Redmondmag.com

Transcription

Redmondmag.com

Project1
4/14/09
freddiefab
4:00 PM
Page 1
The Know-IT-All Quiz Question 1:
eDiscovery is defined as:
A) Online speed dating
B) Getting to know that hot chick on Second Life®
C) Touring the world on Google Earth™
prettymary
D) A panicked last-minute request from your corporate legal
department that will require you to wade through
endless terabytes of ESI, on top of your already-full workload
Find all your answers here.
<H;;0J^[Adem#?J#7bbÊi=k_Z[je[:_iYel[ho
<H;;0J^[Adem#?J#7bbÊi=k_Z[je[:_iYel[ho
Æ[l[hoj^_d]oekd[[Zjeadem$
Æ[l[hoj^_d]oekd[[Zjeadem$
mmm$c_ceiWioij[ci$Yec%h[ZcWo
mmm$c_ceiWioij[ci$Yec%h[ZcWo
CEH;½
=[jOekh<H;;9efoe\
J^[Adem#?J#7bbÊi=k_Z[
je[:_iYel[ho
J^_i\h[[*.#fW][]k_Z[Xeea0
MWbaioekj^hek]^j^[[:_iYel[hofheY[ii
?Z[dj_Ó[i[:_iYel[hoj[Wcc[cX[hi
9bWh_Ó[ij^[d[m<H9FWc[dZc[dji"WdZm^Wj
j^[oc[Wd\eh?J
>[bfioekjefheWYj_l[bofbWd\eh[:_iYel[ho
m_j^_doekheh]Wd_pWj_ed
L_i_jmmm$c_ceiWioij[ci$Yec%h[ZcWo
je][joekh<H;;YefojeZWo
3200 Coronado Drive, Santa Clara, CA 95054 | 408-970-9070 | [email protected]
0509red_Cover.v2
4/13/09
11:13 AM
Page 1
Foley: For Microsoft, ‘Open’ Is the Hardest Word
M AY 2 0 0 9
Behind the
(IE)8 Ball
REDMONDMAG.COM
Will IE8 scratch or
run the table?
+
Join the (Third) Party at Tech·Ed!
Managing Security in the Cloud
Microsoft Tries to Get Windows Mobile Moving
Speeding up SQL Server with Wait-Time Analysis
Project8
7/3/08
12:42 PM
Page 1
Project8
7/3/08
12:44 PM
Page 2
%" ) %" "' $ $ ! '"% #$"$ &$ '$ %###
$ # %$ # " + " # $,* $ " %! $ ## !" $")$ $ $ !$$ %$ %#$") #$"#
" # $, "&", #)#$# " " # $ #!
!$$ #
'" "#
"% !($)* ' &"
$ #$ !" "!" " $ %#$")
$ &"! !"#$! ! $% "#$ ! %)" &$ $$ % !,# $ #! #(# &%&##$
'#$&$ #!$!% ! !,# $ # $)$%$ ! *&# (% ! % $%!# %$ ""%!
$!%(# &$ $$ % )% $!%(# $ %## ! + #%$ #$#'
$!%(# &$ $$ % )% $!%(# $ %## ! + #%$ #$#'
Project10
2/6/09
2:24 PM
Page 1
WELCOME TO A PLACE WHERE ANYTHING IS POSSIBLE.
WHERE IF YOU DREAM IT, YOUR INFRASTRUCTURE BECOMES IT.
FROM DATACENTER TO DESKTOP.
Virtualization
Project10
2/6/09
2:25 PM
Page 2
YOU DO MORE. YOU SAVE MORE.
THE BARRIERS TO VIRTUALIZATION FALL AWAY.
The end-to-end virtualized infrastructure is now a reality. From servers to desktops to
management, it’s all possible with Microsoft’s comprehensive and cost-effective portfolio
of virtualization products and solutions. Find out more at microsoft.com/virtualization
Project2
3/10/09
3:43 PM
Expert Knowledge
Page 1
Backup and Recovery
Performance Management
Resource Management
“"Our estimates?
0 a year.
LiteSpeed saves us over $100,00
THAT rocks! "
BA Manager
- Thomas LaRock, D
Save Time and Money Without Adding Hardware
See Why Customers Trust LiteSpeed® for SQL Server
Thomas LaRock, DBA Manager at an international investment company, depends on LiteSpeed as
his backup and recovery solution.
“LiteSpeed has been in our shop for about five years. With the dramatic increase in servers —
from just a handful to over 150 — LiteSpeed has proven invaluable in saving precious disk space.
We estimate savings of over $100,000 a year just by using LiteSpeed. It not only saves us time and
money for backups and restores, but has additional functionality such as object level recovery and
the ability to write T-SQL statements against the backup file itself. Only Quest can do that.
“ Thank you, Quest, for introducing me to LiteSpeed.”
The industry leading SQL Server backup and recovery tool is now available for Oracle.
Lean how to unify your cross platform strategy.
Read our new technical brief at www.quest.com/BackupSavings
©2009 Quest Software, Inc. All rights reserved. Quest and Quest Software are trademarks or registered trademarks of Quest Software.
All other brand or product names are trademarks or registered trademarks of their respective holders. DBA-SQLServer-Q2-1082009.
0509red_TOC5.v6
4/13/09
12:29 PM
Page 5
Redmond
Contents
M AY 2 00 9
The Independent Voice of the Microsoft IT Community
COV E R STO RY
Behind the
8 Ball
Under pressure from competitors in a
high-stakes game, Microsoft is releasing
Internet Explorer 8. But will the new
browser scratch or run the table?
Page 22
REDMOND REPORT
13 Mixed Views on
Cisco’s Server Play
14 Microsoft’s Open
Source White Paper
TIPS & TRICKS
16 Professor PowerShell
Provider Peek
16 Pop Quiz
High Availability
(Exam 70-652)
16 Windows Advisor
Dots Before My Eyes
17 Windows Advisor
Windows Server Adrift
COLUMNS
8
F E AT U R E S
The YouTube Mess
30 Let’s (Third) Party!
Independent software vendors have long been the life of Microsoft’s
party by producing products that fill in the gaps Redmond leaves open.
For Tech·Ed North America 2009, we celebrate third-party vendors and
preview what they’ll be announcing and demonstrating at the show.
37
Barney’s Rubble:
Doug Barney
60 Never Again:
Ed Mahlum
When IT Meets Legal
A Secure Leap into the Clouds
Companies looking to reduce costs through cloud computing
will have to make some tough decisions about security.
47
Windows Mobile’s New Moves
Facing strong competition from Apple and Google, Microsoft looks to
re-tool Windows Mobile for the enterprise market.
54
SQL Speed Secrets
Group Therapy
Wait-time analysis can help improve performance
by focusing on how long applications take to
respond to queries.
18
PlateSpin Forge offers peace of
mind at a reasonable price.
69 Security Advisor:
Joern Wettern
AppLocker Reins
in Applications
72 Foley on Microsoft:
Mary Jo Foley
REVIEWS
Product Reviews
DR in a Box
62 Mr. Roboto:
Jeffery Hicks
21
Free VM Discovery
For Microsoft, ‘Open’ Is
the Hardest Word
Embotics’ V-Scout ends the
days of tracking your virtual
machines via spreadsheet.
A L S O I N T H I S I S S U E 6 Redmondmag.com | 10 [email protected] | 71 Ad and Editorial Indexes
COVER IMAGE FROM GETTY
0509red_OnlineTOC6.v4
4/13/09
1:13 PM
Page 6
Redmondmag.com
M AY 2 0 0 9
Questions with ...
Jillian Mansolf
RCPmag.com
Inaugural RCP Platinum
Partner Program Awards
O
R
A
AT
INU
P R OG
M
ne of the benefits of using Microsoft products is the huge vendor
community surrounding the company’s wares. Hardware, software and
integration solutions are supplied by a myriad of third-party companies and
resellers, and these solutions can lower the cost and improve the performance
of Microsoft’s many tools.
R TNER
PA
Redmond Channel Partner surveyed more than 500 readers
to find out which companies offered the best results when
partnered with Microsoft. Some of the top readers’ choices
include Hewlett-Packard Co., Dell Inc. and Cisco Systems Inc.
Readers chose 15 companies’ partner programs as the best of
the bunch. Find out which ones took top honors, and learn how
each company can benefit your business. FindIT code: RCPPlatinum
M
PL
VirtualizationReview.com
Which Hypervisor Rules
the Roost?
A
s virtualization becomes a reality for many businesses, the question of
which hypervisor to choose is growing increasingly important. There are
many choices available, but the top three most-popular hypervisors are
VMware ESX, Microsoft Hyper-V and Citrix XenServer. Virtualization Review
compared these three products in an extended stress test to see which one,
if any, had a performance edge. Read more about how each hypervisor
measured up, and find out if one of the three is the perfect fit for your
virtualization environment. FindIT code: VRMHyperLab
REDMONDMAG.COM RESOURCES
Resources
Enter FindIT Code
>> Daily News
>> E-Mail Newsletters
>> Free PDFs and Webcasts
>> Subscribe/Renew
>> Your Turn Editor Queries
News
Newsletters
TechLibrary
Subscribe
YourTurn
Jillian Mansolf, senior
VP of sales and marketing
at Data Robotics Inc.,
tells Redmond about
DroboPro, the company’s
cutting-edge storage
technology. Read more
from Mansolf and watch
her full interview online.
FindIT code: DroboPro
Jillian Mansolf
Who’s the target for DroboPro?
DroboPro is appropriate for SMBs or
government/education organizations
using Microsoft Small Business Server
or Essential; replacing tape backup;
and storing virtual server images and
digital photos.
Is DroboPro a direct sell or a
channel play?
100 percent channel—since day one!
We have a fantastic partner program
that’s available.
Can Drobo drives managed under
DroboPro be managed under other
storage-management software?
DroboPro is compatible with the
same software applications and
suites as any traditional RAID array.
What Are
FindIT Codes?
Throughout Redmond, you’ll
discover some stories contain
FindIT codes. Key in those codes
at Redmondmag.com to quickly
access expanded content for the
articles containing those codes.
Redmondmag.com • RCPmag.com • RedDevNews.com • VisualStudioMagazine.com • VirtualizationReview.com
MCPmag.com • CertCities.com • TCPmag.com • ENTmag.com • RedmondEvents.com • ADTmag.com • ESJ.com
6 | May 2009 | Redmond | Redmondmag.com |
Project1
3/31/09
1:12 PM
Page 1
Are you controlling your servers, or are they controlling you?
It’s time for virtualization from CDW.
Microsoft® Windows Server® 2008 Enterprise Edition
• Built-in Web and virtualization technologies enable you to increase the reliability
and flexibility of your server infrastructure
• Reduces costs, increases hardware utilization, optimizes IT infrastructure and
improves server availability
• Security innovations provide high levels of data protection
Open License Business1 $2293.99 CDW 1418220
For display only
HP ProLiant DL360 G5 Rack-mount Server
Hard drives sold separately
HP SMART BUY2
• Two Quad-Core Intel® Xeon® Processors E5420 (2.50GHz)
• Memory: 4GB std., 64GB max. (PC2-5300)
• Hard drives: none ship std., up to six hot-pluggable
SATA/SAS drive bays available, 1.5TB max. storage
$2429 CDW 1345094
HP LeftHand Virtualization SAN
• Dual controllers, 10.8TB, 15,000 rpm SAS
• Ideal for virtualized environments
• Optimized shared storage, enabling scalable performance
and non-disruptive configuration changes
Call CDW for pricing
We’re there with the server virtualization solutions you need.
It’s time to end the server sprawl. CDW can help you run all your operating systems and applications from
a single virtual server. Not only does that free up space and lower costs, it also reduces IT management. Our
technology specialists can recommend the right virtualization solution for your business. And our custom
configuration services will set up your technology to your specifications. So call CDW today, and finally put
your servers in their place.
CDW.com 800.399.4CDW
1
Purchase five licenses OR one processor license to qualify for the Microsoft Open License Business program; media must be purchased separately; call your CDW account
manager for details. 2HP Smart Buy instant savings reflected in advertised price; HP Smart Buy instant savings is based on a comparison of the HP Smart Buy price versus
the standard list price of an identical product; savings may vary based on channel and/or direct standard pricing; call your CDW account manager for details. Offer subject to
CDW's standard terms and conditions of sale, available at CDW.com. ©2009 CDW Corporation
9494 C_095A18_Redmond_5-1.indd 28
3/27/09 2:59:05 PM
0509red_Rubble8.v4
4/13/09
1:09 PM
Page 8
Barney’sRubble
by Doug Barney
Redmond
THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY
R E D M O N D M AG .CO M
M AY 2 0 0 9
The YouTube Mess
■
VO L . 1 5
■
N O. 5
Editorial Staff
Editor in Chief Doug Barney
Executive Editor, Features Lee Pender
Managing Editor Wendy Gonchar
Associate Managing Editor Katrina Carrasco
T
he Internet is like the wild West, full of excitement,
change and all manner of outlaws, renegades and
ne’er-do-wells. That’s fine for most grownups, but
I’ve got four kids and the seamy side of the ’Net doesn’t
Contributing Editors
Mary Jo Foley
Jeffery Hicks
Joern Wettern
Art Staff
Art Director Brad Zerbel
Senior Graphic Designer Alan Tao
Online/Digital Media
make me happy.
Editor, Redmondmag.com Becky Nagel
Executive Editor, New Media Michael Domingo
Online News Editor Kurt Mackie
My daughter Kiley just turned two, and
loves all things Elmo, Barney—not me as
much as the dinosaur—and Teletubbies.
We were watching a Barney video and
then clicked on another—only to see
Barney gunned down (fortunately not
me, but the dinosaur Barney).
I shut it down fast, but the damage
was done. The same thing happened
with Winnie the
Pooh and Teletubbies. These are the
second or third or
fourth videos
offered in these categories, and there’s
no warning that
these cuddly creatures will be met
with violence from
some Internet
imbecile. There are no labels or titles.
Nothing. And these are on some hugely
popular kids’ YouTube spots.
I’m no fan of censorship, but what I
hate even more is seeing my sweet
daughter traumatized!
Then, there’s Xbox Live.
This Christmas my 13-year-old son
Nick just had to have the Xbox 360.
My first observation: the irony that a
teenager thinks a Microsoft game
product is the coolest!
I explained that we already have a
Gameboy, Gameboy Advance, Nintendo
DS, Nintendo 64, an original Nintendo,
a Wii, a PS2 and plenty of PCs, and he
had a nearly new MacBook. Nick didn’t
budge. Talking sense into a 13-year-old
is like convincing Bill Maher that God
exists—ain’t gonna happen.
So off I went to Best Buy for an Xbox,
which came to about $300. A small
portfolio of games to make the console
actually useful came to another $240.
After lightening my wallet by $540
bucks, the young Master Barney just
had to have Xbox Live,
which is another $50 a
year. I was done shelling
out the coin, so he
conned his mother into
funding Xbox Live.
Microsoft markets
Xbox Live as achieving
lofty goals. Live gamers
can connect to others
from across the world
and, besides competing,
learn about new cultures.
Bunk! Xbox Live is just one extended
crank phone call. Nick and his older
brother David play Xbox Live all
weekend long. The first thing I noticed
is they never use their real voices. The
15-year-old David pretends to be a
Harvard professor, arguing, pontificating
and lecturing.
Nick has a range of characters. He
imitates Barack Obama, plays a character
named Nerd Boy and pretends to be
only 7. I’m not sure how cultured my
sons are becoming, but their acting
chops are really coming along.
Thoughts on YouTube or Xbox are welcome at [email protected]. –
Associate Editor, Web Gladys Rama
Web Producer Shane Lee
Director, Web Development Rita Zurcher
President Henry Allain
Vice President, Publishing Matt N. Morollo
Vice President, Editorial Director Doug Barney
Director, Marketing Michele Imgrund
Online Marketing Director Tracy S. Cook
President & Neal Vitale
Chief Executive Officer
Senior Vice President & Richard Vitale
Chief Financial Officer
Executive Vice President Michael J. Valenti
Vice President, Finance & Christopher M. Coates
Administration
Vice President, Digital Media, Abraham M. Langer
Audience Marketing
Vice President, Information Erik A. Lindgren
Technology & Web Operations
Vice President, Digital Media, Doug Mashkuri
Advertising
Vice President, Carmel McDonagh
Attendee Marketing
Chairman of the Board Jeffrey S. Klein
Reaching the Staff
Staff may be reached via e-mail, telephone, fax, or mail.
A list of editors and contact information is also available
online at Redmondmag.com.
E-mail: To e-mail any member of the staff, please use the
following form: [email protected]
Framingham Office (weekdays, 9:00 a.m. – 5:00 p.m. ET)
Telephone 508-875-6644; Fax 508-875-6633
600 Worcester Road, Suite 204, Framingham, MA 01702
Irvine Office (weekdays, 9:00 a.m. – 5:00 p.m. PT)
Telephone 949-265-1520; Fax 949-265-1528
16261 Laguna Canyon Road, Suite 130, Irvine, CA 92618
Corporate Office (weekdays, 8:30 a.m. – 5:30 p.m. PT)
Telephone 818-734-1520; Fax 818-734-1528
9121 Oakdale Avenue, Suite 101, Chatsworth, CA 91311
The opinions expressed within the articles and other contents
herein do not necessarily express those of the publisher.
PHOTO ILLUSTRATION BY ALAN TAO
Project2
4/10/09
1:50 PM
Page 1
0509red_Letters10-12.v5
4/13/09
1:15 PM
Page 10
[email protected]
Stopping Scareware
Doug Barney’s recent Barney’s Rubble column [“Scareware
Creeps,” February 2009] solicited ideas for combating scareware.
I have one, though it would be politically difficult to implement.
I suggest forcefully enforced and
prosecuted laws with international
reciprocity against scareware attacks,
with penalties of 20 years in prison, no
flexibility in sentencing and no possibility of parole. In addition, it would
be stipulated that the perpetrator
would have absolutely no contact with
any form of IT for that period. I
would also suggest no consideration of
age in the criminal proceedings.
Just the illustrations in the feature
that accompanies your column [“Who’s
Afraid of Scareware?” February 2009]
demonstrate the impact of this malicious activity. How much goes into
enforcement and prosecution of a
bank robbery versus the economic loss
during a robbery? At least the same
ratio should apply to phishing, scareware, Trojans and so on.
Name withheld by request
Boston, Mass.
I think what happens in the movie
“Casino”—where they catch the guy
cheating and bust every one of his fingers
with a ball-peen hammer—should go
for spammers too. We’re way too
lenient with those jerks.
Paul Maglinger
received by e-mail
Copy Protection:
Ready for Retirement
In his January Barney’s Rubble column
[“Copy Protection: Aaarrrrrgh”], Doug
Barney asks if it’s “time to make protection walk the plank.”
I say, no, it’s long past time!
The drudgery of trying to recreate
files from a dead hard drive has led
me to recommend Ubuntu Linux to
most everyone caught in a copyprotection situation.
Much of the time, the need to rebuild
is caused by an errant service pack. So,
first manufacturers trash the system,
and then try to make you buy new system
disks—and after all that, the manufacturers don’t even want to support the
Ronald Repp
new system.
received by e-mail
All of this copy-protection nonsense is
driving people to open source software.
Glenn Hennessee
received by e-mail
I’m a software developer, so I can see
both sides of the issue, but the
Microsoft implementation is so over
the top that if it wasn’t for its monopoly
position on the desktop, people would
stop buying the company’s products.
My copy-protection experience is as
follows: My HP Pavilion, circa 2004,
allowed creating a DVD recovery
disk—but “only one copy.” However,
after my hard disk crashed I used the
recovery disk to restore the OS and
apps on the replacement hard disk, and
it did allow me to create another recovery
disk. Go figure.
Still, I heartily agree that with
Windows Genuine Advantage, the
“advantage” is clearly Microsoft’s. All
three of my copies of Office 2003 Pro,
which I received directly from Microsoft
after attending various Redmond
events, required activation and Office
Genuine Advantage.
Long ago I downloaded the release
candidate for Windows XP. When the
product activation didn’t work, I spent
some time on the phone getting that
done. The day before XP went live, I
bought a full retail copy of Windows
2000. I’ve used that disk numerous
times on various test PCs, but have
never installed it on more than one PC
at a time (just try doing that with XP or
Windows Vista).
The only favorable experience I’ve
had with Microsoft product licensing
was when I subscribed to Microsoft
Action Pack, which allows 10 installs
of most products for testing and development for the one-year term of the
subscription. But even then, at the end
of the term there were numerous stern
warnings about uninstalling all copies
and destroying the media.
Bill Mitchell
received by e-mail
Whaddya Think
?!
Send your rants and raves to
[email protected].
Please include your first and
last name, city and state. If we
use it, you’ll be entered into a
drawing for a Redmond T-shirt!
Project12
3/12/09
2:16 PM
Page 1
Procrastinating?
Calendar Reminder
Upgrade SharePoint
Status:14 weeks overdue
Remind me in:
1 week
Ignore
Snooze
OK
Try Metalogix and finish your upgrade today
SharePoint Site Migration Manager removes the
hassle and risk in SharePoint Upgrade projects
^
Efficient:
Upgrade with zero downtime; save days or weeks of work
^
Economic:
Consolidate servers and move only the data you need
^
Easy to use:
Migrate content with just a few clicks in real-time or in batch mode
^
Reliable:
Retain all metadata, versions, views, permissions, and web parts
^
Comprehensive:
Migrate all SharePoint Sites, Lists and Library Types between servers
with full fidelity using fully supported SharePoint APIs
^
Flexible:
Migrate between versions, between farms and hardware platforms.
Supports granular migration, site re-templating and site reorganization
^
Broad support:
Migrate from WSSv2.0 or SPS 2003 to WSSv3.0 or MOSS 2007
Download a FREE trial now – you’ll get your weekend back
www.metalogix.net/Redmond4
Contact sales now 214-302-8064 – [email protected]
CopyrightCopyright
MetalogixMetalogix
2009, All2009,
rightsAll
reserved
rights reserved
metalogix
metalogix
0509red_Letters10-12.v5
4/13/09
1:15 PM
Page 12
[email protected]
Crumbling Monopoly …
I agree with Doug Barney’s column, “A
Monopoly Means Never Having to Say
You’re Sorry” [Barney’s Rubble,
March 2009]: Microsoft has
had a heavy chokehold on
the desktop for quite
some time. Even with a
less-than-desirable OS,
the company still dominates
the market. But we all know
that sooner or later it will
come to an end. Monopolies
always do. It’s just a matter of what
will bring it down, and when.
I don’t think a competing desktop OS
will do it, because I think Google will
make the desktop OS a moot point.
Google offers so many features—not to
mention so much storage—that it boggles
the mind. Upload a Word, PowerPoint
or Excel document to Google, and you
can make changes, share it, send it and
even schedule it for distribution. It seems
Google has a program to do whatever
you want from any device with a browser
and an Internet connection. Plus, Google
doesn’t have to charge to use its programs, because its revenue centers
around a mix of advertising models.
This is definitely winning the hearts of
consumers very rapidly, and as a consequence, Google is building in a direction
Microsoft can’t compete with.
Google’s model may take a little longer
to be adopted by the corporate world,
but the consumer is primed and ready.
So, my vote is for Google—it won’t
replace desktops, but rather replace the
Bob Thomason
way we use them.
Magnolia, Ark.
Microsoft is losing its monopoly at an
amazing pace. Linux is offered at
Walmart, Best Buy and Target, primarily
on netbooks. Macs are available at Best
Buy and in every mall. Every machine I
see in the stores has an alternative OS.
I’m willing to bet Barney a warm Brie
that Microsoft lost double-digit household market share in 2008.
However, a different perspective
comes from doing business in the
District of Columbia. Microsoft truly
has a death grip here. Other than a
few wavering Solaris servers,
Microsoft is on everything. For
Microsoft to lose its desktop
monopoly, other vendors
will need to make their
enterprise offerings more
competitive. I’m an IT manager;
make me want your OS. Until then,
I’ll use Microsoft.
Name withheld by request
Washington, D.C.
… Or Will Microsoft Stay Strong?
I agree with Barney’s prediction that
Linux will never have the retail acceptance that Windows does, because
people associate free software with
Windows 7 is here to make
Leopard look like a kitty.
bugs, viruses, worms and spyware. Free
isn’t always good in people’s minds.
Most of the operating system battle
will be between Macs and PCs. And
ever since Microsoft announced
Windows 7 and released the beta, critics
everywhere in the world are saying that
it’s amazingly great. Windows 7 is here
to make Leopard look like a kitty.
Ricardo Dorador
Lima, Peru
Windows Vista is the only game in
town. At first, I resisted the move to
Vista, but after SP1 came out I finally
warmed up to it.
About two weeks ago I rebuilt my
Dell at the house. The laptop I bought
my daughter last year was running Vista
Home Premium. I played with it for a
while, and it just had a freshness about
it as compared to XP (which I’ve loved
dearly). So I went out and bought a
copy of Home Premium for the Dell.
After rebuilding, I found no problems,
with the exception of an older game or
two. The box runs sweet and fast and
has an up-to-date look to it. It seems
my fear of Vista was unfounded.
This week I needed to rebuild my
development machine at the office.
We use a lot of stuff to develop our
product. However, in short order, I got
the machine running well under Vista
Enterprise. All the dev tools work.
Another success.
I wouldn’t suggest that you deliberately toss a good XP configuration for
Vista, particularly if you’re using old
hardware. However, if your machine is
less than two or three years old and has
the specs, go for it.
Bruce W. Roeser
Deland, Fla.
Barney is 100 percent correct that
Apple’s products aren’t worth the hassle.
I recently visited a Mac store with a
friend who had a malfunctioning
iPhone. After three hours of going back
and forth between the Mac store and an
AT&T booth in the mall, he got a
working phone. There were as many
people at the Mac store with problems
as there are in a Best Buy at the Geek
Squad desk or anywhere else. The betterthan-you attitude Barney mentions was
also quite prevalent.
I like Macs and have used several. I’d
buy one myself if not for the fact that I
can buy two or three PCs for the same
amount of money.
As for Linux, I’ve used it before, and
Ubuntu is the easiest. I don’t see the fun
in having to type out a command to do
a simple install. Ubuntu packages are
the closest to an executable install program that I’ve seen in the Linux world.
I’m the IT department here at work,
and there are no plans for Linux or Mac
in the short term. I think if Windows 7
is as good as beta users say it is, it will
cement Microsoft in the desktop world.
Edward L. Bailey
Livonia, Mich.
PHOTO ILLUSTRATION BY ALAN TAO
0509red_MSSuppF1_C1-10.v15
3/27/09
3:55 PM
Page C1
SPECIAL PULLOUT SECTION
Not Just Another Pretty Sticker: Exploring the Upside of
‘Certified for Windows Server’
Software Logos from the Enterprise Customer Perspective
Free test tools and certification
requirements help
resource-strapped enterprise
IT groups assess technical quality
and wield buying power for
better experiences deploying
server applications.
By Peter Varhol
W
hatever assurances are made during the sales cycle, the
enterprise IT group is ultimately responsible for
deploying applications successfully across the enterprise.
What’s more, it’s the IT professional who prioritizes,
troubleshoots and resolves the issue—with or without support from the
independent software vendor (ISV).
While IT professionals have good reason to be skeptical of software marketing
claims, one lesser-known marketing designation is flexing its technical muscles:
the “Certified for Windows Server 2008” logo. The certification program just
may help resource-strapped IT pros predict technical problems prior to
deployment—and use buying power to ensure technical quality of the in-house
or third-party applications they deploy.
| Redmondmag.com | Redmond |
Project1
3/27/09
2:05 PM
Page 1
Superior reliability, availability,
stability, security and compatibility.
Brought to you by software vendors who care enough to deliver the very best.
Active Templates AS
Adam Software
Airsoft Consulting
Alachisoft
ALC, spol. s r.o.
Aras Corp.
ASDIS Software AG
BMC Software
bpCentral Inc.
CA Inc.
CargoWise edi
Centrify Corp.
Citrix Systems Inc.
Commvault Systems
Computer Engineering &
Consulting Ltd.
Controlled Data Inc.
Corporate Web Solutions Ltd.
Digipede Technologies LLC
Digital Persona Inc.
Diskeeper Corp.
Electronic Office Systems (EOS)
EMC Corp.
Enterprise Informatics
Ericom Software
ERP-Link Corp.
Eurostep AB
Evidanza GmbH
Exact Holding N.V.
Fabasoft AG
FFC Ltd.
FileMaker Inc.
Gael Ltd.
Global 360 Inc.
Handshake Software
Helicon Tech Corp.
IBM Corp.
ICONICS
ILOG
Kaspersky Lab
KodeCompagniet AS
Lieberman Software Corp.
Linedata Services
ManageSoft Corp.
Microsoft Corp.
Ministerie van Defensie
nCipher Corp. Ltd.
NEC Corp.
NEOJAPAN Inc.
NetApp
New Atlanta Communications
New Resource Group Consulting Inc.
Nintex
OBIC Co. Ltd.
OHKEN Corp.
Open Text Corp.
OpusCapita
OSI Software Inc.
OSK Co. LTD.
Pragma Systems Inc.
Quest Software Inc.
Raxco Software Inc.
Sliq Media Technologies Inc.
SuperOffice Business Solutions AB
Symantec Corp.
ThinPrint GmbH
Transpara Corp.
Trend Micro Inc. (JP-RD)
Wings Infonet Ltd.
WISeKey SA
ZeroNines Technology Inc.
104 Corp.
Activate Technologies
Advance Software Corp.
Agresso R&D AS
AMTECH Computer Services Inc.
Assuria Limited
Attachmate Corp.
Basic Partner AS
Brady Corporation Inc.
CGF
Ching Hang Information CO. LTD.
EMC Corp.
Enabling Simplicity LLC
Epicor Software Corp.
Gallagher & Robertson AS
Handshake Software
Helicon Tech Corp.
Hogia
Infodoc AS
iSmart Business Solutions Pvt Ltd.
Metrix LLC
MSC Ltd.
MultiCase Norge AS
Net at Work Netzwerksysteme GmbH
NetPro Computing Inc.
NetWrix Corp.
OSK Co., LTD.
Paragon Technologie GmbH
Perform Information Communication
Technology
Portlock Corp.
ProfitBase
RES Software
Schlumberger Technology Corp.
Shanghai Best Oray Information
Technology Co. Ltd.
Shinyuu Consulting Co. Ltd.
SiteCore ApS
SpikeSource Inc.
Spotfire AB
Symantec Corp.
Syscom Computer Engineering Co.
Tectura Corp.
Teknica Software Inc.
TETA S.A.
Visma AS
WebOracle LLC
Find a complete list of independently tested applications at www.windowsservercatalog.com.
Learn about the “Works With” and “Certified For” technical bars and download free test tools at
www.innovateonwindowsserver.com.
Join the conversation at MSDN > Forums Home > Windows Server > Windows Server 2008 Application
Compatibility and Certification.
3/27/09
3:09 PM
Page 1
Dismissed by some as just a “paperwork thing,”
Windows Server software certification actually designates applications that are subjected to 50 to 80 hours
of testing by an independent third-party lab. Testing
comprises about a hundred Microsoft-recommended
practices for security, stability, reliability, availability and
basic compatibility with the Windows Server 2008 and
R2 versions of the operating system. Virtually all of these
test cases apply to enterprise use.
Microsoft is starting to promote the certification as the
ultimate technical bar for enterprise server applications.
According to Venkat Krishnamachari, senior program
manager responsible for the Windows Server 2008
software certification program for Microsoft, “By ensuring that all server applications install in the same manner
and behave consistently, the overall server quality and
reliability improves.”
“By not supporting technical shortcuts,
deprecated APIs or convoluted installation
techniques, certification enables
enterprises to have a high level of
confidence that an application will continue
working as designed through operating
system updates and other changes to the
operating environment.”
Venkat Krishnamachari, Senior Program Manager, Microsoft
In addition, Krishnamachari notes that the certification
enables applications to prepare for the future. “By not supporting technical shortcuts, deprecated APIs or convoluted
installation techniques, certification enables enterprises to
have a high level of confidence that an application will
continue working as designed through operating system
updates and other changes to the operating environment.”
Starting with a detailed review of the test cases themselves, this article will explore the ways IT professionals
and systems integrators can use the logo program to
leverage better technical quality in third-party software.
Testing for Logo Certification
Described at length in test framework documents and free
test tools available at www.innovateonwindowsserver.com
(under the “Test” tab), the following sections summarize
six chapters of test cases that any ISV or IT professional
can investigate and, if desired, run against any server
applications, commercial or otherwise:
• Windows fundamentals
• Install/remove
• Security
SOLUTION SPOTLIGHT
Aras Innovator®
Aras Innovator® is a Product
Lifecycle Management (PLM)
solution, built on a .NET
model-based SOA framework.
The software is distributed using
the enterprise open source business model.
Customers include Motorola, Rolls Royce,
Freudenberg, Lockheed Martin, IngersollRand and ACCO Brands.
“
We distribute our .NET-based PLM
solution using the enterprise open
source business model, selling
optional support subscriptions. That
means our sales depend on the IT
department’s first impressions after
the download. Our certification
effort required significant
changes to our .MSI installer,
such as using only legitimate
and safe registry manipulations,
implementing a command-line
mode, implementing a clean
un-install process, adding
installation logging and removing
external procedures from install.
These changes noticeably improved
the first impression, resulting in more
enterprise support subscription sales.
In addition, the installer
improvements actually reduced
our overall support costs. Most
companies can now install the
Aras Innovator application and
be ready to evaluate in less than
30 minutes.
”
Peter Schroer
President and CTO
Aras Corp.
www.aras.com
| Redmondmag.com | Redmond | 1
3/27/09
3:09 PM
Page 2
CERTIFIED FOR WINDOWS SERVER
SOLUTION SPOTLIGHT
BMC Performance
Manager for
Servers
Provides a proactive monitoring
solution that is extensible and
scalable for your Windows, Unix and
Linux operating system environments.
“
One of our goals for BMC
Performance Manager for Servers
was to have extremely tight
integration with Windows 2008
installations, including the new
UAC feature. The Windows 2008
certification process helped us
align with the new security
configurations. Running the
compatibility tests in Hyper-V,
we were pleased to be able to
demonstrate significant new levels
of support for additional virtual
machine states, such as recovering
after save state and restore,
recovering after pause or resume,
surviving snapshot process and
not preventing shutdown.
We eventually adopted the
Microsoft certification test
tools into our development QA
processes and have added
Windows 2008 certification as
a core ‘feature’ requirement for
future releases of the product.
”
• Reliability and high availability
• Client components
• Hyper-V virtual machine compatibility
Under each chapter, Microsoft lists a number of specific
areas for test, and what the results should be in order to
pass the test. Server and Client components of 32-bit and
64-bit applications are tested on x64 platform of Windows
Server 2008 and Windows Vista. The goal is to ensure that
the application passes all of the certification tests and is
