Insider: Event Log Advantage Forensics 49 68 54 54 Project3 8/7/06 10:15 AM Page 1

0906red_Cover.v5 8/15/0610:37AMPage1

SEPTEMBER • $5.95 Google vs. Microsoft: WhoseSoftware IsBest? Google vs. Microsoft: WhoseSoftware IsBest? a Raise! Time for a Raise! Time for 09 > up. Isyours? shows pay going Salary survey

7125274 867 27 36 ETME 06WWW.REDMONDMAG.COM SEPTEMBER 2006 + Novell andtheAttacker’s Insider: Event Log Advantage Forensics 49 68 54 54 Project3 8/7/06 10:15 AM Page 1

Make desktops available the easy way. Centrally enable users to access their applications and information from WhyWhy dragdrag andand dropdrop desktops…desktops… any desktop with whenwhen youyou cancan pointpoint andand click?click? Desktop Authority. • Deploy Applications • Map Drives and Printers • Configure Office Settings SaveSave thethe backachebackache –– downloaddownload • Manage Power Schemes DESKTOPDESKTOP AUTHORITY.AUTHORITY. • And MUCH more!

DOWNLOAD FREE Eval! an eval for a www.scriptlogic.com/available chance to win a 60GB iPod! Contest ends Sept. 30. Point. Click. Done! Project3 8/7/06 10:17 AM Page 1

Make them With Desktop Authority, feel right at Any desktop is their desktop – home at any and always available. workstation! By centralizing your desktop management, your users consistently get their desktop – no matter where they log on. Desktop Authority gives you: COMPREHENSIVE DESKTOP CONFIGURATION Manage and deploy every aspect of your users’ desktops HARDWARE AND SOFTWARE INVENTORY Centrally maintain and report on inventory with built-in and custom reporting VULNERABILITY SECURITY Protect against threats with patching and anti-spyware options REMOTE SUPPORT Remotely manage and control desktops from any Java-enabled browser

DOWNLOAD a FREE, fully functional trial version at www.scriptlogic.com/available DOWNLOAD an eval for a Point. Click. Done! ©2006 ScriptLogic Corporation. All rights reserved. ScriptLogic, the ScriptLogic logo, and Desktop Authority are registered trademarks of ScriptLogic Corporation chance to win a in the United States and/or other countries. The names of actual companies and www.scriptlogic.com products mentioned herein may be the trademarks of their respective owners. 60GB iPod! 1-800-424-9411 iPod giveaway rules can be found at www.scriptlogic.com/ipodrules. Contest ends Sept. 30. Project1 8/3/06 9:22 AM Page 1

SMB? Meet EMC. EMC® Insignia — made for Small and Medium Businesses

EMC brings its leadership in storage and information management Backup & Recovery to businesses with 20 to 200 employees. EMC Insignia software and Software hardware products allow you to confidently store, manage, protect, Storage Storage and share your vital business information. Management Hardware Software Storage Hardware Replication ® Install trusted storage. Move up to an Every minute counts. EMC RepliStor Replication Collaboration EMC CLARiiON® AX disk array. SMB Edition ensures no data is lost Software Software when a server goes down. Storage Management New! Retrospect 7.5 Get a clear view into how storage is Collaboration Faster performance, less management. being used and manage your storage A winning team works together. Users can now recover their own files. for greater efficiency with EMC EMC eRoom™ SMB Edition creates Upgrade today at VisualSRM™ SMB Edition. secure web-accessible workspaces. www.emcinsignia.com/upgrade

Backup & Recovery Data recovery matters when bad things happen. EMC Retrospect®: self-adjusting backup operations, AES encrypted backups.

EMC Insignia.The right products when your information matters.

To learn more about EMC Insignia products and solutions, visit www.emcinsignia.com

EMC2, EMC, CLARiiON, Retrospect, RepliStor, and where information lives are registered trademarks and eRoom, and Visual SRM, are trademarks of EMC Corporation. © Copyright 2006 EMC Corporation. All rights reserved. 0906red_TOC_1.v4 8/15/06 11:23 AM Page 1

SEPTEMBER 2006 WWW.REDMONDMAG.COM

Winner for Best Computer/Software Magazine 2005 RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY

COVER STORY REDMOND REPORT In the Money— 9 Microsoft Bets Big IT Salaries on the Live Era Ballmer, Ozzie pledge to Rise Again deliver innovative services- enabled software. Salaries have gone up for the 10 Vista: The Clock Is Ticking third time in as many years, Can Microsoft zap enough bugs to according to the 11th annual make its promised ship date? survey of compensation and benefits. So, are you getting 12 The Low Down what you deserve? Summer of Lockdown: Securing files, e-mails, Web sites and crazy soccer fans is a tall order. Page 36 14 Beta Man HTTP Traffic Cop: Major enhancements to ISA Server 2006 FEATURES include better bandwidth controls and improved networking. 49 The Attacker’s Advantage As Novell emerges as a Linux 16 Better Late Than Never? powerhouse, CEO Ron Hovsepian Latest build of Vista impresses, but sets his sites on Microsoft. did it arrive too late? COLUMNS 4 Barney’s Rubble: Doug Barney Page 49 Glutton for Market Share 35 Mr. Roboto: Don Jones 54 Cyberspace Battle Group Therapy Royale: Google vs. 67 Never Again: Barry McBride Microsoft Time Is Money We put these rivals’ tools to the test in a win, lose or draw 68 Windows Insider: Greg Shields contest. The overall winner Spend Less Time Looking for Logs might surprise you. 75 Security Advisor: Joern Wettern Do You Need an SSL VPN? Page 54 80 Foley on Microsoft: Mary Jo Foley PHOTO BY GEOFF STEIN Microsoft Bloggers: A Who’s Who REVIEWS ALSO IN THIS ISSUE

21 Last Line of Defense 25 Redmond Roundup 2 Redmond Magazine Online You set the policy, Endforce Cover Your Assets ensures that it’s followed. Get a grip on your network with 6 [email protected] the right asset management tool. 79 Ad and Editorial Indexes

COVER PHOTO ILLUSTRATION BY JUAN ALVAREZ 0906red_OnlineTOC_2.v4 8/15/06 11:03 AM Page 2

Redmondmag.SEPTEMBERcom 2006

Redmondmag.com Exclusive Questions with ... John Is Microsoft’s SAM Just a Powers, Shakedown in Disguise? Digipede Technologies CEO hat’s what our Redmond Negotiator columnist and licensing guru Scott This month we spoke TBraden is starting to wonder. In his latest column on Redmondmag.com, with John Powers Braden shares that while he used to have hope for this program, the way it’s about the state of grid being implemented is raising some serious red flags. computing today “Based on what we were told about SAM [Software Asset Management], it (FindIT code: RRadio): seemed like a great idea. Basically, Microsoft certified a select group of partners who understand the ins and outs of Microsoft licensing, along with the best prac- Grid computing—what’s in it for the tices involved in good software asset management,” he says. business world? However, according to Braden, there’s several problems Greater application performance, new with the way the program is being implemented. revenue opportunities and lower costs, “Microsoft is data mining its purchase-history databases, all within a familiar environment. looking for customers whose purchase history doesn’t match up with their size, or their number of PCs or servers If you pair grid computing with …. [However], Microsoft’s purchase history records are very virtualization—what do you get? incomplete. Retail shrink-wrap sales, many OEM licenses, Tremendous flexibility for deployment even Select or Open volume licenses can easily be missed of scalable applications in businesses Scott Braden in the data mining. So even if you’re completely legal and warns about of all sizes. in compliance, you may still turn up on the target list as a SAM in his recent, online likely candidate.” Redmond Describe one creative scenario for If you’re picked, Microsoft will send out a SAM Partner Negotiator grid computing: column. to act as a consultant—according to Braden, this process FindIT code: An event organizer hosting a Web por- can easily turn into more of an audit. “What happens if SAMShake tal for customers, vendors and event you just say no? Will an involuntary audit be the next coordinators scales out a reporting step? If so, isn’t it more accurate to describe these initial conversations as application behind their Web server to ‘settlement negotiations?’” enable more simultaneous users. Find out more about why Braden changed his mind about SAM and what he recommends you do if contacted by a SAM Partner. FindIT code: SAMShake FACTOID REDMONDMAG.COM RESOURCES Number of Redmond Salary Survey 1 respondents who Resources Enter FindIT Code out expect their next >> Daily News News raise to be $5,000 >> of E-Mail Newsletters Newsletters or more. >> Free PDFs and Webcasts TechLibrary >> Salary Survey Extended PDF Subscribe/Renew Subscribe 5 FindIT code: 2006SalPDF >> Your Turn Editor Queries YourTurn REDMOND MEDIA GROUP SITES: Redmondmag.com • RCPmag.com • ENTmag.com MCPmag.com • CertCities.com • TCPmag.com • TechMentorEvents.com

2 | September 2006 | Redmond | redmondmag.com | Project5 7/18/06 10:25 AM Page 1

Seamless failover.

Always connected.

Keeping Users Connected.

Keep your application servers zipped up and func- management intervention needed, no one covers tional all of the time. Whether a single server or an your back better than Neverfail. Anything less is entire site fails, availability to critical business appli- a lesser solution. Designed for Windows-based cations fails, along with the productivity of users applications, Neverfail’s comprehensive suite of company-wide. No matter if you’re a start-up or a award-winning software solutions will help ensure Global 100, server downtime will kill your business. that your productivity is never interrupted. With Neverfail, users are kept continuously connected to their applications no matter To make your business a more productive — and when, where, or why a failure occurs in the profitable — enterprise, visit neverfailgroup.com server environment. Neverfail delivers cluster-class for your FREE server analysis and take the first disaster recovery, data protection and high availability step to achieving true high availability. Or better software solutions to every size company, and at a yet, call or email us today to join companies all over significantly lower total cost and complexity. With the world who have chosen Neverfail for the most automatic failover response measured in mere effective disaster recovery, data protection and high seconds rather than minutes, and no user or IT availability solutions in the industry.

Keeping Users Connected. www.neverfailgroup.com [email protected]

EXCHANGE • SQL SERVER • FILE SERVER • IIS • SHAREPOINT • BLACKBERRY • ORACLE • LOTUS DOMINO 0906red_Rubble4.v4 8/15/06 11:13 AM Page 4

Barney’sRubble Doug Barney

RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY REDMONDMAG.COM Glutton for SEPTEMBER 2006 ■ VOL. 12 ■ NO. 9 Editor in Chief Doug Barney [email protected] Editor Ed Scannell [email protected] Market Share Executive Editor, Reviews Lafe Low [email protected] Editor at Large Michael Desmond [email protected] Managing Editor Wendy Gonchar his column, if you strip out the specifics, could’ve been [email protected] Editor, Redmondmag.com Becky Nagel written anytime in the last 20 years. But writing it now is [email protected] Contributing Editors Mary Jo Foley more relevant than ever for we are truly at a danger point. Don Jones T Greg Shields Joern Wettern The problem? Microsoft wants it all. rough around the edges. Fortunately, Art Director Brad Zerbel If there’s a dime to be made, Redmond systems management companies were [email protected] Senior Graphic Designer Alan Tao wants the whole 10 cents. In categories there to smooth it all out. Now that [email protected] it invents (think hard to remember the MOM and other tools are mature, Red- last one, maybe Flight Simulator?) that’s mond no longer needs this help. See ya! fine. Create a new category, build a bril- Unified Communications/Messaging— Group Publisher Henry Allain liant product, and reap the rewards. Microsoft plans to go after Cisco, Avaya [email protected] That’s the American way. and all the rest—the same companies that Editorial Director Doug Barney [email protected] In the early days Microsoft went taught Microsoft how it all works in the Group Associate Publisher Matt N. Morollo after large, entrenched companies like first place. [email protected] Director of Marketing Michele Imgrund Lotus, which at one Walk any Microsoft [email protected] time was far bigger show, Tech-Ed or the Senior Web Developer Rita Zurcher [email protected] than Microsoft. Sure, yearly Partner confer- Marketing Programs Associate Videssa Djucich Microsoft leveraged its ence, and you’ll see [email protected] Editor, ENTmag.com Scott Bekker desktop monopoly, but aisle after aisle of niche [email protected] Editor, MCPmag.com Michael Domingo in the end Lotus was companies. Important [email protected] simply outsmarted—as indeed, but not exactly Editor, RCPmag.com Becky Nagel CertCities.com [email protected] was IBM—a company designed to go toe to toe Associate Editor, Web Dan Hong whose tab for two- with Big M. And many [email protected] martini lunches used of these niche companies to exceed Redmond’s are next on the list. yearly income. Microsoft should not President & CEO Neal Vitale I could live with this, kill off or even marginal- [email protected] CFO Richard Vitale and, in fact, enjoyed ize third parties. It’s bad [email protected] watching these giants for innovation, bad for Executive Vice President Michael J. Valenti [email protected] get knocked around. business, bad for the Director, Circulation and Abraham Langer But with the big guns defeated, magazines and Web sites that rely upon Data Services [email protected] Director of Web Operations Marlin Mowatt Microsoft is turning to smaller players, these companies for advertising (and [email protected] and now nearly every third party is in give you great, free content as a result, Director, Print Production Mary Ann Paniccia [email protected] the Redmond cross hairs. and I’m not just talking about this mag Controller Janice Ryan Here’s the latest hit list: you’ve got in your hot little hands). [email protected] Director of Finance Paul Weinberger Anti-virus and Security Software— What should you do? Don’t blindly [email protected] McAfee, Symantec and Sunbelt were buy bigger and bigger Microsoft stacks. Chairman of the Board Jeffrey S. Klein not just good partners, they saved Just because it’s integrated doesn’t mean [email protected]

Microsoft by making Windows usable. it’s best in the long run. Remember, the The opinions expressed within the articles and other contents Now that Microsoft has figured out chief advantage of any monopoly is herein do not necessarily express those of the publisher. how to make the same software, these price control. companies are suddenly the enemy. Support third parties. Don’t let Management software—when Win- Microsoft have it all, or you’ll have to dows NT first shipped, it was a bit live with it when they do. —

4 | September 2006 | Redmond | redmondmag.com | PHOTO ILLUSTRATION BY ALAN TAO Project6 8/11/06 3:00 PM Page 1

ADVERTISEMENT Restore and Maintain Peak Performance Eight things you need to know about fragmentation – a special report

As an IT Professional, you know the Increased server importance of maintaining system 4.uptime: b performance and reliability. Your Fragmentation can team is the one called to the rescue cripple server per- when desktops or servers crash, formance and relia- slow down or freeze. Many of these bility resulting in issues stem from a single, hidden downtime and lost source: disk fragmentation. production. Dis- keeper can easily Reliability issues commonly traced and safely be used on to disk fragmentation: Crashes and Diskeeper’s interface shows fragmentation levels and relative 1. your servers includ- location of all the files and folders on the selected volume. system hangs/freezes; slow boot times ing: file and print, and boot failures; slow back up times web, domain con- and aborted backup; file corruption trollers, SQL, Exchange, and any Advanced, automated defragmenta- and data loss; errors in programs; other database or application servers. tion: Manually defragmenting cache issues; hard drive failures. 8. every system every day is simply not possible in even small networks let Having files stored contiguously Virtualization and fragmentation: alone enterprise sites. IT Managers on the hard drive is a key factor in Server virtualization can be 5. use Diskeeper’s “Set It and Forget keeping a system stable and per- used to reduce the number of It”® operation for automatic forming at peak efficiency. Even a physical systems for more efficient network-wide defragmentation. small amount of fragmentation in CPU utilization. However, there is Customers agree Diskeeper main- your most used files can lead to a downside; the disk subsystem tains the performance and reliabili- crashes, conflicts and errors. must now account for increased ty of their desktops and servers, The weak link in today’s computers: disk I/O. Disk fragmentation the reducing maintenance and increas- A computer system is only as primary cause of unnecessary I/O 2. ing hardware life. fast as its slowest component. The overhead. Automatic defragmenta- disk drive is by far the slowest of the tion is more important than ever for Every system on your network needs three main components of your maximum performance. Diskeeper, the Number One Auto- computer: CPU, memory and disk. matic Defragmenter™ with over 20 Even with the fastest CPU system Hidden manual defragmentation million licenses sold! performance would be affected by 6.costs: Manual defragmentation disk fragmentation. is not “free” — it has heavy hidden Is Daily Defragmentation needed in costs, such as IT time to manually defrag every system. This results ® 3.today’s environment? More than The Number One Automatic Defragmenter ever! Large disks, multimedia files, in either staying after hours to applications, operating systems, defrag, giving the users adminis- Special Offer system up-dates, virus signatures – trator privileges (not likely!), break-fix handlings, or more often all dramatically increase the rate of Try Diskeeper 10 FREE for 45 days! no defrag whatsoever. fragmentation. Fragmentation Download: www.diskeeper.com/red5 increases the time to access files for (Note: Special 45-day trialware is all common system activities includ- How do I find out how much frag- only available at the above link) ing opening and closing Microsoft® 7.mentation I have? Download a free Word documents, searching for Volume licensing and Government / Education trial version of new Diskeeper 10 at: discounts are available from your favorite emails, opening web pages and per- www.diskeeper.com/red6 reseller or call 800-829-6468 code 4372 forming virus scans. To keep performance at peak, defragmentation Install it, select a volume, select For test results, white papers and case studies, visit must be done daily. Analyze and view the report. www.diskeeper.com/docs

©2006 Diskeeper Corporation. All Rights Reserved. Diskeeper, The Number One Automatic Defragmenter, “Set It and Forget It” and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com 0906red_Letters_6.v4 8/15/06 2:09 PM Page 6

[email protected]

Two Cents I think Joanne Cummings is trying to roll up a review of four distinct (yet related and somewhat interdependent) technologies into a single Visual Studio 2005 (VS 2005) review [see the July 2006 Reader Review, “The 800-Pound Code Gorilla”].

1. Writing CLR code for SQL Server develop a product designed to be every- is really a feature of SQL Server 2005, thing to everyone (at least in the not VS 2005. Having VS 2005 does Microsoft-specific universe). There are or, at the very least, given serious consid- make this a lot easier, though. some people who will use some of the eration. Ira is not only a prolific writer 2. The dearth of documentation about capabilities while others will choose to but also an amazing presenter. He grabs the large number of classes is really a use different capabilities. your attention. Never pass up the oppor- commentary on .NET Framework 2.0, Just my two cents. tunity to read one of his articles, books rather than VS 2005 per se. Steve Bohlen or see him speak. You are guaranteed to 3. VSTS is clearly a completely sepa- New York City, N.Y. learn something every time! rate product offering from Microsoft that Lacking Self-Critique Douglas DeCamp obviously helps you leverage an invest- Mary Jo Foley is overly generous [see Toledo, Ohio ment in VS 2005, but it’s really a separate the July 2006 Foley on Microsoft, technology from VS 2005 itself. “How to Fix Microsoft in Five (Not So) On the Go ... 4. The remainder of the comments Easy Steps”]. Microsoft has no ability to I’ve been reading your magazine for are more narrowly targeted to VS 2005. self-critique and act on lessons learned more than seven years, including when it While I agree with most of them (like was MCP Magazine, but never did I enjoy the fact that debugging is much Microsoft has no ability an issue so much as Redmond May 2006. improved), I do have to suggest that at to self-critique and act on least some of the negative performance comments targeted at VS 2005 are real- lessons learned about its ly the result of configuration choices own character. that are easy to change. For example, you can easily address the speed at about its own character. It has proven which the integrated help loads by sim- that time and time again. Like Charles ply changing the “use online help first” Manson, Jeffrey Dahmer and Ken Lay, to “use installed help content first.” they are the first victims of their own I do agree with the premise that VS sickness and will be their last. 2005 contains a huge volume of capabil- Roberto Sumatra-Bosch ities that many developers will only be Jakarta, Indonesia able to really scratch the surface of before the next release of the product. A Basic Approach After all, that’s what happens when you The amazing simplicities that Ira Win- kler continues to point out [see “Reach Out & Hack Someone,” June 2006] are amazing. People in the IT field continue Whaddya Think to overlook basics we feel people should Send your rants and raves to already know. I feel that Ira’s basic [email protected]. ?! approach to physical security has to be Editor at Large Michael Desmond’s Please include your first and the greatest in the world. I’ve read his “Productivity on the Go” article was so last name, city and state. If we book, “Spies Among Us,” and it was truly enjoyable and so useful. Thanks so much. use it, you’ll be entered into a amazing how much I learned that I Jay Kulsh drawing for a Redmond t-shirt! should’ve already known, implemented Simi Valley, Calif.

6 | September 2006 | Redmond | redmondmag.com | Project9 7/18/06 12:09 PM Page 1

- iÊÕÃÌÊ `Ã>Li`Ê iÀÊ >ÌqÛÀÕÃÊ ÃvÌÜ>Àit

iÀÊ* ÊÀÕÃÊv>ÃÌiÀ]ÊLÕÌÊÃ i½ÃÊ i«>À`âi`ÊÌ iÊiÌÀiÊV«>Þ° >ÃÞÊ`ÃÌÀ>Ì

ÞÊ }}}ÊÃÞÃÌiÊÀiÃÕÀViÃp>`ÊvÀÕÃÌÀ>Ì}Ê 7Ì Ê6]ÊÌ iÊ«ÀÌiVÌÊÞÕÊ ÕÃiÀÃpÌÀ>`Ì>Ê>ÌÛÀÕÃÊÃÕÌÃÊi>ÛiÊ ii`ÊV>ÊLiÊViÌÀ>ÞÊÃÌ>i`Ê ÞÕÊiÃÃÊ«ÀÌiVÌi`° >`Ê>>}i`]ÊÃ«vÞ}Ê >`ÃÌÀ>Ì°ÊÌ½ÃÊ>Ì iÀÊ ÃÌi>`]Ê}iÌÊÀÃvÌÊ6ÊÌ6ÀÕÃÊÃvÌÜ>Ài°Ê 7Ì ÊÌÃÊi>ÃÞÊ>`ÊÌÕÌÛiÊÌiÀv>Vi]Ê Ü>ÞÊ6ÊÌ6ÀÕÃÊÃvÌÜ>ÀiÊ ÀÃvÌÊ6ÊÌ6ÀÕÃÊÃvÌÜ>ÀiÊìÃ½ÌÊL}Ê >ÝâiÃÊÞÕÀÊ«ÀÌiVÌ° `ÜÊÃÞÃÌiÊÀiÃÕÀViÃÆÊÃÌi>`]ÊÌÊÜÀÃÊ µÕVÞÊ>`ÊÃi>iÃÃÞÊLi `ÊÌ iÊÃViiÃ°Ê 7Ì ÊÀiÊÌ >Ê{äÊÊÞ>ÊÕÃiÀÃÊ ÜÀ`Üì]ÊÀÃvÌÊÃÊÌ iÊLiÃÌÊV ViÊvÀÊ «i«iÊ>`ÊV«>iÃÊÃii}Ê>ÝÕÊ «ÀÌiVÌÊ>}>ÃÌÊÛÀÕÃiÃ]Ê >ViÀÃÊ>`Ê ìÌÌÞÊÌ ivÌ°Ê ÊÀÃvÌÊÃÕÌÃÊ>ÀiÊ>Û>>LiÊ "7Ê}iÌÊÃ«ÞÜ>ÀiÊ ÜÌ ÊÓÞi>ÀÊViÃiÃ° «ÀÌiVÌÊÜÌ Ê , ÊÎä 9Ê/,o iÜ`Ê>ÌÃ«ÞÜ>ÀiÊ{°ä ÜÜÜ°}ÀÃvÌ°VÉ`VÉÀi`` *ÀÌiVÌ}ÊvÀ>ÌÊÃViÊ££

-iiÊÌ iÊV«iÌiÊiÊvÊ6ÊÃÕÌÃÊvÀÊ iÊ ÕÃiÀÃ]ÊÃ>ÊLÕÃiÃÃiÃÊ>`Ê>À}iÊiÌiÀ«ÀÃiÃ° /Õ} ÊÊÛÀÕÃiÃ]Êi>ÃÞÊÊÕÃiÀÃ° Project1 8/3/06 9:38 AM Page 1 0906red_RedReport9-18.v11 8/15/06 1:30 PM Page 9

September 2006 INSIDE: ISA Server 2006: Major enhancements include better bandwidth and improved RedmondReport network monitoring. Page 14 Microsoft Bets Big on the Live Era Ballmer, Ozzie pledge to deliver innovative services-enabled software.

