Redmond - 1105 Media

Transcription

1006red_Cover.v6
9/15/06
2:10 PM
Page 1
Virtual Server: Good Enough to Topple VMware? 24
OCTOBER 2006
W W W. R E D M O N D M A G . C O M
$5.95
1
25274 867 27
7
OCTOBER
•
10 >
Would you
trust your IT
with This Guy? 32
+
Q&A: Live.com Tell All 11 • SharePoint Diaries 49
Back to Basics with Server Core 41
1006red_Sciptlogic_CoverTip
9/6/06
11:59 AM
Page 1
1006red_Sciptlogic_CoverTip
9/6/06
11:59 AM
Page 2
Project20
9/5/06
4:14 PM
Page 1
Project20
9/5/06
4:14 PM
Page 2
1006red_TOC_1.v3
9/15/06
2:19 PM
Page 2
Redmond
OCTOBER 2006
W W W. R E D M O N D M A G . C O M
Winner for Best
Computer/Software
Magazine 2005
THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY
REDMOND REPORT
11 RSS Guru Goes Offline
A tell-all Q&A with Niall
Kennedy.
12 Will Microsoft or IBM Have
the License That Kills?
Each company’s licensing plan
figures to play a role in winning
the middleware battle.
12 CIOs in No Rush to Buy Vista
Merill Lynch survey results show
less IT folks intend to upgrade.
COVER STORY
16 Beta Man
IT Gone Bad
Windows PowerShell is almost
Spying, blackmailing and thievery—
are there criminals in your shop?
Page 32
FEATURES
41
Windows Without Windows
The new Server Core is a strippeddown, rock-solid version of Longhorn.
49
Page 60
C:/
ready for prime time.
COLUMNS
6
The SharePoint Diaries
Barney’s Rubble: Doug Barney
Bill for President
Itching to deploy Microsoft’s powerful, new SharePoint server
technology? Better know what you’re getting yourself into first.
31 Mr. Roboto: Don Jones
Intelligent Transfer
60 Never Again: Jim Desmond
SQL Slip Up
PolicyMaker Application
Security lets you apply specific,
application-level privileges.
24 Reader
Review:
Virtual
Server Has
Real Fans
D
ER
DR
EN
IV
19 Keep Power Users
Under Control
RE A
REVIEWS
63 Windows Insider: Greg Shields
Cut the Crap
66 Security Advisor: Joern Wettern
Risky Travels
Redmond
Now that it’s free and has
“official” Linux support, users
find Virtual Server 2005 R2 a
more compelling option.
72 Foley on Microsoft:
Mary Jo Foley
What’s Next for Microsoft’s IE?
ALSO IN THIS ISSUE
4
Redmond Magazine Online
8
[email protected]
71 Ad and Editorial Indexes
Project19
9/5/06
4:00 PM
Page 1
Will today be the
day your data
slips away?
Introducing the EMC® Insignia Solution for Data Protection
for Small and Medium Businesses.
Avoid meltdown with the data protection solution you can trust.
Every IT pro has had that sinking feeling when data goes missing. That’s why EMC Insignia
combined the power of the CLARiiON® AX150 disk array with Retrospect® backup and
recovery software to create the most reliable and easy-to-manage data protection solution
for small and medium businesses.
• Reliably protect your servers, desktops, and notebooks with automated, self-adjusting
operations
• Back up and recover fast with the most respected disk-to-disk-to-tape software solution
in the industry
• Increase productivity with user-initiated restores
• Maximize backup security with government-certified AES encryption
To learn more, visit www.emcinsignia.com.
EMC2, EMC, Retrospect, CLARiiON, and where information lives are registered trademarks of EMC Corporation. All other trademarks
are the property of their respective owners. © Copyright 2006 EMC Corporation. All rights reserved.
1006red_OnlineTOC4.v5
9/15/06
10:33 AM
Page 4
Redmondmag.com
OCTOBER 2006
Redmondmag.com
Top Tips for Better Integration
A
ccording to Emmett Dulaney, Redmondmag.com’s Integration Station
columnist, there’s no reason to do interop the old way anymore.
“The days of using this for a central server and distributed clients has passed,”
he writes. “LDAP has all but replaced it in every sense of the word. If you’re trying
to integrate and make NIS the common language for user authentication, you’re
doing yourself no favors.”
Dulaney also warns against telnet: “At one point in time, telnet could pass for a
definition of integration. Today it’s the poorest excuse for a network service that
one can find.”
Find out why and read the rest of Dulaney’s top 10 tips for integration projects.
FindIT code: ISTopTen
ENTmag.com
Microsoft’s Packed Business
Apps: Ready for Prime Time?
T
hat’s the question ENTMag.com’s Scott Bekker asks in the site’s recent
special report. And the outlook appears promising.
“Microsoft’s latest offerings are beginning to be worth a look, especially
within smaller enterprises,” Bekker writes.
“We are seeing increasingly enterprises, mid-market companies broadly asking about Dynamics and specifically asking about Dynamics AX,” says Tami
Reller, Microsoft corporate vice president, Business Solutions Marketing Group,
during the AX 4.0 launch last month.
Discover what Dynamics and the other products might hold in store for you.
FindIT code: ENTSRB. If you’re a Microsoft Partner, don’t miss RCPmag.com’s
coverage of Dynamics. FindIT code: RCPDynQuest
REDMONDMAG.COM RESOURCES
Resources
Enter FindIT Code
>> Daily News
>> E-Mail Newsletters
>> Free PDFs and Webcasts
>> Subscribe/Renew
>> Your Turn Editor Queries
News
Newsletters
TechLibrary
Subscribe
YourTurn
Questions with ...
Michael
Domingo
Editor Michael Domingo
has put together our
annual salary survey and
the extended PDF version (26 pages, FindIT
code: 2006SalPDF) for
the past three years. Here’s what he
told us about this year’s findings:
What surprised you most about this
year’s results?
It’s amazing that, despite lots of letters
over the past year complaining
about how tough IT admin work is,
this year’s job satisfaction ratings
contradict that attitude.
What factor makes the biggest
difference in IT salaries?
At least for IT folks, it seems the
more years you’re working, salary
increases can be exponential after
about five years.
Can I use your survey to ask for a raise?
Do so at your own risk, and never,
ever make any ultimatums.
FACTOID
74,000
Number of .EU domain
names frozen in registrar
hijacking investigation
Source: MCPmag.com
Sepember Security Watch
column FindIT code: SWEU
REDMOND MEDIA GROUP SITES: Redmondmag.com • RCPmag.com • ENTmag.com
MCPmag.com • CertCities.com • TCPmag.com • TechMentorEvents.com
4 | October 2006 | Redmond | redmondmag.com |
Project1
3/14/06
3:47 PM
Page 1
1006red_Rubble6.v6
9/15/06
3:45 PM
Page 6
Barney’sRubble
Doug Barney
Bill for President
E
very four years pundits, radio talk show hosts and U.S.
citizens beg for a presidential candidate who’s not a
career politician.
And every four years the two major
parties nominate—you guessed it—
career politicians!
No true, non-political alternatives
have the party backing, or, it seems, the
ability to connect and gain our trust. I
guess voters don’t mind career politicians after all.
Donald Trump is too full of himself
(but Letterman would have great material), Ross Perot was too preachy and
weird, and Arnold is too foreign (mean-
ing he legally can’t run; not that I’m
against Austrians).
Here’s a name that could overcome all
these obstacles—Bill Gates. Not the old
Bill Gates spouting technology, wearing
ill-fitting clothes and crushing competitors for sport (though his company is
doing this with relish and third parties
are paying the price). No. I’m talking
about the new Gates of the Bill &
Melinda Gates Foundation.
As far as I can tell, Gates has not
pledged allegiance to either party
(probably the only thing he and I have
in common). In 2004 Gates gave only
$22,500 to candidates with a slight edge
to Democrats. For someone with Gates’
pockets, this is as close to giving nothing as you can get!
I mentioned this idea to my mother
and her eyes opened wide (the way they
did every time my high school assistant
principal called) and she exclaimed
“Wow!” After a few seconds of thought
she said “Wow” again.
Bill has no major skeletons (I’m guessing) and has taken non-political, purely
rational stances on today’s major issues.
Who would you trust to develop a
policy on global warming?
Who is today’s best ambassador to the
third world, to India, to China?
But Bill has no experience in foreign
policy! True, but neither did the governor of Georgia, California, Arkansas
or Texas.
Imagine if our fundamental approach
to the world was based on logical
approaches to curing disease, spreading
opportunity, saving the environment
and teaching children.
A foreign policy flowing from this
river would be rich indeed.
Imagine offering our enemies all of
these benefits.
Would Iran rather have nukes or freedom from disease? Maybe they’ll go for
the A-bombs, but will all regimes react
the same? I doubt it.
And remember, Bill promised to retire
in two years, just in time for his new job
in 2008.
We’ll just have to live with a total gutting of U.S. anti-trust laws!
Who are you going to vote for? Let me
know at [email protected].
Redmond
THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY
REDMONDMAG.COM
OCTOBER 2006 ■ VOL. 12 ■ NO. 10
Editor in Chief Doug Barney
[email protected]
Editor Ed Scannell
[email protected]
Executive Editor, Reviews Lafe Low
[email protected]
Editor at Large Michael Desmond
[email protected]
Managing Editor Wendy Gonchar
[email protected]
Editor, Redmondmag.com Becky Nagel
[email protected]
Contributing Editors Mary Jo Foley
Don Jones
Greg Shields
Joern Wettern
Art Director Brad Zerbel
[email protected]
Senior Graphic Designer Alan Tao
[email protected]
Group Publisher Henry Allain
[email protected]
Editorial Director Doug Barney
[email protected]
Group Associate Publisher Matt N. Morollo
[email protected]
Director of Marketing Michele Imgrund
[email protected]
Senior Web Developer Rita Zurcher
[email protected]
Marketing Programs Videssa Djucich
Manager [email protected]
Editor, ENTmag.com Scott Bekker
[email protected]
Editor, MCPmag.com Michael Domingo
[email protected]
Editor, RCPmag.com Becky Nagel
CertCities.com [email protected]
Associate Editor, Web Gladys Rama
[email protected]
President & CEO Neal Vitale
[email protected]
CFO Richard Vitale
[email protected]
Executive Vice President Michael J. Valenti
[email protected]
Director, Circulation and Abraham Langer
Data Services [email protected]
Director of Web Operations Marlin Mowatt
[email protected]
Director, Print Production Mary Ann Paniccia
[email protected]
Controller Janice Ryan
[email protected]
Director of Finance Paul Weinberger
[email protected]
Chairman of the Board Jeffrey S. Klein
[email protected]
The opinions expressed within the articles and other contents
herein do not necessarily express those of the publisher.
