0208red_Cover.v9 1/17/083:37PMPageC1

FEBRUARY • $5.95 02 > Server 2008 at Windows Take aCloseLook platform? next-generation Will itbe your platform? next-generation Will itbe your Server 2008 at Windows Take aCloseLook Foley: IsSilverlight the White ElephantintheRoom?

7125274 867 27 + + 26 26 Searching for Enterprise Search Engines Get Ready for SQLServer 2008 Beta ManLooks atMicrosoft Search Server Searching for Enterprise Search Engines Get Ready for SQLServer 2008 Beta ManLooks atMicrosoft Search Server ERAY20 REDMONDMAG.COM FEBRUARY 2008 37 37 45 45 12 12 64 Project2 1/14/08 12:46 PM Page 1 UB_CatchPhrase_Redmond.ai 1/11/08 12:03:14 PM

Reliability — Catch phrase or reality?

Hot backups. Business continuity. Continuous data protection.

These and other buzzwords have been generated by the technology industry to get your attention. But what do these terms mean to you? To UltraBac Software, they are another way of explaining the goal at the center of our business: perfect uptime. We invest the time and resources to offer solutions that ensure you have the fastest, most reliable access to your stored data, avoiding costly downtime waiting for failed machines to recover. Introducing Continuous Image Protection (CIP). UltraBac Software is so excited about our new technology that aids in this goal, we’re announcing CIP before its planned release. CIP is a form of continuous data protection (CDP) with a new innovation: it automatically backs up each sector on a disk as it is changed, unlike standard image backups which run only on a periodic basis. With CIP, your image backup never stops – so a system can be brought back to a point-in-time, rather than restoring a static image that could be up to 23 hours old. UltraBac Software’s sole mission is data protection. So when we advertize product reliability, innovative features and functions, and top-notch support they are not simply catch phrases we use, but rather our commitment to you and your business. UltraBac – Innovative software from a reliable company.

BACKUP AND DISASTER RECOVERY SOFTWARE FOR PEOPLE WHO MEAN BUSINESS WWW.ULTRABAC.COM

© 2008 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, UBDR Pro, Continuous Image Protection, and Backup and Disaster Recovery Software for People Who Mean Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies. 0208red_TOC1.v6 1/17/08 12:30 PM Page 1

2007 Winner for Best Single Issue Computers/Software, Training & Program Development/Trade Redmond FEBRUARY 2008 The Independent Voice of the Microsoft IT Community Contents

COVER STORY REDMOND REPORT 9 Longhorn’s File Services Role Windows Formalizing a formerly Server 2008: subjective functionality. 10 Gates Begins His Long Goodbye Taking a Microsoft’s chairman wraps up the first Closer Look ‘digital decade’ with his last CES keynote. Virtualization and configurability in Microsoft’s new server OS present enterprise IT shops with both challenges and opportunities. 12 Beta Man Microsoft Search Server Page 26 2008 Express COLUMNS 4 Barney’s Rubble: FEATURES Page 45 Doug Barney 37 Laying the Groundwork: Dear Steve: Microsoft SQL Server 2008 Think Enterprise Redmond’s new database server is a complex product often running mission-critical apps. You can’t afford to not get it right. 45 Searching for an Answer in the Enterprise PHOTO BY IRA WYMAN As the clamor from IT shops for better internal search grows louder, competition among vendors both large and small gets hotter.

REVIEWS 53 Mr. Roboto: Product Reviews Roundup Jeffery Hicks Get Answers to Your 15 Keep Your Disk 20 Build an IT Structure Storage Questions Drives Healthy for Compliance 55 Windows Insider: Diskeeper 2008 Pro Premier attacks a Any of these solutions can help Greg Shields hidden problem with a comprehensive ensure that you’re following A NAP Is Good for performance management solution. organizational policies or Your Health regulatory requirements. Reader Review 57 Security Advisor: 17 Windows Server 2008: Joern Wettern So Far, So Good Virtualization Done Differently Enhanced administration, security, IIS updates and virtualization promise 64 Foley on Microsoft: to make moving to Microsoft’s new server OS worthwhile. The White Elephant in the Room?

ALSO IN THIS ISSUE 2 Redmondmag.com | 6 [email protected] | 63 Ad and Editorial Indexes

COVER ILLUSTRATION BY ROBERT KAYGANICH 0208red_OnlineTOC2.v5 1/17/08 9:30 AM Page 2

Redmondmag.comFEBRUARY 2008

VisualStudioMagazine.com Questions with ... Visual Studio 2008 Kicks Off Scott Bekker Scott Bekker is editor PHOTO BY KATHERINE LAMBERT here’s so much new stuff in in chief of Redmond TVisual Studio 2008 that our Channel Partner. Read sister publication, Visual Studio RCP’s coverage of the Magazine, devoted an entire managed services issue to it. Find out about all the provider (MSP) market in new features in Visual Studio the February issue. 2008—plus what got left out—and read up on a primer on Visual Basic Scott Bekker 2008, the lowdown on bugs, what to expect in future versions and much, In a nutshell, what’s a much more. Read it all online now on VisualStudioMagazine.com. managed services provider? FindIT code: VSMVS2008 It’s a company that remotely monitors your infrastructure and keeps your servers running.

ESJ.com While Microsoft partners might get the MSP concept, why should What’s in Store for customers care? On an MSP model you pay the same Storage in 2008 monthly fee whether the system is online or offline, with penalties to the hen it comes to storage in 2008, it’s the “beginning Jon Toigo MSP if a service level agreement isn’t Wof the end of Fibre Channel [FC],” according to met. To succeed, an MSP needs to ESJ.com columnist Jon William Toigo. keep your systems running. “Frankly, FC never delivered the goods,” he writes. “It didn’t provide the any-to-any connectivity between servers and storage that those who Is there a legitimate fear that MSPs thought up a SAN back in the late 1990s had promised. Pounding the nail in will replace IT services at some point? the coffin of FC was a survey conducted last year that showed that FC Theoretically, having an outsider fabrics were the third leading cause of IT downtime in companies.” handle infrastructure uptime lets IT Find out what Toigo thinks will replace FC, and learn about his other departments concentrate on storage predictions for 2008. FindIT code: ESJST2008 implementing new applications that are strategic to the business. REDMONDMAG.COM RESOURCES What are FindIT codes? Resources Enter FindIT Code Throughout Redmond, you’ll >> Daily News News discover some stories contain FindIT >> E-Mail Newsletters Newsletters codes. Key in those codes at >> Free PDFs and Webcasts TechLibrary Redmondmag.com to quickly >> Subscribe/Renew Subscribe access expanded content. FindIT >> Your Turn Editor Queries YourTurn codes are not case sensitive.

Redmondmag.com • RCPmag.com • RedDevNews.com • VisualStudioMagazine.com MCPmag.com • CertCities.com • TCPmag.com • ENTmag.com • RedmondEvents.com • ADTmag.com • ESJ.com

2 | February 2008 | Redmond | Redmondmag.com | Project5 10/8/07 11:07 AM Page 1

:067&/&7&34&&/"3&1035%05)*4#&'03&

%&':5)&-"840'3&1035*/(

1VUOFXQPXFSJOUIFIBOETPGCVTJOFTTVTFST &NQPXFSUIFNUPNBLFNVMUJQMFEFDJTJPOTGSPNPOF SFQPSU SVOUIFJSPXO²XIBUJG³TDFOBSJPTBOEHFUNPSF SFQPSUWJFXT JOTUBOUMZ4PZPVµSFGSFFGSPNXSJUJOH OVNFSPVTSFQPSUTBOEVQEBUFT±UBTLTUIBUDBOIBWF SFBMJNQBDUPOZPVSEFQBSUNFOUµTQSPEVDUJWJUZ

1VUOFXQPXFSJOZPVSPXOIBOET8SJUFSFQPSUTXJUI TUVOOJOHOFXWJTVBMTMJLFFNCFEEFEWJEFPBOE FOSJDIFEHSBQIJDT$SFBUFDPNQFMMJOHBOEFOHBHJOH JOUFSBDUJWFFYQFSJFODFTGSPNBOZEBUB BOZXIFSF

%JTDPWFSUIFOFXMBXTPGSFQPSUJOHGSPN$SZTUBM3FQPSUT±UIFUSVTUFEJOEVTUSZTUBOEBSE 7JTJUCVTJOFTTPCKFDUTDPNEFGZUIFMBXTPSDBMM $PQZSJHIU‰#VTJOFTT0CKFDUT4""MMSJHIUTSFTFSWFE 0208red_Rubble4.v7 1/17/08 9:33 AM Page 4

Barney’sRubble by Doug Barney

RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY REDMONDMAG.COM FEBRUARY 2008 ■ VOL. 14 ■ NO. 2

Editorial Staff Editor in Chief Doug Barney Dear Steve: Think Enterprise Editor Ed Scannell Executive Editor, Features Lafe Low Executive Editor, Reviews Peter Varhol Managing Editor Wendy Gonchar ’ve always thought open letters to major executives were Associate Managing Editor Katrina Carrasco Contributing Editors Mary Jo Foley Jeffery Hicks more pompous than a Dennis Miller monologue, but in Greg Shields Joern Wettern this case, it’s worth being a bit pretentious. So here it is: Art Staff I Art Director Brad Zerbel My first-ever open letter. Senior Graphic Designer Alan Tao

Online/Digital Media Steve, your company is doing a remark- on Parallels and BootCamp for Windows Editor, Redmondmag.com Becky Nagel able job in digital music and mobile interoperability isn’t enough. You need to Executive Editor, New Media Michael Domingo Executive Editor, Web Initiatives Becky Nagel phones, and the Mac is doing swell in the improve native Mac OS interoperability. Online News Editor Keith Ward graphics and home markets. After seeing • Connect with Linux desktop ven- Associate Editor, Web Gladys Rama the death of OS/2, the Amiga, the Atari dors. Linux on the Mac, if heavily mar- Director, Web Development Rita Zurcher ST and a long line of wacky com- keted, would rally the geek troops. puters from Radio Shack/ • Get aggressive on pricing.

Tandy, I’m stunned that your The cheapest MacBook is President Henry Allain Mac is even still alive. For the around $1,100, and its hard- Vice President, Publishing Matt N. Morollo record, I predicted the death of ware is the rough equivalent Vice President, Editorial Director Doug Barney Director, Marketing Michele Imgrund the Mac—one of many times of a $450 Dell. You shouldn’t Senior Marketing Manager Tracy S. Cook I’ve been more wrong than an have to be a brie-eating, Marketing Programs Manager Videssa Djucich intelligence report on Iraq. For Volvo-driving, Merlot-drinking that I apologize. yuppie to afford a Mac. With Apple’s image at an all- • Communicate with the

time high (your stock IT press and IT customers. President & CEO Neal Vitale isn’t too shabby, Although skeptical, the CFO Richard Vitale either), it does seem IT press would love to Executive Vice President Michael J. Valenti Managing Director, Events Dick Blouin arrogant for me to hear from Apple. They Vice President, Financial William H. Burgin offer advice, but I believe would especially like to Planning & Analysis Apple is missing out on a golden interview you, Mr. Jobs. Vice President, Finance & Christopher M. Coates Administration opportunity. And that opportunity is • Offer a vision of where the Mac Vice President, Audience Abraham M. Langer the enterprise. How many IT pros use is going. Microsoft never stops Marketing & Web Operations Vice President, Erik A. Lindgren Macs at home or buy them for the family? refreshing its vision of the future, and Information Technology Vice President, Print & Mary Ann Paniccia Isn’t this a perfect target audience? offers IT a clear roadmap with features, Online Production One would think so, but you, Steve, ship dates and sometimes even pricing. Chairman of the Board Jeffrey S. Klein clearly don’t. Go to Apple.com and you’ll • Work with IBM. Your old PowerPC find plenty of pages about phones and ally could be your best enterprise friend. Reaching the Staff Editors can be reached via e-mail, fax, telephone or mail. music players and how cool Macs are— Steve, please give Sam Palmisano a call. A list of editors and contact information is available at but nothing about business, nothing It may be that avoiding the enterprise Redmondmag.com. E-mail: E-mail is routed to individuals’ desktops. Please use the about IT, nothing about the mainstream. is a smart business decision. If you following form: [email protected]. Your commercials attack Vista and make an effort and fail, that may affect Do not include a middle name or middle initials. Telephone: The switchboard is open weekdays 8:30 a.m. promote the Mac OS as an alternative the image of your other products. to 5:30 p.m. Pacific Time. After 5:30 p.m. you’ll be directed for computer enthusiasts, but isn’t the Looking back, though, didn’t Apple to individual extensions. Irvine Office 949-265-1520; Fax 949-265-1528 same true for Corporate America? survive the Newton, the Lisa and the Framingham Office 508-875-6644; Fax 508-875-6633 Here’s a list of what I’d do if I were you: Apple IIGS? Corporate Office 818-734-1520; Fax 818-734-1528 The opinions expressed within the articles and other contents • Bring back licensing. A great herein do not necessarily express those of the publisher. number of vendors and lower prices When was the last time Apple spoke worked wonders for Windows. to you in IT terms, instead of home • Work like mad with standards bod- computing terms? Send your thoughts ies, especially on file formats. Relying to [email protected].—

4 | February 2008 | Redmond | Redmondmag.com | PHOTO ILLUSTRATION BY ALAN TAO Project3 12/26/07 4:27 PM Page 1 0208red_Letters6.v3 1/17/08 9:50 AM Page 6

[email protected]

It’s Not Easy Being Green I think that when it comes to the environment, it’s never too early to get into action in reducing the carbon footprint everywhere [“Manage Your Carbon Footprint,” November 2007]. If not for the obvious global warming (that others are still debating) we should behave green at least for the quality of the air we breathe so that we don’t complain about the modern-day illnesses that are hitting us. There are heroes of the environment among us that take action for a better and greener world. We all should be

inspired by their example. As for the in their latest version 7.7, which I see systems that seem to fail at the enterprise … green actions always updated to recently. earliest opportunity. A few days ago our mean greenbacks these days. As I see the future of what the mainframe didn’t want to boot up right Thank you for a great article. desktop management tool would look after we replaced a card. It took more Gheorghe Curelet-Balan like—based on my own priorities and than eight hours to repair. I have a cell Waterloo, Ontario, Canada experience—it would extensively use phone, but just when I wanted it last Sat- data, reporting and configuration man- urday, the battery declared itself dead. I Sticking to the Facts agement tied to database storage. That’s also know a few places I routinely drive What I love about Redmond is that it why I guess ScriptLogic, Advanced Sys- where there’s no signal. I lived in town as always provides a concentrated set of tems Concepts, Microsoft (with SCCM a child and power outages seemed rare. information without going deep into 2007) and others who support database Today, it’s routine to lose power during a unneeded details of a product [November operations in their management prod- thunderstorm. The outages are shorter 2007 Redmond Roundup, “Automating ucts are paving the way to what I hope in duration, but cause me to go about the the Desktop”]. You focus on the features will be seen as the standard concept in house re-setting clocks on various appli- that are key to the product and the the near future. Will Dixon ances. I have a UPS for my computer, so aspects of the work that we cover. You Baltimore, Md. it usually survives, but my stove and TV don’t go into useless discussions about sometimes need to be re-programmed. the bells and whistles, but give a Technical Durability? With all of today’s “high-tech” living, comprehensive review of the features I was just reading my latest Redmond it seems to me we’re not making the that allow me to quickly make a deci- Report about Unified Communications improvements in reliability that should sion if it’s what I’m looking for or if I [“More Communication About UC,” be included. Many of my professional need to look for some other solution. Dec. 3, 2007] and I had a thought: Is the magazines talk a lot about planning for I agree here that one of the biggest new technology durable enough? At catastrophe. The government journals issues that I face on a day-to-day basis home, I still have a phone that’s hooked refer to Continuity of Operations is the variety of everyday tasks I have directly to the line. The idea is, if the (COOP). We store our backups off site to perform to keep my network envi- power goes off, I should still have and our Web site will probably work ronment functional. Everything hap- service. But, more and more at work I when we can’t, but a big wind or light- pens so fast—and the environment is ning strike could leave almost 500 always in a state of flux. employees twiddling their thumbs. In my view, another key component Whaddya Think About two years ago in California I each product connected with enterprise stopped at a burger joint and couldn’t management should now include are Send your rants and raves to buy a hamburger because the computer [email protected]. ?! tools to perform detailed reporting on ?! was down. They had power, the gas everything you have to deal with while Please include your first and grill was working, but they didn’t know last name, city and state. If we administering the environment. That’s how to make change or record the sale. use it, you’ll be entered into a one of the best features in Desktop Is this progress? John D. Hubbard drawing for a Redmond T-shirt! Authority and I see great improvements St. Joseph, Mich.

6 | February 2008 | Redmond | Redmondmag.com | Project2 1/7/08 10:43 AM Page 1

ˆ XFQSPUFDUZPVSEJHJUBMXPSMETˆ

8F´WF CFFO UPME POMZ UIF NPTU LOPXMFEHFBCMF *5 NBOBHFST IBWF IFBSE PG VT

)BDLFST BQQSFDJBUF UIBU

8JUI PWFS  OFX UISFBUT BUUBDLJOH ZPVS TZTUFNT PO B EBJMZ CBTJT JU´T DSJUJDBM UIBU ZPV VQHSBEF ZPVS VTFST UP UIF CFTU QSPUFDUJPO BWBJMBCMF &4&5 /0% "OUJWJSVT #VTJOFTT &EJUJPO JT B TDBMBCMF FOEQPJOU TPMVUJPO EFTJHOFE UP DPOTVNF GFXFS SFTPVSDFT UIBO UIF TQFFELJMMJOH CMPBU GPVOE JO DPNQFUJUJWF TPGUXBSF &4&5 /0% QSPBDUJWFMZ EFUFDUT BOE FMJNJOBUFT WJSVTFT USPKBOT XPSNT BEXBSF TQZXBSF QIJTIJOH  SPPULJUT BOE PUIFS NBMXBSF *O GBDU JU´T UIF POMZ TPMVUJPO XJUI B  TVDDFTT SFDPSE JO PWFS OJOF ZFBST PG UFTUJOH CZ 7JSVT #VMMFUJO 4FF GPS ZPVSTFMG IPX NVDI PG BO VQHSBEF /0% USVMZ JT XJUI B GSFF EBZ USJBM BU XXXFTFUDPNOPE

ESET NOD32 Antivirus Business Edition " /FX 8BZ 5P 5IJOL 4NBSU

© 2008 ESET. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET. Ad code: RM *Learn more at virusbulletin.org. Project1 1/8/08 9:16 AM Page 1

?JÊI7F;H<;9J;IJEH;L7KBJI)&&DEBE=O

Ifyouarelookingforinstantbackupanddata recovery, with RAID-DP protection against dual drive failure, you’ve found the perfect fit. With NAS, iSCSI SAN,andDASrightoutofthebox,theStoreVault product family provides storage solutions that will grow with your business needs. NetApp enterprise- proven technologies provides a rich feature set, including simple on-the-fly provisioning and off-site data replication. It’s truly the perfect fit to maintain business continuity and regulatory compliance.

J^[ d[m I)&& ijWhj_d]WjkdZ[h)"&&& 9Wbb ki jeZWo Wj .&&#(&,#+),) eh j^[ I+&& ijWhj_d] Wj +"+)+ B[Whd ceh[ WXekj ekh If[Y_Wb E\\[hi Wj mmm$ijeh[lWkbj$Yec 0208red_RedReport8-12.v10 1/17/08 9:38 AM Page 9

RedmondReport

Longhorn’s File Services Role Formalizing a formerly subjective functionality.