highly likely to install and operate in a predictable fashion.
While Microsoft has been encouraging ISVs to use these
tests in their build/development processes, IT departments
can also use these tests to assess technical quality of any
commercial or in-house applications, as well as custom
modifications that may or may not be certified.
When the “Certified for Windows Server 2008” or
similar “R2” logo appears on a third-party application’s
Web page, data sheets or other marketing collateral, it
means that the application has been independently tested by one of the two labs authorized by Microsoft to
conduct the 100 tests and certify the results.
“For any issues uncovered during certification testing,
ISVs must satisfy all Microsoft requirements before
the certification is awarded,” Krishnamachari says.
“Customers who discover the same issues on their own
must instead rely on the priority and timeline assigned
by the ISV’s support department.”
CHAPTER 1: TESTING FOR
WINDOWS FUNDAMENTALS
There are certain fundamental characteristics that any
application must exhibit in order to deliver a predictable
CHAPTER 1: WINDOWS FUNDAMENTALS
1.1
Perform primary functionality and
maintain stability
1.2
Check Windows version correctly
1.3
Driver-related requirements
1.4 Identify all non-hidden files in the
application
1.5
Ajay Singh
Execute appropriately in multilingual
environment
Vice President, General Manager,
BMC Service Assurance Products
1.6 Degrade gracefully when services are
BMC Software Inc.
unavailable
1.7
Support 64-bit version of Windows
running on multiple processors
1.8
Work properly in Safe Mode
www.bmc.com
1.9 Requirements for applications
publicized for running in “Server Core”
2 | Redmond | Redmondmag.com |
3/27/09
3:09 PM
Page 3
“For any issues uncovered during
certification testing, ISVs must satisfy
all Microsoft requirements before the
certification is awarded.”
experience with Windows Server 2008 and R2. These
characteristics make it possible for IT professionals in
user organizations to begin to have confidence that a
server application will behave as expected. Here’s what
applications have to do at a fundamental level in order to
pass the certification tests and provide IT professionals
with that initial confidence.
Perform primary functionality and maintain stability.
Does the application do the tasks that it’s purported to
do, in a way that doesn’t consume resources or disrupt
the operating system? Certification tests check to
ensure that the application performs basic functions in
accordance with Windows applications in general, and
its own functions in particular.
Check Windows version correctly. The application
must make the correct call to Windows Server to
determine what version and Service Pack is currently
running. This enables applications to better prepare for
future Service Packs and OS releases.
Identify all non-hidden files in the application. In
many cases, files and descriptions that aren’t readily
apparent to IT professionals can’t easily be checked and
confirmed. This requirement ensures ISVs identify those
files and provide a description, enabling IT to more easily
identify, diagnose and address application issues.
Execute appropriately in multilingual environment.
Many applications are run on versions of Windows
Server in foreign-language or international environments.
Applications that are internationalized to run on foreignlanguage versions of Windows Server have to ensure
that installation, operation and maintenance are the
same as on the English-language version.
Degrade gracefully when services are unavailable.
Often, system resources such as memory or networking
may not be readily available to the application, due to
failures or out-of-memory conditions. Applications
expecting these and similar services shouldn’t fail abruptly
if those services are not available. Instead, they must
accomplish the work they’re able to without those
services, and report to the user when a particular process
can’t be completed.
Work properly in Safe Mode. Windows Safe Mode
removes certain services, such as networking, in order to
let IT professionals diagnose and address issues of applications or the OS. A server application must be able to
SOLUTION SPOTLIGHT
Centrify
DirectControl
Centrify’s auditing, access
control and identity management solutions centrally secure
cross-platform systems, Web applications,
databases and enterprise applications using
Microsoft Active Directory.
“
The Windows Server software
certification process helps us
reinforce adherence to best
practices by requiring scrutiny
in areas we might not have
thought about. For instance,
Microsoft’s AppVerifier.exe tool
helped identify a hidden issue in
one of our C++ libraries. While it
would not have seriously affected
users, it directed us to properly
handle a critical resource, making
our solution more reliable.
Additional certification test
tools help us perform testing
that’s difficult to do in other
ways, such as Loadgen’s ability
to simulate the restricted resource
environment. Overall, the level of
scrutiny is very reassuring for us
and for our customers, and the
certification has been a distinct
competitive advantage in
our space.
”
Jim Chappell
Vice President Business
Development and Support
Centrify
www.centrify.com
R
3/27/09
3:09 PM
Page 4
SOLUTION SPOTLIGHT
Citrix XenApp™
Citrix XenApp™ is a Windows®
application delivery system that
manages applications in the
data center and delivers them as
an on-demand service to users
anywhere using any device.
work in Safe Mode so that any problems with the application in normal mode can be found and addressed in
the limited environment.
Sign all drivers. If the application employs device
drivers, those drivers must be certified separately
through the Windows Hardware Qualification Tests and
certified separately. Those drivers are tested and signed
separately from the application as a whole, to ensure that
they are safe to run in the OS kernel.
CHAPTER 2: INSTALL/REMOVE
AND CERTIFICATION TESTING
“
Customers rely on XenApp as an
enterprise-class virtual application
delivery infrastructure, and the
Windows Server 2008 Hyper-V
certification process significantly
helped us affirm reliability and
quality. Subjecting all kernel mode
drivers to WHQL certification and
signing processes can be timeconsuming, but it assures
customers that our core
functionality—executing with
system-level access—performs
reliably on the platform. In fact,
many of the tools, such as the
Driver Verifier and App Verifier,
have now become a key part of
our automated test framework
to expand our existing test
coverage. With the introduction
of Hyper-V, XenApp is increasingly
being virtualized, so our
customers appreciate that we
have certified XenApp’s stability
and reliability within a Hyper-V
environment.
”
Mick Hollison
Vice President of
XenApp Product Marketing
Citrix Systems Inc.
Installing a server application is often the first
experience IT professionals have with that application,
and the dozen test cases in this chapter enforce specific
criteria to help ISVs deliver good impressions. To
require otherwise is to invite an immediate reputation
as a difficult application that requires special expertise
and handling.
One especially irksome feature of some installations is
the reboot—or even multiple reboots—often required
if an application has or makes direct use of kernel
mode components. If the installation is occurring on a
live server, a reboot is an extremey bad thing, because
it can interrupt ongoing work. At the very least, it
increases the amount of time that live server is down.
Some organizations have failovers or clustered systems
CHAPTER 2: INSTALL/REMOVE
2.1
Installer/Technology
2.2
Do not require a system restart
2.3
Uninstall cleanly
2.4
Comply with Windows Resource
Protection (WRP)
2.5
Allow User control of installation
location
2.6
Comply with kernel mode component
requirements
2.7
Install shared components to correct
location
2.8
Do not overwrite non-proprietary files
with older versions
2.9
Support User Account Control for
installation
www.citrix.com/xenapp
2.10 Correctly configure package identity
2.11
Follow Best Practices for creating
custom actions
2.12 Follow component rules
3/27/09
3:09 PM
Page 5
that make it easier to perform a live installation,
but many use a single server for individual or even
multiple applications. Under these circumstances, a
“no-reboot” policy is essential.
Other installation test requirements deal with topics
such as privilege level for installation, the locations of
shared files and the need to not automatically overwrite
shared files. In the past shared files have been a prescription for the unfortunately named “DLL hell,” where
applications overwriting DLLs of the same name have
caused incompatibilities between different applications on
the same server. This and similar issues have been largely
addressed by enabling multiple versions of DLLs to exist,
and by previous certification requirements.
CHAPTER 3: SECURITY DRIVES
CRITICAL TESTING FOCUS
Security is one of the most important considerations for
any deployment. Server applications with known security
holes are open invitations for attackers to access the
application’s code and data, and possibly use it as a stepping stone to a broader attack across the organization.
“The security chapter is one of the most important
aspects of certification testing, because it ensures an
application’s compliance with security policies that IT
professionals would like to assume—such as secure network connections and support for smart card login—as
well as less obvious considerations,” Krishnamachari
says. “For example, the application has to ‘play well’ with
the Windows Server operating system, network and with
CHAPTER 3: SECURITY
3.1
Follow User Account Control
protection guidelines
3.2
Support smart card login and secure
credential management
3.3
Network connections must be secure
3.4
Do not make non-secure additions to
the secure desktop
3.5
Services running as LocalSystem must
not present a UI
3.6
Compatibility with virus scanning of
I/O write-to files
3.7
Clustering support
3.8
All executables must be signed
3.9
Run in a highly secure configuration
SOLUTION SPOTLIGHT
Diskeeper 2009
Diskeeper® 2009 invisibly
and automatically maintains
performance. Using InvisiTasking®
technology, performance is
consistently maximized, hardware life is lengthened and costly upgrades
and refreshes are delayed.
“
For Diskeeper Corp., achieving
Windows Server certification has
certainly improved our product’s
technical quality, while adding
consistency and traceability to
development and build processes.
For example, one requirement is to
embed a manifest with specified
privileges in all executables.
We now mandate that
developers have a legitimate
reason to increase the security
tag’s privileges, thereby mitigating previous user issues via
the Windows UAC. Certification
requirements also ensure our
developers verify each new feature
as it’s implemented. In fact, the
AppVerifier test tool once found
a previously undetected error that
was hard to reproduce, despite
extensive in-house and field testing.
The certification tools and
requirements helped ensure
that bugs like this don’t pass
into the final product.
”
Michael Materie
Director of Product Management
Diskeeper Corp.
www.diskeeper.com
3.10 Follow anti-malware policies
3.11
Active Directory support
3/27/09
3:09 PM
Page 6
SOLUTION SPOTLIGHT
eB
Enterprise Informatics’ solutions
ensure corporate information
assets are governed, secure,
controlled and trustworthy—
providing accurate data that
lowers the cost of meeting compliance
requirements.
“
One outcome of following the
certification criteria is that we are
much more vigilant about signing
all files. Previously, we tended
only to sign installers. Now, we
sign all required files and press
our vendors to do the same.
The certification criteria serve as a
solid test plan, and the tools help
you get through the checklist. The
process helps you align with
Microsoft-recommended practices
and forces you to check scenarios
you may not have considered.
Another outcome was that we
finally identified the cause of an
issue where certain files didn’t
always uninstall. Preparations for
certification revealed the
underlying installer issue,
which we managed to resolve,
and now we have perfect
uninstalls every time.
”
Leslie Robins
Marketing Communications Manager
other applications and application components.
Well-behaved applications also tend to be more
secure applications.”
User Account Control compliance is one such requirement. A user’s Windows experience can be more secure
when applications run with only the permissions they
need. Unless an application is designed to be run only by
system administrators, it must run with least privileges.
A new requirement for 2008 that causes many failures
during certification testing is that all executables must be
digitally signed. A signed executable tells the user organization that that application is valid, comes from the vendor it purports to and hasn’t been tampered with.
Any application that attempts to install a Rootkit is
ineligible for certification. Rootkits are generally
associated with malware and in any case represent poor
development practice.
Along with anti-malware practices, server applications
must work well with virus scanning software and be able
to continue operation while that software is running, in
order to be able to serve users during regular scanning
activities. Not being able to do so may result is serious
disruptions of application availability to the users.
Transparency into this chapter’s requirements—11 in
total—is perhaps the most valuable aspect for IT professionals. By studying the certification test framework
document, you can know exactly what’s covered, so that
you can focus limited resources on other tests that are
important for your specific environment.
CHAPTER 4: RELIABILITY AND
HIGH AVAILABILITY FOR
WINDOWS SERVER APPLICATIONS
There’s little question that a server application must be
reliable and exhibit high availability during normal operation. These requirements help Windows Server 2008
CHAPTER 4: RELIABILITY AND
HIGH AVAILABILITY
4.1
Demonstrate high stability under
stress
4.2
Crash recovery & downtime avoidance
4.3
Use Resources and handle Exceptions
appropriately
4.4
Debugging symbols/tools must be
available
4.5
Do not cause services to become
unavailable
4.6
Follow best practices for Windows
Error Reporting, IPV6 and Firewall
Enterprise Informatics
www.enterpriseinformatics.com
3/27/09
3:09 PM
Page 7
applications minimize the number of crashes, hangs and
reboots experienced by users. The requirements can help
in the process of creating and running software that’s
more predictable, maintainable, resilient, recoverable
and proven for the user organization.
The application has to be stable and functional under
high stress. High stress usually refers to a high load on
the application, server, network or other system
resource. While application performance is likely to
degrade under such circumstances, it must degrade
gracefully—not fail abruptly—and not produce incorrect
results. If an application uses system resources such as
memory properly, it must be able to work and degrade
gracefully under high stress.
The application also has to manage errors and exceptions gracefully, as well as recover quickly with little loss
of data and processing. Such recovery must occur with-
CHAPTER 5: CLIENT COMPONENTS
5.1.1
Verify Least-Privilege Users cannot
modify other user documents or files
5.1.2 Verify Least-Privilege user is not able
to save files to Windows System
directory
5.1.3 Verify application launches and
executes properly using Fast User
Switching
5.1.4 Verify application launches and
executes properly using Remote
Desktop
5.1.5 Verify ClickOnce application only
stores data in installed user’s folders
5.1.6 Does the client component installation
support advertising?
5.1.7 Does the entire installation suite
comply with certification
requirements?
5.1.8 Are value-added extras properly
identified during installation?
5.1.9 Verify the application rolls back the
install and restores machine back to
previous state
5.1.10 Verify the application properly
handles files in use during install
5.1.11 Verify the application is Restart
SOLUTION SPOTLIGHT
PowerTerm®
WebConnect
Ericom’s PowerTerm®
WebConnect provides secure,
centrally managed access to
business-critical applications and desktops
running on Windows Terminal Servers, virtual
desktops (VDI), blade PCs and other systems.
“
Pursuing Windows Server 2008
certification for PowerTerm
WebConnect gave us comprehen-
sive, clear guidelines on how to
improve our own testing and
build processes for even more
thorough product quality. We
already had a massive testing
battery and database, but the
requirements provided quite a few
additional complex scenarios.
Another benefit is the repository of
debugging symbols for both C++
and C# we incorporated as part of
the certification process, which
helps R&D remotely debug issues
at customers’ premises without any
changes required to production
sites. Overall, Windows Server
software certification testing
has helped us proactively
mitigate our customers’
potential need for support,
while increasing our ability to
resolve their issues quickly.
”
Ilan Paretsky
Vice President of Marketing
Ericom Software
www.ericom.com
Manager Aware
5.1.12 Verify that the application only
handles exceptions that are known
and expected
3/27/09
3:09 PM
Page 8
SOLUTION SPOTLIGHT
FalconStor
Network
Storage Server
FalconStor Network Storage
Server technology integrates
storage virtualization and provisioning
across multiple disk arrays and connection
protocols for an easy-to-use, scalable
SAN solution.
“
Certification requirements forced
us to reevaluate our security
context for each component as
part of the installation, and to
digitally sign each component to
ensure that each was known to be
a FalconStor component. The
most recent Windows Server 2008
certification improved our upgrade
process tremendously by ensuring
that each component is registered
with version information and
locatable via the security manifest
so that upgrading the correct
components is assured. Also,
security levels for each product
components are now set by the
component’s role, reducing
security risks in the installation.
As a result, the Windows 2008
Server certification process has
improved our security and in-field
upgrade reliability, as well as
simplified our support.
”
Fadi Albatal
Director of Marketing
FalconStor Software
www.falconstor.com
out crashing or affecting the stability of the system or
other applications.
Last, the application must make debugging symbols
available. Debugging symbols enable a development team
to match application steps with source code within Visual
Studio, providing a clear picture of what led up to the
error or exception. While the symbols don’t directly help
IT recover from a crash, if there’s an ongoing diagnosis
between the user organization and the vendor, the symbols
help the vendor find and fix the issue more quickly. The
application must also be prepared to send Windows Error
Reports on application errors.
CHAPTER 5: OPTIONAL TESTING
FOR CLIENT COMPONENTS
The dozen Client Component-Only test cases comprise
requirements which are not already requirements for
both client and server components in other parts of
the certification testing process. If a server application
consists of both server and client components, and the
clients have not yet been tested in the process, this is
where they are tested. All client components must be
installed and tested on 64-bit Windows Vista Ultimate.
Additional testing on 32-bit Vista is not required, making client testing relatively straightforward.
These tests are essentially an abbreviated form of the
testing described for server-based applications, including
fundamental operation, installation and removal, security
and least privilege operation, and error and exception
handling and reporting. These tests ensure that the
client operates in a similar and consistent manner to the
application server component.
CHAPTER 6: OPTIONAL HYPER-V
VIRTUAL MACHINE COMPATIBILITY
Virtualization is a fact of life, and Microsoft’s Hyper-V is
an increasingly attractive hypervisor, thanks to its tight
integration with Windows Server 2008 and its pricing
model. This makes it essential that server applications be
tested and certified in the virtual environment.
Currently only a minimum number of tests exist for
Hyper-V compatibility. These revolve around the ability
CHAPTER 6: Hyper-V Virtual
Machine Compatibility
6.1
Recover after Save State/Restore of
virtual machine
6.2 Recover after a Pause and Resume of
the virtual machine
6.3 Do not prevent Shutdown
6.4 Survive Snapshot process
3/27/09
3:09 PM
Page 9
of the application to return to full functionality after
restoring from Saved State, Pause or applying Snapshots.
Save State/Restore is used when administrators need to
perform operations on the physical machine but do not
want to lose the state of the virtual machines that are
being hosted. An example of such an operation might be
the installation of a new hardware device that requires
the physical machine to be rebooted. In addition, if the
physical server is restarted, the default action in HyperV is to Save State for any running virtual machines and
restore them again after the restart.
To pass this optional chapter of test cases, the application must also demonstrate the ability to recover after a
Pause and Resume of the virtual machine, not prevent a
system shutdown and survive the Snapshot process
intact. These are fundamental operations of Hyper-V
virtualization and representative of the types of operations many IT groups will use in normal operation of
virtualized systems.
Using Certification to Benefit Enterprise IT
Understanding the technical “muscle” behind Windows
Server 2008 software certification is the first step toward
leveraging the program to save time and resources in
your enterprise IT.
Test in-house and non-certified applications on
your own. Designed to help ISVs assess application
quality prior to submitting for formal testing, the free
certification test tools can help you evaluate an in-house
application or any non-certified software. In fact, it’s a
good idea to specify that a custom software application
must pass the certification technical bar (if not earn the
logo itself) as the final payment milestone, which helps
you ensure quality of in-house applications.
Focus resources on environment-specific testing,
not the fundamentals. It takes the authorized test labs
one to two weeks to run through all 100 certification test
cases—and they are professionals who already know the
requirements, how to run the test tools, how to interpret
the results, what behaviors to expect and what the anomalies look like. Chances are, your IT department doesn’t
have time to scrutinize every server application for all
100 test cases prior to deployment. Certification enables
you to demand that ISVs provide proof that the application meets this technical bar.
Make QA the software vendor’s problem—not
yours. With free test tools available during the ISV’s
build process—and with certification tests averaging
$10,000 to $13,000 (U.S. dollars)—the certification is
achievable for even small ISVs. As a result, it’s reasonable for customers to expect and demand upfront proof
of technical quality before the purchase decision. The
alternative is discovering fundamental issues after
deployment, and you’ll have to rely on the ISV’s support
to prioritize a fix.
SOLUTION SPOTLIGHT
Random
Password
Manager
Privileged Account Password
Management (PAPM) is a
solution that secures your organization from
employee turnover, internal threats, and
sensitive information leakage by controlling
access to administrator/root accounts.
“
Preparing for certification cleaned
up our code base and added
more formality to our product
build/release processes by
requiring code signing, consistent
and required component versioning,
and debug file creation designed
for customer access. The certification framework prompted us to
complete global localization
support for not only Latin-based
alphabets, but also iconographic,
left-to-right and right-to-left
languages internally and in the
files we generate. The result was
zero impact to the customers
when they moved our products
to the Windows Server 2008
platform, which is the ultimate
objective of certification. An
unexpected benefit is that
customers deploying our
products on older Windows
Server platforms now receive a
better, more stable and more
secure experience.
”
Philip Lieberman
President
Lieberman Software Corporation
www.liebsoft.com/
Random_Password_Manager
3/27/09
3:09 PM
Page 10
SOLUTION SPOTLIGHT
Visual KPI
Transpara’s Visual KPI is
on-demand operations
intelligence software that
provides process and utility
industry users with role-based,
actionable KPIs on mobile and
desktop Web browsers.
“
Visual KPI is used by industrial
customers to deliver real-time,
on-demand data to decision
makers. While we had a great track
record for reliability and scalability,
Windows 2008 Server testing
added dimensions like
maintaining stability when
devices are unavailable,
removed or not installed.
Adding these scenarios helped us
discover and fix unintended
assumptions about the state of IIS
that led to crashes, such as having
the Managed Pipeline Mode set to
Integrated instead of Classic. The
required 48-hour stress testing
gave us quantitative evidence of
higher performance under load.
Certification also lowered our
mean time to resolve support
incidences, as the manifests
and .PDB files we had to create
accelerated debugging and
reduced turnaround time on
resolving issues.
”
Michael Saucier
CEO
Transpara Corp.
www.transpara.com
Ensure the application’s supportability on the
platform. Choosing applications that are “Certified for
Windows Server” helps you ensure a more predictable
installation, maintenance and troubleshooting experience for server applications. The mandatory debugging
symbols alone can shave hours or even days off your
time to resolution. By specifying certification in the RFP,
you’re ensuring that you’re going to spend less time
troubleshooting and providing user support later on.
Join the conversation about what’s important.
According to Krishnamachari, “The certification program will continue to evolve by taking new technologies
into account, expanding on features such as Hyper-V, to
ensure that Windows Server 2008 applications are ready
to take advantage of these technologies with little or no
“We’re definitely interested in collecting
customer feedback on the user scenarios
that should be part of the certification
technical bar.”
modification. In addition, Microsoft will expand certification to encompass more complex scenarios—such as
application stacks as opposed to individual applications.”
He continues: “We’re definitely interested in collecting
customer feedback on the user scenarios that should be
part of the certification technical bar.”
Use your buying power to influence technical
quality. By setting a high quality and compatibility bar
with Windows Server operating systems, the software
certification program has the potential to help IT groups
reduce the time required for installation and maintenance, and help ensure a high degree of uptime for users.
“The Windows Server software certification program is
already helping ISVs deliver technically superior applications to the market. But in order to spread this quality
throughout the ecosystem, customers must initiate the
conversation with their ISVs,” Krishnamachari explains.
“It’s up to customers to ask whether the ISV plans to
save your IT department valuable time testing and
troubleshooting their applications by earning the logo
before you make the purchase decision,” he notes.
“Especially in times of economic pressure, anything you
can do to ensure a more predictable experience has the
potential to yield efficiencies of scale over time. Asking
for the logo in an RFP is the easiest way to let ISVs
know you care about technical quality, and if they
want your business, they should be able to prove their
application’s quality upfront.” •—
0509red_MSSupp_F2Test_11-15.v7
3/27/09
3:13 PM
Page 11
WINDOWS SERVER SOFTWARE TESTING
Mitigate Frustration and Save Time with
Free, Downloadable Test Tools
that Assess Software Technical Quality
Tools intended to help ISVs achieve software certification can help
IT pros save hundreds of hours and avoid bad software investments.
Best of all, they’re free and ready for download. By Peter Varhol
IT professionals rarely have the
resources to test applications as
thoroughly as they’d prefer prior to
deploying mission-critical applications
on production servers—and discovering
technical issues after-the-fact only adds
complexity and urgency to the time-consuming process of troubleshooting and
resolving problems.
As a result, any test tools that can help
IT pros evaluate applications systematically and quickly—in exacting detail—
could save hundreds or even thousands
of hours testing, deploying and supporting the application over its life span on
the server, not to mention helping steer
clear of problematic applications before
the actual purchase decision.
It’s even better when those test tools
are free, readily available for download
and relatively simple to use.
Microsoft developed several interesting
tools to make Windows Server 2008
software certification more achievable
for independent software vendors (ISVs) by helping
developers incorporate certification test requirements into
their build and test cycles before submitting the application for certification testing by an independent test lab.
Yet the Windows Server Software Certification Toolkit
potentially has far greater value for IT professionals, such as:
• Determining an application’s impact on the server
environment.
• Predicting how applications will behave under load.
• Systematically detecting security vulnerabilities.
• Assessing an application’s basic compatibility with
the OS.
• Troubleshooting an application’s unpredictable
behavior while awaiting ISV support.
• Guiding in-house or custom application developers
toward a technical bar.
• Augmenting in-house evaluation before a software
purchase decision.
• Gaining familiarity with certification test cases to
understand what’s already been tested in a logoed
application.
Whether you’re assessing an in-house application or
non-certified commercial software, the following tools
expand your arsenal for predicting an application’s behavior in a Windows Server 2008 and/or R2 environment.
Windows Server Software
Certification Toolkit
The Software Certification Toolkit can be freely downloaded on the Microsoft site at www.innovateon.com/
pageLayout.aspx?pageID=WinServer_Test_CertifiedFor.
This kit includes detailed instructions on how to replicate these tests in any server environment, as well as ways
to capture the results and make assessments as to the
ability of an application to safely fit into the existing server
infrastructure.
3/27/09
3:13 PM
Page 12
Figure 1. The Windows Server 2008 Certification Tool provides an environment for understanding certification testing
and beginning a certification process.
The heart of the toolkit is the Certification Tool (see
Figure 1), which helps IT professionals delineate and understand the tests, determine how to begin, set up the application and test environment, record the results, and provide a
summary of test results for easy inspection and analysis. It
also provides links to external technical resources for additional information on the certification process, running
certification tests and interpreting the results.
The Certification Toolkit is installed onto a desktop
system and can be connected to a SQL Server database and
target server across the network. It drives the testing on the
server and saves the results to the database. Installation and
setup with the database and server take only a few minutes.
Testing Against Certification Requirements
An IT group might begin a test series on an existing or
prospective application with the Certification Tool by
creating a new certification test record (see Figure 2,
opposite page). Once created, the new record serves as a
repository and summary for a round of tests designed to
assess one or more certification requirements.
The entire certification test suite covers approximately
100 test cases, involving fundamental operation, installation and removal, security, reliability and high availability,
client components, and Hyper-V virtual machine compatibility. These tests are delineated in the Certification Tool,
and can largely be run through that tool. In some cases,
they are run with the assistance of external tools, with the
Certification Tool monitoring and recording the results.
Once certain tools are installed for automated tests,
you’re ready to begin testing. The right-hand tabs explain
the prerequisites for each test, and detailed instructions for
executing those tests. Any IT person can use this information to configure the tool, run the tests, and record and
analyze the results (see Figure 3, p. 14).
The Certification Tool offers great flexibility in setting up
and executing tests, as well as in analyzing the results. An IT
group can determine which tests it wants to run and
execute only those tests. The IT group can also set up the
tool to work with different types of external tests, depending
on the requirements of the individual test.
An IT group can also change the order in which the tests
are run. By default, when you start a new certification, these
tests are presented to you by each pillar of quality they’re
designed to target. While this might help the IT group
understand the test, it might not be the best order to execute
the tests, depending on the type of application and testing
environment. The IT group can create custom views in order
of execution of tests that best suits their application type.
‘Before and After’ Application
Impact on the Server
One of the biggest problems with server applications is not
knowing what changes those applications are making to
that server. Given the complexity of the Windows Registry, and the potential for changes and additions to servic-
3/27/09
3:13 PM
Page 13
Figure 2. The Certification Tool describes in detail how to prepare an application for testing.
es and drivers, it’s almost impossible for an IT professional
to understand all of the implications to a server or server