PHOTO ILLUSTRATION BY ALAN TAO
Project1
9/15/06
12:44 PM
Page 1
vÊ9ÕÊ½ÌÊ>ÛiÊÌ-«ÞÜ>Ài]ÊÊ
9ÕÊ}ÌÊÃÊ7iÊ-i`Ê9ÕÀÊÊ
*>ÃÃÜÀ`Ê/Ê/iÊ7À`°
-iÀÕÃÊ«i«iÊ>ÀiÊ>}ÊÃiÀÕÃÊiÞÊ
ìÛÃ}ÊÃ«ÞÜ>ÀiÊÌÊÃÌi>ÊvÀ>ÌÊvvÊ>ÞÊ
*
ÊÌiÞÊV>ÊÀi>V°Ê6ÊÌ-«ÞÜ>ÀiÊÃÊÌiÊ
ÞÊìviÃiÊÌ>ÌÊVLiÃÊ>`Û>Vi`Êvi>ÌÕÀiÃÊ
ÃÕVÊ>ÃÊ}iiÀVÊÕ«>V}ÊvÊV«ÀiÃÃi`Ê
>Ü>Ài]ÊÌÀÕiÊiÀÞÊÃV>}Ê>`ÊL>ÀÞÊ
Ã}>ÌÕÀiÃÊÌÊÌÀÕ}ÞÊ>>ÞâiÊÃÌiÊ
«À}À>Ã°Ê7ÌÊÓ{ÉÇÊÃÕ««ÀÌ]ÊÌ½ÃÊÌiÊLiÃÌÊ
Û>ÕiÊÊ>ÌÃ«ÞÜ>ÀiÊ«ÀÌiVÌp>`ÊÌÊÜ½ÌÊ
L}Ê`ÜÊÞÕÀÊV«ÕÌiÀ°ÊiÊ>ÊÀi>ÊvÀi`\ÊÌiÊ
ÞÕÀÊvÀi`ÃÊ>LÕÌÊÌ°Ê
/iÀi½ÃÊ>ÊvÀiiÊÎä`>ÞÊÌÀ>ÊÊ
Ü>Ì}ÊvÀÊÞÕÊ>ÌÊ>Û}>ÌÃ«ÞÜ>Ài°V
Ü>`ÊÞÕÀÊvÀiiÊÎä`>ÞÊÌÀ>ÊÌ`>Þ\Ê>Û}>ÌÃ«ÞÜ>Ài°V
1006red_Letters8.v7
9/15/06
10:26 AM
Page 8
[email protected]
Some Cheese with Your Whine?
How about an article on how the qualifications to be a staff writer or
editor for your magazine seem to include being a whiny crybaby
about Microsoft? After reading Redmond for a year or so, my conclusion is that with you people no matter what Microsoft does ...
it will be wrong. You’re not really an independent voice. You’re
just a blathering, childish voice complaining about anyone more
successful than you.
Andy Fralic
Fenton, Mich.
All Things Being Equal …
In Doug Barney’s column [“Glutton for
Market Share,” September 2006] he
says that Microsoft used to behave
properly in the market place and now it
doesn’t. I beg to disagree.
Microsoft’s behavior is the same: It
tries to conquer all. Barney judged this
as acceptable during the time that
Microsoft was the underdog. Nowadays, when Microsoft is a behemoth, he
seems to think that the very same attitude is no longer proper. How so?
Microsoft is on top because it’s very
good at what it’s doing. What does it have
that its competitors do not? Money?
Nope, venture capitalists continue to
pour money into dumb ideas. Brilliant
minds? Hardly, as a lot of bright people
are choosing to work for other companies big and small. Political support? No
way—who else was hit globally as badly
as Microsoft in the entire IT history?
Public sympathy? I wouldn’t know, but
I’ve had friendly arguments with people
who aren’t in love with Microsoft and
I’ve always been in the minority.
Whaddya Think
?!
Send your rants and raves to
[email protected].
Please include your first and
last name, city and state. If we
use it, you’ll be entered into a
drawing for a Redmond t-shirt!
Of course Microsoft wants to maximize
its market share. Isn’t it the corollary of
any company’s goal of maximizing profits? I bet that its competitors, including
the niche companies, want that as well.
Don’t base your buying
decisions—indeed any
business decisions—on
ideology. You’ll probably incur
bigger costs and diminished
returns and you’ll be fired or
go bankrupt.
Stop Looking at Me
What’s up with so many pictures of
Stephen Toulouse’s head in the August
2006 issue? I love your magazine, but
how many pictures can you have of the
same guy staring at us? It’s kind of weird.
Michael Brown
Mobile, Ala.
I think Barney has a point in saying that
monopolies can control prices, but people want to buy Microsoft. Even when
there are cheaper or even free alternatives, even when the governments mandate, encourage and force people to buy
or use something else, people continue to
buy and pirate Microsoft products. Why?
Because from the users’ perspective,
Microsoft’s products are better.
All other things being equal, why
would I buy something that I perceive as
inferior? Because it’s from the underdog
in the respective market? If I did that, my
boss would start asking questions.
Don’t base your buying decisions—
indeed any business decisions—on ideology. You’ll probably incur bigger costs
and diminished returns and you’ll be
fired or go bankrupt.
Empathetic Reader
We had a similar issue with 3Com
switches (Baseline 2226 Plus and another,
larger one, but I can’t remember the
model) not holding their configurations
after power going out [see the August
2006 reader-contributed Never Again
column, “Virtual Panic”]. They didn’t
hold anything: IP addresses, VLANs,
name, location.
The backed up configuration didn’t
restore the VLAN info or anything
else. The latest firmware revision
Readme mentioned the backup option
being fixed, but we still had issues
after installing this version.
After calling 3Com and explaining
what was going on, they RMA’d all five
switches with no problems. Apparently
they got a bad lot of EEPROMs that
failed to hold the configuration after
loss of power. It seems hard to believe
something like that would make it
through QA/QC either at the supplier
or at 3Com, but in the end, after several
frustrating rebuilds of VLAN configurations, we are back on a solid footing.
Daniel Drumea
The Netherlands
Joel Havenridge
Omaha, Neb.
Project6
8/11/06
3:00 PM
Page 1
ADVERTISEMENT
Restore and Maintain Peak Performance
Eight things you need to know
about fragmentation – a special report
As an IT Professional, you know the
importance of maintaining system
performance and reliability. Your
team is the one called to the rescue
when desktops or servers crash,
slow down or freeze. Many of these
issues stem from a single, hidden
source: disk fragmentation.
Reliability issues commonly traced
to disk fragmentation: Crashes and
system hangs/freezes; slow boot times
and boot failures; slow back up times
and aborted backup; file corruption
and data loss; errors in programs;
cache issues; hard drive failures.
1.
Having files stored contiguously
on the hard drive is a key factor in
keeping a system stable and performing at peak efficiency. Even a
small amount of fragmentation in
your most used files can lead to
crashes, conflicts and errors.
The weak link in today’s computers:
A computer system is only as
fast as its slowest component. The
disk drive is by far the slowest of the
three main components of your
computer: CPU, memory and disk.
Even with the fastest CPU system
performance would be affected by
disk fragmentation.
2.
Is Daily Defragmentation needed in
today’s environment? More than
ever! Large disks, multimedia files,
applications, operating systems,
system up-dates, virus signatures –
all dramatically increase the rate of
fragmentation.
Fragmentation
increases the time to access files for
all common system activities including opening and closing Microsoft®
Word documents, searching for
emails, opening web pages and performing virus scans. To keep performance at peak, defragmentation
must be done daily.
3.
Increased server
uptime:
b
Fragmentation can
cripple server performance and reliability resulting in
downtime and lost
production.
Diskeeper can easily
and safely be used on Diskeeper’s interface shows fragmentation levels and relative
your servers includ- location of all the files and folders on the selected volume.
ing: file and print,
web, domain conAdvanced, automated defragmentatrollers, SQL, Exchange, and any
tion: Manually defragmenting
other database or application servers.
every system every day is simply not
possible in even small networks let
Virtualization and fragmentation:
alone enterprise sites. IT Managers
Server virtualization can be
use Diskeeper’s “Set It and Forget
used to reduce the number of
It”® operation
for
automatic
physical systems for more efficient
network-wide
defragmentation.
CPU utilization. However, there is
Customers agree Diskeeper maina downside; the disk subsystem
tains the performance and reliabilimust now account for increased
ty of their desktops and servers,
disk I/O. Disk fragmentation the
reducing maintenance and increasprimary cause of unnecessary I/O
ing hardware life.
overhead. Automatic defragmentation is more important than ever for Every system on your network needs
maximum performance.
Diskeeper, the Number One Auto-
4.
8.
5.
Hidden manual defragmentation
costs: Manual defragmentation
is not “free” — it has heavy hidden
costs, such as IT time to manually
defrag every system. This results
in either staying after hours to
defrag, giving the users administrator privileges (not likely!),
break-fix handlings, or more often
no defrag whatsoever.
6.
How do I find out how much fragmentation I have? Download a free
trial version of new Diskeeper 10 at:
7.
www.diskeeper.com/red6
Install it, select a volume, select
Analyze and view the report.
matic Defragmenter™ with over 20
million licenses sold!
®
The Number One Automatic Defragmenter
Special Offer
Try Diskeeper 10 FREE for 45 days!