This is the fifth and final installment of a Boon or Pain? series by contributing editor Greg Shields, One of the most interesting settings which has taken a close look at Microsoft’s The Drive to now turned on by default is access- upcoming Windows Server 2008 operating based enumeration (ABE). This capa- system, also commonly known as “Long- Longhorn bility was first introduced in Windows horn.” The series has been dedicated to eval- Server 2003 Service Pack 1. With uating some of the product’s new technical Resource Manager, Services for NFS ABE, new capabilities on files and capabilities as a way to gauge their useful- and the Windows Search Service. If folders are enabled so users that don’t ness to IT admins in their everyday work. your organization requires backward have access to read a particular file or This month’s installment takes a look at the compatibility, the Server 2003 FRS and folder are unable to see it. No permis- product’s File Services Role. Indexing service are also available. sions, no visibility. n the old days, creating a file server Depending on your file-serving needs, Depending on the needs of your envi- was easy. Take a standard Windows any of these are optional components ronment, this may be a boon to your Iserver, add a folder, share that that augment traditional file sharing. users or an added pain. If users shouldn’t folder among the right users and Arriving as part of the File Services be aware of folders to which they don’t groups and you’re done. No mess, no core is the new Share and Storage have access, this can be an excellent fuss. In fact, the whole concept of a file Management wizard, which takes much option. But eliminating file and folder server was relatively subjective. Just of the work out of the process of sharing visibility can inhibit users from finding about all of our servers had at least a folder. It’s installed to Server Manager data they may need to access later. ABE one file share on them, so virtually all upon the installation of the File Services is enabled on a per-share basis, so of them could be considered file Role. This wizard enumerates in a single keeping keenly aware of where this may servers of one form or another. location all shares and volumes currently be useful is important. The most critical point to remember, however, is that unlike previous versions, ABE is enabled Formalizing the role of file services in Server 2008 is a big advantage by default on all shares managed through to your computing environment. the Provision a Shared Folder Wizard. Formalizing the role of file services in Server 2008 is a big advantage to your With Windows Server 2008, Microsoft configured for the server. It also provides computing environment. Encapsulating has codified the role of a file server more advanced information about file many of the oft-needed optional com- objectively through the creation of the screening, shadow copies, quotas, repli- ponents into a single role will only File Services Role. Server 2008 is a cation information and volume types. make easier your process of sharing much more highly componentized oper- The process to provision new storage data to users. ating system than in previous versions, and shares is similarly improved. If you [This article is based on pre-release so many of the bits and bytes necessary remember back to Windows 2003, creat- information.—Ed.] — to do complex file sharing require the ing a new share could involve a number installation of this role. of individual management consoles: One Greg Shields ([email protected]), to create the share, another to change its MCSE: Security, CCEA, is an Optional Components NTFS and share permissions, a third and independent author, instructor and Though this seems like an extra step for fourth to share it through NFS or enable consultant based in Denver, Colo. A a trivial operation, installing the File offline caching of its contents. All of contributing editor to Redmond and Services Role grants a set of additional these—plus a number of additional MCPmag.com and a popular speaker at Role Services as well. Optional parts of configurations—are now included as part TechMentor events, his recent book, the File Services Role are the Distrib- of the Provision a Shared Folder Wizard, “Windows Server 2008: What’s uted File System, both for Namespaces which can be accessed through Share New/What’s Changed” (Sapien, 2008), is and Replication, the File Server and Storage Management. now available at www.sapienpress.com.

| Redmondmag.com | Redmond | February 2008 | 9 0208red_RedReport8-12.v10 1/17/08 9:38 AM Page 10

RedmondReport

Gates Begins His Long Goodbye Microsoft’s chairman wraps up the first ‘digital decade’ with his last CES keynote. By Ed Scannell necting people. It will be more user- Computer Inc.’s new Lamborghini note- n what is the beginning of the end centric,” Gates said. book along with Lenovo’s new IdeaPad. of an era, Microsoft Chairman Bill Gates predicts the key element over Perhaps the most notable gadget Gates IGates gave his last keynote address the next 10 years will be the “natural showed off was the “mobile navigator,” a at the Consumer Electronics Show user interface,” one that will permit users device people can use to point at a person (CES) last month. As is his tradition to interact with a range of devices in a or place and obtain more information. the last eight years, Gates, who leaves more natural way. He surprised many by Right now, the technology driving the full-time work at Microsoft this July, mentioning the iPhone from archrival product lives only in Microsoft’s took the opportunity to share his vision Apple Inc., with its sophisticated touch research labs. Gates said he doesn’t see of where he believes technology is screen as a harbinger of things to come. the technology coming to market as a headed and how Microsoft will partici- Turning to products and technologies standalone product. He indicated that pate and help materialize that vision. coming in the nearer future, Gates said some of it would likely find its way into Discussing the direction of consumer Microsoft had reported that Samsung digital cameras and phones. technologies, Gates said continued would be offering an adapter for its flat- Updating conference attendees on advances in connectivity, user inter- screen televisions to act as Media Center existing products, Gates said the com- faces, and high-definition video and extenders. This would let consumers run pany has now shipped 100 million audio will be the driving forces in that TV shows, pictures and music stored on copies of Windows Vista after just 11 market for the next 10 years. a Windows Vista-based desktop or note- months of availability. — “The first digital decade has been a book located in a different room. As for great success. The second digital more innovative PCs, Gates said his Ed Scannell ([email protected]) is decade will be more focused on con- company would show off ASUSTeK Redmond’s editor. Project6 9/4/07 1:25 PM Page 1

Now Vista Supported

Bringing Your Assets into Focus Without a comprehensive IT asset management solution in place, you may only be seeing half the picture. That presents dangers like system downtime from improper upgrades, poor customer service, overpaying on license fees and inappropriate usage of software/internet by employees.

NetSupport DNA facilitates central management of your enterprise IT assets in a secure, coordinated and effi cient manner. NetSupport DNA is available in a modular format including Hardware and Soft- ware Inventory, Alerting and Change History with Software Distribution, Application/Internet Usage Metering, PC Remote Control and Web-Based Helpdesk. NetSupport DNA provides a fl exible solution that can be operational in under 30 minutes and requires no additional training or certifi cation.

Discover assets. Uncover ineffi ciencies. Recover costs.

Get the whole picture with NetSupport DNA. NETSUPPORT

[email protected] 770-205-4456 www.netsupportdna.com 0208red_RedReport8-12.v10 1/17/08 9:38 AM Page 12

BetaMan RedmondReport

Microsoft Search Server 2008 Express Microsoft enters the growing market for By Peter Varhol enterprise search with its new solution.

he next major vendor battle— search configuration. Everything you standard Web page you can customize enterprise search—is underway. need to crawl network content sources, to match your organization’s look and TThe Google Search Appliance is index results, keep track of queries and feel. Anyone who has used an Internet selling well, and Microsoft is looking to add new content sources is contained search engine should be able to search catch up. Microsoft has offered some within this single Web page. enterprise files with no difficulty. My search capabilities with SharePoint, and For example, the console provides own experiments with crawling, indexing is now supplementing that with Search excellent control over crawling param- and searching on a small test network Server 2008, a new product that lets you eters, such as setting content sources, determined that the product did a good index and search servers and storage crawling rules and crawl reset, as well job of finding and displaying results of devices on the local network. as maintaining a crawling log. It also simple searches based on keywords and Search Server has some significant provides good capabilities for manag- more freeform queries. hardware requirements, including sup- ing queries, including authoritative In addition to Search Server and Search port for multiple servers on a network. If Server Express, Microsoft offers enter- you install on a single system only, it prise search features in Office SharePoint automatically installs Search Server For the Express edition, you’ll Server 2007. You can download the Express, the product tested here. be able to install it and get release candidate of Search Server Overall, it requires Windows Server started without reading a page Express at http://tinyurl.com/23mudj. At 2003 (no word yet on Windows Server press time, it was also available as a 2008 support), a 2.5GHz processor, 2GB of documentation. virtual image to be run on Microsoft of memory, Microsoft .NET Framework Virtual Server 2005. 3.0 with ASP.NET 2.0 enabled, I found Search Server 2008 Express Windows SharePoint Services 3.0 and pages, federated locations and a strong easy to configure and use, and effective Microsoft Windows Workflow ability to remove query results. in small search spaces. It has some sub- Foundation Runtime Components. Setting up a crawl using the Search stantial hardware requirements, which These prerequisites take some time to Administration console was easy. You may give smaller firms pause in terms of configure on a system. However, Search simply define the content sources and let deploying it. If they have this kind of Server 2008 itself installs like a charm, it go. It also reports on the status of power, they’re more likely to use it for and uses an automatic configuration crawl and the number of completed IIS or app services, rather than search. wizard to set itself up for use. I simply crawls, when they occurred, how long For large firms, the full version can run sat there while it did everything it needed they took and if they were successful. across several hardware boxes and per- to do in order to install and set search An especially nice feature is a set of form load balancing. defaults. For the Express edition, you’ll wizards that provides assistance for When Search Server is released, I think be able to install it and get started with- common tasks such as adding new search it will be treated as a logical extension to out reading a page of documentation. users, federating the search results from SharePoint. If a company has adopted multiple locations and securing the SharePoint, at least at the enterprise Crawling Around system. Search Server walks you through level, IT will also likely choose Search Once installed and configured, I the steps to accomplish these tasks. Server to go along with it. The recent worked with the Search Administra- Adding a new search user, for example, growth in the use of SharePoint as a tion console to set up search parame- took only a few seconds. content portal bodes well for the adop- ters and prepare for user searches. tion of Search Server. — While not especially visual, the Search Searching Is a Snap Administration page provides a compre- From the standpoint of the user, Search Peter Varhol ([email protected]) is hensive and easy-to-use view into the Server provides its features through a Redmond’s executive editor, reviews.

12 | February 2008 | Redmond | Redmondmag.com | Project11 1/10/08 2:26 PM Page 1

Lose that important file? Protect against accidental file deletions with NEW Undelete® 5 Now works with Windows Vista®!

According to the New York Times, file loss costs businesses an estimated $13 billion per year. With Undelete 5 every deleted file is captured, even files deleted over the network and older saved-over versions of Microsoft® Office files. And, now that Undelete 5 works with Windows Vista, files on the mostadvanced operating systems are protected. Now you can get complete up-to-the-minute file protection with instant recovery—get new Undelete 5! • NEW! Version protection allows instant recovery of older versions of Microsoft Word, Excel® and PowerPoint® files. Works with Microsoft Office 2007! • EXCLUSIVE! Recovery of deleted files is easy and instant • EXCLUSIVE! Undelete 5 captures and protects all deleted files in real time — even files deleted by other systems over the network. No more time-consuming backup restores! • Restore files that were deleted before Undelete was installed, provided they haven’t been written over. • Server and workstation editions available Try Undelete FREE! Visit: www.undelete.com/red11 For volume license pricing and government or educational discounts, contact your favorite reseller or call 800-829-6468 reference number 9246

©2008 Diskeeper Corporation. All Rights Reserved. Undelete, Diskeeper and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. All other trademarks and brand names are the property of the respective owners. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.undelete.com Project3 4/9/07 4:42 PM Page 1

User Account Control for the Enterprise™

Do you trust your users with Administrative Rights? Windows Vista’s User Account Control asks users for administrator passwords in order to run many critical applications. Distributing administrator passwords to end users is not a secure enterprise solution.

Least Privilege Management. BeyondTrust enables enterprises to move beyond the need to trust users with excess privileges or administrator passwords. Apply the principle of Least Privilege to all users by securely elevating privileges for authorized applications without end user input, pop-ups or consent dialogues. Empower network administrators to set centralized security policy. Built for Windows 2000, XP, Server 2003, and Vista; integrated with Active Directory and applied through Group Policy.

For a free pilot installation call 1.603.610.4250 or visit www.beyondtrust.com.

Windows and Vista are trademarks of Microsoft Corporation. Other company, product and service names may be trademarks of their respective owners. © 2007 BeyondTrust Corporation. All rights reserved. 0208red_ProdRev15-16.v6 1/17/08 9:42 AM Page 15

ProductReviews

Keep Your Disk Drives Healthy Diskeeper 2008 Pro Premier attacks a hidden problem with a comprehensive performance management solution.

By Peter Varhol I had a poorly performing hard disk Diskeeper 2008 Pro Premier $99.95, volume discounts are available drive. For example, it had a files-to- Diskeeper Corp. | www.diskeeper.com | 818-771-1600 fragments ratio of almost 1:2, and the optimal ratio is more like 1:1:2. I know this—and much more—about my disk because Diskeeper 2008 told me so. Diskeeper specializes in keeping your disk drive healthy and performing at a high level. As hard disks keep getting higher and higher capacities, and we need more and more software to do our jobs, optimizing those disks can make a much bigger difference in the health and utility of our desktop systems. This is a big deal. Because disk drives remain largely mechanical devices (the use of flash storage is growing, but drives with moving parts will command the lion’s share of storage for years to come), they’re by far the slowest parts of a computer. Despite some clever tricks to give the appearance of better Diskeeper 2008 Pro Premier provides a highly visual view of the fragmentation status performance, disk drives are still the of your disk during analysis and defragmentation. big bottleneck in system performance. One of the biggest advantages of on. InvisiTasking claims to use only file access and creation above and Diskeeper is automated operation. You otherwise unused system resources, so beyond the improvement provided by can set it to continuously defragment it will not negatively impact the per- defragmentation alone. I-FAAST works your disk drives, allowing no degrada- formance of other applications on the by running a set of benchmarks on the tion to happen. It also uses a technology system at any time. I examined CPU selected volumes to learn their individual it calls InvisiTasking to ensure minimal performance with Perfmon over a period performance characteristics, then impact on system performance while of several hours while automatic monitors file access frequency on an automatic defragmentation is turned defragmentation was turned on, and ongoing basis in order to determine noted only a minimal (1 percent to 2 which files are requested most often. It RedmondRating percent) use of the CPU during that then sequences those files on the disk time. The Diskeeper dashboard shows so they can be fetched more quickly. I- Documentation: 20% 8.0 how InvisiTasking uses idle system FAAST works only on NTFS volumes, Installation: 20% 9.0 resources (mostly CPU), and its results and must have automatic defragmenta- Ease of Use: 20% 9.0 correlate closely with what I found tion turned on. Given that most disks Feature Set: 20% 8.0 using Perfmon. these days are formatted as NTFS, this Administration: 20% 9.0 shouldn’t be a significant restriction. Boosting Performance One unique feature is that Diskeeper Overall Rating 8.6 You can also turn on the product’s can defrag system files that can’t normally Key: 1: Virtually inoperable or nonexistent Intelligent File Access Acceleration be relocated in storage. It does this by 5: Average, performs adequately Sequencing Technology (I-FAAST), moving files at boot time, before those 10: Exceptional which claims to significantly improve files are executed and become locked in

| Redmondmag.com | Redmond | February 2008 | 15 0208red_ProdRev15-16.v6 1/17/08 9:42 AM Page 16

ProductReviews

place. This is likely to improve boot through Active Directory Group Policy ranging from Windows 2000 through time, as you can defragment and move Objects. The product also offers a Windows XP,Windows Vista, Windows system files to more advantageous loca- command-line interface, which you can Home Server and Windows Server tions, resulting in a faster fetch time run as part of a batch process, much the 2003 Datacenter. from the disk. It can also monitor and same way it would be done if it was part For the record, running Diskeeper for defragment the Master File Table (MFT) of a login script. a few days made a small but noticeable on NTFS volumes and paging files. For manual operations, such as my difference in the performance of my The one thing I noted about initial scan, Diskeeper provides the test machine. However, I don’t doubt Diskeeper is that it ran its defragmen- ability to set the disk and CPU priori- that disk management and optimization tation analysis significantly faster than ties at which manual defragmentation are essential in making sure systems the Windows defragmentation tool, jobs run. If the computer is in active perform as well as possible, and the telling me that my disk was performing use during defragmentation, this can tasks done by Diskeeper should be a poorly. I had no real basis for comparison make the difference between adequate regular part of system maintenance for on the initial defragmentation, as I user response and general frustration. keeping systems healthy and could not easily reproduce the same All of these features are well-organized performing well. Even if you can set defragmentation state, but based on on a highly visual dashboard that makes up a rigorous routine of running the experience, the defragmentation implementing specific tasks easy. The Windows defragmenter on a regular process also appeared to be a little only reason I had to refer to the online basis on the desktops and servers you faster. Diskeeper also provides more documentation was to understand the administer, you’re still missing out on detailed information on the state of details behind some of the features. unique Diskeeper features that help the disk than does the Windows tool. realize further incremental perform- Diskeeper provides you with ways of Efficient Defrag ance improvements. — automating desktop tasks that have to The Diskeeper family of products do with hard disks. For example, you offers specialized automatic defragmen- Peter Varhol ([email protected]) is can manage Diskeeper client settings tation of Windows operating systems Redmond’s executive editor, reviews.

ONLINE DEGREES IN TECHNOLOGY Use your IT CERTIFICATIONS to accelerate your DEGREE ONLINE.

Microsoft, Sun, Oracle, Cisco, Comp TIA, SAS, PMI, GIAC or (ISC)2 certifications could waive up to 25% of your fully accredited bachelor’s degree.

Here’s what you can get from the online degree programs offered at Call us today at Western Governors University: X Flexible ONLINE learning 1-800-219-6689 X Up to 9 certifications built in at no extra cost or visit us online at X Programs in Networks, Databases, Security, Software and www.wgu.edu/rdm IT Management 0208red_ReaderRev17-18.v4 1/17/08 9:52 AM Page 17

ReaderReview Your turn to sound off on the latest Microsoft products

Windows Server 2008: So Far, So Good Enhanced administration, security, IIS updates and virtualization promise to make moving to Microsoft’s new server OS worthwhile.

By Joanne Cummings Windows Server 2008 While most readers have yet to put Standard Edition (5 CALs), $999; Enterprise Edition (25 CALs), $3,999 Windows Server 2008 fully through its Microsoft Corp. | 800-426-9400 | www.microsoft.com paces, those who have say they like what they see so far. New features and updates such as the integrated Hyper-V Sullivan also says IIS 7.0’s new admin “Right now in IIS 6.0, my creative virtualization, revamped Internet Infor- features, secure installation and configu- department creates information for our mation Services (IIS) 7.0, and bolstered ration options, and its ability to delegate Web site and submits it. At that point, security and administration tools make tasks are all key improvements. someone in the IT group uploads it to Windows Server 2008 a fairly attractive “IIS 7.0 has been revamped from an the site,” Sullivan says. “With IIS 7.0, I upgrade, even to those who were happy admin standpoint, so the management can delegate access. It lets me provide with Windows Server 2003. console is definitely more user-friendly,” the creative department with direct “It’s a very good upgrade from Server he says. “All the tasks are built right into access to the folders they need to 2003,” says John Sullivan, director of the main page, whereas in 6.0, you had to upload stuff, without allowing them to information technology at Major dig for them or script for them.” get into any other Web server compo- League Soccer & Soccer United The new version is also more “compo- nents that I don’t want them touching.” Marketing in New York.“Server 2003 nentized,” so that during installation, you was a great product and it still is. But can designate the type of Web server you Bolstered Security this definitely has its benefits.” need. For example, you may need to serve Beyond the enhanced security options in Web applications or simple HTML IIS, Windows Server 2008 boasts several On the Plus Side pages. Server 2008 will install only the new features aimed at shoring up security Sullivan says one of the biggest components required for that purpose. in Windows environments. For example, reasons he’s considering upgrading his “It eliminates any security risks since it Windows Server 2008 now has more current 2003 setup is for the new doesn’t install extra components,” granular password policies, support for Hyper-V virtualization features within Sullivan says. “At the same time, the fact Network Access Protection (NAP) and Windows Server 2008. He has already that you don’t have those components Read-Only Domain Controllers (RODCs) been testing Windows Server 2008 in there means you’re increasing the that let you securely distribute an Active release candidate 1 (RC1) for a few overall performance of the Web server.” Directory database to remote sites. “The password policy is something that I’m very happy they finally It hasn’t crashed, locked up or been really changed, because in the past, you had slow. It’s been fine. ... Don’t be afraid to start one password policy for your entire domain,” Sullivan says. playing with it. The improved granularity beefs up David Parks, Independent Analyst password security. “Now, with the new password policy, you can break that down, create policies and then apply weeks, but has yet to fully test out the In fact, Sullivan tested a standard install them to different objects or groups inside Hyper-V features. of IIS 6.0 against a standard install of IIS of AD,” he says. “You can force your “I have a bunch of [Microsoft] Virtual 7.0 and was able to see a clear benefit. domain admins to have a 14-character Server 2005 machines running in here, “There was definitely a performance password, while a temp can have just a with probably 20 physical servers and improvement there,” he says. simple six- or eight-character password.” another 20 running on the virtual side,” The new version of IIS also saves There is one caveat. He cautions that Sullivan says. “As 2008 starts to creep its Sullivan time, because it lets him assign the new policies will only work if all way in here, Hyper-V is something I’m roles via policies so that non-admin users domain controllers (DCs) are on going to totally take advantage of.” can update Web information. Windows Server 2008: “You have to get

| Redmondmag.com | Redmond | February 2008 | 17 0208red_ReaderRev17-18.v4 1/17/08 9:52 AM Page 18

ReaderReview

“It eliminates those performance Windows Server 2008 Wish List issues—plus you don’t have to worry lthough Windows Server 2008 offers greatly increased func- about security because it’s read-only,” Ationality in some areas, it falls short in others. Here are some he explains. “So even if someone comes features users would like to see in future versions: in and steals that server, they can’t do ■ New FTP: The FTP service in Windows Server 2008 is exactly much with it.” the same as it was in the 2003 version. Administrative Ease “When you launch it and install it as a role, they trick you in the beginning because it’s located inside the new IIS 7.0 manager,” Administration is much easier in says John Sullivan, director of IT at Major League Soccer & Soccer Windows Server 2008 than in previous United Marketing in New York. “When you click on it, it launches IIS versions. This became apparent to 6.0 manager. So you’re back to the same old thing.” Sullivan during installation. He would have preferred a new interface and management tool: “The actual installation of Server “I’d like to see some kind of FTP wizard to let you create and 2008 was ridiculously easy,” he says. manage your isolated FTP sites, folders and users on the fly. That’s “I’ve tried it on multiple boxes, and a big disappointment in 2008.” from the time you pop the DVD in ■ Hardware Compatibility: David Parks, an independent analyst in until the time you’re logging into the Beaverton, Ore., says he couldn’t use his motherboard CD to do the system, it takes just 20 minutes.” Windows Server 2008 install. After that, however, users need to install “That concerns me because there has to be a lot of people with the server roles. Still, it’s a time-savings systems that have motherboard CDs they need in order to install over 2003, he notes, which could take drivers and so on,” he says. “I think there are some compatibility an hour or more for the initial install. issues with older hardware.” Other readers say the biggest adminis- ■ Better Backup: Although the backup utility that comes with trative change is the new Server Manager. Windows Server 2008 is simple and straightforward, it isn’t exactly “I really like it because everything is feature-rich, Parks notes. right there for you,” says David Parks, “It shows you a log of the backups, which is nice, and it’s not con- an independent analyst in Beaverton, fusing or complicated,” he says. “When you go through the wizard, Ore. “Before, things were separate, so there aren’t too many steps to choose from. It asks you what you Computers and Users was in one snap-in, want to back up, and there’s a page for choosing the type of Sites and Services was in another and storage for the backup, and there you just have two options: local Device Manager was in another. Now, drives or a remote shared folder.” you can do all that within Server When Parks left it at local drives, the utility only discovered his Manager. It’s much easier.” CD drive, not his DVD drive. “They need another text box where Another plus is the integrated Power- you can type in a path to get it where you want it.” —J.C. Shell, which Sullivan says eases Web server configuration: “If you do an IIS role-based installation through Server rid of the 2003 domain controllers arate server, where it can automatically Manager, you can capture all that infor- before you can actually provide this download the requisite software updates mation in PowerShell.” functionality. It’s got to be a complete and come into compliance. Only when 2008 model.” they’re set can they can continue to log Worth a Try A big change for Sullivan is Windows into the network.” Overall, readers like what they see in Server 2008’s new support for NAP, RODCs are another security plus. Windows Server 2008. which lets him ensure that Windows “We have a couple of remote sites “I like all the new features and I haven’t Server 2008 gives a health check to every here, and we have them log in over the seen any stability issues at all yet,” Parks client seeking access to the network. The WAN. Once a month or so, someone says. “It hasn’t crashed, locked up or been health check ensures each client is up-to- complains that it takes them 10 minutes really slow. It’s been fine.” date in terms of , anti-virus and to log in, due to Internet traffic or Parks advises new users to take it slow anti- configurations. whatever,” Sullivan explains. with Windows Server 2008, but defi- “You just set up a policy, and if the Windows Server 2008’s new RODCs nitely try it out: “Don’t be afraid to clients don’t meet your security require- will eliminate that problem because start playing with it.” — ments, you quarantine them,” he says. they’ll let Sullivan securely deploy a “At that point, IT can manually update DC at the remote site so his remote Joanne Cummings (jcummings@redmond the client or have it redirected to a sep- users can log into the network locally. mag.com) is a freelance technology journalist.