BY ED SCANNELL AND STUART J. JOHNSTON t their annual financial analyst meeting held in Redmond in A late July, top Microsoft officials did their best to portray their company as one poised on the verge of entering a new era—willing and quite able to put its money where its mouth is. The new era, perhaps the most significant transition the company has ever made, is one in which Microsoft shifts from its time-honored, PC-centric view of computing to one that is Web-centric and driven by its Software as a Ser- vice (SaaS) model built around Windows and Office Live. Microsoft plans to spend a whopping $500 million on research and development over the course of fiscal 2007, which began July 1, just in the area of services. In that same spirit of aggressive commitment, Microsoft CEO Steve Ballmer, Microsoft Chief Software Architect Ray Ozzie outlines Microsoft’s transformation to a in his opening remarks to analysts, world of live services at the company’s annual gathering of financial analysts. pledged to spearhead the company’s commitment to achieve greater technical “When we start something, we don’t Eventually he expects the company to innovation. Ballmer admitted he has back off it. We will keep working and be equally successful in all four areas. never taken on this responsibility because working and working and working and Ballmer’s pledge to go not so gently it has always been the domain of Chair- working. We are not afraid to falter into this new era was underlined by Ray man Bill Gates. But with Gates gradually with something new. We will learn, Ozzie, Gates’ recently installed replace- stepping away from such responsibilities come back with new ideas and smarter ment as chief software architect. over the next two years, Ballmer said he’ll people each time,” Ballmer said. Despite the healthy doses of skepticism now assume that mantle. Microsoft also intends to be equally from industry analysts and users about Microsoft will take a long-term aggressive in several other areas, com- Microsoft’s ability to transition its approach toward delivering meaningful paring the company’s multiple lines of mammoth operations over to the SaaS era, Ozzie believes the transition should Some may view what we’re doing here as a big, bold bet, but it’s a prove to be an orderly one. very natural bet for us, given our heritage as a platform company. “Some may view what we’re doing here as a big, bold bet, but it’s a very nat- — Microsoft Chief Software Architect Ray Ozzie ural bet for us, given our heritage as a innovation in a number of important business to that of a multi-core proces- platform company,” Ozzie told analysts. areas Ballmer promised and, in his typi- sor. Ballmer said the company will add In laying out his vision of how the cally bombastic style, said the company new “cores,” namely entertainment emerging services market would evolve will not be easily deterred by any tech- software and Internet services, to its and what Microsoft’s role in it would nical challenges or level of competition. existing desktop and server cores. be, Ozzie said he strongly believes the

| redmondmag.com | Redmond | September 2006 | 9 0906red_RedReport9-18.v11 8/15/06 1:30 PM Page 10

RedmondReport

Continued from page 9 future of Microsoft’s products lies in a Vista: The Clock Is Ticking “fundamental transformation toward services and services-enabled software.” Can Microsoft zap enough bugs to make This transformation includes both its SaaS plans for Windows and Office its promised ship date? Live and the integration of its desktop applications with selected Windows fter slipping the schedule for time to issue a third beta, before it Live offerings. Windows Vista multiple starts the RC process. This strategy will be driven by what Atimes, Microsoft stri- So while many in the indus- Ozzie described as the “cheap revolu- dently continues to commit try (and the stock market) tion,” referring to those computing tech- to business customer are holding their breath as nologies that continue to get smaller and deliveries by the end of to whether Vista slips less expensive, most notably fast and the year. again, Enderle and Cherry cheap wired and wireless bandwidth. But thousands of both take it for granted “Our model is to use our Windows bugs still need to be that another slip Live services platform as an experience zapped in the code is entirely within the realm hub, and to use the PC, browser and and the clock is of possibilities. mobile devices as different experience- running. “The major impact of delivery mechanisms for the value we In early July, .NET [Vista’s slippage out of calen- aspire to deliver,” Ozzie said. “We bring developer Robert dar 2006] has already happened together Office and Office Live using McLaws published an and the question now is, does any- analysis of the bugs one really care whether it ships on When we start something, we still present in the con- Super Bowl Sunday or Easter Sunday,” don’t back off it. We will keep sumer or beta 2 release on Cherry asks. Longhorn Blogs. He found that during — Stuart J. Johnston working and working and work- the entire beta test process to that point, and Ed Scannell ing and working and working. 27,479 bugs had been identified and We are not afraid to falter with that Microsoft had already fixed 21,196 something new. We will learn, and resolved another 1,020. But that still Big Bang leaves 5,743 to go and only a short while come back with new ideas and to fix the most important of them. Goes smarter people each time. “Microsoft is probably still overly — Microsoft CEO Steve Ballmer optimistic [about delivering Vista in Kaboom January], but they’re well into getting it Windows Live as the experience hub.” done,” says Michael Cherry, lead ana- hy has it taken Microsoft Ozzie said it seemed only natural that lyst for Windows and mobile at Walmost five years to develop a limited desktop terminal model, like researcher Directions on Microsoft. and deliver its overdue operating that of a browser, would be needed if “Their drop dead date for the first system? Ballmer confessed to centralized services were to succeed. RC is mid-September,” says Rob analysts that the company may “Our world has evolved into one Enderle, principal analyst at research have erred in taking what he with amazingly powerful ‘edge’ devices consultancy the Enderle Group. “Right described as a Big Bang and centralized services and high- now, I’d say it’s a 60 percent chance approach to the product. bandwidth pipes connecting the two. that [it will release Vista] in the first “We tried to incubate too many For the first time we can consider how quarter,” he said. innovations and to integrate them to intentionally balance where to put After testing the latest build in late all simultaneously, as opposed to the application and data, and how rich July, McLaws advocates that letting them bake and then integrat- to make the user experience,” Ozzie Microsoft slip Vista’s delivery a little ing them, which is essentially said. “I can’t sufficiently emphasize the further. He publicly suggested that where we wound up anyway,” importance and significance of this Microsoft push the consumer release Ballmer said. — E.S. architectural choice that we now back to late February and take the have,” Ozzie said.

10 | September 2006 | Redmond | redmondmag.com | Project1 3/14/06 3:47 PM Page 1 0906red_RedReport9-18.v11 8/15/06 1:30 PM Page 12

The RedmondReport LOW DOWN By Lafe Low The Summer of Lockdown Securing files, e-mails, Web sites and crazy soccer fans is a tall order.

he world was gripped by this ice called LinkScanner that lets you test Hacked summer’s FIFA Soccer the security of suspected hyperlinks— In late July, hackers defaced World Cup tournament. even if you use them all the time. Netscape.com’s social networking site TCrazed fans wore wild wigs LinkScanner examines a link and tells using a cross site scripting attack. The and body paint, old rivalries you if the associated site has been relatively harmless attack was allegedly flared, new ones erupted and, hijacked for criminal use or launched by devotees of Digg.com, a of course, there was the head compromised by malicious competing networking site. Finnish butt heard ’round the code. Try it out at security vendor F-Secure first discov- world. At Microsoft Tech www.explabs.com. Click on ered the hack while researching cross- Ed in Boston, you couldn’t LinkScanner and type in the site scripting vulnerabilities. The walk 50 feet through the cor- URL you want to scan. After a hackers used an XSS vulnerability to ridors without bumping into a few seconds, you’ll either get insert JavaScript code into the Netscape group gathered around one of the clearance telling you the link is secure homepage and other pages on the site. dozens of plasma screen TVs installed or a warning to not use it because it has The Digg diggers used cross-site for the occasion. been compromised. scripting to show pop-up alerts with Not everyone could just drop what humorous (at least to the perpetrators) they were doing to watch the games, Read Only messages that redirected visitors to however. Most of us still had to trudge There’s a new Outlook plug-in that their site. Fortunately, there was no into work. That’s where the Web came promises to give Microsoft’s Rights malicious code inserted or sensitive in. According to a July 2006 poll con- Management Services (RMS) a data stolen. Shortly after the attack, ducted by St. Bernard Software, more run for its money. Taceo Netscape issued a statement than half (54 percent) of the respondents (Latin for “to be silent”) lets explaining that the vulner- admitted to watching the World Cup on you encrypt and assign ability had been patched streaming video at work. That could privileges at the individual and assuring visitors they explain the bizarre screams coming file and e-mail levels. This were safe. from down the hall. struck me as a solid Worried about suffering a A similar poll done in May, also by St. approach when I first similar fate? The Acunetix Bernard, revealed that 85 percent of the looked at RMS as well— Web Vulnerability Scanner 266 IT managers surveyed had no plans file protection at the file can automatically audit to block Internet access to World Cup level. You can add permis- web applications. It deter- footage. So productivity may have taken sion controls like “do not mines whether or not they a hit during the games, but it’s probably print” and “do not forward,” are secure from potential wise for employers to not try to stop the and prevent someone from vulnerabilities like this recent cross site soccer madness. No sense getting those cutting, pasting or editing a message. scripting attack. The company also rowdy soccer fans all riled up. You can also set privileges to expire offers free initial audits to help you after a certain time or evolve over time. determine your Web site’s security. Click on Through Taceo uses 1024-bit RSA asymmetric Better safe than cross site scripted. — You still think it’s safe to click through encryption and 192-bit 3-DES encryp- to other links while surfing around? tion to lock down files. It can also Lafe Low is Redmond magazine’s Unfortunately, you can no longer encrypt digital signatures. This is a fair- executive editor for reviews. Reach him implicitly trust even familiar sites and ly airtight approach, and should keep with any company or product scoop at links any more. There’s a new free serv- Microsoft’s RMS team high-stepping. [email protected].

12 | May 2005 | Redmond | redmondmag.com | Project8 5/15/06 4:11 PM Page 1

You do it all the time. Do you think the bad guys won’t?

Sunbelt Messaging Ninja: Kill viruses, spam, and bad attachments

Other attachment filters don’t filter TM decide what extensions. attachments: They filter happens to all FREE Anyone can change extensions. And the bad attachments SMART guys don’t need an FAQ to show them how. It’s based on cri- Attachment™ an easy trick—at least it was. Until now. Meet Sunbelt Messaging teria such as inbound and outbound Ninja—the new all-in-one, best-of-breed, third-generation email direction and internal or external Filter messaging security solution: Ninja is a plug-in framework that recipients. Dual-engine antivirus: integrates best-of-breed Ninja combines the power of two high-quality antivirus, antispam, AV engines: Authentium and BitDefender. Dual-engine antispam: and SMART* attach- Ninja’s spam filtering decimates junk mail with both Cloudmark (which ment-filtering modules includes antiphishing) and Sunbelt’s own heuristics-based iHateSpam on your Exchange engines. And, of course, it also supports RBLs and SPF. server. Full control: FREE attachment filter: For a limited time you can have Ninja’s The policy-based plug- attachment filter for FREE. It’s full-featured. Not crippleware. All you in architecture allows you powerful, granular control. You can finally have to do is download it at www.sunbelt-software.com/ninjared. rule with an iron fist. SMART attachment filtering: Ninja features the first flexible policy-based attachment filter that isn’t fooled by extensions. It looks inside files to determine their true identity. Your policies

Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]

*Suspicious Mail Attachment Removal Technology™ © 2006 Sunbelt Software. All rights reserved. Sunbelt Messaging Ninja, SMART and Suspicious Mail Attachment Removal Technology are trademarks of Sunbelt Software. All trademarks used are owned by their respective companies. 0906red_RedReport9-18.v11 8/15/06 1:30 PM Page 14

BetaMan RedmondReport

HTTP Traffic Cop Major enhancements to ISA Server 2006 include better bandwidth controls and improved monitoring.

icrosoft has taken a good site has any references to internal product and made it better in ISA 2006 computers, ISA can help map and Mmany ways. Internet Security Version Reviewed: Beta 2 maintain those connections. Those and Acceleration Server (ISA) 2006 may Current Status: Beta 2 (early 2006) references would otherwise appear as look similar to ISA 2004, but it has some Expected Release: Late ’06/early ’07 broken links because internal domain major upgrades. For one, it makes pub- names are inaccessible from the Inter- lishing resources from your internal net- net. ISA’s link translation uses a dic- work and DMZ much easier, especially if tionary of definitions for internal you’re running Exchange and Share- and malicious attacks. It identifies computer names that map to publicly Point. New authentication methods like clients generating excessive traffic that known names. It automatically builds straight LDAP without Radius help you are likely infected with worms, viruses this dictionary as you create Web verify users in whichever way makes the or spyware. You can configure the publishing rules. most sense for your situation. maximum number of TCP and HTTP You can also manually add explicit requests per minute per IP address. mappings to the dictionary. This saves Playing with Bandwidth It will also control the maximum you from having to redo all your Web ISA can preserve bandwidth by com- amount of concurrent connections, half- code to point to public names. When pressing HTTP content. This is useful open connections and non-TCP connec- an internal name is returned to the when you have a slow WAN link tions. You can configure ISA to simply outside, ISA will replace the internal between your clients and the ISA server. drop this traffic or drop and log traffic. name with the external name as ISA uses GZIP and Deflate compres- The default flood mitigation settings defined in the dictionary. The updated sion algorithms to eliminate redundant ensure that ISA Server will still function, link translation in ISA 2006 supports data and reduce file size. Windows 2000 even under flood attack. It denies mali- additional character sets and is auto- and 2003 support both of these algo- cious traffic while serving all other traffic. matically activated when you create a rithms, as long as the client is using Improved traffic monitoring is another Web server publishing rule. Internet Explorer 4.0 or higher. ISA 2006 highlight. Many other fire- ISA also controls bandwidth for all walls provide no logging or make it dif- Final Verdict HTTP and HTTPS traffic. This lets ficult to use the data. ISA displays live After almost a month, there really you give certain packets preferential traffic as it comes through your firewall, haven’t been any problems with ISA treatment based on their destination. ISA telling you if the traffic was allowed or 2006. It’s the best version of ISA so does this with the Differentiated Services denied and which firewall rule rendered far. The monitoring immediately protocol, which uses a tab in the header the decision. This makes it easy to asso- pinpoints which rule is blocking traf- of each packet to assign priority. Packet ciate a denial with a specific rule. ISA fic. The new security features like prioritization applies to all HTTP and 2006 generates data on log time, client flood mitigation and bandwidth man- HTTPS traffic passing through ISA, IP,destination IP,destination port, pro- agement features like HTTP com- rather than applying specific firewall tocol, action, rules, result code, HTTP pression and packet prioritization are rules. After you enable packet prioritiza- status code, client username, source net- reasons enough to upgrade as soon as tion, you configure the URLs and work, destination network, URL, server ISA 2006 goes live. — domains to which it will be applied. name and log record type. Beta Man has gone under cover to give Flood Watch Speaks Fluent Link you some of the earliest and most ISA 2006’s flood mitigation protection If your intranet is published to the unflinching takes on important software keeps you safe from virus outbreaks outside world or if your public Web under development at Microsoft.

14 | September 2006 | Redmond | redmondmag.com | Project6 8/11/06 2:25 PM Page 1

EXCHANGE JUST WENT DOWN The Most Recent Backup Was Done Last Night What Are You Going To Do?

The Problem: Massive Data Loss Due to Protection Gaps.

Traditional Exchange backup agents from CA, CommVault, Dantz, EMC, Legato, Symantec, Veritas and other traditional backup solutions leave you vulnerable – up to 24 hours or more of data-loss.

The Solution: Continuous Data Protection Closes the Gap.

Lucid8’s DigiVault Continuous Data Protection solution with SingleTouch Recovery™ represents a major improvement over traditional backup, replication, and snapshot systems. • Automatically captures all changes to the Exchange databases as they are made • Advanced features like compression saves bandwidth and disk space (up to 80%) and 256-bit encryption keeps the bad guys out • SingleTouch Recovery™ to multiple points in time before the corruption occurred • Centralized management, Enterprise capable, Easy to implement, Simple to use

The Bonus: TRADE-UP to DigiVault with CDP and SingleTouch Recovery™ by 12/31/2006 and receive a healthy trade-up discount to help offset the money you’ve already spent on the outdated Exchange agent from those other guys.

Created by TRADE-UP TODAY To learn more, call 425 456 8478 or visit our website at www.lucid8.com/tradeup for a FREE 30-Day DigiVault Test-Drive and a copy of The Essential Guide to Continuous Data Protection for Exchange.

Copyright © 2006 Lucid8. All rights reserved. Microsoft® Exchange Server is a registered trademark of Microsoft® Corporation. All other trademarks are property of their respective owners. 0906red_RedReport9-18.v11 8/15/06 1:30 PM Page 16

RedmondReport Better Late Than Never? Latest build of Vista impresses, but did it arrive too late?

here was a lot of excitement and transparent Vista Sidebar gadgets Based on what we’ve seen in Build when Windows Vista beta 2 hit are typically below 20 percent, much 5472.5, can Microsoft release Vista to Tthe streets in late May, but better than the 60 percent to 80 percent commercial customers in November? when eager testers got their hands on I often saw under Beta 2. Maybe not. Microsoft needs to pro- the code, that excitement turned to dis- While there are no major changes to duce a release candidate in September may. Windows Vista Beta 2, we all the interface since Beta 2, Microsoft if it wants final code ready in Novem- learned, was simply not ready for has implemented a host of refinements. ber. Yet, a lot of work remains. For prime time. Much of the work went toward reduc- instance, I’ve seen Windows Explorer A lot has changed with Vista Build ing the “chattiness” of the Vista inter- lock up hard—requiring a reboot—at 5472.5, an interim cut released in July face, which frequently badgers users least once, and I was rudely surprised that cleans up many of the most egre- about running certain applications or by a blue screen of death. The test gious flaws in Beta 2. Gone is the hope- changing system settings. User account system also sometimes struggled to lessly sluggish performance that made management has also been streamlined. emerge from sleep mode. the mass-produced beta all but unusable. Other tweaks include an improved Compatibility remains an issue. Installation times are vastly improved—I Flip3D view—essentially Alt-Tab on The latest Vista build refused to was able to upgrade from Windows XP steroids—and some pretty significant install on a Pentium 4 PC with a in about two hours, down from three- work on the Media Center interface, Promise Technology RAID con- plus hours with Beta 2. Processor loads though more work remains before this troller, and mainstream software like when running things like glass effects functionality is cleaned up fully. Quicken 2006 will not work on the RED2006_p1_Gatefold_Tip 8/11/06 2:37 PM Page 1

1 First in a series of step-by- step guides for the Designing High Protection of the Microsoft Windows Server Availability for System BlackBerry andExchange Systems Nelson Ruest & Danielle Ruest A Report by Resolutions Enterprises

Sponsored by RED2006_p2_Gatefold_Tip 8/11/06 2:39 PM Page 2

Step 1: Know your Exchange/ BlackBerry Downtime be gone! Architecture Microsoft Exchange Server delivers email Pretty well everyone today realizes that Exchange and services through a series of different correspondingly, BlackBerry systems for those who have them, server roles. Each role takes on the management of one part of the system. When are mission-critical systems. This is why it is so important for integrated to a BlackBerry solution, system administrators to ensure that they have some form of Exchange interacts with a BlackBerry Enterprise Server (BES) to provide mobile protection in place for these systems, be it a rapid recovery or a messaging services. A typical installation high availability system. Despite this, each time an outage of both technologies will involve several core services along with other, secondary occurs it is the system administrator who will be held responsi- services that are designed to support the delivery of messaging to end users through ble and who will be faced with the repair of the system—repair a variety of devices. The full complement that often occurs during intense and stressful conditions as of core services includes: • Exchange Edge Services which are users and executives hammer them with calls and complaints. designed to provide protection against spam What if you never have to face this type of situation again? What and other unwanted detritus that may be picked up by your messaging system. if there was a way for you to ensure that both your Microsoft • Exchange Front End Servers which provide support for message routing and also Exchange Servers and your BlackBerry systems were always up? offer Outlook Web Access services. Wouldn’t that be worth its weight in gold? Well, if you’re a sys- • Exchange Back End Servers which support the mail store and provide configura- tem administrator and you want a step-by-step procedure that tion and policy services for messaging. does away with unwanted stress forever, read on! • BlackBerry Enterprise Server which provides routing and security for all BlackBerry services. Protecting Systems Once and For All • Microsoft SQL Server which is used Each time a system fails, the phone starts ringing off the hook. As if it wasn’t stressful to store all configuration and data for the enough to have to repair a broken system under pressure, you have to figure out how to deal BlackBerry services. with irate users and management at the same instant as you have to bring the system back The latter can be in the form of the up in record time. Microsoft SQL Server 2000 Desktop Engine or Enough is enough. We don’t need to bore you with ungainly statistics. You already know that the newer SQL Server 2005 Express Edition, downtime is the bane of any system administrator’s life. So, how do you avoid it? There are real- but in an enterprise, should really be in the ly three basic steps to the avoidance of downtime and the possible return to a normal life— form of either SQL Server 2000 or 2005 that’s right, no overtime!—for system administrators: because they both provide much more robust • Proper System Understanding database services and they support high • Service Protection through built-in high availability services availability solutions. • Data Replication Systems In addition to the core services required to The first makes sense; you can’t protect what you don’t know you have, so you need to deploy and support mobile email services understand your system if you want it to stay up all the time. The second relies on Windows through the BlackBerry/Exchange combina- built-in services to provide high availability of your mission critical systems. This involves the tion, several secondary services are also use of Network Load Balancing (NLB) for front end services and the Microsoft Cluster Service for required. These include services such as back end services. The last one deals with the use of third party tools to ensure you have a Active Directory (AD), the dynamic host con- readily available replica of your systems so that they can come back up immediately in the figuration protocol (DHCP), the domain name event of a failure. system (DNS), and of course, a series of secu- Each of these is explained in detail here. For those of you that are not using BlackBerry, but rity services such as antivirus, anti-spam and are using Exchange on its own, keep reading; this applies to you as well. For those using both anti-spyware. To round out the solution, Exchange and BlackBerry, don’t miss this recipe for success. you’ll need additional protection mecha- RED2006_p3_Gatefold_Tip 8/11/06 2:39 PM Page 3