Download: www.diskeeper.com/red5
(Note: Special 45-day trialware is
only available at the above link)
Volume licensing and Government / Education
discounts are available from your favorite
reseller or call 800-829-6468 code 4372
For test results, white papers and case studies, visit
www.diskeeper.com/docs
©2006 Diskeeper Corporation. All Rights Reserved. Diskeeper, The Number One Automatic Defragmenter, “Set It and Forget It” and the Diskeeper Corporation logo are
registered trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. Microsoft is a registered trademark of Microsoft Corporation
in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com
Project3
7/11/06
1:45 PM
Page 1

5$'0,1
VXSHUVRQLFUHPRWHFRQWURO
ZZZUDGPLQFRPUDGPLQ
5$'0,1LVWKHPRVWVHFXUHDQGUHOLDEOHUHPRWHFRQWUROVRIWZDUHGHVLJQHGWR
PRQLWRUVXSSRUWRUZRUNRQUHPRWHFRPSXWHUVLQYLUWXDOO\UHDOWLPH5$'0,1KDV
SURYHQWREHLQFUHGLEO\IDVWDQGHDV\WRXVHDSSOLFDWLRQ5$'0,1LVDFRPSOHWH
UHPRWHFRQWUROVROXWLRQWKDWKDVDOOPLVVLRQFULWLFDOIHDWXUHV:LWKWKHLQYHQWLRQRI
'LUHFW6FUHHQ7UDQVIHU7HFKQRORJ\5$'0,1UHPRWHFRQWUROVRIWZDUHGH¿QHVQHZ
VWDQGDUGVLQWKHLQGXVWU\
*HQHUDOFKDUDFWHULVWLFV
0LOLWDU\JUDGHVHFXULW\
3HUIRUPDQFH
6XSHUVRQLFYHKLFOHVSHFL¿FDWLRQV
)XOO\26LQWHJUDWHG17VHFXULW\V\VWHPZLWK
17/0YVXSSRUW
,3¿OWHUWDEOHWKDWUHVWULFWVUHPRWHDFFHVVWRVSH
FL¿F,3DGGUHVVHVDQGQHWZRUNV
6HUYHUSDVVZRUGSURWHFWLRQ
$GYDQFHGELW$(6HQFU\SWLRQIRUDOOVHQGLQJ
DQGUHFHLYLQJGDWD
$XWKHQWLFDWLRQEDVHGRQ'LI¿H+HOOPDQH[FKDQJH
ZLWKELWNH\VL]H
.HUEHURVVXSSRUW
&RGHWHVWLQJGHIHQVHPHFKDQLVPWKDWSUHYHQWV
WKHSURJUDP¶VFRGHIURPEHLQJDOWHUHG
6PDUWSURWHFWLRQIURPSDVVZRUGJXHVVLQJ
,QFRUUHFW6HUYHUFRQ¿JXUDWLRQVSUHYHQWLRQ
*HQHUDWLRQRIXQLTXHSULYDWHNH\VIRUHDFKFRQ
QHFWLRQ
6XSHUVRQLFIUDPHSHUVHFRQGVSHHGRQ/$1
IUDPHVSHUVHFRQGRUPRUHRQPRGHP
3RZHUSODQW'LUHFW6FUHHQ7UDQVIHU70
:HLJKW0E
)HUU\UDQJHXQOLPLWHG
:LQJVSDQYDULDEOHJHRPHWU\GHVNWRSVL]HG
7\SH0XOWLUROH6XSHUVRQLF5HPRWH&RQWURO
0DQXIDFWXUHU)DPDWHFK
'HVLJQHGE\'PLWU\=QRVNR
0DLGHQÀLJKW0DUFK
9LQWURGXFHG-XQH
6WDWXVDFWLYHVHUYLFH
1XPEHUEXLOWPLOOLRQV
3ULPDU\XVHUXSWRGDWHEXVLQHVVDOORYHUWKH
ZRUOG
8QLWFRVW86VTXDGURQGLVFRXQWVDYDLODEOH
$UPDPHQW
6HFXUHYRLFHDQGWH[WFKDWIHDWXUHV
)LOHFDUJRWUDQVIHU
7HOQHWDQGRWKHUXVHIXOWRROV
7ULYLD
1RFRPSHWLWLRQLQGXVWU\EUHDNWKURXJK
6XSHUVRQLF)36UDWLR
/RZHVWSURFHVVRUXVH
0LQLPXPWUDI¿FFRQVXPSWLRQ
8OWLPDWHVHFXULW\VWDQGDUGV
3ULFHUDQJH
2SHUDWLRQDOKLVWRU\
FRPSDQLHVRI)RUWXQHOLVWZLWKZLGH
JHRJUDSKLFVSUHDG
1RUWK$PHULFD
6RXWK$PHULFD
(XURSH
$XVWUDOLDDQG2FHDQLD
$VLD
$IULFD
7\SLFDOFRPEDWXVH
&RUSRUDWH
6PDOODQGPHGLXPEXVLQHVV
+HOSGHVNSURYLGHUV
7HOHFRPPXWLQJ
(GXFDWLRQDO
+RPH
)DPDWHFK,QWHUQDWLRQDO&RUSRUDWLRQ
5DGPLQDQG5HPRWH$GPLQLVWUDWRUDUHUHJLVWHUHGWUDGHPDUNVRI)DPDWHFK,QWHUQDWLRQDO&RUS
1006red_Report11-16.v9
9/15/06
10:43 AM
Page 11
October 2006
RedmondReport
INSIDE:
Work faster and easier
with Windows PowerShell.
Page 16
RSS Guru Goes Offline
Niall Kennedy, touted as an important hire for Microsoft’s Live effort, talks
about what went wrong during his short tenure.
Microsoft I think I would have to hold
my breath awhile before getting it done.
BY MICHAEL DESMOND
hen Niall Kennedy abruptly
left Microsoft in August, it
surprised a lot of Web 2.0
watchers. Many had hailed the RSS
guru’s arrival from Technorati as a
sign that Microsoft was really “getting
it” when it came to developing innovative new Web technologies and
services. But less than six months after
starting at Microsoft, he was gone.
Kennedy spoke with us from San
Francisco and explains what went
wrong and how Microsoft might get it
right as it competes with hungry Web
2.0 competitors.
W
Q. Redmond: If before going in
someone had told you, six months
from now you will be out the door,
would you have believed them?
A. Niall Kennedy: I had people who
told me that, actually. And I said, well
there is only one way to find out, and
it’s too good of an opportunity not to
try. The ability to shape the future of
RSS and Atom feeds and the syndication platform in general at the scale
Microsoft has. My response was, well,
I at least have to try.
Q. What were your expectations
going in?
A. I joined Microsoft because there
was an invest-to-win strategy, where
the company wanted to make a big
splash in the online services base. I
felt like they had woken up after many
years of Google being triumphant in
search and other areas and they were
ready to make a serious play in this
space. And that was one of the reasons
I was hired, because my bosses knew I
Kennedy, pictured here sitting at his
“outside office,” spent six months with
the Windows Live group in Microsoft,
before heading out on his own.
could attract some talent into the
company to work on projects like this
with me.
Q. You were at Microsoft during an
incredibly busy time, weren’t you?
Was that a factor?
A. There is definitely a lot going on
and a lot of releases happening at the
same time in the desktop space, which
accounts for the majority of Microsoft’s
revenue. How that impacted the head
count that my division had and my ability to hire is something I still question,
because I just didn’t have it. There are
so many things that are changing within
Q. Is Ray Ozzie surrounding himself with the right technical people
to compete in the Web 2.0 space?
A. Well, he has some incubation
groups that can operate outside the
Microsoft bureaucracy. Small groups
that are introducing things like Live
Clipboard. Some of these different
groups that have introduced the
things that people look at Microsoft
and say, ‘Oh that’s really cool.’ It’s
the small teams that have been set
up just directly reporting into Ozzie,
and getting outside of that 72,000person structure.
The question with Ozzie that will have
to be determined long term is that there
are a lot of people there who have been
there 10 to 14 years. How well will the
rank and file react to someone who is
fairly new to the company, under a year?
Q. You’ve talked about opportunities in the spaces between existing
vendors and services.
A. I’ll take advantage of that void a bit.
Microsoft is not going to pull in
del.icio.us links, or for example Google
won’t display a Virtual Earth Bird’s Eye
view. But if you have a service such as
Zillow, they can give Google Maps as a
map view and then they can also provide
an additional view on that, using the
Bird’s Eye view from Microsoft, where
none of these big companies can do
something like that. It’s looking at what
is the best data out there, what are the
best services out there you want to use.
Continued on page 14
| redmondmag.com | Redmond | October 2006 | 11
9/15/06
10:43 AM
Page 12
RedmondReport
Will Microsoft or IBM Have CIOs in
the License that Kills?
No Rush
Each company’s licensing plan figures to play
a role in winning the middleware battle.
BY ED SCANNELL
icrosoft officials reacted
strongly to IBM Corp.’s
recent Processor Value Unit
(PVU) licensing for both its proprietary and Intel-based server applications. Perhaps a little too strongly.
In early August, IBM took a decidedly
different path from many of its competitors in the way the company prices
its middleware products running on
multi-core chips. The new softwarelicensing
scheme is
based on the
idea of PVUs, which replaces Big
Blue’s existing per processor licensing
policy. The PVU concept reportedly
provides a framework for licensing
differentiation on a number of different processor technologies. The software is then licensed based on the
number of “value units” assigned to
each processor core.
IBM believes its PVU approach
allows the company to “more appropriately align software cost and value,” and
address other issues related to multicore technologies. The licensing
scheme kicks in during this year’s
fourth quarter, when the company
ships an Intel-based server using a
quad-core version of the Xeon chip.
The PVU idea stands in sharp contrast to the software-licensing models
for multi-core chips of Microsoft,
which has stuck with its per-chip model
that counts a chip as a single processor
no matter how many cores it has. Some
Microsoft officials see the difference in
licensing as an important weapon in
the battle between the two companies
M
NewsAnalysis
where the high-cost, low-volume software of IBM figures to clash with
the low-cost, high-volume software
of Microsoft.
“This is the collision of two worlds
meeting somewhere in the middle.
What is interesting here is IBM using
this to keep [its] prices high, yet still
wanting to compete with Microsoft,”
says Andy Lees, corporate vice president in charge of Microsoft’s Server
and Tools Marketing.
The financial stakes involved could be
enormous. As more cores are added to
increasingly less expensive single
processors—single Intel chips alone
could typically have eight cores in the
next year or two, with proprietary chips
having many more—sales of such
servers and their applications figure to
explode as many more small and midsize companies can start to afford them.