18 | February 2008 | Redmond | Redmondmag.com | Project5 10/4/07 9:41 AM Page 1 0208red_Roundup21-24.v6 1/17/08 9:55 AM Page 20

RedmondRoundup

Build an IT Structure for Compliance Any of these solutions can help ensure that you’re following organizational policies or regulatory requirements.

By Peter Varhol InThisRoundup There was a time when IT simply kept systems and apps running—“keeping the Shavlik Security Intelligence lights on,” as the saying goes. As those Pricing is based on number of systems: $12,437 systems became more tightly integrated for 1,000 systems, plus $3,109 annual maintenance with business operations and critical to Shavlik Technologies LLC | 800-690-6911 | www.shavlik.com their success, systems and software became indispensable. With widespread SecureVue access, however, any critical data and its Pricing starts at $47,995 processing systems were made vulnerable eIQnetworks Inc. | 978-266-9933 to subversion by error, omission or malice. www.eiqnetworks.com This was the genesis of compliance. Generally speaking, compliance efforts NetPro Compliance Solution ensure that an organization actually AccessManager: $12/seat; ChangeAuditor: $12/seat; does what it says it’s going to do, and SecurityManager: $6/seat; LogADmin: $5/seat. that those actions have the intended NetPro Computing Inc. | 800-998-5090 | www.netpro.com results. Ideally, any measured activities map directly to a policy or regulatory requirement. Compliance measure- RedmondRating ments look at systems and networks to Shavlik Security SecureVue NetPro Compliance ensure that they’re configured to fulfill Intelligence Solution policy requirements. They can also look Installation: 20% 9.0 9.0 9.0 at actions by individual users, and log Features: 20% 8.0 10.0 9.0 those actions to generate analyses and Ease of use: 20% 10.0 10.0 9.0 reports. The business goals include Administration: 20% 9.0 9.0 9.0 assurance of system and information Documentation: 20% 9.0 8.0 9.0 security, authorization and forensics. Compliance is strengthened through Overall Rating 9.0 9.2 9.0 the force of regulatory requirements like Key: 1: Virtually inoperable or nonexistent | 5: Average, performs adequately | 10: Exceptional Sarbanes-Oxley and HIPAA, which mandate verifiable controls for IT- supported transactions and processes. rupt the normal flow of work. Here we’ll agement guys, right?” you’re on the Industries like health care, aviation and examine several compliance solutions right track. SSI goes far beyond the financial services all have legal or regula- that address different needs within an individual point products. tory requirements that require compli- organization, such as security, access con- Patching is an important part of SSI. ance procedures. While such regulatory trol, logging, analysis and reporting. One way it defines compliance is to requirements are a major driver, organi- ensure that systems are patched accord- zations that practice good governance Shavlik Technologies: ing to established protocols. SSI shows are generally within compliance in the Shavlik Security Intelligence the patch status of all systems in the net- course of supporting their own policies. Shavlik Security Intelligence (SSI) work, and color-codes both individual While thoughts of compliance conjure combines several of the company’s indi- systems and overall status. It also provides up unpleasant images of auditors and vidual point products, with significantly overviews of other areas of compliance, checklists, the implications of not doing it expanded capabilities, into a compre- especially Sarbanes-Oxley requirements. properly are enormous. If you correctly hensive portal for assessing your net- SSI also looks for malware infestations, establish guidelines, compliance can be a work’s risk and compliance. If your first including spyware and adware, and then smooth set of processes that don’t inter- reaction was “these are the patch man- generates reports for individual systems

20 | February 2008 | Redmond | Redmondmag.com | Project3 12/26/07 4:31 PM Page 1 0208red_Roundup21-24.v6 1/17/08 9:55 AM Page 22

RedmondRoundup

and the entire network. Unlike similar gathering and reporting medium. If devices, hosts and network topology. anti-malware products, SSI also checks you’re having difficulty managing patches, Several tabs on the dashboard provide for what it terms “non-bizware,” or soft- and if you have regulatory compliance ready access to different types of infor- ware not authorized by IT. For license- needs that Shavlik covers, SSI will get mation and different views of that infor- compliance purposes, you can easily see you most of the way to your goals. mation. You can customize both the any unauthorized software installations. views and the information presented in The SSI dashboard is very easy to eIQnetworks: SecureVue those views to meet your own needs. navigate. The primary view has four SecureVue is unique in that it combines You can look at all IP devices on the different panes, each with a customiz- a number of features in a single plat- network, either singly or in aggregate, able view of the systems’ state. One form for an integrated approach to and get essential information from each pane also provides any current system security, risk and audit management. It of them. You can also look at all net- alerts. The alerts are based on your incorporates security information man- work and system events by group, policies or watermarks to adhere to agement (SIM) with governance, risk device type or individual device. You compliance requirements and remain fully informed of system state. SSI has a large number of data views. The main view shows the overall status of all systems on the network. Clicking on any pane blows up that view so that it becomes the focus of the display. That larger view lets you drill down by clicking on the top window bar and selecting one of the more detailed views provided. Those views generally break down the overall view into selected smaller sets of data. There are dozens of views on different aspects of the sys- tem state, trend and data. Shavlik regularly provides patch status updates, so you can be certain you have the most recent patch information avail- SecureVue: The eIQnetworks SecureVue dashboard provides a color-coded status able. It looks at patches beyond the OS, of all network devices, showing a compliance overview at a glance. leveraging Shavlik’s extensive patch data- base of enterprise applications. The com- and compliance to both improve opera- can color-code all data to give you an pany also researches trends in key legal tional efficiency and reduce manage- overall picture at a glance. Simply double- and regulatory areas, so that it keeps the ment complexity. clicking on the display lets you drill product up to date on compliance issues. The breadth of coverage is impressive. down into summary data and analyses. NetChk, which is another of Shavlik’s SecureVue includes log management, You can easily and visually create net- products, provides security configura- analytics for assets, configuration, per- work policies within the Policies tab, tion management and ensures IT audit formance and vulnerability, and provides using a visual editor and regular expres- readiness. It helps you streamline your a means for monitoring and analysis of sions. For example, you can create a security configuration policies by lever- network status across a range of func- policy that tells the software to flag you if aging existing configurations, and gives tions. Network and audit professionals malware attacks increase beyond a cer- you a means of managing and mapping can work from the same set of data in tain point. The flag can take the form of configurations to supporting policies. order to optimize network utilization a simple notation, a big red icon or an While SSI may lack the breadth of fea- and performance, and ensure the net- e-mail sent to your BlackBerry. In the tures of some of the other compliance work remains in compliance with poli- second case, a glance at the dashboard products, its dashboard and excellent cies and regulations as well. shows you that you have an issue. layout of information give it the poten- SecureVue does this through a com- Analysis is a big part of SecureVue. Out tial to make up a significant part of a prehensive dashboard that covers secu- of the box, it gives you highly visual more comprehensive compliance solu- rity, configuration and audit. The aggregated data from hundreds of differ- tion. SSI also provides information and dashboard gives you a visual way to ent locations. This is the way you’d do it analyses on problem areas its tools ascertain the status of the network, with homemade tools, if you only had address, so it’s more than simply a data including data on groups, alerts, events, time. You might want a slightly different

22 | February 2008 | Redmond | Redmondmag.com | Project5 10/31/07 10:53 AM Page 1 0208red_Roundup21-24.v6 1/17/08 9:55 AM Page 24

RedmondRoundup

display, with different data or a pie chart you the security status of the network accesses and failed attempts, and dis- rather than a tabular listing. No prob- and systems on the network. It provides played the data in a graph in Security- lem. It would take minutes to customize. security and audit templates you can use Manager. All of this occurred within two The integrated approach and compli- to centrally manage Active Directory, hours of starting the installation. ance dashboard help bring together dis- along with NTFS, shares, printers, serv- NetPro has given a lot of thought to parate parts of the IT team that often ices and registry settings. ChangeAuditor what constitutes compliance across a have different goals and information tracks all changes, including additions, Microsoft Active Directory network. needs. Like most compliance products, deletions, changes of permission and The individual NetPro tools do a fine SecureVue monitors and analyzes but other modifications made to the network job of tracking and analyzing activities doesn’t enforce policies. You still have to administrative structure. It helps to detail and events on a network. Probably the work with the network and servers to set who, what, when, where and why, as well only downside to the NetPro approach policies and restrictions that meet orga- as keep track of the original and current is that it offers a collection of tools, nizational goals or legal requirements. values for all changes. Lastly, LogADmin rather than an integrated solution. That limitation aside, SecureVue excels compresses and copies event logs in their On the other hand, its piecemeal at helping you immediately understand original format to a central location for approach lets you better choose how the status of your network and systems, storage and analysis. you want to implement compliance get details of any system or network device, and ensure network compliance policies and regulations. For anyone looking into comprehensive network management and compliance solutions, it doesn’t get much better than this. NetPro Computing: NetPro Compliance Solution Several of NetPro’s products perform compliance functions across the net- work and are offered collectively as the NetPro Compliance Solution. The spe- cific NetPro products examined here include AccessManager, SecurityMan- ager, ChangeAuditor and LogADmin. These products help you manage net- NetPro: SecurityManager provides a set of built-in security policies against which work and Active Directory policies and it can evaluate the network. automate recorded and verifiable processes. NetPro products also help The net effect is a collection of prod- activities across a network. It gives you ensure a secure and compliant network- ucts that automate specific network more flexibility than a solution with a ing environment by tracking all critical activities, collect and aggregate data on single larger scope. Each product pro- AD, Exchange and File Server changes those activities and associated events, vides some ability to automate a partic- in real time. They also log events for and report on how the results of those ular activity as well as reporting to later analysis and verification. Together, activities affect compliance with poli- satisfy compliance requirements. they help organizations meet the compli- cies and regulations. You can focus on a If you’re looking for a set of products ance requirements of Sarbanes-Oxley, particular tool that suits your needs in that lets you ease into compliance assess- HIPAA, the Gramm-Leach-Bliley Act tracking compliance, but at the same ment gradually, the NetPro suite com- (GLBA), the Federal Information Secu- time have the other tools collecting and bines automation of network-oriented rity Management Act (FISMA), the Pay- analyzing data for later use. tasks with a high degree of visibility and ment Card Industry (PCI) Data Security All of these products installed easily, analysis of data on the network. This Standard and ISO 17999. instantly recognized my Active Domain solution is especially strong in helping These tools perform the network network and started collecting data you ensure network access—as well as activities reflected by their names. For within an hour or two after installation. I access to data—meets the requirements example, AccessManager provides access easily set up a couple of simple activities, specified by your policies. — enforcement, remediation and auditing such as setting some security restrictions through Active Directory. SecurityMan- on a server and a couple of user shares. Peter Varhol ([email protected]) is ager provides a dashboard that shows Then I collected data on legitimate Redmond’s executive editor, reviews.

24 | February 2008 | Redmond | Redmondmag.com | Project2 8/10/07 4:36 PM Page 1 0208red_F1Server26-32.v8 1/17/08 10:24 AM Page 26 Windows Taking a Closer Look

hen you install and configure a server operating system, you hope Product of Its Environment you’ll never have to do it again. It’s To understand Windows Server 2008, you have to look at inordinately complex and time- several overarching trends in the industry and the concerns Wconsuming. Each server is a of most server customers. Bill Laing, general manager of unique creation, and each configuration meticulously Microsoft’s Windows Server division, calls Windows Server adapted to a particular use. 2008 “the most customer-focused operating system release Any installed drivers, applications and other software in our history.” components reflect that specialized use. Even individual First, Moore’s Law has essentially taken a turn from con- applications may have a unique set of patches. It’s difficult, tinually increasing clock speeds and put in multiple execu- if not impossible, to identify each tion units on the same processor unique configuration and determine unit. We still think of the unit as a how to replicate it on a new OS. Virtualization and single processor. Units are, in fact, So why should you bother with configurability in multiple processors, each capable of Windows Server 2008? You’ll still executing individual processes or have to replicate your server envi- Microsoft’s new even threads. To achieve the per- ronment on each server as you formance improvements theoreti- replace your old OS. It should take server OS present cally possible with this type of less time, though, with Windows architecture, we need an OS capable Server 2008. And when you’re done, enterprise IT shops of dispatching those processes to you’ll have a more secure, more with both challenges multiple cores. manageable and better performing Second, while you may debate the box, both physically and virtually. and opportunities. relative merits of 32-bit versus 64- In reality, swapping out your bit address space and word size, at Windows 2000 or Windows 2003 By Peter Varhol the very least, it appears we’re in Servers for Windows Server 2008 is the early stages of a fundamental only going to be slightly less painful than in the past. The shift to 64-bit computing. For a long time, some argued resulting value is real, but in many cases probably not a that we wouldn’t need the address space provided by 64- game-changer. You’ll have to weigh the costs in both dol- bits. That’s no longer the case. lars and time against the benefits to your organization. Third, reliable and high-performance virtualization pres- Don’t be surprised if the cost/benefit analysis tells you to ents a radically new usage model for server-based computing. start planning for a migration today. In many cases, it will IT shops are turning to virtualization as the solution to a take a year or more to plan and execute, and the return on host of different issues, including server consolidation, the initial investment may not come until years later—but utilization, business continuity and flexibility. you’ll sleep better at night. The question is easier if you’ve Fourth, as server farms grow to sizes unimaginable just a reached the end-of-life on Windows NT 4. If so, it’s high decade ago, we find ourselves suddenly concerned with time to upgrade. power consumption. There’s a green component to that,

26 | February 2008 | Redmond | Redmondmag.com | 0208red_F1Server26-32.v8 1/17/08 10:24 AM Page 27 s Server 2008

ILLUSTRATION BY ROBERT KAYGANICH | Redmondmag.com | Redmond | February 2008 | 27 0208red_F1Server26-32.v8 1/17/08 10:24 AM Page 28

Windows Server 2008 but it mostly centers on the cost of power. If we can reduce more components you have installed, the more things may our carbon footprint while we lower our electricity bills, not be configured properly and therefore subject to attack. we can feel good while we’re saving money. You can reduce vulnerability by reducing complexity. Overshadowing all of these trends is security. Every IT Server Core is also about administrative workload. In shop spends a significant amount of its effort locking practice, you should shut off the features you’re not using. down, monitoring and cleansing servers—not to mention Not having to install those features at all would be even the lost productivity inherent in an environment that’s too better. At a high level, that’s what Server Core does. By not restrictive. No new server can replace current installations unless the potential for intrusion is significantly reduced. This is the landscape in which Windows Server 2008 was designed and developed. Most of the major features respond to these trends. The rest deal with more specific cus- tomer requirements, especially those from large enterprises that seek to roll out more Windows servers. Back to Basics Perhaps the most significant innovation in Windows Server 2008 is Server Core and the concept of server roles. Server Core is based on the idea that less is better. Think of Server Core as the framework required for an OS to perform a variety of different tasks. The roles are those tasks. You can discretely add or leave off roles, depending on which set of tasks each individual server requires. The Windows Server 2008 Virtualization Manger lets you Server Core is the minimum configuration, sans specific easily keep track of Hyper-V based VMs and their status. roles. It provides essential server functionality and uses a command-line interface with no GUI shell. You can install including a broad feature set applicable to all roles, it makes and use Server Core alone, although you’ll almost certainly your job easier and protects you against the myriad settings want to include some of the available roles and features. that may be forgotten or not configured correctly. Windows Server 2008 supports 18 different roles. These include DHCP, file, print, AD, virtualization, Media Ser- RODC for Branch Offices vices, DNS and Internet Information Services (IIS). Server One configuration—the Read-Only Domain Controller Core also has other options, including WINS, Failover (RODC)—targets branch offices and other remote sites. Clustering, Subsystem for Unix-based applications, Backup, It’s driven by a problem familiar to many. If you don’t put a Multipath IO, Removable Storage Management, Bitlocker domain controller in each geographically separate area, Drive Encryption, SNMP,Telnet Client and QoS (Quality logging on can take users in those facilities five or 10 min- of Service). You can add and configure these features if you utes every morning. If the connection goes down, they need them to support a role or set of roles, or if a server can’t log on at all. needs them for operational reasons. So, you install a domain controller in the remote office. You might ask,“Why design an operating system in No big deal, it’s just another PC. Now your entire domain roles?” The better question is, “Why has it taken so long?” database is stored on that PC, and that’s information that Servers play many different roles in the enterprise, yet you you don’t want stolen and used to access your network. can’t easily turn off one role to emphasize another. For RODC performs exactly as its name says—you can’t most operating systems, you have a single edition OS that write to it. Except for account passwords, an RODC holds you configure and tune to access features that you need. all the Active Directory objects and attributes that a Roles don’t provide traditional advantages for Windows writable domain controller holds. However, you can’t make Server 2008. Defining specific roles and turning off others changes to the database stored on the RODC. You’ll have may make the image size marginally smaller and perform- to make changes on a writable domain controller and then ance marginally better, but there’s no slam dunk in footprint replicate them back to the RODC. and speed. “We have to keep servers in a locked room, with well- Security is naturally a big reason for Server Core. defined access restrictions and privileges,” says Jim Microsoft Windows Server 2008 experts harp on the con- DuBois, general manager for Microsoft IT infrastructure cept of a “smaller attack profile” and they’re right. The and security. “Sometimes we have to build out that locked

28 | February 2008 | Redmond | Redmondmag.com | Project19 12/6/07 4:43 PM Page 1

Power your Active Directory to new heights Specops Command PowerShell remoting through Group Policy

Specops Command TM We bring you the future of scripting, today!

