|
|
January 2011 - Posts
-
Some time this week the last of the public IPv4 addresses will be distributed. You read that right, no more public IPv4 addresses. If you’ve been following along this might not be a surprise but if you’ve been buried under a pile of projects the last year or two you might have missed this. Regardless now more than ever IPv6 is going to make inroads and soon you’ll be asked about it. Don’t worry there are some great resources. Over on Thelazyadmin.com I wrote a 4 part primer on IPv6 and there will be more coming soon. Of course Microsoft has a great technical library over on TechNet that includes an in depth section on IPv6. And there are more resources coming along everyday. Regardless of which resource you decide on IPv6 just parked its car in your driveway and is making its way to your front door. Are you ready for it? 
|
-
 A good friend of mine, John Weigelt, National Technology Officer for Microsoft Canada had an interview with Mary Allen from http://itincanada.ca about cloud computing and what are points to know about the good ol’ US Patriot Act, Canadian PIPEDA and security/privacy in cloud environments. The article is a long one – 14 pages (I guess they are lookin’ to bump up their add revenue and page views) but it is now probably my top “Must Read” for understanding and decoding this online BS IT Pros are concerned about when it comes to looking at IT As a Service with Cloud Computing.
As Canadian IT Professionals, we have to stop hiding behind the US Patriot act as our safety blanket for preventing cloud technologies from being considered and adopted in our environment. Likewise – PIPEDA (Canadian privacy legislation) is a close second safety blanket that gets thrown in front of projects headed skywards all too often. Believe it or not – you have to know what your requirements are for ALL data – whether it’s in house or hosted in Canada or in a public cloud provider. My advice to anyone reading this that dismisses “cloud” as hype, insecure, never-going-to-come-into-this-shop banter to stop and take a moment. Grab a coffee, click thru to this article and take the time to read each of the 14 pages (damn! I wish they had one ‘Print Ready’ article link) and take some notes. John’s got a way of cutting it down to terms and issues you can relate to and understand is great. Once you’ve read it and taken some notes – share it around your peers / managers and others and have a conversation about cloud services. Be proactive, instead of reactive. One of my favourite quotes from John on this one on the topic of getting past the “what government has access to my data” privacy issue and focus instead on overall security practices across your data no matter where it resides. (around page 7 and 8 if you are keeping track). Another good analysis has been done by a privacy lawyer out in Nova Scotia, David Fraser, who presented at the Privacy Commission consultations. He argues that privacy legislation in Canada, the UK and the US is fundamentally similar so those provisions of access that the US government has are shared by Canadian authorities. As a result, the Canadian government has the ability to access information in much the same way the US government has. So one of the first tasks is to demystify the elephant in the room – the US Patriot Act. What we need to do is to put this concern aside, and focus on the real issue which is safeguarding your information. (emphasis is mine) Today businesses protect their information in a certain manner – some are better at it than others but they do have an approach. As you begin to move your services outside your organizational boundaries – perhaps you have a hosted cloud from a Canadian hosting provider, perhaps you are going to an international, commercial cloud – you can’t toss your security challenges over the fence and hope that someone else will resolve them. What you need to consider is the security of that environment. take the time. have a read. start the discussion. You won’t regret it. 
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
Check out my about.me profile! 
|
-
Hello Folks, I meet a lot of you during the last TechDays season. And a few of you asked me if there were any information or guidelines for “tuning” servers. Well I found out that an old document has been updated and is just as relevant today as it was when it was just published back in June 2009. This guide describes tuning parameters and settings that you can tweak to improve the performance and energy efficiency of your Windows Server 2008 R2 servers. It describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, and performance goals. After going through it i figured i have to tell the guys about this document. I know they will be interested. The different workloads discussed in this whitepaper are : - Choosing and Tuning Server Hardware
- Performance Tuning for the Networking Subsystem
- Performance Tuning for the Storage Subsystem
- Performance Tuning for Web Servers
- Performance Tuning for File Servers
- Performance Tuning for Active Directory Servers
- Performance Tuning for Remote Desktop Session Host (formerly Terminal Server)
- Performance Tuning for Remote Desktop Gateway
- Performance Tuning for Virtualization Servers
- Performance Tuning for File Server Workload (NetBench)
- Performance Tuning for File Server Workload (SPECsfs2008)
- Performance Tuning for Network Workload (NTttcp)
- Performance Tuning for Remote Desktop Services Knowledge Worker Workload
- Performance Tuning for SAP Sales and Distribution Two-Tier Workload
- Performance Tuning for TCP-E Workload
download the white paper. Read it, Try the different setting and make that server hmmm like the performance machine it’s meant to be. http://www.microsoft.com/whdc/s.stem/sysperf/Perf_tun_srv-R2.mspx Cheers! Pierre Roman, MCITP, ITIL | Microsoft Canada Co.| Senior Technical Account Manager| pierre.roman@microsoft.com
Twitter | LinkedIn 
|
-
I’ve been doing Windows Mobile for quite some time now and hooking devices up to Microsoft Exchange Active Sync for push email delivery, sync and notifications. It’s nothing new – been doing push email now since Windows Mobile 5.0. I’ve survived, struggled, used a variety of phone devices for years and for the most part, hookin’ them up and supporting them hasn’t been all that difficult. Sure, there were some extra tweaks for getting them to work with SBS and SSL certificates, but things are much better now. Now the new kid is on the block – Windows Phone 7. Sure – it’s targeted at Consumers, but as I’ve been saying at every event where I’ve demo’ed the various devices – it’s extremely useful in your work environment and for the most part – should fit the needs of most organizations.