farm from the installation of an application.
Why is this important? Changes to the Registry have
the potential to make a system less stable, depending on
the number and impact of those changes. Registry
changes or service additions may also open a system to
security violations. Yet by their very complexity and
obscurity, these changes aren’t usually identified and
tracked by IT groups.
In response, Microsoft provides the System State Analyzer.
This tool compares the state of your server both before and
after the installation of an application, and lists what has
changed the installation. Using this tool, an IT group can
record and track changes to the system configuration due
to the installation of a new application (see Figure 4).
For new enterprise applications, the System State Analyzer
lets an IT group examine the impact of a new application
before the purchase decision, and compare that impact to
standards established on server configurations. As an
added benefit, IT groups can also use this tool to gauge
the impact of custom internal applications on their server
environments.
The System State Analyzer is also an essential tool in
running certain certification tests because it lets IT professionals know if the installation complies with the Windows
Server logo requirements. Second, it shows them precisely
how the server configuration has changed.
Among the tests that require the use of the System State
Analyzer for comparison purposes are many of the
installer/remove tests and a number of the security tests. In
these tests, it provides a means of ensuring that installation
didn’t change the configuration in ways that it wasn’t
supposed to, and especially in ways that may have opened
security holes.
Testing Application Behavior Under Stress
A second tool provided with the Certification Toolkit is
Loadgen, a load generator that provides a platform for
generating stress on a server and the running application.
The primary purpose of Loadgen is to stress a target
computer to a desired period of time. For the purposes of
the logo certification program, Loadgen is required to be
running for a continuous 48-hour period. During this
48-hour period, the application must be tested through
either automated tests or manual tests on the same
computer. These tests must exercise the full primary functionality of the application in order to get a complete picture of its behavior on a stressed system.
Loadgen is launched from the command line of the
administrative workstation with the following parameters:
loadgen.exe -config:LogoStress.xml -NonHCT:1 NoWTTLog -sut:<MachineName> user:<Domain\User> -pwd:<Password>
3/27/09
3:13 PM
Page 14
The LogoStress.xml file provides configuration information that is used by the tool in order to set up and execute
properly.
In addition to the tools provided with the Certification
Toolkit, other external Microsoft tools and utilities are
required as a part of the certification process, including the
App Verifier, Driver Verifier, Windows Defender and
Regedit. These tools are easy to use and readily available
within the Certification Tool.
‘Works With’ Compatibility Test Tool
Another Microsoft software certification test tool determines whether a server application is basically compatible, or
“Works With” Windows Server 2008 or R2. The “Works
With” Tool is included in the Software Certification Toolkit.
This automated tool will help IT professionals quickly determine if a prospective application has at least a baseline compatibility with Windows Server 2008.
The tool is both fast and explicit: IT professionals can
expect to get results within 45 minutes to four hours,
depending upon application complexity. Any pieces of the
application, such as installation, primary functionality,
drivers and so on, that do not meet baseline compatibility
will be flagged for further investigation.
The Works With Tool enables IT professionals to identify
possible compatibility issues in installation, use and
removal of server applications that they’re investigating. In
this manner, IT groups can easily determine if an applica-
tion can behave in a manner expected by the operating system and the user environment. This provides a fast analysis
on any new or prospective application, either being considered for purchase or developed by an internal development group.
The tool looks for a number of different characteristics,
such as the ability of an application to run in a 64-bit
environment, whether it follows best practices in security
and reliability, is compatible with antivirus software and
uses only signed drivers. It also looks for best practices in
application installation and removal, and the ability to
perform its primary user functions in a predictable and
stable manner.
Using the Windows Server 2008 Works With Tool is
simple and straightforward. First, you start the wizard,
and click through to choose whether to start a new
test, resume a test, review test results or create a new
submission package. While an IT group typically will
not choose create a new submission package, an ISV
doing so will generate a submission package that it could
send to a Microsoft-authorized test vendor for review
and approval.
An IT group is more likely to start a new test or review
test results. If it decides to start a new test, it will fill out
application information on the screen shown in Figure 1
(p. 12), and select a test sequence to perform. Once selected
and initiated, the tests perform in an almost entirely automated fashion. The group can then use the tool to review
Figure 3. The Windows Server 2008 Certification Tool provides step-by-step instructions on how to execute a test, and
what results constitute successful completion of the test.
3/27/09
the results and determine if there are
specific areas that require further
investigation.
The Works With Windows Server
2008 Tool enables IT groups to make
a fast assessment on whether or not a
new application is going to run in
their enterprise environments. If this
is a commercial application that has
already received Works With
certification, IT groups can quickly
confirm that rating as a part of their
due diligence. If the application was
developed internally, IT can work
with the application developers to
better understand the requirements
of the target operating system.
In either case, the Works With Tool
can be a valuable addition to the testing
that IT professionals perform on new
applications. Its speed and ease of use
make it one of the first areas of testing
an enterprise IT group should consider
during evaluation of a new application
(see Figure 5).
3:13 PM
Page 15
Figure 4. The System State Analyzer provides an easy way to compare the state
of a Windows Server 2008 system both before and after application installation.
Ongoing Value
for Enterprise IT
Of course, the easiest way to save
time and accelerate testing is to ask
ISVs to certify their software
applications before you will consider
deploying their solutions in your
environment.
When that’s not an option, the free
Windows Server 2008 certification test
tools offer IT users a baseline for a
more complete testing regimen to
accelerate testing and focus on areas
most critical to their unique needs.
Enthusiasts will discover a range of
scenarios where these tools are helpful,
such as:
• Considering a migration and
Figure 5. The Works With Windows Server 2008 Tool enables IT groups to set
assessing how your current
up a test to look at such factors as application prerequisites, install and uninstall
solutions will perform on
processes, and primary functionality.
Windows Server 2008 and/or
Windows Server 2008 R2.
• Evaluating a non-certified solution for your Windows
• Troubleshooting non-certified applications that are
Server 2008 and/or R2 environment and you want to
demonstrating unpredictable behavior in the Windows
make sure it’s compatible.
Server 2008 and/or R2 environment.
• Holding custom app development upgrade projects to a
The result is quicker evaluation of the application as
standard technical bar for reliability, security, availability,
well as more rapid and trouble-free deployment into the
stability and basic compatibility with Windows Server
production environment, saving both time and money in
2008 and/or R2.
the process. •
0509red_MSSupp_F3Tales_16-17.v7
3/27/09
3:17 PM
Page 16
WHAT BREAKS?
Tales from the Test Labs
Application Failures Revealed in
Windows Server 2008 Certification Testing
Enterprise users asked what happens behind the scenes of
Windows Server software certification, and Microsoft’s two
authorized test vendors share the good, the bad and the “buggy.”
T professionals are always going to test
applications before deployment on a network.
Why should they care whether an application has
been certified or not?
Craig Bean, Certification Technical Account Manager,
Lionbridge Technologies Inc.: When we test an app for
certification, the ISV has to fix the issues we uncover. Even
if a customer were to test it, are they going to have leverage to force the ISV to fix it? Unless you’re part of a very
large account, customers could test and find an issue with a
noncertified app and report it to the ISV, with no guarantee that the ISV is ever going to fix it. How many customer complaints would it take before they take notice?
We try to connect with ISVs during the build process,
when it’s efficient for the ISV to fix the problem, rather than
going back through the code after every customer issue. If
you deploy non-certified software, you need to evaluate how
important that entire machine is to your business, because
you just don’t know what’s going to happen.
How much time goes into testing each app?
Vijay Satyavolu, Certification Program Manager,
Wipro Ltd.: Usually we deploy a tester on an application
for one to two weeks, or 50 to 80 man-hours, minimum. In
one case we had a tester who was involved in ongoing
testing of an app for six months while we worked with the
ISV to track down a problem. If that problem had shipped
with the code, there is no way to predict how it would have
affected customers under the right circumstances—but it
would have taken just as long to figure out!
Do certain types of apps tend to fail certain tests?
Lionbridge: Install issues are some of the most common
sources of application interoperability problems and
they’re the most common fail criteria we find. 60 to 70
percent of the failures are in this area. The checks we
perform help ensure installations are properly implemented
so administrators can install and run applications without
requiring complex procedures, compatibility or versioning
issues, or system instability.
We see a lot of older applications failing over new
requirements like manifesting and signing files. Properly
manifested executables that use least-privileged user
accounts are fundamental to Windows security. Digital
signatures help customers determine who created the
package and detect any tampering. Without the identity
and integrity information in a digital signature, a software
customer cannot make an informed decision about
whether to install or run the software.
It used to be common for developers to include a reboot
request during install/uninstall, even if it wasn’t necessary.
With the new certification requirement around reboots,
we have seen a drastic reduction in the number of applications now requesting restarts—easily 50 percent fewer. I
believe the certification requirements led developers to
look closer at reboots and to recognize what a danger and
menace they are to a production environment. With
certified applications, only valid restarts are allowed and
the restart must be done in the proper manner.
Are some ISVs better informed about test standards
than others? Do many ISVs perform their “certification
homework” beforehand?
Wipro: Preparations are not as comprehensive or as
thorough as customers might wish to believe. There are a
few ISVs that really work hard before they submit for
certification—several midsize apps have undergone
thorough testing and submit their stress-test logs—but
nearly all ISVs fail several test cases and must rework the
application before proceeding.
Most software vendors haven’t gone through the certification framework properly. The test cases are detailed
0509red_MSSupp_F3Tales_16-17.v7
3/27/09
3:17 PM
Page 17
enough, but the ISVs haven’t done enough testing in-house
before they submit for certification testing. Most ISVs are
not even aware of the stress testing requirement and why it
is important to their customers, or how to use the Loadgen
tool to simulate a low-resource environment. Many times,
ISVs have no knowledge about the process of signing
drivers through WHQL [Windows Hardware Quality
Lab], and so drivers related to those test cases have failed.
What’s the most interesting issue you’ve encountered?
Lionbridge: In one case, the AppVerifier.exe tool caught a
failure on a memory test, which helped the ISV realize that
a developer had left debug code running inside the app—
and the ISV was ready to ship the code. If we hadn’t caught
the issue, under the right circumstances, the thing could
throw an app error, crash or hang. It would have been a
random, arbitrary situation, but it would have created a lot
of head-scratching and troubleshooting hassles for the
customer. Many ISVs have the same people doing both
the developing and the testing—but developers are not as
likely to catch their own bugs. Certification testing is done
by a third-party independent lab, so we provide an extra
QA pass—not just ad hoc testing. When we say it’s certified, it’s ready for the market.
What are the risks of deploying non-certified software?
Wipro: Apps may not perform as expected. The ISV
might not have done enough stress testing, which
means unpredictable behavior when running without
sufficient resources. The application will almost certainly
encounter security-related problems. If deployed in a
global network, it may not work well in other languages.
Without all the files properly signed, there’s a high chance
of crashing. If you deploy non-certified software, these are
just issues that the customer has to accept and hope that
the ISV will fix at some point in the future.
How many apps fail on the first test pass?
Lionbridge: I would say 85 to 90 percent of apps would
fail unless heavily pretested by us or by them, or unless it’s
a very light app with minimal components, like a Web
browser and database. But if you pull 10 non-certified apps
off the shelf and ran them through testing, I would say all
10 would fail. It’s not at all uncommon for ISVs to think
they’re ready and we find something that fails.
What are the most important test cases to IT pros?
Wipro: A major benefit to the customer is stress testing. ISVs
use Loadgen to do the testing and give us the logs, which
we will check for memory issues, CPUs, how the build
recovered, how fast it recovered and so forth. Checking
these scenarios definitely helps ISVs and customers know
about the performance of the applications under load.
The clustering test cases are also very useful. We will
check that the app is handled by the cluster server if any-
“We provide an
extra QA pass—not
just ad hoc testing.
When we say it’s
certified, it’s ready
for the market.”
Craig Bean
Certification Technical
Account Manager,
Lionbridge Technologies Inc.
“Most ISVs haven’t
gone through
the certification
framework properly.
Nearly all ISVs fail
and must rework
the application.”
Vijay Satyavolu
Certification Program Manager,
Wipro Ltd.
thing fails in the main server—is it robust enough to handle
failures so that the application won’t lose any data? Also,
the security-related test cases are very important. We verify
that only approved people can log into the system. We check
that the application doesn’t install any malware or
spyware, and that the application functions on a server with
anti-virus software running continuously throughout testing.
How can a customer mitigate the risks of deploying
non-certified software?
Lionbridge: If the application contains any drivers, I
would personally make sure that the drivers have gone
through WHQL and are properly tested, and that the app
uses the Windows Installer Technology. Also, if I didn’t
know whether or not the app is a good citizen, I would
check out the ISV’s product support and try to find out
what others experienced through message boards and
forums. Ambitious customers could also run the “Works
With” tool to get a base read on compatibility.
Considering all the partner benefits from Microsoft, I don’t
understand why an ISV would not certify a Windows Server
app. Customers are automatically going to want the one with
the seal of approval on it. Through the certification process,
we have the means to have the ISVs correct their apps, which
is not true for the end user who discovers an issue after the
purchase. Customers should be leveraging their buying
power to demand certification and thereby steer the ISV
community to deliver superior quality. •—
Project1
3/27/09
2:07 PM
Page 1
0509red_RedReport13-14.v4
4/13/09
11:47 AM
Page 13
RedmondReport
Mixed Views on Cisco’s Server Play
The networking giant won’t necessarily storm into the server space, observers say.
By Keith Ward and Lee Pender
isco Systems Inc. built an empire
in the networking space, but
experts say there’s no guarantee
the company will conquer the server
market as easily.
The IT industry’s leading supplier of
routers and other networking hardware
revealed in March that it’s expanding its
offerings to include blade servers as part
of a comprehensive push into the whitehot world of virtualization. The blade
server architecture is one part of the
Cisco Unified Computing System
(UCS), which also includes networking
and storage-management capabilities.
Cisco envisions an end-to-end data center
solution, with virtualization technology
underpinning the infrastructure.
However, at least initially, the company
is only making blade servers. Its offering
includes the Cisco UCS 5100 Series
Blade Server Chassis, which supports up
to eight blade servers. Those servers will
be Cisco UCS B-Series Blade Servers
outfitted with Intel’s Xeon processors.
Other products in the line include fabric
extenders, switches and network adapters.
All of those components can be virtualized, which will give the system a great
deal of flexibility and scalability.
The networking titan has put in place
partnership deals with a number of giant
hardware and software vendors, including
Microsoft, VMware Inc., NetApp Inc.,
BMC Software Inc., Red Hat Inc., EMC
Corp., Novell and others.
C
Lukewarm Reaction
Cisco’s server play might have been big
news, but it didn’t prompt many positive
responses from Redmond readers. “[I’m]
very satisfied with Dell, particularly their
support,” says Reed Reynolds, an MIS
administrator. “Cisco support doesn’t
come close. Given past experiences with
Cisco training and router systems, well,
Dell is better.”
One analyst echoes Reynolds’s sentiments. Kusnetzky Group LLC analyst
Dan Kusnetzky has questions about
Cisco’s announcement and how it will
compete with server incumbents Dell
Inc., Hewlett-Packard Co. and IBM
Corp. In a blog entry, he writes:
“Dell, HP and IBM each have a track
record supporting customers in increasingly complex environments. This
means having relationships with all of
the suppliers of operating systems,
application frameworks, applications,
Knowing Cisco’s pricing,
however, I have to wonder
how competitive they’ll be
in the server market.
Scott Youlden, Assistant VP and
Information Technology Officer,
Clinton Savings Bank
security software, management tools
and virtualization technology. At this
point, Cisco doesn’t have a portfolio of
products, services, partnerships and
alliances that comes close to those
fielded by HP or IBM.”
Redmond reader Scott Youlden, assistant vice president and information
technology officer at Clinton Savings
Bank in Clinton, Mass., suggests that
Cisco might be looking to boost other
areas of its product line through its
entry into the server market. “This is an
avenue for them to sell their own servers
for voice systems rather than HP, which
they use now,” Youlden says. “I can see
them offering a package of X number of
blade servers, all encased in a nice, neat,
single cage for a complete solution, at
least for small and midsize businesses.
“Hopefully they’ll also get to the point
of offering virtualized solutions for their
voice systems, thus eliminating the herd
of physical servers that are now required,”
he adds. “Knowing Cisco’s pricing, however, I have to wonder how competitive
they’ll be in the server market.”
Analysts Weigh In
Burton Group analyst Chris Wolf, who
specializes in virtualization, says Cisco
“has a good product,” but notes that he’s
not sure how quick uptake will be. “It
might take time to penetrate enterprises
... and the server market,” Wolf says.
The announcement is further proof of
the skyrocketing popularity of virtualization, which many in the industry
believe will thrive in the current economic environment, given its proven
and quick return on investment.
UCS will be offered with hypervisors
and management platforms from both
VMware (with vSphere, formerly known
as Virtual Datacenter Operating System,
or VDC-OS) and Microsoft (with
Hyper-V and System Center Virtual
Machine Manager).
Wolf believes Cisco’s hardware products are strong right out of the gate, and
should garner interest from businesses.
“I think the blade is a good way to get
started. You need high I/O, and the Cisco
chassis provides that as well,” he says.
Wolf goes even further, claiming the
Cisco strategy is another nail in the coffin
of traditional data center computing.
“The days of building a server platform
to run one app are over,” he says.
Keith Ward is editor of Virtualization
Review magazine. Lee Pender is executive
editor of Redmond magazine and editor of
the Redmond Channel Partner Update
newsletter. Redmond Editor in Chief Doug
Barney contributed to this story.
| Redmondmag.com | Redmond | May 2009 | 13
0509red_RedReport13-14.v4
4/13/09
11:47 AM
Page 14
RedmondReport
Microsoft’s Open Source White Paper
Microsoft’s “Perspectives”—on its relationship with the open source world—
creates confusion by being pragmatic in some places and too friendly in others.
By Lee Pender
ike many large and powerful
organizations, Microsoft as an
institution can say a lot without
actually saying much at all. In March,
the company released a white paper on
its relationship with open source. The
bulk of the paper seems like a fair
assessment of where Microsoft stands
vis-à-vis the open source movement,
but some of the content at the document’s fringes further clouds—rather
than clarifies—the company’s position
on open source software (OSS).
As Mary Jo Foley points out in her
column this month (“For Microsoft,
‘Open’ Is the Hardest Word,” p. 72),
“Participation in a World of Choice:
Perspectives on Open Source and
Microsoft” has the feel of a document
that’s been decimated by lawyers—and
a Microsoft spokesperson told Redmond
that the paper was more than a year in
the making. (Incidentally, the executive
who authored the paper left Microsoft
shortly after its publication to take a
job outside the software industry.)
L
Open Source Olive Branch?
Given Microsoft’s often-hostile attitude
toward open source—the company has
famously saber-rattled in recent years
about open source breaking hundreds
of Microsoft patents—the document is
surprisingly conciliatory.
In fact, it’s downright complimentary
of open source in many passages,
while subtly bashing it in others. And
it contains some nuggets that, while
not terribly specific, reveal that
Microsoft might be softening its
stance concerning OSS. For instance,
the introduction notes that “OSS may
complement Microsoft technologies,
or even become a core part of
Microsoft product group business and
technical strategy.”
Far from suggesting that Microsoft is
out to destroy open source, that
phrase, while suitably vague, suggests
that Microsoft is considering making
OSS a critical part of some of its
products. That could signal a fairly
significant strategy shift for a company
that has long flown the flag of proprietary software and strict control of
intellectual property (IP).
The word “patent,” in fact, appears
only one time in the paper, in a brief
Given Microsoft’s oftenhostile attitude toward open
source, the document is
surprisingly conciliatory.
reference to Microsoft’s Patent Pledge
for Open Source Developers, which
deals with patent relief for noncommercial development. There is,
however, a reference to “[m]ore than
500 IP agreements with companies …
including companies building their
businesses around OSS.” The fact that
Microsoft cites those deals—which,
presumably, include deals like the Novell
SuSE Linux patent agreement—as an
example of its openness might raise a
few eyebrows among OSS fans.
Still, the meat of the paper makes a
strong case for Microsoft as a company
not hostile to open source. Rather,
Redmond is portrayed as willing, and
needing, to compete with OSS, but
also willing in some cases to work with
it and embrace some of its concepts.
The document cites projects such as
CodePlex—a Microsoft open source
hosting site—and mentions contributions by Microsoft engineers to OSS
applications. Also mentioned is System
Center Operations Manager’s use of
OpenPegasus—an OSS technology—
to interoperate with Unix and Linux.
Those are all fair examples of Microsoft’s
pragmatic, if awkward, relationship
with open source.
Hidden Digs
The document cites the publishing of
thousands of APIs as part of the
company’s commitment to an “open
ecosystem.” It does not, however, mention the regulatory problems and huge
fines the company ran into for not
publishing certain APIs in the past.
Additionally, the paper takes time to
pitch Windows Server’s advantages
over Linux alternatives and throw
subtle jabs at OSS, such as: “Volunteer
developers are highly motivated ...
[while] tasks such as security debugging
are more likely to require payment or
incentives to developers.” It’s not necessarily an inaccurate statement, but it
still leaves the takeaway that lots of
OSS is buggy.
The heart of “Perspectives” presents a
mostly fair and fairly thoughtful picture
of the relationship between Microsoft
and the open source world, even if
there aren’t too many specifics. It’s not
too patronizing of open source but also
not too harsh on the concept. But the
trimmings at the paper’s outset and
close suggest that Microsoft sees
itself—or wants to see itself—as much
more a part of the open source community than it really is.
Microsoft remains what it is, and what
it should be: a company that makes
buckets of money off of sales of proprietary software. In “Perspectives,”
Microsoft transparently tries too hard
to be “cool” about open source and
misses the mark. With its inconsistencies,
instead of offering a clearer perspective
on Microsoft’s stance on open source,
“Perspectives” manages to leave an
even cloudier one.
Project1
2/9/09
11:44 AM
Page 1
We’ll Free You From
The Tedious IT Tasks.
You Work On Your
Mid-Field Defense.
Want to automate your day-to-day enterprise IT tasks? Get Kaseya.
It’s like having hundreds of brilliant new service techs who never need to sleep, go
to lunch or get paid. Kaseya provides a unified set of tools that proactively monitor,
manage and control IT assets remotely, easily and efficiently. You can host Kaseya
on your server or we can host it for you. We can also staff and deliver your NOC
and monitoring services. Provision your IT Department with Kaseya and enjoy the
freedom to pursue more strategic (or sporting) projects. Try it FREE for 30 days.
©2009 Kaseya. All rights reserved. Kaseya and the Kaseya logo are either registered trademark or trademarks
of Kaseya International Limited in the United States and/or other countries worldwide.
(888)530-9677 • www.kaseya.com
0509red_T&T16-17.v4
4/13/09
11:45 AM
Page 16
MCPmag.com’s
Tips&Tricks
Professor PowerShell
Windows Advisor
Provider Peek
Dots Before
My Eyes
PSDrives work like real drives, only differently. Here’s how to work
with these PSProviders in PowerShell.
By Jeffery Hicks
ou’re probably familiar with PSDrives in
PowerShell. These “drives” usually present
hierarchical systems, like the registry, as
any other drive that you can navigate using
common commands like DIR:
Y
PS C:\> dir hklm:\system\currentcon
trolset\services\spooler
The element that makes this possible is
referred to as a PSProvider. PSProviders are
bundled with PowerShell snap-ins and installed
by default when you load the snap-in. When you run the Get-PSDrive
cmdlet, you’ll see all mapped PSDrives.
Notice the Provider column? What are these things? To answer that
question, we’ll use a cmdlet called Get-PSProvider:
Cursors turning to dots, weird
keyboard behavior ... what’s going
on with Hyper-V?
By Zubair Alexander
Q. I usually use Remote Desktop Connection
(RDC) to connect to Windows Server 2008
running Hyper-V. I then connect to a virtual
machine (VM) from inside the Hyper-V Manager.
One day, when I started my VM session, I
noticed that my mouse cursor had turned into a
dot. I’ve tried to change the mouse cursor and
even rebooted the VM, but nothing seems to
bring back my arrow cursor. Could one of the
patches I installed have caused this problem?
PS C:\> get-psprovider
This cmdlet will show all currently loaded PSProviders. If you have a
snap-in installed but not currently loaded into your PowerShell session, you
won’t see any PSProviders included in that snap-in until you load it. Or you
can look at the details for a specific provider:
PS C:\> get-psprovider registry | select *
ImplementingType : Microsoft.PowerShell.Commands.RegistryProvider
HelpFile : System.Management.Automation.dll-Help.xml
Name : Registry
PSSnapIn : Microsoft.PowerShell.Core
Description :
Capabilities : ShouldProcess
Home :
Drives : {HKLM, HKCU}
The most important information that Get-PSProvider supplies is the
provider’s capabilities. As you work with cmdlets like Get-ChildItem, you’ll
notice that they may behave differently based on the PSDrive. For example,
continued on opposite page
Pop Quiz
High Availability (Exam 70-652)
By Andy Barkl
Question: Which of the following must be completed prior to providing high
availability of virtual machines (VMs)? (choose all that apply)
a. Virtual Server
b. Install Failover Clustering
c. Install Hyper-V
d. Install Virtual PC
answer on opposite page
A. When you use Hyper-V Manager to
connect to a VM, the connection to the VM is
provided by Virtual Machine Connection. This
is true whether you physically log in to the
console of a server running Hyper-V and then
connect to the VM from Hyper-V Manager, or
use an RDC to the server running Hyper-V,
which is much like you do.
You should know that Microsoft doesn’t
support the Virtual Machine Connection within
an RDC session. That’s why you may experience a lack of mouse functionality and erratic
keyboard behavior. Note that I said “may”—it
doesn’t happen all the time. You might use
RDC for a long time and not experience any
problems at all, until one day when you suddenly encounter problems with your mouse or
keyboard. There’s really no consistency in this
behavior. I’ve noticed that when I use RDC like
continued on opposite page
0509red_T&T16-17.v4
4/13/09
11:45 AM
Page 17
MCPmag.com’s
Tips&Tricks
Windows Advisor
continued from opposite page
you do, one of my VMs turns the cursor into a dot while the other
one works just fine.
A simple solution is to avoid using Virtual Machine Connection within
an RDC session. In other words, do one of the following:
• Don’t use RDC to connect to the server running Hyper-V that’s
hosting the VM; instead, connect to the VM directly using RDC. I prefer
this method.
• Instead of using RDC to connect to the server running Hyper-V, log in
to the physical console of the server running Hyper-V (the RDC console
session isn’t good enough). You can then use Virtual Machine
Connection to connect to the VM like you usually do.
• Install Virtual Machine Connection on a Windows Server 2008 or
Windows Vista Service Pack 1 computer and then connect to the VM
using a Virtual Machine Connection session.
you can use the -filter parameter when searching a local
drive, but not when searching the registry; you’ll get an
error message that filtering isn’t supported. If you look
at the capabilities of the Registry PSProvider, you’ll
notice that Filter is not included. It’s up to the provider
developer to decide what capabilities to include.
As you’re exposed to new PowerShell snap-ins and
even PowerShell 2.0, you’ll see additional PSProviders
with some very snazzy capabilities. But remember that
even though a PSProvider offers a particular capability,
it’s up to the cmdlets you use to take advantage of them.
Answer
A, B, C.
The Failover Clustering and Hyper-V roles must be
installed prior to using the Create Cluster Wizard to
provide high availability of VMs.
There are four basic steps to provide for high availability
of VMs: install Failover Clustering and Hyper-V role on
each physical server; use the Create Cluster Wizard to
create a failover cluster; use the New Virtual Machine
Wizard to create VMs; and use the High Availability
Wizard to make each VM highly available.
Tip: Make sure that you create the VMs in a new folder
and choose a storage location that will be accessible to all
the servers in the cluster.
Tech Reference: TechNet, “Checklist: Configure Virtual
Machines for High Availability” (http://tinyurl.com/cn9hlf)
Windows Server
Adrift
A reader wants to know why his server’s Application
Log is awash in Event ID 1054 errors.
By Zubair Alexander
Q. Our domain controller has 4GB of RAM and an AMD
Opteron dual-core processor, and we’re running Windows
Server 2003 Enterprise Edition. The Application Log on the
server has numerous errors with Event ID 1054. The source
of the error is Userenv, and the error is logged in the Event
Viewer every five minutes. The error states the following:
Windows cannot obtain the domain controller name for your
computer network. (An unexpected network error occurred.)
Group Policy processing aborted.
We’re experiencing several network-performance issues.
How do I get rid of this error?
A. This is a known issue with AMD dual-core processors.
Each processor on a dual-core or multiprocessor system has
a time-stamp counter. When these counters for different
processors are out of sync, you get what’s known as a timestamp counter drift. When that happens, you’re likely to