FIGURE 1

A Typical BlackBerry/Exchange Configuration

nisms such as firewalls and additional In addition to proper documentation, you may want to implement a client utilities and devices such as Microsoft monitoring system to proactively protect all of the pieces of the Outlook and BlackBerry-enabled mobile BlackBerry/Exchange puzzle. Microsoft Operations Manager 2005 (MOM) devices (see Figure 1). provides an excellent means of monitoring and controlling this type of As you can see, even the simplest architecture. MOM provides an operator console that lets administrators BlackBerry/ Exchange architecture can know the health of the system at all times. MOM’s framework lets soft- become complicated and what is complicated ware developers create special management packs for specific products. is by default vulnerable. Email systems are As part of its new Common Engineering Criteria, Microsoft ensures that vulnerable by nature. That’s because they are new management packs are delivered with each and every component of connected to the outside world, email data is the Windows Server System. With the Exchange Server 2003 Management stored in a large database—a database that Pack, operators get expert help on the health of their Exchange servers can easily become corrupted; and emails are even if each server is playing a different role. That’s because the manage- the preferred target of viruses. Email systems ment pack includes a definition of a healthy state for the server and will are distributed in nature with several servers automatically raise alerts if it detects special events or performance playing different roles making it more diffi- degradations. Upon the generation of an alert, MOM can even take proac- cult to manage and troubleshoot. Despite tive action such as running a script to clear data on a disk or shutting this, downtime is not allowed. Businesses down non-essential services to ensure the continued operation of a criti- rely too much on this critical tool, especially cal component. if they have instant access to emails through In addition to the Exchange Server Management Pack, Microsoft has BlackBerry devices, to function properly produced an Exchange Best Practice Analyzer (BPA). There are two ver- without it. sions of the Exchange BPA. The first is a standalone tool that analyzes So, the first step in protecting this system your infrastructure and provides recommendations. The second is the BPA is through the use of proper documentation, Management Pack for MOM 2005. This Management Pack runs against outlining each aspect of the system’s your Exchange infrastructure to gauge its general health status. It identi- configuration. Proper documentation will fies configuration issues and will also indicate if your configuration is assist you in a rapid diagnosis of issues as supported by Microsoft. As a Management Pack, it constantly runs they come up. If you’re using Microsoft Visio against your infrastructure and warns you of changes that could affect 2003, one of the easiest ways to quickly get a availability. This tool is a must for any organization running Exchange. picture of your network is to link it to the Because of its extensibility, MOM can also monitor the status of the Microsoft Baseline Security Analyzer (MBSA). BlackBerry Enterprise Server through the addition of third party BES Use MBSA to scan your network and view the Management Packs (see Resources). This makes MOM an excellent tool for results as a proper Visio diagram, all through the gathering of general status information and the documentation of the Microsoft Visio 2003 Connector for MBSA. your ever-precious email systems. RED2006_p4_Gatefold_Tip 8/11/06 2:41 PM Page 4

Step 2: Use Traditional High Availability Measures

The second step to protecting critical email systems is to rely use a spare server in standby mode or share the load between on built-in measures Microsoft provides through its Windows two servers, each acting as a backup for the other when there is Server operating systems. For this, you need to identify a failure or you can use a combination of load balancing and which type of service you need to protect as Windows offers spare servers. It all depends on the size of your user base and two different types of high availability services: the geographic distribution of your organization. • Front End Servers rely on the Network Load Balancing The Microsoft cluster service, on the other hand, is used to (NLB) service. This service transforms a series of identical store and protect email data for Exchange as well as configura- servers into one single set of resources and automatically redi- tion and usage data for BlackBerry in the form of a SQL Server rects users to the best available resource in the set. database (see Figure 2). MCS relies on shared storage to func- • Back End Servers rely on the Microsoft Cluster Service tion. Multiple servers provide redundant services, but are con- (MCS) which will use shared resources to protect access to nected to the same storage system. When the service fails on storage data for the service. one server, it is automatically picked up by another that is part In terms of BlackBerry/Exchange configurations, NLB is of the cluster. The same cluster can host both Exchange and used to protect front end systems offering routing and Outlook SQL services because an MCS cluster running on Windows Web Access services. NLB uses identical server images to pro- Server 2003 can have between 1 to 8 nodes. It is limited to 2 vide front end services. Each NLB cluster can have up to 32 nodes if the connectivity between the server and the storage nodes providing the same service. system is SCSI, but if you use Fibre Channel or iSCSI, you can The BES provides its own capability for service protection run up to 8 nodes in the cluster. Remember that each node and is very similar to the NLB service because it requires identi- must have capability to handle its own services as well as cal servers storing identical server images. High availability for failover services for non-working nodes when you plan for the BlackBerry services can be applied in several ways. You can server capacity.

FIGURE 2

Using NLB and MCS to protect both front end and back end systems RED2006_p5_Gatefold_Tip 8/14/06 2:34 PM Page 5

FIGURE 3

Relying on Replication Technologies to protect systems

Step 3: Protect your Systems users or replication between partner servers. with Replication Technology For example, CA XOsoft’s Assured Recovery While traditional high availability systems provide an excellent way to extend servic- provides this capability. After all, no solution es on a 24/7 basis, they do have limitations. The most important limitation is that is any good until it has been tested and test- they tend to be restricted to a single site. While geographic clusters or geoclusters— ed repeatedly to ensure that it actually works clusters, both NLB and MCS, that span multiple geographic sites—are feasible, they and recovery is actually possible. Sounds too tend to be very complicated and require custom hardware and software to work. This good to be true? In many ways it is. Imagine is because of the very nature of a cluster. By default, clusters identify which nodes are having a disaster recovery and high avail- available or not through a heartbeat mechanism. When you span large geographic ability system that just works, automatically, distances, it becomes difficult if not impossible to maintain the heartbeat between without your intervention. No more phone each system because long distance communications take more time, time that the calls and no more overtime—at least for cluster service just does not have. these systems. In addition, traditional clustering systems do not protect from data corruption. While What’s more, you can use these replication you can have the very best backup technology, there is nothing that will protect you and data assurance solutions on their own or should you overwrite backups with corrupt data, even if you are clustered. you can combine them with your existing In come powerful third party solutions—solutions from CA XOsoft, Symantec, EMC, clustering solutions. These tools work on the Double-Take Software and others. Replication technology offers the ability to have real- principle of real-time replication, replication time asynchronous data replication of both Exchange and BlackBerry servers. In addi- that can be intra-site, occurring within the tion, it is possible to add application monitoring and automatic pushbutton failover same LAN or inter-site, occurring between and automatic failback for complete system protection. Replication partners can be in two sites over the WAN. Most replication the same site, providing server-level protection or can be in different sites, providing technologies include bandwidth control so site-level protection. You can also add tools that protect data to the last consistent you don’t have to worry about losing your state, making sure that when you recover from a failure, you will not recover corrupted existing WAN throughput. And, through the data. Finally, you’ll want to make sure the solution you select includes the ability to application monitoring capabilities of these allow you to perform disaster recovery testing in real-time without disrupting either tools, you can easily set up automatic RED2006_p6_Gatefold_Tip 8/11/06 2:42 PM Page 6

failover—failover that will be transparent to users—in the event of a local or remote disas- Where to go from here ter. If you are already using a cluster, these tools can replicate to another cluster or simply Replication technologies provide end-to-end to a standalone relief server, they don’t care. This means there are several different possible protection of your most critical systems. high availability or recovery solutions with this type of technology (see Figure 3). That’s because replication partners can be Implementing these tools and getting final peace of mind for your critical email systems within the same site or distributed geographi- is a simple step-by-step process and will take only a few minutes to set up. Try them out, you cally for better protection. It all depends won’t regret it. You can use virtual machines to make it easier. Both Microsoft Virtual Server on your own configuration needs. But one 2005 and VMware Server are free so this test will only cost you time—about one hour once thing is for sure, after you try working with you’re ready—and the use of one, perhaps two, physical machines to host the test. replication technologies, you won’t want to go To test a replication technology, you can follow these general steps. All products use a back. They are simpler in many ways than similar process: clustering and they can provide the same level of protection. 1 Select the vendor you want to test—all have trial versions of their software—and then When you make your replication technology download the trial version from the manufacturer’s Web site (see Resources). selection, make sure you focus on four key 2 In a testing lab, prepare a stand-by of the original servers you want to protect, and abilities: then create stand-by installation servers for each of these key services. These can be 1 Replication of the critical data you want either physical or virtual servers. To make it easier, use virtual machines, then you can to protect. use the Microsoft Virtual Server Migration Tool (see Resources) to create the original servers since Microsoft virtual machines run on both Virtual Server and VMware Server. 2 Application monitoring of key services to identify when failover is required. 3 Run the tool’s installer from your download location to install both the management interface and the agent installer. This should be on your control workstation. 3 Data corruption protection to make sure you are not replicating bad data. 4 Launch the agent installer from the Start Menu to install the replication technology engine on the Master and Replica servers for each role you want to protect. 4 Testing capabilities so you can always know that your protection system is 5 Start management interface from your workstation to create a new replication scenario working and you can test at any time. and configure protection for each key service. Depending on your configuration, this could include BlackBerry Enterprise Server, as well as Exchange Front End and Back End Imagine, no more irate users, no more email Servers. downtime, and no more pressure. Try these technologies; you won’t regret it, ever. Do it now. 6 Test failover, either automatically or manually. Repeat several times to make sure you are satisfied with the results. In addition, test data failures to make sure you recover About the Authors Danielle Ruest and Nelson Ruest, MCSE, MCT, Microsoft MVP, are IT professionals specializing in systems from corrupted data. administration, migration planning, software management and architecture design. They are authors of multiple books, notably 7 When you are completely satisfied that everything works as advertised, move to two books published by McGraw-Hill Osborne, “Windows Server acquire a license for the product and install it on your production systems. 2003: Best Practices for Enterprise Deployments”, ISBN 0-07- 222343-X and “Windows Server 2003 Pocket Administrator”, It’s that simple. The longest part of this test will be step 2, preparing duplicate servers, ISBN 0-07-222977-2 as well as “Preparing for .NET Enterprise Technologies”, published by Addison Wesley, ISBN 0-201- but you can reduce the time it takes by using virtual machines instead of physical devices. 73487-7. They have extensive experience in high availability Once your testing is complete, you can move from virtual to physical machines. Every and systems recovery. other step is self-explanatory and can be set up in a few minutes.

www.Reso-Net.com Resources Microsoft Exchange Server 2003: http://www.microsoft.com/exchange/default.mspx BlackBerry Enterprise Server for Microsoft Exchange: http://www.blackberry.com/products/software/server/exchange/index.shtml Microsoft Visio 2003 Connector for Microsoft Baseline Security Analyzer: http://www.microsoft.com/technet/security/tools/mbsavisio.mspx Microsoft Operations Manager 2005: http://www.microsoft.com/mom/default.mspx MOM Management Pack for Exchange Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=EFDEA5C6-6835-47CB-AF4F-43F3A3E30279&displaylang=en The Exchange Best Practices Analyzer: http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx MOM Management Pack for BlackBerry Enterprise Server: http://www.ivision.com/solutions.html or http://www.excsoftware.com/version3/version3 /Product.aspx?ID =ecd1b803-6ebb-419e-8c10-a49a5febf6c1 Microsoft Virtual Server 2005: http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx VMware Server: http://www.vmware.com/products/server/ Microsoft Virtual Server Migration Toolkit: http://www.microsoft.com/windowsserversystem/virtualserver/evaluation/vsmt.mspx CA XOsoft Solutions site: http://www.XOsoft.com/products/index.shtml CA XOsoft Download site: http://www.XOsoft.com/download/index.shtml EMC RepliStor Web site: http://software.emc.com/products/software_az/replistor.htm Symantec Veritas Replication Exec Web Site: http://www.symantec.com/Products/enterprise?c=prodinfo&refId=50 Double-Take Software Web Site: http://www.nsisoftware.com/default.aspx Project6 8/15/06 1:04 PM Page 1 0906red_RedReport9-18.v11 8/15/06 1:30 PM Page 18

RedmondReport

few IT managers will upgrade just to get tweaks like the Vista Sidebar or the Windows Photo Gallery application. Instead, they’re looking for the fully bi- directional firewall, which examines both inbound and outbound packets, and the powerful User Account Control functionality, which effectively limits user rights to reduce malware exposure. There’s also the added benefit of Inter- net Explorer disabling ActiveX functionality, and running in a strictly cordoned sandbox—a function not present in the non-Vista version of IE7. The innovation cuts off a popular vector for malicious code entering the system. Vista Build 5472.5 is a noticeably improved and significantly stronger offering than the troubled Beta 2 product Microsoft released two The refined Flip3D view makes it much easier to recognize detail on the various application windows. months before. The question is, has it arrived in time to let Microsoft current Vista build. It’s likely that many While Vista Build 5472.5 does a much make its self-imposed November applications will need to be updated to better job of showing off the bells and release deadline? run under Vista. whistles in the new operating system, — Michael Desmond Project4 8/9/06 2:18 PM Page 1

Secure global access anytime, anywhere...

Propalms TSE, an indispensable alternative to Citrix¨ providing powerful and secure thin client solutions for Windowsª Server 2003 and 2000 environments.

HereÕs 10 reasons why more companies are turning to Propalms TSE: 1. Significantly more cost effective than Citrix 2. Simplifies deployment and administration of applications with no specialists required 3. Secure remote access to applications via SSL Gateway 4. Seamlessly extends Terminal Services in Windowsª Server 2003 and 2000 5. Fully Universal Print management solution 6. Reduce software license costs 7. Portal based access to applications for remote sites, home users, contractors and partners 8. Remote control for training and support purposes 9. Extend the lifecycle of desktop hardware 10. Reduced support costs

For an effective solution that doesnÕt cost the Earth visit www.propalms.com or call Tridex Systems today!

www.propalms.com

T 303.925.1375 E [email protected] www.tridexsys.com Project6 8/11/06 2:15 PM Page 1

Defragment Every Drive On Your Enterprise Without Leaving Your Chair (Or even lifting a finger)

PerfectDisk Command Center™ Perfection Made Automatic

Introducing Recognized as the world’s most powerful mentation without having to first open the file, defragmenter, PerfectDisk has always been the further reducing any system impact of defrag- secret to faster, more reliable computers. Now, mentation. And new disk and CPU throttling with a powerful new suite of enterprise tools, provide even greater control over resources. PerfectDisk 8.0 takes disk defragmentation to What’s more, Raxco’s exclusive AutoPilot the farthest reaches of the enterprise, while Scheduling™ provides automatic defragmenta- placing total control right at your fingertips. tion at the optimal time for each user. And Centralized Management Are you sitting down? Good. Because AutoPilot Scheduling’s Screen Saver Mode And Reporting with the PerfectDisk Command Center™ you enables idle-time defragging at user-defined can easily deploy, configure and manage the intervals. (There’s really nothing to it.) Patent-pending defragmentation of every system on the enter- And features like our Single File Defrag Resource Saver™ Technology prise... all from the comfort of your own desk- and Consolidate Free Space Defrag (part of top. And that’s just the beginning. PerfectDisk's Space Restoration Technology™ ) Exclusive Space Our all new enterprise reports deliver are particularly valuable for users working with ™ Restoration Technology valuable performance statistics and at-a-glance supersize files. Exclusive AutoPilot graphical displays that track and identify any Give your users reason to stand up and ™ fragmentation issue on any managed computer, cheer. And while PerfectDisk 8.0 is busy keep- Scheduling and much more. ing each computer in tip top shape, you can sit In addition, PerfectDisk‘s patent-pending back and simply take the credit. For the details Resource Saver™ technology finds file frag- and a free demo, visit www.perfectdisk.com

¤ ® 1-800-546-9728

www.raxco.com June 8, 2004 May 24, 2005 PerfectDisk 6.0 PerfectDisk 7.0

Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. PerfectDisk is a registered trademark of Raxco Software. PC Magazine Editors’ Choice Award Logo is a registered trademark of Ziff Davis Publishing Holdings Inc. Used under license. All other product names mentioned herein are the trademarks of their respective owners. 0906red_ProdRev_21-24.v6 8/15/06 4:49 PM Page 21 ProductReview Last Line of Defense You set the policy, Endforce ensures that it’s followed.

Endforce Enterprise $7,500 per server, $40 per client Endforce Inc. 614-923-6200 www.endforce.com

BY ERIK WESTGARD mizing data loss from theft The headlines were ablaze and misuse, but you do still recently with a widely publi- need tools to help develop, cized story about the appar- implement, report and ulti- ent theft of a vast store of mately enforce your organi- personal data from the Veter- zation’s policies. an Affairs agency. A laptop Phishing attacks, distrib- with names, addresses and uted denial-of-service social security numbers of attacks, worms and viruses Figure 1. There is a list of more than 500 applications and patches thousands of former military target known vulnerabili- from which you can choose. personnel was stolen from an ties, but preventive meas- agency employee who had ures can effectively address which provides excellent Connect. Endforce partici- brought the computer home. these threats. Mobile com- scalability. pates in all these programs. Thankfully, this turned out to puting assets and those You can have the actual be nothing more than a hard- belonging to visitors, con- client-system assessment Protect and Serve ware theft. (At press time, two tractors and business part- done by an installed software Given the complexity of the teenagers had been arrested ners present a greater client or a clientless Web process and how many net- in connection with the theft.) security challenge. You real- agent. The Endforce Enter- work and software elements Could better security tools ly can’t enforce software prise agent and client soft- the packages touch, End- and hardware have prevented standards or patch manage- ware supports Windows 98 force provides onsite instal- this situation, or was this a ment policies on every sys- SE, Windows NT,Windows lation support for every breakdown of policy? Having tem brought into your 2000, Windows XP and customer. (As our review a good security policy is facility for a one-hour Windows 2003, and will process rates ease of installa- indeed a key factor in mini- meeting, for example. support the forthcoming tion, I insisted on installing Endforce Enterprise Windows Vista. the packages myself.) REDMONDRATING addresses this loophole by There’s also a DHCP The documentation intro- taking a server-based Enforcement module that duces a lot of new terminol- Documentation: 10% ____ 6 approach to patch manage- can quarantine or deny ogy and concepts, but Installation: 10% ______5 ______ment and enforcing security access to non-compliant doesn’t have a basic sample Feature Set: 20% 10 policies. Endforce Applica- workstations. One of the configuration or case study Performance: 40%______9 Management: 20% _____ 10 tion Server runs on Win- helpful industry trends in you could use to get a lab dows 2003, and uses Active this space is the emergence up and running. References Overall Rating: 8.7 Directory for developing of policy enforcement stan- to the built-in help screens ______and enforcing policy. It dards from Cisco (NAC), were helpful, but I prefer to Key: 1: Virtually inoperable or nonexistent stores policies and reports and Microsoft (NAP), and a not jump around. 5: Average, performs adequately 10: Exceptional in a separate SQL Server cross-industry consortium The application server is 2000 database system, called Trusted Network essentially a series of Web

| redmondmag.com | Redmond | September 2006 | 21 0906red_ProdRev_21-24.v6 8/15/06 4:49 PM Page 22

ProductReview

sites. The main user inter- You also need to create change so nothing is lost. can only download the face Web site installs easily, remote-access policies for One of Endforce’s needed patches. Once as does the database server. LAN and VPN users. strengths is the sheer num- patched, you could go back The registration, policy and The steps to create the ber of options you have for to your normal work. This reporting Web sites are elements, agent templates selecting “elements” or solves the problem and designed to use HTTPS and and policies were a bit con- software patches (see Figure saves a help-desk call. a Web certificate. fusing. The basic idea is to 1, p. 21). The ability to give Endforce tech support sug- There’s an undocumented create an agent template, users messages based on gested the following steps workaround to turn off this and then build an agent file policy findings, and the for a test installation of the requirement for the three and download it to an .MSI option to specify the exact quarantine functionality: major Web sites. To get this file, which is then installed versions and releases for • Set your agent template/ working in my lab, I had on the targeted clients. The each application is impor- agent configuration to to make the change to each process for doing this for tant. You can even create quarantine of the Web sites and by trial the Web client was some- custom elements. • Configure an agent file and error to all of the relat- what confusing. You had to using the above template and ed modules. Endforce uses find the option for a Web Under Quarantine save the agent .MSI file IAS and Radius for authen- file creation in one of the Quarantine is a cool fea- • Create a resource, select tication services. drop down boxes. ture, which you activate or policy manager and add the One of the first steps to Then you create a policy enforce in the DHCP mod- IP of your app server get up and running is to and add the elements. You ule. If you’re out of compli- • Create resources for any create a user group that have to hit the copy button ance (with an out-of-date servers the quarantined end- maps AD or Windows NT to “grab” elements you’d like virus definition, for exam- point will need access to security groups. You need to include in the policy. ple), the system would • Create quarantine and to come up with 32-charac- Make sure that you update direct you to a “quarantine” add resources (app server ter authentication codes. or save the policy after each area via DHCP, where you is added by default). This

7KHZHE·V EHVWGHDOV H'LUHFW6RIWZDUHFRP RQJHQXLQHVRIWZDUH

0LFURVRIW2IÀFH 0LFURVRIW:LQGRZV;3 0DFURPHGLD 3URIHVVLRQDO(GLWLRQ 3URIHVVLRQDO(GLWLRQ 'UHDPZHDYHU 2QO\ 2QO\ 2QO\

0LFURVRIW:LQGRZV $GREH&UHDWLYH6XLWH 0LFURVRIW2IÀFH $GREH$FUREDW 0LFURVRIW2IÀFH +RPH(GLWLRQ 3UHPLXP 6WXGHQW 7HDFKHU(GLWLRQ 3URIHVVLRQDO(GLWLRQ 6WDQGDUG(GLWLRQ 2QO\ 2QO\ 2QO\ 2QO\ 2QO\ Project3 8/16/06 10:54 AM Page 1

FOLD FOLD

DDAATTAA BBAACKUPCKUP WITH OUT ACRONIS

THE COMPLETE DATA BACKUP AND RECOVERY SOLUTION. DOWNLOAD A FREE EVALUATION AT: WWW.ACRONIS.COM FOLD FOLD 0906red_ProdRev_21-24.v6 8/15/06 4:49 PM Page 24

ProductReview

specifies access for quaran- • Install the agent on end- • Change your policy (both sible conditions, including the tined endpoints point and authenticate access condition and mes- appearance of a misplaced or • Create a basic policy using your AD password sage tabs) to check for End- improperly inventoried lap- (check for Endforce agent and user name force agent 3.0 top or one known to have version 2.5), set it as default • You should receive any • Right click the agent issues that require immediate and select the quarantine messages you’ve added to your icon (in tray) and check action. There are 17 different definition created above policy and not be quarantined compliance report sections, ranging from You should now get the tracking current agent ses- default “out of compliance” sions to application usage message. Then you should be reports. Endforce Enterprise quarantined (unable to ping is worth a look. It’s a com- any device that isn’t specified prehensive, standards-based in the quarantine definition) solution that should be The main Web interface effective in a long-term gives you a range of policy security infrastructure. — creation tools, reporting tools and an audit function. Erik Westgard (ewestgard@ From here, you can check on att.net), MCSE, CQS-CFS, recent changes to policy CQS-VPNS, works as a VPN databases, like recently cre- design consultant for a major ated or updated accounts. managed services provider.After Alerts are another manage- spending a few years in man- ment tool. You can use these agement, he’s back to developing Figure 2. When a system is listed as being out of compliance, to generate e-mails or event and managing training and Endforce will suggest an action (or actions). log entries for a range of pos- certification programs. 0906red_Roundup25-32.v6 8/15/06 11:10 AM Page 25 RedmondRoundup Cover Your Assets Get a grip on your networked assets with the right asset management tool.