So what do you do if you have someone who wants to hook up their new WP7 device to your exchange servers? What sort of resources do you have for working with, securing, managing and connecting these devices to your exchange environment? This new blog spun up with a blast of articles in December and early January – Windows Phone for IT Professionals. I’ve added it to my newsreader and have checked out the various quick articles which point to a downloadable set of resource documents. I wanted to share the blurbs and links to some articles from the blog targeting IT Pros for WP7.
The Windows Phone 7 design provides solid security through an interesting security model. Features such as requiring managed code, application sandboxing, and app certification/verification contribute to the overall security. And even though Windows Phone 7 isolates processes from each other and prevents inter-application communications, developers can use built-in cryptography to protect app data if they want. For more info, see the “Windows Phone 7 Security Model” article on the on the Windows Phone 7 Guides for IT Professionals page on the Microsoft Download Center.
The latest incarnation of Microsoft® Exchange ActiveSync® (EAS) provides security-related mailbox policy properties, which can be used by IT departments for security management purposes. For detailed information on which EAS policies are supported on Windows Phone 7, see the “Windows Phone 7 and Microsoft Exchange Server” article, also on the Windows Phone 7 Guides for IT Professionals page.
The Internet Explorer Mobile browser that ships with Windows Phone 7 has some great user mobile functionality, but there are also some security-oriented design features that are very useful. Because most malware threats are introduced through web browsers, reducing the attack surface of the browser wherever possible makes good sense.
From a security perspective, Internet Explorer Mobile on Windows Phone 7 always runs at the least-privileged level and operates independently of all other phone applications. It’s designed so that it can’t access data in the phone’s file system, or access information from other applications in memory. All of this helps to minimize the risk of malicious software (also called malware) attacks. For more info, see the “Windows Internet Explorer Mobile on Windows Phone 7” article on the Windows Phone 7 Guides for IT Professionals page on the Microsoft Download Center.
Microsoft developers of the Windows Phone 7 operating system created an interesting new security model, one that relies on isolating computer processes from each other and providing privileges based on need rather than hunger.
The Windows Phone OS 7.0 security model defines four different types of virtual “chambers,” each of which has different privileges and strictly defined boundaries. All applications (apps) installed from the Marketplace Hub run in a least-privileged chamber created specifically for the app, and controlled by a policy system that assigns capabilities based on what the app needs. In other words, no one-size-fits-all set of capabilities—each app gets what it needs, and when apps run they are strictly isolated from each other. So is app data—it can’t be accessed from other apps. This is a step up for app security on smartphones. For more info, see the “Windows Phone 7 Security Model” article on the Windows Phone 7 Guides for IT Professionals page on the Microsoft Download Center.
The depth of integration between Windows Phone 7 and Microsoft Exchange Server provides some really cool capabilities. Much of this integration is achieved through the Exchange ActiveSync® (EAS) protocol—version 14.0 is what ships with Windows Phone 7.
EAS emerged in the days of Exchange Server 2003, and has undergone many changes and improvements since then—and the number of EAS features has steadily increased. One noteworthy feature in EAS version 14.0 is syncing of message reply state, which makes sure that the device and the server know if any message has been forwarded or replied to from any source—Microsoft Outlook® on the desktop, Outlook Anywhere (browser), or Windows Phone 7. The document “Windows Phone 7 and Microsoft Exchange Server,” explains security features and EAS security–related policies that are supported on Windows Phone 7. These articles are now available on the Windows Phone 7 Guides for IT Professionals page on the Microsoft Download Center.