experience problems with your network communications
and performance monitoring. On domain controllers, the
error you described is a typical error.
As a workaround, use the PM_timer instead of the time-stamp
counter. If you’re using Service Pack 2 (SP2), Windows
Server 2003 uses PM_timer automatically. If you aren’t using
SP2, you can use the /usepmtimer switch in the boot.ini to
force AMD processors to use it.
According to Microsoft, the problem with the AMD
chipset is that it doesn’t always accurately determine
whether to use the PM_timer or the time-stamp counter.
Microsoft also says that if you have SP2, you don’t need to
add the /usepmtimer switch.
However, I’ve noticed the error you described on computers
that have SP2 installed. I should also point out that
Microsoft’s Knowledge Base article 938448 says that this
issue is related to AMD Opteron processors, but you may
experience this problem on AMD dual-core Athlon processors as well. —
[email protected]
Check out MCPmag.com's column archive for more savvy
tips and tricks from Jeff Hicks, Andy Barkl, Zubair
Alexander, Eric Johnson and other frequent contributors.
FindIT code: MCPmagTips
0509red_ProdRev18-21.v8
4/13/09
2:16 PM
Page 18
ProductReviews
DR in a Box
PlateSpin Forge offers peace of mind at a reasonable price.
By Rick Vanover
irtualization offers big advantages over the physical world in a
key area of IT: disaster recovery
(DR). Not having to exactly duplicate
your mission-critical hardware setup in
an offsite location can result in huge
cost savings.
One of virtualization’s pioneering vendors, PlateSpin (now owned by Novell),
has released a DR product worthy of
your attention. PlateSpin Forge is a
hardware appliance that can protect your
critical data and make it recoverable with
a speed that belies its reasonable cost.
V
PlateSpin Forge
Starts at $29,995
Novell | 877-528-3774 | www.platespin.com
Protected Workloads
PlateSpin Forge manages server
workloads—here defined as a server’s
data, applications and OS—for physical
as well as virtual systems. The base version covers 10 systems; it can scale up
to 25 per appliance. Once these systems
are identified, PlateSpin Forge allows
this protected workload to exist in a
standby virtual environment. The goal
of this protected workload is to be a
portable object, because PlateSpin
Forge offers failover and failback features that can permit the workload to
be moved between environments with
minimal effort and downtime.
The workloads are selected Windows
systems that are kept up-to-date on the
appliance. There are three configuration methods for this:
• A file-based transfer mechanism
• Use of Volume Shadow Copy Service
• A block-level replication transfer (this
is the preferred method)
How It Works
PlateSpin Forge is delivered with one
management virtual machine (VM) that
provides the Web management interface
and controls the appliance. The appli-
Figure 1. Different PlateSpin Forge workloads are shown with their replication
schedule to provide a quick look at their status.
ance is based on ESX 3.5 from VMware
Inc. All of the workload protection
options will have a corresponding VM
on the PlateSpin Forge appliance
running in a Windows Preinstallation
Environment, and interacting with the
protected system on a schedule configured in the management interface.
Once the system is put into the protection schedule, an initial replication is
started. After that point, the workload can
be configured into the desired “protection tier.” This tier determines how an
organization’s recovery point objectives
(RPOs) are to be met. PlateSpin Forge
can go as tight as hourly on a workload’s
replication schedule, making a one-hour
RPO. The recovery time is fairly quick—
approximately 15 minutes—making the
recovery time objective (RTO) quite
appealing for the number of protected
workloads on the system.
Figure 1 shows five protected workloads with different protection tiers within
the Web-based management interface.
Once the workloads are loaded into
the protection tier, the management
VM provides good information to make
ongoing decisions about them. Specifically, most admins will have questions
related to the corresponding network
traffic. While PlateSpin Forge can’t
make the network magically work better,
it can provide detailed information on
what occurs during a replication, including
how long it takes and the amount of data
that makes up the incremental updates.
The incremental updates occur on the
protection tier schedule, and will vary
widely by workload. Figure 2 (p. 20)
shows the replication window report.
Server Failed: Now What?
When a server fails, PlateSpin Forge
takes control and brokers the next steps,
based on administrator input. It can be
configured to send e-mails with actionable responses to a smartphone, e-mail
address or the management Web page.
Once the failover is initiated, PlateSpin
Project3
4/3/09
10:40 AM
Page 1
HIGHER PERFORMANCE SHOULDN’T
WASTE YOUR ENERGY.
Get the high-performance servers your company needs without having to worry about rising energy
costs. Introducing the IBM® System x3650™ M2 Express, with blazing fast, ultra-energy-efficient Intel®
Xeon® 5500 processors and the IBM Systems Director Active Energy Manager,™ designed to monitor
energy consumption, so you can better plan your energy usage and manage operating costs.
BUNDLE AND SAVE
Act now. Available through
IBM Business Partners.
ibm.com/systems/knowyourenergy
1 866-872-3902 (mention 6N8AH16A)
IBM SYSTEM X3650™ M2 EXPRESS
IBM SYSTEM STORAGE™ DS3200™ EXPRESS
$2,029.00
$4,495.00
OR $54/MONTH FOR 36 MONTHS1
OR $119/MONTH FOR 36 MONTHS1
PN: 7947E1U
PN: 172621X
Featuring up to 2 Intel Xeon 5500 processors with speeds up to
2.93 GHz/6.4 GT
External disk storage with 3 Gbps serial attached SCSI (SAS) interface
Easy to deploy and manage with the DS3000 Storage Manager
Energy-efficient design incorporating low 675 W and 92% efficient PS, 6
cooling fans, altimeter
Up to 128 GB via 16 DIMM slots (availability 2Q 2009) of DDR3 memory
with clock frequency up to 1333 MHz
1
IBM Global Financing offerings are provided through IBM Credit LLC in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and government customers. Monthly payments provided are for planning
purposes only and may vary based on your credit and other factors. Lease offer provided is based on an FMV lease of 36 monthly payments. Other restrictions may apply. Rates and offerings are subject to change, extension or withdrawal without
notice. IBM hardware products are manufactured from new parts or new and serviceable used parts. Regardless, our warranty terms apply. For a copy of applicable product warranties, visit www.ibm.com/servers/support/machine_warranties.
IBM makes no representation or warranty regarding third-party products or services. IBM, the IBM logo, IBM Express Advantage, System Storage and System x are registered trademarks or trademarks of International Business Machines
Corporation in the United States and/or other countries. For a complete list of IBM trademarks, see www.ibm.com/legal/copytrade.shtml. Intel, the Intel logo, Xeon and Xeon Inside are trademarks of Intel Corporation in the U.S. and other
countries. All other products may be trademarks or registered trademarks of their respective companies. All prices and savings estimates are subject to change without notice, may vary according to configuration, are based upon IBM’s
estimated retail selling prices as of 3/4/09 and may not include storage, hard drive, operating system or other features. Reseller prices and savings to end users may vary. Products are subject to availability. This document was developed
for offerings in the United States. ©2009 IBM Corporation. All rights reserved.
4/14/09
2:35 PM
Page 20
ProductReviews
Forge brings the VM assigned to that
workload online.
On the networking front, PlateSpin
Forge can configure the VM to have a
new TCP/IP address during the managed failover. When PlateSpin Forge is
located in a remote data center on a separate network, it manages the address
change as part of the failover process, if
required, for the destination network.
For VMs that are built to re-establish all
connections to databases and start
required services, this can make for an
entirely hands-off failover. The entire
failover process takes about 15 minutes
Forge takes managed failback one step
further with the option to restore the
workload to a VM or physical hardware.
PlateSpin Forge allows the failover
procedure to be tested in an isolated
environment, without impacting the
online network. Having a way to test
the failover process by getting specific
time requirements will help admins
meet the defined RTO objectives with
the actual systems protected.
New appliances often raise questions
about supportability, but not in this case.
PlateSpin Forge is built on the Dell
PowerEdge 2950 III server for the
Figure 2. PlateSpin Forge’s traffic report shows the network usage for each protected
workload. This is critically important, as too much replication can swallow a network.
for most workloads, with slight variations for boot time of the guests. It’s
important to note that SysPrep is not
used on the workload failover. Keep that
in mind, as there may be components in
the Windows environment (such as
vendor licensing) that may not function
correctly after a SysPrep task.
Native Failover and Failback
While many products can manage a
failover, PlateSpin Forge has managedfailback functionality that can transfer
the live workload back to the remedied
original system. This is a key differentiator for an organization that may be
considering VMware’s Site Recovery
Manager, which doesn’t yet provide
automated failback (VMware is expected
to add it to a future release). PlateSpin
PlateSpin Forge 510 and 525 models.
For protected workloads, the PlateSpin
Forge 310 and 325 models are built on
the PowerEdge 1950 III. PlateSpin Forge
is supported by Novell, with any equipment exchanges being handled by Dell.
Caveats
While PlateSpin Forge delivers native
functionality that will fit many organizations, it does have some limitations:
• It can’t be used in configurations that
may seem possible based on software and
hardware inventory. Specifically, it can’t
host a VM that’s a member of a cluster
with a node outside the appliance.
• It can’t co-host a VM with another
ESX server to cover a host failure like a
Marathon everRun solution or VMware’s
upcoming fault-tolerance functionality.
• A collection of PlateSpin Forge
appliances can’t function in the clustered
configurations VMware Virtual Infrastructure 3 admins may be familiar with.
• While PlateSpin Forge uses ESX 3.5
as the underlying hypervisor, it can’t be
placed into a configuration to be managed
by vCenter (formerly VirtualCenter).
Instead, it includes a management VM
for all appliance tasks. The ESX Web
interface is available as a separate console, however, for basic tasks related to
host storage management, networking
and PlateSpin Forge performance.
Just the Facts
PlateSpin Forge has four offerings that
offer protection for up to 10 workloads.
The 500 series appliance is a capable
system with dual 2.6GHz quad-core
processors and 2.5TB of local SATA
storage configured as RAID 5. The
base models start with 16GB RAM,
which can be bumped up to a maximum
32GB RAM.
The base prices include the management pieces, the ESX component and
the management VM. PlateSpin Forge
can also connect to an iSCSI or Fibre
Channel SAN for connection to existing
storage systems.
PlateSpin Forge supports the following
OSes: Windows 2000 Server, Windows
2000 Advanced Server, Windows 2003
Server (including x64), Windows 2003
Server R2 (including x64) and Windows
XP Professional (SP2).
PlateSpin Forge is a strong all-in-one
solution that fits into most environments with little configuration and high
functionality with a right-sized cost.
Small and midsize businesses can make a
strong case for PlateSpin Forge; larger
shops may find scaling issues when considering running all workloads in a DR
situation for the core data center, but
may see benefit in the remote or branch
office with a technology footprint. —
Rick Vanover ([email protected]),
MCTS, MCSA, is a systems administrator
for Safelite AutoGlass. He’s a 12-year IT
veteran and online columnist for Redmond’s
sister publication Virtualization Review.
4/14/09
2:35 PM
Page 21
ProductReviews
Free VM Discovery
Embotics’ V-Scout ends the days of tracking your
virtual machines via spreadsheet.
By Brian Mislavsky
preadsheets. At some point, every
system administrator that deals
with a virtualized infrastructure
will have to deal with them: They keep
track of everything in the environment, from guest operating systems to
CPUs to RAM and so on. The issue
with spreadsheets, as most of us know,
is that they need to be manually
updated, which is a chore and not 100
percent reliable.
An alternative to spreadsheets is
writing customized scripts that report
necessary data. Unfortunately, this
usually involves having some sort of
coding background that many system
administrators don’t have, or don’t
have time for.
A third option is to use an application or pre-built appliance, though
these can be rather costly depending
on the size of your environment.
Embotics Corp., a company that specializes in these applications, has
released a free, lightweight version of
their flagship V-Commander product,
called V-Scout.
V-Scout is an agentless tool for
tracking and reporting on virtual
machines (VMs) within a VMware
environment. I installed V-Scout in my
home lab to see what this free product
brought to the table.
S
Installation Experience
The product installed within minutes,
and I was logged in and checking it
out within a few more. Not having to
install a single agent on any of my
hosts made the deployment less
painful. Because V-Scout pulls data
straight from the vCenter database
(vCenter, formerly VirtualCenter, is
the management tool for ESX) almost
all the data that I keep in my spreadsheets was available to me and kept
current automatically.
SAVE ENERGY
WITHOUT
WASTING
YOUR OWN.
With IBM® System x3550™ M2 Express
and the IBM Systems Director Active
Energy Manager™
.
Embotics V-Scout
Free
Embotics Corp.
603-350-0758
www.embotics.com
The predefined reports immediately
gave me a detailed view into my environment: host information, guest OS
information and even the tracking of
VM population trends. These reports
can be kept for later use and regenerated as needed in order to note various
areas of concern over time; some can
even be exported to .CSV files if
incorporating them into spreadsheets
is still needed.
The ability to tag VMs, identifying
them by their expiration dates or
whether or not the VM has been
approved to run in your environment,
adds additional change- and lifecyclemanagement capabilities to this already
feature-rich product. If the provided
tags don’t suffice or you have existing
rules in place you’d like to adopt,
custom tags are available to track VMs
however you’d like.
In addition, V-Scout offers the ability
to enter a basic cost model to allow for
chargeback or usage reports to be
generated, and the ability to handle
multiple user accounts.
Positive Results
Overall, Embotics’ V-Scout is a great
free utility whose major benefit—aside
from no cost—is the ability to rapidly
provide an admin insight into his virtualized environments in an extremely
unobtrusive and rapid fashion. If cost
is an issue and getting quick results is a
must, V-Scout is a tool that could prove
handy in any virtual environment.—
Brian Mislavsky, VCP, is a systems
engineer specializing in virtualization
and consolidation.
IBM SYSTEM x3550™ M2 EXPRESS
$1,815.00
PN: 7946E1U
Featuring Intel® Xeon® 5500 processor
with speeds up to 2.93 GHz/6.4 GT
Energy-efficient design incorporating
low 675 W and 92% efficient PS,
6 cooling fans, altimeter
Up to 128 GB via 16 DIMM slots
(availability 2Q 2009) of DDR3
memory with clock frequency of
up to 1333 MHz
ibm.com/systems/energysaver
1 866-872-3902 (mention 6N8AH17A)
IBM hardware products are
manufactured from new parts
or new serviceable used
parts.Regardless, our warranty
terms apply. For a copy of
applicable product warranties, visit
www.ibm.com/servers/support/
machine_warranties. IBM makes
no representation or warranty
regarding third-party products
or services. IBM, the IBM logo,
IBM Express Advantage, System
Storage and System x are registered
trademarks or trademarks of
International Business Machines Corporation in the United
States and/or other countries. For a complete list of IBM
trademarks, see www.ibm.com/legal/copytrade.shtml. Intel,
the Intel logo, Xeon and Xeon Inside are trademarks of Intel
Corporation in the U.S. and other countries. All other products
may be registered trademarks or trademarks of their respective
companies. All prices and savings estimates are subject to
change without notice, may vary according to configuration,
are based upon IBM’s estimated retail selling prices as of 3/4/09
and may not include storage, hard drive, operating system or
other features. Reseller prices and savings to end users may
vary. Products are subject to availability. This document was
developed for offerings in the United States. ©2009 IBM
Corporation. All rights reserved.
0509red_F1IE8_22-28.v11
4/13/09
1:38 PM
Page 22
IE8:
Behind t
GETTY IMAGE
0509red_F1IE8_22-28.v11
4/13/09
1:38 PM
Page 23
M
icrosoft started way behind in the
Netscape-dominated browser market
some 14 years ago. But by virtue of it
being free—and coming with every
client operating system from
Windows 95 to Windows 7—Internet Explorer quickly
gained dominant market share.
The Netscape crew was loath to give in, however.
Turning the browser code over to open source developers resulted in the increasingly popular Firefox.
More recently, Google Inc. unveiled the more-or-less
built-from-scratch Chrome.
IE market share, while still the majority, is falling
rapidly. Does IE8 have the goods to keep Microsoft in
not ashamed of where I surf! I might use it for checking
my online bank accounts. I imagine it might be more
secure … I think. Maybe. It’s also fairly easy to erase
your browsing,” says reader Daniel Marois.
In corporations, there seems to be less of a fit. “Even
though this feature can be turned off using Group Policy,
there’s always the chance that the setting might not
apply or Group Policy corruption may occur. Organizations that have traffic logging at the gateway have
less to worry about,” says David J. Calabro, information systems administrator for Transitional Work Corp.
“I don’t see any benefits from the corporate side. It
would be nice if IE could be custom installed without
this feature at all.”
d the 8 Ball
Under pressure from competitors in a high-stakes game,
Microsoft is releasing Internet Explorer 8. But will the
By Doug Barney
new browser scratch or run the table?
the game? We went to the best source we could find:
you, the Redmond reader. More than 50 of you
responded to our queries, and we talked in-depth to a
dozen of the respondents who’ve spent the most time
with the new browser.
This article was reported throughout the IE8 development process. Fortunately, the final version of IE8
shipped just as we were going to press, which answered
some key questions about stability, performance and
compatibility. Where the beta and release candidate
(RC) were troublesome, the shipping product is aces,
say many Redmond readers. Users report few crashes
and increased speed in nearly all cases, and the bulk of
Web sites and add-ins work just fine.
Protecting Privacy
Microsoft spent a lot of time securing the browser against
hackers, but it’s also working to secure your privacy
through InPrivate, a feature that makes sure no cookies
or history are left that point to where you’ve been.
While this seems like a tool designed for teenage
boys, many of us care about our privacy, and we at least
like the option of covering our tracks. Redmond readers
we talked to seem less concerned, and many are downright skeptical as to whether it can actually work. “I’m
Redmond reader Saul Saturn sees InPrivate as offering
only partial privacy. “I have nothing to hide, and if I
did, I’d want to manually clean up. This feature presents a false sense of security given the ISP or firewall
would have some indication of your activity. So [while]
the next person that logs on to your machine won’t
have access to your history, the system administrator
will definitely have access if they want,” says Saturn.
Slicing the Web
Many of us visit Web sites based on search, but I’m
sure every last one of you has a big batch of bookmarks
and visits many of the same sites every day. So how do
you know what’s new? Do you search around, hunting
and pecking for the fresh content?
Microsoft has an answer. Web Slices alert visitors of
changes made to sites. If the changes intrigue, visit; if
not, skip to another site. As cool as this seems, none of
the readers interviewed was excited about it.
“I read up on these several times, and I’m having
trouble mastering how to use them. I think they’d be a
good feature if I could just get the hang of them,” says
Bernie Parsons, IT manager for Buys4Us.
Saturn is even less impressed. “This is an interesting
feature but I think it’s toppled by poor implementation,
0509red_F1IE8_22-28.v11
4/13/09
1:38 PM
Page 24
IE8
as it relies on the IE RSS feature, which is just inadequate
and unusable,” Saturn explains.
Tackling Tabs
Firefox gets credit for browser tabs, and now through an
add-on, Firefox users can group their tabs. IE8 has this
feature built right in, and users like it. “I initially thought
this feature was a gimmick, but I like color grouping more
as I’ve used it. I definitely like that new tabs open within
their group, rather than at the far right,” says reader David
B. Nickason, who handles IT for a law firm.
Marois learned the ins and outs of grouping from Firefox.
“I use colorful tabs on Firefox right now, though I must
admit that you have to have many pages open in order for
this feature to be really useful,” he says. “So far, my experience has been so-so with a large number of tabs.”
Cooling Crashes
Firefox users on Windows are probably familiar with its
recovery features. When Windows crashes, Firefox saves
all your tabs on the associated pages, an element IE8 is
more than happy to duplicate. “This is my favorite feature
and the most useful. Trying to get back to where you were,
especially when you’re doing research, can be frustrating,”
notes Marois.
Nickason has also seen IE8 recovery in action. “It works.
I’ve had two or three crashes in the IE8 RC, and found the
automatic crash recovery to be really useful,” he explains.
“Of course, it would be nice if the browser just didn’t crash
or hang, but this recovery feature is the next best thing.”
IE8’s Bungled Beta
When Google Inc. introduced Chrome as a beta
browser, users were stunned by its stability. It may
have lacked features, but Chrome ran well.
Microsoft can’t say the same thing about IE8.
The latest beta was pretty rough, according to
Redmond readers. Nearly all of the 50-plus
readers who wrote in experienced problems,
from merely annoying to clearly tragic.
“When I tried to uninstall [IE8] it completely
hosed my system, basically reverting it back to
the factory-default programs and settings. I had
to use System Restore to restore my system to
the way it had been, including the beta version
of IE8,” says Bob Jensen, DBA and owner of
Bob’s Computers.
Jim Rossi, global IT administrator Vishay
Intertechnology Inc., had it even worse. “I’m not
usually a Microsoft basher, but the IE8 beta I tried
months ago so thoroughly trashed my laptop that
I actually had to format the hard drive and rein-
Smarter Screens
Hackers don’t always have to break into a machine to do
damage; sometimes we invite them right in by going to
bad Web sites or falling victim to phishing schemes.
SmartScreen Filters recognize, block and alert users about
these sites. “I like this feature, especially because so many
Web sites are contaminated with malware. It has popped
up the warning page a couple of times, and I chose not to
access those sites,” says Parsons.
The efficacy of such features depends on their accuracy.
“[A feature like this is] always useful if it works properly,”
Marois notes. “You don’t want it to block legitimate sites
any more than you want it to miss bad ones.”
Full Speed Ahead with Accelerators
Most Web sites are fairly static. You may see information
you want to explore, but there are no links: the links are to
things you don’t care about. IE8 Accelerators aim to improve
that situation. This tool can expand a bit of info—say, a
name—to include a phone number, address and map. The
associated information can be anything the Web designer
desires. “The ability to select a word and look up the definition, or select a product name and get prices—I can see tons
of uses for accelerators in everyday browsing,” says Nickason.
Accelerators may be one of the common ways many of us
gather information. Nickason continues: “They have the
potential to be one of the most useful features of IE8. I’ll
use them frequently to do things like look up definitions
and find products. Doing these things from our firm’s
intranet site provides a good business use for Accelerators.”
stall Vista. I’ll wait until the production version is
out for a year before I try it again,” Rossi says.
Performance has been an issue for some, but
one expects beta software to lack final tuning.
“I swear I could draw Web pages in Microsoft
Paint faster than IE8 renders them. I haven’t
waited this long for pages to render since AOL
over a 1,200 baud dial-up,” says David Wieneke,
IT security engineer, CUNA Mutual Group.
Others have found the 64-bit version snappy.
“Apparently both the 64- and 32-bit versions
download together. The 64-bit version is much
more responsive, opening my homepage almost
instantly,” says Rex Costanzo, Ph.D., senior
research analyst, National Education Association.
RC1 Was Far from Done
Many hoped that IE8 release candidate (RC) 1,
code that’s essentially feature-complete, would
be more stable. It is, but apparently not by
much. “I’ve found IE8 RC1 even more problematic than beta 2,” says Jeff Balcerzak, director
of programming for The Retail Computer
0509red_F1IE8_22-28.v11
4/13/09
1:38 PM
Page 25
“Accelerators are an excellent
way of increasing efficiency
and finding information.”
David J. Calabro
Information Systems Administrator, Transitional Work Corp.
Of all the new features, Accelerators inspired by far the
most response and the most honest enthusiasm. “Accelerators are an excellent way of increasing efficiency and finding
information. My favorite is the Google Maps Accelerator.
This as a great way for organizations to share information
and get the information they need faster, if they’re willing to
create their own Accelerators,” says reader Calabro.
But building Accelerators may be the rub. “It was a little
confusing at first when trying to create my own Accelerator,” Calabro adds. “It would be nice if page designers
could tag chunks of information so we don’t have to worry
about users highlighting the correct text to use with an
Accelerator. Something like <accelerator>123 my address
st. city, state 12345</accelerator>, and when the user hovers
or double clicks the information, it highlights and then
shows the Accelerators to choose from.”
Suggesting Sites
Microsoft must have thought it hit a home run with Search
Suggestions. In some respects, Search Suggestions is like
auto-fill on steroids. Similar to the embedded Google search
box, as you type the system will suggest results. But readers
interviewed just couldn’t muster up a lot of emotion.
Group. “IE8 RC1 frequently locks up, and I’m a
Vista Ultimate SP1 user with 4GB of memory
and a quad-core processor. If Mozilla wants to
go after Microsoft, they don’t have to do it in
court. They should just wait for IE users to
become so frustrated they start working with
other browsers,” Balcerzak adds.
Stability is still the biggest issue. “IE8 RC1 is
more stable than the final beta, but it still gets in a
wad and dumps altogether more frequently than
IE7,” says Stephen Anslow, senior database developer for Saddleback Church in Lake Forest, Calif.
RC1 also exhibits random behavior. “I have
Windows 7 beta—which also includes the IE8
beta—installed on a couple test computers,”
says reader Brad Wright. “So when IE8 RC1 was
released, I decided to upgrade them to the
release candidate. Much to my surprise, I got
an error that read ‘Internet Explorer 8 is not
supported on this operating system’ on both
computers. Not just once, but with every
version of the IE8 release candidate that was
available on Microsoft’s download site.”
“I turned this off. I have enough experience to figure out
what sites I need to go to, and I don’t want to send any
more browsing information out than I have to,” says Craig
Burgess, a systems and network administrator for healthcare firm Digital Infuzion Inc.
“I don’t use this feature and don’t like it. I’d rather do my
own research and build my own site list via the links feature,” says Parsons. And Nickason also gives the feature the
ultimate diss: “I turned it off: not really interested.”
Pushing Limits of Speed
One of the things drivers love about Porsches and IT pros
love about Windows 7 is speed. IE8 is likewise pleasingly
snappy. “It’s very noticeably faster; most pages load a lot
faster than they did in IE7,” Nickason explains. “The
scrolling issues with our intranet app in IE7 are gone—IE8
scrolls as expected for all pages. Long delays or hanging
when clicking links in RSS feeds are gone. This is a major
improvement that justifies the upgrade all by itself.”
Change IT Can Believe In
IT pros are rarely 100 percent happy with any piece of
software, and IE8 is no different. Marois has a number of
tweaks he’d like to see: “I’d modernize the interface without
making it too busy. I’d remove its dependencies on the OS
and make it completely modular. It should be completely
removable.” He adds, “I’d encourage more people to write
add-ons or make it easier to do. I think existing add-ons
for IE are somewhat uninspired.”
continued on page 28
Craig Burgess, systems and network administrator for health-care firm Digital Infuzion Inc.,
had better RC1 luck. “I tested the IE8 beta, and
while I liked the feature set, it would crash daily
and was slow,” Burgess explains. “So far IE8 RC1
seems to be better; the speed is a little better. It
doesn’t crash the whole browser however many
times, and when I close a tab I get an error
message about the tab session I just closed. I
simply close that out and keep working; my
other tabs are OK. The bottom line is the IE8
feature set is improved, but [Microsoft] needs
to fix the errors,” Burgess says.
All Quiet on the IE8 Front
Despite the glitches and gotchas, testers see
promise in IE8. The browser is clearly faster.
IE8 is more secure with clickjacking prevention
and filters against bad Web sites. And when it
crashes, like Firefox it restores back to its precrash state. And, like Chrome, the tabs are
isolated so a crash in one does not portend a
crash in another.
—D.B.
0509red_F1IE8_22-28.v11
4/13/09
1:38 PM
Page 26
IE8
Nash Browses IE Features
nce we had the customer view
of Internet Explorer 8, Redmond
lined up an interview with
Mike Nash, Microsoft’s corporate VP
for Windows Product Management.
Nash argues that IE8 is not just a great
consumer browser, but has corporate
features no other tool can match.
O
Nash on what IE8 has that helps
the IT pro:
The first thing is to make sure we have
a high manageability of the browser. In
particular, [we want to make] sure we
have Group Policies as a way for the
IT administrator to decide how the
browser is going to be configured,
because people are spending much
more time in the browser running apps
on the Internet and on the intranet.
We can now support a hundred more
Group Policy settings for browser
deployment, configuration and customization. IT can specify the browser
default-rendering mode: Is it compatibility mode by default, or is it standards
mode by default? IT can configure
which Accelerators and search providers
are going to have control. IT can control the behavior of the SmartScreen
Filter. We already had about 1,200
Group Policies before. Now, with 100
more, we’ve got about 1,300.
The Group Policy work is part of the
product by default. You have the ability
to use the Group Policy management
tools to control these things. There’s a
pretty healthy ecosystem of Group
Policy templates out there, [such as]
the ability to control connection
limits, the ability to control in-private
browsing, the ability to decide how
compatibility is going to work.
One of the key things is the continuing
investment in the IE8 Administration
Kit. In the enterprise, [the kit] gives
me the ability to control what
Accelerators are preinstalled, what
Web Slices I want to have preinstalled
and the language that’s being used.
As an IT pro, I may want to have
multiple configurations of the browser.
I may want to have one for the marketing department, with Accelerators
that are appropriate for the marketing
guys, and a different configuration for
the finance department, with things
that are appropriate for [it]. Combine
[these configurations] with a new capability that we have between Windows
and Internet Explorer called slipstream
installation, which makes it very easy
to configure and deploy IE8 in a customization that’s part of a system
Mike Nash, Microsoft’s corporate
vice president for Windows
Product Management
image being deployed on desktops. If I
wanted to build a custom image using
Windows XP and IE7 today, that could
take two or three hours. With Windows
Vista and slipstreaming IE8, I can do
that in about 15 minutes.
On security in IE8:
There are really two things. The first
thing is reliability with security. From a
reliability perspective, the thing we all
have to remember is that in some
sense, the browser is the place where a
Web page executes. When those Web
pages have issues, in the past the execution place was discredited. So a lot of
work was done to reduce the ability for
a Web page to bring a browser down.
But we also changed the architecture so
that when the Web site does impact the
browser, rather than bringing the
whole browser down, it’s isolated to just
the tab where the page was running.
The second thing we’ve done is added
something called the SmartScreen
Filter. This is really based on a lot of
the reputation charts we’ve built with
the Microsoft Phishing Filter. We’ve