“Multi-core chips in general-purpose
machines means they will have supercomputing power. What we believe
could and should happen is that lowcost, high-volume software goes up and
replaces the need for these esoteric
hardware and software products with
their esoteric pricing,” Lees says.
Some analysts agree with Lee’s opinion that IBM’s PVU idea is overly
complicated. They are quick to add,
however, that Microsoft can hardly
serve as a beacon of light when it
comes to simplified licensing models
given the confusion generated by its
Software Assurance plan.
“Microsoft will have a very difficult
chore convincing anyone that it can
Continued on page 14
to Buy
Vista
BY ED SCANNELL
n a Merrill Lynch survey asking
CIOs what their intentions were
for enterprise and server software
spending, many indicated that they
planned to push back plans to
upgrade to Windows Vista.
According to the survey results, only 8
percent of CIOs intended to upgrade
to Vista in 2007, which is down from
14 percent who said they would do
so when asked back in January. Some
75 percent said they are still waiting
to hear from Microsoft about exactly
when the company planned to launch
the long overdue operating system,
before making any purchasing decisions. That figure is up from 65 percent back in January.
I
There was more bad news for
Redmond as part of that same survey.
Because of the multiple delays to
both Vista and Office 2007, many
CIOs said they would push back
the renewals of their Microsoft
Enterprise Agreements.
While the number of CIOs that
plan to renew in 2006 held steady at
27 percent, some of those renewals
have been pushed back from the third
quarter to the fourth. Only 7 percent
intend to renew in the third quarter
compared to 10 percent in the last
survey conducted earlier this year.—
Project8
5/15/06
4:11 PM
Page 1
You do it all the time.
Do you think
the bad guys won’t?
Sunbelt Messaging Ninja:
Kill viruses, spam, and bad attachments
Other attachment filters don’t filter
attachments: They filter extensions.
Anyone can change extensions. And the bad
guys don’t need an FAQ to show them how. It’s
an easy trick—at least it was. Until now. Meet Sunbelt Messaging
Ninja—the new all-in-one, best-of-breed, third-generation
messaging security solution: Ninja is a plug-in framework that
integrates best-of-breed
antivirus, antispam,
and SMART* attachment-filtering modules
on your Exchange
server. Full control:
The policy-based plugin architecture allows you powerful, granular control. You can finally
rule with an iron fist. SMART attachment filtering: Ninja features
the first flexible policy-based attachment filter that isn’t fooled by extensions. It looks inside files to determine their true identity. Your policies
decide what
happens to all
FREE
attachments
SM
based on criAttac ART ™
hmen
teria such as inbound and outbound
t
email direction and internal or external
recipients. Dual-engine antivirus:
Ninja combines the power of two high-quality
AV engines: Authentium and BitDefender. Dual-engine antispam:
Ninja’s spam filtering decimates junk mail with both Cloudmark (which
includes antiphishing) and Sunbelt’s own heuristics-based iHateSpam
engines. And, of course, it also supports RBLs and SPF.
FREE attachment filter: For a limited time you can have Ninja’s
attachment filter for FREE. It’s full-featured. Not crippleware. All you
have to do is download it at www.sunbelt-software.com/ninjared.
TM
Filter
Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]
*Suspicious Mail Attachment Removal Technology™
© 2006 Sunbelt Software. All rights reserved. Sunbelt Messaging Ninja, SMART and Suspicious Mail Attachment Removal Technology are trademarks of Sunbelt Software. All trademarks used are owned by their respective companies.
9/15/06
10:43 AM
Page 14
RedmondReport
Continued from page 11
Q. How is Microsoft positioned
today to compete in the Web 2.0
space?
A. They have a tough road ahead of
them. I think the Web crowd is a crowd
that generally favors more open companies. Microsoft hasn’t had an open reputation. [These developers] use tools like
PHP, they program in open source tools
like Eclipse, so that’s a tougher ground to
go into.
But there is a big play for Microsoft
in Web 2.0 in the enterprise, and
that’s where people are already using
Exchange and Active Directory. Programmers want integration with that
kind of back-end. So I see a lot of the
tools that are out there in the Web 2.0
Internet world making their way into
Continued from page 12
serve as the defender of simple,
straightforward licensing,” says Dana
Gardner, principal analyst with InterArbor Solutions Inc. in Gilford, N.H.
Gardner notes that licensing plans for
both software and hardware from major
vendors are generally much too complex
these days and hurt large IT shops and
eventually the vendors themselves. A
complex licensing plan or too many
changes to such a plan, only gives IT
shops a reason to look at a vendor’s competitors’ products and licensing options.
“If users can get a direct and understandable way to license, then they
would be interested in buying more
product and/or upgrading faster, which
is what the vendor should be interested
in getting them to do,” Gardner says.
IBM, Microsoft and other vendors selling to large enterprises are missing the
larger picture by focusing too much on
licensing plans involving complex technologies such as multi-core chips and
virtualization. If IT shops become too
frustrated with the lengthy process of
the new round of applications for the
enterprise and how you get work done
inside a browser window at work.
Q. Is it hard to keep Web 2.0 talent
at Microsoft?
A. I think it’s tough to keep them
at Microsoft. You see employees leave
for smaller companies. It also depends
on a manager referring to his employees as ‘warm bodies’—which is something I heard multiple times at
Microsoft—or are these employees
actually intellectual leaders?
One Microsoft employee when I left
decided to blog about 10,000 people
joining Microsoft over the last year
and yeah, some people left—as if trying to use a pure numbers game to
talk about the type of people who are
working on these new projects.
sorting out the cost benefits of such
plans, they might just opt for a comprehensive subscription plan that subsumes
such technology issues and also provides
them with support, maintenance and
even hosting, according to Gardner.
Q. Hmm. So all of a sudden you
are talking about pork bellies
over there.
A. Right. You’re talking about warm
bodies, instead of the innovation
that is quoted by the executives all
the time.
Q. It comes back to respecting the
intellectual capital, doesn’t it?
A. Right, I think intellectual capital
is very important, and recognizing
that intellectual capital and keeping
those types of performers around,
as well as encouraging small teams
of developers. Start.com was a very
small group that was given support by
the management to do something new
and now that’s the centerpiece of
Windows Live. Live.com is what
Start.com became. —
these high-volume (multi-core-based),
mission-critical servers we offer highly
competitive on an industry standard platform,” Lees says.
Both Intel and AMD executives have
told Microsoft, according to Lees,
If users can get a direct and understandable way to license,
then they would be interested in buying more product and/or
upgrading faster, which is what the vendor should be interested
in getting them to do.
— Dana Gardner, Principal Analyst, InterArbor Solutions Inc.
Microsoft argues, however, that the
emergence and continued acceptance
of multi-core servers is merely an
extension of Moore’s Law, something
Lees says benefits the general health
of the entire industry. But IBM’s PVU
approach is something that not only
works against Moore’s Law, but could
slow the acceptance of multi-core
technology across the board.
“It is troubling from the industry’s point
of view because effectively what [IBM is]
doing is hedging against Moore’s Law.
[It’s] nervous that Moore’s law will make
that charging per core could slow the
adoption of multi-core technology.
They point out that a dual core chip,
for instance, does not give users twice
the performance over a single core
chip, but more like 1.6 to 1.7 times
the performance.
“People would end up paying twice as
much for the software and not getting
twice the performance, and they would
be discouraged from accepting this latest
technology, which has everything to do
with Moore’s Law. This is why we want
to fight it,” Lees says. —
Project6
9/12/06
2:29 PM
Page 1
EXCHANGE JUST WENT DOWN
The Most Recent Backup Was Done Last Night
What Are You Going To Do?
The Problem: Massive Data Loss Due to Protection Gaps.
Traditional Exchange backup agents from CA,
CommVault, Dantz, EMC, Legato, Symantec,
Veritas and other traditional backup solutions
leave you vulnerable – up to 24 hours or more
of data-loss.
The Solution: Continuous Data Protection Closes the Gap.
Lucid8’s DigiVault Continuous Data Protection
solution with SingleTouch Recovery™ represents
a major improvement over traditional backup,
replication, and snapshot systems.
• Automatically captures all changes to the
Exchange databases as they are made
• Advanced features like compression saves
bandwidth and disk space (up to 80%) and
256-bit encryption keeps the bad guys out
• SingleTouch Recovery™ to multiple points
in time before the corruption occurred
• Centralized management, Enterprise capable,
Easy to implement, Simple to use
The Bonus: TRADE-UP to DigiVault with CDP
Created by
and SingleTouch Recovery™ by
12/31/2006 and receive a healthy
trade-up discount to help offset the
money you’ve already spent on the
outdated Exchange agent from those
other guys.
TRADE-UP TODAY
To learn more, call 425 456 8478 or visit our website at
www.lucid8.com/tradeup for a FREE 30-Day DigiVault Test-Drive and a copy
of The Essential Guide to Continuous Data Protection for Exchange.
Copyright © 2006 Lucid8. All rights reserved. Microsoft® Exchange Server is a registered trademark of Microsoft® Corporation. All other trademarks are property of their respective owners.
9/15/06
10:43 AM
Page 16
RedmondReport
BetaMan
Command Performance
Windows PowerShell is almost ready for prime time.
M
icrosoft has officially locked
Windows PowerShell into
Release Candidate status.
That means it’s pretty much featurecomplete and now it’s down to bug
fixes. Before it’s released to the world,
let’s take another look at this muchballyhooed new tool and what it can do.
To be perfectly clear, PowerShell
(formerly code-named “Monad” and
called the Microsoft Shell) is not a
new scripting language. It has a
scripting language, in much the same
way that the old Cmd shell has a
batch “scripting” language.
The comparison to Cmd is perfectly
appropriate. Like Cmd, PowerShell can
run commands interactively. You type
the command and it runs right away.
You also see the results right away.
PowerShell is actually built as a
drop-in replacement for Cmd. It
runs all the same command-line tools
and has most of the same built-in
commands. So you can actually ditch
Cmd and start using PowerShell with
very few bumps in the road. Of
course, PowerShell goes further by
providing a host of new cmdlets
(“command-lets”) that perform various advanced functions.