Specops Deploy TM Group Policy based Software Deployment

Specops Inventory TM Group Policy based ”Psychotically Powerful” Asset Management

Specops Password Policy TM For Multiple Password Policies in AD

Active Directory Janitor TM Keeps your Active Directory clean

For more information about Specops Command and to download your FREE limited version or full trial version please go to: www.specopssoft.com/powershell 0208red_F1Server26-32.v8 1/17/08 10:24 AM Page 30

Windows Server 2008 room, and at a significant cost. And we have to keep a hypervisor within 180 days of the Windows Server 2008 trusted person on call that can get into that room at any release. It’s currently available as a community preview. time. With the RODC, we just put the server in the wiring While that may seem like a long time to wait, remember that closet, with no special access restrictions.” deployment in most enterprises—and those most likely to If you have small branch offices with duties that require use virtualized servers—is at least months away. That’s a employees to log into the corporate network, you can see mixed blessing, but the later arrival of Hyper-V is unlikely to that the RODC makes a lot of sense. deter IT managers from considering it a viable alternative. What will deter IT managers, however, are poor or inad- Virtual Star in the Making equate management tools. There are currently manage- One core configuration is the virtualization server. ment tools available through Microsoft System Center. Microsoft has introduced a new virtualization product System Center will include a new virtual machine manager called Hyper-V, which is designed to complement Windows that provides centralized virtual machine deployment and Server 2008. Hyper-V is a type 1 (bare metal), hypervisor- management. It includes features that enable fast Physical based virtualization solution based on the server OS. It to Virtual (P2V) and Virtual to Virtual (V2V) conversion, requires a hardware assist in the form of either Intel VT or as well as comprehensive service-level enterprise monitoring AMD-VT processors. It also needs hardware enabled Data using the Microsoft Operations Manager. Execution Prevention (DEP). According to Jeff Woolsey, senior program manager for One immediate benefit of this technology is that you virtualization, Microsoft has been using Virtual Server in won’t have to fill up your data center with Windows Server Microsoft IT for over 18 months, with more than 1,250 2008 servers running the virtualization role. You do have to virtual machines. The group has achieved consolidation be looking at new or upgraded hardware no matter which ratios of eight virtual servers to one physical server. The enterprise virtualization alternative you select, so this OS company also uses virtual servers extensively in develop- combined with Hyper-V is certainly in the running. ment and test labs. This is pre-Hyper-V technology, of The hypervisor is a relatively small piece of the virtual- course, but it’s representative of the company’s internal ization puzzle. A comprehensive solution requires tools for commitment to virtualization. management, performance analysis, diagnostics and reporting. Microsoft appears to have thought through the Never Fast Enough Any organization with one or more servers always experi- ences times when those servers just aren’t running fast enough. It could be log-in, file download or application execution, but there always seems to be something holding up server performance. Microsoft takes some incremental steps in improving performance in Windows Server 2008. It has introduced Server Message Block (SMB) 2.0 into both Windows Vista and Windows Server 2008. SMB 2.0 still transfers one block at a time, but is able to start the next transfer without waiting for a return from the first transfer. It operates more in parallel than sequentially. This will typically result in a throughput performance improvement that reaches orders of magnitude. SMB 2.0 also helps to reduce net- work traffic, which can improve performance of applica- tions beyond the individual server. There’s also a new and optimized TCP/IP stack that will make better use of available network bandwidth for faster transfers. It does intelligent, automated tuning of the TCP The Windows Server 2008 Server Core provides a basic environment for configuring and administering the OS, receive-window size, which can further improve performance. regardless of the intended role. Microsoft is committed to moving forward with 64-bit computing. The Server Virtualization role uses either a 32- management of Windows Server 2008 in a Hyper-V envi- bit or 64-bit processor, but an increasing number of enter- ronment. In particular, it has come up with a comprehen- prise apps have large memory space requirements, something sive security model for virtual environments. It has even that only 64-bit can support. Hyper-V can use 64-bit systems gone so far as to describe a complete virtualization infra- in conjunction with the 64-bit version of Windows Server structure that consists of Hyper-V plus SoftGrid applica- 2008 to provide large memory spaces for enterprise apps that tion virtualization, Virtual PC and even Terminal Services. increasingly require that kind of headroom. The bad news is that it’s not all here yet. Microsoft has Any improvements using 64-bit machines are at least partly committed to deliver server virtualization with the Hyper-V due to the processors themselves, but 64-bit remains an

30 | February 2008 | Redmond | Redmondmag.com | Project2 7/16/07 2:18 PM Page 1

#1 BEST SELLER! ... Tired of Nursing Your Exchange Server?

A nyone who has given birth to an Exchange Prevent Hiccups network knows it can get sick and needs some nursing to stay healthy. In fact, 72% GOexchange removes errors, warnings and of Exchange Administrators surveyed* have inconsistencies within the database—before “experienced” an Exchange disaster (feels major corruption makes the database fail. like the fl u)—usually from improper feeding and care. “GOexchange corrected 2,264 errors and 26 warnings.” Like many databases, constant adding and Paul Ramos, Director IT Created By deleting can corrupt an Exchange data fi le so it eventually turns sour. Replicating, Run, Don’t Crawl archiving and backing up the data doesn’t In addition to fi xing the database, stop the stink—it just stores it. You’ve GOexchange removes sluggishness and got to… improves performance by re-indexing and Solutions Inspiring Confi dence defragmenting the database to permanently Fix the Problem remove white space and deleted items. The end result is increased performance and “Life before GOexchange…was You may have tried the free utilities to fi x an absolute nightmare, late nights, Exchange. While they help, they are too stability with a compact effi cient database that’s 31 to 55% smaller! Combine this long weekends and upset users.” tedious, time consuming and lightweight to Marty Grogan, CTO keep your Exchange baby healthy. You’ve with archiving and the database is up to 91% tried the milk, now try some meat! smaller—making it much quicker to backup. Stop The Crying “..our information stores were reduced Why not call now, or visit our resource Pamper Yourself with GOexchange by 45-50%.” Dale Huitt, Systems Lead site and learn how to reduce the risk, and It’s time to try GOexchange, from Lucid8, avoid the pain. Protect your exchange data, the #1 best-selling automated disaster Automated Babysitter maximize performance, and spend a weekend prevention and optimization software for at home—instead of babysitting Exchange. Microsoft Exchange 5.5, 2000, 2003 and 2007. As the mother of all Exchange tools, First, GOexchange is easy to setup and use. GOexchange helps prevent disasters, repair Twenty minutes—that’s all it takes to get problems, improves performance, and your server up and running. Just schedule it, saves you a lot of time. and walk away! Special Offer The software notifi es the users, validates • Free Software for analysis of your the database, runs the backup, conducts “Without routine maintenance, a comprehensive system analysis and Exchange server! decreasing performance, diagnostics, logs the errors, and notifi es you • Free White Paper—“Basic Feeding increased warnings and if it discovers a “stop” error—then it repairs of Your Exchange Server.” errors accumulate and and defragments the database, generates a • Free Essential Guide to Exchange database fragmentation thorough report and schedules the next event. Preventative Maintenance transpires, leading to You can do some of this work yourself, but Go to: www.Lucid8.com/GoRED Exchange disasters.” why waste time doing repetitive maintenance, Call 425.456.8477 when GOexchange can do it for you—faster E-mail: [email protected] and more effectively than doing it by hand.

Copyright © 2007 Lucid8. All rights reserved. Microsoft® Exchange Server is a registered trademark of Microsoft® Corporation. All other trademarks are the property of their respective owners. * Refers to Survey conducted by Lucid8. See press release for more details. 0208red_F1Server26-32.v8 1/17/08 10:24 AM Page 32

Windows Server 2008 important way to move data and instructions around in In a classic case of eating its own dog food, Microsoft IT larger chunks. Of course, it also provides a larger address began Windows Server 2008 deployments when RC1 space that’s increasingly necessary for enterprise apps today. became available. As of November 2007, Redmond had deployed as many as 385 Windows Server 2008 servers and Tools Complete the Picture 11 clusters, and migrated its domain to the new OS model. The quality of the release is directly related to the quality As you might expect, feedback from Microsoft IT is posi- of tools provided to nurse it through its daily chores. In tive, though clearly biased. Yet, the fact that the group this regard, Windows Server 2008 might just bring a smile engages in early adoption while also under the gun to to all the overworked admins out there. The smile starts deliver high reliability speaks well of both their courage with PowerShell, the widely reported replacement to the and the technology. NT command script workhorse in use for over a decade. Microsoft has announced several SKUs for the new OS, Some may be disappointed that the foundation of Power- but hints there will be more. There have been estimates of as Shell is .NET, because there are sys admins that still regard many as 16 different configurations, so selecting the right .NET as something that has no place mix of server SKUs won’t be a simple on many servers. Nevertheless, task. The known SKUs include Microsoft has made that argument Perhaps the Windows Server 2008 Standard, Enter- moot, and PowerShell derives much of most significant prise and Datacenter; Web Server; and its capability from its ties to .NET. Windows Server 2008 for Itanium Making use of the .NET object innovation in servers. Of course, all except the last will model, it provides an object pipeline Windows Server 2008 be available in both 32-bit and 64-bit that enables scripts to bind data and versions. The Standard, Enterprise and actions to an object and pass them is Server Core and the Datacenter editions will also be avail- within a script or between scripts. It’s a able as separate SKUs without the new way of writing scripts, but one concept of server Hyper-V virtualization hypervisor. that should win over almost all of the roles. Server Core is Whichever SKU you choose, you also script mavens on your staff eventually. have all of those roles and features to Until it does, your old command-shell based on the idea consider. It begs more than just a “take scripts will continue to work. that less is better. one of these and two of those” As you might imagine, setting up approach. Because each SKU and role is and managing server roles can also be different, planning means a lot more a challenge. Microsoft has devised the Server Manager for than buying and installing a bunch of servers. You have to that purpose. The Server Manager is an application that lets consider the purpose of each server, which SKU to purchase, you perform those tasks needed for initial server setup and how you plan to provision it, how you’ll execute the migra- operation. It helps you add and remove server roles and fea- tion and how you’ll back out of every phase if necessary. tures securely. It displays server status, exposes key manage- Clearly there’s something for everyone in Windows Server ment tasks and provides access to advanced features. Best of 2008. Right now, you may be spending more time than ever all, you can run tasks from the command line, allowing for on server maintenance, or you may be looking into virtual- easy automation through scripts. ization as a server-consolidation strategy. In those cases and Server Manager is built on the Service Modeling Language others, Windows Server 2008 may well be your easiest (SML) infrastructure and uses SML models to define roles path to implementing that strategy. Don’t stay on an earlier and features. SML is an XML schema-based modeling lan- server version if it simply postpones the inevitable. guage that provides a set of constructs for modeling IT Getting to where you see an ROI with one or two com- services and systems. Proposed and supported by Microsoft, pelling features can be a long trip. It will probably involve IBM Corp., Sun Microsystems Inc. and others, it captures new hardware, for one thing, at least to take advantage of information about the system, such as the structure of the virtualization and 64-bit performance. The sheer volume of system, objects, relationships, prerequisites and constraints. It effort in migrating existing servers and applications to new provides a way to describe, model and automate systems. A physical boxes, and in some cases virtual ones, can take model in SML is a set of interrelated XML documents that months or even years in midsize or large organizations. describe a system and actions on that system. So don’t adopt Windows Server 2008 just because it’s new. It’s got to solve your problems or give you something Move Forward, but that you didn’t have before if you’re going to invest the Plan Carefully effort in money and time. Chances are it will provide value This only scratches the surface of Windows Server 2008’s that you’re looking for as a part of your strategic plans. new capabilities. If you haven’t already started evaluating Just don’t think you can get there by tomorrow. — it, you should do so immediately. Unless you’ve already done an upgrade of your servers in the past year, the ques- Peter Varhol ([email protected]) is Redmond magazine’s tion is not if, but when. executive editor, reviews.

32 | February 2008 | Redmond | Redmondmag.com | Orlando May 12–16, 2008

The Premier .NET Developer Conference Returns to Sunny Orlando

VSLive! Orlando arrives in spring again this year at the exotic Royal Pacifi c Resort at Universal VSLive! Conferences are the ® Orlando , May 12-16, 2008. Join Microsoft insiders and industry veterans as they highlight new essential event for anyone releases and dive deep into existing technology to give you the competitive edge you need. serious about taking their Over fi ve action-packed days, VSLive! Orlando will give you the information, education and skills to the next level. solutions you seek. Expect in-depth pre- and post-conference workshops, breakout sessions by expert instructors, keynotes by industry heavyweights, Microsoft’s .NET Day, enhanced networking opportunities, and more. And VSLive! is now bigger than ever as the 2008 conferences will be co-located with TechMentor—Redmond Magazine’s offi cial training conference for Windows professionals.

Bring the family and make your time at VSLive! Orlando even better The luxurious Royal Pacifi c Resort, home to all VSLive! sessions and activities, is a perfect retreat with pampering for parents and exciting, kid-friendly adventures. Spend your days in Orlando meeting industry gurus, networking with other development professionals, and getting tips and tricks to make the technology you use today work for you. Spend your nights enjoying all that Orlando has to offer, including Universal Studios Florida®, Universal’s Islands of Adventure®, Universal CityWalk®, and so much more…

All VSLive! Orlando attendees can enjoy a special rate of just $199/night at the Royal Pacifi c Resort at Universal Orlando®

Bring the Family and Mix Business with Pleasure

Call 800-280-6218 today or visit us online at www.vslive.com/orlando Register by February 27th and SAVE $300 Use priority code “VORMG” 0208red_CAXOSoftSpread_final.qxd 1/7/08 2:03 PM Page 1

ADVERTORIAL

Business Continuity Testing in Real Time

ecent surveys of business leaders most misunderstood, part of disaster indicate that Business Continuity recovery and business continuation planning. Planning will become a front- burner issue in 2008. Driven by a • Testing validates both the business R combination of incentives, ranging recovery requirements and the methods from regulatory and legal mandates to a selected for providing data protection. growing perception of the practical need for a disaster recovery capability in the face of • Testing also provides a rehearsal: teach- natural and man-made disaster potentials, ing those who will need to be involved in more and more companies are taking the an actual recovery about their roles in an pledge to increase their operational resiliency emergency. in the New Year. • Testing also helps to cultivate a cadre of CA XOsoft Still, the facts are troubling. Of the 50% of personnel who can keep their heads in a large companies that currently have plans, disaster while all around them others are is in the fewer than 50% have tested those plans— losing theirs. in large part because of the technical and forefront logistical challenges, and the expense, But testing is also an on-going expense for of solutions involved in undertaking a solid program of DR/BC planning. Traditionally, a minimum of testing. four tests needed to be scheduled each year, designed to requiring considerable pre-planning and the Given the pace of change in contemporary coordination of staff and resources. However, address the business and technology, having an untested this formal testing regime must be supple- issues of real plan is tantamount to having no plan at all. mented by a number of spot checks, paper Testing is the most important, and also the walkthroughs and other testing activities that time testing. 0208red_CAXOSoftSpread_final.qxd 1/7/08 2:03 PM Page 2

are just as important to keeping the recovery to high availability failover strategies. In so capability in sync with change. doing, it delivers an invaluable window into the entire business continuity capability rather Ideally, testing would not entail expensive than a piecemeal view of selected processes logistics and staff transportation. In the best or components, simplifying the testing of the circumstances, the testing capability would most complex recovery strategies. be built into the recovery management solution that has been implemented by the On February 6, join veteran disaster firm. Planners could, at a glance, determine recovery planner and author, Jon Toigo, and whether shadow protection processes are CA XOsoft Product Manager, David Ashman, operating as planned and could easily test as they host an informative webcast and recovery scenarios without interfering with question and answer session covering the day-to-day operations. importance of disaster plan testing, tech- niques for testing the continuity capability, Up to now, such built-in test capabilities have and the benefits of using CA XOsoft as a tool not been provided by most vendors of backup for making testing an integral part of the software, disk mirroring products or server business continuity capability. And be sure to failover solutions. Consumers had no visibility download this whitepaper, Business into the replication process and no way to Continuity in Real Time, that delivers practi- know whether or not the processes deployed cal guidance on DR/BC plan testing. Written to safeguard their environments would by Toigo, the paper is based on hundreds of actually work. The only way real world planning and testing efforts to ensure that a mission managed or supervised by the author. The critical application environ- white paper and the webcast are free, ment, such as Microsoft sponsored by CA, Inc. Exchange Server or SQL Server, would failover prop- About Jon Toigo erly was to disrupt their Jon Toigo is CEO of Toigo Partners operation by actually failing International and founder of the Data over servers—inviting a Management Institute. A consultant, author full-blown disaster if some- and analyst, he is focused on discerning the thing went wrong! underlying business value of information technology. He is a 25-year IT veteran who Visit ca.com/recovery CA XOsoft is in the forefront of solutions has worked both as an operative within designed to address the issues of real time corporate IT departments and as a senior testing. Users of the solution can see consultant with two international systems whether the recovery scenarios that that integrators. Toigo has published thousands of have built are operating properly and can articles in the computer trade press and his actually execute strategies, without disrupt- blog, DrunkenData.com, is read by over ing the business, both to test their efficacy 180,000 visitors per month. and to accomplish other tasks, such a primary server or storage maintenance. Toigo has written fourteen books, including Disaster Recovery Planning: Preparing for the CA XOsoft provides advanced support for a Unthinkable, which is now in its third edition. broad continuum of disaster recovery tech- He has assisted over 100 companies in their niques, from tape backup and disk mirroring business continuity planning efforts.

To read the entire CA XOsoft white paper, go to: Redmondmag.com/showcase/caxosoft/3 Project1 1/11/08 9:32 AM Page 1 0208red_F2SQL37-42.v8 1/17/08 11:16 AM Page 37

Laying the Groundwork for Microsoft SQL Server 2008

Redmond’s new database server is a complex product often running mission-critical apps. You can’t afford to not get it right. By Joshua Jones

he SQL team in Redmond has made good on its This leaves you with some tough decisions. Do you promise to deliver more timely releases of SQL upgrade your SQL 2000 servers to SQL 2005 or SQL Server. Now that SQL Server 2008 is being released 2008? Just as importantly, do you really need to upgrade this month, it’s time for you to do your homework your SQL 2005 servers to SQL 2008? To help you arrive and make some decisions. You’ll need to take a long at the best decisions for your situation, you need to evaluate Thard look at the new feature set in SQL Server 2008 your usage scenarios and infrastructure considerations in to see if it’s a fit for your organization and your needs. several key areas. Microsoft SQL Server 2008 builds on its predecessors in How do you use your database servers? Is your database terms of its administration and management capabilities. a simple OLTP data repository or do you execute complex Along with Visual Studio 2008 and Windows Server 2008, it business logic inside the database? Are your servers also provides the robust data tier in Microsoft’s Entity Data required to be up 24x7? Based on your current and antici- Platform (EDP). To take advantage of SQL Server 2008’s pated usage, you may choose to upgrade to SQL Server new features, you need to plan ahead and prepare to make 2008 to take advantage of its complex data-manipulation sure your database servers are ready. Migrating to a major features, such as hierarchical IDs, spatial-data types and platform like SQL Server 2008 takes significant preparation, advanced XML manipulation. even if you aren’t planning advanced configurations like That’s not all. Besides data storage, what other components using the EDP for application development and support. will you need? Will you need data reporting? What about Moving from SQL Server 2005 to SQL Server 2008 analysis? The new features within SQL’s Reporting Services won’t be quite as monumental as upgrading from SQL and Analysis Services may drive your decision to upgrade. Server 2000 to SQL Server 2005 (which many organiza- What about management and infrastructure? SQL Server tions haven’t even done yet). There are several key new 2008 provides new management and performance tuning features and functions, such as policy-based management, capabilities, like the Declarative Management Framework built-in data collectors for performance monitoring and (DMF). The DMF enhances how you interact with and support for several new data types, but the fundamental support your SQL Servers. For midsize environments, these components and functionality remain the same. tools alone may be worth the upgrade. They’re particularly

| Redmondmag.com | Redmond | February 2008 | 37 0208red_F2SQL37-42.v8 1/17/08 11:16 AM Page 38

SQL Server 2008

helpful if your company can’t afford the enterprise-level large enterprises will likely find themselves purchasing addi- tools provided by various third-party vendors to manage tional hardware to accommodate their performance needs. large (more than 100 servers) environments. Remember to take a good look at your applications and In the end, there’s no simple litmus test to tell whether or your environment, particularly from the perspective of the not it’s essential for your organization to upgrade to SQL SQL Server 2008 features you plan to use. Server 2008. For each environment, there will be a different If you plan on building out your SQL Server environ- motivating factor. You’ll need to fully understand your ment to take advantage of certain High Availability (HA) current environment, what features are missing, what features like Microsoft Clustering, you’ll need to budget features are never really used, and what new features may for identical pieces of hardware to support your chosen replace current workarounds. configuration. It’s also a good idea to plan for the “scale-out” The only organizations that should consider themselves deployment of SQL Server’s components, as there are a under pressure to upgrade are those still using SQL Server number of possible deployment scenarios. 7.0 or earlier. Time is very limited from a support and usability standpoint with versions this old. No matter Upgrade Considerations what, once you decide that you need to upgrade, the first Once you’ve decided that you’re going to go ahead and order of business is to evaluate your hardware configura- implement SQL Server 2008, you need to evaluate which edi- tions, so you know whether or not you can upgrade tions will be appropriate to suit your needs. There aren’t any without first upgrading your hardware. changes to the hierarchy of editions when compared to SQL Server 2005, so if you’re already using SQL Server 2005, you Hardware Prerequisites can probably use the same edition of SQL Server 2008. If When it comes to deploying a database server, hardware you’re replacing SQL Server 2000 (or older), you’ll need to configuration is extremely important. You’ll need to make compare your existing edition against the newly revised edi- sure you have ample disk space for the amount of data tions to determine which is most appropriate (see Table 2). you’ll be storing. You’ll also need to optimize that disk Be sure to fully evaluate your current and anticipated space for the database’s anticipated work load. needs before deciding which edition is right for you. Be as There’s a limitless number of disk configuration options, realistic and accurate as possible, as there are significant so just remember the basics: separate data files from log pricing differences. Another aspect you’ll need to consider is files, allocate disk space specifically to the tempdb and whether or not to make the move to 64-bit computing on make sure you include redundancy in your disk arrays your database servers (if you haven’t already). Regardless of (failovers and spares). which processing platform you’re currently using, when you The minimum and recommended requirements for SQL upgrade to SQL Server 2008, it may be the right time to Server 2008 are fairly standard (see Table 1).While the implement new 64-bit based hardware as well. SQL Server recommended configuration will work for the average 2008 supports both x64 and IA64 (Itanium) processors, so standalone SQL Server for a small or midsize business, most you should be able to find suitable 64-bit hardware.