all done a search for a word like “antispyware,” and you’re taken to a Web
site that you think is a place where you
can get an anti-spyware tool. Ironically,
what people are doing is taking advantage of people in trouble and tricking
them into loading more spyware. So
we know what these sites are from our
anti-phishing tool. We can actually use
these to help use the browser to inform
the end user that a Web site they might
be going to is bad.
Another security feature is a crosssite scripting filter. We’ve all talked
about cross-site scripting as kind of an
emerging threat, where you take script
code from one page into another page.
And this has been more and more of a
threat in the way that personal information has been stolen—cookie stealing
[and] other forms of identity theft. You
think you’re on your basic Web page,
but in fact you’re on a different page.
[The cross-site scripting filter] is a way
for us to stop those kinds of attacks. As
part of that, remember, there’s no one
silver bullet with security. It’s a number
of different techniques, which together
add up to be in-depth. With this
approach, we have a new feature called
clickjack prevention where I can actually
tag my Web page to say I should never
be embedded in another Web page.
There’s also data-execution protection in IE8. There’s a form of attack
where people inject code into a data
buffer—an unchecked data buffer—and
pass the data buffer with a piece of code
that basically executes the code that was
injected because of an unchecked
buffer. With IE8, we can turn on dataexecution prevention by default.
Another security feature in IE8 is
per-site ActiveX control. We all know
that ActiveX controls are a very powerful way of programming Web sites.
We also know that the ActiveX control for one site can be used in ways
that [it wasn’t] intended on another
site. So now, with IE8, we can actually
have a Web page ActiveX control
that’s only supposed to be used with a
particular domain.
—D.B.
Project1
3/31/09
9:50 AM
Page 1
Visit Sunbelt Software at Microsoft Tech Ed - Booth # 111
Kiss your antivirus
bloatware goodbye
Sp
Compeectial
Upgrad itive
e Price:
$
10 per s
eat!
TEST DRIVE
Next Generation of Total Malware Protection
Until now, antivirus engines have been Frankensteins, bolted
They’re slow, full
of bugs, and hard to manage.
VIPRE Enterprise is a revolutionary new approach. It’s built from scratch
as the all-in-one antivirus, antispyware, anti-rootkit solution that gives
you complete endpoint malware protection without hogging
resources! It’s fast, powerful, and easy.
information you need in one place. Manage individual
agents, quarantines, threats, and more.
Plus, advanced anti-malware technology protects your system against
the new wave of malware threats. No more juggling multiple programs.
No more dealing with user complaints about slow workstation
performance.
• COMPLETE! All-in-one protection from today’s malware.
• FAST! High-performance and low impact on system resources.
• EASY! Manage everything easily from one command screen.
• RELIABLE!
• AFFORDABLE! Low $10 per seat pricing to save you money.
Why struggle with slow resource hogs when you can manage ALL your
malware threats with one fast, easy application?
How does your current software compare?
VIPRE Enterprise scans at a brisk 13.95 MB/sec and
uses just 27% of CPU and 50 MB of RAM. In idle, it
uses a mere 13.3 MB RAM with a disk footprint of just
113 MB. You’ll hardly notice it’s running!
Curious? Download your FREE copy of VIPRE Enterprise and give it a
test drive.
When you compare VIPRE Enterprise to Symantec, McAfee, Trend Micro
or whatever antivirus program you’re using, you WILL want to switch!
Don’t worry, though.You can get VIPRE Enterprise at our competitive
upgrade price of only $10 per seat!
Download VIPRE Enterprise today and get your own home version of VIPRE to keep FREE as our gift to you!
Download now:
www.TestDriveVipre.com
Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax: 1-727-562-5199 www.SunbeltSoftware.com [email protected]
© 2009 Sunbelt Software. All rights reserved. VIPRE Enterprise is a trademark of Sunbelt Software. All trademarks used are owned by their respective owners.
New licenses are available for $10/seat up to 500 seats, minimum 10 seats. For customers with over 500 seats, please call for special pricing. Available for a limited time and subject to change without notice. See website for more details.
0509red_F1IE8_22-28.v11
4/13/09
1:38 PM
Page 28
IE8
continued from page 25
User Nits
Some users don’t like changes that impact compatibility. “I
don’t understand why Internet Explorer upgrades consistently cause Web applications to break or Web pages to
Best of
IE8
InPrivate: Browse without leaving a history
or other traces of where you’ve been
Accelerators: These can quickly take a name
or other bit of information and discover
contact information or maps, send e-mail, or
even translate from one language to another
Web Slices: Tell you what changes have
been made to frequently viewed Web sites
Suggested Sites: Suggest pages as well as
page previews
Tab Color Grouping: Group related sites or
tabs together
Automatic Crash Recovery: Like Firefox,
after a crash your pages and tabs are restored
SmartScreen Filter: Protect against malicious
Web sites
Tab Isolation (tabs spread over separate
operating system processes): A feature
already in Chrome, tabs are isolated so if one
crashes it doesn’t affect the others
render incorrectly. When upgrading from IE6 to IE7, most
Web pages or Web applications required fixes to render
and work properly,” complains Saul Saturn. “You see the
same updated Web pages or applications requiring additional changes to work properly under IE8.”
Saturn sees this as an almost purely Microsoft issue.
“Each browser upgrade shouldn’t prevent a Web page
from rendering properly when it worked perfectly under
the previous browser version. I use other browsers such as
Firefox and Chrome, and can confirm this rarely happens
with those browsers,” he explains.
Alleviating Admin Angst
In a pure feature-by-feature comparison, competitors such
as Firefox match or arguably exceed the IE feature set. But
IE is part of a Microsoft system that includes admin and
update tools; tools that ease the management and development of pages and apps. These tools have a material affect
on browser security, argues Nickason. “I don’t agree with
the blanket statement that Firefox is more secure than IE,”
he says. “As the network admin for a small firm with about
30 client PCs, I can open the Windows Server Update
Services console and immediately verify that IE is fully
patched on every user’s PC. I have no clue of the status of
the Firefox installs on those same machines, unless I visit
each one and check it manually. I know there are enterprise products that serve this purpose for Firefox, but for
businesses whose IT budgets don’t support such tools, IE
is much more likely to be patched, making it the more
secure option. I’d rather browse in Firefox than IE, but I’d
much rather support IE,” Nickason adds.
Bottom Line
There are two sides to every coin, and in the case of
Microsoft, two sides to every browser. “If Web sites don’t
require IE8 for new specific functionality, I wouldn’t bother
updating to IE8 for any of the new features,” reader Saturn
says. “I’m more than happy with IE7, Firefox 3.x and
Chrome. Personally, I think IE has continued to play
catch-up with these other browsers.
“For example,” Saturn adds, “the look and feel of IE8 is not
much different from IE7. What happened to the ribbon? The
Back, Forward, Home and Print buttons are all over the place.
Firefox 3.x and Chrome have a much better, more intelligent
user interface. The IE8 feature with the address bar autocomplete is a simple catch-up to Firefox and Chrome.”
Yet some see IE8 as the beginning of a Microsoft browser
rebirth. “IE8 is going to be a welcome improvement that
addresses all my complaints about IE7,” says Nickason.
Doug says: IE8 seems like
a nice leap forward, and
with its ease of administration it will probably
remain the preferred corporate browser. But these
features do not a revolution make. Many argue
isolated tabs—and tabs
themselves—came first
from other browsers, so IE8 is a derivative
product. That’s not really my point.
None of these browsers—Safari, Firefox or
Chrome—is revolutionary in the least. When
was the last time you actually got excited about
a browser; not the content on the screen, but
the browser itself? I’ve been browsing for close
to two decades and I’m thoroughly underwhelmed by the state of this critical software.
Three years ago in an editorial I asked for fundamental browser changes: “Once the search is
done, what do you do? Browse through a bunch
of bookmarks? Searching is a process where
you learn, but the process of learning is lost in a
confusing collection of favorites. The Barney
Browser integrates searching with a file system
so the intelligence that comes from searches
can be organized, used, shared and built upon.”
I’m still waiting …
Doug Barney ([email protected]) is
editor in chief of Redmond magazine.
Project4
4/7/09
2:47 PM
Page 1
0509red_F2TechEd30-36.v6
4/13/09
12:20 PM
Page 30
Let’s
(Third)
Party!
Independent software vendors
have long been the life of
Microsoft’s party by producing
products that fill in the gaps
Redmond leaves open. For
Tech·Ed North America 2009,
we celebrate third-party
vendors and preview what
they’ll be announcing and
demonstrating at the show.
By Lee Pender
4/13/09
12:20 PM
Page 31
S
omebody go find Randy
Newman. Bring in Magic Johnson, too. Get
the Beach Boys going on the Zune. Oh, and
round up all those stars—Brad, Matt, maybe
Angelina and the Governator himself. Get
them all together because Microsoft and
thousands of customers and partners are
coming for a big party in Los Angeles. At
Tech·Ed North America 2009, everybody’s
going to love L.A.
This might not seem like the best time for
a party. The economy is still struggling, and
some of the industry’s bigger vendors had
earnings dips in recent quarters and
warned about hard times ahead.
The front page of Microsoft’s Tech·Ed
Web site trumpets the theme “smart ideas
for today’s challenges.” And that’s a
sensible, grounded and entirely reasonable
idea—focus on how to make the best of a
difficult economy.
But we want to have a little more fun than
that. Tough times or not, we say that
there’s no better time to celebrate—
because hard times are the best times for
innovation and creativity, and that’s what
this party’s all about. Microsoft has
produced a lot of great technology over
the years, but third-party independent
software vendors (ISVs) have always been
there with the fill-ins and add-ons that
make Microsoft’s wares better, and terrific
standalone products that keep the
company’s ecosystem blooming.
In this Tech·Ed preview, we celebrate the
third-party vendors in Microsoft’s world
by previewing what they’ll be announcing
and demonstrating at the show, which
runs May 11-15 in sunny Southern California.
So grab a drink, dance a step or two and
relax. Let’s (third) party!
4/13/09
12:21 PM
Page 32
Tech·Ed Preview
DataCore Software Corp.
Idera
DataCore will travel from sunny Fort Lauderdale,
Fla., to sunny Los Angeles with what the company
calls its “Pimp My Storage” crew. The crew will bring
down half an IT department’s storage infrastructure.
The mystery for attendees will be to find out whether
the system’s virtual machines (VMs) keep working.
The company will
also be showing off
new capabilities it
announced in April,
including 64-bit “mega caches,” as the company calls
them, which highlight its new SANmelody 3.0 and
SANsymphony 7.0 products. With the new products,
a SAN-wide cache will now hold the entire working
set of a large number of VMs.
Another new option in both products is Transporter,
a migration facility that the company says “migrates
disk images and workloads between different operating
systems, hypervisors and storage subsystems—
eliminating lengthy backups and restores due to
complicated format conversions.”
Idera, based in Houston and a division of BBS
Technologies Inc., will roll into Tech·Ed ready to
show off SharePoint backup, the latest version of its
application that provides backup, search and document recovery for SharePoint.
Version 2.0 of SharePoint backup adds enhanced
scheduling capabilities and lets admins preview documents before recovering them. SharePoint backup is
one of a large group of SharePoint tools Idera provides.
Idera also introduced SQL secure 2.5 in March.
The application lets database administrators monitor
SQL Server security and track security problems.
SQL secure, along with sister product SQL compliance manager, is especially useful for companies with
strict compliance regulations, Idera CEO Rick
Pleczko says. “It’s like having a video camera on your
database that can alert you to audit violations,”
Pleczko explains.
The new version of SQL secure lets DBAs take a
snapshot of employee access permissions to compare
to a later permissions list. It also provides templates
that allow users to drill down into specific compliance regulations, says Juan Rogers, SQL secure
product manager at Idera.
dtSearch Corp.
dtSearch, based in Bethesda, Md., will be demonstrating
a new line of its text-retrieval software at Tech·Ed.
The company rolled out a whole new dtSearch suite
in March, version 7.6, which includes a broad array of
products for searching for files on a PC or across a
network, publishing large volumes of searchable data
to an IIS intranet or
Internet site, and
publishing searchable documents or
Web content to
portable media, among other functions.
dtSearch Engines for Windows and .NET and the
same product for Linux—two components of the
suite—let developers add dtSearch functionality to
applications. The new version of the Windows and
.NET product adds expanded sample code for
Microsoft’s latest release of Visual Studio.
Fun Fact: The “World’s Largest
Outdoor Cocktail Party” happens
every fall—not in Los Angeles but
in Jacksonville, Fla., when the
football teams from the University
of Georgia and the University of
Florida renew their annual rivalry.
Fun Fact: About.com claims the five-county
Los Angeles area would be the fourth-largest
state in the United States if it were a state unto
itself. That’s a lot of room for a dance floor.
K2
K2 is a division of SourceCode Technology
Holdings Inc., based right in Microsoft’s backyard,
Redmond, Wash. The company provides a platform
aimed at simplifying business process automation
and process management. At Tech·Ed, K2 will be
demonstrating K2 blackpoint, a Microsoft Office
SharePoint Server add-on.
K2 blackpoint, released in March, is “focused on
making it easy to compose process- and workflowbased applications on SharePoint,” company officials
say. With blackpoint, non-technical users—meaning
non-developers—can build SharePoint workflows
and applications without writing code.
The company will also show off its K2 connect
product, an add-on to its flagship software blackpearl.
K2 connect, released in February, helps non-developers
bring information from SAP AG’s enterprise resource
planning applications together with Microsoft
Office, SharePoint and technology built on the
.NET platform.
Project1
4/13/09
8:53 AM
Page 1
5"$2ô'/,$ô)3
0/7%2&5,
6)245!,):!4)/.
"!2%ô-%4!,ô2%34/2%3
#/.4).5/53ô$!4!ô02/4%#4)/.
UBDR Gold image-based disaster recovery
software strikes the perfect balance of rock
steady reliability and product flexibility.
Not only do users have the ability to backup
and restore to literally any type of network
storage device, but they also have every
option available, including local and remote
disk, tape, libraries, SFTP, and TSM. If
physical dissimilar hardware for a migration
or disaster recovery restore is needed, it’s
available at your fingertips — along with
every form of virtual disaster migration and
recovery available. And best of all, if you’re
struggling to find the right balance between
file-by-file and image backup protection, we
have an answer for that. For the ultimate in
server and workstation protection, UBDR
Gold integrates seamlessly with our UltraBac
file-based backup solution. If you are already
heavily invested, it will also work perfectly
with your existing file-by-file backup software.
5,42!"!# 3/&47!2% ô
342%4#().' 4(% ,)-)43 /& 4%#(./,/'9ô
4/ô02/6)$%ô4(%ô-/34ô!'),%ô3/,54)/.3
™
BACK U P AN D D I SASTE R R EC OVE RY SOF T WA R E FO R P E O P LE W HO M E A N B US I N E S S
W W W. U LTR A B AC . C O M
1. 8 6 6 . 5 5 4 . 8 5 62
© 2009 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, UBDR Pro, Continuous Image Protection, and Backup and Disaster Recovery Software for
People Who Mean Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies.
4/13/09
12:21 PM
Page 34
Tech·Ed Preview
Lieberman Software Corp.
Raxco Software Inc.
Lieberman will be right at home in Los Angeles,
given its corporate headquarters are located in the
city on the aptly named Avenue of the Stars. The star
for Lieberman at Tech·Ed will be Enterprise Random
Password Manager, its also aptly named passwordmanagement product.
An update to the product to be unveiled at Tech·Ed
will offer privileged account password management
from within the consoles of Microsoft System Center
Operations Manager and System Center Configuration
Manager. The update will enable security recovery of
administrator passwords directly from Systems
Center, company officials say.
Raxco, a Gaithersburg, Md.-based provider of
disk-defragmentation software, rolled out its
PerfectDisk 10 line of storage-management products
in January and will make the product the focus of its
presence at Tech·Ed.
The main new player in the PerfectDisk family is
PerfectDisk 10 Virtual Enterprise Edition, which
provides, as the company notes: “virtual awareness to
enterprise disk defragmentation.” The new product
works with virtual products such as VMware’s ESX
Server and Microsoft’s Hyper-V, and automatically
determines how often it should run a defragmentation session based on the resources the physical host
has at a given time.
Virtual Enterprise Edition is available starting at
$249.99. It and the other PerfectDisk 10 products are
available to purchase—or download a free trial
copy—at the company’s Web site: perfectdisk.com.
Marathon Technologies Corp.
Marathon and Microsoft announced in January a
development and marketing deal aimed at providing
fault-tolerant and high-availability computing for
enterprise customers running applications on
Windows Server. The agreement includes enhanced
compatibility between Marathon’s everRun faulttolerance software line and Windows Server 2008, as
well as other development objectives.
At Tech·Ed, Littleton, Mass.-based Marathon will
“present a joint session on Microsoft clustering technology and Marathon’s extension of Windows Server
high availability to continuous availability through
software fault tolerance,” company officials say.
Fun Fact: Randy Newman released
the single “I Love L.A.” on his 1983
album “Trouble in Paradise.”
Though it’s hard to say whether the
song and accompanying video were an ironic
slap at the city or a genuine love poem—they
were probably a bit of both—the tune became
an iconic song for the city
in the 1980s and no doubt
got blasted at more than
a few parties.
MVP Systems Inc.
Red Gate Software Ltd.
MVPSI rolls in from Farmington, Conn., to Tech·Ed,
where it will demonstrate for the first time at a trade
show a free monitor for its Job Access and Management
System (JAMS) software.
JAMS is a batch job scheduling system, and JAMS
Monitor provides a singular view through which
users can monitor and manage Windows Task
Scheduler and SQL Server jobs running in multiple
servers. A “Convert to JAMS” function lets users
move their processes into JAMS, a move that the
company says yields better scheduling capabilities
and opens up features such as dependency triggers,
event-based scheduling and alerting.
Free copies of JAMS Monitor are available at the
company’s Web site: www.mvpsi.com.
All the way from Cambridge—England, not
Massachusetts—comes Red Gate Software with a
new archiving tool for Exchange that’s sensibly
called Exchange Server Archiver.
Company officials promise that the new tool will be
“simple to try, install and administer,” and will deliver
an interface with an e-mail preview pane, instant
retrieval of e-mails and search capabilities for
archived and non-archived e-mails.
Red Gate takes its name from one of the earliest
tech inventions, something that came along long
before the microprocessor. Company spokesperson
Michael Francis explains: “If you’re wondering where
the name Red Gate came from, we are named after
Via Porta Rossa [Red Gate Street] in Florence, Italy,
close to where Leonardo da Vinci invented the
database in 1512.”
4/13/09
12:21 PM
Page 35
ScriptLogic Corp.
Sanbolic Inc.
At Tech·Ed, Sanbolic will announce that it’s adding
distributed snapshots to Melio FS, its clustered file
system. Also in the product will be a generic Volume
Shadow Copy
Service (VSS)
provider, available
from both physical
and virtual servers
when Sanbolic’s file system is in use, which third-party
data-protection products can invoke.
The company, based in Watertown, Mass., will also
publish APIs for scripting and scheduling the VSS
provider. Sanbolic is also making it possible for
users to invoke Melio or a third-party VSS provider
from the company’s data-protection software, called
Simple Information Lifecycle Provider (SILM).
SILM will now bring better capabilities for scripting
and scheduling.
sanbolic
Sapien Technologies Inc.
Just upstate from Los Angeles is Sapien Technologies,
based in Napa, Calif. At Tech·Ed, Sapien will be
demonstrating iPowerShell. Released in March,
iPowerShell is a product that blends two worlds by
bringing PowerShell to
the iPhone. iPowerShell
is available for download
at Apple Inc.’s App Store.
iPowerShell “contains
full descriptions of
each and every core
PowerShell version 1
cmdlet, their syntax,
parameters and examples of proper usage,” the company describes. It also includes help topics and a
sophisticated search function.
“This news is important because it shows Sapien’s
commitment to the IT professional by expanding its
software offerings and broadening its customer base,”
says Ferdinand Rios, the company’s CEO and cofounder. “Additionally, with the iPowerShell release,
we’re showing that we’re supporting the newest technology and making it easier for IT pros to get their
job done, both locally and remotely,” he adds.
ScriptLogic has a product release for Tech·Ed: the
latest version of Active Administrator, its application
for managing Active Directory.
Among other functions, Active Administrator 5.1
gives administrators enhanced capabilities to
schedule database maintenance, and provides selfmonitoring of
server components.
The application
additionally offers
centralized event monitoring and reporting, as well
as simplified delegation of AD and backup and
recovery functionality.
Also at Tech·Ed, the Boca Raton, Fla.-based company
promises to announce “a new product line to bring a
highly cost-competitive, instant remote-assistance
capability for IT administrators to support users
everywhere in the enterprise and on the Internet,”
company officials say.
Sherpa Software Group L.P.
Sherpa Software released the latest version of its
Archive Attender e-mail management software in
March, and company officials will be demonstrating
the updated product at Tech·Ed. But Sherpa will also
be rolling out Transfer Rules, a new wrinkle for its
Mail Attender product for e-mail archiving, content
management and policy enforcement.
Tom Hand, vice president of Exchange development for Sherpa, explains Transfer Rules for Mail
Attender: “The core product can search mailboxes,
.PSTs and public folders, and search for any match
within the criteria set you provide, and take action.
[With Transport Rules], we now serialize that data
out, transport it across the network and serialize it
back into that data store. It doesn’t rely on direct
API-to-API connection,” Hand adds.
Sherpa’s Himalayan name—Sherpas are native
guides who assist climbers in the famous mountain
chain—is intentional, even though the company is
based near Pittsburgh, Hand says. “We sort of guide
you through e-mail terrain,” he explains. “We guide
you to your proper solution. That’s sort of our
mantra here.”
The company lives the theme, even giving internal
servers names like “Everest.” But visiting Sherpa’s
booth at Tech·Ed will likely be less dangerous than
trying to scale the famous mountain.
4/13/09
12:21 PM
Page 36
Tech·Ed Preview
Special Operations Software Inc.
SteelEye Technology Inc.
All the way from Stockholm, Sweden, with U.S.
headquarters in Portsmouth, N.H., comes Special
Operations Software with its Specops Virtual Deploy
product. This new offering works with Microsoft
Application Virtualization (App-V) to deploy apps
virtually using Group Policy. Thorbjörn Sjövold, the
company’s CTO, explains: “We’re taking the concept
of Microsoft App-V and making it more simple for
users than it is today. We let you use Group Policy to
deploy virtual bubbles,” Sjövold says.
Those “bubbles,” he explains, let users make
changes to applications without changing anything in
the operating system itself. With Virtual Deploy,
“what you can do with App-V is take Office 2003 and
virtualize it,” Sjövold says. “[Office 2003] is a bubble
that lives inside its own little world. Whatever you
change inside Office 2003, it doesn’t affect the OS.
“You pick your bubbles and deploy them out there,”
Sjövold continues. “The good thing about Group
Policy is that everybody knows how to use it. Since
we don’t require any infrastructure, you’re up and
running as soon as you have your first bubble.”
Johan Ögren, president of the company’s North
American operation, says Special Operations Software
will give away gold bars at its Tech·Ed booth. “The
marketing message this year is all about gold,” he says.
“We believe our products are solid investments.”
Down from Menlo Park, Calif., comes SteelEye
Technology, which will demonstrate the latest version
of DataKeeper Cluster Edition. The software offers
high availability and disaster recovery by working with
Hyper-V and Windows Server Failover Clustering.
Greg Ewald, VP of marketing for SteelEye, says
that at Tech·Ed the company will show how DataKeeper Cluster Edition handles “Quick Migration of
live running Microsoft Hyper-V VMs from coast to
coast … replicating clustered SQL Server running in
Hyper-V VMs across data centers, [and] Hyper-V,
Windows Server Failover Clustering and DataKeeper
Cluster Edition working together to provide simple
and powerful disaster recovery for Exchange 2007.”
Previews of the demos are available at the company’s Web site: steeleye.com.
VMware Inc.
The Palo Alto, Calif.-based virtualization titan
will have a presence at Tech·Ed. The company’s
focus will be vSphere, which the company calls the
industry’s first cloud operating system.
Rick Vanover, an online columnist for Redmond sister
site VirtualizationReview.com, notes in his March 25,
2009, story, “Changes Coming to Thin Provisioning,”
that vSphere offers
“new support for thinprovisioned disks from
ESX 4. ESX 3 did not
offer thin provisioning by default, but it was possible
through the vmkfstools command.”
Vanover expands further on the impact of vSphere:
“Looking forward to ESX 4, VMware shops have an
advantage due to the Virtual Machine File System (or
vStorage VMFS), which can get you out of a jam.
One of the new features coming in vSphere is
Enhanced Storage VMotion, which permits a
conversion from a fully provisioned virtual disk to a
thin-provisioned virtual disk.”
Meanwhile, Back on the Mother Ship
Microsoft will have plenty of its own products to
showcase at Tech·Ed. The “first party,” so to speak,
tends to keep its product announcements close to the
vest, but company officials have revealed some of what
Microsoft will be focusing on at the show.
Among the products that will be on primary display,
company officials say, are Windows Server 2008 R2,
Operations Manager 2007 R2 (due this month) and
System Center Essentials, the company’s midmarket
IT management suite, in a special technical session.
As for other noteworthy events, Microsoft Learning
will give all attendees vouchers worth 50 percent off a
certification exam.
Lee Pender is executive editor of Redmond and editor of
the Redmond Channel Partner Update e-Newsletter.
Lee says: I had a lot of fun with this preview
because I really do love Los Angeles, with
none of Randy Newman’s irony necessary.
Most people in the technology industry—
maybe most people, period—lean toward
San Francisco in the ancient battle between
Northern and Southern California, but
while San Francisco is nice, give me L.A. any day.
I’ll put up with the smog, the traffic and the sprawl in
exchange for sunshine, beaches, great Mexican food,
places like Malibu, Venice Beach and Santa Monica, and
trips up or down the coast to Santa Barbara or San Diego.
I’m no star-watcher by any means, but I’d much rather
have a chance sighting of a beautiful young actress on
Rodeo Drive than run into the CEO of a big tech company
in San Jose.
As I write this, it’s 45 and rainy in Framingham, Mass., and
I really am doing some (Southern) California dreaming.
Nice choice, Microsoft.
0509redSup_Dell_BindIn
3/26/09
10:36 AM
Page 1
SOLUTIONS
• CONSOLIDATION
RELIABLE
SERVICE
Dell and Microsoft solutions help ServiceU deliver reliable system
performance and create a virtualized environment that reduces
power consumption by 50 percent
• VIRTUALIZATION
CUSTOMER PROFILE
COUNTRY: United States
INDUSTRY: Technology
FOUNDED: 1997
WEB ADDRESS: www.serviceu.com
CHALLENGE
Deploy reliable hardware to support
the company’s Microsoft® SQL Server®
2008 environment and virtualize other
applications to enhance business flexibility.
SOLUTION
ServiceU deployed Dell™ PowerEdge ™
servers and Dell/EMC storage area
networks (SANs) to support the company’s
SQL Server environment and serve as
the foundation for a distinct virtualized
environment based on Microsoft Windows
Server® 2008 Hyper-V™ technology.
BENEFITS
Get IT Faster
• Deployed new virtualization environment
in just three weeks
Run IT Better
• Reduced new application server
deployment time from four days to four
hours in the virtualized environment,
freeing IT personnel to work on
new projects
• Consolidated IT infrastructure by
eliminating 43 percent of servers,
while increasing the total number of
operating system installations
Successful event planning can involve an enormous amount
of behind-the-scenes work and organization. ServiceU
Corporation is a Memphis-based software-as-a-service
(SaaS) provider that enables organizations to run successful
events by helping manage a wide range of event-related
logistics, including facilities management, box office
management, reserved seat ticketing, registrations,
payments or donations, food, transportation, and childcare.
Grow IT Smarter
• Cut power consumption by
approximately 50 percent by adopting
energy-efficient servers
• Planning to launch new offerings
with Dell that include customized
server configurations and
direct fulfillment
3/26/09
10:37 AM
Page 2
HOW IT WORKS
HARDWARE
• Dell™ PowerEdge™ R805 servers with
AMD Opteron™ processors
• Dell/EMC CX series storage area
networks (SANs)
SOFTWARE
• Microsoft® SQL Server® 2008
Enterprise Edition
• Microsoft Windows Server® 2008 Hyper-V
• Microsoft Internet Information Services 7.0
• Microsoft Windows Server 2008
• Microsoft Visual Studio® 2008
• Microsoft Hyper-V™ Manager
• Dell OpenManage™
“WITH THE POWER EFFICIENCIES OF THE AMD
OPTERON PROCESSORS, THE DELL POWEREDGE
R805 SERVERS USE APPROXIMATELY 50 PERCENT
LESS POWER COMPARED WITH THE PREVIOUS
EQUIPMENT.”
David P. Smith
To serve its customer base, ServiceU must have
reliable computer hardware that can also provide
a foundation for new, innovative offerings. “The
biggest challenge we face is figuring out how
to provide the best service to customers while
building the company at the fastest possible
pace,” says Tim Whitehorn, founder and chief
executive officer of ServiceU.
As a SaaS provider, ServiceU requires hardware
that can help deliver exceptional availability.
“Our customers rely on our software to run their
business,” says David P. Smith, chief technology
officer at ServiceU. “If our infrastructure fails, we
have no business.”
Though rock-solid reliability is a top priority,
the IT group is also eager to adopt cutting-edge
technologies to help move the business forward.
For example, the IT group worked closely
with Microsoft during the development of
Microsoft SQL Server 2008 and upgraded as
soon as the software was available. “Microsoft
SQL Server 2008 is at the heart of the services
we offer,” says Smith. “Whether an individual
is buying a ticket to an event from one of our
customers, or the customer is managing other
aspects of the event, it’s all done through a Web
browser that is connected to SQL Server. We
started using Microsoft SQL Server 2008 as
soon as possible so we could take advantage
of several new capabilities, including data
compression, security enhancements, and
performance improvements.”
To support that SQL environment, ServiceU
needed servers and storage that could deliver
outstanding performance and throughput. “During
peak periods, we have approximately 15,000 to
20,000 end users connected to our system. They
perform 15,000 to 17,000 SQL transactions per
second, and all of the transactions are mirrored to
our remote disaster recovery facility,” says Smith.
“We need hardware that can handle that load
without compromising performance.”
DELL SERVERS PROVIDE
THE FOUNDATION FOR SQL
SERVER 2008
The company’s IT group uses Dell PowerEdge R805
servers to help support the Microsoft SQL Server
2008 environment. With features such as hotpluggable redundant power and cooling components,
PowerEdge R805 servers can deliver the reliability
and high uptime that the company requires. “We
have used Dell hardware for more than 10 years, and
we have been extremely happy with both product
reliability and Dell support,” says Smith. “Our
database servers are critical to our business, so we
use Dell hardware exclusively for SQL Server.
3/26/09
10:37 AM
Page 3
“IN THE PAST, IT TOOK UP TO FOUR DAYS TO
CONFIGURE AND DEPLOY A NEW PHYSICAL
SERVER INTO PRODUCTION. WITH THE
NEW MICROSOFT HYPER-V ENVIRONMENT
RUNNING ON DELL SERVERS, WE CAN
CONFIGURE AND DEPLOY A VIRTUAL SERVER
IN ABOUT FOUR HOURS.”
David P. Smith
“When the company began, we had hardware