It’s All in the Cmdlets
Cmdlet names all take a standard verbnoun structure, like Get-Wmiobject or
Get-Command. There are several commands you can run for more detailed
information on what’s available:
• Run Help cmdletname to get
instant, detailed help on any command
• Run Get-Command to see a comprehensive list of cmdlets
Windows PowerShell
Version reviewed: RC1
Current status: RC1
Expected release: Late 2006
• Run Get-Alias to see a full list of
cmdlet aliases (or nicknames)
You’ll spot many familiar Cmd commands—like Move and Type—in the
list of aliases. PowerShell uses these
aliases to map familiar Cmd commands
to new PowerShell cmdlets.
PowerShell cmdlets also use a standardized syntax. For example, any
cmdlet that connects to a remote
computer uses the –computer argument to accept the computer name.
That standardization makes learning
new cmdlets easier than learning full
Cmd commands.
Cmdlets are also powerful. Run
gwmi Win32_OperatingSystem –co
Server1 and you’ll be able to determine the operating system and service
pack version for a machine named
Server1. Gwmi is an alias for the GetWmiobject cmdlet and -co is the
shortened version of the –computer
argument. You only have to type
enough letters of the argument name
to distinguish it from other arguments
within PowerShell.
Through the Pipeline
Like Cmd batch files, PowerShell
scripts are basically a series of cmdlets
strung together. PowerShell does have
a more advanced scripting language,
but it still only has a dozen or so constructs for things like If/Then decisions
and loops. Consequently, the language
is pretty easy to learn.
What’s a bit tougher to learn is the
pipeline in PowerShell. There was a
pipeline in Cmd where you may have,
for example, run something like type
filename | more. This would execute
the type command, send it a filename
to display and pipe the output to the
more command to display the file’s
contents one page at a time.
PowerShell works in pretty much
the same way. Entering ps | ft will
run the Get-Process cmdlet (ps is its
alias), and pipe the output to ft (an
alias for Format-Table). The result is
a formatted list of all processes. Running ps | kill is dangerous, because it
takes the output of Get-Process and
pipes it to kill (an alias for StopProcess). This effectively shuts down
every process on your machine.
The syntax is pretty straightforward,
although it does take a bit of getting
used to. Nearly everything is aliased.
This honestly makes PowerShell a
bit tougher to read, although faster
to type. Always keep in mind that
nearly anything you’re typing is either
a cmdlet or an alias. If it doesn’t follow the verb-noun format, then it’s
probably a cmdlet alias.
Getting used to this new tool will give
you a leg up on the competition. Once
you’re familiar with the syntax and
structure, you’ll be able to work faster
and easier. —
Beta Man has gone under cover to give
you some of the earliest and most
unflinching takes on important software
under development at Microsoft.
1006red_RedSubAd_17
9/15/06
9:59 AM
Page 1
Project2
8/11/06
12:43 PM
Page 1
1006red_ProdRev19-22.v7
9/15/06
10:37 AM
Page 19
ProductReview
Keep Power Users Under Control
PolicyMaker Application Security lets you apply specific,
application-level privileges.
PolicyMaker Application Security 2.0
DesktopStandard Corp.
$21.00 per node
(Upgrade Assurance $4.20; Premium Support $2.10)
www.DesktopStandard.com
BY BILL HELDMAN
Engineers and software
developers present a special
challenge for IT managers.
Unlike others in the workplace, these groups require
admin privileges to do their
jobs—a problem that can
really complicate management for PC and server
administrators. Group Policy
Objects (GPOs) and their
associated management
interfaces—the Group Policy
Management Console
(GPMC) and the Group
Policy Object Editor
(GPOE) MMCs—only get
you part of the way there.
If you’re a full-time GPO
manager, you probably mastered GPOs a long time ago.
REDMONDRATING
Documentation: 15% ____ 9
Installation: 10% ________ 7
Feature Set: 35% ________ 8
Performance: 30% ________ 8
Management: 10% ______ 7
Overall Rating: 8.0
________________________
Key:
1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional
Still, you probably can’t send
a single policy to a group of
users to increase their privilege for a single application.
You can decrease privileges
all you like, but increasing
them is tough.
For example, software
developers using Visual Studio need advanced rights to
compile applications. If you’re
like most administrators and
simply allot them full administrative rights, you set yourself up for the probability of
completely crashed machines
at the close of the day.
Security effectively limits
a user’s capability, while
simultaneously granting
the permissions needed to
run applications. DesktopStandard calls it “leastprivilege.” The tool is now
in version 2.0 (version 3.0
will support Vista).
Why is this so important?
According to industry
reports, power users and
admin-level users are the ones
who leave the door open to
98 percent of viruses and malware on the local machine. It
may not be Sally in the
Figure 1. Select rules from a list of categories.
accounting department who
can create the most trouble. It
might be Bob, the senior programmer in your applications
development unit.
There are two components
to PolicyMaker Application
Security. The first is a GPMC
and GPOE snap-in, the second is a client component.
The client component is
deployed as an .MSI. It acts as
a driver on the local computer, monitoring the Resultant
Set of Policies (RSoP), listening to process launches and
checking them against any
PolicyMaker privilege rules.
The client makes this happen by managing the security
token for the user, elevating
his privileges for that application and only that application. This has a positive
effect in three ways:
• It doesn’t require secondary accounts
• It doesn’t increase the
security exposure of the
computer
• Applications that write to
HKEY_CURRENT_USER
run as the authenticated user
Living by the Rules
There are many ways to set
up PolicyMaker rules (see
Figure 1). You can target an
application based on its program file path, a simple hash
9/15/06
10:37 AM
Page 20
ProductReview
of the file, all of the applications in a given folder, applications targeted by an .MSI
file path or by installed
ActiveX components.
If you set up a rule based on
its file path, for example, the
resulting dialog lists various
supported applications. It will
also list functions you may
want to control (and points
out any different service pack
elements). For example, suppose you have Web programmers who need to work
extensively with data that
traverses the Windows Firewall. Those programmers
belong to the WebDev OU.
You would set up this rule to
elevate the Windows Firewall
security context and denote
the WebDev OU. You could
also establish various permissions like “Replace a Process
Figure 2. There is a list of filters you can apply to your rules as well.
Level Token,” or even apply
filters to rules (see Figure 2).
Once you’re finished, this
policy becomes a part of
whatever Group Policy
you’re working with. It will
ship as part of the GPO to
those OUs, domains and sites
(even single users) assigned to
receive it. Upon receiving the
GPO, the PolicyMaker client
sees that it has to elevate permissions, apply additional
privileges or introduce a filter
for a given program.
In native Windows GPOs,
there are more than 1,700
individual policies you can set
within GPOE. You can also
stack them so a given set of
users may have an RSoP that
is different than what you
expect. Add to that the complexity of different user
needs—even though they
may work side by side in the
same department—and you
can see what a daunting task
it is to administer GPOs.
PolicyMaker does indeed give
you more arrows in your
quiver, but doesn’t necessarily
make you a better archer. You
still have to determine which
rule set will work best.
One of the best things
about PolicyMaker is its
ability to “shatter-proof” a
computer. Windows is a
message-based system. Programmers don’t write code
that manipulates Windows—
they write code that passes
messages to Windows asking
it to perform a certain way.
Hackers can pass messages
to break a system, without
Project1
1/9/06
10:32 AM
Page 1
9/15/06
10:37 AM
Page 22
ProductReview
even having to worry about
the security context. Because
message passing is at the
heart of Windows, a wellcrafted message or two could
“shatter” Windows. PolicyMaker has a process-isolation
rule that can “shatter-proof”
a computer.
Ups and Downs
The documentation for
Security is first-rate. It
includes two appendices at
the end of the user guide for
first-timers wanting to learn
more about GPOs. I particularly liked the “I want to …”
section of the documentation. For example, your question might be “I want to
inoculate against shatter
attacks.” The answer would
be “Select any type of rule,
then enable Process Isolation
(ShatterProof) in the administrative template.”
What I didn’t like was the
process I had to go through to
get the product licensed. As
per the well-written instructions (complete with helpful
screen shots) you install the
code and launch GPOE.
Next, you go through a mini
Q&A session to establish
how many OUs and possible
users you have. You send the
results to an XML-based file,
e-mail it to DesktopStandard
and you’re sent back an
unlock key. It took me a week,
plus the compulsory conference call, to get my 20-node
evaluation license.
When companies like Oracle are putting all of their
software on the Web completely unlocked, a complex
licensing methodology
becomes a hindrance. To be
fair, when I queried the marketing folks, they said, “Hey,
if someone just calls us up, we
can get them licensed and out
the door.” Nevertheless, the
licensing methodology could
be simplified.
At $27 per node (including
the cost per node for premium support and upgrade
assurance), it also seems
pricey. You’ll want to run a
cost-benefit analysis to see
what kind of savings you’ll
realize by being able to
apply application-level permissions and privileges for
certain groups.
Keep in mind that you
won’t need this kind of tool
for your run-of-the-mill user.
This is for securing power
users, so it’s not as though
you’d be looking at a milliondollar deployment. Still,
you’ll have to look at the cost
versus the payback of reducing power-user headaches.
If you’re in a larger enterprise where desktops are
locked down as a matter of
corporate policy, PolicyMaker
Application Security offers a
way to efficiently dole out
heightened privileges to
those who truly need it. —
Bill Heldman (www.billheld
man.com) is an instructor at
Warren Tech, a career and tech
ed high school in Lakewood, Colo.
He’s authored several books for
Sybex, his latest is about using
Excel 2007 and SharePoint Portal Server 3 for project management, which is co-authored by his
wife Kim. You can contact Bill at
[email protected].
Project1
9/13/06
10:23 AM
Page 1
LOGGING IN DEPTH
www.eventLogManager.com
Secure — Detect, prevent, react, recover
Comply — Automate compliance for SOX, HIPAA, FISMA
Save — Reduce operational costs
EventTracker
Logging In Depth
TM
Get a free trial and ROI analysis —
www.eventLogManager.com
1006red_ReaderRev24-28.v7
9/15/06
10:42 AM
Page 24
ReaderReview
Your turn to sound off on the
latest Microsoft products
Virtual Server Has Real Fans
Now that it’s free and has “official” Linux support, users find Virtual
Server 2005 R2 a more compelling option.
RE A
M
EN
IV
BY JOANNE CUMMINGS
DR
ER
icrosoft’s Virtual Server is gaining fast on marketD
leader VMware. Microsoft bought the core
technology for Virtual Server from Connectix,
and originally charged $199 for the enterprise edition
and $99 for the standard version. When Virtual Server
2005 R2 Enterprise Edition debuted last April,
Redmond
Microsoft dropped the standard version altogether and
made the enterprise edition a free download.