HARDWARE RESOURCE/ MINIMUM RECOMMENDED REQUIREMENT

Processor IA64: 1Ghz IA64: 1Ghz or more X64: 1Ghz X64: 1Ghz or more

Memory 512MB 1GB or more

Disk 1700MB (with all components N/A - Actual size will be (not including being installed) determined by components data space) installed and the amount of data stored

Operating Any Edition of Windows N/A System Vista, Windows Server 2008, Windows Server 2003 SP1, or Windows XP Professional SP2 (XP supported for Developer Edition of SQL Server 2008) Table 1

38 | February 2008 | Redmond | Redmondmag.com | 0208red_F2SQL37-42.v8 1/17/08 11:16 AM Page 39

SQL SERVER SQL SERVER 2005/ KEY 2000 EDITION 2008 EDITION DIFFERENCES

Desktop Engine (MSDE) Express Edition SQL 2005/2008 has a Reporting Services engine built-in, and there’s a free management GUI available (Microsoft SQL Server Management Studio Express).

Personal Edition Workgroup Edition SQL 2005/2008 Workgroup Edition supports all basic features, as well as log shipping. It does not include BI/ETL features.

Standard Edition Standard Edition SQL 2005/2008 removes the 2GB memory restriction and supports more advanced features, such as data warehousing, analysis, analytics, basic database mirroring and replication.

Enterprise Edition Enterprise Edition SQL 2005/2008 Enterprise Edition has no CPU or RAM limitations. It also includes BI features and supports High Availability features like database mirroring, replication and online indexing.

Developer Edition Developer Edition Developer Editions are identical to Enterprise Editions, but are licensed only for development use and may not to be used for production purposes.

Table 2 Because both Microsoft Windows and SQL Server can warnings to help reduce installation and upgrade problems. run in 32-bit mode on 64-bit hardware, your choice isn’t as The Upgrade Advisor won’t catch all potential problems, but much about purchasing 64-bit hardware, but choosing it’s a great way to get started and it will catch the major issues. whether or not to install the 64-bit versions of Windows and SQL Server. Running your database servers in 64-bit Potential Roadblocks mode will give you a significant performance boost. There’s some information available about potentially You’ll have more computing power in terms of the number painful (or just plain annoying) changes in SQL Server of instructions per clock cycle on each CPU. This in turn 2008. Here’s a list of the changes in SQL Server 2008 that will give you better access to large amounts of physical are most likely to cause issues: memory (no more “virtual” memory management issues). Compatibility Levels: These are the settings that let You can literally get more work done faster with 64-bit databases from earlier versions of SQL Server remain machines. As they say, your actual mileage will vary, but “compatible” for that version, in terms of features and database query performance will obviously be faster on a functions, when they’re hosted on a newer version of SQL 64-bit machine as opposed to a 32-bit machine. Server. The levels are: SQL Server 7.0 is “70,” SQL Server Besides planning for hardware considerations, you’ll need 2000 is “80,” SQL Server 2005 is “90,” and SQL Server to be fully aware of any functionality changes. This includes 2008 is “100.” Support for compatibility levels is limited to any “breaking” changes that may happen as you migrate the two previous versions. So SQL Server 2008 only sup- your existing databases to SQL Server 2008. Fortunately, ports levels 80 and 90. The next version will only support Microsoft’s SQL Server Upgrade Advisor can ease the 90 and 100. If you have databases running on an earlier process. Unfortunately, the new upgrade advisor has not yet version (or coming to SQL Server 2008 from an earlier been published. There are references to it in the documen- version), you’ll have to upgrade the database to at least tation for SQL Server 2008, so it’s coming soon. level 80, if not directly to level 100. The new Upgrade Advisor will likely be similar to the SQL CLR Assemblies: SQL Server 2008 supports the new Server 2005 Upgrade Advisor. The 2005 version gave you Hierarchy ID, potentially adding a name conflict with user

| Redmondmag.com | Redmond | February 2008 | 39 0208red_F2SQL37-42.v8 1/17/08 11:16 AM Page 40

SQL Server 2008

assemblies (if your assembly happens to use the name hier- Join Syntax: Many programmers use the old join syntax archyid). The Upgrade Advisor will note any naming *= or =* for left and right outer joins. This will no longer conflicts. If you install without using the Advisor, and work with SQL Server 2008. You should begin replacing these types of joins with the ANSI standard SQL syntax for joins. Discontinued Features: The following features were deprecated in SQL Server 2005, and are not supported in SQL Server 2008: aliases, DUMP/LOAD, BACKUP LOG WITH {NO_LOG | TRUN- CATE_ONLY}, Groups (use roles). You can learn more about any poten- tial problems in some of the books about SQL Server that are coming out as the product is released. Be sure to review your code (or have your programmers review their code) to remove any references to deprecated or discontinued features as soon as possible. This will prevent any unpleasant surprises when you begin upgrading databases.

Figure 1. The Excel Add-in enables direct integration with Microsoft Excel spreadsheets. Choose Your Components Besides the basic database engine, SQL Server 2008 there’s a user assembly with a name conflict, the setup includes an entire suite of components designed to help program will rename the assembly and put the database into form the data tier for your organization. Because of the suspect mode. If there’s a user type with a conflict, both the vast number of available components, you’ll need to plan old type and the new type will exist, however the user type for each component as if it were a separate application. will only be available via two-part naming usage. This will help you scale your environment as your organi- DBCC CHECKDB and CHECKTABLE: Besides intro- zation grows. You can install each of the following compo- ducing support for spatial indexes (indexes on the new spatial- nents on a separate physical machine (if necessary) to data types), DBCC CHECKDB and CHECKTABLE have create a more flexible, scalable environment: one minor change. On databases upgraded to the new com- SQL Server Analysis Services (SSAS): Installing SSAS patibility level (100), these two DBCC commands will only on a separate machine is no different than installing it do a physical consistency check (no logical check) on XML alongside the SQL Server database engine. However, indexes unless NOINDEX is specified. If your database is still installing this separately will let you customize resources, in compatibility level 90 (SQL Server 2005), it will issue both such as CPU and RAM, to fit the SSAS workload. a physical and logical check against all indexes, including your SQL Server Integration Services: This is simply a service XML indexes (again, unless NOINDEX is specified). that runs on a Windows machine that enables hosting and BACKUP|RESTORE { DATABASE | LOG }: The execution of SQL Server Integration Services packages. following options for BACKUP and RESTORE are Scaling this out makes sense if your organization has a deprecated in SQL Server 2008, meaning they will not be large number of packages and needs to manage them from supported in the next version of SQL Server: WITH a single server. PASSWORD, WITH MEDIAPASSWORD, WITH SQL Server Reporting Services (SSRS): SSRS is a Web DBO_ONLY (use WITH RESTRICTED_USER). application designed to host reports you can access via a sp_dboption: ALTER DATABASE has replaced this. If you Web interface, or through an exposed set of .NET objects. have any code that references sp_dboption, replace it with Installing this component on its own server will let you get ALTER DATABASE as soon as possible, as the next release away without having IIS (an SSRS prerequisite) installed on (after SQL Server 2008) won’t support sp_dboption. your SQL Server. It will also let you offload report- Remote Servers: Linked servers have replaced remote processing workloads to a separate physical machine. servers. The related system-stored procedures (such as Obviously, you can install any or all of these components sp_addserver) will be removed from the next version of side-by-side with the core database engine, or combined SQL Server. with any other component. Installing any of these will also

40 | February 2008 | Redmond | Redmondmag.com | Project3 12/12/07 1:05 PM Page 1

Finally, Affordable Enterprise-Class Archiving

Introducing Sunbelt Exchange Archiver. Sunbelt Up to 80% smaller message store. With SEA, you’ll Exchange Archiver (SEA) is a robust new product which dramatically reduce your Exchange storage. The benefits are delivers real enterprise-class email archiving, at a price that clear: faster backup times, better Exchange performance, won’t break your budget. Get comprehensive legal and and faster recovery. regulatory compliance. Reduce your Exchange storage by up to 80%. Securely store emails on your choice of media, Journaling not required. It’s a fact that using the using the built-in Hierarchical Storage Exchange Journaling mailbox for archiving Management. And, find archived emails dramatically affects server performance. rapidly with full-text search for e-discovery “Exchange performance With SEA, Journaling is an option – the or compliance. program’s breakthrough Direct Archiving feature stores all emails immediately after Compliance, e-Discovery, and legal is suffering. Your users they are received, keeping load off the readiness. If you need to archive emails Exchange server. for regulatory or legal reasons, SEA has complain about email you fully covered. Emails are stored in No more PST headaches! SEA gets their original form, in whatever secure storage. Your CEO wants rid of pesky PST files that are a major media you prefer, with complete flexibility admin headache. SEA automatically finds on retention. Need to find an archived legal compliance. them, imports them, and makes them part email? Simply use SEA’s powerful of your user’s archive. integrated full-text search of emails and Now what?” Great for disaster recovery. No attachments, and you’ll be ready at a matter where you email is stored, business moment’s notice for e-discovery or legal continuity is assured with SEA. Using the requests. included web client, users can continue to Seamless end-user experience. SEA see and use their email even if Exchange is is fully transparent for your users, whether down. they’re running Outlook, OWA, Blackberry Archiving’s time has come for devices or even Entourage on the Mac – with everyone. Contact us today and see how no special client software needed. Trusted SEA solves your legal and compliance end users can be delegated granular authority headaches and immediately improves the performance of with the included web-interface or optional Outlook Exchange – while saving critical budget dollars. add-in. They can do off-line synchronization, and search, edit, forward, move or delete archived emails.

Get A Free Quote and See How SEA Compares to Symantec Enterprise Vault ™! Email [email protected] or call 888-688-8457

Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbeltsoftware.com [email protected] © 2007 Sunbelt Software. All rights reserved. Sunbelt Exchange Archiver is a trademark of Sunbelt Software. All trademarks used are owned by their respective owners. 0208red_F2SQL37-42.v8 1/17/08 11:16 AM Page 42

SQL Server 2008

install a core set of prerequisites on your server (like the instances of SQL Server 2008. This will let your applica- new .NET Framework 3.0) to support the component tion support teams test application functionality and you’re installing. This will help you quickly reallocate or performance. Then you’ll be able to flush out functional consolidate servers. incompatibilities and test new features. Installing SQL Server 2008 is a very similar process to Install Time installing SQL Server 2005. The installer uses the same Once you’ve made all the decisions about which edition MSI format, which gives you granular control of compo- and components you’re going to install and how you’re going to deploy them, you’ll be ready to begin actually installing SQL Server 2008. At this point, you’ll have one of two different paths from which to choose: a clean install or an upgrade. While there are wildly differing opinions on upgrading a database server versus doing a clean install, you’ll need to plan and proceed carefully either way. Considering factors like maintenance windows and cost, most organizations will migrate to new database servers by installing the new software on a new server. Then they’ll move the databases over. This is usually faster than an in-place upgrade. You can use various database copying techniques, like log shipping, to create the data- base on the new server without any user interruption on the old server. Once you have your data in sync and you’re ready to go live and cut over to the new server, there will be a minimal Figure 2. The Management Studio is where you can control, outage. You’ll have to either re-name the servers so the enable and disable policies to configure SQL Server 2008. new one replaces the old or update applications/users to use the new server. This also provides a failback system nents and their installation destinations. Much like SQL (albeit with out-of-date data) should something go horribly Server 2005, you can build automated, silent install wrong on the new server. packages that you can then deploy to servers as needed. If you do choose an in-place upgrade, remember that you This is a non-trivial task, but is well worth the effort if should always back up your databases (some even choose your organization utilizes dozens or hundreds of SQL to detach them) before doing any work. This will protect Servers. When you combine automated installation with you from any problems if the installation is interrupted by the new SQL Server 2008 policy-based management unpredictable conditions, like power loss. framework, you can ensure that your servers are built You also need to choose whether or not you’ll leave your correctly every time. databases in a lower compatibility level after installing SQL Server 2008. Even though the compatibility level Upgrading and Beyond allows for some backward functionality, even the act of Deciding if, when and how to upgrade are the big deci- attaching the database to a newer version of SQL Server sions. You don’t always have to drive the shiny new car if makes some fundamental changes to the database. This your old one works just fine. SQL Server 2008 does, how- will prevent it from being attached to the original version ever, provide much-needed support for many applications from which it was migrated. and offers a host of new features in each of its components. Before you move any production databases, be sure to Also, DBAs will appreciate the new management features. test their functionality to the best of your ability to help This is an extensive process, so be sure to take your time. ensure a smooth transition. If you’re lucky enough to have Test your applications,document your usage needs, evaluate a stable development, test and production design, you can your hardware and move slowly. You know the importance use your development and test environments to host of your databases. Don’t rush in without a clear picture of the outcome. —

GetMoreOnline Joshua Jones, MCTS: SQL Server 2005, MCITP: Database Go to Redmondmag.com for more on SQL Server 2008, Administrator, is co-owner and operating systems/database tech- including information on where to find related books, nologies consultant with Consortio Services in Colorado Springs, blogs and other resources. Colo. He provides training, administration, analysis and design FindIT code: SQL0208 support for SQL Server 2000 and 2005, as well as training and support for all flavors of Windows.

42 | February 2008 | Redmond | Redmondmag.com | Project5 1/11/08 1:00 PM Page 1

Introducing an integrated approach to complete SharePoint protection and management

DocAve™ Software for SharePoint Changing the way Administrators manage SharePoint

FREE 30 DAY TRIAL Download at www.avepoint.com

SharePoint management made simple. Complete SharePoint protection. Now you can control and manage the back-end of With item-level backup and full-fidelity restore, all your SharePoint environments from one place. DocAve allows for fast recovery of business critical DocAve is the only truly integrated, easy-to-use documents and content. Complete SharePoint software that offers a complete set of SharePoint platform backup allows for quick and painless backup, recovery, and administration tools. One recovery of the entire system during a disaster. solution, with many mix-and-match functions, With DocAve, you’ll have complete confidence now gives you power like never before. in your SharePoint environment.

Call 1-800-661-6588 or visit www.AvePoint.com for more information or to download a free trial.

© AvePoint, Inc. All rights reserved. DocAve, AvePoint, and the AvePoint logo are trademarks of AvePoint, Inc. All other names mentioned are property of their respective owners. Project5 1/16/08 2:26 PM Page 1

All-in-one appliance

There’s one simple reason we take only days to implement.

With the KACE KBOX you get a complete systems management solution in one appliance. Just plug it in and it works. No assembly required. The other guys? Well, we all know there’s a bit more to the process and the cost. Call us today and we’ll prove to you how easy it is to use KBOX. Welcome to KACE Time.

Winner MMS 2007 Most Innovative Product

www.kace.com/prove 877.MGMT.DONE

KACE and KBOX are trademarks of Kace Networks Inc.All other registered trademarks are owned by their respective companies. 0208red_F2Enterprise45-48.v5 1/17/08 12:29 PM Page 45

Searching for an Answer in the Enterprise

As the clamor from IT shops for better internal search grows louder, competition among vendors both large and small gets hotter.

By Paul Korzeniowski

rent Parkhill, vice president and director of IT services at Haley & Aldrich Inc., a Boston-based commercial construction consulting company, was asked a question commonly heard in many IT departments: “Why isn’t our internal search as Tsimple to use as when we look for something on the Web?” In companies, large and small, a gaping disconnect is plainly evident between internal and external searches. While a Web user can type in a few words and regularly come back with desired information, that’s not the case with enterprise searches. In enterprise search, users often enter data several times and end up so frustrated they simply stop using their companies’ enterprise search systems. There are many reasons why enterprise search systems don’t work well. The first one stems from the nature of enterprise information: Enterprise search systems need to be more secure than Web searches. Also, vendors have built products that store data in Enterprise Resource Planning (ERP) systems, e-mail messages, text documents Trent Parkhill, VP and spreadsheets. To help users find desired information, and director of IT companies need a tool that can examine all of those infor- services at the Boston-based Haley mation sources—a task that no product was originally & Aldrich Inc., designed to do. Compounding the problem, enterprise initiated the hunt search usually has a much narrower focus than Web for a new enterprise search. Additionally, products that have been built to search system. improve enterprise search have often been expensive and difficult to deploy and maintain.

PHOTO BY IRA WYMAN | Redmondmag.com | Redmond | February 2008 | 45 0208red_F2Enterprise45-48.v5 1/17/08 12:29 PM Page 46

Enterprise Search Corporations have clamored for improvements in search many formats, such as word processing documents, database technologies because their employees spend valuable time management systems and image processing systems. Internet fruitlessly searching for information, which results in lost search systems can also easily pinpoint information sources, revenue. In response, a regiment of vendors has emerged which usually are individual or company Web servers. Within to try and address the problem. Autonomy Corp., Coveo an enterprise, information may reside on central servers, Solutions Inc., Dieselpoint Inc., Endeca Technologies Inc., department systems or employee machines, which can be Exalead SA, Fast Search & Transfer (FAST), Groxis Inc., PCs, notebooks or handheld devices. ISYS Search Software, Northern Light Group LLC, “The processes of how users enter information for Web and enterprise searches are similar, but the results “The processes of enterprise users desire are much more specific,” notes Raul Valdes-Perez, CEO at Vivisimo. how users enter With Internet searches, users often have broad information for search goals—many times they don’t know exactly Web and enterprise what they’re looking for—and are really only looking for places where they can find needed searches are similar, information. After they type in a word, such as but the results “notebook,” users frequently are satisfied with enterprise users being brought to a comparison Web site where information about several notebooks is listed. desire are much That’s not usually the case when employees more specific.” search for corporate data. If they type in a key phrase, such as “Joseph Smith’s address,” they Raul Valdes-Perez, expect a specific piece of information to appear CEO, Vivisimo Inc. and are disappointed if that doesn’t happen. Consequently, companies often spend a lot of SearchInform Technologies,SearchBlox Software Inc., time and effort identifying where information is located Siderean Software Inc., Thunderstone Software LLC and and then making it available to enterprise search engines. Vivisimo Inc. are just a sampling of the suppliers delivering Even after doing that, the results can be disappointing, enterprise search products. something that Haley & Aldrich found. But recently these small niche vendors have been joined by industry Goliaths Google Inc. and Microsoft. While all A Search Story of these suppliers have worked diligently to make internal “Our search system was returning a lot of junk,” admits search as robust as external search, a silver bullet has yet to Haley & Aldrich’s Parkhill, whose company formerly relied emerge. However, enterprise search has been steadily on search functions found in Microsoft’s SQL Server. “Our improving as these vendors take several different routes to employees became so frustrated that they stopped using it.” address its traditional limitations. The lack of strong search features created a drag on corporate productivity. A consulting firm, the company Web Search vs. Enterprise Search generated many documents, which employees frequently To deliver better enterprise search systems,software needed to examine. Also, expertise such as prior work expe- suppliers need to build products that index corporate data riences with a potential customer was stored in the company stored in a variety of places and then deliver that data in a somewhere, but often employees could not locate it. secure manner to end users. Security is one function missing So, in the spring of 2006, Haley & Aldrich looked for a new in many of the Web search products. enterprise search system. After combing various Web sites “The basic idea of a good Web search engine is to scour and talking with a number of vendors, the selection boiled and index all of the information on the public Web,” notes down to products from Coveo and Endeca. The former was Craig VerColen, manager of public relations at Endeca. chosen because its pricing model was more in line with small “They were never designed to interpret that information and midsize business; pricing for enterprise search systems and how it maps to security models and user permissions.” tends to be high because the deployment process is complex. Enterprise search systems need to make distinctions The first step to installing these products is completing between delivering sensitive data, such as an employee’s an information inventory. Then a company has to develop annual pay or Social Security number, from non-sensitive an “information repository,” a central place where different data, such as the dates when paychecks will be cut. data sources can be referenced; connect the repository data Another reason Internet-based search is much simpler than to an enterprise search engine system; and let users access enterprise search is the format of the data examined. With the engine via a company’s intranet. To complete these Internet searches, information is primarily restricted to tasks, companies pay from $3 to $5 in systems integration HTML Web pages. In enterprise searches, data is stored in charges for every $1 they pay in enterprise search software-