BY DANIELLE RUEST AND NELSON RUEST hardware and software inven- When someone asks how many PCs are tory management in your organization or how many • Novell ZenWorks Asset copies of Excel are in use and on which Management—a tool that pro- systems, you should know the answers. vides comprehensive software If you don’t, you need to get busy. asset management capabilities In this age of compliance, it’s essential • Special Operations Soft- Figure 1. The Altiris Console is a compre- to know what you have and where it is ware Specops Inventory—a tool that hensive, Web-based interface. at all times. Gartner surveyed attendees uses Microsoft’s Active Directory to do of its 2005 Gartner Data Center Con- inventory management that gives you a general view of software ference and found: Missing from this roundup are ven- usage, denial or blocking. This feature is • 51 percent did not have an asset dors like Microsoft, LANDesk and CA. essential for generating reports on who management system in place Microsoft declined to participate is using what software. One common • 92 percent did not have a link because its Systems Management Serv- problem organizations face with soft- between their asset management sys- er is undergoing significant changes ware licenses is installing software that tem and their change/configuration and will soon be released under a new employees never use, paying for extra management tools name—Microsoft System Center Con- licenses without reaping any benefits. • More than 50 percent did not track figuration Manager 2007. Others Level two adds asset control. With software usage as well as software assets declined for various reasons. These this you can add custom assets such as • Of those using an asset management products give you an idea of the type of desks, chairs, telephones, cubicles and system, only 65 percent included both system you’ll need to finally gain con- so on. This gives you a complete view desktops and servers trol over your technology assets. of a user’s needs. It also adds contract • Of those considering an asset man- management, which links contracts to agement system within the next two Altiris Service & Asset asset inventories and supports proactive years—almost all were looking for an Management Suite license management. Bar-coding (with integrated asset management/change Depending on which components you or without a device) for receiving and and configuration system select, the Altiris Service and Asset tracking assets is also part of level two. Compliance and costs are the major Management Suite (SAMS) focuses Level three integrates service man- reasons why inventory alone no longer purely on asset tracking, asset lifecycle agement. This means help desk person- flies. It’s also why including usage data management or integrated asset and nel have immediate access to the with license management is essential. service management. SAMS supports supporting information when a ticket is Otherwise, you’ll either be non-compli- each phase of an asset’s lifecycle—recep- opened on a particular asset, including ant or paying for products you don’t tion, preparation, deployment, invento- service contracts, warranties, organiza- use. The asset management technolo- ry, maintenance and retirement. It can tion servicing this asset and so on. gies included in this roundup can help tie assets to individuals and track them The first level requires a license for your organization maintain control of throughout the organization, support- each managed asset. Levels two and its technology resources: ing the move, add, and change process three only require licenses for those • Altiris Service & Asset Management during an employee’s lifetime. Altiris using them or accessing the information. Suite—a complete suite of asset man- sells these components in three “levels.” Licenses are transferable as long as only agement tools Level one is the electronic inventory one user accesses a license at one time. • KACE KBOX IT Automation and asset management system. It also Installing SAMS is straightforward. Appliance —a hardware appliance for has an application metering function Altiris uses a step by step, easy to follow

| redmondmag.com | Redmond | September 2006 | 25 0906red_Roundup25-32.v6 8/15/06 11:10 AM Page 26

RedmondRoundup

process. First install the Altiris Server (or 1 = Virtually inoperable Notification Server), then connect it to a In this or nonexistent Roundup REDMOND 5 = Average, performs Microsoft SQL Server database. This RATING adequately can be the Microsoft SQL Server Desk- 10 = Exceptional top Engine, but we’d recommend using a Asset Lifecycle Management [20%] Contract Management [10%] real version of SQL Server 2000 or even Altiris Service & Asset Shipping & Receiving [10%] OVERALL RATING Management Suite SQL Server 2005. Next, move on to the Documentation [10%] Feature Set [20%] Ease of Use [10%] Innovation [10%] Configuration tab and Upgrade/Install Level 1 (basic asset tracking), $35 Reporting [10%] Additional Solutions. Select the solution per managed node level you need and install it. Level 2 (receiving, asset and contract Altiris just released version 6.5 of the management) $10,995 per licensed Altiris console, making it much easier seat, with multiple users to work with the product. Version 6.5 Level 3 (service management) provides a Web-based dashboard and $2,995 per licensed seat lets you customize your desktop exactly Altiris Corp. as you need (see Figure 1). One of the 888-252-5551 most compelling features is the Resource Association Diagram, which www.altiris.com 9 10 8 10 10 10 8 8 9.2 lets you view all devices associated with a user, drill down into each device, see KACE KBOX IT Automation its association with others and so on Appliance (see Figure 2). This is a live view, so Pricing starts at $7,500 for 100 nodes you can directly interact with assets. $13,500 for 100 nodes with scripting, Because it starts with the initial entry security and help-desk modules into the asset database, SAMS lets you KACE Networks Inc. 888-522-3638 www.kace.com 8 7 n/a n/a 10 10 8 7 8.3

Novell ZenWorks Asset Management Single device/user license starts at $33 Single device/user license with one year maintenance starts at $41 Novell Inc. 800-529-3400 Figure 2. The Altiris Resource Association Diagram provides a graphical representation www.novell.com 9 7.5 9 n/a 10 10 8 10 9.0 of asset associations. Specops Inventory track an asset from the moment it’s acquired to the moment it’s retired. $16,000 for 1,000 seats This means you can generate thorough $28,800 per 1,000 seats with historical reports on what has happened Specops Deploy to a device throughout its service cycle. Special Operations Software Altiris SAMS is simple to use, sup- 866-857-5325 ports multiple operating systems (Windows, Unix, Linux, Macintosh www.specopssoft.com 9 7 8 n/a 10 10 10 9 8.9 OS and personal digital assistant OSes) and controls assets through To account for non-applicable categories, higher scoring percentages policies. It’s one of the most compre- were assigned to Feature Set and Ease of Use.—Ed. hensive systems available.

26 | September 2006 | Redmond | redmondmag.com | Project4 8/11/06 1:01 PM Page 1 Announcing APC Data Center Test Drive Days, September 18-22

BMW Sauber F1 Teams with APC

Everything about the BMW Sauber F1 Team is high-performance. That’s why the team utilizes APC’s revolutionary InfraStruXure® architecture for its data center. InfraStruXure is our power, cooling, and environmental management solution for data centers.

Winning companies agree: New InfraStruXure® architecture drives high-performance data centers

® Get up to speed on the fastest-growing • Real Time InfraStruXure Events data center technology. Find out how — See InfraStruXure in a real world InfraStruXure® architecture can help environment and learn ﬁ rst-hand you consolidate your servers, imple- why APC’s revolutionary approach is ment high density blade environments, changing the way the world designs, improve availability and agility, and builds and manages data centers. lower your total cost of ownership. Using • Trade Shows — Join your peers an open, building-block approach and stan- and see APC solutions in action at one dardized, modular components, InfraStruXure of the trade shows where we will fully integrates power, cooling, and environ- be exhibiting. mental management within a rack-optimized • Movie Events — The perfect venue for design. Allows you to install only what you need gathering with colleagues, hearing the latest news today, yet scales easily to meet future demands! on APC solutions and enjoying a night at the movies. • Hospitality Events — Enjoy a ﬁ ne dinner and APC Education Events Nationwide! informative presentation, compliments of APC. Get up to speed on the latest data center technology and For dates and locations in your area, call methodology at FREE education events offered during 888-289-APCC at extension 3671 APC Data Center Test Drive Days, September 18-22. or visit www.apc.com/promo and enter key code n322x

A recent vendor scorecard by readers of CIO Magazine put APC at the top! Find out how Get FREE gear, plus a chance to win great prizes!* our engineers can put your data When you attend an APC Test Drive Days event (Sept. 18-22), you’ll get center in the pole position and FREE APC gear** and also be entered to win one of the following great prizes: attend our test drive events! 1 2 3

All-expenses-paid trip to a Formula1 race BMW 2-Day Driving School APC AV Engineered Power Solutions For dates and locations of events during APC Test Drive Days (September 18-22)

in your area, and contest rules, call 888-289-APCC at extension 3671 or visit **Actual items may vary. Quantities limited. www.apc.com/promo and enter key code n322x.

©2006 American Power Conversion Corporation. All trademarks are property of their owners. 132 Fairgrounds Road, West Kingston, RI 02892 USA *Go to www.apc.com/promo and enter keycode for terms and conditions, complete contest rules, dates and locations. APC3A6EF-US 0906red_Roundup25-32.v6 8/15/06 11:10 AM Page 28

RedmondRoundup

KACE KBOX your DNS server that redirects clients The KACE KBOX IT Automation to the right location. You could also Appliance differs from the others, as it’s edit the .MSI, which is the recom- a rack-mounted server device that you mended approach. You can do this work with through a Web console. It’s directly with free tools like the ORCA configured as a management toolkit to .MSI Editor from Microsoft or through handle electronic inventory and soft- packaging tools like Wise Package Stu- ware deployment. dio or Macrovision’s FlexNET Admin- The KACE KBOX is driven almost Studio. Editing the .MSI is the best way entirely by open source software, to go because it gives you complete con- including FreeBSD, Apache Web Server, trol of the settings. Figure 4. The Kace KBOX Software PHP,MySQL, SendMail and ZipLib. Once the client is deployed, it auto- Inventory uses its agent to scan and The KBOX comes with a RAID 1 con- matically performs a comprehensive report on software applications installed figuration of mirrored drives and a third hardware and software inventory and throughout the network. backup drive for simple data protection. reports back to the server (see Figure 3). Installation and deployment is easy— The KBOX’s Network Scan feature is assets. If you’re familiar with SQL, place it in a rack, connect its ports and how it discovers and manages Macin- you can use the KBOX to generate then log on to the Web console. Still, tosh and Linux systems, routers, print- custom reports. Overall, the KACE KACE offers a free hour of training to ers and other network devices. KBOX is a powerful tool with a com- all customers. KACE also provides con- The server interface includes several plete set of services suitable for small sulting services, if needed. tabs for Inventory, Distribution, Script- to medium networks. Client deployment is a bit trickier; ing, Security, Help Desk, and Alerts and you have to set it up through a logon Reports. Under inventory, the KBOX Novell ZenWorks has tabs for Computers, Software, Net- Asset Management work Scan, Computers—MIA (Missing Novell has long been known for its in Action) and Labels. You can click on network operating system. Now it’s any computer’s icon, for example, to focusing on open source technologies. automatically launch a Remote Desktop Nevertheless, the majority of Novell’s Connection to that device. revenues are generated by its Zen- You can use the Labels function to Works system management tools. organize inventory management. For However, comprehensive asset man- example, you can use the search feature agement was always missing from the to identify all machines from a specific ZenWorks lineup. Novell has rectified subnet and assign geographic labels to this with its purchase of Tally Systems. Figure 3. The KACE KBOX Inventory that group. For mobile systems, you The core Tally TS.Census product has Console is a Web-based interface you can create custom filters that assign an become ZenWorks Asset Management can use to interact with the server. appropriate label based on dynamic (ZAM) and sports a Novell look and script. Because the client agent uses the values. This way, when your user is feel. At the time of this review, the .NET Framework, the logon script will logged in at the home office, their PC new tool had not yet been fully inte- automatically install both .NET and will have a home-office label. When grated with the other ZenWorks com- the agent if the user has the appropri- they’re in a branch office, they’ll have a ponents, but Novell is clearly moving ate rights. If not, you need to use a branch-office label. in this direction. workaround to grant temporary rights. The software tab provides a complete You can install ZAM in Standalone or It’s surprising that there’s no other listing of all software found running on Enterprise mode. In Standalone mode, deployment mechanism. Client instal- the network (see Figure 4). Titles are everything installs on the same server, lation is an .MSI, so you could always grouped alphabetically by default, but including the database. In the Enter- deploy it with AD, but this is kind of you can easily change that setting. For prise deployment, ZAM distributes redundant, as one of the KBOX func- compliance issues, the KBOX offers different roles to multiple servers. tions is software delivery. several reports, categorized by report You’ll also need to have the database You need to do one of two things to type. The KBOX also lets you add available (either Microsoft SQL Server make sure your clients talk to the right licensing information to your invento- Desktop Engine, SQL Server 2000 or server. First, create a KBOX entry in ry reports to help you manage software 2005, or Oracle).

28 | September 2006 | Redmond | redmondmag.com | Project3 7/7/06 11:44 AM Page 1 0906red_Roundup25-32.v6 8/15/06 11:10 AM Page 30

RedmondRoundup

There are six key components 1. Begin with an inventory to ZAM: 2. Import your purchase records • The ZAM Manager is the 3. Reconcile discovered products primary system interface 4. Reconcile product catalog • The collection server 5. Produce final compliance report gathers information on your The second step, import pur- software assets chase records, can link directly to • The task server generates vendor-supplied information, scheduled tasks like database which makes it easy to link pur- cleanup, report generation and chase records to deployed assets. so on You can generate compliance • The file store collects information Figure 5. ZenWorks Asset Management reports through pie or bar charts to offers a nice, clean interface through its from clients Web console. provide management with the clean- • The Web console provides system est, most up-to-date information in a access server software, hardware, upgrade few simple steps. • The asset database itself readiness, license tracking and even soft- Overall, this is the best software asset Other components include client-side ware or file usage. ZAM also generates management tool we’ve seen. It will be tools like the collector client, which is custom reports, and all reports let you interesting to see how Novell inte- an agent that collects data and ships it drill down to detailed views. grates it to its other ZenWorks man- to the file store to be added to the data- The biggest problem with electronic agement tools. base. There’s also an editor to modify inventory tools is that they often report collected data before it’s stored. too much information. It’s not surprising Special Operations Software While ZAM performs some hardware since software is made of executables, Specops Inventory inventory, it really shines with software dynamic link libraries and other exe- Special Operations Software (aka inventory collection and management. cutable files that can be deemed as valid Specops) relies on AD to conduct most ZAM (formerly Tally) uses a highly products by an inventory agent. Not so management operations and that is just respected software asset management with ZAM. Tally worked extensively with what they’ve done with Specops Inven- engine. It’s certified by the Software software manufacturers to fully scan and tory (SOI). It makes sense. If you’re Information Industry Association (SIIA), document the installed state of almost already using AD, then why not use it an organization that aims to protect and every software product on the market. for management tasks? support both software vendors and users. Also, ZAM categorizes products on its Even though AD is a database, SOI ZAM supports hardware inventory own to help you identify where it fits doesn’t use it to store any collected for Windows, Macintosh, UNIX and in. These categories are, of course, cus- information. Instead, it uses Microsoft Linux devices, as well as networking tomizable. You can report by depart- SQL Server as the database. This equipment such as printers, hubs, ment, by workstation type, by product again makes sense because relational routers and switches. It doesn’t sup- type or mix and match. This is great for databases are much more suited to that port personal digital assistants. While compliance issues. type of information management. you can manually add this informa- The software compliance function lets The best aspect of SOI is that it tion, it is not yet integrated into bar you reconcile purchased assets with takes only a few seconds to deploy, code scanning technology. deployed assets. It uses a simple five- maybe even less if you already have When you first log into the ZAM step process (see Figure 6): SQL Server running. The reason Web console (see Figure 5), you’ll see setup is so easy is that everything that inventory reports, network discovery makes this solution work is already in and software compliance functions. place in any shop using AD. SOI is Discovery is fairly standard, discovering made up of Group Policy extensions, items through network subnets, agent so everything required to run it is deployment or network broadcasts. already in your network. There are Compliance gives a clear picture of no custom agents required on any what is out there and who is using it. client, saving considerable deploy- Reporting is the crux of the system. ment time and facilitating manage- Figure 6. ZenWorks Asset Management You can set up Reports any way you like. uses a simple five-step process for ment. Microsoft should take notes Reports identify systems, applications, license reconciliation. on how Specops uses AD to add more

30 | September 2006 | Redmond | redmondmag.com | Project1 7/6/06 9:30 AM Page 1 0906red_Roundup25-32.v6 8/15/06 11:10 AM Page 32

RedmondRoundup

functionality to this powerful manage- from any other database. Reports are in ment interface. XML format so they are very easily SOI can collect hardware, software, transportable. Reporting also supports GPO settings, registry keys, Windows automatic report generation and email management instrumentation data, user distribution, making it easy to send data, files, services and scheduled jobs automated reports to business man- from any system tied to AD (see Figure agers on a regular schedule. 7). To collect inventory information, SOI also has a data cleaner utility that simply edit the GPO and check the lets you link multiple values. For exam- information to be collected. The next ple, you could say that Dell, Dell Inc. time Group Policy refreshes on the and Dell Computers should all trans- client, it will gather the data from late to Dell to simplify inventory man- Figure 8. Specops Reporting is done entire domains, sites, or single organi- agement. Finally, by integrating through a Web interface, and is the easiest zational units. License Management, SOI can also reporting tool in this round up. map licenses to actual software use to If you’re managing a Windows shop, reduce costs—a valuable addition. but don’t want to use Windows tools to The most impressive aspect of SOI is do so, then the KACE KBOX IT that it uses components already devel- Automation Appliance is the tool for oped by Microsoft and extends their you. Setup is easy, but customizing any- functionality. Instead of forcing GPOs thing requires specialized knowledge. If to run a daily inventory, for example, it you’re a small to midsize shop and you modifies an existing key to ensure that like the default feature set, then the inventory is collected on a regular basis KACE KBOX is for you. even if the Group Policy Object hasn’t After acquiring Tally Systems,Novell changed. It also uses client side exten- has a powerful software asset manage- sions to make sure the ment solution. Tally has done Figure 7. The Specops Inventory Console is none other than the Group Policy Editor clients can use the Group For more details a lot of leg work getting this that is built into Windows. Policy engine to collect on the evaluation product up to speed. The process for this Red- inventory data. mond Roundup, visit Novell solution is not yet Because it uses AD’s common features, It’s surprising that this Redmondmag.com. integrated with other Zen- you can assign different levels of delega- level of innovation has to FindIT code: AMS Works components, so you tion to different operators. For example, come from a small com- can’t yet get into complete headquarters may want a full inventory pany when Microsoft keeps lumbering lifecycle management, but if you need from everyone in the domain, but site on with Systems Management Server, a software asset management, then this is administrators may only want certain tool that is barely connected to AD, the tool for you. registry keys from the users they man- requires AD schema extensions and a Specops Inventory is the most innova- age. SOI will automatically gather the duplicate infrastructure for systems tive inventory solution we’ve seen to settings and deliver the information. management. Specops Inventory is def- date. AD is one of the best technologies Since the inventory client uses the oper- initely worth watching. Microsoft has ever delivered, so a tech- ating system’s own GPO processing nology like SOI that extends its func- capability, it has a zero footprint. The Final Word tionality is a boon to overworked and Specops also has a Reporting compo- The Altiris Service & Asset Manage- overextended Wintel system adminis- nent that lets you view reports through ment Suite is the best overall tool since trators. If you’re working in AD, you a simple Web interface (see Figure 8). it covers the entire lifecycle of any asset should take a good look at SOI.— Reports include compliance and basic in your organization. The Altiris inventory information. If you want a Resource Association Diagram is one of Danielle Ruest and Nelson Ruest (mcp- new report, just check the items you the best interfaces we’ve seen for deter- [email protected]), MCSE, MCT, MVP, want in the report, choose a look and mining who has what and their relation- are the authors of multiple books on systems an output format (HTML, Excel, ship to the rest of the organization. This design, administration and management. comma delimited or rich text format). is a powerful tool well-suited for medi- They run a consulting company focusing on Reports are generated from the SQL um to large organizations, especially IT infrastructure architecture and change database, but you can also run them those with heterogeneous environments. and configuration management.

ne of the most persistent questions I see in the forums one “closest” to each machine (usually the OU) will apply. The others will be on ScriptingAnswers.com is, “How do I write a script totally ignored. that puts a specific user or group into all my computers’ This policy setting also overrides any O other predefined membership in the local Administrators group?” I usually ask if the person is group. If the local Administrators group already has a bunch of members, they’ll working in an Active Directory be replaced by the members environment. If the answer is listed in this policy setting. yes, I break the bad news, “You You must configure all don’t need a script.” details of this policy setting, I know that sounds crazy including all members that coming from a huge scripting you need to have in there. In fan like me, but this is one of other words, don’t forget to those times when writing a specify the local Administrator script is more trouble than it’s account as a member of the worth. That’s actually good local Administrators group. news because the solution is Otherwise, that account will pretty easy. lose all its privileges. This is You’ll find it in your Group actually a great feature. You Policy Objects (GPO). While can define a new Administra- GPOs are great for configura- tor account and remove the tion, most people don’t think one that is built in. This helps Figure 1. From within the Group Policy of using them for administrative Object Editor, you can add members and make that often-attacked account less automation. Then again, the lines configure your groups. useful to an attacker. between “automation” and “configura- You can use this same trick to control tion” can get pretty blurry these days. groups in which this group will be a domain group membership. This helps Follow along in the Group Policy member. For domain members, it’s best provide more centralized control of Editor: to specify them in the groups like Enterprise Admins and • Open Computer Configuration, DOMAIN\GroupName or Schema Admins. Think of it this way: Windows Settings and Security Settings. DOMAIN\UserName format. You can use a GPO to specify member- • Click on “Restricted Groups.” (Yes, ship in these groups. Then you can set it’s empty by default.) Caveat Scriptor the GPO permissions so Enterprise • Right-click “Restricted Groups” and There are a few caveats to setting up Admins (or whomever) can’t actually select “Add Group.” groups like this. You can’t add domain modify the GPO. For this example, I’ll add groups unless you’re run- This is somewhat of a double-check What Windows the Administrators group, admin task would you ning Windows 2000 SP4 system to ensure that an Enterprise but you can add any num- like Mr. Roboto to or later, Windows XP SP2 Admin can’t readily elevate someone ber or type of member to automated next? Send or later or Windows Serv- else to that status. Of course, it isn’t the group (see Figure 1). your suggestions er 2003. Fortunately, most totally foolproof, but it’s helpful. — Be careful when typing don@scripting environments are at this answers.com user or group names level or better by now. Don Jones ([email protected]) is a because no validation is performed at Also, this policy setting doesn’t contributing editor for Redmond this level. Make sure that it’s a name “merge.” If you apply Restricted magazine. He’s currently working on the that each local workstation will be able Groups policies at the domain, site, and book, “Windows PowerShell: TFM” to recognize. You can also specify other organizational unit (OU) level, only the (www.sapienpress.com).

| redmondmag.com | Redmond | September 2006 | 35 0906red_F1SalSurvey36-46.v9 8/15/06 1:31 PM Page 36

36 | September 2006 | Redmond | redmondmag.com | 0906red_F1SalSurvey36-46.v9 8/15/06 1:31 PM Page 37 Money–In the IT Salaries Rise Again Salaries have gone up for the third time in as many years, according to the 11th annual survey of compensation and benefits. So, are you getting what you deserve? BY MICHAEL DOMINGO

ood news once again: Redmond magazine’s company is one of them, perhaps you can convince them to 11th annual survey of compensation for redirect some of that budget your way, in the form of a Microsoft IT professionals shows that salaries much-deserved raise. have gone up for a third year in a row. And so have raises and bonuses. Overall, salaries The Big Picture Gclimbed 3.3 percent, which might look more like a merit We’ll look into how you might justify a raise, but before we raise and pales in comparison to last year’s 12 percent jump. get to that, let’s jump into the rest of the big-picture numbers. Nonetheless, it’s better than what the market is dictating. This year’s 1,280 respondents report an average base salary of But here’s a sobering fact: The 3.3 percent salary gain is $70,901. Maybe that 3.3 percent gain doesn’t make you want actually lower than the inflation rate. The U.S. Bureau of to jump up and click your heels. After all, it hardly lives up to Labor Statistics reports that the Consumer Price Index the big gains locked in between the 2004 and 2005 surveys. rose 4.3 percent from June 2005 to June 2006. So, with The good news: Even at that tepid pace, our Microsoft-savvy inflation creeping up, how will you make up the difference? respondents were doing better than the IT arena as a whole. According to some reports, such as one from AMR According to the most recent wage data from the U.S. Research, U.S. companies on average were expected to Bureau of Labor Statistics, compiled from May 2005, net- increase their IT budgets by 19.5 percent this year. If your work and computer systems administrators earned a mean Call, Raise or Fold sking for a raise can be a stressful experience. If you’re brave enough, taking the direct approach and going in with a A sincere disposition can work, as long as you don’t put an ultimatum on the table. “I personally just took a deep breath, walked into her office and explained to her what I wanted and why I thought I deserved it,” says Mark Full, a SQL database administrator in San Diego. “She said she would review the request and get back to me. It actually worked out better than I had expected.” That kind of impromptu performance might backfire. After all, a salary negotiation is never a good time to appear unpre- pared. “Document, document, document,” is the mantra of David Abowitt, an MCSE and senior systems manager with the non-profit Jewish Federation Los Angeles. “Show all your skills, projects and [provide] salary surveys to show your case.” “I’ve always listed, in as much detail as possible, the achievements over a long period of time [and] I’ve shown growth in accepting additional responsibilities,” says Ken Scott, a senior server specialist with a regional medical center in Wichita, Kansas. “I never threaten to leave; I simply state the facts.” These words of advice offer no guarantee that you’ll get what you want. So, Terry Constable, a systems administrator for NetBank, has one more suggestion to keep you grounded: “Prepare for rejection.” — M.D.