from multiple vendors, but it was too timeconsuming to maintain,” explains Whitehorn. “The
more time our IT staff spends on maintenance,
the less time they have for innovative, revenueproducing projects. We standardized on Dell
hardware several years ago, and now we spend
much less time performing maintenance. The
Dell PowerEdge R805 servers provide the Dell
reliability that we have come to count on.”
Dell management components help to simplify
management. “Dell OpenManage provides a
straightforward way to manage the servers
while the Dell Remote Access Cards enable us to
conduct that management remotely,” says Smith.
Equipped with either two Dual- or Quad-Core
AMD Opteron ™ processors and AMD non-uniform
memory access (NUMA) technology to optimize
memory usage, the PowerEdge R805 servers also
help deliver the performance necessary to handle
the high volumes of transactions. “We are always
interested in adopting technologies that can
improve the end user’s experience,” says Smith.
“NUMA technology allows SQL Server to use
memory effectively and to significantly improve
application performance.”
SERVICEU BUILDS A VIRTUALIZED
ENVIRONMENT ON DELL SERVERS
With the Dell PowerEdge R805 server, the
ServiceU IT group also saw an opportunity to
easily create a virtualized environment for other
applications. By virtualizing servers, the IT group
could simplify server management and reduce
ongoing costs. “The Dell PowerEdge R805 servers
were clearly designed for virtualization,” says
Smith. “The processing performance, memory
capacity, and high-throughput network cards
work together to provide the performance
required for hosting multiple virtual machines on
a single physical server. And with an integrated
hypervisor, the PowerEdge R805 can simplify
deployment of the virtualized environment.”
evaluated products from other storage vendors, but
we found that the Dell/EMC solution could offer us
great reliability and performance,” says Smith. “Our
production servers use the Dell/EMC CX series
SANs exclusively.”
After evaluating other virtualization solutions,
the IT group decided to use the Microsoft
Hyper-V solution that is integrated into Microsoft
Windows Server 2008. So far, ServiceU has
virtualized Web servers, e-mail servers, domain
controllers, DNS servers, and development/
production builds. “Hyper-V is an exceptional
technology that delivers the performance,
reliability, and throughput we need to meet our
clients’ expectations,” says Smith. “At the same
time, the Microsoft Hyper-V Manager is easy to
use and enterprise-capable. By choosing Hyper-V,
we also can work with a single software vendor
that we know and trust. If there’s a problem, we
can resolve it quickly.”
The Dell/EMC SANs help the company to comply
with strict disaster recovery standards set by
the payment card industry (PCI). “To maintain our
compliance with PCI standards, we are required
to test our disaster recovery facility yearly,” says
Smith. “When we conduct that test with the
Dell/EMC SANs, we notice no real difference in
performance. With Dell hardware, we know that
the business can continue to operate even in the
event of a disaster.”
The strong relationship between Dell and
Microsoft made the decision to adopt Dell
servers easy. “The relationship between Dell
and Microsoft simplifies hardware purchases.
We have confidence that Hyper-V will work as
it should on the Dell platform,” says Whitehorn.
“The Dell-Microsoft relationship also helps
simplify support. There’s none of the fingerpointing that can happen between vendors.
The two companies truly collaborate, and that
simplifies our jobs.”
DELL/EMC SANS HELP DELIVER
RELIABLE DISASTER RECOVERY
The ServiceU IT group selected Dell/EMC CX series
SANs to support the virtualized environment.
The company uses SANs both at its primary data
center and its disaster recovery data center. “We
NEW DELL SERVERS CONSUME
50 PERCENT LESS POWER THAN
OTHER EQUIPMENT
The move to AMD-based Dell PowerEdge servers
will help dramatically reduce power consumption.
“We have seen tremendous power savings just
by changing out some of our servers,” says Smith.
“With the power efficiencies of the AMD Opteron
processors, the Dell PowerEdge R805 servers use
approximately 50 percent less power compared
with the previous equipment.”
Virtualization should also help keep power
and cooling costs down. “With a virtualized
infrastructure, we can place several applications
on the same physical server and eliminate
unnecessary overhead,” says Whitehorn. “We have
already eliminated 43 percent of our servers and
we have avoided buying several new ones. We
anticipate saving tens of thousands of dollars every
year in hardware acquisition, maintenance, real
estate, power, and cooling costs. We can invest the
money we save in new service offerings.”
3/26/09
10:38 AM
SERVICEU ACCELERATES
APPLICATION DEPLOYMENT TIME
FROM FOUR DAYS TO FOUR HOURS
Creating a virtualized environment is also helping
to improve the flexibility of the business. The IT
group can deploy new virtual servers in just a
fraction of the time that it takes to buy, configure,
and install new physical servers. “In the past,
it took up to four days to configure and deploy a
new physical server into production,” says Smith.
“With the new Microsoft Hyper-V environment
running on Dell servers, we can configure and
deploy a virtual server in about four hours. If we
upgrade hardware, we can take a physical server
offline and migrate its virtual servers to a new
physical server in about 15 minutes.”
THE NEW INFRASTRUCTURE HELPS
SIMPLIFY IT MANAGEMENT
Virtualization has helped the IT staff greatly
reduce the time to maintain physical servers.
“If our IT staff spends all of their time doing
maintenance or upgrades, we can miss out on
new opportunities,” says Whitehorn. “With a
virtualized environment, our staff does not need
to spend nearly as much time upgrading servers
since the core functionality is contained within
portable virtual server files. They can spend more
time on deploying new services.”
Page 4
SERVICEU AND DELL
COLLABORATE ON A NEW
OFFERING
Based on the positive experiences ServiceU
has had using Dell hardware internally, the
company’s management has decided to work
with Dell on a new service offering that will
provide customized Dell hardware to ServiceU
customers. “EventU Green integrates a PC-based
version of our hosted scheduling system with our
clients’ heating and air conditioning systems to
automate those systems and reduce costs,” says
Whitehorn. “This will be the first time that we
will run software locally at the client location.
Dell will help us create custom hardware
configurations and ship the hardware directly to
clients’ sites, saving us the trouble of managing
that fulfillment process. This new service is
just another example of how Dell manages
the details so that we can help our customers
produce reliable, smooth-running events.”
For more information on this case study
or to read additional case studies, go to
DELL.COM/CaseStudies.
The latest edition of SQL Server is also helping to
free up staff for new projects. “The tools that SQL
Server 2008 provides for optimizing databases
and mirroring data are excellent,” says Whitehorn.
“All of these features help our IT staff reduce the
time spent managing systems.”
SIMPLIFY YOUR TOTAL SOLUTION AT DELL.COM/Simplify
February 2009. © 2009 Dell, Inc. Dell is a trademark of Dell Inc. Microsoft, the Microsoft logo, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. AMD, the AMD logo, and Opteron are registered trademarks of Advanced Micro Devices, Inc. Other trademarks and trade names
may be used in this document to refer to either the entities claiming the marks and names or their products. This case study is for informational purposes only. DELL MAKES NO
WARRANTIES, EXPRESS OR IMPLIED, IN THIS CASE STUDY.
0509red_F2Cloud37-42.v5
4/13/09
11:25 AM
Page 37
A Secure Leap
into the Clouds
Companies looking to reduce costs through
cloud computing will have to make some
tough decisions about security.
By Naomi Grossman
C
hances are, if your enterprise isn’t in
the cloud yet, it will be. Maybe just a
few departments, maybe just some of
its applications, but the inevitability
of cloud computing is driven by a
number of forces that are both
compelling—think much lower up-front and long-term
costs—and likely to stay that way for a long time.
Cloud computing is essentially using the Internet for a
host of functions—from enterprise applications to storage—
and the cloud construction can be implemented either
internally, externally or through a combination of both
methods. There is perhaps no greater indication of the
staying power of cloud computing than Microsoft’s Azure,
the company’s cloud development platform and operating
system that services developers can use to build apps for
the cloud. Azure goes head-to-head with Amazon’s EC2—
the product to beat—and Google’s AppEngine.
There are lots of other flavors in the cloud offerings
among the major players: Salesforce.com Inc. has made
its name with its Software as a Service (SaaS) offerings;
IBM Corp. came out with LotusLive, on online version
4/13/09
11:25 AM
Page 38
Cloud Security
of its Lotus programs; and VMware Inc., the virtualization
king, is investing heavily in cloud computing. And let’s not
forget Microsoft’s other forays into cloud computing with
its Internet versions of Exchange, Windows Live and
Office Online.
The argument for the cloud in its various permutations is
becoming more and more compelling as companies look
for ways to reduce costs and get easy access to expertise.
But there’s no getting around the fact that a leap into the
cloud changes a company’s relationship to its information,
both across and outside of the enterprise.
The question, then, is obvious: Is it possible to manage
those risks and still gain value from the ever-expanding set
of cloud-computing features?
The answer from the experts is a qualified yes.
mean allowing customers to see their balances but not
allowing them to do trades.
“People will ask: ‘Can you be, for example, HIPAA
compliant with the cloud?’ If you do nothing, then no.
Clouds don’t provide a compliant environment,” Staten
says. “You need to deliver services and applications in a
secure environment.”
The Azure platform provides circumstances in which
enterprises will have to consider this. “We use a variety of
security technologies and procedures to help protect personal information hosted on the Azure Services Platform
from unauthorized access, use or disclosure,” says John
Chirapurath, director of marketing, identity and security
for Microsoft. But, Chirapurath adds, “Microsoft provides
a computing infrastructure on which developers can build
applications. It’s the responsibility of the developer to
Sizing up Security
ensure that their applications, content and services comply
“Enterprises need to understand exactly how much security
with applicable laws.”
they need, how much security the cloud can provide and
Staten notes, though, that enhancing the security of a
cloud service typically does not significantly increase costs.
Darren Platt is CTO and vice president of engineering
at Symplified Inc., which provides enterprises with Webaccess management. Platt contends that the
cost savings of cloud computing are so
Enterprises need to
significant—he notes that SaaS
understand exactly how much
savings for a company can translate to costs that are as much as
security they need, how much security
10 times lower—that there’s a
the cloud can provide and how much
lot of financial room for addisecurity they can add.
tional overhead requirements.
James Staten, Principal Analyst,
Not surprisingly, he also insists
Forrester Research Inc.
that such additional requirements
are necessary.
“For a security officer in any enterprise, it’s difficult,”
Platt says. “But now that applications are Web-facing and
employees can access them at home, the vulnerability is
even greater.”
how much security they can add,” says James Staten, a
Fortifying Defenses
principal analyst at Forrester Research Inc.
Dan Chu, VP of emerging products and markets at
For instance, a company in the financial services industry
VMware, notes that the classic scenario of booting a disneeds to protect customer data and be in compliance with
gruntled employee off a company’s systems now extends
federal regulations, but cloud-computing services won’t
across the organization. Similarly, an audit trail needs to be
ensure compliance; rather, the company will need to add
able to trace a path throughout internal and external applisecurity applications on its own. Staten notes that such a
cations, and a policy administrator should have a consistent
user might enhance Amazon’s EC2 with encryption agents
set of security policies on all applications being used.
and monitors. The company would also think about
Platt acknowledges that the larger services providers like
enhanced protection from unauthorized access.
Salesforce.com are starting to provide stronger authentica“A public Web site that’s made available to customers
tion, but he maintains that enterprises need the efficiency
with a log-in usually has an encryption model and a security
of authentication at one location.
engine,” Staten adds. “If you don’t have these layers of
IBM’s LotusLive, which is currently in beta, has a set of
security when you go into the cloud, you’ll need to replace
security policy offerings that are understood by the user
them or have a degraded security model, such as offering
and make sense in the business workflow, says Douglas
less access.” In the financial services industry, this might
“
”
Project1
3/6/09
10:50 AM
Page 1
Sometimes the
SQL Server performance
problem is obvious.
Usually, it’s harder to pinpoint.
Amazing what you can accomplish once you have
inside information.
When the source of a SQL Server application slowdown isn’t immediately
obvious, try a solution that gets you up to speed. One that pinpoints
SQL bottlenecks causing application wait time. Confio lets you isolate
slowdowns in SQL Server with no installed agent. And solving the root
cause costs a tenth of workarounds like adding new servers. Now that’s
a vision that can take you places.
A smarter solution makes everyone look brilliant.
Download your FREE trial of Confio Ignite™ at www.confio.com/redmond
4/13/09
11:25 AM
Page 40
Cloud Security
Wilson, director of development and architecture for
Lotus’ cloud services group. “We tried to match security
policies with operations,” Wilson says. For instance, companies can choose not to share files, or to only share files
within the company, or to share with selected individuals
outside the company. Auditing records are preserved to
keep track of accessed data. “In virtually every business collaboration, there is trust that businesses behave according to
policy, and then there are control points to see if they’re
adhering to the policies,” says Wilson.
“Now that applications
are Web-facing and employees
can access them at home, the
vulnerability is even greater.”
Darren Platt, CTO and VP of
Engineering, Symplified Inc.
Sharing Space
Chenxi Wang, a principal security analyst at Forrester,
agrees that adding security applications is an option for
enterprises that want to safely jump into the cloud. But she
adds that it’s important for companies to check out a
vendor carefully and understand how it manages its architecture. “A multi-tenant architecture of one server with
multiple companies using it is like timeshare resources,”
Wang says. “Your company’s data lives on the same infrastructure as other companies’ data.”
A company can usually pay a higher fee to request a segregated infrastructure. It’s less cost-effective, notes Wang,
but the company is still getting an expert to manage the
infrastructure, and there are staff cost savings that are realized. “In some scenarios, it’s worth it to have a dedicated
infrastructure sitting in the cloud,” Wang says. “But when
the applications aren’t worth much, you might as well
use the multi-tenant architecture.”
Wang adds that a vendor can have a secure multitenant architecture if the vendor does it right and
knows how to secure data. “Look at what a vendor offers
as a security guarantee and decide if it’s good enough for
you,” she says. But for companies uncomfortable with out-
Use your IT Certifications
to accelerate your
degree online.
Microsoft, Sun, Oracle, Cisco, Comp TIA, SAS, PMI, GIAC
or (ISC)2 certifications could waive up to 25% of your fully
accredited bachelor’s degree.
Here’s what you can get from the online
degree programs offered at WGU:
—
“The best—
and cheapest—
er
college you’ve nev
heard of is found
only online”
08
e, November 17, 20
—TIME magazin
• Flexible ONLINE learning
• Up to 10 certifications built in at no extra cost
• Programs in Networks, Databases, Security,
Software and IT Management
Call Toll Free
800-918-4830
or visit us at www.wgu.edu/time9
WGU is honored to receive
the USDLA 21st Century
Award for Best Practices in
Distance Learning for 2008.
4/13/09
11:25 AM
Page 41
sourcing their data, a dedicated infrastructure or a decision
not to outsource confidential data might make sense.
A generous service-level agreement (SLA) in terms of
security is another way for companies to protect themselves. According to Wang, not every company gets into
the details of the SLA, but things like looking for guarantees against virus outbreaks, 95 percent availability and the
level of communication between a company’s infrastructure and the vendor’s are fine points worth considering.
Furthermore, additional applications on top of SSL
encryption indicate a higher level of security.
A growing interest in private cloud technologies is also
being spurred by these concerns, with Amazon.com Inc.
and Google leading the way. “I can build my own cloud for
my own use,” says Pescatore.
According to VMware’s Chu, a large number of the company’s customers are now deploying internal clouds. “We’re
seeing more and more of an internal cloud approach,” he
says. Many VMware customers consider an external cloud
solution but worry about compliance and management,
which leads them to develop an internal cloud, adds Chu.
Public cloud services rely on the Internet to connect to
the data center, a feature that’s also not always reliable.
Location, Location
While cloud computing involves outsourcing of data,
one of its trickiest aspects in terms of security is
often the inability to conduct a
physical site inspection of
A multi-tenant
where your company’s
architecture of one server
data will be stored. As
with multiple companies using it
John Pescatore, vice
president of Internet
is like timeshare resources.
security for Gartner Inc.,
Chenxi Wang, Principal Security Analyst,
Forrester Research Inc.
points out, the financial
appeal of cloud computing
generally means its data centers
will be in the cheapest places:
“Inevitably,” he says, “out of the country.”
Pescatore says Google Inc. ran into problems with
this issue because some companies want their data stored in
the United States, but Google stores its data in centers
placed all over the world. (Currently, Russia and China are
Pescatore notes that Salesforce.com had a denial-of-service
the most inexpensive places in which to operate data centers).
attack recently, which limited access to information. “For
The federal government, for instance, can’t use cloudcertain enterprises, like airline services, it’s not just about
computing services if privacy-related data is stored overseas.
protecting data but also about reliability,” he adds.
According to Pescatore, a client who was able to perform
Both security and reliability come into play with vendors
a site survey on a data center in India found that the
that use another cloud behind their service. “[The vendor]
servers were stored in an open office with no physical
might outsource to a third party, and a company needs to
security around them. The office also happened to be the
look at what their security policy is,” Forrester’s Wang says.
one space in the building that was air-conditioned, which
Pescatore agrees. “Processing elements and storage elemeant that numerous people were constantly in and out of
ments can be anywhere in the world,” he says. “It’s more
the area. Similarly, last year, undersea communications
complex, so it’s more vulnerable.”
cables in the Middle East were damaged, compromising
A Complicated Problem
Internet access for companies in the region.
The complexity promises to increase as companies look to
Google is now building capabilities to allow its cloudthe cloud for more and more of their computing needs.
based computing data to be stored in specified locations.
Chirapurath says that Microsoft’s response to this need is
“Companies may need to dictate where their data is
Azure’s platform and its security features: “Specifically, as
stored,” says Pescatore. But, he adds, “this will increase
organizations transition to a true S+S [Software plus
costs of cloud computing. Storing data in a more secure
Services, Microsoft’s version of SaaS] environment, having
location is more expensive.”
a single open identity model that seamlessly connects
But Pescatore notes that it will still work out to be more
cost-effective even with these requirements—requirements on-premises and cloud is critical to minimize the business
disruptions for customers, and enables user choice in the
that he believes most businesses will ultimately demand.
“
”
4/13/09
11:25 AM
Page 42
Cloud Security
use of their identities,” he explains. “Microsoft’s identity
model is based on a shared industry vision and architecture that’s built on standards for open interoperability.
The model is comprised of a collection of modular com-
strategy are open interoperability based on industry standards, choice of components including both Microsoft
and third-party offerings, and ease of use and adoption for
developers and their customers,” Chirapurath adds.
Chu says that for VMware, the future of cloud computing
lies with companies that have both internal and external
clouds and want connectivity between the two. VMware,
he notes, is in the process of developing integration
Companies may need to
to manage both internal and external clouds.
dictate where their data is stored …
“We see in the future companies will
have hybrid environments for their most
Storing data in a more secure location
critical, core applications, and they’ll
is more expensive.
leverage external clouds for testing
John Pescatore, VP of Internet Security,
specific projects,” Chu notes. “They’ll need
Gartner Inc.
connectivity and interoperability.”
They will, but as IBM’s Wilson notes, the security
business is a cocktail of different technologies, and
companies will have to decide how cloud computing will
suit their specific needs. “There’s risk inherent everywhere,”
ponents that customers can use together to enable user
adds Wilson. “But there’s always a risk-benefit tradeoff.”
access to applications for enterprise, federation and Web
Naomi Grossman ([email protected]) operates her
scenarios—both on-premises and cloud and using identiown writing and Web-content consulting firm.
ties from a number of sources. The key tenets of this
“
”
IT Skills – Prove You Know
Boson’s NetSim gives you the tools necessary to learn Cisco® networking by
creating, configuring and testing simulated networks from your laptop.
Learn to do – with NetSim.
ExSim-Max features the most technically accurate and well-written questions
available, and the detailed answer explanations help you learn along the way.
Take your next exam with confidence and pass. Guaranteed!*
Boson Training is unmatched. Our instructors are the best in the industry, we never
cancel classes and you never have to share equipment. When you’re ready
for the best Cisco®, networking and security training available, choose Boson.
877-333-EXAM
*see website for details
boson.com/red0509
CCNA® | CCNP® | CCENT™ | Network+ | A+ | Security+ | MCITP | MCTS
Project1
3/4/09
8:27 AM
Page 1
Your guides to Hyper-V.
G expert guidance from
Get
m
members of the Microsoft
H
Hyper-V team.
Sybex has Hyper-V
certification covered, too.
For more information about these
books, go to www.sybex.com/go/virtualization.
Sybex is a registered trademark of John Wiley & Sons, Inc. Hyper-V is a trademark of Microsoft Corporation.
™
Project10
1/13/09
1:19 PM
Page 1
Advertisement
Make the Move to
SQL with DELL
TM
U P G R
A
A
j
USABILITY
POWERSHELL
GAIN
RESOURCES
AVAILABILITY
DE
SQL Server 2008 is
easier to use and
manage. New policybased management
lets you configure a
single SQL instance
once and apply the
same policy to any
number of instances.
This means that all of
your SQL Servers will
be configured in the
same way. Configure
once, manage many
times—now that’s
compliance!
The new Windows
scripting language is
now integrated into SQL
Server providing a
powerful approach to
SQL automation.
PowerShell integration
includes support for
most management
functions as well as
security. Moving
forward, the SQL
command structure will
be replaced by
PowerShell—so now’s
the time to start
working with this new
command language.
Using Dell PowerEdge
servers running AMD
OpteronTM multi-core
processor technology,
you can obtain the
highest performance for
your updated SQL
servers. And, by using
the new Performance
Data Warehouse—a
new method for
gathering and storing
performance data—you
can ensure your
servers provide the
utmost throughput for
your applications.
Using the new Resource
Governor, you can
ensure that your Dell
PowerEdge servers
running AMD OpteronTM
multi-core processors
provide the right
amount of resources to
your business-critical
databases. Resource
Governor lets you
create up to 20
resource pools per
server. Use the right
pool to assign
resources to your
most critical data.
Ensure the highest levels
of availability with new
SQL Server failover
clustering features when
running on Windows
Server 2008. The new
Integrated Cluster
Installation provides a
simple, two-step process
for the creation of a
cluster: create the cluster
and then add a node.
Making your SQL
instances highly available
has been made simpler!
SQ
has
wit
Ser
Stu
now
for
and
ma
Inte
Act
Que
mo
eas
mu
qui
About Dell
Dell Inc. (NASDAQ: DELL) listens to customers and delivers innovative technology and services they trust and value. Uniquely enabled by its direct business model, Dell is a leading global
systems and services company and No. 34 on the Fortune 500. For more information, visit www.dell.com, or to communicate directly with Dell via a variety of online channels, go to
www.dell.com/conversations.
Project10
1/13/09
1:20 PM
Page 2
Advertisement
SQL Server® is Microsoft’s® enterprise relational database management system (RDBMS). SQL Server 2005
became the fastest growing database application in the industry according to research firm Gartner Inc. Now, Microsoft
adds to this momentum by building upon SQL Server 2005’s powerful feature set to deliver SQL Server 2008, an
integrated RDBMS that brings all data types—structured and unstructured—together for the first time and provides a
trusted, productive and intelligent enterprise data platform. As an IT professional, you can rely on this new database
engine to enable your applications to run better and faster while reducing your management overhead. And, by running
your new SQL Server 2008 database instances on energy-efficient DellTM PowerEdgeTM servers powered by multi-core
AMD OpteronTM processors, you’ll gain top-level performance. Ready to begin? Then use the following 10 reasons to
justify your move to SQL Server 2008 on DellTM PowerEdgeTM servers.
TY
vels
w
hen
w
a
cess
ster
able
er!
D E S Q
L
DELIVER
ENCRYPTION
SAVE
QUERY
LAUNCH
SQL Server management
has never been easier
with the updated SQL
Server Management
Studio (SSMS). SSMS
now includes support
for multi-server queries
and configuration
management,
IntelliSense, a new
Activity Monitor, new
Query Plans and much
more. This makes it
easier for you to manage
multiple SQL instances
quickly and effectively.
Your data is protected
while it’s located within
your premises, but it
may be at risk when it
leaves your sites.
Through Transparent
Data Encryption (TDE),
you can now protect
SQL data both onsite
and offsite. TDE protects
data contained within
.MDF, .NDF and .LDF files
so only authorized
personnel can access it
at any time.
SQL now saves
considerable amounts
of space through
real-time data
compression at the row
or page level. This
decreases I/O and
improves the scalability
of your databases.
While data compression
requires CPU cycles
during I/O operations,
you can be assured
that your Dell
PowerEdge servers
have the power when
needed.
New FILESTREAM and
spatial data formats in
SQL Server transform it
into a complete datamanagement solution.
Because of these new
formats, you can now
integrate both structured
and unstructured data
into one, single data
store. And, with
integrated search
capabilities, you can
locate any data at
any time.
Launch your upgrade
now! Dell PowerEdge
servers based on
multi-core AMD
OpteronTM processors
offer superior value and
performance for your
SQL applications. Find
out which Dell PowerEdge
servers are the best fit
for your SQL2008
applications at
DELL.COM/SQL2008.
DELL.COM/SQL2008
©2009 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof are trademarks of Advanced Micro Devices, Inc.
HyperTransport is a licensed trademark of the HyperTransport Technology Consortium. Microsoft and Windows are registered trademarks of Microsoft Corporation in the U.S. and/or
other jurisdictions. Other names are for informational purposes only and may be trademarks of their respective owners.
Project2
1/6/09
9:58 AM
Page 1
0509red_F2Mobile47-50.v7
4/13/09
6:43 PM
Page 47
Windows Mobile’s
New Moves
Facing strong competition
from Apple and Google,
Microsoft looks to re-tool
Windows Mobile for the
enterprise market.
By Paul Korzeniowski
T
he University of Kentucky’s IT department
operates like Switzerland: It’s vendorneutral and supports any platform its
users want or need to work with. This approach
has been applied right down to cell phones,
which are playing an increasingly vital role in
the university’s overall IT strategy. There are
5,000 staff and faculty members who currently
rely on their phones to access, manipulate and
share university data. Typically, they access
this information via mobile e-mail applications,
but more recently software vendors have been
adding support for mobile devices to their apps.
Over the course of 2008, Doyle Frisney, the university’s
CTO, saw a dramatic shift in users’ preferences. Many
rely on the BlackBerry, from Research In Motion (RIM)
Ltd., but interest in Apple’s iPhone has skyrocketed;
about 1,000 users now work with that device. “The faculty
members love the iPhone’s user interface,” explains Frisney.
As a result, the iPhone has surpassed Windows Mobilebased systems on campus.
As similar trends develop in other businesses, the
Microsoft mobile platform now finds itself at a critical
crossroads. The operating system had been making slow
and steady progress in the cell phone market. The
ILLUSTRATION BY MARK COLLINS
Microsoft offering trailed Symbian Software Ltd.’s platform among consumers and RIM among business users,
but was gradually climbing up the market-share ladder.
However, Apple Inc. has blunted that momentum and,
given the unveiling of Google’s Android platform, the
Microsoft device is now officially under siege.
“There’s definitely a lack of buzz right now with Windows
Mobile,” says Bill Hughes, principal analyst at market
research firm In-Stat. Microsoft unveiled Windows
Mobile 6.5 in February, and phones based on the updated
OS will be available in the second half of this year. However, the question remains: Will version 6.5 be too little,
too late to restore Windows Mobile’s lost momentum?
Smarter than the Average Phone
While cell phones have been largely a consumer device,
their more evolved brethren, dubbed smartphones, have
found their way into many enterprises. These devices
have more than enough memory to support business
applications. One need only look to RIM, which has built
a multi-billion dollar business by catering to the mobile
needs of corporate executives, to realize how many enterprises rely on these mobile devices. Underscoring their
growing influence, unit shipments of smartphones have
4/13/09
6:43 PM
Page 48
Windows Mobile
already shot past those of laptop computers, according to
In-Stat. In fact, the market-research firm expects worldwide smartphone revenue to grow at a heady 30 percent
compound annual growth rate for the next five years.
Because of its robust support of Microsoft’s Office suite
and its familiar Windows-like look and feel, Microsoft’s
Windows Mobile has become a key player in the smartphone market, with many businesses deploying the platform.
In-Stat determined that more than one out of every five
Windows Mobile devices finds its way onto corporate
networks. Microsoft has successfully used that pitch to
establish its product as the third-most-popular smartphone
operating system after Symbian, which has widespread
international appeal, and RIM’s BlackBerry line, among
business users.
That was until Apple came along and steamrolled
Windows Mobile. Market researcher Gartner Inc. found
that Apple’s success with the iPhone propelled the Mac
OS X past Windows Mobile for the first time during the
third quarter of 2008. In that period, iPhone sales
increased 320 percent from their 2007 numbers while
Windows Mobile sales decreased by 3 percent. One reason
for the dramatic change is that Apple did an excellent job
with its device’s user interface, according to some analysts.
“Apple wasn’t the first cell phone supplier to use a touchscreen, but it did the best job of making such a device
very easy to use,” In-Stat’s Hughes says.
Android Attacks
Apple isn’t the only vendor that Microsoft has to worry
about in the smartphone market. Competition from
Google Inc. has now crept over the horizon. Given the market’s mature status (smartphones have shipped in various
iterations for almost 10 years), Google has tried to differentiate itself from other suppliers in this highly competitive
space in a couple of ways. The Android handset is based
on the Linux OS (the natural enemy of Windows
Mobile). Google also took an open source approach to
building its ecosystem, while cell phone suppliers have
traditionally relied on proprietary approaches.
As a result, the Google device seems to be gaining traction.
In September 2008, T-Mobile International AG launched
the world’s first Android mobile phone. The T-Mobile