46 | February 2008 | Redmond | Redmondmag.com | Project11 1/10/08 2:34 PM Page 1

"EWFSUJTFNFOU HowtoProtectandImproveSystemPerformance The Top Ten Points to Know about Fragmentation professionals are heroes of the workplace. Whether with cunning fragmentation. It’s like Superman® saving theday—twodaysbeforethere’saproblem. wit or a Phillip’s head screwdriver, they solve most any computer emergency.However,keepingacomputerrunningattopspeedis 9. Auto-defrag breathes life into systems. *5 Itkeepssystemsatoptimumspeedsand usually preventative maintenance instead of last-minute, adrenaline-surging, eliminates fragmentation-related per- virus-vaccinating heroics. formance issues. Thoroughly defragging systemsadds2–3yearsontothehardware’s Here are 10 key points to maintain peak frequently used files by as much as 80%. useful life.2 performanceacrossanynetwork: I-FAASTgivessystemsfaster-than-new speeds. 10. Analyze your network’s performance. 1. The hard-disk is the slowest part Poorperformanceonaremotesystemcan of any system. 5. Servers are especially susceptible. easilybemistakenforaslownetwork.Get Sayyouareoperating WhilediskstripingimprovesphysicalI/O Disk Performance Analyzer for Networks™. a2.5GHzprocessor. capacity and perfor- This free utility scans networked systems That’s 2.5 billion op- mance, RAID and forfragmentation.Seeforyourselfhow erations every second. SAN systems simply fragmentationisaffectingyoursystems. Alargenumberof donotfixfragmenta- This groundbreaking program will provide harddisksonlyspin tionwhereitbegins comprehensive reports on how system at 7200 rotations per —atthefilesystem. speedswillimprovewiththoroughdefrag- minute, or 120 cycles Enormous volumes mentation. Visit www.diskeeper.com/red11 persecond,or120Hz.Thismeansyour with heavy read/write and get this free, must-have utility. CPU is more than 20 million times faster activity lead to astronomical fragmentation than the hard disk. The hard disk still has rates, making RAID and SAN work harder Diskeeper2008istheonlyfully- mechanical components. Think Terminator than they should. The efficiency of RAID automated defragmentation program. 2®,whenamechanizedSchwarzeneggeris andSANmaylessensomeofthephysical It operates invisibly in the background outclassedbythefaster,smarterT-1000. effectsoffragmentation,butfragmentation anditdynamicallyadaptsdefragmentation When the slowest part of your computer isnevereliminated.You’llneedtobuymore strategies to fit the needs of individual is making unnecessary reads, the entire andmoreequipmenttocompensate.Sooner volumes. With new defrag engines, system is dragged down.

2. Fragmentation has severe effects. When systems are thoroughly defragmented, It’smorethansluggishandcrawling computer speeds; fragmentation leads to they run faster and more reliably—period. crashes, hangs, data errors, file corruption and boot-time failures. Files that suffer orlater,thetortoisecatchesthehare,and Diskeeper2008restoresperformance fragmentation are more difficult and take your system suffers I/O bottlenecks and onvolumeswithaslittleas1%freespace. longertobackup.Whensystemsare slow server speeds. Get rid of slows, bottlenecks, and frag- thoroughlydefragmented,theyrunfaster mentation-induced crashes. Visit andmorereliably—period. 6. Operate without interrupting productivity. www.diskeeper.com/red9 The new InvisiTasking™ technology 1 AvailableonProPremier,ServerandEnterpriseServereditions. 3. Real-time defrag is necessary. makessoftwaretransparent.Diskeeper 2 Seewhitepaperatwww.diskeeper.com/redpaper Many companies rely on 24/7, mission- 2008 with InvisiTasking will work invisibly critical servers. Taking these systems in the background; only using untapped offline for maintenance is not an option. resources. Systems are continually improved “Slickest Time-Saving Tool” But, having a server withoutanymanagementorimpactona Diskeeper 2008 with I/O bottlenecks system’s usability. is also not an option. Only real-time, 7. Defragment despite minimal free space. SPECIAL OFFER invisible defrag- The purpose of defragmentation is to mentation fixes this restore lost speed and performance. A catch-22 situation. defrag engine must be able to operate in limited free space because drives with 4. Give your systems faster-than- extremely limited free space are the ones new speeds. in need of the most help. Diskeeper 2008 TryitFREEfor45days! NTFSbest-fitattemptsforfileplacement handles millions of fragments and can Download a free trial at on hard drives are limited. Diskeeper® function with as little as 1% free space. 2008comeswithanewtechnologycalled www.diskeeper.com/red9 I-FAAST™ (Intelligent File Access Ac- 8. Stop fragmentation before it happens. (Note: Special 45-day trialware is celeration Sequencing Technology)1 that Diskeeper 2008 comes with Frag Shield™ onlyavailableattheabovelink) re-sequences your files. So, in addition to 2.0,atechnologythatautomaticallydefends Volume licensing and Government/Education discounts are consolidatingfreespace,defragmenting against fragmentation of critical system files. availablebycalling800-829-6468,extension4415. withDiskeeperboostsaccesstoyourmost Frag Shield 2.0 prevents crash-inducing

© 2008 Diskeeper Corporation. All Rights Reserved. Diskeeper, InvisiTasking, Maximizing System Performance and Reliability—Automatically, Disk Performance Analyzer for Networks, Frag Shield, I-FAAST, and the Diskeeper Corporation logo are either registered trademarks or trademarks owned by Diskeeper Corporation in the United States and/or other countries. All other trademarks and brand names are the property of the respective owners. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com 0208red_F2Enterprise45-48.v5 1/17/08 12:29 PM Page 48

Enterprise Search

licensing fees. This is a requirement that drives up costs “As our business grew, we needed a way to help potential dramatically, according to Matt Brown, a principal analyst customers find desired items,” notes John Michael Baratta, at Forrester Research Inc. CTO at MEDmarketplace.com. Baratta’s company, like Haley & Aldrich had 3 million documents that it needed Haley & Aldrich, formerly relied on Microsoft SQL Server to index, and expected that number to grow to 20 million in queries to help customers find needed data. a few years, something Coveo Enterprise Search could handle. At the start of 2006, the medical product marketer exam- The system was also open, so Haley & Aldrich could tinker ined enterprise search products from vendors like Coveo, with it to include company-specific search items, such as Dieselpoint, Google and ISYS Search Software. At the end searching for any prior experience with a potential of 2006, the company chose the ISYS product because it customer. After completing its evaluation, Haley & Aldrich integrated well with MEDmarketplace.com’s Microsoft SQL installed Coveo Enterprise Search in the summer of 2006. Server database-management system. “Microsoft’s decision to sell its Google and Microsoft Square Off One market development that may surprise some is that Search Server separately was a bit Google is a relatively new and small player in the market. surprising, but illustrates how The company, which has been synonymous with Web important search is becoming in search, made a major push into enterprise search in June 2004. At the time, the company revamped its Google Search the enterprise.” Appliance line and focused on low pricing and simplicity. Whit Andrews, Research Vice President, Gartner Inc. Competitors offer products that sell for $50,000 to $1 million. Pricing for the Google Search Appliance starts at Initially, indexing data was a cumbersome process, but $30,000; the Google Mini, a scaled-down search system Coveo enhanced the system so it became much simpler. geared toward departments or small companies, sells for Haley & Aldrich found significant differences between the $2,995; and Google Desktop Search for Enterprise, Coveo system and Endeca products because suppliers have designed for searching individual files, is free. The com- taken a number of different approaches to tackling enter- pany is trying to maintain the ease-of-use functions found prise search problems. within its Web search system. Corporations can complete product installation in a few hours compared to the days— Search Leaders or even weeks—typically associated with traditional enter- Dallas-based Autonomy has been the traditional market prise search systems. leader in search. Microsoft has been right on Google’s heels. It, too, has “Autonomy has done well with large enterprises and com- made some progress in penetrating the market, but in plex searches,” notes Whit Andrews, a research vice president November 2007, the company announced Search Server at Gartner Inc. To make its way further down the ladder, 2008 Express, which will be made available as a free down- Autonomy purchased the Ultraseek search engine primarily load. Redmond’s search product was formerly part of its designed for the consumer market. It started offering compa- SharePoint collaboration system. nies a one-year free trial for the product, which sells for “Microsoft’s decision to sell its Search Server separately about $25,000. FAST has been using original equipment was a bit surprising, but illustrates how important search is manufacturing (OEM) to deliver its search engine to soft- becoming in the enterprise,” notes Gartner’s Andrews. ware companies such as Business Objects SA, Cognos Inc. In addition, Microsoft has moved to the forefront in the and WebTrends Inc., which have in turn incorporated it into promotion of new federated search capabilities based on their products. Endeca has tried to make it easy for cus- Creative Commons’ OpenSearch standard. Several tomers to work with structured and unstructured data by companies, including Open Text Corp.,Business Objects, building a robust rules-based engine capable of indexing Cognos and EMC Corp., are developing federated search many different data types. Vivisimo’s Velocity is able to corre- connectors to enable Microsoft’s enterprise search late social networking information with enterprise search. customers to connect to their information systems. A few of the products have gained a foothold by focusing With so many vendors trying to expand on the limita- more on helping external users—rather than internal ones— tions of enterprise search in so many different ways, find information. Certain businesses find they have a Web improvements loom on the horizon. Consequently, folks presence but offer potential customers and partners only a like Haley & Aldrich’s Parkhill will soon be asked less limited ability to search their sites. MEDmarketplace.com about enterprise search and more about items such as, Inc., which has been in business since 2002, fits into this cate- “Why does software cost so much?” — gory. The company’s business centers on selling hard-to-find new and used medical products, including wheelchairs and Paul Korzeniowski ([email protected]) is a freelance writer oxygen tank holders, to businesses and consumers. based in Sudbury, Mass., who specializes in technology issues.

48 | February 2008 | Redmond | Redmondmag.com | Project8 1/14/08 5:32 PM Page 1

For a limited time, try a course for FREE (See below for details) I choose the time, place, and technology.

Microsoft E-Learning delivers.

Get the skills you need with

Offi cial Microsoft® E-Learning. Offi cial Microsoft E-Learning provides you with a cost- effective, fl exible, and easy way to build your skills on Microsoft technologies.

Choose from more than 1,400 hours of training for IT professionals and developers on the latest products, including

Vista®, Offi ce, SharePoint®, Windows® Server, SQL Server™,

and Visual Studio®. Microsoft also offers more than 200 hours of training for end users.

Developed at the source by Microsoft technology experts, each course quickly provides you with the critical knowledge you need to excel at your job.

Available 24/7 online, the modular lesson format allows you to learn where you want, at your own pace. Take advantage of interactive online features that give you the fl exibility to acquire new skills in the way that best suits your learning style.

For a limited time, you can try Offi cial Microsoft E-Learning for free! Get your free course today at www.microsoft.com/learning/elearning/free.*

Microsoft Learning. Don’t stand still, stand out.

* This offer is limited to one free course per person. This offer is redeemable for individual courses only and does not apply to collections. This is a limited time offer that will expire on 3/31/2008.

MS_RedmondMag_Feb08_Elearning_Re1 1 1/14/08 1:54:21 PM Project2 1/3/08 1:51 PM Page 1

Ultimate USB San Francisco Security Stick Moscone Center West S March 30 –April 3, 2008 9:

Register for a Gold 2: Passport by M March 5, 2008 Save $200 and receive a The Leading FREE Ultimate USB Security Stick on-site in San Francisco! Network Training 11 Conference for Windows

Professionals Returns to T San Francisco

TechMentor kicks off 2008 in San Francisco, with five days of tactical and strategic sessions on automating, managing, securing and troubleshooting Microsoft Windows server systems. 11

Get independent, real-world training from knowledgeable and accessible instructors at San Francisco’s Moscone Center West. TechMentor is now bigger than ever, as the 2008 conferences will be co-located with VSLive!–Visual Studio Magazine’s official conference offering cutting-edge techniques and solutions to today’s developers. Choose the all-access Gold Passport and get unlimited access to both TechMentor and VSLive sessions in San Francisco. W

TechMentor San Francisco Brings You: • Independent, real-world training from major industry players • Five tracks on Automation, Tricks & Troubleshooting, Fundamentals, Security, and Windows Server Technologies • In-depth, pre- and post-conference workshops on essential network topics • Training on how to manage your networks smarter, faster and more effectively • Demonstrations from leading vendors of hardware, software and services for Windows networking professionals • Systems administrators and IT managers from around the world to network with, and much more

The Next Generation is here. Are you ready?

Sign-upbytheEarlyBirddeadlineofMarch5,2008withprioritySign-up by the Early Bird deadline of March 5, 2008 with priority T code: VIPMG and save up to $250 on the all-inclusive Gold Passport. VisitusonlineatVisit us online at www.TechMentorEvents.com or 9: call 800-280-6218 forformoreinformation. more information.

Presented By Project2 1/3/08 1:52 PM Page 2

B Agenda-At-a-Glance ck Sunday, March 30, 2008: Pre-Conference Workshops

Dominate and Rule your World Using Windows PowerShell Speed-Start & Introducing Windows Server 2008: What’s New/What’s Changed • TPR2 Windows Deployment Tools • TPR3 9:00 a.m. - 1:00 p.m. Group Policy - The Basics • TPR1 Scripting • TPR1 • Don Jones • Greg Shields • Rhonda Layfield • Derek Melber Your Network from the Wire Up: Dominate and Rule your World Using Advanced Windows Server 2008: What’s New/What’s Changed • TPR6 Windows 2008/Vista Security • TPR7 2:00 p.m. - 6:00 p.m. How It Works, How to Spot Problems Group Policy - Implementation • TPR8 • Greg Shields • Mark Minasi Gold • TPR5 • Don Jones • Derek Melber Monday, March 31, 2008: Conference Day 1 8 d 9:00 - 10:00 a.m. Keynote: Breakthrough Software Development Challenges with Visual Studio 2008 • Jason Zander Windows PowerShell & Tips, Tricks, & Foundations for Windows Windows Server Practical Security The Leading SB Windows Automation Troubleshooting Administration Technologies Managing with Windows PowerShell: Troubleshooting Windows Crashes & Active Directory in Windows Server k Windows PowerShell Fundamentals Intro to Hacking and Countermeasures 10:15 - 11:30 a.m. Present and Future • TP1 Hangs • TT2 2008 - Designing, Managing, and • TF3 • Don Jones • TS4 • Todd Lammle • Bruce Payette • Bruce Mackenzie-Low Integrating • TW5 • Derek Melber ! Creating Killer Management Reports Tips & Tricks for the Windows Fundamentals of Failover & Load Digital Certificates and Security: Drive the IPv6 Technology in Windows Network Training 11:45 a.m. - 1:15 p.m. in Windows PowerShell • TP6 Firewall: You Can Turn it On Now! Balancing Clusters • TF8 PKI Fundamentals • TS9 Server 2008 and Vista • TW10 • Don Jones • TT7 • Greg Shields • Bruce Mackenzie-Low • Bruce Rougeau • Todd Lammle 12:30 - 3:00 p.m. Lunch Intro to USB stick: Remote Tips You Should Know for Preventing Building a GUI in Windows PowerShell Active Directory Fundamentals • TF13 Communications and Portable Apps Use Windows PowerShell to Pass Your 3:00 - 4:15 p.m. an Active Directory Failure • TT12 • TP11 • Marco Shaw • Bruce Rougeau • TS14 • Todd Lammle & Keith Next Audit • TW15 • Don Jones Conference for Windows • Greg Shields Parsons Remote Systems Management the Troubleshooting Windows Clusters Unveiling What’s New & Exciting in Active Directory: Group Policy Securing Windows PowerShell • TS19 4:30 - 5:45 p.m. PowerShell v2 Way • TP16 with Confidence • TT17 Server 2008’s Terminal Services Fundamentals • TF18 • Derek Melber • Don Jones • Marco Shaw • Bruce Mackenzie-Low • TW20 • Greg Shields Professionals Returns to Tuesday, April 1, 2008: Conference Day 2

9:00 - 10:00 a.m. Keynote: TBD Windows PowerShell & Tips, Tricks, & Foundations for Windows Windows Server Practical Security San Francisco Windows Automation Troubleshooting Administration Technologies Tips, Tricks, and Troubleshooting Automating VMWare Administration Repel the Crackers - Best Practices in for Windows Management Terminal Services Fundamentals SYSVOL in Server 2008—Know your 10:15 - 11:30 a.m. with Windows PowerShell • TP21 Securing Windows Passwords • TS24 Instrumentation (WMI) • TT22 • TF23 • Bruce Rougeau Options • TW25 • Rhonda Layfield • Brandon Shell • Derek Melber • Don Jones Automating Remote Systems Migrating from XP to Vista: Don’t Fear, System Recovery: The Good, the Bad, Merging Old and New Group Policy Inventory and Management with USB Stick: Network Analysis • TS29 11:45 a.m. - 1:15 p.m. Stop Waiting, Here’s Why! • TT27 the Lifesaving • TF28 Technologies - Without Bringing Down Windows PowerShell and WMI • TP26 • Keith Parsons • James Conrad • Bruce Rougeau the Network • TW30 • Derek Melber • Jeff Hicks 12:30 - 3:00 p.m. Lunch Automating Citrix Server Best Practices in Managing the New Troubleshooting Group Policy • TT32 IIS 7.0 Fundamentals • TF33 Inside Windows Logons • TS34 3:00 - 4:15 p.m. Administration with Windows Windows Event Log • TW35 • Derek Melber • Bruce Rougeau • Mark Minasi PowerShell • TP31 • Brandon Shell • Greg Shields The Best Free Tools for Windows Advanced DNS Management for Automated Server Configuration, The Learn to Subnet in your head in USB Stick: Penetration Testing 4:30 - 5:45 p.m. Server Troubleshooting • TT37 Windows Server 2008 • TW40 Easy Way • TP36 • Mark Minasi 60 Minutes • TF38 • Todd Lammle • TS39 • Keith Parsons • Greg Shields • Rhonda Layfield 5:30 - 7:30 p.m. Exhibitor Reception 8:00 p.m. Midnight Madness Wednesday, April 2, 2008: Conference Day 3

Windows PowerShell & Tips, Tricks, & Foundations for Windows Windows Server Practical Security Windows Automation Troubleshooting Administration Technologies Automating Administrative Tasks: Mr. Windows Server Backups: New Tricks Become a Disk Management Guru Protecting and Securing your Group Storage Solutions Using Microsoft 9:00 - 10:15 a.m. Roboto’s Resource Kit • TP41 for an Old Need • TT42 with Vista and Server 2008 • TF43 Policy Assets • TS44 • Derek Melber Technology • TW45 • Chris McCain • Jeff Hicks • James Conrad • Rhonda Layfield Advanced String Parsing and Regular Group Policy Preferences - Vista’s Current Wireless Attacks and SharePoint Diaries - Learn to Inside Vista’s First Service Pack 10:30 - 11:45 a.m. Expressions in Windows PowerShell LUA Fix and Logon Script Eliminator Countermeasures • TS49 Leverage MOSS • TW50 • TT47 • Mark Minasi • TP46 • Don Jones • TF48 • Derek Melber • Keith Parsons • Rick Taylor Hardening Windows Server 2008 and Automate Your Vista Installations Tricks of the Vista Masters • TT52 Logon Scripting Fundamentals • TF53 Social Engineering • TS54 12:00 - 1:30 p.m. Active Directory • TW55 • TP51 • Rhonda Layfield • J. Peter Bruzzese • Jeff Hicks • Keith Parsons • Mark Minasi 1:00 - 3:00 p.m. Lunch IE7 Deep Dive: Protecting Against Kerberos Fundamentals: How Automating Exchange Server 2007 Windows Vista: The Hidden Truth When and Where to use Virtualization 3:00 - 4:15 p.m. SpyWare, Phishing, & Bad Employees Windows Logon Works • TF58 Management • TP56 • Jeff Hicks • TS59 • Mark Minasi • TW60 • Chris McCain • TT57 • Greg Shields • Don Jones Automating Performance Managing and Monitoring Windows Top Tips for Exchange 2007 • TT62 What’s New in Vista/Server 2008 Sharepoint Security • TS64 4:30 - 5:45 p.m. Management and Collection • TP61 and Active Directory Performance • J. Peter Bruzzese Administration • TF63 • Mark Minasi • Rick Taylor • Greg Shields • TW65 • Rhonda Layfield Sign-upbytheEarlyBirddeadlineofMarch5,2008withpriority Thursday, April 3, 2008: Post-Conference Workshops code:VIPMGandsaveupto$250ontheall-inclusiveGoldPassport. Getting to Know Virtualization with Automating Active Directory Management with Windows PowerShell • TPO1 Empower the Mobile Workforce with Exchange 2007, Windows Mobile 6, and 9:00 a.m. - 1:00 p.m. VMware Virtual Infrastructure Visitusonlineatwww.TechMentorEvents.comor • Jeff Hicks Windows SharePoint Services • TPO3 • Chris McCain call 800-280-6218 for more information. • TPO2 • Greg Shields Network Monitor: What’s on Your Moving at Hyper-V Speed: The Microsoft Virtualization Strategy • TPO6 2:00 - 6:00 p.m. Transitioning Exchange from 2000/2003 to 2007 • TPO4 • J. Peter Bruzzese Wire? • TPO5 • Rhonda Layfield • Chris McCain Agenda is subject to change. In the event of a cancellation, all efforts will be made to replace the session or speaker with one of comparable value. www.TechMentorEvents.com Project4 11/9/07 9:47 AM Page 1 0208red_Roboto53.v4 1/17/08 9:57 AM Page 53