Organizations need an effective certificate infrastructure because certificates are essential to security. Windows Phone 7 trusts most major commercial certification authorities (CAs). All of these CAs and their root certificates that are pre-installed on Windows Phone 7 phones are identified in the article Windows Phone 7 root certificates. Root certificates are included in web browser applications such as Windows® Internet Explorer® and Internet Explorer Mobile because they play a significant role in Secure Sockets Layer (SSL) communications (which are used extensively in online commerce transactions on the World Wide Web). The article Windows Phone 7 and certificates discusses several ways of installing certificates on Windows Phone 7, and provides additional relevant certificate information.
Some observations? While WP7 is a different beast, it does have similar capabilities from a connectivity and management perspective to previous generations.
- all exchange server communication is via an SSL connection
- limited policy is possible (force pin, device timed lockout, remote wipe)
- apps can only be installed via marketplace (except on dev device)
- marketplace apps must be signed and are authorized by Microsoft.
- apps are sandboxed and isolated from each other
- no file system access or removable media access
a couple of things that should be noted:
- WP7 does not have S/MIME email.
- There is no on device encryption – mitigated by app sandboxing/isolation and no file system access / removable media.
Remember – this is a device targeted at consumers, that is part of an evolving platform. There are updates slated for this year (thankfully more frequently and not carrier / device specific or dependant) that will be bringing new capabilities and performance improvements to the platform.
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
Check out my about.me profile!
NOTE: To be completely transparent – I don’t work for the product team, but I DO have a passion around mobile devices and WILL discuss / highlight confirmed IT Pro info. 
|
-
 It’s January, start of a new Calendar year and typically time for regular folk to take a personal inventory of what’s been going on over the last year and plan for what lies ahead. IT departments don’t necessarily run on the same schedule, but you might find that you have cycles to check up on what’s in your shop in order to help plan for the future. I just got an internal notice that the final version of the Microsoft Assessment and Planning toolkit version 5.5 has been released for FREE (as in beer) download from here. In case you are not up to speed on what it does or what that means, here’s the official blurb.
The Microsoft Assessment and Planning Toolkit makes it easy to assess your current IT infrastructure for a variety of technology migration projects. This Solution Accelerator provides a powerful inventory, assessment, and reporting tool to simplify the migration planning process. MAP 5.5 is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop and server migrations and upgrades. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and application information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside in their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V Yup – if you don’t have access to big enterprise class monitoring solutions or want to have some nicely purpose formatted reports, this free download is for you. Remember – this is a Multi-Project reporting tool. You can use the information gathered over a user determined period of time for the following reports: There are some seriously good reports generated from using this tool. You should check out the MAP toolkit homepage for more details on how you can use this puppy in your environment. Still hesitant? relax… The download contains a 40+ page training kit with sample data and reports you can use to find out just what you are looking for with your collected data.
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn Check out my about.me profile! 
|
-
If SharePoint is your thing – you gotta be at the SharePoint Summit 2011 running January 31st to Feb 2nd in Toronto (La version français en Québec le 11 et 12 avril). It’s THE GO TO EVENT with regards to access to SharePoint experts, Partners and all things SharePoint in general here in Canada. A little full disclosure – it is a paid for event and Microsoft Canada is a Sponsor of the event. I say it’s THE GO TO EVENT for SharePoint aficionados mainly for the opportunity to have some very valuable DEPTH exposure to the product and SharePoint experts. It’s an interesting conference with multiple formats for delivery of similar topics – one with more depth and hands on (called workshops) the other with traditional presentation sessions. To support this - there are two price points in order to attend – one with workshop access for ($1795) and one without ($1395). Workshop format has 3 hr sessions that are instructor-led with group based exercises on various topics. The general presentation sessions are 75 minutes long with presentations and demonstrations, no opportunity to have group based exercises. One thing that is of particular interest is a competition they are running at the Toronto event called “Iron SharePoint”. As you can tell from the name – it’s a take off on the reality TV series for chefs, but in this one – one of three competing teams will have exactly two days to design the ultimate SharePoint solution. Looks like a very cool addition to an already really neat conference. Hope to see you there!
IT Pro Team Blog |Twitter | Facebook | LinkedIn Check out my about.me profile! 
|
-
 Yesterday I called out a video explaining something called WebPI yesterday and introduced you to Lucas. The goal behind that solution is mostly for the IT Professional that has to setup and deploy WebApps with all dependencies included. Works great if you are already in the know for how to setup Microsoft Servers and IIS.
But what about people who are not used to using or setting up the Microsoft Stack? People who are more comfortable firing up a LAMP stack preconfigured with web server and web apps / Dev environment?