G1 features touchscreen functionality, a QWERTY keyboard for easy data input and integration with Google
desktop applications, such as Gmail, Google Maps Street
View and YouTube. The initial response to the new product
has been positive. HTC Corp., which is manufacturing
Google’s handsets, increased its Android production projections by 50 percent. By the end of 2008, HTC expected
to ship about 1 million G1 handsets, up from 667,000,
projected just a few months before the device’s launch.
In addition, cellular network carriers are showing interest
in the Android. They think Google may help them solve
a long-standing problem: a slow ramp up in mobile
This Makes You
Look Better.
Introducing DataParts, Data Visualization
Tools For SharePoint 2007
DataParts is a powerful new way to add interactive
business intelligence to SharePoint portals. With
DataParts, visualizing and analyzing data becomes
remarkably easy – and code free. DataParts includes
our complete suite of advanced lists, card views,
charts, digital panels and gauges as web parts that
can be easily configured in just minutes for the type
of data desired.
WSS 3.0 and
MOSS 2007
Visit SoftwareFX.com for free trial versions, interactive
demos and more information about our latest products.
SharePoint is a trademark or a registered trademark of Microsoft Corporation. DataParts is a registered trademark of Software FX, Inc. Other names are trademarks or registered trademarks of their respective owners.
4/13/09
6:43 PM
Page 49
advertising. “Carriers aren’t realizing much money now
from mobile advertising,” says Alex Winogradoff,
research vice president at Gartner. Many carriers expect
Google to translate its advertising success from the Internet
to the mobile market. Consequently, the vendor has been
garnering support from various third parties. In December,
14 companies, including Atheros Communications Inc.,
Huawei Technologies Co. Ltd., Softbank Mobile Corp.,
Sony Ericsson Mobile Communications AB, Toshiba Corp.
and Vodafone, committed to supporting the Android.
Google has also been trying to help third parties quickly
build viable businesses. When Android supporters sell
software, Google doesn’t take a percentage of the
revenue. In contrast, Apple takes 30 percent for any
application sold in its store. Google was even rewarding
developers with cold, hard cash for building unique applications. The company donated $10 million for various
competitions and has awarded developers with amounts
ranging from $25,000 to $250,000 for developing innovative Android add-ons.
“Apple wasn’t the first cell phone supplier to use a touchscreen, but it
did the best job of making such a device very easy to use.”
Bill Hughes, Principal Analyst, In-Stat
One reason Android has gained momentum is its open
source approach. Unlike Apple and Microsoft, which
have tried to keep tight reigns on third-party app development, Google flung its development doors open and
encouraged developers to create as many diverse applications as possible for Android. Google helped foster the
Open Handset Alliance, an open source community
developing Android add-ons. Developers don’t need to
get Android apps certified by anyone, nor are there any
hidden APIs. In most cases, handset vendors make their
APIs accessible only to mobile operators.
Following Google’s initial success, the open source
movement seems to be gaining traction in the mobile
handset space. Since its inception in 1998, the Symbian OS
had been closed, but it’s now moving to embrace an Androidlike model. In June 2008, Symbian’s board of directors
voted to launch the Symbian Foundation, which is intended
to transform the mobile operating system into an open
source system. Initial supporters included AT&T Inc., LG
Electronics, Motorola Inc., Nokia, NTT DOCOMO Inc.,
Samsung Electronics, Sony Ericsson, STMicroelectronics,
Texas Instruments Inc. and Vodafone.
This Makes Your
Life Easier.
Introducing VTC, The Virtual Training Center
For SharePoint 2007
With VTC, IT and help desk personnel will no longer be
overloaded with SharePoint questions and training tasks.
VTC delivers a complete program of expertly produced,
self-paced tutorial modules designed to empower every
user and maximize the value of every SharePoint feature.
VTC installs in minutes on your server – providing instant
on-demand access for everyone in your organization.
Data visualization for every need, every platform
4/13/09
6:43 PM
Page 50
Windows Mobile
To make the transition, ownership of the mobile operating
system entity (which had been shared among its supporters)
had to change. In December 2008, Nokia, which had
always held a dominant position, acquired all of the outstanding shares of Symbian. These changes have attracted
additional supporters. In October 2008, 12 new backers,
including Fujisoft Inc., Huawei and Visa Inc., threw their
weight behind the Symbian OS.
Redmond’s Enterprise Play
The emergence of the iPhone and Android, as well as
acceptance of open source initiatives, stalled Windows
Mobile’s momentum in 2008. However, Microsoft still
has some chips it’s playing in 2009 that could help its
product regain its lost luster. Many handset suppliers are
looking to the business market to drive sales for a couple
of reasons. One is that smartphones’ high prices—starting
at $200 and going up and beyond the $700 mark—are
often too high for consumers. Also, the increased functionality found with these devices makes it more likely
that they can support business apps. Traditionally, they
lacked sufficient memory and the intuitive interfaces
needed for use by executives, but that’s no longer the
case. This shift plays to Microsoft’s strengths. “Microsoft
is much more focused—and much more in tune with—the
enterprise market than the consumer segment,” In-Stat’s
Hughes says. In comparison, the iPhone has been largely
a consumer device, with only about one out of every 10
iPhones being used by executives, according to In-Stat.
Business users have special needs. While Apple and
Google have created a buzz with their new cell phones,
there are questions about how well their respective products
operate in the corporate space. “Security on new devices is
often an open question—especially for enterprise users,”
says Neil Strother, an analyst with Forrester Research Inc.
Google has already encountered problems with Android’s
security. The device originally included a back door where
anything a user wrote could be viewed as a system command,
essentially providing hackers with entry to the system’s internal
features. (The problem can be easily illustrated. In any text
entry box—even on a Web page or in the address book—a
person can hit the Enter key, type “reboot” and hit Enter
again; the handset will then suddenly restart the OS. Commands executed like this run as root users, with complete
access to all of the system’s controls. This flaw lets hackers
reprogram devices and complete their dirty work.) After the
problem was discovered in November 2008, Google issued
a fix, but the slip-up underscored the company’s fledgling
status in the cell phone market. This has done little to
encourage enterprises to rely on Google’s new system.
Windows Mobile Weaves a Web
Traditionally, Microsoft has fared well in building software
ecosystems. Recently, however, it has found itself following
rather than leading developments in the mobile handset
space. One problem is that the company has lacked a com50 | May 2009 | Redmond | Redmondmag.com |
pact, fully featured, standards-compliant Web interface.
The company plans to address those issues with a new
release, Windows Mobile 7.0, but according to multiple
press reports that update is not expected to arrive until
2010. The new operating system is expected to include a
more robust Web browser, an improved user interface and
support for more third-party products.
Version 7.0 is expected to feature Internet Explorer
Mobile 6, the latest version of Microsoft’s mobile Web
browser. This latest browser is expected to run on handheld
devices that have at least 128MB of RAM and a 400MHz
processor. Rather than being sold as a separate product, the
browser will be integrated with the Windows Mobile 7.0
OS. The new browser is also expected to include several
new features. Traditionally, mobile handsets have lacked suf-
“Microsoft is much more focused—
and much more in tune with—the
enterprise market than the
consumer segment.”
Bill Hughes, Principal Analyst, In-Stat
ficient processing power to support full-function browsers.
But this time, Internet Explorer Mobile is expected to
include a full HTML engine. A dual-mode feature will let
users switch between full HTML browsing and browsing of
Web site content specifically designed for mobile devices.
The popularity of Apple’s iPhone has led to a change in
user interfaces. “Every vendor needs to offer touchscreen
capabilities,” Forrester’s Strother notes, and Microsoft is no
exception. Its new mobile OS will include touch features,
including support for panning, Web search integrated with
the browser’s address bar and multiple levels of zooming.
Windows Mobile 7.0 will also be better able to work with
other vendors’ applications. The device is expected to support Adobe’s Flash Lite 3.1, a mobile version of its Flash
runtime engine that’s widely used by Web sites to display
interactive and video content. It’s also expected to work
with AJAX and XML and JScript 5.7, so third parties can
design interactive, mobile apps.
So while Microsoft has made attempts to consistently
improve Windows Mobile, upcoming improvements take
on more significance than those of the past. If Redmond
can’t leverage these improvements to regenerate some of
the buzz it had around Windows Mobile, and if the
iPhone and Android continue to nick away at its market
share, its status may be relegated to that of a second-tier
product in a strategically important enterprise market.
Paul Korzeniowski ([email protected]) is a freelance writer
who has been writing about networking issues for two decades.
His work has appeared in Business 2.0, Entrepreneur,
Investors Business Daily, Newsweek and Information
Week. He’s based in Sudbury, Mass.
Project5
4/2/09
11:06 AM
Page 1
0409red_QuestSoftwareFP_final
3/6/09
2:39 PM
Page 1
ADVERTORIAL
Auditing with Microsoft Audit
Collection Services (ACS) and
Quest Software
Better Together: Auditing with
Microsoft Audit Collection Services
(ACS) and Quest Software
Microsoft Audit Collection Services:
How Does It Stack up as a Security
Log Solution?
Microsoft ACS is a powerful component of Systems Center
Operations Manager 2007. But did you know you can
complement Microsoft’s solution for extensive reporting
and auditing across your entire IT infrastructure? Learn
how—read this new Quest white paper.
Intensive Abstract: Got Questions
About Microsoft ACS?
Auditing and reporting for the Microsoft platform is one of
the most critical aspects of security across the enterprise.
In this new white paper, learn more about the importance
of auditing and internal security policies and see how to
amplify your Microsoft investments with Quest solutions to
get more power, flexibility and savings.
You’ll get an introduction to ACS, and how it relates to
other features in SCOM 2007. Learn about the ACS forwarder/
collector model, the ACS database designed for high data
volumes and the ACS gaps as a log management solution
(and the valuable freeware solution that helps to overcome
those limitations).
Read the white paper today:
Then listen in as Brian Hymer, Quest Solutions Architect,
demonstrates how Quest’s solutions seamlessly integrate
with ACS and extend its functionality to help you get more
from your investment!
Redmondmag.com/showcase/quest/8
In this on-demand webcast, Quest and Randy Franklin
Smith explore the ACS component to System Center
Operations Manager (SCOM) 2007.
To view the webcast, go to:
Redmondmag.com/showcase/quest/10
Project1
4/13/09
3:56 PM
Page 1
ADVERTISEMENT
Big Brother Is Watching—
and It’s a Good Thing
Powerful, Easy-to-Use, Low-Cost Network Monitoring
Big Brother Professional Edition is a simple
way to measure the health of your network at a
glance. It’s the affordable web-based solution
for network monitoring and diagnostics.
Monitor any server, any device, on any network
in real time—from any web browser—
anywhere in the world. You simply follow the
“red light” to detect, diagnose and resolve any
issues. It’s that easy.
• High-end monitoring—monitor any server,
any device, on any network within minutes
• Custom business dashboards—build
on-the-fly dashboards through a Flash GUI
that can be changed to accommodate
your unique, fast-paced environment
• Interoperable with latest and greatest
technologies such as Windows Server
2008, iPhone and more
• Active user community—leverage more
than 1,000+ FREE monitoring plug-ins
• Affordable expertise available to you—
detect, diagnose and resolve potential
issues before they impact your IT service
delivery
Read the white paper, “Big Brother Is Watching—
and It’s a Good Thing” by Don Jones at:
www.Redmondmag.com/showcase/
BigBrother
30 Day Free Trial—Take 30 days to try out the
newest version of Big Brother Professional and
let us know what you think. www.BB4.com
0509red_F2SQLperf54-57.v6
4/13/09
11:40 AM
Page 54
By Joshua Jones and Don Bergal
Wait-time analysis can
help improve performance
by focusing on how long
applications take to
respond to queries.
ave you ever had the feeling that your
application was slowed down by SQL Server,
but didn’t know how to fix the problem?
SQL Server performance management is usually reactive
and focused on server health. Database administrators
(DBAs) respond to trouble rather than avoiding it in the
first place. And visibility is largely restricted to watching
the database server, rather than understanding how SQL
Server directly affects application users.
Wait-time analysis, a method of improving the service
and performance of SQL Server databases, changes all
this. Rather than monitoring system health, wait-time
analysis focuses on the time the application spends waiting
on queries being processed by SQL Server. The result is
an analysis technique that can quickly answer the key questions: Why is my database causing application users to
wait, and what can be done?
The wait-time approach to analysis is now practical due
to lightweight monitoring techniques and agentless architectures. It takes advantage of new instrumentation in SQL
Server to expose wait types, the individual steps that accumulate delays as SQL Server processes queries.
Do More with Less
For the IT organization, the results of using wait-time
analysis are reduced cost of database operation and
improved IT service. DBAs can do more with fewer servers.
Migrations from SQL Server 2000 to 2005 to 2008 become
quicker, and development cycles are shortened. For IT
groups tasked with providing better service with fewer
resources, wait-time analysis is a cost-effective answer.
DBAs are often in a tough spot. They’re accountable for
database response to application users, but they have no
visibility into why the database is slow. Often the issue is
not in their database at all, but stems from the application
code, the network or the system architecture. To get
application code changed, DBAs must bring evidence to
developers, who meanwhile are suspicious, because to
them, the database is a poorly understood black box. “Just
get a faster server!” developers say. Wrong.
Those problems are a symptom of relying on old server
health-monitoring techniques to truly understand what’s
happening inside SQL Server.
Wait-Time Analysis Explained
Effective wait-time analysis is more complex than just
looking at a snapshot of wait-type data. To be effective in
generating usable information from the mass of obscure
data points, it must take advantage of techniques proven in
business intelligence scenarios. Key concepts include:
• Measure Time, Don’t Count Operations. For the
application user, the number of I/O operations or logical reads
means nothing. All that counts is how long the app takes to
respond. To optimize for this user perspective, focus on time
taken in the database. Wait types are a method of doing this.
• Focus on Queries. The key is measuring at the level
of SQL queries and individual sessions. Tools that measure
wait across an entire instance or database without breaking
it down further do not give actionable information.
• Continuous Capture. Keep your eyes open all the
time. By watching all sessions, all of the time, the DBA can
capture the occurrence of any problem. When a user calls
Project3
4/3/09
3:35 PM
Page 1
SQL SERVER
Sleuth?
SQL diagnostic managerTM
INVESTIGATES:
Table fragmentation
Blocked processes
Resource contention
Poorly performing
SQL queries
CASE SOLVED.
www.idera.com/Sleuth
Elementary, my dear Watson...
SQL Server detective work is easy with SQL diagnostic manager!
Let SQL diagnostic manager track down your SQL Server performance offenders!
TRY IT NOW!
With SQL diagnostic manager, DBAs can quickly sniff out performance problems
DOWNLOAD FOR FREE:
BEFORE they become a crime!
IDERA.COM/SLEUTH
With over 100,000 SQL Servers monitored worldwide, Idera leads the market in SQL Server performance and diagnostics solutions.
Our products are easy to use and low-impact. What’s more, you’ll be up and running in minutes! www.idera.com
4/13/09
11:40 AM
Page 56
asking for help on a slow application, the data must be
already available. Systems that depend on tracing intermittently will miss problems when they occur.
• Historical View. To know what to fix, DBAs must
look at trends and changes in the database, not just
instantaneous results. Effective wait-time analysis takes a
historical view to compare current wait-type statistics
with past statistics in order to see what’s different that
could be the source of a new problem.
SQL Server Wait Types
Awareness of SQL Server wait types is the first step in
understanding the method. Any statement running against
a SQL Server will experience some form of wait as SQL
Server accesses resources in order for the statement to
complete. A request will wait for data to be retrieved, written
to disk or for an entry to be written to the SQL Server log.
You’ll notice when watching an instance closely that it
experiences a number of waits throughout a given time
period. When waits become chronic or excessive, you may
begin to see a performance problem.
Awareness of SQL
Server wait types
is the first step in
understanding
wait-time analysis.
Common Wait Types
SQL Server records information about the type and duration of the waits that a process experiences. While there are
more than 100 different wait types in SQL Server, you will
likely only ever encounter a handful of these as problems.
Any wait type beginning with “LCK_” means that a task was
waiting to acquire a lock. For example, a wait type of
LCK_M_IX means the process was waiting to acquire an
Intent Exclusive lock. More than 20 of the wait types are
lock waits, which is fitting because most work being performed in SQL Server requires some sort of lock. The next
most common lock types are ASYNC_IO_COMPLETION and ASYNC_NETWORK_IO. The first means a
process was waiting for an I/O operation to complete. The
second means that a task is waiting for I/O to complete over
the network. Finally, keep an eye out for the CXPACKET
wait state. This occurs when a process is trying to synchronize the query processor exchange iterator. This can indicate
an issue with a server’s parallelism setting. Spending time
figuring out what all the potential wait states are can be
time consuming. On average, about 20 of the potential
wait states show up in 80 percent of problems. After doing
wait-time analysis for a while, you’ll get used to seeing
certain wait types, including the ones looked at here.
Capturing Wait-Type Data
SQL Server has offered views of wait types for quite some
time now, but unfortunately, those views have been vague
and—for the most part—unhelpful. Starting in SQL Server
7.0 and 2000, DBAs could use Enterprise Manager (EM) to
view wait types. The problem was that all EM provided was
the name of the wait type and the length of time a given
process had been waiting. When SQL Server Management
Studio was introduced with SQL Server 2005, the views of
active queries and sessions remained similar. Again, DBAs
were given a wait type and duration, but not much else.
The bottom line is that wait states that your processes are
currently experiencing just aren’t that helpful, and that’s all
you can really get using the standard tools.
Currently, one of the best ways to look at wait statistics in
SQL Server is by using the dynamic management views
(DMVs) that pertain to wait statistics. If you’re still running on SQL Server 2000 or older, you’re out of luck
because DMVs were new to SQL Server 2005. The most
pertinent DMVs for looking at wait statistics are
sys.dm_exec_requests, sys.dm_exec_query_stats and
sys.dm_os_wait_stats. (Note that the DMVs provide a
snapshot of the counters, so to make them useful, you need
to poll and calculate deltas.)
• sys.dm_exec_requests: This DMV offers information about each request that’s an execution on a given SQL
Server. When looking at wait states, you care about only a
few of the columns that this view provides; specifically
sql_handle, wait_type, wait_time, last_wait_type and
wait_resource. These columns provide information about the
statement being executed and the request’s current wait state.
• sys.dm_exec_query_stats: This view returns aggregate performance statistics for cached queries. By using the
sql_handle detail from sys.dm_exec_requests to join to a
row in this view, you can start to get a picture of how often
the waits you see might be occurring. Keep in mind that this
view doesn’t give more wait detail—everything here is just
an aggregated statistic for a given sql_handle.
• sys.dm_os_wait_stats: This view provides an
aggregate picture of all wait states on a SQL Server. It provides a list of all the different waits states and detail about
tasks in that state, including how many tasks are waiting in
each state, the total wait time for the state and the average
wait time. This detail is good for a big picture, or to get a
quick idea of the types of waits occurring, but most of the
real diagnostics and tuning will occur at a statement level.
Problem-Resolution Scenarios
In order to understand how wait-time analysis can help
DBAs accomplish everyday problem resolution, here are a
few scenarios to consider.
Scenario 1: Identifying the Problem Query
One of the most frustrating problems a DBA faces is the
“problem query” (see Figure 1, p. 57). Often, this is a
query that a developer has identified as a particularly slowrunning query. DBAs will usually hear that the query “ran
4/13/09
11:40 AM
Page 57
fine in development” or “has been running fine for several
weeks.” Other times, repeated complaints of performance
problems will lead DBAs to begin looking for the problem
query in an attempt to increase performance.
In either case, the traditional methods of researching the
problem usually involve opening several tools, such as
SQL Server Profiler and Windows Performance Monitor,
Figure 1. Example of a problem SQL query “Get State”
exposed with excessive wait time.
waiting for the process that’s waiting for the original
process, and so on. The resolution to this is to find the
“head” of the chain. Once the wait type of the head of the
chain has been identified and resolved, the rest of the
blocking chain should be freed up.
Scenario 3: Finding Hardware Bottlenecks
Identifying hardware resource bottlenecks may be the
most complicated scenario. While there are a number of
symptoms that can point to a bottleneck, there’s almost no
other way to identify a hardware problem other than using
wait-type analysis.
In this case, the key is to look for wait types related to
either the disk subsystem (such as the PAGELATCHIO_*
wait types), the CPU (CXPACKET, for example) or the
general memory system (RESOURCE_* wait types).
These wait types, when experienced for more than a few
seconds, generally point to hardware problems.
For example, assume there’s a query that usually runs for
about 20 minutes and uses three table joins to determine
the updates for a fourth table. The developer has provided
feedback that the query has started randomly taking more
than of four hours; there’s no discernable pattern to when
the query runs fast versus when it runs slow. A DBA can
and trying to capture real-time problems. Specifically, most
DBAs are looking at the queries that have high durations,
high numbers of reads and/or writes, and queries that are
being rerun frequently.
In all of the cases, however, the base numbers can be
misleading. For example, queries that are being rerun
frequently but very quickly may or may not be causing a
bottleneck. If the base query runs quickly and efficiently,
with very low wait times, there probably isn’t a problem. If,
however, the given query is constantly experiencing the
same wait type, such as ASYNC_IO_COMPLETION,
there may be a bottleneck. Determining the difference is
what wait-type analysis is all about.
Scenario 2: Resolving Locking Problems
SQL Server locking is often a very confusing subject.
However, using wait-type analysis, figuring out what locks
are being acquired and how those locks may be blocking
other processes is much easier.
Throughout the day, most SQL Servers will experience
split-second locking and blocking conditions. Only when
these locks result in long-term blocking is there a problem.
Wait types that list locking types, such as LCK_M_SCH_M
(which is a schema-modification lock), identify exactly
what the process is waiting for (see Figure 2). In the case
illustrated in Figure 2, a process waiting for the lock needs
to actually modify the schema of the table or view, and
therefore has to wait for any preceding processes that are
inserting, updating or deleting data to finish.
Another potential problem is the natural extension of a
single blocking process: the blocking chain. Once one
process is waiting for a resource and is blocking another
process, it’s very likely that another process will end up
Figure 2. LCK_M_U wait, shown by the blue bar, causes the
most wait time for Get State.
identify what wait type is occurring most frequently for that
query, and what the duration is for each wait type during its
run. If the wait type falls into one of the hardware-related
categories, it’s time to look at other queries on the system
that are experiencing greater-than-expected durations in
similar wait types.
Joshua Jones is a database systems consultant with Consortio
Services LLC in Colorado Springs, Colo. He provides training,
administration, analysis and design support for customers utilizing
SQL Server 2000, 2005 and 2008. Jones speaks at numerous
events about SQL Server topics, and is co-author of “A Developer’s
Guide to Data Modeling for SQL Server” (Addison-Wesley, 2008).
Don Bergal is the COO at Confio Software in Boulder, Colo.
For the past five years he and his team have helped customers
improve the performance of thousands of databases, as well as
developed the Ignite Performance Intelligence methods of waittime analysis.
Project2
4/13/09
8:50 AM
Page 1
Las Vegas • June 8-11
The Venetian Resort Hotel Casino
Post event workshop on June 11
VSLive! Returns to Las Vegas
Attend the educational conference created by developers with
deep coverage of existing and new technologies that you can
use on the job today. Join your fellow developers for:
Over 45 sessions on WFP, WCF, LINQ, ASP.NET, Oslo, Azure, Team Foundation
Server and more
Cutting edge techniques needed to solve today’s development challenges
Independent, real world information provided by industry experts
Face to face time with speakers to ask your toughest questions
Visit http://vslive.com/09lv to view
the complete agenda and register.
Early Bird registration has been extended to May 22nd.
Save up to $300 AND get a $50 Venetian gaming credit.*
Use priority code NQ9V05
Take
advantage
of our $99
hotel room
rate
* Venetian gaming credit of $50 available to the first 200
VSLive! registrants who book 2 or more nights at the Venetian.
09VSL_LV_RED.indd 2
4/10/09 5:25:35 PM
09VSL_LV
Project2
4/13/09
8:51 AM
Page 2
1
no
11
s
5:25:35 PM
Conference Day 1 • Monday, June 8
KEYNOTE: Building Amazing Business Centric Applications with Microsoft Silverlight 3
Brad Abrams Product Unit Manager of the Application Framework Team, Microsoft Corporation
ASP.NET
WPF
WCF
VM1 • Build Blazingly Fast ASP.NET Apps with 100%
Clientside UI ExtJS - Peter Kellner
VM2 • Build a WPF Application in an Hour
- Kenneth Getz
VM3 • Understanding Transactions in WCF
- Michiel van Otegem
VM4 • Introduction to the ASP.Net MVC Framework
- Gus Emery
VM5 • Silverlight Design for Developers - Bill Wolff
VM6 • WCF Extensibility In-Depth - Jesus Rodriguez
VM7 • ‘Real World’ ASP.Net MVC in 75 Minutes!
- Gus Emery
VM8 • XAML Crash Course - Billy Hollis
VM9 • Advanced Access Control with WCF
- Michiel van Otegem
VM10 • Building High performance ASP.NET web
applications - Peter Kellner
VM11 • Silverlight Data Access Methods - Bill Wolff
VM12 • WCF-WF Integration In-Depth with an Eye
Towards Dublin - Jesus Rodriguez
VM13 • Implementing Caching Technology as One
Rung of the Scalability Ladder - Josef Finsel
VM14 • Deep Dive on the WPF/Silverlight Control Set
- Billy Hollis
VM15 • Windows Workflow and WCF Help Make
“Software + Services” a Reality - Michael Stiefel
Lunch
Welcome Reception
Conference Day 2 • Tuesday, June 9
KEYNOTE: TFS 2010
.NET
LINQ
Agile/Design
VT1 • Essential C# 4.0 - Mark Michaelis
VT2 • Moving from LINQ to SQL to the Entity
Framework - Jim Wooley
VT3 • How to Partition and Layer a Software
Application - Michael Stiefel
VT4 • Writing Better Code: Using Visual Studio to
Improve Your Code Base - Jason Bock
VT5 • Investigating LINQ to XML - Kenneth Getz
VT6 • Design Patterns for Mere Mortals
- Philip Japikse
Birds-of-a-Feather Lunch
VT7 • Practical Parallelism - Rockford Lhotka
VT8 • Leveling the LINQ to XML Playing Field with
LINQ to XSD - Leonard Lobel
VT9 • Beyond Basic Unit Testing: Mocks, Stubs,
User Interfaces, and Refactoring for Testability
- Benjamin Day
VT10 • Exceptional Development: Dealing with
Exceptions in .NET - Jason Bock
VT11 • Super-Optimized Microsoft LINQ:
Indexed Objects - Aaron Erickson
VT12 • Achieving Balance - Rockford Lhotka
VT13 • Self-Writing Programs - Using the Expressions
namespace in C# to “Write Code that Writes Code”
- Aaron Erickson
VT14 • LINQ Kinq for the DBA Guy - Jim Wooley
VT15 • Advanced Test Driven Development
- Philip Japikse
Conference Day 3 • Wednesday, June 10
Oslo
Azure
TFS
VW1 • Introduction to OSLO - Jon Flanders
VW2 • Windows Azure: A New Era of Cloud
Computing - Aaron Skonnard
VW3 • Get More Out of Team Build 2008
- Brian Randell
VW4 • Codename “Dublin”: Windows Application
Server - Aaron Skonnard
VW5 • Windows Azure:
Is the Relational Database Dead? - Benjamin Day
VW6 • Supporting Scrum with VSTS 2008
- David Starr
GS • Software as a Service with WPF: A Case Study - Billy Hollis
Lunch
VW7 • Building Textual DSLs with Oslo
- Mark Michaelis
VW8 • How to Work with Data in the Cloud:
Azure Table Storage Introduction - Josef Finsel
VW9 • Customizing Team System Projects
- Brian Randell
VW10 • M in Depth: The Underpinnings of Oslo
- Jon Flanders
VW11 • Windows Azure, an Enterprise Solution?
- Jerry Sevier
VW12 • Agile Test Management in VSTS 2008
- David Starr
Post-Conference Workshops • Thursday, June 11
VPC1 • A Day of Windows Azure - Aaron Skonnard
VPC2 • SQL Server 2008 for Developers
- Leonard Lobel
VPC3 • Build Distributed Apps in .NET 3.5 SP1
- Rockford Lhotka
Should a speaker be unable to attend; all efforts will be made to replace the speaker/session with one of comparable value.
09VSL_LV_RED.indd 3
4/10/09 5:25:37 PM
0509red_NeverAgain60.v6
4/13/09
1:14 PM
NEVER
AGAIN
Page 60
By Ed Mahlum
When IT Meets Legal
L
egal discovery can be a unique challenge for IT
managers, and the following is my cautionary tale. I
had been working as an IT manager for a midsize
company for five years and was blessed with a good
manager who got me what I requested.
Most emergencies were non-events.
I was making progress on a server
upgrade one day when my manager
came in with the company attorney. My
manager explained that our attorney
needed my help and then left us alone
in my office. The attorney handed me a
printed list of 11 words and proper
names, and asked me to read a court
order. When I finished, she explained
that our company was the plaintiff in a
lawsuit and we had a week to turn over
all relevant information from the last two
years containing the words on the list.
I began to brainstorm on how I could
possibly accomplish
the task. It was
going to be
very timeconsuming.
I’d need to
enlist the help
of the managers.
Beginning
the Process
My manager arranged a meeting with
the eight department managers and
our attorney accompanied me directly
to the meeting. At that meeting, I
explained that from two administrative
servers and six workstations I could
begin the discovery process of looking
What’s Your Worst IT Nightmare?
E-mail your story to Katrina Carrasco
at [email protected].
for documents on all our computers. I
emphasized that all systems would need
to be left on until the search was done. I
would then print out lists of files in
which the discovery words were found,
organized by department. The managers would access each file on their list
and print it if it was relevant. IT would
scan those files, burn them to CDs, and
give them all to our attorney.
Within an hour, I began searching all
machines using Windows XP search,
ensuring I turned on the option to
search all file types. One programmer
created a program to take the files that
were a “hit” and move their
path into a database
to add flexibility
for creating the
manager’s lists.
In two days, I
delivered the
printouts to the
managers. Another
two days after that,
the managers had printed
their documents, and IT had
scanned and burned the CDs, and
delivered everything to our attorney.
Search Breakdown
Six months later, my manager and our
attorney came into my office. The
defendants had an e-mail document
pertinent to the case generated by us
that we hadn’t found in our discovery.
The defendants and judge were not
happy. They were concerned about
what else may have been missed and
whether our company was being completely forthcoming. We were then
ordered to do another search.
In IT, I was accustomed to explaining