Mr. Roboto Automation for the Harried Administrator | by Jeffery Hicks

Get Answers to Your Storage Questions

ou probably spend more time than you’d like Display a list of extensions and the total size for each extension: keeping an eye on your file servers’ folder get-extensionreport c:\files | where Yutilization. By using Windows PowerShell and a {$_.size -ge 10mb} | sort size –desc Use the Measure-Object cmdlet to few of Mr. Roboto’s PowerShell functions, you can get a get a quick statistical report: get-folderreport c:\files | measure- handle on your file server storage in no time. object size -sum -max -min -average PS C:\> . You can also create a nice graphic if These PowerShell functions take a c:\scripts\powershell\get- you have PowerGadgets installed: folder path as a runtime parameter. You folderreport.ps1 get-extensionreport c:\files | sort can specify either a traditional drive size -desc | select -first 10 | out- letter path or a UNC. You’ll find they This loads the function into the main chart -values Size -label extension run a little faster if you have PowerShell PowerShell session. From this point on, -title "File Type Report C:\Files" installed on your file server. However, you can call the function directly by its Because PowerShell is object based and there’s no reason you can’t use them name. You’ll still be prompted for a my functions emit objects, we have many locally on your desktop and query folder, unless you comment out the end opportunities to leverage this informa- either a UNC or mapped drive. of the script before it’s dot sourced. tion. Want to build a simple HTML The functions I’ve written are in two Your final option is to copy and report for management? Try this: PowerShell scripts. One function— paste each function into your profile. get-extensionreport c:\files | sort Get-ExtensionReport—examines a This will ensure that you always have size -desc | convertto-html -title specified folder and returns the total the function available when Power- “Extension Usage for C:\Scripts” | number of files and total size in bytes for Shell starts. out-file c:\reports\filereport.html each file extension found in the folder If you’re using Windows Vista and and subfolders. The other function— Surfing the Pipeline querying your docs folder, you may get Get-FolderReport—retrieves the same The functions participate in the Power- some “Access denied” errors. This is information (number of files and size) Shell pipeline and create custom objects because of Vista’s junction points.The for every folder and subfolder. with size and count properties. Because functions will continue and you should be The folder report only returns infor- they work this way, you can run Power- able to ignore the messages, and the final mation based on files in the root of Shell expressions like these (all expres- numbers should still be pretty accurate. each folder. It doesn’t add up the sizes sions are single-line commands): If you’ve been looking for a reason to and counts of any nested folders. Both Display a table of file extensions sorted start working with PowerShell this functions will search recursively by by size in descending order: should get you on the right path. If default, but you can disable that by get-extensionreport c:\files | sort you’ve been using PowerShell for a passing $False as the second parameter. size -desc | format-table –auto while, you’ll come up with plenty of The functions also use the Write- Display a table of the top 10 folders other uses for these functions. — Progress cmdlet to display a progress sorted by number of files: bar. This is especially useful when ana- get-folderreport c:\files | sort Jeffery Hicks ([email protected]), lyzing large folder hierarchies. count -desc | select -first 10 | MCSE, MCSA and Microsoft PowerShell The scripts demonstrate the functions. format-table –auto MVP, is a scripting guru for Sapien You could copy and paste each function Technologies. A 16-year IT veteran, he’s into your PowerShell session, but they’d Roboto on Demand written several books, courseware and be gone as soon as the session ended. training videos on administrative Another option is to “dot-source” the Download Mr. Roboto’s scripting and automation. His latest book PowerShell functions at: script. At a PowerShell prompt, type a www.jdhitsolutions.com/scripts. is “WSH and VBScript Core: TFM” period followed by the script’s path: (Sapien Press, 2007).

| Redmondmag.com | Redmond | February 2008 | 53 Project1 1/7/08 12:37 PM Page 1

Get up to speed and down to business. Whether you’re migrating to Windows Server 2008 or just discovering the power of Windows without windows in Windows Server 2008 Server Core, Sybex has the book to get you there.

Find everything you need to master Server Core, This practical book helps you quickly migrate plus a complete command-line reference. to Windows Server 2008.

Available at www.sybex.com or wherever books are sold.

Wiley, the Wiley logo, and the Sybex logo are registered trademarks of John Wiley & Sons, Inc. and/or its affiliates. All other trademarks are the property of their respective owners. 0208red_WinInsider55-56.v6 1/17/08 10:00 AM Page 55

WindowsInsider by Greg Shields A NAP Is Good for Your Health

’ll admit it. I occasionally read Men’s Health magazine. don’t pass the health check won’t be Although their Abs Diet Pro Plan—or whatever they call allowed to communicate with other computers on the network. it from month to month—seems a little silly at times, Server 2008 implements the health I check through a tool called a System there are a few tips they recommend that I take to heart. Health Validator (SHV). The default Like getting enough sleep, for one. My quads or abs might SHV that ships with Server 2008 (see Figure 1) can query Windows Vista or not make it onto a magazine cover, but I’ll gladly be their XP machines for the status of the fire- wall and virus and spyware protection, poster boy for the occasional nap. as well as automatic updates. If a server doesn’t pass any of these tests, NAP will All this talk of sleep and taking a nap and off the network. Those same laptops remand that server to a special network got me thinking about Microsoft’s Net- connect to networks in other companies, where it will work with the client to work Access Protection, or NAP, built public access points like coffee shops and nurse it back to health. into Windows Server 2008. With this in other users’ homes. You’ll immediately notice that the level new technology, computers connected When those laptops are away from of granularity with the default SHV isn’t to your network must prove their your controlled environment for an all that great. While you can configure it health status before they’re allowed full extended period of time, they might to query for presence and functionality access. This goes a long way toward not get the latest anti-virus signatures of anti-virus or anti-spyware applica- solving the problem of a random or patches. Your users might also have tions, the default SHV digs no deeper. infected laptop skirting your external disabled the firewall. Microsoft is working with third- firewall and walking right through the NAP considers this situation party vendors to supply SHVs for front door of your business. “unhealthy” in much the same way Men’s those vendors’ products, presumably Health considers missing your daily nap with greater levels of granularity. The Inside Protection or multi-vitamin to be unhealthy. In a efficacy of NAP will be determined by Think about how this works. Before a network with NAP enabled, systems that which vendors provide SHVs and the computer can talk with others on a net- work, that machine needs an IP address. Typically, getting that IP address involves little more than the computer asking for one from a server. For internal machines, that server might be a DHCP server. For those coming in via VPN, that server might be a remote access server. Using this old method, your servers effectively granted every request for an address—a major security loophole. This was a good thing for the networks of yesteryear. Back then, all we wanted was to ease the process of managing IP addresses. Tools like DHCP were created to do just that. Today’s networks are very different. Users don’t necessarily spend all their time at the same desktop computer in the Figure 1. Windows Server 2008’s default System Health Validator is like a doctor. It same cubicle any more. Laptops come on runs the system health check.

| Redmondmag.com | Redmond | February 2008 | 55 0208red_WinInsider55-56.v6 1/17/08 10:00 AM Page 56

WindowsInsider

extent of their capability to manage network receive addresses from the enforcement with NAP is the most individual configurations. Routing and Remote Access Services secure implementation. (RRAS) role service. Adding NAP Once you’ve completed this configu- Enforcing a NAP forces external machines to prove their ration at the server level, the last step is Once you’ve set a policy that defines health before RRAS connects them to to enable NAP on individual clients. what “healthy” means in your network, the internal network. Windows Vista computers natively the next step is to determine the mech- • TS Gateway enforcement: With include the NAP client. For Windows anism in which it’s enforced. With Terminal Services in Server 2008,you XP,client software is currently being Microsoft’s implementation of NAP in can use TS Gateway. This IPSec-based developed and is expected to be included Windows Server 2008, you can control tool enables secure Terminal Services as a part of Windows XP Service Pack 3. this through one of five ways: sessions over the Internet. Just like an occasional snooze is good • DHCP enforcement: Augmenting • 802.1x enforcement: This method for your personal health, NAP is good DHCP with NAP is the easiest policy of authentication occurs at the individual for the health of your network. Now it’s to configure. This adds the Network network device and requires protocol time to go count some sheep. Policy and Access Services Role to the support to work. Although it’s a more [This article is based on pre-release DHCP server and configures it to complicated configuration, DHCP information.—Ed.]— watch for address assignment. Before enforcement will miss clients with a granting a request for a new address, the manually entered IP addresses. 802.1x Greg Shields ([email protected]), DHCP server will require the client to enforcement can ensure all clients MCSE: Security, CCEA, is an independent submit health information. If they don’t are verified. author, instructor and consultant based in pass the health check, DHCP won’t • IPSec enforcement: Server and Denver, Colo. He’s a contributing editor to give them a production address. Domain Isolation (SDI) can enable a Redmond, MCPmag.com and a popular • VPN enforcement: In the same way secondary computer-to-computer speaker at TechMentor events. His recent book, that DHCP assigns addresses, computers authentication before allowing access to “Windows Server 2008: What’s New/What’s that access the VPN from outside the resources. Combining SDI’s IPSec Changed” (Sapien Press, 2007), is now available.

Use your IT CERTIFICATIONS to accelerate your DEGREE ONLINE.

Microsoft, Sun, Oracle, Cisco, Comp TIA, SAS, PMI, GIAC or (ISC)2 certifications could waive up to 25% of your fully accredited bachelor’s degree with: Call us today at Ñ Flexible ONLINE learning Ñ Up to 9 certifications built in at no extra cost 1-800-219-6689 Ñ Programs in Networks, Databases, Security and Software or visit us online at www.wgu.edu/rdm ONLINE DEGREES IN TECHNOLOGY 0208red_SecAdvisor57-58.v7 1/17/08 10:05 AM Page 57

SecurityAdvisor by Joern Wettern Virtualization Done Differently

irtualization is clearly one of the biggest trends in Making the Magic Work SAV’s promise may sound like magic, enterprise computing today. In most cases, a but there’s solid technology behind it V virtualized environment involves one or more that makes it work. There are three components involved: the SAV instances of an entire OS running on a host computer. Sequencer, the SAV Server and the SAV Client. Creating an app package Microsoft SoftGrid Application even centrally assign applications to spe- for your users begins with the Virtualization (SAV), which the company cific users to track usage for licensing- Sequencer. This component runs on a purchased from Softricity, takes a different monitoring purposes. reference computer, which mirrors a approach. It creates virtual instances of Microsoft touts such management typical client computer. specific applications that make them enhancements as the main advantage of The Sequencer monitors an applica- more manageable and more secure. SAV, but there are important security tion’s installation process and tracks all benefits, too. Because your users can’t files the installation creates, any Playing in a Sandbox make any permanent modifications to changes it makes to OS files and reg- SAV’s goal is to let you run apps without the program files, they’re immune to istry entries and any other system mod- having to install them first, and without virus infections. App patching is a single ifications. It also detects any changes or any permanent impact on the client procedure you can perform centrally access to system files while you’re using computer. Apps run in a virtual sandbox instead of on each client computer. This the program. where they’re isolated from the rest of greatly reduces the time it takes you to Once you’ve finished the installation the computer. The apps still appear and eliminate vulnerabilities. As a result, you and are ready to use the application, the function just like regular, locally installed can spend more time keeping the client Sequencer combines all these settings, programs, and users can create and store OSes up to date. Best of all, your users no including copies of the created files, all documents locally or on a file share. longer need local administrative privi- into an app package (see Figure 1). It There are numerous advantages to this leges just to run one or two programs. copies this package onto the SAV Server. strategy. You know how difficult it can be to maintain multiple apps and applica- tion suites across a large number of com- puters. Some programs require users to have admin privileges because they insist on writing to a system folder or registry key. Incompatibilities among programs present another problem, as does the license tracking. SAV nicely resolves all of these issues by giving each program its own independent sandbox where it’s iso- lated from other programs and the OS. SAV does this by making the apps available from a server so they don’t need to be installed and patched on each computer. Because they each remain in their separate environment, no one needs local admin privileges to use them. Programs also run independently of each other, thus eliminating nasty Figure 1. The SoftGrid Application Virtualization management console lets you customize and assign packages. interactions or incompatibilities. You can

| Redmondmag.com | Redmond | February 2008 | 57 0208red_SecAdvisor57-58.v7 1/17/08 10:05 AM Page 58

SecurityAdvisor

From there, you use a management monitor this process on the reference name. MAV version 4.5 will not only console to moderate permissions for computer and patch the application have a slightly different name, it will look using the application, as well as cus- package. The next time a user starts the more like other Microsoft apps, scale tomizing applications as needed. application, the SAV Client will auto- better and sport a number of additional The real workhorse of this entire matically download and use features and improvements For additional process is the SAV Client. This compo- the patched version. resources, go to to make it more usable. It’s nent runs on client computers and cre- Redmondmag.com. scheduled for release in the ates the shortcuts and menu items you’ve Getting Virtual FindIT code: third quarter of this year and previously defined on the server. When a Microsoft doesn’t list SAV in Advisor0208 the public 4.5 beta version is user clicks on one of them to start a pro- its regular product catalog. It’s available for download at gram, the SAV Client starts downloading available now only to customers with a http://connect.microsoft.com the app from the server. To conserve Software Assurance (SA) subscription. If (registration is required). bandwidth, it only downloads the files you’ve purchased SA, you can get an If you don’t have an SA agreement, needed at any given time. If an applica- add-on license that lets you use SAV. keep an eye on Microsoft Application tion needs a previously unused file like a You may still have to look hard for it, Virtualization to see when Microsoft DLL, the client will fetch it as needed. though. SAV is hidden deep inside the will make it more widely available. — Once the application is running, the Microsoft Desktop Optimization Pack SAV Client makes it believe it’s actually (MDOP), which SA customers can Joern Wettern ([email protected]), installed on the computer. The client download. (The MDOP also contains Ph.D., MCSE, MCT, Security+ is the owner monitors all access to files and other other useful tools for software inventory, of Wettern Network Solutions, a consulting resources and transparently redirects the Group Policy management, system and training firm. He’s written books and application to its virtual environment so recovery and error monitoring.) developed training courses on a number of the local OS remains unaffected. Make sure you look for Microsoft networking and security topics, in addition Whenever you have to patch an appli- Application Virtualization (MAV), as to regularly teaching seminars and cation, you can use the Sequencer to Microsoft is dropping the SoftGrid speaking at conferences worldwide. A Clear View into Vista

Three new O’Reilly books shine light into every nook, cranny, setting and feature of Vista so you can solve problems, work around the quirks, customize this operating system to fit your needs, and get it to perform Windows Vista: Windows Vista Annoyances Windows Vista in a Nutshell The Definitive Guide Vista contains enough quirks, This reference thoroughly doc- better than Microsoft This guide has everything you unaccountable behavior, and uments every important Vista expected. Written by need to customize Windows bad design to vex anyone. setting and feature, with alpha- Windows experts, these Vista, master your digital media, Why suffer? David Karp of betical listings for hundreds manage your data, and main- Annoyances.org offers a wide- of commands, windows, books are an administrator’s tain your network. Windows ranging collection of solutions, menus, listboxes, buttons, best friends. expert William Stanek provides hacks, and timesaving tips for scrollbars and other elements. each step and tells you how working around the most ir- .NET expert Preston Gralla offers features work, why they work, ritating features—from file separate references for the user and how you can adapt them management and media pro- interface, file system, network, to meet your needs. grams to performance, net- hardware, security, mobility, working and security. multimedia, and command prompt.

Spreading the knowledge of innovators www.oreilly.com Project3 12/14/07 11:36 AM Page 1

$>F?NCG?CMNB?>?PCFZMJF;SALIOH> VOJAL;>?; Z >CM=IH $G?;HV

2 Z- *(+' / '4 *!!'$) 

.IG?IH?ZMAICHANIFIM?BCM $@$>IHZNA?NGS?G;CF DI<C@C>IHZNA?NOJ>;N?> @CR?> $ZGHINAICHANI HOGIFOH=B

ON$>IHZNFCE?QB?H NB?>?PCFLOCHML?=?MM

.I$AINIQILE

$H>C;HILBCH?M? $ZGMGIP?;N ;CHAMJ??> ?=;OM? HIS G?MM?MQCNBFOH=B

H>$G;E?NB? CGJIMMC

San Francisco S Moscone Center West 9

March 30 –April 3, 2008 ® M

Register for a Gold Passport by March 5, 2008 Save $200 and receive a complimentary copy of Visual Studio 2008 11 on-site in The Premier .NET San Francisco! Developer Event Returns T to San Francisco

11

2008 marks the 15th Anniversary of VSLive!, and we’re kicking the year off with our biggest conference of the year–VSLive! San Francisco.

Join Microsoft insiders and industry veterans at San Francisco’s Moscone Center West for five days of hard-hitting sessions and all new and updated content. VSLive! is now bigger than ever, as the 2008 conferences will be W co-located with TechMentor−Redmond Magazine’s official training conference for Windows professionals. Choose the all-access Gold Passport and get unlimited access to both VSLive! and TechMentor San Francisco.