PHOTO ILLUSTRATION BT JUAN ALVAREZ | redmondmag.com | Redmond | September 2006 | 37 0906red_F1SalSurvey36-46.v9 8/15/06 1:31 PM Page 38

In the Money

Computers for Life 2006 Compensation Ken Scott Base Salary $70,901 Sr. Server Specialist Wichita, Kan. Raise/Increase $ 4,307 Via Christi Health System Bonus $3,223 Salary: $80,000 Years in Computer Industry: 24 Age 41.7 years Certifications: MCP Years in IT 12.1 en Scott began selling computers— Mean: With MCP or better $69,431 KTandy TRS 80 Models II and III to be Mean: Other Certifications Data Unavailable exact—back in 1982, shortly after his first time seeing what the machines might mean Male vs. Female 11:2 for businesses. “I originally saw a Sony PC Education 58% have at least dedicated to accounting at an Office a 4-year degree Machine show in 1981,” he told us. “I wanted to be involved with them ever since.” Overall Satisfaction with He sold for other companies and eventually Compensation, 5 being best Data Unavailable started his own business—an endeavor that didn’t work, but one that he says was very Chart 1. A quick view of the results show a nice 3 percent jump from last year’s salary. Raises went up slightly, while bonuses also gained. Respondents this year are helpful in his IT career. “I’ve been told I work older and claim two more years of experience. Details for each can be found else- with business departments really well,” he where in this article or in the Adobe .PDF version. explains. “[It helps to] understand the flow of accounting and what affects productivity in a particular department.” salary of $63,210. That’s just 0.3 per- 19.6 percent of respondents thought Scott says that he’s pretty happy in his cent above last year. there would be no salary increase or current position as a senior server specialist Our survey reveals that the commu- even a decrease in 2006.) at the non-profit that he’s worked for since nity is not only getting richer, it is Bonuses, on the other hand, barely 1992. The benefits are good, he says getting older and taking on more budged, ending 2 percent higher than (“although once you’ve worked for yourself, responsibilities as well. For yet last year. But combine that data and you appreciate any kind of benefits,” he another year, the majority of respon- you begin to see some evidence point- laughs), and he has a lot of say in what he dents say they are more than 40 years ing to companies looking to retain works on every day. He’s enthused about a old—41.7 years on average, to be employees in a market short of skilled new, three-stage project, which will let IT precise—and collectively, the group IT workers. BLS data, for example, know if any application is malfunctioning— claims an average of 12.1 years of shows that the network and computer before it impacts the end user. “It’s fun to experience. Like the real world, IT worker segment has added 155,000 see a department excited about a product workers are making more and getting jobs since August 2003 and they you’re implementing.” grayer (and maybe it’s time you begin Scott says his salary matches his current to plan your retirement). title, but he’s actually doing a lot more than At 54, Ken Scott, a senior server spe- Methodology the moniker suggests, so Scott has been try- cialist with a regional medical center nlike surveys from previous ing to get a promotion (with a raise) to a in Wichita, Kansas, says he is already U years, this survey was done position that better reflects his duties. It “thinking about retirement, so salary internally. From a battery of about hasn’t happened—yet. “When you work for and benefits are very important.” 120 questions that were sent out a non-profit, one of the first things they’ll One more component of compensa- to 40,000 people culled from our cut back is money for promotions,” he says. tion—raises—is up again this year. own databases of IT professionals, Scott says he’ll probably work with com- Tack on another 19.4 percent to last we received 1,314 responses. Of puters in some capacity for the rest of his life: year’s figure—in 2005, it was $3,472— those, we removed all non-U.S. “Something in the consulting field, advising— and you’re looking at $4,307. That answers and ended up with a total something less strenuous, and hopefully not figure gibes with the expectations of 8 of 1,280 valid surveys. The report for a 24-hour shop.” percent of 2005 respondents, who has an error margin of 1 percent. — Becky Nagel predicted that raises would be in the — M.D. $4,000-$4,999 range in 2006. (Only

38 | September 2006 | Redmond | redmondmag.com | Project1 8/11/06 12:37 PM Page 1 0906red_F1SalSurvey36-46.v9 8/15/06 1:31 PM Page 40

In the Money

expect job growth to continue at 4.2 negotiation table. The same holds true IT Power Trip percent yearly. What’s more, the BLS in 2006. expects job growth to remain positive Steve Andrews, a systems administra- Timothy Carroll through 2012. So, IT workers this tor with a county government agency, Network Engineer year continue to be in demand or, at says his certification helped earn him a Morrisville, N.C. least, have some advantage going into $2,000 increase at his last job. But he Years in Computer Industry: 9 upcoming salary negotiations. says that “certifications have no Salary: $60,000 + benefits impact in my current [job].” Certifications: MCSA: Security W2K, MCSE: Can Certification Make David Guibord, a network adminis- Security W2K, CompTIA Security+ a Difference? trator with a marketing services com- Because this year’s survey is done as a pany in Farmington Hills, Michigan, ou couldn’t find a person more fit for joint venture with MCPmag.com, one says “[certification] initially got me the Yan IT job than Timothy Carroll, a net- unique factor we look at with some job.” But he adds that the letters after work engineer with a small developer of depth is the impact of certification on his name have had “no impact since.” custom Web applications in North Carolina. compensation. In the past decade since He’s still playing the certification game He wrote his first program on a Tandy/Radio we’ve conducted this survey, certifica- since he plans to keep his Cisco CCNA Shack TRS-80 Model III computer—at the tion has had a positive effect. The last current, which expired last year, and go age of 4. “I’ve been hooked ever since,” Car- three years, however, the shine has after his CCSA, to keep up on any roll confesses. been wearing off. About a third of you advances in router technology. Over the course of his 11-year career in IT, in 2005 said being an MCP carried no Guibord’s example underscores a he’s gained three security certifications— weight with your companies at the complex problem with certification: Microsoft’s MCSA: Security, MCSE: Security and CompTIA’s Security+ —which he says gave him a competitive edge worth an extra 2006 Salary of All Respondents, By Range $10,000 to $20,000—and he’s looking to add more. “I want to understand the new RANGE PERCENTILE technology, primarily, and I want to be able Less than $20,000 to prove I understand the new technology,” 1.3% Carroll says. $20,000-$29,999 1.2% He’s currently finishing up his MCSE: Secu- $30,000-$34,999 2.3% rity 2003 upgrade, and in the future, he’s $35,000-$39,999 interested in getting the MCSE: Messaging 4.4% and a SQL Server-specific certification, like $40,000-$44,999 6.1% the MCDBA—all of which are Microsoft cer- $45,000-$49,999 6.7% tifications. The certifications align with his $50,000-$54,999 company’s Microsoft infrastructure, and 7.4% help pave the way for Carroll to launch a $55,000-$59,999 6.7% career as a Microsoft expert or MVP. $60,000-$64,999 8.4% And he feels he’s in good hands: “I think it $65,000-$69,999 8.9% is evolving into a very mature program with very specific goals for each certification. I $70,000-$74,999 6.3% like that certifications are becoming more $75,000-$79,999 6.4% specialized; it adds meaning to them on $80,000-$84,999 6.7% what you can do.” Carroll says he’s “especially attracted to $85,000-$89,999 5.9% network security” and jokes that he gets a $90,000-$94,999 5.2% “power trip” from being the guy with “the $95,000-$99,999 3.0% keys to the whole company’s infrastructure.” He also welcomes the challenges. “No $100,000-$124,999 8.8% two days are the same!” he says. “The other $125,000-$149,999 2.6% IT jobs I had weren’t nearly as interesting. I $150,000 or more 1.8% really thoroughly enjoy all the security- related tasks I get to do each day.” Chart 2. We asked all respondents to select the range of their annual salary before taxes, bonuses or other types of compensation. The majority of salaries landed — M.D. somewhere above $50,000 and below $84,900. Mean salary this year was $70,901.

40 | September 2006 | Redmond | redmondmag.com |

0906red_F1SalSurvey36-46.v9 8/15/06 1:31 PM Page 42

In the Money

While it can help you gain or maintain expertise, which can in turn get Base Salary, Job Title you hired, there’s often no lasting impact beyond that. Programming project lead (non-supervisory) Add to that the fact that the market $90,000 for IT workers with MCP titles has Management (supervisory) $89,603 been saturated for some time—last we checked, Microsoft claimed 1.8 mil- Database administrator/developer $79,936 lion people worldwide have at least an Networking project lead (non-supervisory) $77,438 MCP. For quite a few years, our survey has even shown that those without Programmer/analyst $74,759 certification made more than those Network engineer who claim the acronyms, with non- $71,992 MCPs, at $78,962, gaining almost Webmaster/developer/producer $66,827 another thousand from last year. Still, more than a third of respondents say Systems administrator $62,285 they’ll continue to get certified on Trainer $58,661 Microsoft platforms or otherwise. Help desk/user support $47,775

Will You Be in IT 0 20,000 40,000 60,000 80,000 100,000 in 5 Years? Chart 4. Job title, as in years past, is one of many determining factors in salary.We asked respondents to choose the title that best describes their current position. Managers and project leads top the list this year, while help desk workers remain at the bottom. Numbers are 2005 average base salary. 10% Work in specific industries also has portation/utility ($80,242) industries advantages. Those fortunate enough rank a distant second and third, to work in research and development respectively. Aerospace salary aver- are at the top of the list when it ages this year have dropped, from comes to 2006 salaries, at $98,750. $88,571 in 2005 (when it ranked at Defense/military ($80,441) and trans- No. 1) to $79,423.

All Salaries Are Not Created Equal 90% hy is it that your salary doesn’t seem to mesh with the data you’ve just W read? Simple.When poring over the numbers, be aware of some of the Chart 3. The results show that most respondents factors that may influence your compensation: see an IT career as a long-term career choice, 1. Company Health—Is it doing well? How is it doing versus the competi- besting last year's result by 4 percentage points. tion? Does some of the wealth trickle down to employees? 2. Benefits—How does your company’s package compare? And does your Narrowing the Field company consider bennies a part of the compensation package? Putting certification aside, one other 3. Residence—Pretty much the formula is: big city, big bucks. strong salary factor is expertise. If you 4. Skill Set—Some companies offer monetary incentives for learning some- can specialize, you can separate your- thing new and stepping in to do that job. They save money and get a more self from the pack. Working for an valuable employee in the process. outsourcing firm continues its hot 5. Personal Performance—How much do you contribute to the bottom streak, this year improving to $86,437 line, or how much did you save them? Some bonuses are tied to this factor at (it was $84,139 in 2005). Specializing many companies. in Oracle or data warehousing can 6. Personality—If you’re generally pleasant, they’ll want to keep you around. help too, each earns $85,637 and These are just a few of the factors to consider as you evaluate your salary $85,167, respectively. At the bottom of against the numbers. As well, remember that our survey shows an average of the list is help desk support, which still 12 years of experience.You’re competing with a highly skilled workforce so, as commands a respectable $65,828. job hunters like to say, “salary is commensurate with experience.” —M.D.

42 | September 2006 | Redmond | redmondmag.com | Project4 5/5/06 12:31 PM Page 1

After all, you certainly deserve it. And with Transcender, reaching new certification heights is guaranteed 100%. In fact, with our industry leading approach to certification exam preparation, there’s no telling what you can achieve. Visit www.transcender.com or call 1-866-639-8765.

In the Money

For those who specialize in Base Salary, Certification Microsoft’s more esoteric technologies, the figures get even bigger. Try Com- merce Server on for size. Those who No Microsoft Certification claim it as a specialty report an average $78,962 salary exceeding the six-figure mark, at MCP, NT 4.0 $72,164 $108,125. Identity Integration Server MCP, Windows 2000 $69,757 experts come in just $5,000 shy of that MCP, Windows 2003 Server $68,426 figure, while one of the more hyped server technologies, BizTalk Server, MCP, Developer $73,409 nearly joined the club, at $99,583. MCP, Other $66,765 At the bottom of the list are those MCP+Internet $73,536 who deploy Small Business Server ($66,830, better than 2005 by $4,609) MCSA, Windows 2000 $71,672 and Windows client support personnel MCSA, Windows 2003 $71,250 ($67,275, better by $2,833 over 2005). MCSA: Messaging, Windows 2000 $66,667 We found that education plays a MCSA: Messaging, Windows 2003 $58,333 small factor in compensation. More than half the respondents say they MCSA: Security, Windows 2000 $68,452 attended some college, with more MCSA: Security, Windows 2003 $66,944 than one-third of those surveyed hav- MCSE, NT 4.0 $71,900 ing obtained a four-year degree or pursued post-graduate studies. Only a MCSE, Windows 2000 $69,905 tiny fraction claimed not to have any MCSE, Windows 2003 $67,057 higher-level education. MCSE: Messaging, Windows 2000 $63,804 MCSE: Messaging, Windows 2003 The Future of Hiring $67,143 One negotiation tactic that can MCSE: Security, Windows 2000 $70,395 work—one we never recommend if MCSE: Security, Windows 2003 $72,024 you intend to bluff—is seeking other MCSE+Internet $69,563 job offers. This year, more of you report that your companies plan to MCAD, VS .NET $79,022 hire, at 44 percent (better than 2005 by MCSD, VS 6.0 $74,722 4 points). Of those who say their com- MCSD, VS .NET $74,063 panies plan to hire, 42 percent believe MCDBA, SQL Server 7 they will take on at least one more per- $68,250 son, while fully one in four expects to MCDBA, SQL Server 2000 $71,515 add at least 11 more IT workers. MCT $70,648 The results back up job data that MCDST $71,466 companies are seeking to fill IT positions. Yet again, the BLS is a good MCTS: SQL Server $91,500 source here, projecting that some 1.1 MCTS: .NET $55,000 million IT jobs will be added by 2012. MCTS: BizTalk $47,500 More than a third of those jobs will be in computer systems design and related MCTS: Office $97,500 services, according to the BLS study. MCITP: SQL Server $125,000 (See www.bls.gov/opub/mlr/ 2004/02/ MCPD: .NET $55,000 art5full.pdf for comparisons.) Microsoft Certified Architect $42,500 Those numbers bode well for the job seeker, especially when it comes time Chart 5. All respondents provided their current annual income before taxes. The to negotiate salary. MCDST proved to be hot gainer for Microsoft last year, and the results here seem to prove it—the title gained $14,299 over last year's result of $57,167. The MCDBA: SQL 7 was the biggest gainer last year; this year, it dropped back to 2004 figures. IT: The Career We Love You’re working in IT for a reason and it’s not because it’s what you were

44 | September 2006 | Redmond | redmondmag.com | Project3 7/17/06 12:04 PM Page 1

Citrix Education Has Rolled Out New, Advanced Certifications...

...and IT professionals everywhere are celebrating.

With advanced certifications and training, IT professionals now can provide the best access experience by:

• Designing and building the most efficient Citrix environments • Providing optimal support for Citrix Access SuiteTM products • Drastically reducing implementation costs

Citrix’s advanced certifications are among the most highly respected in the industry:

Citrix Certified Enterprise AdministratorTM 4.0 (CCEA)— provides extensive preparation for build, test, rollout and support of all Citrix Access Suite products.

Citrix Certified Integration ArchitectTM 4.0 (CCIA)— provides advanced preparation to analyze the existing IT environment, and design for a successful implementation of the Citrix Access Suite.

Get rolling with our most advanced certifications and more at www.citrix.com/edu/redmond

CITRIX EDUCATION

©2006 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Access SuiteTM, Citrix Certified Enterprise AdministratorTM and Citrix Certified Integration ArchitectTM are trademarks or registered trademarks of Citrix Systems, Inc. in the United States and/or other countries. All other trademarks and registered trademarks are the property of their respective owners. 0906red_F1SalSurvey36-46.v9 8/15/06 1:31 PM Page 46

In the Money

born to do. Many of you find IT ful- compensation rated a score of 4.25, filling after having toiled in other GetMoreOnline an improvement over last year (4.09). professions. Guibord knew life as a The lowest rated category, “Other truck driver. David Abowitt, an In this article, you’ll find references fringe benefits,” scored a 3.78, still to additional charts in both an online MCSE and senior systems manager better than last year’s 3.47. version and a PDF version of this with the non-profit Jewish Federa- survey. The online version builds on With job satisfaction running higher tion Los Angeles, worked in sales. the content you see here, while the this year overall, it’s only natural that “What interested me the most was PDF contains the comprehensive 90 percent of respondents say they how easily I resolved problems and survey, including many more charts. plan to be around in the next five You can access both versions on pleased others,” says Phillip Newber- years. That means most of them may Redmondmag.com. ry, who also moved from a career in actually be around when Windows sales to IT consulting. “It appeared to FindIT Code: 2006SalPDF “Vienna” finally ships.— be a natural for me, while others struggled with understanding it.” Michael Domingo is the editor of Our respondents generally seem redmondmag.com MCPmag.com, a sister site to Redmond- satisfied with their current career mag.com, as well as co-editor of RCP choice. For the second year, we asked scale of one to five, with five being mag.com. You can reach him via e-mail about your career happiness. On a “very satisfied,” we found that overall at [email protected]. Salary by Other Certifications

PMI Project Management Professional $87,917 CompTIA CTT+ $66,000 Red Hat RHCE $86,875 CompTIA Security+ $61,848 Sun SCJP $85,357 CompTIA A+ $59,961 Check Point CCSE $84,643 CompTIA Network+ $59,342 Check Point CCSA $82,500 Oracle OCA $97,857* Other $78,800 ISACA CISA $92,500* Novell CNE $77,857 Oracle OCP DBA $90,625* IBM-Lotus (any) $77,500 Red Hat (other) $83,750* Sun Solaris (any) $75,192 SANS GIAC Certification (any) $83,000* Hewlett Packard ASE $74,722 (ISC)2 CISSP $82,800* Citrix CCEA $74,500 CompTIA Project+ $80,833* IBM (other than Lotus) $73,200 Novell Master CNE $80,000* Cisco CCNA $71,823 Cisco Specialization $78,214* Hewlett Packard (other) $71,220 Check Point (other) $77,500* Novell CNA $70,809 Help Desk Institute (any) $75,833* Cisco CCNP $70,500 Certified Wireless Network Prof. (any) $72,500* CompTIA (other) $70,000 Linux Professional Institute Level I $69,643* Citrix CCA $69,461 Cisco CCDP $65,000* Dell (any) $69,211 Nortel Networks (any) $65,000* Cisco CCDA $68,269 EC-Council (any) $63,750* CompTIA Server+ $67,250 Macromedia (any) $63,500* Apple (any) $66,923 CompTIA Linux+ $61,250*

Chart 6. We asked respondents what certifications they held other than Microsoft’s. (See Chart 5 on p. 44 for a breakdown of salaries by specific MCP title for comparison.) Numbers are 2005 average base salaries. As with many comparisons, there are myriad variables (such as experience and multiple certifications) that influence compensation other than the title itself. (*One caveat with the results reported here: We included some titles to compare to last year; however, those titles had 10 or fewer respondents, making them statistically invalid. Thus, they appear in order of descending salary after the CompTIA Network+ title, which is the lowest earning title. Use these numbers at your own risk.)

46 | September 2006 | Redmond | redmondmag.com | Project3 7/17/06 11:15 AM Page 1

The Most Universal Three Letters Since URL

At HP, a PMP® [credential] is a stamp of approval. Our major reason for focusing on project management certification is customer- based: We want to make sure we’ve got the best project managers. Customers across countries and industries ask us, what kind of project managers do you have? What kind of certification do they have? We can tell them that the majority of our project managers are certified. HP values certification. We have four levels of project managers, and the top three require a PMP certifi cation.

Ronald L. Kempf, PMP | Director, HP Services Project Management Competency Development & Certiﬁ cation

Making project management indispensable for business results. ® www.pmi.org/pmpredmond.htm Project Management Institute

© 2006 Project Management Institute, Inc. All rights reserved. “PMI”, the PMI logo, “PMP”, and “Making project management indispensable for business results” are registered marks of the Project Management Institute, Inc.