obscure problems and solutions, but
those instances now seemed easy compared to explaining the many ways
there could’ve been a breakdown in the
search process. Eventually I was
deposed to explain why our discovery
had not been complete. The possibilities seemed endless.
When I found out which document
my search had missed, I immediately
knew who created it and what had happened. An interim manager had used a
personal, non-company e-mail account
to send the file. I was chagrined, but my
manager and attorney understood.
Enforcing Policies
If you’re ever involved in legal discovery,
be prepared to show that your company
uses a system for document retention,
has policies for document retention and
does its best to enforce those policies.
You might also use a Group Policy to
turn off thumb drives and provide
computers without CDs or floppy
drives, or limit access to the Internet.
Check network traffic for the use of
non-approved e-mail systems. Use a
search program specifically designed
for legal discovery. Do two separate
searches conducted by two different
employees to make sure they both find
the same files. Lastly, be prepared to
be deposed.—
Ed Mahlum has spent 28 years in IT and
is the owner of Computer Security Services,
a consulting firm focusing on compliance for
identity theft, HIPAA and the Department
of Homeland Security.
ILLUSTRATION BY MARK COLLINS
Project1
4/10/07
10:01 AM
Page 1
0509red_Roboto62.v3
4/13/09
1:14 PM
Page 62
Mr. Roboto
Automation for the Harried Administrator | by Jeffery Hicks
Group Therapy
B
ased on the forum messages I see, it appears that
keeping tabs on local group membership is a neverending task. Mr. Roboto has offered a variety of
solutions in the past, but I think there’s room for at least one
more. This month, I have a Windows PowerShell script that
creates a graphical interface, which allows you to peek at the
members of a group on a local desktop or member server.
Download the script, which is called
Display-LocalGroupMember.ps1, from
jdhitsolutions.com/scripts. I created the
form elements from the freely available
PrimalForms from Sapien Technologies. The form file is included in case
you want to modify it. The .ZIP file
will also contain a .PNG file. Put the
script and graphic in the same folder.
There’s nothing special about the
graphic other than the fact that it adds
a little color. You may want to substitute a graphic of your own, such as a
company logo. Keep any new graphics
the same dimension to avoid having to
redesign the form.
Running the Script
To run the script, you must have
administrator privileges on any remote
computer you plan on querying. The
script uses Active Directory Services
Interfaces (ADSI), so you’ll need
remote procedure call (RPC) connectivity between your computer and
remote computers. Open a PowerShell
prompt and enter the full script name:
PS C:\ c:\scripts\display-local
groupmember.ps1
A Windows form will be displayed
and your PowerShell session will be
blocked until you close the form, thus
ending the script.
The interface is simple and intuitive.
Enter a computer name, click a button
to retrieve local groups, select a local
group from the drop-down list and see
the group members. The form defaults
to the local computer. To see how it
works, select Administrators from the
drop-down list. Group members will be
retrieved and displayed in the data grid.
You can resize the columns and form,
but unfortunately the data grid view
control doesn’t support sorting by
clicking a column heading. Let me
explain what you’ll see.
The Name property is self-explanatory.
The ADSPath is a path to the member
object. If you see the computer name in
the path, it’s most likely a local account.
Otherwise you should see your domain
name in the path, indicating a domain
account. There are also columns to
display the domain name and whether
or not the account is local. The last
property you’ll see is the object class,
indicating whether the member is a
user or another group.
Roboto on Demand
What Windows admin task would
you like Mr. Roboto to automate
next? Send your suggestions to
[email protected].
To check another computer, enter a
computer name and click the Get
Groups button. If a machine can’t be
reached, a message will be displayed
in the status bar. If a group has no
members, that, too, will be displayed
in the status bar.
Using the Script
The script is intended to give you a
quick check into local group membership. It’s not a complete management
tool, although you could certainly build
one using my script as a starting point.
The form has no printing or exporting
functionality, though I might add that
in at some point.
The script will run on PowerShell 1.0
or PowerShell 2.0 community technology preview 3. I’ve been able to
successfully query just about all remote
operating systems with the exception of
the Windows 7 beta. The script runs
fine locally on Windows 7, and I can
query remote machines from Windows
7, but remotely querying a Windows 7
box fails. I’m going to let it be for now
because we’re still talking about a beta
operating system.
As with most Mr. Roboto tools, there
are plenty of areas for improvement
and enhancement. If you make any, I
hope you’ll share your changes with the
PowerShell community. If you need
assistance, please join me in the forums
at ScriptingAnswers.com.
Jeffery Hicks ([email protected]),
MCSE, MCSA, MCT, is a Microsoft
PowerShell MVP and Scripting Guru for
Sapien Technologies Inc. A 17-year IT veteran
specializing in admin scripting and automation,
Hicks is an active blogger, author, trainer
and conference presenter. His latest book is
“Managing Active Directory with Windows
PowerShell: TFM” (Sapien Press, 2008).
Project1
4/14/09
10:20 AM
Page 1
Windows Vista
Windows Mobile
and Pocket PC
Companies are downsizing and IT departments are expected to do more with less. Less manpower,
less resources, less budget. But with these reductions comes a surge of IT job demands for the
skeleton support crew.
NetSupport Manager remote control software can give IT professionals the power to support more
systems and users with just the bare essentials: a help desk professional, an internet connection
and a computer.
Extend the reach of your IT support department with NetSupport Manager remote control
software. NetSupport Manager provides the ability to support Windows, Mac, Linux, Solaris and
mobile devices all from a single console.
Deliver hands-on remote support
Monitor multiple systems simultaneously
Troubleshoot with hardware and software
inventory
Show screen for training and distance learning
For more information and to download a 30 day free trial please visit
www.netsupportmanager.com
[email protected]
1-888-665-0808
www.netsupport-inc.com
Project1
4/10/09
11:29 AM
Page 1
In-depth IT Training for
Windows Professionals
Orlando 2009
Loews Royal Pacific Resort
at Universal Orlando
June 22-26
Bring Questions, Take Back Solutions!
Register for IT Training You Can Use Today
TechMentor returns to Orlando with in-depth, low-cost
IT training for Windows professionals.
Get the real scoop on IT technology from our renowned expert instructors. Once again, TechMentor offers the
latest unbiased training on automating, managing, securing and troubleshooting Microsoft Windows. You’ll learn
tips and tricks to immediately take back to the office to enhance and secure your network—and your job.
Get ready for game–changing technology. 2009 sessions include:
•
•
•
•
•
•
Virtualization—both Microsoft and VMware technologies
New features in Windows Server 2008, including virtualization capabilities
How to build your first Windows Cluster
Practical guides for securing Domain Controllers & Active Directory
Inexpensive and reliable ways to add disaster recovery to your network
Much, much more…
New agenda focused on virtualization
New! TechMentor includes two full categories focusing exclusively on virtualization. Get ready for this hot and
game-changing technology. It’s like getting two conferences for the price of one!
0509_TM_OR_Remond_Ad_r3.indd Sec1:4
4/8/09 5:59:57 PM
0509_TM_
Project1
4/10/09
11:32 AM
Page 2
• Greg Shields Conference Chair
• Chris Wolf
“Designing Your Virtualization Infrastructure”
and Workshop on “VMware ESX & Virtual
Infrastructure”
“Architecting Backups in Virtualization” and
“Platform Wars: Choosing Your Hypervisor”
• Brien Posey
• Peter Bruzzese
“The Fundamentals of Storage Virtualization”
“Disaster Recovery in a Virtual World”
• Rhonda Layfield
• Don Jones
“Practical PowerShell: Automation for Busy
Administrators”
“Deploying Microsoft Operating Systems:
As Easy as 1-2-3!” nulputpat nissit prat.
And much, much more!
• Mark Minasi
Best-selling author, popular technology
columnist, and keynote speaker.
y
e:
}
Found all speakers to
have a level of expertise
above my expectations.
Read all our speaker bios at
http://techmentorevents.com/orl9
}
~
I learned a gigabyte at
TechMentor!
~
—Mike Campbell, Cure Solutions
[TechMentor Las Vegas]
—John A. O’Neill Sr.,
Molded Fiber Glass Companies
[TechMentor New York]
Early bird Discount: Register by May 8th
and save up to $300! Use Promo Code NQ9T03
techmentorevents.com/orl9
© 1105 Media, Inc.
5:59:57 PM
ORLANDO 2009
World-Class Speakers:
The Reason Most Attendees Say
They Would Attend TechMentor Again
4/8/09 6:00:01 PM
W
0509_TM_
Project1
4/10/09
11:35 AM
Page 3
Do you deploy or manage Windows Server 2008?
Want to master PowerShell or explore virtualization?
Derek Melber
Microsoft MVP, independent
consultant, speaker
and author
In just a few days, you can:
· Learn new technologies
· Beef up your skill set
· Network with top experts
· Learn to do more with less
Coverage categories include:
Smarter Infrastructure
Management
Take home tips, tricks, and technologies to implement
today to make your job easier. New! Lots of virtualization
coverage.
Maximizing your Technology
Investment
Essential information in today’s economy: How to include
a focus on the bottom line in spending tech dollars.
Securing Your Infrastructure
Covers physical and virtual security at every level. The
scoop on security tactics to know—and those to avoid.
Practical Automation
High-end sessions on PowerShell, virtualization, and
more. Use scripting and command-line tools to build
repeatable, predictable tasks.
Architecting a Better
IT Environment
IT architect in title or in function? Learn from these highlevel sessions to ensure compliance, a solid environment
design and healthy IT infrastructure.
IT Fundamentals
Whether newbie or pro, new technologies always
loom. Sessions cover a range of critical fundamentals on
new and existing technologies.
Full session descriptions can be found at
techmentorevents.com/orl9
4/8/09 6:00:04 PM
0509_TM_
Project1
4/10/09
11:15 AM
Page 4
?
MANAGING
Your IT Environment
VIRTUALIZING
Your IT Environment
Pre-Conference Workshops • Monday, June 22
Pre-Conference Workshops • Monday, June 22
• Practical PowerShell: Automation for Busy Administrators
• Understanding & Solving the Trickiest Active Directory Issues
• VMware ESX & Virtual Infrastructure QuickSTART
• Real World Solutions for Hardening the ESX/ESXi Host
• Keeping Up with Jones: What Microsoft’s Latest Stuff
Means to You
• Group Policy Fundamentals: Things You Gotta’ Know
• Automate Active Directory Using Windows PowerShell
• Leveraging Group Policy Preferences
• The Top Ten Windows Server 2008 Features You Must
Implement Now
• Creating a Truly Secure Windows Desktop
• The Best Free Tools for Windows Server Troubleshooting
• Windows Storage: DAS, NAS, iSCSI, and Fibre (oh, my!)
• The Next Windows… Lucky Seven?
• Designing Your Virtualization Infrastructure
• VDI: Do You Really Need It?
• Introducing Hyper-V: Fast, Cost-Effective Virtualization
• Securing Every Part of Your Virtual Environment
• Zero-Footprint Applications: The App-V Architecture
• Integrating Hyper-V and System Center: Recipes for
Practical Automation
• Best Practices for Virtual Domain Controllers
• Understanding Software Licensing in a Virtual World
• The Next Windows… Lucky Seven?
• Scripting the PowerShell: Consistent, Repeatable Automation
• Making your First Windows Cluster: Cheap, Easy, & Reliable
• Supporting SQL Server (For Those Who’d Really Rather Not)
• Windows Hang & Crash Dump Analysis
• Making Encryption Easy with BitLocker and EFS
• A Practical Guide for Securing Domain Controllers
& Active Directory
• Best Practices & New Technologies in Windows Server
Backups
• Better Group Policy...For Free!
• Free Security: Implementing Your Own Certificate Authority
• Tricks of the Windows Vista Masters
Conference Day 3 • Thursday, June 25
• Microsoft Network Monitor: What’s on Your Wire?
• How to Automatically & Rapidly Deploy Software in
a Small Environment
• The Fundamentals of Windows Deployment Services
• Designing a Bulletproof Exchange 2007 Architecture
• IPv6 for the Reluctant: What To Know Before You Turn It Off
• Less Work, More Play: How to Automate Exchange Server
2007 Administration
• Troubleshooting DNS in an Active Directory World
• The Fundaments of SharePoint
• Remote Management Tools: Going Beyond Terminal Services
• G’bye File Shares: Improving Manageability & Security with
Document Libraries
• IIS 7 Administration (For Admins Who’d Rather Not)
• Troubleshooting & Securing the Windows Logon Process
Post-Conference Workshops • Friday, June 26
• Delivering Terminal Services Apps to the Intranet and Internet
• Deploying Microsoft Operating Systems: As Easy as 1-2-3!
6:00:04 PM
ORLANDO 2009
In Depth Technology Sessions
• Virtualizing Your Exchange Server Environment
• ESX Server Performance Tuning and Optimization
• Too Many VMs! Dealing with Virtual Machine Sprawl
• Architecting Backups in Virtualization
• Virtual Capacity Planning: How to Measure and Ensure
Performance
• Platform Wars: Choosing Your Hypervisor
• VMware ESXi for the Small Business and Smart IT Pro
• How to Do Advanced P2V Conversions
• Automating VMware Management with
Windows PowerShell
• Building a Business Case for Virtualization
Conference Day 3 • Thursday, June 25
• Building a Server Core Hyper-V Server
• Disaster Recovery in a Virtual World
• When & Where to Use Virtualization
• Automate Hyper-V with PowerShell and Virtual
Machine Manager
• Creating a Virtual Lab/Test Environment
• Automating and Provisioning Physical & Virtual File
Server Security
• ESX Network Connectivity: Best Practices
for Configuration
• Small Environments: When Do You Start Paying for
Virtualization?
• Managing the User Experience Across Physical & Virtual
Environments
Post-Conference Workshops • Friday, June 26
• The Fundamentals of Storage Virtualization
4/8/09 6:00:10 PM
1208red_REDSubAd_final
11/12/08
4:22 PM
Page 1
0509red_SecAdvisor69-70.v7
4/13/09
1:12 PM
Page 69
SecurityAdvisor
by Joern Wettern
AppLocker Reins in Applications
U
sers who run unwanted or dangerous applications
can undermine the security of your entire network.
With the new AppLocker feature in Windows 7,
Microsoft aims to simplify the task of ensuring that users
can only run approved applications.
When users run unapproved apps, it
doesn’t take long before admins have to
solve the ensuing problems. Programs
don’t need to be installed to be running
on a computer. Downloading a program
file from the Internet or copying it from a
flash drive can be all that’s needed for a
program to start. Recently, many security
experts have argued that the only way to
prevent unwanted and dangerous programs from running on a computer is
application white-listing.
What Is White-Listing?
White-listing consists of checking each
application at the time it starts to see
whether it’s on a list of allowed programs,
and preventing it from running if it’s not
on that list. Microsoft introduced a tool
for white-listing way back in Windows
2000. Software Restriction Policies,
which are applied via Group Policy, are
designed to control which users can run
which applications. If you ever tried using
this feature, you know that it’s cumbersome to configure and that updating rules
to accommodate software updates is
almost impossible.
Microsoft has jumped into the game by
creating AppLocker, a new tool for
application white-listing in Windows 7.
AppLocker is included with the current
beta versions of Windows 7 and
Windows Server 2008 R2. Settings are
applied using Group Policy Objects
(GPOs); the configuration settings can be
found in the GPO under Security
Settings. There are three types of rules
you can configure: Executable Rules can
apply to any program you select; Windows
Installer Rules apply to programs that
have been installed on the computer; and
Script Rules apply to scripts that are
started on a computer. In each of these
categories, you can create rules that
determine whether a user or group of
users is allowed to run a program, or you
list all installed apps without having to
spend lots of time.
Not unlike the old Software Restriction rules, AppLocker rules can be based
on file paths, file hashes or software publishers’ certificates. File paths are the
least-reliable method and only work if
you can ensure that executable files are
always found in the same location. Using
this method will also let maliciously
modified programs run as long as
they’re in an allowed location.
File hash rules are more reliable, as
they apply to specific versions of program files. If even a single byte of such
a file is changed, a hash value rule no
longer applies and the program is
stopped dead in its tracks. However, file
hash rules can be very difficult to main-
When users run unapproved applications, it doesn’t take long before
administrators have to solve the ensuing problems.
can choose to prevent a program from
starting. You can combine rules to create
exceptions; for example, one rule might
allow users to run all installed programs,
but a second rule could prevent one
particular user from running Solitaire.
How AppLocker Helps
AppLocker lets you start with default
rules covering the apps you most likely
want to allow, such as all installed
programs and all applications in the
Windows directory. You can then add
additional rules to create a more stringent policy. Another nice feature is a
wizard that automatically creates rules
based on all files in a folder you specify.
If you create your policy on a computer
that’s representative of most other computers in your organization, you can
create the policy rules required to white-
tain. As soon as a program file is
changed because of a legitimate update,
you need to update the hashes, or the
application will stop working. If you
don’t update all hash rules before
patching an app, you’ll have to deal with
a slew of user complaints as programs
stop working across your network.
The most flexible and reliable rules are
publisher rules. You can configure a
policy that allows all programs that are
signed by a trusted publisher to run, but
your rules can also be more granular. A
rule may allow only programs from a
single publisher to run—for example,
only programs from Microsoft. To further limit the scope of the rule, you can
narrow it down to a specific product
name that needs to be specified in the
signed file. For example, you could whitelist Acrobat Reader without allowing
0509red_SecAdvisor69-70.v7
4/13/09
1:12 PM
Page 70
SecurityAdvisor
other programs from its publisher,
Adobe, to run. As long as future versions
of Acrobat Reader are signed correctly,
AppLocker will apply the same rule to
the new versions. This removes the
headaches created by application
upgrades and patches if there are file
path or hash rules that are in use.
Before enabling AppLocker, you’ll also
need to decide on the enforcement mode.
You can have AppLocker always apply
your policies, or you can allow for settings to be overridden by other GPOs. A
third option is the audit-only mode,
which lets all applications run but generates audit events when a rule applies.
Is AppLocker Right for You?
AppLocker is a capable and easy-to-use
solution for application white-listing, but
it has a number of limitations you need to
know about. First of all, AppLocker only
works on client computers running
Windows 7 or Windows Server 2008 R2.
Another limitation of AppLocker is
caused by the diversity of the programs
that typically need to run on computers
even in a small or midsize organization.
Sure, if you run a handful of applications
in your network and most users have
identical needs to run these programs,
creating and maintaining your rules will
be very easy. But if you have to control
dozens or hundreds of applications, each
of them including multiple program files,
you’ll end up with a policy that includes a
long list of rules that are difficult to maintain. And if some of these applications are
not digitally signed, updating hash rules
each time software is patched can easily
turn into a full-time job.
Maintaining and synchronizing
AppLocker rules in a distributed environment can also be challenging. While
AppLocker lets you export and import a
policy and its associated rules, there’s no
central repository or merging functionality. So, if you maintain a different
Earn your degree
and IT certs at the
same time!
Earn up to 10 respected industry certifications with your
online IT degree program—At No Additional Cost.
Here’s what you can get from the online
degree programs offered at WGU:
• Flexible ONLINE learning
• The opportunity to advance quickly if you
already have certifications
• Programs in Networks, Databases, Security,
Software and IT Management
AppLocker policy for each of five departments, you’ll need to add a new app
separately to each of these policies.
If you’re planning on migrating most
client computers to Windows 7, and if
your network is small and homogenous,
AppLocker may fit the bill. Even in a
larger environment, AppLocker may be
the right tool to lock down a subset of
computers to let certain users only run a
limited set of programs. However, when
it comes to enterprise-wide application
white-listing, or if you need to control
app use on pre-Windows 7 clients, there
are better third-party solutions.—
Joern Wettern ([email protected]),
Ph.D., MCSE, MCT, Security+, is the owner
of Wettern Network Solutions, a consulting
and training firm. He’s written books and
developed training courses on a number of
networking and training topics, in addition to
regularly teaching seminars and speaking at
conferences worldwide.
—
“The best—
and cheapest—
er
college you’ve nev
heard of is found
only online”
08
e, November 17, 20
—TIME magazin
Call Toll Free
888-455-6001
or visit us at www.wgu.edu/time15
WGU is honored to receive
the USDLA 21st Century
Award for Best Practices in
Distance Learning for 2008.
0509red_Index71.v2
4/14/09
3:57 PM
Page 71
AdvertisingSales
RedmondResources
AD INDEX
East
JD Holzgrefe
Associate Publisher
Eastern Regional Sales Manager
804-752-7800 phone
253-595-1976 fax
[email protected]
Northwest
Bruce Halldorson
Northwestern
Regional Sales Manager
209-333-2299 phone
209-729-5855 fax
[email protected]
Amy Winchell
So Cal/Central
Regional Sales Manager
949-265-1566 phone
[email protected]
Danna Vedder
Microsoft Account Manager
253-514-8015 phone
775-514-0350 fax
[email protected]
CORPORATE ADDRESS
1105 Media, Inc.
9121 Oakdale Ave. Ste 101
Chatsworth, CA 91311
www.1105media.com
MEDIA KITS: Direct your Media Kit
requests to Matt Morollo, VP Publishing,
508-532-1418 (phone), 508-875-6622
(fax), [email protected]
REPRINTS: For single article reprints (in
minimum quantities of 250-500), e-prints,
plaques and posters contact:
PARS International
Phone: 212-221-9595
E-mail: [email protected]
www.magreprints.com/QuickQuote.asp
LIST RENTAL: This publication’s subscriber list, as well as other lists from 1105
Media, Inc., is available for rental. For
more information, please contact our list
manager, Merit Direct. Phone: 914-3681000; E-mail: [email protected];
Web: www.meritdirect.com/1105
Redmond (ISSN 1553-7560) is published
monthly by 1105 Media, Inc., 9121 Oakdale
Avenue, Ste. 101, Chatsworth, CA 91311.
Periodicals postage paid at Chatsworth,
CA 91311-9998, and at additional mailing
offices. Complimentary subscriptions are
sent to qualifying subscribers. Annual
subscription rates for non-qualified subscribers are: U.S. $39.95; Canada $54.95
Page
AvePoint, Inc.
46
URL
www.avepoint.com
Boson Software
42
www.boson.com
CDW Computer-LR
7
www.cdw.com
Citrix Systems, Inc.
9
www.citrix.com
Confio Software, Inc.
39
www.confio.com
Dell Computer
C2-1, 44-45,
C4
www.dell.com
Esker
29
www.esker.com
IBM Corporation
19, 21, C3
www.ibm.com
Idera
55
www.idera.com
SALES STAFF
Kaseya
15
www.kaseya.com
Tanya Egenolf
Metalogix Software Corporation 11
Advertising Sales Associate
760-722-5494 phone
760-722-5495 fax
[email protected]
IT CERTIFICATION &
TRAINING: USA, EUROPE
Al Tiano
Advertising Sales Manager
818-734-1520 ext. 190 phone
818-734-1529 fax
[email protected]
PRODUCTION
So Cal/Central
Advertiser
Jenny
Hernandez-Asandas
www.metalogix.com
Microsoft Corporation
2-3
www.microsoft.com
NetSupport Software
63
www.netsupport-inc.com
Quest Software
4, 52-53
www.quest.com
Redmond Media Group
68
Redmondmag.com/subscrib
SoftwareFX
48-49
www.softwarefx.com
Sunbelt Software
27
www.sunbelt-software.com
TechMentor Orlando
64-67
http://techmentorevents.com/orl9
The Training Camp
61
www.trainingcamp.com/super
Train Signal, Inc.
51
www.trainsignal.com
Ultrabac
33
www.ultrabac.com
VSLive Las Vegas
58-59
http://vslive.com
Western Governors University
40, 70
www.wgu.edu/rdm
Wiley Publishing
43
http://www.wiley.com
EDITORIAL INDEX
Company
Page
URL
Adobe Systems Inc.
50, 69
www.adobe.com
Director, Print Production
818-734-1520 ext. 101 phone
818-734-1528 fax
[email protected]
Amazon.com Inc.
37
www.amazon.com
AOL LLC
24
www.aol.com
Jennifer Shepard
Senior Print Production Coordinator
818-734-1520 ext. 112 phone
818-734-1528 fax
[email protected]
(U.S. funds); International $64.95 (U.S.
funds). Subscription inquiries, back
issue requests, and address changes:
Mail to: Redmond, P.O. Box 2063, Skokie,
IL 60076-9699, email [email protected] or call (866) 293-3194 for U.S. &
Canada; (847) 763-9560 for International,
fax (847) 763-9564. POSTMASTER:
Send address changes to Redmond, P.O.
Box 2063, Skokie, IL 60076-9699. Canada Publications Mail Agreement No:
40612608. Return Undeliverable Canadian Addresses to Circulation Dept. or
Bleuchip International, P.O. Box 25542,
London, ON N6C 6B2.
© Copyright 2009 by 1105 Media, Inc. All
rights reserved. Printed in the U.S.A.
Reproductions in whole or part prohibited
except by written permission. Mail
requests to “Permissions Editor,” c/o REDMOND, 16261 Laguna Canyon Road, Ste.
130, Irvine, CA 92618.
The information in this magazine has not
undergone any formal testing by 1105
Media, Inc. and is distributed without any
warranty expressed or implied. Implementation or use of any information contained
herein is the reader’s sole responsibility.
While the information has been reviewed
for accuracy, there is no guarantee that the
same or similar results may be achieved in
all environments. Technical inaccuracies
may result from printing errors and/or new
developments in the industry.
Apple Inc.
28, 47
www.apple.com
AT&T Inc.
49
www.att.com
Atheros Communications Inc.
49
www.atheros.com
BMC Software Inc.
13
www.bmc.com
Cisco Systems Inc.
13
www.cisco.com
Dell Inc.
13, 20
www.dell.com
Embotics Corp.
21
www.embotics.com
EMC Corp.
13
www.emc.com
Fujisoft Inc.
50
www.fsi.co.jp/e
Google Inc.
23, 37, 47
www.google.com
HTC Corp.
48
www.htc.com
Huawei Technologies Co. Ltd.
49
www.huawei.com
IBM Corp.
37, 72
www.ibm.com
Intel Corp.
13
www.intel.com
LG Electronics
49
www.lge.com
Marathon Technologies Corp.
20, 34
www.marathontechnologies.com
Motorola Inc.
49
www.motorola.com
NetApp Inc.
13
www.netapp.com
Nokia
49
www.nokia.com
Novell
13, 14, 18
www.novell.com
NTT DOCOMO Inc.
49
www.nttdocomo.com
Red Hat Inc.
13
www.redhat.com
Research In Motion Ltd.
47
www.rim.com
Salesforce.com Inc.
37
www.salesforce.com
Samsung Electronics
49
www.samsung.com
Softbank Mobile Corp.
49
www.softbankmobile.co.jp/en
STMicroelectronics
49
www.st.com
Sun Microsystems Inc.
72
www.sun.com
Symbian Software Ltd.
47
www.symbian.com
Texas Instruments Inc.
49
www.ti.com
The Mozilla Foundation
23
www.mozilla.org
T-Mobile International AG
48
www.t-mobile.com
TomTom International BV
72
www.tomtom.com
Toshiba Corp.
49
www.toshiba.com
Visa Inc.
50
www.visa.com
VMware Inc.
13, 18, 21,
36, 38, 72
www.vmware.com
Vodafone
49
www.vodafone.com
This index is provided as a service. The publisher assumes no liability for errors or omissions.
0509red_Foley72.v4
4/13/09
11:43 AM
Page 72
FoleyOnMicrosoft
by Mary Jo Foley
For Microsoft, ‘Open’ Is the Hardest Word
W
ith apologies to Sir Elton John, “sorry” is not the
hardest word for Microsoft. It’s “open.” To be fair,
“open” has become a loaded, almost meaningless
term for all of technology, not just Microsoft. But in the past
Transformation of Microsoft” (Wiley,
2009). In it, Phelps essentially claims
the main reason Microsoft is so interested in IP licensing is that the company
wants to be more “open.” In reality,
however, Microsoft’s recent spate of IP
licensing deals has been mostly about
making money.
Is it any wonder that many open
source vendors, users and developers
don’t trust Microsoft? It’s tough to
know, day-to-day, if you’re dealing
with the open source-agnostic
Microsoft or the Microsoft that’s
claiming Linux and open source
violate 235 Microsoft patents, while
refusing to provide further details.
Unlike some Microsoft watchers, I
have no problem with Microsoft being
closed source. There should be no iden-
couple of months, the ’Softies have
• Released a position paper seeking to
tripped over the word more than most.
clarify its stance on open source, entitled
Here’s the problem: Microsoft is not a
“Participation in a World of Choice:
homogeneous or small company. Even
Perspectives on Open Source and
after layoffs, it will consist of some 95,000 Microsoft.” The paper is very open
workers, with different ideas about open
source-friendly, but it feels likes it’s been
source, open processes and open stancombed over by an entire legal team.
dards. Yes, there’s a strong group inside
• Stirred up a blog war with IBM,
the company—Chief Software Architect
Sun, VMware and the other companies
Ray Ozzie is its biggest cheerleader—that backing the “Open Cloud Manifesto,”
believes that Microsoft must work with
which is basically a bland positioning
open source and open standards bodies.
document that discusses the importance
But there’s also a sizeable entrenched
camp that sees open source—and not just
Every time the “do less evil” elements at Microsoft take a step forward in the
the Linux subset of that community—as
Public Enemy No. 1.
eyes of the open source camp, individuals who still hope there’s a chance of
Every time the “do less evil” elements at
wiping open source off the map cause the ’Softies to take two steps back.
Microsoft take a step forward in the eyes
of the open source camp—by creating a
Web gallery that features open source
of open standards in the evolving cloud- tity crisis at Microsoft: It’s fundamentally
apps, for instance—individuals who still
computing world. Microsoft went on
a proprietary software vendor that makes
hope there’s a chance of wiping open
the war path, attacking the group for
its money selling software, services and
source off the map cause the ’Softies to
failing to be open in its processes. I bet
sometimes even a little hardware. But
take two steps back. An example of this
the ’Softies didn’t like the “open” lingo
Microsoft still doesn’t have a cohesive,
backpedaling: Suing GPS vendor
permeating the document, remembering
understandable approach to dealing
TomTom for patent infringement while
how that word got Microsoft in so
with open source, open standards and
trying to cover up the fact that the GNU
much trouble in the OpenDocument
open processes—and that’s why the perGeneral Public License and Linux are a
Format versus Office Open XML battle ception and strategy disconnects involving
key part of the case.
not so long ago.
Microsoft will continue to occur. —
For more on
(Microsoft and
• Supported Marshall
Microsoft’s open source
moves, go to
Mary Jo Foley ([email protected])
TomTom announced a
Phelps’s effort to portray
Redmondmag.com.
settlement in March.)
Microsoft’s IP licensing initia- is editor of the ZDNet “All About
FindIT code: Foley0509
Microsoft” blog and has been covering
Also in March, we
tives as something other than
Microsoft for about two decades. She has a
saw how many disparate, conflicting
a money-making operation. Phelps,
new book out, “Microsoft 2.0” (John Wiley &
organizations there are inside of
Microsoft’s intellectual property chief,
Sons, 2008), which looks at what’s next for
Microsoft. Within the span of one
recently released a book called “Burning
week, the company:
the Ships: Intellectual Property and the Microsoft in the post-Gates era.
Project3
4/3/09
10:43 AM
Page 1
LEANER.
MEANER.
GREENER.
The inefficiency, complexity and rising energy costs of twentieth-century
datacenters simply can’t support the demands of twenty-first-century
business. The IBM BladeCenter ® HS22 with Intel® Xeon® Processor 5500
Series can improve the economics of your datacenter by using up to
95% less space and 90% less energy than competitive rack servers
deployed 3 years ago, all without sacrificing performance.1 A greener
world starts with greener business. Greener business starts with IBM.
SYSTEMS. SOFTWARE. SERVICES. FOR A GREENER WORLD.
Learn how to improve performance and costs at ibm.com/green/bladecenter
1For complete details, go to www.ibm.com/green/disclaimer. IBM, the IBM logo, ibm.com and BladeCenter are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. Intel, the Intel
Logo, Xeon and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the United States and other countries. © 2009 IBM Corporation. All rights reserved.
Project2
2/5/09
10:22 AM
Page 1
;/F7;7H3
G=C@3<B3@>@7A3
2/B/0/A3
7<D3AB;3<B
µBVS`SO`SaSdSÒZTSObc`SaW\A?:AS`dS` &bVOb^`]dWRS
Ob`S[S\R]ca`Sbc`\]\W\dSab[S\b4]`SfO[^ZSRObOPOaS
Q][^`SaaW]\O\RPOQYc^Q][^`SaaW]\
ESRSbS`[W\SRbVObeSe]cZRaOdSPSbeSS\ #9O\R#9
W\bVS¿àbgSOÒZ]\SO\RW\Q`SOaW\UZgaOdS[]\SgU]W\U
T]èO`RXcabPSQOcaS]TbVSRSQ`SOaSW\RWaYaÔQS\SSRSR¶
³2OdWR>A[WbV1VWSTBSQV\]Z]Ug=T¿QSÀS`dWQSC
;/F7;7H3@=7/B23::1=;A?:

Redmondmag.com

Transcription

Similar documents

Khalil Abd El

Blackadders uses FloSuite Legal

Microsoft - сервисна платформа за грађане

Age of Empires III Age of Empires III

Computer

quality software. on time. every time.

IT SERVICES

Preparing for Certification

Misery from Social Media (and other thoughts)

THIS IS YOUR NEXT CONSOLE