The response was overwhelmingly positive. “It’s Microsoft, it’s free and I don’t have
to take any money out of my budget to give it a try. And it works great,” says Tom
Catalini, director of IT for William Gallagher Associates, an insurance firm in Boston.
Catalini just recently began experimenting with Virtual Server. By taking one
physical server and using it to run multiple virtualized servers, Virtual Server lets
him consolidate hardware while easing overall management. “Now I don’t have to
worry whether or not it’s the same kind of machine with the same hardware and
I don’t have to take any money out of my
budget to give it a try. And it works great.
Tom Catalini, Director of IT, William Gallagher Associates
drivers,” Catalini says. “By abstracting that hardware layer, I can port my applications wherever and whenever I need.”
Users say server virtualization helps increase capacity without stretching the
budget. “We’d love to have a full-fledged test center, with five or 10 machines, but
we don’t have the space or the equipment to do that,” says David Feldman, director of IT at Orchard Place, a Des Moines, Iowa-based group that provides mental
health and juvenile justice services for at-risk youths. “Using Virtual Server lets us
get stuff accomplished with a lot less hardware.”
Living La Vida Linux
One of the most important changes to Virtual Server R2 was Linux support. “I loved
it before but it didn’t do Linux, and because of that I had no use for it,” says Randy
Hinders, senior NT administrator at Donet Inc., an ISP in Dayton, Ohio. “Now that
it’s free and supports Linux, it’s definitely an eye-opener.” Donet is looking to offer
Web hosting on virtualized servers, and many of its customers wanted to use Linux.
David Marshall and Wade Reynolds, both senior infrastructure architects at Austin,
Texas-based Surgient Inc., agree that Linux support was critical. “People have been
asking for Linux forever,” Marshall says. “It was in the initial Connectix product and
was pulled out, but a lot of people run both Windows and Linux, especially in testing,
Microsoft Virtual Server R2
Enterprise Edition
Free
Microsoft Corp.
800-426-9400
www.microsoft.com
so that was a problem.” He says you
could virtualize Linux servers prior to
R2, but it wasn’t officially supported so
it ran poorly.
Still, big Linux shops may want to
consider VMware or the open source
Xen server virtualization tool. “They
currently support a wider variety of
Linux distributions,” Reynolds says.
Virtually Painless
Users give Virtual Server high marks
for ease of use, especially when it comes
to building a virtual machine (VM) and
using the integrated Web-based management console. “It’s definitely easy
to learn, easy to install and easy to get
your virtual machines created,” says
Reynolds. “You can do it with a lot less
planning [than with VMware], so it’s
an easier point of entry.”
The management console, because it’s
Web-based and not a typical MMCtype plug-in, is also easy to use. “The
console is pretty intuitive,” Hinders says.
“If you’re used to looking around Web
sites, you shouldn’t have any problem.”
The console also has some features
that other virtualization tools do not.
“One nice feature is a thumbnail view
of what’s going on inside each virtual
machine,” Marshall says. “If you have
your Web administrator interface up
Project1
9/13/06
12:17 PM
Page 1
9/15/06
10:42 AM
Page 26
ReaderReview
and you have 10 VMs running on that
box, you can actually see a thumbnail
image of what’s on them.”
Catalini also likes the console because
of its portability and accessibility. He
did add, however, that he doesn’t use it
much because he found it was easier to
simply turn on remote management in
the operating system itself. “That lets
me use the remote desktop connection
just like I do for any other server,” he
says. “You can’t tell the difference.”
Microsoft has also made licensing for
virtualized servers more attractive.
“Microsoft’s making it hard to resist,”
says Michael Hanna, senior systems
engineer at Infinity Network Services in
Tallahassee, Fla. “You can run up to four
virtual machines on an enterprise server
if you’re running Virtual Server. That
alone is pretty compelling because,
although I lean toward VMware, when
you factor in the cost of licensing, the
differences aren’t enough. I’m not going
Knock out spam at
Exchange level!
Only
$ 1195
for 100
users!
DOWNLOAD YOUR FREE TRIAL FROM WWW.GFI.COM/RMES/
Anti-spam for Exchange, anti-phishing and email management
Eliminate spam from your mail server with GFI MailEssentials for Exchange/SMTP:

Block spam at server level No need to update email clients
Bayesian filtering Detects spam based on statistical message analysis
Anti-phishing Detects and blocks phishing emails
Automatic whitelist management Keep whitelists up-to-date without extra admin
GFI MailEssentials configuration
User-based spam quarantine Sort spam to users junk mail folders
Blacklists scanning Stop mail from blacklisted senders and invalid domains
SURBL checking Checks email content against SURBL servers
Email header analysis and keyword checking Blocks spam based on message field info and keywords
Directory harvesting detection Checks validity of all recipient email addresses in an email
Also supports Lotus Notes & SMTP mail servers
tel: +1 888 243 4329 | fax: +1 919 379 3402 | email: [email protected] | url: www.gfi.com/rmes/
to spend a couple thousand on licenses
just because I like ESX a little better.”
Starting Oct. 1, licensing becomes
more compelling as Microsoft will let
Windows 2003 Datacenter Edition
users run an unlimited number of virtualized instances of Windows Server.
Not There Yet
Although Virtual Server meets users’
needs right now, they have specific feature requests for future releases. “The
only thing that’s missing that I’ve
noticed is the ability to do snapshots,
where you can quickly revert back to a
previous state,” Feldman says.
Hinders says VMware enjoys a lead
with its ability to take snapshots of guest
operating systems. “But with Virtual
Server, there’s no automated way to do
that. You can manually pause it, copy the
Virtual Server file and restart it. For
internal usage or testing, it’s no big deal.
But when you start taking this to production environments running missioncritical applications, you can’t have that.”
Virtual Server’s robust scripting capabilities can help out there, other users
say. “We could write a script that shuts
down the servers at midnight, copies
them to New Jersey, and then turns them
back on again,” Catalini says. “So I’d get
the same thing, have a clean up-to-date
copy, and there’s no management overhead to doing that.” He added that he
would, however, prefer to eventually see
an automated snapshot capability.
Another missing piece is support
for 64-bit guest operating systems.
Currently, Virtual Server will support
a 64-bit operating system on the host
machine, but not on the virtual
servers. “That’s going to be a big issue
with the new Exchange, which is going
to be 64-bit only,” Hanna says. “Right
now, we’re constrained to actually use
a 64-bit machine for testing when
we’d like to virtualize it instead.”
Virtual networking support is another
element that is less than robust. “That’s
one area that VMware has over Virtual
Server,” Hanna says. “With VMware,
Project3
2/14/06
11:31 AM
Page 1
9/15/06
10:42 AM
Page 28
ReaderReview
you can go to your own virtual switch or
subnets, and you have more options. You
can create virtual networks in Virtual
Server, but you essentially tie it to an
adapter and that’s it. It’s not as granular.”
Reynolds agrees, and says he’d like to
see Virtual Server support 802.1Q
VLAN tagging. “Virtual Server has a
little bit of catch up to do with VMware
on its robustness of virtual networking
and virtual switches,” he says.
Lack of virtual SMP support is also an
issue. “With Virtual Server, you can do
relative weight, but you can’t specify
[something like] this VM uses this percentage of this processor,” Marshall says.
“A nice [feature] to have for us would be
virtual SMP support, so you can say it
will share from these two processors out
of these four, or something like that.
Realistically, if you’re trying to get into
the production data center, you really do
need to have a virtual SMP.”
Still, readers say Microsoft Virtual
Server 2005 R2 is worth a look. “I’m
Different Strokes
here are two main flavors of server virtualization, and Microsoft has
both covered. Microsoft’s Virtual Server, like VMware’s VMserver
(previously called GSX server), is a hosted server virtualization platform.
That means the virtualization software must run on a host operating
system on the server hardware.
The other flavor is what Microsoft is calling Hypervisor, which requires no
host OS prior to loading the virtualization software. VMware’s ESX Server,
XenSource’s Xen and the virtualization functionality in Longhorn Server all
employ a Hypervisor server virtualization layer.
Generally speaking, Hypervisor-type products minimize overhead for
better performance and robustness. A main differentiator is cost. Most
hosted types, like Virtual Server and VMserver, are free. Most Hypervisor
products, like ESX Server, charge a licensing fee. Xen is an exception,
because it’s open source.
The Hypervisor capability in Longhorn is expected to become a part
of the operating system, with no extra license required.
— J.C.
T
pretty jazzed up about it,” Catalini
says. “Right now, I have rickety
old PCs that are strung together.
With this, I get to clean them up
and they go away. Things are going
to run on better hardware, be backed
up more consistently, be more
portable and recoverable and have
cleaner configurations.” —
Joanne Cummings ([email protected])
is a freelance technology journalist.
Project18
9/5/06
3:39 PM
Page 1
Defragment Every Drive On Your Enterprise
Without Leaving Your Chair
(Or even lifting a finger)
PerfectDisk Command Center™
Perfection Made Automatic
Introducing
Centralized Management
And Reporting
Patent-pending
Resource Saver™ Technology
Exclusive Space
Restoration™ Technology
Exclusive AutoPilot
Scheduling™
Recognized as the world’s most powerful
defragmenter, PerfectDisk has always been the
secret to faster, more reliable computers. Now,
with a powerful new suite of enterprise tools,
PerfectDisk 8.0 takes disk defragmentation to
the farthest reaches of the enterprise, while
placing total control right at your fingertips.
Are you sitting down? Good. Because
with the PerfectDisk Command Center™ you
can easily deploy, configure and manage the
defragmentation of every system on the enterprise... all from the comfort of your own desktop. And that’s just the beginning.
Our all new enterprise reports deliver
valuable performance statistics and at-a-glance
graphical displays that track and identify any
fragmentation issue on any managed computer,
and much more.
In addition, PerfectDisk‘s patent-pending
Resource Saver™ technology finds file frag-
mentation without having to first open the file,
further reducing any system impact of defragmentation. And new disk and CPU throttling
provide even greater control over resources.