PMP_ad_Redmond.indd 2 5/18/06 10:10:15 AM Project2 8/3/06 3:46 PM Page 1 0906red_F2QA49-52.v9 8/15/06 11:39 AM Page 49

The Attackers With Novell emerging as a Linux powerhouse, CEO Ron Hovsepian sets his sites on Microsoft. Advantage

Ron Hovsepian takes charge of Novell Inc. as President Microsoft, something not attempted by anyone with con- and CEO at a critical juncture in the company’s long viction for years. and sometimes colorful history. Over the past couple of Hovsepian arrived as Novell’s President of North Ameri- years, Novell has mostly transitioned its sizeable user base ca in June 2003. Prior to that, the 45-year-old executive Rfrom Netware to Linux, refocused its business around servic- spent 17 years at IBM Corp., holding several management es delivered through partners instead of directly, and invested positions, including worldwide general manager of distri- heavily in cutting edge technologies like virtualization— bution industries, as well as manager of global hardware all this just to make up ground on Linux market leader and software development, sales and marketing. and arch-rival, Red Hat Inc. As if that weren’t enough, Hovsepian and Jeff Jaffe, Novell’s CTO, sat down with Hovsepian aims to cut a slice of desktop market share from Redmond Editor Ed Scannell to discuss a number of topics, including his plan to walk into the lion’s den known as desktop Windows.

Redmond: More than any other company, you’re going after Microsoft on the desktop. In doing so you’re fight- ing a war on two fronts—Microsoft and your competitors in the open source world, most notably Red Hat. Are you equipped to do that? Hovsepian: This is all about the discussion with the customer and what they want to do inside their shop. It’s also a discussion around value and innovation. We have posi- tioned ourselves as the enterprise Linux play ranging from the desktop to data center using the exact same code base. This is a really important differentiation for our users. The customer can apply where the value best fits for them. We believe customers will go through a conversion, not a migration, on their desktops in going from Windows XP to Vista. As much as they [customers] would like to believe it’s going to be a simple migration, Microsoft has rewritten big chunks of their code. Second, users are also going from 32-bit to 64-bit as part of that conversion, and we have already made that commitment to 64-bit [on the desktop] two years ago.

Novell CEO Ron Hovsepian believes his company can steal desktop share from Windows thanks to multiple delays of Vista and a common code base in SuSE Linux 10 that runs on handhelds to host systems.

| redmondmag.com | Redmond | September 2006 | 49 0906red_F2QA49-52.v9 8/15/06 11:39 AM Page 50

Q&A: CEO Ron Hovsepian

Redmond: How long is the window of opportunity open top. It was a significant step forward. But if you look at for you to succeed here? I suppose the Vista delays and the user interface paradigms we are introducing with our long evaluation cycles IT shops will need to assess Vista desktop, like XGL graphics for Windows management works on your behalf? techniques like displaying multiple windows and search- Hovsepian: If the customer does an honest evaluation ing through those windows, that is a different metaphor based on value and innovation for what they need, I for how one can approach the desktop. I can’t predict believe Novell will compete very well. That analysis has when but with new metaphors like this you will see pro- three parts to it: The cost of our desktop software, which ductivity changes that will give people reasons to move to is one-tenth that of Microsoft; the manageability of that a Linux desktop. environment and we have done some very competitive things there; and the training of the user base. The Redmond: How committed are you to Groupwise. Some development team here, particularly those working on critics believe you’re better off dumping it for something the desktop, has focused on what I call innovating with more economic potential. around equivalency. They have given users the “like Hovsepian: In any software business it’s important to experience” of Windows, but have innovated in areas to know who your customers are and how to maintain those give users a better experience. Our search paradigm [in relationships. Looking across Novell, we have about 50,000 SuSE Linux Enterprise System 10] is one example. customers worldwide and I view [Groupwise] as an important part of our customer base that we Redmond: People have talked about want to maintain. Groupwise is a very the killer app for Linux on the desk- rich platform in terms of the code top but it never seems to come. Will “What I will say is I base. What is exciting about what it be more like a killer collection of am looking through Groupwise can do is, we are the only bundled technologies at this point? a set of glasses that vendors who can deliver this [capabil- Hovsepian: I’ll take you down a dif- says profitability is ity] on Linux. We are the only one ferent road on that topic. It is going to who can give you a rich client and be killer value. The value will involve the first filter, and back-end experience on Linux. Lotus some of the innovation we have talked revenue growth is just announced something on Notes about, but as various industry seg- the second.” and so they have awoken to the reality ments mature what customers value — Ron Hovsepian, of Linux, which is great. changes over time. Think about the CEO, Novell Inc. And the beauty of open source is progression from VisiCalc to 1-2-3 to you can compliment Groupwise in Excel. Those were three different other areas as to how you expand products that had different reasons the footprint. We feel comfortable for succeeding and none of them were necessarily innova- investing in Groupwise but also leveraging what the tion driven. Our value equation will be linked around “it’s open source community is doing with other pieces that good enough.” I think users will be happy with the techni- work with Groupwise. cal innovation at a $50 price point. To me that is a hell of a story concerning value. Redmond: Where is your focus on applications going Jaffe: It’s called it the attacker’s advantage. If you look at to be? the history of computing there have been numerous Hovsepian: Our focus will be helping users work with times where technologies came along and supplanted mixed-source environments. We believe the market will other technologies that were better. A big part of the rea- evolve over time and have both proprietary and open son was people did not want proprietary and they wanted environments. That is very important in terms of where lower cost. When TCP/IP came along, for instance, it the market is going and where we have to be in terms of was not better than SNA at the time but it was open and supporting the users. When you deal with desktop users gave people choice and so people went for it. When the conversation has to be about choice. HTTP came along it was not the first hypertext approach or the best, but it was open and it offered choice. Redmond: How is the migration from NetWare to SuSe Linux going? Redmond: But will “good enough” technology be good Hovsepian: The answer is it never goes as smoothly as enough to displace something as entrenched as Windows you would like it to. But the good news is 80 percent of in large numbers? the customers have actually now contracted with us to go Jaffe: When Windows [3.0] came out that was a differ- to OES [Open Enterprise Server] over time. We have ent paradigm in terms of how you approached your desk- surveyed about 400 users and seen a good uptick among

50 | September 2006 | Redmond | redmondmag.com | Project6 8/15/06 2:39 PM Page 1

JORGE MADE LINUX FASTER

WE MADE IT ENTERPRISE-WIDER

Your Linux is ready.™

Introducing SUSE® Linux Enterprise 10 from Novell®. Built by a global community and secured, supported, tested and proven by Novell. From the desktop to the data center, SUSE Linux Enterprise10 is the Linux platform that brings discipline to open and innovation to the enterprise. So it’s more than cool and secure. It’s the Linux you’ve been waiting for.

To pursue the hottest certifications Novell has to offer on SUSE Linux Enterprise Server 10, visit our web site at www.novell.com/linuxcert

Copyright ©2006 Novell, Inc. All rights reserved. Novell, the Novell logo, and SUSE are registered trademarks and This Is Your Open Enterprise, Your Linux is ready, and the gecko logo are trademarks of Novell, Inc. in the United States and other countries. *Linux is a registered trademark of Linus Torvalds. All third-party trademarks are the property of their respective owners. Novell wishes to thank the thousands of developers who contribute to Linux every day. 0906red_F2QA49-52.v9 8/15/06 11:39 AM Page 52

Q&A: CEO Ron Hovsepian

those interested in doing pilot programs. We expect this to what you see when you put those two pieces together is flattish be a few years of transformation. to negative growth at different points in time. That is what we’re dealing with as part of that transformation. But our Redmond: Some Novell users and analysts were happy to financial position is strong. We are cash flow positive, we have a see you come into this job, but believe you have a limited balance sheet that holds $1.4 billion of cash and of that net amount of time to establish faster growth. Do you have a convertible is $700 million. I do have a self-imposed timeframe self-imposed time frame for getting that done? but I can’t go into detail on that yet. What I will say is I am Hovsepian: Absolutely. There is an inner sense of urgency looking through a set of glasses that says profitability is the first that I come with naturally. What I feel good about is that our filter, and revenue growth is the second. Linux business grew 20 percent last quarter, the identity business grew 20 percent—and that market is only growing at 11 Redmond: Generally, how do you see Microsoft as a percent —our systems management and management services competitor these days? Do you see any weaknesses associated with that grew 9 percent. What we’re managing now you can exploit? is the decline in NetWare as we migrate customers over. So Hovsepian: Novell has a history of focusing on Microsoft as a competitor, so my reorientations to the team centers around customers. In that spirit there are two things that are really important—namely giving customers’ openness and choice associated with how and where they spend their IT dollars. Push Your E-mail. Openness is counter to what that corporation [Microsoft] wants to do in life, and Trash Your Middleware. choice is also counter to what they want to do. I would even argue that value is, too. So against that backdrop we see their cycle times elongated and this is where the power of the open source community really kicks in. Look at the innovation of this new desktop [SLES 10] we have cranked out, and the cycle times we are able to get CTIA Wireless IT & Entertainment because of the meritocracy of open source Sept. 12-14, 2006 Los Angeles Convention Center and open standards. I really think the elon- Visit us in booth 729 gation of their cycle times compared to ours is a big issue for customers.

Using Exchange ActiveSync® Now available for the world’s Redmond: What did you learn in your technology licensed directly from Microsoft. most popular smartphones. years at IBM that you can apply to Nov- RoadSync provides secure, wireless and direct push ell’s competitive situation today? synchronization of Corporate Outlook® E-mail, Calendar, Contacts & Attachments—all in one affordable, scalable Hovsepian: Two big things.One was and easy to manage package. having come into IBM as it was peaking • No middleware server was a good learning experience because you • No service or subscription fees then went through the whole downside and • No cradle or desktop sync software then the whole revitalization of the compa- • Secure data transmissions and remote wipe ny. So both the cultural and business expe- • Full reliable attachment support for Word, Excel and PowerPoint® files with rience of going through that has been Documents To Go by DataViz invaluable to me in my role here. Second, it • Office mobility without compromise reminds me to stay focused on the customer, employees and shareholders. It’s that Learn how you can eliminate the hassles Available for Symbian OS based UIQ, associated with mobile e-mail. S60 and Series 80 platforms, Palm OS, simple: don’t over think it, Ron, keep it very Download a free Office Mobility Kit and receive Windows Mobile 2003 and select Java MIDP 2.0 devices simple and focused. This is that becomes a 30 day trial. Save time, money and increase my decision filter. — your productivity today.

Call 1.800.733.0030 or visit www.dataviz.com/redmond Ed Scannell ([email protected]) is Redmond’s editor.

52 | September 2006 | Redmond | redmondmag.com | Project1 8/3/06 9:33 AM Page 1

Monitor your network & servers 24/7!

Only $ for 10495 IPs; $ 1,275 for 50 IPs!

NEW: VERSION 7 OUT NOW!

Automated monitoring and alerting of all your critical server issues

GFI Network Server Monitor allows administrators to monitor the network for failures or irregularities. GFI Network Server Monitor is easy to use and supports monitoring for: Network and servers for software or hardware failures Status of services HTTP content, including web page content Mail servers (includes advanced checks for Exchange Server) Database servers (supports both SQL Server and MS Access as database backends) Disk space, services and processes on servers and on users workstations Internet link and SMTP gateways UNIX/Linux services (via SSH) GFI Network Server Monitor manager IMAP, POP3 & SMTP; using special checks which mimic actual network administrator actions! Download your FREE trial version from www.gfi.com/rmn/

tel: +1 919 379 3397 | fax: +1 919 379 3402 | email: [email protected] | url: www.gfi.com/rmn/ 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 54 Cyberspace Battle R Google vs. Microsoft We put these rivals’ tools to the test in a win, lose or draw contest. The overall winner just might surprise you.

BY MICHAEL DESMOND

icrosoft and Google are locked in an epic no-nonsense interface with a sophisticated page-ranking struggle for supremacy over the Internet. system. No one else came close. From Web search services and e-mail to Microsoft Windows Live Search (www.live.com) is do-it-all personal portals, the two companies ending this embarrassing Web rout. The new search Mhave traded blows like a pair of heavyweight Web page, still in beta, steals Google’s refined pres- fighters in a brutal championship bout. Of course, ence and matches the competition’s dizzying hand Google surged to a surprising early lead on the power speed, dishing out results in a flurry. The AJAX- of its wildly popular Google search offering, and then enabled interface, with its pleasing scroll effects, adds extended its gains by rolling out lauded services like welcome tweaks like a detail slider bar that lets you Gmail, Google Maps, and Google Desktop Search. determine how much in-depth information shows up Undaunted, Microsoft is greeting each blow with a on the results page. Repeat searches get a boost too. counter punch. With its ambitious Windows Live effort, Start typing in a phrase and the Live.com search bar Microsoft has landed an impressive flurry of body presents a filtered list of previous searches performed blows, quickly closing the gap with Google. The result: in Google or Windows Live. What looked to be an ugly rout has turned into a taut, While both search engines do a capable job, significant high-stakes war. differences exist. When I searched on my name in The good news is that no matter who gains the Google, for instance, the top four hits pertained to work upper hand, the intense competition will continue to I’d done for a number of different publishers. On produce ground-breaking software and services. Wit- Live.com, I didn’t pop up until the 12th item. Despite my ness the stunning functionality and dynamic interac- obvious disappointment, I can’t help but laud Live.com’s tion offered by Microsoft Windows Live Local, the satisfying search interface, which includes a helpful mapping and satellite imagery service that was a direct “Search within this site” sub-search box for each return response to Google Earth. Or consider the slick and (something I would use much more than Google’s “Simi- trouble-free presentation of Google Portal, which lar Pages” link). I also preferred Live.com’s image-search strikes an elegant balance between visual clarity and interface, which expands images on hover and offers rich content. greater context. Still, I found that Google dug deeper. A There’s a lot to like in this battle of Internet behe- search on the name of first-round NFL draft pick Kame- moths. Let’s see how the challengers are faring. rion Wimbley, for instance, turned up 110 image results in Google, and just 45 hits on Live Search. Web Search Google has done a great job extending its flagship Google Search vs. Windows Live Search search service, rolling out popular sub-sites like Google ess is more. Google emerged as the preeminent Maps, Google Newsgroups, Froogle shopping search, LWeb search engine by marrying a clean-and-fast, and the Google Scholar academic literature search.

54 | September 2006 | Redmond | redmondmag.com | PHOTOS BY GEOFF STEIN 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 55 e Royale: t

| redmondmag.com | Redmond | September 2006 | 55 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 56 Google vs. Microsoft

Windows Live mimics this approach. The list of Windows ton and dial in filters like dates, sizes and locations using Live search sub-properties include News, Images, Local, graphical controls. The resulting search variables are dis- Feeds, Academic and Products. Users can also create played in the primary search box, making it easy to keep an macros to kick off pre-built searches of specific content eye on what you are searching against. hosted on defined sites and in specified formats. Most important, the results can be displayed in a Windows Explorer window (the default quick search results appear in Judge’s Card: Split Decision | Google the Start menu area). That means you can instantly sort by Despite the impressive speed, date or file size or file name, and you can right-click and depth and performance of Win- copy/delete files. The GDS interface simply can’t match up. dows Live Search, Google That said, I did run across some unpredictable behavior. earns the nod for its deeper When I performed a Start menu search on the string search results and excellent cus- “.mp3,” it failed to turn up any of the 4,000-plus music tomization capabilities. And files under the Shared Documents folder of my Vista-based Microsoft still has no response PC. But the same search from the Explorer Search win- to Google’s newsgroup search, dows turned up the entire lot. an invaluable tool when sleuthing technical problems. Judge’s Card: Split Decision | Windows Live That said, we are in the early Desktop Search rounds of a fight that is going to go the distance, and I Microsoft is playing the role of expect Windows Live Search to continue to pile up points a maturing fighter, studying as it grows more capable and refined. film to copy his opponent’s best moves, and then adding a Desktop Search few new combinations of his Google Desktop Search vs. Windows Live own. The desktop search func- Desktop Search tionality built into Windows ost users know that Windows has had a desktop Vista is lightning quick and Msearch feature since, well, forever. But most also real- easy to use, but Microsoft wins ize that the Windows native search—for lack of a better this skirmish on the strength of its output. word—stinks. Google Desktop Search (GDS) really cracked open the market for indexed desktop search, E-mail allowing users to instantly unearth files, e-mail messages Google Gmail vs. Windows Live Mail and other data locked on their hard disks. GDS is fast, he Microsoft-Google showdown has produced huge capable and proven, dishing out rapid-fire hits from within Tgains for users of Web mail. When Google Gmail hit the tried-and-true Google Web interface. And because the wire two years ago, it seriously upped the ante, offering GDS integrates with Google Web search, it’s easy to vast online storage space for messages and files (1GB ini- extend local disk searches to the Web and Internet news- tially, now 2.65GB) and delivering a much more stream- groups with a single click. GDS also installs the Google lined experience than that of Hotmail or Yahoo! Mail. Sidebar, a compact desktop pane that can display news Common tasks like attaching messages and picking con- headlines, RSS feeds, photos and other goodies. tacts from an address list are shockingly quick—that is, if If Google has a weakness, it’s the text-driven format of you’ve grown accustomed to unpredictable and glacial the browser-based interface and the lack of extended file HTML mail services over the years. Google has also bol- format support. GDS won’t peer into OpenOffice files or stered the program with useful tools like contact list files from older programs like Harvard Graphics (of import and mail conversion tools. course, neither will Microsoft Windows Desktop Search). Gmail stands apart with its Label-tagging approach to More troubling is the static HTML-based output, which message management. Instead of dragging messages into makes it difficult to ferret out returns by directory or date. folders to organize them, you can quickly create Labels To see how Windows Live Desktop Search will ultimately and assign messages to them. A drop-down filter control look, I worked with the latest beta of Windows Vista. What I then lets you view only messages matching the Label or found was a fast and capable desktop search function that is Labels you choose. It’s a slick and innovative solution to better tuned to the local environment than Google. I can the classic challenge of e-mail overload. Gmail also inte- kick off instant searches directly from a text box in the grates the Web-based Google Talk client within the Gmail Start menu. A short list of results appears within the Start screen so you can instant message your Gmail contacts. menu space, conveniently organized by type. Click the Integration extends to contacts and mapping. For instance, “See all results” link and the findings appear in an Explorer when I received a message with a street address in the body window. From here, I can click the Advanced Search but- text, Gmail displayed a “Map this” link on the right edge of

56 | September 2006 | Redmond | redmondmag.com | Project1 8/3/06 9:59 AM Page 1 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 58 Google vs. Microsoft

the window. Click it, and I’m staring at a browser window delivers a new twist on IM-based file sharing, creating a with a Google Maps rendering of the address. Finally, no folder under My Computer called My Shared Folders. surprise, the Gmail search engine is top notch, making it a Users can assign folders to a specific IM contact, allow- snap to peruse large message stores and dig into attached ing that contact to access files placed in it. Perhaps most documents. important, Windows Live Messenger has gone cross- Not to be outdone, Microsoft has decided against simply platform, interoperating with the Yahoo! network so you retooling its popular Hotmail service. Instead, the compa- can send and receive IMs via both services. ny is building Windows Live Mail (WLM) from scratch. With an Outlook-like, multi-paned layout and friendly Judge’s Card: Technical Knockout | Microsoft drag-and-drop interface, Windows Live Mail should make Windows Live Messenger users of Microsoft Office feel right at home. The e-mail Google Talk may tuck plenty service does an outstanding job of mimicking a desktop of functions in its understated application, including familiar features like inline spell trappings, but there is no checking, which Gmail lacks. However, Windows Live getting around this simple Mail seems to consistently be a step slower than Gmail, fact: Google Talk doesn’t forcing users to wait for screen updates and message trans- work with the biggest fers. It’s also marred by graphical advertising that is more networks. Windows Live intrusive than the text-only adverts. Messenger, by contrast, interoperates with both the Judge’s Card: Split Decision | Google Gmail Yahoo! and Microsoft public Microsoft is doing a good networks. In IM, as in boxing, thing with Windows Live Mail. reach is critical. And in this case, Microsoft has it. The Outlook-esque layout and AJAX-enabled desktop-like Mapping interface make WLM a more Google Maps/Google Earth vs. Windows Live compelling service than Local/Virtual Earth Hotmail. But Gmail separates ake no mistake: Internet mapping with satellite from the competition with Mimagery is one of the coolest things to come out of the superior responsiveness, a clutter-free interface, Web search engine race. Google Maps has launched a golden and a more Web-savvy approach. age of geo-voyeurism. Now Microsoft’s response,Windows Live Local, raises the stakes. Instant Messaging Coverage is mixed, which argues for folks to use both Google Talk vs. Windows Live Messenger products. When I looked up my Vermont residence, I hat if you threw a party and nobody came? Google found that Google Earth served up a more recent, more Wseems to be answering that question with its Google detailed and more colorful satellite image than Virtual Talk IM service and client.Google Talk is a capable piece of Earth. However, the Google imagery cut off sharply just software that features the usual minimalist interface, which feet from our home, and most of Vermont lacked detailed is all text, links and whitespace. Despite the spartan exterior, views. Windows Live Local, on the other hand, offered up Google Talk packs a full suite of IM capabilities,including sharp monochrome satellite imagery of rural areas. When I PC-to-PC voice calling. decided to view Galway, Ireland, the tables were turned. Unfortunately, Google Talk may be best for those who Google delivered terrific imagery, while Windows Live like to talk to themselves. According to research firm Com- Local offered nothing but a muddy large-area view. score, Google Talk had attracted only 3.4 million unique Both services dish up driving directions in a flash. I users in May, versus 203.9 million users for MSN. That queried both for directions from Vermont to our offices in leaves Google Talk with a 1 percent share of the market. Framingham, Mass., and was surprised when Windows Live Yes, Google Talk can interoperate with those using third- Local sent me there via crowded Rt. 128. Google Maps, party protocols like IRC and Jabber, but the most popular playing the odds, opted to take me around on I-495, a sen- services—Microsoft, Yahoo! and AOL—are all off-limits. sible choice if you’re driving anytime close to rush hour. Microsoft Windows Live Messenger has gotten a Windows Live Local significantly ups the ante with its makeover that casts it in the familiar, metallic blue and fantastic integration, using color coding and pop-up text white hues of its Live kin. The neatly reorganized inter- boxes to display timely traffic alerts. A view of the Chicago face puts software, services, and things like music and area even showed weather delays at Midway Airport. Fantas- auction sites a mouse click away, though many users may tic stuff that is actually as cool as it is useful—a rare thing. rankle at the image-laden ads in the boundaries. In addi- Visually, there’s nothing that approaches the Birds Eye tion to capable voice and video chat modules, WLM View feature of Windows Live Local, which adds aerial

58 | September 2006 | Redmond | redmondmag.com | Project1 8/3/06 10:12 AM Page 1 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 60 Google vs. Microsoft

and ground photography in select areas for a true “you ably slower than its Google counterpart. More troubling, are there” experience. Google tries, with a separate, Live.com seems prone to inconsistent behavior and hic- downloadable Windows application called Google Earth, cups. Installing portal add-ons from the Gadget Gallery, which blends a rich, client-based interface with Google for instance, proved an unintuitive challenge, and the Maps imagery to create an immersive experience. The add-ons themselves seemed to crash IE6 at least once. app is a visual feast, with its slick, sub-orbital jumps between locales and ability to display the viewing angle Judge’s Card: Technical Knockout | Google Portal so you can look at scenes from closer to earth. This is simply a case of a young challenger facing the Judge’s Card: Technical Knockout | Windows champ before he is ready. Live Local Google separates quickly In a matchup of geo-mapping heavyweights, Microsoft from the upstart with a makes short work of the challenge. While Google can ridiculously broad selection offer high-resolution of feeds, tools and gadgets, satellite imagery of areas as well as its eye-pleasing missed by Windows Live presentation. Google is the Local, it cannot match clear winner in the Web the refinement, sophisti- portal battle at this stage, but cation and just plain cool you can bet that Windows of the Virtual Earth expe- Live will close ground fast. rience. Like a WWF wrestler tagging a team- Web Calendar mate, Google puts on a Google Calendar vs. Windows Live Calendar better show with its Google Earth client app. The oth Google Calendar and Windows Live Calendar installed Windows application is powerful and satisfying, Blet you create, share and view appointments, which letting you tour distant locales and toggle numerous are stored on the Web and can be accessed from any PC operations. Still, Windows Live Local is such a complete using a Web browser. There are a lot of similarities package that it manages to hold off both. between the two offerings, including integration with their respective Web mail services to ease the sharing Personalized Portal of events. Both interfaces are built on a day-planner Google vs. Windows Live model. Click on a date in the monthly calendar interface to redit Microsoft for this much—they know a good see an hour-by-hour view of that day. Double-click a time Cidea when they see it. The Windows Live portal and enter details for your appointment or event. mimics the clean and soothing look of Google’s popular Google’s entry, however, is impressively slick, boasting portal interface. The result is an oddly compelling, but interface tricks that Windows Live Calendar cannot clearly incomplete, portal experience that hints at good match. Click on a day in the month view and a quick- things to come. entry text box pops up so you can instantly create Both portals let users create a customized page that dis- events. You can also drag and drop event boxes in plays content feeds such as weather forecasts, stock Google, taking much of the drudgery out of reschedul- prices, news reports, sports coverage, horoscopes, and just ing appointments. about anything else you can think of. The portals also Google supports multiple calendars, slipstreaming them fold in their attendant Web-based e-mail and calendar into a single view that you can easily manage simply by modules, and feature gadgets and bits like interactive checking or unchecking a box next to each enabled calen- games and other third-party add-ons. While very similar dar. Color-coding keeps your various personal and work to Google with its click-to-customize links and drag-and- schedules straight. I also appreciate Google Calendar’s drop layout, Windows Live features a useful tabbed inter- Next 4 Days view, which lets you quickly zoom in on the face that can handle heaps of content. No more scrolling part of your schedule that matters. down to find buried content. Simply click on one of the But like a boxer who lacks an effective jab, Google falls tabs—you can create your own easily—and all the rele- short in a crucial area—it won’t synch with Microsoft vant content organized within that page appears. This is Outlook or Windows Mobile devices. For a lot of users, something Google should adopt. all the polish of Google Calendar means little if they Windows Live is off to a promising start, but the inter- can’t pipe that information between systems. Microsoft face remains flawed and content selection is limited also throws in handy Tasks and Notes modules within (remember, the portal is still very much in beta). In my its Calendar, offering a tool set similar to what you’d experience, the custom Live.com portal loaded notice- find in Outlook.

