and Regulatory Compliance — What You Need to Know,”at: www.quest.com/smart —————————————————————————————————————

Application Management | Database Management | Windows Management