What’s more, Raxco’s exclusive AutoPilot
Scheduling™ provides automatic defragmentation at the optimal time for each user. And
AutoPilot Scheduling’s Screen Saver Mode
enables idle-time defragging at user-defined
intervals. (There’s really nothing to it.)
And features like our Single File Defrag
and Consolidate Free Space Defrag (part of
PerfectDisk's Space Restoration Technology™ )
are particularly valuable for users working with
supersize files.
Give your users reason to stand up and
cheer. And while PerfectDisk 8.0 is busy keeping each computer in tip top shape, you can sit
back and simply take the credit. For the details
and a free demo, visit
www.pd8command.com
®
1-800-546-9728
www.raxco.com
June 8, 2004
PerfectDisk 6.0
¤
May 24, 2005
PerfectDisk 7.0
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. PerfectDisk is a registered trademark of Raxco
Software. PC Magazine Editors’ Choice Award Logo is a registered trademark of Ziff Davis Publishing Holdings Inc. Used under license. All other product names mentioned herein are the trademarks of
their respective owners.
Project3
8/11/06
12:50 PM
Page 1
1006red_Roboto31.v6
9/15/06
10:27 AM
Page 31
Mr. Roboto
Automation for the Harried Administrator | by Don Jones
Intelligent Transfer
A
fter downloading some sizeable images for product
updates, it occurred to me that life is pretty good. I
can start downloads, let them run all day and night in
the background, and still use my computer—almost as if
nothing else was happening. I can do this because I use
BITS, the Background Intelligent Transfer Service built
into Windows. You can use it too, and you’ll love it.
First, download BITS 2.0 and WinHTTP 5.1 from Microsoft. Don’t
worry—they’re free. BITS will let you
know if all your patches are up to date,
and it will not overwrite anything.
You’ll also need the WinXP SP2 Support Tools. Once you have everything
installed, you’re ready to roll.
Now find a nice juicy URL you want
to download. You can get at it via
HTTP or HTTPS, and it’s no problem
if it requires log-in credentials. Next,
create a new BITS download job by
opening a command-line or PowerShell
window and running bitsadmin /create
/download MyJob. (Use whatever name
you like in place of “MyJob.”)
Add your URL to the job by running
bitsadmin /ADDFILE MyJob
http://whatever.com/file.zip
c:\local\file.zip. You’re providing the
job name (in place of “MyJob”), as well
NeedHelp?
What Windows admin task would you
like Mr. Roboto to automate next?
Send your suggestions to
[email protected].
You can download this month’s tool
from Redmondmag.com.
FindIT code: Robot1006
as the remote URL and local filename
you want to use for the file. That local
filename needs to be a complete path.
The file won’t appear until the job is
in the background, using “spare”
bandwidth so you can continue using
your computer for other tasks. Run
the bitsadmin /addfile as many times
as you like to add more download
URLs to the job. They will download
in order.
You can check the status by running
bitsadmin /monitor. You’ll get a continuously updated status report, which you
can break out of by pressing Ctrl+C
(downloading continues in the background). Suspend a job by running
bitsadmin /suspend MyJob (or whatever
job name you used), and resume again
whenever you like. When the job is
BITS will download in the background, using “spare” bandwidth
so you can continue using your computer for other tasks.
completed, so don’t panic if you don’t
see a zero-byte file show up right away.
If you need to set proxy settings, run
something like bitsadmin /setproxysettings MyJob preconfig. This sets BITS
to use Internet Explorer’s proxy settings, which are easy to set with the
Internet Options control panel. They
are most likely already set correctly on
your computer.
Finally, if the URL you’re downloading requires a log-in, add credentials to
the job by running bitsadmin /setcredentials MyJob server basic username
password. Substitute the correct values
for “username” and “password.” This is
basic (clear-text) authentication. You
can specify ntlm instead of basic to use
Windows integrated authentication. In
that case, you’d leave out the username
and password because it will use your
log-on credentials.
Now you’re ready to kick everything off by running bitsadmin
/resume MyJob. BITS will download
finished, you’ll have to “complete”
the process to make the destination
files actually appear. Run bitsadmin
/complete MyJob to do this.
BITS 2.0 offers a ton of additional
flexibility, including the ability to add
lists of URLs from a text file, control job
access, control lists and more. Run bitsadmin /? to learn about all the details.
BITS may require a bit of commandline jockeying to use (Windows doesn’t
ship with a GUI for the tool), but it’s a
better download manager than many
browser plug-ins, at least for background downloads. BITS can resume
interrupted jobs where it left off, which
saves time, and it hums away in the
background to download large files
while you’re tackling other tasks.—
Don Jones ([email protected] ) is a
contributing editor for Redmond
magazine. He’s currently working on
a new book, “Windows PowerShell:
TFM” (www.sapienpress.com).
1006red_F1Badv9
9/15/06
12:17 PM
Page 32
Spying, blackmailing and
thievery—are there criminals
BY DOUG BARNEY
in your IT shop?
i
n 2003, a 911 dispatcher in Pennsylvania named
Michael Michalski broke into private motor vehicle records looking for his ex-girlfriend. Michalski
kept digging even after he was suspended from his
job. In fact, former co-workers helped him gather some
data. Michalski found what he was looking for, and proceeded to track down and kill his ex and her new boyfriend.
In the right hands, information is a valuable tool. In the
wrong hands, it can ruin lives, destroy companies and land
offenders in jail. This puts IT in a precarious position. There
is a fine line between protecting information and abusing it.
“IT can look at anything at anytime. All of the accounts
and privileges go through IT,” says one admin who, like
most of the IT professionals interviewed for this story,
declined to be identified due to the sensitivity of the topic.
“As the network systems admin for my company, I’m only a
sniffer away from any information I want. Do I do that?” he
asks. “Of course not. It’s not ethical. If you don’t trust your
IT people, get rid of them. All of the data in your company is
in their hands, so they had better be trustworthy.”
Ensuring trustworthiness is easier said than done,
because there are some who just can’t resist temptation.
“We have a network guy who monitors everyone’s
Internet usage. Most employees don’t know this because
our boss tells everyone that there’s no one monitoring
the Internet and that he doesn’t want to know anyway,
but this network guy always seems to know what everyone is surfing for. He even talks about it with other
employees,” says Jeff Osia, senior application developer
for JW Software Inc.
1006red_F1Badv9
9/15/06
12:17 PM
Page 33
Moonlighting by Day
Invasions of privacy are bad enough, but other IT abuses can
be much more serious. An IT worker for a school district
lived though a nightmare when the district’s IT director and
a network co-worker became partners in crime. “They had a
computer consulting business they ran on the side and would
leave the district several times a day to work on client computers without taking vacation time,” the IT worker explains.
What started as moonlighting on school district time
grew steadily worse. “They discovered the program
eBlaster, which records everything you do on the computer
and attaches keylogs, screenshots, Internet usage and a lot
of other info in an e-mail and sends it to a specified
address for review,” the worker explains.
This went far beyond mere snooping. “This was initially
used to monitor users suspected of spending too much
1006red_F1Badv9
9/15/06
12:18 PM
Page 34
time surfing the Internet or inappropriate e-mail. It was
put on the CFO, COO and superintendent’s computer. It’s
also suspected that it was put on a few of the school board
members’ computers.”
According to the IT worker, those involved hoped to use
knowledge of employees’ and school board members’ positions on various issues to help advance new initiatives and
gain political favor.
“They also installed a server with Lightspeed software
that would record all network packets and save any information that went through the network for specific users,
including documents and e-mail and that would send
reports to a specified address. This was brought to the
attention of the CFO (who some suspected was the one
who wanted the info) and he conducted an internal investigation. His investigation
showed that nothing was happening,” the worker continues.
While the internal investigation glossed over the situation,
other authorities weren’t convinced. “Less than a week after
the internal investigation was
complete and the school board
was told nothing was going on,
the FBI came in and confiscated
our Exchange server, the
LightSpeed server, all of the IT
department computers and all
the computers that were suspected to have eBlaster
installed.” The case is now with
the local DA, who is reportedly negotiating plea bargains.
Besides spying on their colleagues, these miscreants also
used school district funds to pay for their new company.
“They were ordering parts from our vendor, building them
into new cases and selling them to their clients. A few of us
suspected this when we saw parts come in that we didn’t
use anywhere,” he says. “One day we saw a tape drive in a
box of parts and the next day it was gone. A few days later,
our network engineer brought in pictures of the new server
he built for a client and it had that tape drive in it.”
Ironically, when this whistle-blower moved to a new job,
he was able to help nail these crooks. “When I started my
new job, I was trying to collect inventory of the computers
and software. I used AuditWizard to scan all the computers
and build the database. I was having problems with three
computers collecting the information. I checked the data
and they happened to be from the same vendor we had at
the school district,” he says.
Then it was time for some detective work. “I contacted
the rep ... and gave him the serial numbers from the systems. He gave me the purchase order and specifications as
computers that were sold to the school district,” he says. “I
had my accounting people pull the purchase orders and
they were purchased from the business owned by the
[school district’s] network engineer and IT director less
than two weeks after they were sold to the school with the
identical configuration in a different case.” No getting out
of it this time—they were busted.
Snoop Dog
Privacy invasions are the most common issues. “We
hired a bright young guy to operate our network. We
soon found he was operating an online store from our
server,” says the president of a computer firm who asked
to remain anonymous. “We also discovered he was reading e-mail to and from executive staff and doing other
subversive activities. The moron didn’t see anything
wrong with any of his activities.”
Snooping on the CEO’s e-mail
to his mistress or your boss’ personal messages may seem like a
joke, but in doing so, you’re violating corporate policy, personal
privacy and possibly the law. Disclosing what you’ve learned to
co-workers is a whole different
level of wrongdoing.
“A couple of years ago, one of
the techs in our department
seemed to ‘know’ about
announcements before they were
made public. He also seemed to
‘know’ things about one other
tech who had declined to go out
with him. She was positive he
must have been reading her e-mails, because he would
say things to her he could only know by reading those emails,” says Cathy, another anonymous IT pro.
This is not as rare as you would like to think. “I had been
working for someone [from whom] I was learning administration. I saw cases where this person was fixing a problem,
and reviewed seemingly every file the user had on the hard
drive. ‘Snooping’ doesn’t quite describe what he did,” says
an anonymous IT worker.