60 | September 2006 | Redmond | redmondmag.com | Project9 7/18/06 12:14 PM Page 1 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 62 Google vs. Microsoft

Judge’s Card: Split Decision | Google Calendar list of other sub-search services like Images, Local and It shouldn’t have been this close. Google Calendar News. You can also install third-party search add-ons, to was running away with this match, with an interface search against services like YouTube.com, for example— that is surprisingly quick, slick a nice feature. and focused. The ability to cre- Windows Live Toolbar adds tab functionality to IE6, ate and easily manage multiple though tabbed pages seem to load sluggishly and cannot calendars is huge. But without be dragged for placement the way you can in Firefox Outlook or Windows Mobile or Opera. Also included is Onfolio, a useful browser device integration, Google Cal- sidebar app that lets you aggregate RSS feeds and cap- endar leaves many users stuck ture online content. A helpful tool for online research, on an island. Onfolio lets you keep and manage collections of Web content, saving them to your local drive or linking to Browser Toolbar them over the Internet. Google Toolbar vs. Windows Live Toolbar Both toolbars include a mapping link button, which have a confession: I don’t like browser toolbars. Sure, examines the page contents for address information and Ieveryone loves pop-up blockers and an always-visible provides a link to a map page for the found address. search box. What I resent is the inevitable tide of useless This is a valuable feature that I found myself using icons and spyware-esque functionality that tends to wash again and again. ashore with these browser helpers. Despite my animosity, I The Google Toolbar is less busy than its Microsoft found that Microsoft Windows Live Toolbar added a bit of counterpart, which I appreciate, but it’s also less com- pop to my copy of Internet Explorer 6. plete. The Search text box and drop-down control lets A painless download and install leaves you with a tool- you access all of Google’s search services, as well as bar graced with compact icons that let you do things quickly view past searches in a drop-down list. The like access MSN topic pages, view Microsoft Virtual AutoLink button that sniffs out street addresses is also Earth maps, subscribe to RSS feeds and tap Windows tuned to find shipment tracking numbers from FedEx OneCare security and the Live Spaces vanity site serv- and other carriers, as well as ISBN and automobile VIN ice. Of course, a search text box at the left edge links to values. There’s also a button that highlights text match- the Live.com search engine, and includes a drop-down ing that entered in the toolbar search box.

Microsoft, Sun, Do you have a certiﬁcation from one of these organizations? Then you may have completed up to 25% CompTIA, Cisco of your bachelor’s degree at WGU.

Let’s face it, IT certification earns you a job. But you need a degree to advance your career. At Western Governors University (WGU), you can earn the only accredited, online competency-based IT degree in the country, including up to eleven respected IT certifications. If you already hold major IT certifications, you may be able to waive some of your degree requirements and graduate faster—and for a lot less money. WGU is ideal for working IT professionals because you can study when it’s convenient for you, under the guidance of faculty mentors dedicated to your success. Call us today at 1.800.219.6689 or visit us online at www.wgu.edu/rdm Bachelor of Science in Information Technology Emphasis Areas Offered: Networks, Databases, Security, and Software

Western Governors University KJHEJA =??AHAN=PA@ =BBKN@=>HA =??NA@EPA@ Project3 7/17/06 11:24 AM Page 1

Get noticed for the right reasons

Not standing out as the professional you are? Increase your career opportunities and earning power. Get your CAPM® credential — the globally recognized certiﬁcation for IT professionals with project responsibilities. You’ll catch the eye of management with your proﬁciency in project management application.

Start getting noticed. Earn your CAPM® credential, brought to you by the organization that furthers careers in project management: Project Management Institute.

Making project management indispensable for business results.® ® www.pmi.org/capmredmond.htm Project Management Institute

© 2006 Project Management Institute, Inc. All rights reserved. “PMI”, the PMI logo, “CAPM”, “PMP”, and “Making project management indispensable for business results” are registered marks of the Project Management Institute, Inc.

PMI_CAPM_peek_Redmond.indd 1 5/17/06 4:41:18 PM 0906red_F2Battle54-64.v8 8/15/06 2:40 PM Page 64 Google vs. Microsoft

Judge’s Scorecard: Split Decision | Windows Live Judge’s Scorecard: Knockout | Microsoft Excel Toolbar Anyone old enough to remem- Make no mistake: the Google ber the infamous 91-second Toolbar is a perfectly good Tyson v. Spinks match knows browser resource that improves exactly how this one ends. search accessibility and adds the compelling AutoLink feature. And the Winner, by Windows Live Toolbar simply Judge’s Decision … delivers a sharper punch. The Google vs. Microsoft Web application battle is the kind of close, tough fight that produces immediate cries Spreadsheets for a re-match. How close was it, exactly? Google Spreadsheet vs. Microsoft Excel In a nine-round contest, Google won four rounds and shudder to think how many pundit-hours have been Microsoft five. In fact, the result by round is a dead heat if Ispent contemplating a Google competitor to Microsoft you exclude the disputed ninth round (after all, what manag- Office. While Google has yet to challenge Microsoft’s er lets Google Spreadsheet go up against Microsoft Excel?). productivity behemoth, it’s at least offered a sharp stick Even ignoring the results from the spreadsheet match-up, in the eye for Excel. Google Spreadsheet is a fully func- Microsoft ekes out a victory on total points, 71 to 70. tional, browser-based, spreadsheet application that lets Yes, the battle is really that close. you work the numbers using any PC with a connection Ultimately, the real winner in this intense rivalry is the end to the Internet. Users with a Google account can save user. We can expect a steady parade of new products, spreadsheet files online, or download them in XLS, CSV improved services, and surprising innovation as Google and or HTML format. You can also upload existing Excel Microsoft work to slip a punch under the other’s guard. spreadsheets to Google and access them in the Web What’s more, both combatants have real staying power, which service, though you may lose some of your formulas in means we can expect to benefit from plenty of punches and translation. Of course, comparing Microsoft Excel to counter-punches in the months and years to come. — Google Spreadsheet is like comparing Muhammad Ali to Tonya Harding.Sure, both have boxed, but that’s about Michael Desmond ([email protected]) is Redmond’s as far as the comparison goes. editor at large. Project6 8/11/06 3:10 PM Page 1

Still Looking For An Effective Solution To Train Your Entire Staff?

Unlimited Users Instructor Led Training On Demand

Content includes: Microsoft CompTIA Cisco Safety Ethical Hacker + Many More

Manage Courses And Students From One Location Connects Directly To Your Computer Network 40-90% Savings Over Individual Courses Over 500 On-demand Course Titles Unlimited Access Then Stop Looking!

Introducing... ® ThinkTank Learning Management System The Revolutionary, Enterprise-Wide Training Solution

ThinkTank3 provides a company with the necessary tools to effectively train an entire workforce. Affordable, scalable, and cost effective, ThinkTank3 answers all of your training needs

ThinkTank3 is designed to quickly plug into a standard network connection and be up and running within minutes. Built for ease-of-use, ThinkTank3 works on most networks with little or no configuration. ThinkTank3 uses a centralized, flexible, and portable hard-drive system allowing for fast and simple installation and maintenance. Call Now to Learn More 1-800-942-1660 or 1.866.268.2920 or visit www.specializedsolutions.com International: (727) 669-1415

Developing Tomorrow’s Training Standards Today. Project2 8/11/06 12:43 PM Page 1 0906red_Never67.v8 8/15/06 10:59 AM Page 67

NEVER AGAIN By Barry McBride Time Is Money

efore beginning a second career in my forties as a where the firm had just built a new development center with a surplus of sportswriter and publisher, I worked for nearly 15 office space. years as an IT consultant for one of the world’s Whatever savings the firm might have accrued in discounted square footage largest consulting firms. During that time, I worked was lost to logistical tangles, expensive B travel and battered morale. I watched as with a lot of incredibly bright and hard-working people— our tightly knit team got beaten down. driven men and women who had a deep knowledge of both This group used to work 60-hour weeks with enthusiasm and good humor. Now, they toiled at 40-hour weeks hemmed business and technology. Alas, I also tions to several clients in the chemical in by rigid airline schedules. The devel- bore witness to mind-boggling acts of industry. There was just one unan- opers became increasingly cynical and managerial stupidity, which sometimes swered question. Where to locate the frustrated. After a year or more of flail- managed to wipe out the best efforts of development team? ing, the project was finally shut down. the most talented developers. The answer The multiple moves and One experience in particular stands seemed obvious. forced commutes robbed out. It all started with an expert system The team that the development team I helped develop for one of our clients, had devel- of its most precious which used artificial intelligence to oped the resource—time. generate documents required for the core applica- Knowledge workers transport of dangerous chemicals. tion and pos- who should have We had worked with the client to sessed the been working on update the expert system in the mid- functional and code were instead 1990s. Adding lots of functionality and technical waiting at check- moving the technical platform to knowledge was in counters or Microsoft architectures. based in the firm’s worrying about Soon, both the client and the consult- Cleveland office. flight delays. ing firm began fielding calls from other The client for whom The lesson in this chemical companies keenly interested in the application had been case is clear. You need acquiring this technology for themselves. built was located in Cleveland. to make sure that your There was tremendous enthusiasm The key “knowledge asset” on the proj- key knowledge workers can be for the effort. Within several months, ect—whose wife was several months productive, maintaining flexible sched- our system was used as a basis to sell pregnant—was located in Cleveland. ules that let them work extra time if a larger suite of not-yet-built applica- So, naturally, the associate partner needed. And sometimes, as a manager, leading the effort decided to locate the that means your personal needs do not What’s Your Worst project about 10 minutes away from his come first.— IT Nightmare? home. In Boston. The project was doomed from that Barry McBride is a former associate part- Write up your story in 300-600 words moment. Productivity plummeted as ner with a top technology consulting firm. and e-mail it to Michael Desmond at team members lost significant time Today, he is publisher of The Orange & [email protected]. commuting to the East Coast. Key per- Brown Report (www.theobr.com), a Web Use “Never Again” as the subject line sonnel were operating at about 60 per- site dedicated to covering Cleveland and be sure to include your contact cent of their optimal throughput. After Browns football. He also works in Network information for story verification. about six months, the project was Development for Scout.com, a division of moved again, this time to Philadelphia, Fox Interactive Media.

ILLUSTRATION BY MARK COLLINS | redmondmag.com | Redmond | September 2006 | 67 0906red_Winsider68-72.v6 8/15/06 4:02 PM Page 68

WindowsInsider Greg Shields Spend Less Time Looking for Logs

ver sit frustrated in front of a broken domain controller and think, “Man, is it me or does the event log just E suck?” Well, here’s a hint: it’s not you. Unfortunately, this is a bad check out the 24 logging options avail- news/worse news situation. The bad able there as shown in Figure 1. news is Active Directory’s default log- For these logging options, you can ging level to the Windows event log is set each one’s DWORD value to a hardly designed to tell you everything number between zero and five. At about what’s going on under the hood. level zero, which is the default level, The worse news is that this problem is you can only log critical and error Figure 1: NTDS diagnostics logging provides endemic to event logs of any type. events. At level five all events are 24 separate options for additional logging. Many Windows processes can enable logged, including debug strings debug logging at a level far too detailed and configuration changes. All logs ware\Microsoft\Windows\Current to read during normal operations. are saved to the Directory Services Version\AdminDebug\dcpromoui. Active Directory and the components it event log. Then, set the DWORD value for relies on can drown you in notifications But be aware that setting higher log- LogFlags to the hex value of FF0003. to the point where logging itself ging levels significantly increases the impacts a server’s performance. The number of entries recorded in the event NETLOGON Logging consequence of this is detailed debug log, even to the point where it becomes If you’re having issues with client log- logging by default is disabled. impossible to parse. Typically, setting ins, repeatedly locked out accounts or But sitting in front of that broken log levels above three negatively seeing problems with log-in activity Windows Server 2003 DC makes you impacts server performance. across forest trusts, you can increase the wish for just a little more data to help logging level on the NETLOGON you determine what’s wrong. I had just Extended DCPROMO Logging service to hunt down these problems. this problem not long ago and thought, When the DCPROMO process is run To enable NETLOGON logging, “Wouldn’t it be nice to compile all the on a Windows Server 2003-based navigate to HKEY_LOCAL_ extended and optional AD logging machine, two log files are created, MACHINE\SYSTEM\Current capability in one place just in case I called dcpromo.log and dcpromoui.log. ControlSet\Services\Netlogon\ needed it?” Both log files, which are stored in Parameters and set the DWORD value Below is a short list of extended logs. %systemroot%\debug, provide infor- for DBFlag to the hex value of Some report to the event log and oth- mation about the success or failure of 2080FFFF.Then, you can restart the ers report to a specific file. the domain controller creation process. NETLOGON service. It is, however, possible to increase When enabled, this will log the NTDS Diagnostics Logging the logging level for the dcpromoui.log authenticating domain controller, the By default, AD only records critical and file. This is useful when you’re experi- client’s site, account password expira- error events to the Directory Service encing problems during a promotion tion and lockout information, and Ker- log. This is alright to do during normal or demotion event and the default beros failures. The log is also stored in operations, but sometimes additional logging level doesn’t provide enough %systemroot%\debug. logging is necessary. information to indicate the nature of The netlogon.log file can get very To enable this additional logging,nav- the problem. large, making it difficult to parse using igate to HKEY_LOCAL_MACHINE To increase the logging level for this Notepad or another text editor. But \SYSTEM\CurrentControlSet\Ser- file to the maximum, navigate to using a Microsoft tool called nlparse, vices\NTDS\Diagnostics. Once there, HKEY_LOCAL_MACHINE\Soft you can filter the contents of the netlo-

68 | September 2006 | Redmond | redmondmag.com | Project3 2/14/06 11:31 AM Page 1 0906red_Winsider68-72.v6 8/15/06 4:02 PM Page 70

WindowsInsider

gon.log file for easier reading. The process, USERENV logs are handy lar users are disabled from logging nlparse tool is part of the “Account for troubleshooting log-in issues. into the Terminal Server during its Lockout and Management Tools”that Many problems associated with logging process. Otherwise, the multi- can be downloaded from Microsoft’s Group Policy applications and user ple log-in events can make parsing the Web site. profile loading and unloading can be log very difficult. debugged by enabling USERENV When using this log for GPO-related Kerberos Logging debug logging. This is particularly problems, the log will describe the If you’re seeing problems with authenti- handy in Terminal Services environ- applied GPOs and the parts of the cation or Kerberos in the event log, then ments where slow log-ins and log-offs GPOs that are not being processed. you try raising the logging level on the can be a problem. Kerberos subsystem. Problems with dis- To enable USERENV debug logging GPO Client Logging abled or expired accounts, missing user- at the highest level, navigate to HKEY_ Another way to troubleshoot the appli- names, and clock synchronization often LOCAL_MACHINE\Software\Micros cation of GPOs is to enable GPO client show up with Kerberos failure codes. oft\Windows NT\CurrentVersion\Win logging. This logging is used to trou- To enable Kerberos logging navigate logon and set the DWORD value for bleshoot problems with client GPO to HKEY_LOCAL_MACHINE\Sys- UserEnvDebugLevel to 0x00030002. processing, enumeration of applied tem\CurrentControlSet\Control\Lsa\ Then, watch the log in %System- GPOs and errors encountered during Kerberos\Parameters. Then, set the root%\Debug\UserMode\Userenv.log. that processing. DWORD value for LogLevel to one. If you’re using this log for locating To enable GPO client logging,navi- Making this change logs the events to the cause of extended log-ins or log- gate to HKEY_LOCAL_MACHINE\ the System event log. offs, watch the timing of the log- Software\Microsoft\Windows\ on/log-off event and look for areas of CurrentVersion\Diagnostics. Set the USERENV Debug Logging delay and the activity on either side of DWORD value for RunDiagnostic Not directly related to AD, but still a that delay. Using this type of logging LoggingGroupPolicy to one, and then critical component of the logon on Terminal Servers ensures that regu- reboot the system. Making this change

Microsoft, Sun, Do you have a certiﬁcation from one of these organizations? Then you may have completed up to 25% CompTIA, Cisco of your bachelor’s degree at WGU.

Western Governors University KJHEJA =??AHAN=PA@ =BBKN@=>HA =??NA@EPA@

70 | September 2006 | Redmond | redmondmag.com | Project3 3/9/06 11:47 AM Page 1

When it comes to disaster, it’s not IF, but WHEN. And too often, it’s when you least expect it.

Get High-Availabilty and Disaster Recovery “In-One” Double-Take delivers real-time data replication combined With Double-Take ® with fail-over so you have high-availability and disaster recovery for your Windows Servers -- safely and securely. It is your job to keep servers up, data available and prevent downtime. Failure to protect mission critical data and This is the reason that hundreds of Fortune 500 companies applications can set your business back by weeks, months or worldwide use Double-Take to ensure their business continuity. worse. Disaster recovery is now one Three levels of data compression allow of the highest IT priorities. more data to be replicated and increase performance and scalability. In today’s business climate, you have to have a tested plan and reliable tools in place for Double-Take gives you the peace of mind your data is safe the moment your server (or site) goes down. Double-Take and your job secure. is that tool. Don’t wait. Download a free Sold more than all other High-Availability tools combined, it is 30-day eval copy right now even certified for W2K Datacenter. No other HA tool is. A whole and start protecting your department sitting on their hands can cost thousands of dollars data and applications. per minute. The ROI of Double-Take is a no-brainer.