We’ve got some cool stuff going on later today to help out that area. If you’re new to supporting development projects or if you need something quick and fast for a development stack – you should check this Live Stream out today at 12:30 EST. At the CodeMash conference, we’ll be talking about WebMatrix. It’s an open source, all-in-one package that gives you what you need to get started building web sites and applications using Windows, including:
- A development web server – IIS Express, a development version of our full-fledged web server, IIS
- A web development framework – ASP.NET
- A database – SQL Server Compact, a development version of SQL Server, which powers a lot of businesses
- Development tools – An editor that makes it easy to build sites and that makes it easy to move your project to the full-fledged Visual Studio when it’s time
- Built-in web apps – Makes it easy to add web applications like Wordpress, DotNetNuke and Joomla! to your site
- SEO tools – A built-in SEO reporter helps you make your site more indexable by search engines
- Site publishing tools – Support for FTP, SFTP and WebDeploy to move your site from your development machine to the real thing
Want to find out more about WebMatrix? Watch the online stream of our Enter the WebMatrix presentation at the CodeMash conference today at 12:30 p.m. EST (9:30 a.m. Pacific) and see it in action. 
|
-
 Let me introduce you to Lucas. He’s a Web Designer / consultant who’s setting up webservers the OLD way.
What do I mean by that? As IT Pros/Technical folks with multiple Hats, I know that I used to get asked to setup web servers for various projects and it was a PAIN IN THE A** to figure out what dependencies and configurations / connection strings / language runtimes had to be installed to get everything to work harmoniously. A while back We created something that simplifies a whole bunch of complexities around this topic. We called it Web PI (Web Platform Installer). The sad part is that a lot of people STILL don’t know about what the heck it is and are STILL setting up Windows based web servers the long and hard way… It’s drop dead simple to use. You download it. Choose the language RunTimes / Applications to install and click Finish. Get’s your WordPress, Drupal, Joomla and MORE up and running on the Windows stack lickity-split! Yup – if you get requests for some of these web applications to run within your organization and you want to simplify your overall patch management and application management by sticking with the Windows platform – this is the tool for you. Want more information? Check out this nifty video that went up on Channel9 the other day. 
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
Want to know more About.me? 
|
-
 Over pints Pierre Roman, Bruce Cowper and Rick Claus decided they would put together a concise and timely podcast each “Update Tuesday”. The object is to keep it simple by letting you know in plain non technical language what the updates are, what they resolve and why you should care.
As always - if you have suggestions on making it better - please pass on your comments. Mail Rick directly – rick.claus@microsoft.com
Direct Download:
Subscribe to the podcast: (so you don't miss an episode)
  
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
In Depth Webcast on this bulletin will take place: Wednesday, January 12th – 11:00 AM PDT (UTC -7). (Registration link):
Bulletins discussed for January 11th, 2011:
Podcast Participants: Rick Claus, Pierre Roman
Additional Technical Show Notes:
- Recorded remotely with Rick in his home office, Pierre somewhere in Northern Quebec.
PodSafe music from PodSafe Music Network @ http://music.podshow.com/. Artist: Derek K Miller, song - “You’re the Big Sky - rock guitar instrumental”
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn 
|
-
In conversations with UG leads across the country, we heard clearly for Canada the cloud represents so many opportunities for organizations, developers and IT Pros. After listening to the feedback, through these conversations and others from TechDays, we decided we needed to do something that drives awareness and helps grow skills. That something turned out to be the Azure Community Promotion. The Azure Community Promotion was launched in mid-December to allow user group (UG) community members to give back while growing their skills learning Windows Azure. For each individual that took the time to grow their skills and shared their experience, we committed to donating $25 to that user group and also send the individual a $25 gift card. There was no limit on how many UG members could participate but all validation screenshots needed to be submitted to cdnazure@microsoft.com by Dec 31st. 
Before the promotion ended, John Oxley stated in a blog post that he wanted to see us reach a goal of over $3000 by December 31st! Well, you did it! Through your efforts and on behalf of your user groups a total of $4325 was raised from over 170 submissions benefitting 28 user groups across the country! What makes this result even more special is that everyone contributed at a time when family and spending time with loved ones are especially important. The fact that many of you also chose to give back to the community and assist your local user group just shows how when we work together we can achieve so much to the benefit of many. Our heartfelt thanks to each and every individual who took the time to try Azure and deploy an application. In the coming weeks we will be sending out gift cards to those who submitted an Azure application as part of the promotion. We will also be contacting each of the user group leads whose groups benefited from the promotion and who were so instrumental in getting the message out to their membership and soliciting everyone’s participation to help raise some always welcome additional funds to the group. Once again, thanks to all who participated and for raising $4325 for user groups across Canada! Damir Damir Bersinic Senior Platform Advisor, Microsoft Canada 
|
|
|
|