VSLive! San Francisco Brings You: • Informative keynotes from major industry players • In-depth pre- and post-conference workshops on essential development topics • Total coverage of both existing and emerging technology, including: .NET 3.0 & 3.5, AJAX and Atlas, LINQ, ASP.NET, C# 3.0, Team System, Silverlight, WWF, WCF, languages, debugging, and more • The most relevant, up-to-date content on Visual Studio 2008 and SQL Server 2008 • Tips and tricks to make the technology you use today work for you • Virtual tracks on Black Belt and Best Practices sessions • The hottest new developments in add-on tools from leading vendors • Professionals from around the world to network with, and much more

Sign-up by the Early Bird deadline of March 5, 2008 with priority code: VIPMG and save up to $250 on the all-inclusive Gold Passport. Visit us online at www.vslive.com or call 800-280-6218 for more information. T

Presented By 9 Project2 1/3/08 12:12 PM Page 2

Get the Competitive Edge You Need at VSLive! San Francisco • Agenda-At-a-Glance Sunday, March 30, 2008: Pre-Conference Workshops

WPF and Silverlight: A Pragmatic Introduction Windows Workflow: A Gentle Introduction VSTS 2008 for the Busy Developer • VPR1 LINQ - One Query Syntax to Rule Them All • VPR4 9:00 a.m. - 6:00 p.m. • VPR2 • VPR3 Brian Randell Don Demsak Billy Hollis Ken Getz & Robert Green ® Monday, March 31, 2008 old 9:00 - 10:00 a.m. Keynote: Breakthrough Software Development Challenges with Visual Studio 2008 Jason Zander .NET Day

8 ALM and Development Process Tools and Languages Web eive Visual Studio 2008: RAD for Today’s Line of Building a Real-world Web App with Visual Studio 2008 and the .NET 10:15 - 11:30 a.m. A Lap Around Visual Studio Team System 2008 y Business App Developer Framework 3.5 Visual Studio 2008: Leveraging the Office Platform 11:45 a.m. - 12:45 p.m. Improving Team Development Introduction to the New ASP.NET Model View Controller (MVC) Framework 008 and VS2008 to Build Office Business Apps 12:30 - 3:00 p.m. Lunch ! Visual Studio 2008: LINQ Deep Dive and Best 3:00 - 4:15 p.m. Create Better Software Developing Data-driven Apps Using ASP.NET Dynamic Data Controls Practices Building Service Oriented Apps with WCF and 4:30 - 5:45 p.m. The Future of Application Lifecycle Management from Microsoft Developing Cross-platform Silverlight 1.1 Apps with Visual Basic and C# The Premier .NET Visual Studio 2008 Tuesday, April 1, 2008

9:00 - 10:00 a.m. Keynote: TBD Developer Event Returns ASP.NET Live! Server System Live! VSTS Live! Core .NET Live! What’s New in Visual Useful Evolution: Introduction to Using and Extending Creating Facebook Studio 2008 for Programming the New Essential SharePoint Mastering MSBuild TBD • VT6 Windows Workflow the Typed DataSet and Apps Using .NET • VA1 ASP.NET Developers? Features in SQL Server Development • VS4 • VT5 10:15 - 11:30 a.m. Foundation • VC7 TableAdapter • VC8 Jeffrey McManus • VA2 2008 • VS3 Mark Michaelis Walt Ritscher Michael Stiefel Jackie Goldstein BP to San Francisco Ken Getz Leonard Lobel Demystifying URL Windows Presentation Securing User Identity Top 10 T-SQL features SharePoint 2007 Data Enhancements Rewriting and HTTP Team Build 2008 Unit Testing .NET 3.0 Foundation (WPF): Build Using Windows in SQL Server 2008 Forms and Workflow in Visual Studio 2008 Modules & Handlers • VT13 Apps with VSTS • VT14 a WPF App in an Hour 11:45 a.m. - 1:00 p.m. CardSpace • VA9 • VS11 • VS12 • VC16 • VA10 Brian Randell Mark Michaelis • VC15 Robert Hurlbut Vineet Rao Bill Wolff Robert Green Miguel Castro BB Ken Getz 12:45 - 3:00 p.m. Lunch Pragmatic VS Tools and Making Query Building Client Apps Development and Techniques for Data-Driven ASP.NET Working with Silverlight Performance Rock- that Work with Efficient SCM with TFS Investigating LINQ over Testing with Visual Distributed Data Ajax • VA17 • VA18 Solid with SQL Server SharePoint Lists - Best Practices • VT21 XML • VC23 3:00 - 4:15 p.m. Studio Team Test Access in VS 2008 2008 • VS19 • VS20 BP Jeffrey McManus Walt Ritscher Jeff Levinson • VT22 Ken Getz • VC24 Torsten Grabs Robert Green Mark Michaelis BP Jackie Goldstein

Building the 25 Billion Leveraging Web 2.0 Building Custom Code Visual Studio Team Protecting your Introduction Creating Advanced Silverlight, SOA and Row Data Warehouse within SharePoint 2007 Generation Tools for System Worst Downloadables using to Silverlight Custom Windows Objects • VA25 with SQL Server 2008 - the SharePoint Visual Studio 2005 Practices • VT30 4:30 - 5:45 p.m. HttpHandlers • VA26 Programming • VC31 Forms Controls • VC32 Rockford Lhotka • VS27 Mash-up • VS28 • VT29 Richard Hundhausen Miguel Castro Jesse Liberty Walt Ritscher BB Torsten Grabs Bill D. Baldasti Leonard Lobel BP 5:30 - 7:30 p.m. Exhibitor Reception 8:00 p.m. Midnight Madness Wednesday, April 2, 2008

ASP.NET Live! Server System Live! VSTS Live! Core .NET Live!

Managing Software Introduction to Introducing the SQL Server 2008 Programming the Essential Web Testing Releases with Visual Creating Custom WCF More Best Kept Secrets ASP.NET 3.5 Web Parts ASP.NET MVC Reporting and Office 2007 Open XML with Visual Studio Studio Team System Behaviors • VC39 in .NET • VC40 9:00 - 10:15 a.m. • VA33 Framework • VA34 Dashboards • VS35 File Formats • VS36 Team System • VT38 • VT37 Rob Daigneau BB Deborah Kurata Russ Nemhauser Jonathan Goodyear Bill Wolff Ken Getz Mark Michaelis Chris Menegay BP

LINQ to SQL (DLINQ) Excel and Excel Turn Your Word Team Foundation Generics, Anonymous Exploring the AJAX Intermediate Silverlight Load Testing Your for ADO.NET Services as a BI Documents into Front Server - Integrate or Methods, and Control Toolkit • VA41 Programming • VA42 ASP.NET Apps • VT46 Developers • VC47 10:30 - 11:45 a.m. Platform • VS43 Ends for Data • VS44 Migrate? • VT45 Delegates • VC48 BB BB Robert Boedigheimer Jesse Liberty Chris Menegay Richard Hale Shaw BP Andrew Brust Robert Green Richard Hundhausen BP Deborah Kurata

Customizing the Exploiting the ASP.NET Intro to Developing Office Microsoft ASP.NET Parallel Development in Build Better Apps with Exploit WPF Graphics Doing Something Adapter Architecture PerformancePoint Business Apps: From MVC Framework Team Sytem • VT53 VSTS for Database without Wounding the Useful with Enterprise 12:00 - 1:15 p.m. • VA49 Server Monitoring and the Client to Server and • VA50 Richard Hundhausen Professionals • VT54 Eyes • VC55 Library 3.0 • VC56 Robert Boedigheimer Analytics • VS51 Beyond • VS52 Jonathan Goodyear BP Jeff Levinson BP Brian Noyes BP Benjamin Day BP BB Andrew Brust Steve Fox 1:00 - 3:00 p.m. Lunch App Development Stop Getting Practical DLinq - NTier Service Development Workfl owServices Build Composite UI The Joy of Build Best Practices for SQL De-mystifying TFS Outsourced—Use Web App Development and Integration with Using WCF and WWF Apps with CAB and Providers • VA57 Server 2008 Service Reporting • VT61 Software Factories 3:00 - 4:15 p.m. • VA58 BizTalk • VS60 • VC63 SCSF • VC64 Russ Nemhauser BB Broker • VS59 Benjamin Day BB • VT62 Perry Birch Kent Brown BB Michael Stiefel BB Brian Noyes Ketan Duvedi BP Kevin McNeish Integrated Full-Text Win & Web App Creating iPhone Apps Working with BizTalk Asynchronous Reflection in .NET: Search in SQL Server Beyond VSTS 2008: Extreme Database Installers with WiX with ASP.NET Ajax Enterprise Service Bus Messaging Patterns Hacking and Futzing 2008 • VS67 Rosario • VT69 Professionals! • VT70 4:30 - 5:45 p.m. • VA65 • VA66 Guidance • VS68 with WCF • VC71 With IL • VC72 Fernando Azpeitia Brian Randell Jeff Levinson BB Benjamin Day Jeffrey McManus Kent Brown BB Rob Daigneau Jason Bock BB Lopez Thursday, April 3, 2008: Post-Conference Workshops

Order from Chaos: Leveraging .NET 2.0 Building Apps with Windows Workflow Getting the Most Mileage out of Team System: SQL Server 2008 for Developers • VPO4 9:00 a.m. - 6:00 p.m. to 3.5 • VPO1 Foundation • VPO2 A Developer’s Perspective • VPO3 Andrew Brust & Leonard Lobel Rockford Lhotka Michael Stiefel Benjamin Day BP = Best Practices BB = Black Belt www.vslive.com/sf Agenda is subject to change. In the event of a cancellation, all efforts will be made to replace the session or speaker with one of comparable value. Orlando May 12–16, 2008

GGetet Real-worldReal-world TTechnicalechnical TTrainingraining aatt TTechMentorechMentor OrlandoOrlando

TechMentor returns to Orlando May 12-16, 2008 with more great technical content, more TechMentor—Techniques knowledgeable and accessible instructors, more pre- and post-conference workshops, more You Can Use TODAY... pricing packages to choose from, and a brand new location - The Royal Pacifi c Resort at Technologies That Prepare Universal Orlando®. You for TOMORROW... Expect over 180 hours of hard-hitting technical and strategic content over fi ve days with fi ve tactical and strategic tracks to choose from, including: Windows PowerShell & Administrative Automation, Windows Server Technologies, Fundamentals for Windows Administration, Practical Security, and Tips, Tricks, and Troubleshooting. And TechMentor is now bigger than ever as the 2008 conferences will be co-located with VSLive!—the premier conference for .NET developers.

Bring the family and make your time at TechMentor Orlando even better The luxurious Royal Pacifi c Resort, home to all TechMentor sessions and activities, is a perfect retreat with pampering for parents and exciting, kid- friendly adventures. Spend your days in Orlando meeting industry gurus, networking with other IT professionals, and learning tips and techniques that you can use today while you discover technologies that will prepare you for the future. Spend your nights enjoying all that Orlando has to offer, including Universal Studios Florida®, Universal’s Islands of Adventure®, Universal CityWalk®, and so much more…

All TechMentor Orlando attendees can enjoy a special rate of just $199/night at the Royal Pacifi c Resort at Universal Orlando®

Bring the Family and Mix Business with Pleasure

CCallall 8800-280-621800-280-6218 todaytoday oror visitvisit usus onlineonline aatt wwww.techmentorevents.com/orlandoww.techmentorevents.com/orlando RRegisteregister bbyy FFebruaryebruary 27th27th andand SAVE $300 Use priority code “TORMG” 0208red_Index63.v1 1/17/08 3:51 PM Page 63

AdvertisingSales RedmondResources

AD INDEX Advertiser Page URL AppDev Training 10 www.appdev.com AvePoint, Inc. 43 www.avepoint.com BeyondTrust Corporation 14 www.beyondtrust.com Business Objects 3 www.businessobjects.com Computer Associates 34, 35 www.ca.com Dell Computer Corp. C4 www.dell.com Dell Computer Corp. 36 sqlserverbeta.com Diskeeper Corporation 13 www.undelete.com Diskeeper Corporation 47 www.diskeeper.com Northwest East ESET 7 www.eset.com GFI C3 www.gfisoftware.com Bruce Halldorson IBM Corporation 5, 19, 21, 23, 25 www.ibm.com Northwestern Regional Sales JD Holzgrefe Director of Advertising, East iTripoli, Inc. 52 www.itripoli.com Manager 804-752-7800 tel CA, OR, WA KACE Networks, Inc. 44 www.kace.com 253-595-1976 fax 209-333-2299 tel Lucid8 31 www.lucid8.com [email protected] 209-729-5855 fax Microsoft Corporation 49 www.microsoft.com [email protected] Matt Morollo NetSupport, Inc. 11 www.netsupport-inc.com VP, Publishing O’Reilly Media 58 www.oreilly.com So Cal/Central 508-532-1418 tel Special Operations Softwa 29 www.specopssoft.com Amy Winchell 508-875-6622 fax StoreVault 8 www.storevault.com So Cal/Central Regional Sales [email protected] Sunbelt Software 41 www.sunbelt-software.com Manager TechMentor Orlando 62 www.techmentorevents.com CA, OR, WA TechMentor San Francisco 50, 51 www.techmentorevents.com 949-265-1566 tel IT CERTIFICATION & The Training Camp 59 www.trainingcamp.com [email protected] TRAINING: USA, EUROPE UltraBac Software C2 www.ultrabac.com Al Tiano VSLive Orlando 33 www.vslive.com Advertising Sales Manager VSLive San Francisco 60, 61 www.vslive.com Danna Vedder 818-734-1520 ext. 190 tel Western Governors Univers 16, 56 www.wgu.edu Microsoft Account Manager 818-734-1529 fax Wiley Publishing 54 www.wiley.com 253-514-8015 tel [email protected] 775-514-0350 fax [email protected] EDITORIAL INDEX PRODUCTION Company Page URL Adobe Systems Inc. 64 www.adobe.com Mary Ann Paniccia Advanced Micro Devices Inc. 30 www.amd.com VP, Print & Online Production SALES STAFF Apple Inc. 10, 64 www.apple.com Tanya Egenolf Serena Barnes ASUSTeK Computer Inc. 10 www.asus.com Advertising Sales Associate Production Coordinator Autonomy Corp. 46 www.autonomy.com 760-722-5494 tel 818-734-1520 ext. 164 tel Business Objects SA 48 www.businessobjects.com 760-722-5495 fax 818-734-1528 fax Cognos Inc. 48 www.cognos.com [email protected] [email protected] Coveo Solutions Inc. 46 www.coveo.com Dieselpoint Inc. 46 www.dieselpoint.com Diskeeper Corp. 15 www.diskeeper.com CORPORATE ADDRESS America $64.95. Subscription inquiries, eIQnetworks Inc. 20 www.eiqnetworks.com 1105 Media, Inc. back issue requests, and address 9121 Oakdale Ave. Ste 101 changes: Mail to: Redmond, P.O. Box EMC Corp. 48 www.emc.com Chatsworth, CA 91311 2063, Skokie, IL 60076-9699, email Endeca Technologies Inc. 46 http://endeca.com [email protected] or call (866) 293- www.1105media.com Exalead SA 46 www.exalead.com 3194 for U.S. & Canada; (847) 763-9560 Fast Search & Transfer (FAST) 46 www.fastsearch.com MEDIA KITS: Direct your Media Kit for International, fax (847) 763-9564. requests to Matt Morollo, VP, Publishing, POSTMASTER: Send address changes to Google Inc. 12, 46 www.google.com 508-532-1418 (phone), 508-875-6622 Redmond, P.O. Box 2063, Skokie, IL Groxis Inc. 46 www.grokker.com 60076-9699. Canada Publications Mail (fax), [email protected] Haley & Aldrich Inc. 45 www.haleyaldrich.com Agreement No: 40612608. Return Unde- REPRINTS: For all editorial and advertising liverable Canadian Addresses to Circula- IBM Corp. 32 www.ibm.com reprints of 100 copies or more, and digital tion Dept. or Bleuchip International, P.O. Intel Corp. 30 www.intel.com (web-based) reprints, contact PARS Box 25542, London, ON N6C 6B2. ISYS Search Software 46 www.isys-search.com International, Phone (212) 221-9595, Lenovo 10 www.lenovo.com e-mail: [email protected], web: © Copyright 2008 by 1105 Media, Inc. All www.magreprints.com/QuickQuote.asp rights reserved. Printed in the U.S.A. MEDmarketplace.com Inc. 48 www.medmarketplace.com Reproductions in whole or part prohibited NetPro Computing Inc. 20 www.netpro.com LIST RENTAL: This publication’s sub- except by written permission. Mail Northern Light Group LLC 46 www.northernlight.com scriber list, as well as other lists from 1105 requests to “Permissions Editor,” c/o RED- Open Text Corp. 48 www.opentext.com Media, Inc., is available for rental. For MOND, 16261 Laguna Canyon Road, Ste. more information, please contact our list 130, Irvine, CA 92618. Research in Motion Ltd. 22 www.rim.net manager, Merit Direct. Phone: 914-368- Samsung 10 www.samsung.com The information in this magazine has not 1000; E-mail: [email protected]; SearchBlox Software Inc. 46 www.searchblox.com Web: www.meritdirect.com/1105 undergone any formal testing by 1105 Media, Inc. and is distributed without any SearchInform Technologies 46 www.searchinform.com Redmond (ISSN 1553-7560) is published warranty expressed or implied. Imple- Shavlik Technologies LLC 20 www.shavlik.com monthly by 1105 Media, Inc., 9121 Oakdale mentation or use of any information con- Siderean Software Inc. 46 www.siderean.com tained herein is the reader’s sole Avenue, Ste. 101, Chatsworth, CA 91311. Sun Microsystems Inc. 32 www.sun.com Periodicals postage paid at Chatsworth, responsibility. While the information has CA 91311-9998, and at additional mailing been reviewed for accuracy, there is no The Mozilla Foundation 64 www.mozilla.org offices. Complimentary subscriptions are guarantee that the same or similar results Thunderstone Software LLC 46 www.thunderstone.com sent to qualifying subscribers. Annual may be achieved in all environments. Vivisimo Inc. 46 http://vivisimo.com subscription rates for non-qualified sub- Technical inaccuracies may result from WebTrends Inc. 48 www.webtrends.com scribers are: U.S. $39.95 (U.S. funds); printing errors and/or new developments Canada/Mexico $54.95; outside North in the industry. This index is provided as a service. The publisher assumes no liability for errors or omissions.

| Redmondmag.com | Redmond | February 2008 | 63 0208red_Foley64.v6 1/17/08 10:07 AM Page 64

FoleyOnMicrosoft by Mary Jo Foley

The White Elephant in the Room?

ou know the old story about the blind men and the If it does, Silverlight will get a huge marketshare boost. elephant: Even as a group, a bunch of blind men • Microsoft’s Live Labs team is devel- Ycouldn’t figure out—much less agree upon—what a oping a number of fast-tracked technolo- gies that are built on Silverlight. Ditto tail, plus a head, plus an ear, plus tusks, etc., ultimately with the still-secret Windows Live Core team, which is working on the fabric that comprised. I think Microsoft’s Silverlight is the elephant and truly allows users to sync their data across all kinds of devices and cloud services. we Microsoft pundits, customers, part- some interesting prototypes, such as the • Speaking of futures, there also seems ners and competitors are laboring, so far Microsoft-Jackson Fish co-developed to be some kind of connection between unsuccessfully, to piece together all the Tafiti search engine that’s built on top “Astoria,” Microsoft’s forthcoming tech- clues that will tell us exactly what it is. of Silverlight. nology for exposing data as a service, and For brevity’s sake, Silverlight is often But Silverlight has even broader Silverlight. Again, what that looks like described as Microsoft’s competitor strategic importance to Microsoft. and means is still fuzzy, at least to me. to Adobe’s Flash. Microsoft’s more Ponder these points: • Microsoft’s developer division is marketing-massaged definition: • Silverlight (starting with the still-to- working on a family of Visual Studio “Microsoft Silverlight is a cross- be-delivered 2.0 version) will include a 2008 extensions, known as “Silverlight browser, cross-platform plug-in for micro version of the Common Lan- Tools for Visual Studio 2008,” that will provide the kind of dev tools program- Silverlight will include a micro version of the Common Language mers need to write Silverlight applica- tions. (The Microsoft Expression family Runtime (CLR), which is the heart of .NET, ... so Silverlight will of “designer” tools isn’t sufficient here, become Microsoft’s way to distribute .NET through the back door. as some developers have noted.) I asked Microsoft execs whether the company was contemplating using delivering next-generation media guage Runtime (CLR), which is the Silverlight as a way to distribute appli- experiences and rich interactive appli- heart of .NET. Silverlight will run on cations like Word, the way Adobe is cations for the Web.” I believe what Mac and Linux systems, as well as with doing with Buzzword. Interestingly, I Microsoft means by “experiences” and non-Microsoft browsers like Safari and got a no comment, not a denial. “applications” is far bigger and wider- Firefox, so Silverlight will become Although this sounds like pie in the sky ranging than most of us Redmond Microsoft’s way to distribute .NET right now, I wouldn’t be surprised to see watchers have yet understood. through the back door. Silverlight ultimately become Last year’s Microsoft MIX conference • There’s been much speculation about Microsoft’s Web client environment of was all about Silverlight. This year’s whether Microsoft will For more on choice—its 2.0 alternative to MIX08 event, which will take place integrate Silverlight with Silverlight and the the current fat-client in March, is shaping up once again to be Internet Explorer (IE) upcoming MIX08 Windows and Office combo. heavily Silverlight-focused. Sessions on 8.0. (Many expect beta 1 conference, go to What do you think Microsoft’s Silverlight Streaming host- of IE8 to debut at Redmondmag.com. Microsoft will do with FindIT code: Foley0208 ing service; the forthcoming Silverlight MIX08.) While Silverlight—in the near-term 2.0 release; and Silverlight programming Microsoft’s competitors—as well as and way out there? — techniques for Python and Ruby pro- antitrust watchdogs here and abroad— grammers are all on the docket. would likely scream bloody murder if Mary Jo Foley ([email protected]) Microsoft has convinced some major Microsoft does this, I’m betting is editor of the ZDnet “All About Microsoft” Web sites, like NBA.com, to use and Microsoft finds a loophole by shipping blog and has been covering Microsoft for distribute Silverlight. And it has shown Silverlight “with,” rather than “in,” IE8. about two decades.

64 | February 2008 | Redmond | Redmondmag.com | Project1 1/2/08 9:23 AM Page 1

One product. Five defenders. Five anti-virus engines. One choice.

Enhance your email defenses today with GFI MailSecurity

Complete email security with up to five anti-virus engines for Exchange/SMTP/Lotus

No single anti-virus vendor scanner is the BEST and can stop ALL viruses. To obtain maximum security, you need GFI MailSecurity which uses not one, but up to five virus scanners to check all company email, with limited or no effect on network and server performance.

GFI MailSecurity is better priced than most single anti-virus engine solutions on the market. With multiple anti-virus engines you:  React fastest to the latest virus threats by receiving the quickest virus signature updates  Take advantage of all their strengths because no single anti-virus scanner is the BEST  Virtually eliminate the chances of an infection.

Download your FREE trial version from www.gfi.com/mre/

tel: +1 (888) 243-4329 | fax: +1 (919) 379-3402 | email: [email protected] | url: www.gfi.com/mre/ Project14 12/11/07 3:44 PM Page 1