Download Your Free Eval Copy Today

www.sunbelt-software.com Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 Email: [email protected] 0906red_Winsider68-72.v6 8/15/06 4:02 PM Page 72

WindowsInsider

adds to the Application event log an server is critical for AD operations. It’s worth restating a caution about event log entry for each step in the If your DNS server is experiencing enabling any form of debug logging GPO processing cycle. problems, then you can enable DNS on your domain controller. Just the server debug logging from within the process of logging all that data to the DNS and WINS Server DNS server console. Once inside the event log or a log file can inhibit server Debug Logging DNS server console, right-click on the performance. Log files have the tendency DNS and, to a much lesser extent, server in question, select the Debug to gobble up generous amounts of space WINS are important components of Logging tab, select the options you on a server’s disk drive, so make sure you Active Directory as well as a system’s want to log and click OK. The events disable logging once the troubleshooting ability to connect to network resources. will be logged to the file %system analysis is complete. As AD relies on DNS for storage of its root%\system32\dns\dns.log. All this being said, the extended log- resource records, a functioning DNS Enabling verbose logging for ging capabilities of Active Directory’s WINS requires a change to the various components gives you excel- registry. To enable logging,navigate lent insight into the inner workings of GetMoreOnline to HKEY_LOCAL_MACHINE\ your domain controller. So, go find SYSTEM\CurrentControlSet\ your log! — To download a handy, wallet-sized Services\Wins\Parameters. Next, cheat sheet that includes all of these set the DWORD value for Log Greg Shields, MCSE: Security, CCEA, Active Directory extended logging DetailedEvents and LoggingOn hacks, go to Redmondmag.com and be is a senior consultant for 3t Systems sure to use the FindIT code below. to 1. You’ll also need to set the (www.3tsystems.com) in Denver, Colo. A REG_SZ value for LogFilePath Redmond FindIT code: LogHelp contributing editor to and a to the location where you want popular speaker at TechMentor events, the log files stored. These can also Greg provides engineering support and redmondmag.com be enabled from the WINS adminis- technical consulting in Microsoft, Citrix tration console. and VMware technologies. Simplify Active Directory Management with WinRadar. WinRadar is an Active Directory administration tool that allows you to remotely manage client systems through a domain controller interface. It enables you to manage your network and perform tasks without leaving your desk. WinRadar v2 ? Bulk User Updating ? Wake-On-LAN (WOL) ? Client Software Removal ? Advanced Export Feature ? Centralized AD Management ? Remote Process Termination ? Hot Fix & Service Pack Viewer

Evaluate the FREE trial Tools by Administrators for AdministratorsTM and get a FREE t-shirt 1-866-344-6267 www.cns-software.com/rd [email protected]

©2006 CNS Software, LLC. All rights reserved. The names of actual products mentioned herein may be the trademarks of their respective owners. Free t-shirt offer valid while supplies last, 1 per person, see website for details. 0906red_WebSemAdFin.qxp 8/14/06 11:09 AM Page 1

FREE WEB SEMINARS

At Your Desk and On-Demand — Tune in Today! ➤ Is Your Network Safe from Internet Worms? Learn New Techniques for Protecting Your Network from the Latest Threats

➤ Disaster Recovery for Your Windows-based Applications

➤ The Top Five Most Deficient Security Compliance Controls

➤ Securing Desktops Using Native Group Policy Settings

Brought to you by: Visit: Redmondmag.com/techlibrary/webcasts Project2 4/6/06 4:54 PM Page 1 0906red_SecAdvisor75-76.v5 8/15/06 4:53 PM Page 75

SecurityAdvisor JoernRoberta Wettern Bragg Do You Need an SSL VPN?

he first time I heard about SSL VPN technology, I An SSL VPN connection, on the other hand, typically starts with a logon Web imagined full access to all my network’s resources, page (see Figure 2 on p. 76). After you unimpeded by the inconvenience of protocols like authenticate with a user name and T password—or some form of two-factor PPTP or IPsec. Hotel firewalls usually block these anyway. authentication—you’ll be directed to the application you need or presented with a The term SSL VPN (Secure Sockets Layer Virtual Private list of applications for which you have Network) conjures up images of remote network access permission. Since you’ve already authenticated, the SSL VPN gateway that’s as easy as secure Web browsing. In reality, SSL VPNs may let an Exchange administrator establish a remote desktop connection offer much less—but that’s the best part. to an Exchange cluster. If you’re only using Web applications, Most SSL VPN products offer mines which applications you can access. an SSL VPN doesn’t appear all that dif- limited access to corporate networks. To support non-Web protocols, most ferent from an HTTP gateway like Consequently, they’re a much more SSL VPN solutions need to have a local Internet Security and Acceleration (ISA) secure solution for remote access. component installed, like an ActiveX Server or a direct Web connection. Microsoft is obviously excited about application that runs in your browser. However, you can also use it to run non- the potential, having recently pur- Web applications with a plug-in that chased Whale Communications, a What Can SSL Do for You? runs inside a browser. Besides controlling leading SSL VPN provider. Using an old-fashioned PPTP or IPsec the application’s behavior, this lets you VPN, you’d connect to your corporate get at application data without having to When a VPN Is Not a VPN Traditional VPNs simply extend the corporate network out to a remote computer. Once you’ve established a VPN connection, you can access files and other network resources as if you were connected to your local network. VPNs do this by encapsulating standard network transport protocols, like IP, and sending them across an encrypted connection. From your computer’s perspec- tive, this connection functions like a Figure 1. A traditional VPN is really just a straight pipe from the home network out to regular network cable (see Figure 1). remote systems. An SSL VPN is more of an application gateway. It handles specific protocols network with your laptop. You would install the actual application. If you need required for your applications, such as use applications on your computer and to run the application locally, the vendor HTTP for Outlook Web Access or access back-end data on the corporate can probably provide a client component Remote Desktop Protocol for a Terminal servers. You could run Outlook or use to intercept network requests from the Services connection, and encrypts them Internet Explorer to connect to a application and forward them across the using SSL. While SSL is typically used SharePoint server. This is comparable authenticated SSL connection you for HTTP traffic server authentication, to local access, but such broad remote established with your browser. it’s also an effective application-layer access is rarely necessary. protocol. SSL VPNs take full advantage This approach also creates a multi- Worth the Price? of this. tude of security concerns. Corporate A good SSL VPN provides seamless The gateway performs the authentica- data is copied to your laptop, which you remote access to selected applications. tion, enforces protocol rules and deter- could possibly leave behind in a taxi. Log on, choose from a list of author-

| redmondmag.com | Redmond | September 2006 | 75 0906red_SecAdvisor75-76.v5 8/15/06 4:53 PM Page 76

SecurityAdvisor

ized applications and you’re ready to the gateway. SSL VPNs are all about start working. If your needs are fairly allowing only the required level of simple, you can find affordable entry- remote access. You don’t want to grant level solutions or even an SSL VPN access to the entire customer database add-on for your existing server. At the when traveling salespeople only need higher end of the market, the leading to look up customer addresses. SSL VPN vendors package their solu- Every company will use at least one tions as appliances that can start at tens application that the SSL VPN doesn’t of thousands of dollars. support out of the box. A good solution While most vendors insist their appli- will distinguish itself by having all the ance supports almost any application tools you need to support the application ever developed, the reality is often quite yourself, without spending months of Figure 2. An SSL VPN, like Whale different. Some applications can be tricky coding. When it comes to the full extent Communications’ appliance, provides to support, and the extent to which a of application support, the only way to selective application access after user authentication. user is shielded from application quirki- avoid a costly mistake is to insist that the ness can make all the difference. After all, vendor demonstrate how they support all client computers for compliance with you don’t want to face the wrath of users the applications you need to use. corporate security standards and can who have to re-authenticate every time refuse a connection if the client doesn’t they switch between their Inbox and Bells and Whistles meet these requirements. Juniper Net- Calendar in Lotus Notes. There is a wide variety of additional works includes integrated intrusion Application support also means functionality offered by SSL VPN ven- detection and prevention mechanisms. restricting access to certain features at dors. For example, Whale lets you scan Citrix stresses the integration of its SSL VPN with its thin client solutions. F5 Networks and others stress their products’ network throughput. These are all important factors, but don’t be fooled by numbers. A huge number of concurrent connections may look impressive, but if you have limited Internet bandwidth, each of these connections will be painfully slow.

Looking Forward The future of remote access will include more application gateways and fewer traditional VPNs. If Microsoft’s strategy with other recent acquisitions is any indication, we’ll see some of Whale’s functionality appear in other Microsoft products. The result could be that SSL VPNs and sophisticated application publishing will be the new standard for remote access. —

Joern Wettern ([email protected]), Ph.D., MCSE, MCT, Security+, is the owner of Wettern Network Solutions. He has written books and developed training courses on numerous networking and security topics. He helps companies implement network security solutions, teaches seminars and speaks at conferences worldwide.

76 | September 2006 | Redmond | redmondmag.com | Project4 5/4/06 11:09 AM Page 1 Project7 4/12/06 3:07 PM Page 1 0906red_Index_79.v2 8/16/06 10:27 AM Page 79

AdvertisingSales RedmondResources

AD INDEX Advertiser Page URL 3CX Ltd. 8 www.3cx.com Acronis Inc. 23 www.acronis.com American Power Conversion Corp. 27 www.apc.com AppDev Training 76 www.appdev.com AvePoint Inc 61 www.avepoint.com Boson Software 41 www.boson.com Matt Morollo Citrix Education 45 www.citrix.com Associate Publisher CNS Software 72 www.cns-software.com 508-532-1418 tel Dataviz Inc. 52 www.dataviz.com 508-875-6622 fax [email protected] Diskeeper Corporation 5 www.diskeeper.com Dorian Software Creations Inc. 77 www.doriansoftware.com West/MidWest eDirectSoftware.com 22 www.edirectsoftware.com East EMC Corporation C2 www.emc.com Dan LaBianca JD Holzgrefe Famatech C3 www.famatech.com Director of Advertising, West Director of Advertising, East GFI Software 53 www.gfi.com 818-674-3417 tel 804-752-7800 tel GRISOFT Inc. 7 www.grisoft.com 818-734-1528 fax 253-595-1976 fax IBM Corp. 29,31,33,57,59 www.ibm.com [email protected] [email protected] iTripoli Inc. 34 www.itripoli.com KACE Networks Inc. 24 www.kace.com SALES IT CERTIFICATION Lucid8 15 www.lucid8.com Bruce Halldorson & TRAINING – USA, MaxSP 16 www.maxsp.com Western RegionalSales Manager EUROPE Microsoft 66 www.microsoft.com CA, OR, WA Al Tiano NetSupport Software 18 www.netsupport-inc.com 209-473-2202 tel Advertising Sales Manager The Neverfail Group 3 www.neverfailgroup.com 209-473-2212 fax 818-734-1520 ext. 190 tel [email protected] New Horizons Computer 39 www.newhorizons.com 818-734-1529 fax Learning Centers [email protected] Danna Vedder Novell 51 www.novell.com Microsoft Account Manager PRODUCTION Project Management Institute 47,63 www.pmi.org 253-514-8015 tel ProPalms 19 www.propalms.com 775-514-0350 fax Kelly Ann Smith Quest Software C4 www.quest.com [email protected] Production Coordinator 818-734-1520 ext. 164 tel Raxco Software Inc. 20 www.raxco.com Tanya Egenolf 818-734-1528 fax Red Hat 48 www.redhat.com Advertising Sales Associate [email protected] Redmond Magazine 73 www.redmondmag.com 760-722-5494 tel SAPIEN Technologies Inc. 64 www.sapien.com 760-722-5495 fax [email protected] Special Operations Software 69 www.specopssoft.com Specialized Solutions 65 www.specializedsolutions.com St.Bernard Software 11 www.stbernard.com Canada/Mexico $54.95; outside North CORPORATE ADDRESS Sunbelt Software 13,71,74 www.sunbelt-software.com 1105 Media, Inc. America $64.95. Subscription inquiries, 9121 Oakdale Ave. Ste 101 back issue requests, and address TechMentor Conferences 17 www.techmentorevents.com Chatsworth, CA 91311 changes: Mail to: Redmond, P.O. Box The Training Camp 78 www.trainingcamp.com www.1105media.com 2063, Skokie, IL 60076-9699, email [email protected] or call (866) 293- Transcender 43 www.kaplanIT.com MEDIA KITS: Direct your Media Kit 3194 for U.S. & Canada; (847) 763-9560 Western Governors University 62,70 www.wgu.edu requests to Matt Morollo, associate pub- for International, fax (847) 763-9564. POSTMASTER: Send address changes to lisher, 508-532-1418 (phone), 508-875- EDITORIAL INDEX 6622 (fax), [email protected] Redmond, P.O. Box 2063, Skokie, IL 60076-9699. Canada Publications Mail Company Page URL REPRINTS: For all editorial and advertis- Agreement No: 40039410. Return Unde- Acunetix Ltd. 12 www.acunetix.com ing reprints of 100 copies or more, and liverable Canadian Addresses to Circula- Altiris Corp. 25 www.altiris.com digital (web-based) reprints, contact tion Dept. or DHL Global Mail, 7496 Bath PARS International, Phone (212) 221-9595, Rd Unit 2, Mississauga, ON, L4T 1L2. AOL LLC 12, 54 www.aol.com email: [email protected], Web: EMC Corp. 22 www.emc.com www.magreprints.com/QuickQuote.asp © Copyright 2006 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Endforce Inc. 21 www.endforce.com LIST RENTAL: To rent this publication’s Reproductions in whole or part prohibited Essential Security Software In 12 www.essentialsecurity.com e-mail or postal mailing list, please except by written permission. Mail Exploit Prevention Labs 12 www.explabs.com contact our list manager Worldata: requests to “Permissions Editor,” c/o RED- Phone: 800-331-8102. MOND, 16261 Laguna Canyon Road, Ste. F-Secure 12 www.f-secure.com 130, Irvine, CA 92618. E-mail: [email protected] Google 54 www.google.com Web site: www.worldata.com/101com. Postal Address: 3000 N. Military Trail, The information in this magazine has not IBM Corp. 49 www.ibm.com Boca Raton, FL 33431-6375. undergone any formal testing by 1105 Jabber Software Foundation 54 www.jabber.org Media, Inc. and is distributed without any KACE Networks Inc. 25 www.kace.com Redmond (ISSN 1553-7560) is published warranty expressed or implied. Implemen- monthly by 1105 Media, Inc., 9121 Oakdale tation or use of any information contained Novell Inc. 25, 49 www.novell.com herein is the reader’s sole responsibility. Avenue, Ste. 101, Chatsworth, CA 91311. Promise Technology Inc. 16 www.promise.com Periodicals postage paid at Chatsworth, While the information has been reviewed CA 91311-9998, and at additional mailing for accuracy, there is no guarantee that the Special Operations Software 25 www.specopssoft.com offices. Complimentary subscriptions are same or similar results may be achieved in St. Bernard Software 12 www.stbernard.com sent to qualifying subscribers. Annual all environments. Technical inaccuracies Yahoo! Inc. 54 www.yahoo.com subscription rates for non-qualified sub- may result from printing errors and/or new scribers are: U.S. $39.95 (U.S. funds); developments in the industry. This index is provided as a service. The publisher assumes no liability for errors or omissions.

| redmondmag.com | Redmond | September 2006 | 79 0906red_Foley_80.v3 8/15/06 10:53 AM Page 80 Foley on Microsoft By Mary Jo Foley Microsoft Bloggers: A Who’s Who

hen I first started tracking the blogs of current and Zune, its iPod killer, in July. That’s when the brand-new Zune Insider blog from former Microsoft employees in 2002, it was rela- Zune team member, Cesar Menendez, tively easy because there were roughly only 200. went public. Menendez shares Zune- W related tidbits and absorbs the anti- But these days, with more than 3,000 Microsoft employees Microsoft punches in equal doses. Dare Obasanjo (http://carnage4life.spaces. blogging, it’s next to impossible. But if TechNet,but he’s also a constant com- live.com): Currently a product manager you really want to keep up with what’s mentator on AJAX, Google, RSS, blog- on the Windows Live Contacts and going on at Microsoft, you have to ging, long tails and short fuses. Storage team, Obasanjo has been blog- watch the Microsoft feeds these days. Eileen Brown (http://blogs.technet.com/ ging on a variety of Microsoft and non- I try to at least skim all (yes, I’m a eileen_brown/default.aspx): As technical Microsoft-hosted sites for years. While maniac) the Microsoft employee blogs evangelist manager on the Exchange most of his recent posts are focused hosted on MSDN Blogs and TechNet team, Eileen Brown blogs about a lot around Windows Live, Obasanjo mixes Blogs on a regular basis. I also sub- more than just Exchange. Eileen in observations on XML, Xbox and scribe via RSS to a number of Windows writes about issues that are front of everything in between. Live Spaces and other non-Microsoft- mind for many IT pros, including S. Soma Somasegar (http://blogs.msdn.com/ hosted blogs that are authored by cur- productivity suites, communications somasegar): Relatively few Microsoft exec- rent and former Softies. and collaboration. utives blog. But one exception is S. Soma As anyone who’s checked out any Softie Rob Caron (http://blogs.msdn.com/robcaron/ Somasegar, corporate vice president of blogs is well aware, there are all kinds of default.aspx): Focusing on things happen- Microsoft’s developer division and a big folks blogging on all kinds of topics. ing behind the scenes, don’t let his title, believer in corporate transparency. Soma They range from individuals who seldom content architect for Visual Studio Team posts regularly on all things tool related, intersperse two words between reams of System 2005, fool you. He blogs about a addressing both technical and business code, to those who specialize in classic lot more than just Team System—cover- topics. It’s definitely worth checking out. cocktail research and never mention ing (and discovering) tidbits about gener- Volker Will (http://blogs.msdn.com/volkerw): their employer’s name. al code development and always Microsoft technical evangelist Volker It was tough to whittle down my list to providing lots of useful outbound links. Will has been blogging about 64-bit just 10 favorite Microsoft blogs (well, IE Team Blog (http://blogs.msdn.com/ie/ computing since early 2004. Surprisingly, favorites as of this week), but here’s my default.aspx): After years of silence, the Will is not on the Windows Server team. best attempt. In alphabetical order: IE product managers, program man- Although he’s a member of Microsoft’s Joshua Allen (www.netcrucible.com/blog): agers and other brass are both talking partner strategy and platform group, it Allen is one of the original Microsoft and listening to customers. The reader hasn’t stopped him from being a foun- bloggers, posting since the end of 1999. comments on this site are well worth tain of information on Windows and As indicated by the tagline, “The Soft- perusing, too. Linux server issues of all kinds. ware Industry from a Rational Perspec- Jason Matusow (http://blogs.msdn.com/ Got any other Microsoft bloggers you tive,” he discusses more than just the jasonmatusow/): Don’t judge this blog by think are the cat’s meow or suggestions work of his WebData XML team. He’s just his title, Microsoft’s director of cor- for other Microsoft employees you’d not afraid to criticize Microsoft, its com- porate standards, or you might never like to see blog? Send names to me at petitors or pretty much anyone or any- click on it for fear of being inundated [email protected].— thing else on the planet. with Microsoftspeak. Refreshingly, read- Alex Barnett (http://blogs.msdn.com/alexbarn/ ers can expect well-considered commen- Mary Jo Foley is editor of Microsoft Watch, default.aspx): For all you Web 2.0 faithful tary with plenty of thought-provoking a Web site and newsletter (Microsoft- out there, Alex Barnett is your takes on open source and Shared Source. Watch.com) and has been covering Microsoft man. Barnett is international Cesar Menendez (www.zuneinsider.com): Microsoft for about two decades. Reach her program manager for MSDN and Microsoft went public about its plans for at [email protected].

80 | September 2006 | Redmond | redmondmag.com | Project3 7/11/06 1:45 PM Page 1

5$'0,1 ZZZUDGPLQFRPUDGPLQ VXSHUVRQLFUHPRWHFRQWURO

5$'0,1LVWKHPRVWVHFXUHDQGUHOLDEOHUHPRWHFRQWUROVRIWZDUHGHVLJQHGWR PRQLWRUVXSSRUWRUZRUNRQUHPRWHFRPSXWHUVLQYLUWXDOO\UHDOWLPH5$'0,1KDV SURYHQWREHLQFUHGLEO\IDVWDQGHDV\WRXVHDSSOLFDWLRQ5$'0,1LVDFRPSOHWH UHPRWHFRQWUROVROXWLRQWKDWKDVDOOPLVVLRQFULWLFDOIHDWXUHV:LWKWKHLQYHQWLRQRI 'LUHFW6FUHHQ7UDQVIHU7HFKQRORJ\5$'0,1UHPRWHFRQWUROVRIWZDUHGH¿QHVQHZ VWDQGDUGVLQWKHLQGXVWU\

*HQHUDOFKDUDFWHULVWLFV

0LOLWDU\JUDGHVHFXULW\ 3HUIRUPDQFH 6XSHUVRQLFYHKLFOHVSHFL¿FDWLRQV )XOO\26LQWHJUDWHG17VHFXULW\V\VWHPZLWK 6XSHUVRQLFIUDPHSHUVHFRQGVSHHGRQ/$1 7\SH0XOWLUROH6XSHUVRQLF5HPRWH&RQWURO 17/0YVXSSRUW IUDPHVSHUVHFRQGRUPRUHRQPRGHP 0DQXIDFWXUHU)DPDWHFK ,3¿OWHUWDEOHWKDWUHVWULFWVUHPRWHDFFHVVWRVSH 3RZHUSODQW'LUHFW6FUHHQ7UDQVIHU70 'HVLJQHGE\'PLWU\=QRVNR FL¿F,3DGGUHVVHVDQGQHWZRUNV :HLJKW0E 0DLGHQÀLJKW0DUFK 6HUYHUSDVVZRUGSURWHFWLRQ )HUU\UDQJHXQOLPLWHG 9LQWURGXFHG-XQH $GYDQFHGELW$(6HQFU\SWLRQIRUDOOVHQGLQJ :LQJVSDQYDULDEOHJHRPHWU\GHVNWRSVL]HG 6WDWXVDFWLYHVHUYLFH DQGUHFHLYLQJGDWD 1XPEHUEXLOWPLOOLRQV $XWKHQWLFDWLRQEDVHGRQ'LI¿H+HOOPDQH[FKDQJH 7ULYLD 3ULPDU\XVHUXSWRGDWHEXVLQHVVDOORYHUWKH ZLWKELWNH\VL]H ZRUOG .HUEHURVVXSSRUW 1RFRPSHWLWLRQLQGXVWU\EUHDNWKURXJK 8QLWFRVW86 VTXDGURQGLVFRXQWVDYDLODEOH &RGHWHVWLQJGHIHQVHPHFKDQLVPWKDWSUHYHQWV 6XSHUVRQLF)36UDWLR /RZHVWSURFHVVRUXVH WKHSURJUDP¶VFRGHIURPEHLQJDOWHUHG 2SHUDWLRQDOKLVWRU\ 6PDUWSURWHFWLRQIURPSDVVZRUGJXHVVLQJ 0LQLPXPWUDI¿FFRQVXPSWLRQ ,QFRUUHFW6HUYHUFRQ¿JXUDWLRQVSUHYHQWLRQ 8OWLPDWHVHFXULW\VWDQGDUGV FRPSDQLHVRI)RUWXQHOLVWZLWKZLGH *HQHUDWLRQRIXQLTXHSULYDWHNH\VIRUHDFKFRQ 3ULFHUDQJH JHRJUDSKLFVSUHDG QHFWLRQ 1RUWK$PHULFD 6RXWK$PHULFD (XURSH $UPDPHQW $XVWUDOLDDQG2FHDQLD 6HFXUHYRLFHDQGWH[WFKDWIHDWXUHV $VLD )LOH FDUJR WUDQVIHU $IULFD 7HOQHWDQGRWKHUXVHIXOWRROV 7\SLFDOFRPEDWXVH &RUSRUDWH 6PDOODQGPHGLXPEXVLQHVV +HOSGHVNSURYLGHUV 7HOHFRPPXWLQJ (GXFDWLRQDO +RPH

)DPDWHFK,QWHUQDWLRQDO&RUSRUDWLRQ 5DGPLQDQG5HPRWH$GPLQLVWUDWRUDUHUHJLVWHUHGWUDGHPDUNVRI)DPDWHFK,QWHUQDWLRQDO&RUS Project35 5/16/06 3:58 PM Page 1 . e

06/2006/IRedmond Smart E-mail. Get top marks in e-mail management. With intelligent archiving from Quest Software.

Pop quiz: how do you meet e-mail compliance requirements while e are trademarks or registered trademarks of Quest Softwar trademarks or registered e are reducing the cost of messaging data storage and increasing productivity? The correct answer: with e-mail archiving solutions from Quest Software.

egistered trademarks of their respective holders. trademarks of their respective egistered Quest® Archive Manager is the versatile solution that helps your organization address e-mail compliance requirements and much more. Discover and retrieve data easily with powerful searching tools. Access and leverage the knowledge locked up in e-mail with secure information sharing. And reduce ongoing operational costs through efficient storage management capabilities.

e, Inc.All rights reserved. Quest and Softwar Go to the head of the class with the smart choice in e-mail archiving — Archive Manager from Quest Software. ————————————————————————————————————— ©2005 Quest Softwar All other brand or product names are trademarks or r names are All other brand or product To learn more, read our new white paper “E-mail Controls and Regulatory Compliance — What You Need to Know,”at: www.quest.com/intelligent

Application Management | Database Management | Windows Management