Attraction to a coworker is often the motivation for this
type of cyber-stalking. “It boils down to either blackmail,
when the person was disliked, or spying when there was a
sort of attraction. It’s pretty easy to set up rules to forward
e-mails from one account to another,” says AJ Burch, a
consultant pro from Wilmington, N.C.
Indiscretions don’t always end with simply snooping on
electronic communications. “I worked for a company
where the IT department read every e-mail that came
from external sources or was sent to external destinations.
They had great fun telling others the contents of the
e-mails—some very personal. It was well known who was
doing what with whom and when,” recounts an anonymous
Redmond reader.
Project3
9/12/06
12:11 PM
Page 1
1006red_F1Badv9
9/15/06
12:18 PM
Page 36
“During the stock market boom,
every day was an IPO celebration day. I
was working as a Web admin in an
online traders Web server team, so I
opted to work the evening shift when
all the work was done,” says Farooq
Ali. “One night, I saw the domain
admin and one of his e-mail admins
working into the evening. Then I saw
them in the same room around almost
10 p.m., so out of curiosity I walked
over and asked, ‘What’s going on?’”
“They said they had been asked to
fetch all the e-mails sent in the past
year by some of our executives. SEC
has been investigating us and now
they’ve asked us to get the data from
the backups,” he says.
“I noticed that they have successfully
uploaded an entire e-mail inbox of
an executive and that they’re reading
his e-mails,” says Ali. “Now this executive was an older person and not well
trained in the e-mail business, so he
used his office e-mail for his personal
e-mail as well. Some of the e-mails
were of an extremely private nature.”
“One of the admins made a copy of all
the e-mails. I do not know what happened of the SEC inquiry, but I do know
that we were all surprised when we
heard that same admin was promoted
to head of the department, bypassing
two other senior admins. Recently I saw
the promoted admin in Manhattan and
asked him directly. He said yes, he had
taken those e-mails to the executive
and asked for a promotion.”
— D.B.
Project2
4/6/06
4:54 PM
Page 1
1006red_F1Badv9
9/15/06
12:18 PM
Page 38
Dirty Work
Some IT folks are pressured into doing things that may be
unethical or illegal. “When an employee is thought to be
slacking and using the Internet for personal reasons, I’m
told to find out what they’re looking at. I poke around in
their workstation at their history files and temp Internet
files, and then report back to their team leader. At first, I was
OK with this. Then an employee that I didn’t particularly
like (because he didn’t do any work) was fired based on
what I found on his computer,” says an IT pro who asked
to be called Reluctant Spy.
“Reluctant Spy” worries about his
standing after that incident. “How
do I prove that if he ever filed a suit?
Could I be liable?” he asks. “I’m in a
very awkward situation. There are
others, including bosses and team
leaders, who also abuse the Internet.
I would really like to publish what
they’re doing, but I haven’t gotten
on their machines and looked.”
IT is also sometimes used to cover
up the actions of executives. “I’ve
been asked too many times by senior
level company personnel to cover up
their mistakes and bad judgments,”
says Will, another anonymous
admin. “I’ve been asked more than once to delete mail items
out of users’ mailboxes because someone who probably had
good business skills but hadn’t figured out the difference
between ‘Reply’ and ‘Reply to All’ sent out sensitive or
potentially damaging information via e-mail. I always did
what was asked, but it sometimes rubbed me the wrong way.”
While IT staffers often perpetrate abuse, they can also be
the victim. “I was an e-mail admin for a local bank and was
in charge of an automated user creation tool for several
databases. I needed to keep track and retain many of the
requests, so I created an agent to monitor delivery—return
receipt and post in a folder on my mail database. I used
this format for most of my correspondence,” says Scott,
currently a systems integrator at another firm.
“I moved on to another position and transitioned my job
to another admin. After about a month, I started getting
return receipts and transmission reports from my old OU
e-mail address. My replacement was going through not
only my mail file but the smtp.box and local mail.box on
the e-mail servers, reading mail and looking at attachments.” There is a happy ending to this story, though. “By
gathering information on the times and dates, we built a
case for his termination.”
“I’ve witnessed ignorant IT management entertain other
department manager’s requests for user’s browsing records.
My recommendations that they refrain from snooping until
HR is involved went unheeded. I refused to participate unless
HR was involved, but the ignorant managers proceeded at
their own peril,” says Piper, an IT team leader.
“Just because IT has the ability to snoop on users does not
give them the authority to do so unless directed by HR.
Otherwise, you’re simply setting yourself up for a labor relations lawsuit that will be difficult and expensive to defend.
User behavior is a performance
management issue, not an IT
issue. It is only the incompetent
IT manager that engages in user
snooping without the assistance
of HR. Competent managers are
able to properly manage their
staff’s behavior.”
HR and well-defined corporate policies should drive all
“spying” activities, one IT pro
argues. “I definitely think this
should be done by HR, but they
usually don’t have the skills to
go to the admin share on a
workstation and know where to
find the footprints.”
The misguided actions of IT don’t just result in dismissals,
privacy invasions and anger. They can ruin lives. “My wife
one day received an anonymous letter that contained several
of my personal e-mails. They did not try to blackmail me by
asking for money, they just felt it was their “moral” duty to
inform my wife of what I was writing. I quit the company
and my marriage ended in divorce. My credit was ruined by
the bankruptcy and divorce,” says Arnold Radloff of Lincoln,
Neb. “Now I never use my company computers for personal
e-mail. As a result, I have kept my current job and things are
finally getting better in my life.”
Silver Bullet?
Don’t Be a Spy
There is no silver bullet solution to the spying problem. For
IT managers, a lot boils down to simple judgment. Admins
must be smart enough to use their tools and access privileges within the guidelines established by the company.
“I have had to tune spam filters and Web filtering software. In that position, you see many things that you would
rather not see. It’s hard to not be sucked into reading the
e-mails about affairs and other things that people are stupid enough to include in messages from their work email,” says another IT professional who asked not to be
identified. “It really changes the way you look at people.
There are some things I would rather not know.” —
There can be pressure from all over—bosses, co-workers and
even your own curiosity. Spying, snooping and stealing are
wrong no matter who asks you to do it.
Doug Barney is the editorial director of the Redmond Media
Group. Reach him at [email protected].
Project8
9/6/06
11:30 AM
Page 1
Project6
8/11/06
3:10 PM
Page 1
Still Looking For An Effective
Solution To Train Your Entire Staff?
Unlimited Users
Instructor Led Training On Demand
Content includes:
Microsoft
CompTIA
Cisco
Safety
Ethical Hacker
+ Many More
Manage Courses And Students From One Location
Connects Directly To Your Computer Network
40-90% Savings Over Individual Courses
Over 500 On-demand Course Titles
Unlimited Access
Then Stop Looking!
Introducing...
®
ThinkTank
Learning Management System
The Revolutionary, Enterprise-Wide Training Solution
ThinkTank3 provides a company with the necessary tools to effectively
train an entire workforce. Affordable, scalable, and cost effective,
ThinkTank3 answers all of your training needs
ThinkTank3 is designed to quickly plug into a standard network
connection and be up and running within minutes. Built for ease-of-use,
ThinkTank3 works on most networks with little or no configuration.
ThinkTank3 uses a centralized, flexible, and portable hard-drive system
allowing for fast and simple installation and maintenance.
Call Now to Learn More
1-800-942-1660 or 1.866.268.2920
or visit www.specializedsolutions.com
International: (727) 669-1415
Developing Tomorrow’s Training Standards Today.
1006red_F2Core41-46.v8
9/15/06
3:26 PM
Page 41
C:/
dd
dddddddd
WWWWWWWWWWWW
WWW
WWWWWWWWW iiii
dddddd
iiiiii
WWWWWWW
WWWW
WWWW
dddddd
iiiiii
WWWWWW
WWWWW
WWW
dddddd
iiii
WWWWWW
WWWWWW
WWW
dddddd
wwwwwwwwww
ww
wwwwwwww
sssss
WWWWWW
WWWWWWW
WWW
oooooo
ddddddddddd
wwwwww
www
wwww
sssssssss
iii
WWWWWW
WWWWWWWW
WWW
nnn
nnnnn
ooooo ooooo
ddddd
dddddd
wwwww
www
ssss
sss
ss
iiiiiiii
WWWWWW
WWW WWWWWW
WWW
nnnnnnnnnnnnnnnnn
ooooo
oooooo wwwwww
ddddd
dddddd
wwwwww
www
ww
sssss
ss
iiiiii
WWWWWW
WWW WWWWWW
WWW
nnnnnn
nnnnnn
oooooo
ooooooo wwwwww
dddddd
dddddd
wwwwww wwwwwwww www
sssssssss
iiiiii
WWWWWW WWW
WWWWWW WWW
nnnnnn
nnnnnn
ooooooo
ooooooo
dddddd
wwwwww ww wwwwww www
sssssssssss
ssssssssss
iiiiii
WWWWWW WWW
WWWWWW WWW
nnnnnn
nnnnnn ddddddd
ooooooo
ooooooo
dddddd
wwwwwwww wwwwwwww
ssssssssss
iiiiii
WWWWWWWW
WWWWWWWW
nnnnnn
nnnnnn ddddddd
ooooooo
ooooooo
dddddd
wwwwww
wwwwww
ss
ssssss
iiiiii
WWWWWWW
WWWWWWW
nnnnnn
nnnnnn ddddddd
oooooo
oooooo
ddddddd
dddddd
wwwww
wwwww
sss
sssss
iiiiii
WWWWWW
WWWWWW
nnnnnn
nnnnnn
oooooo
ooooo
ddddddd dddddd
wwww
wwww
ssss
sssss
iiiiii
WWWWW
WWWWW
nnnnnn
nnnnnn
oooooo ooooo
ddddddddddddddddd
www
www
ssssssss
iiiiiiiiii nnnnnnnnn nnnnnnnnn
WWW
WWW
ooooooo
hhh
WWWWWWWWWWWW
WWW
WWWWWWWWW iiii
hhhhhhhhh
iiiiii
tt
WWWWWWW
WWWW
WWWW
hhhhhh
tt
iiiiii
ttttt
WWWWWW
WWWWW
WWW
hhhhhh
ttttt
iiii
tttttt
WWWWWW
WWWWWW
WWW
hhhhhh
tttttt
uuu
uuu tttttttttttt
oooooo
WWWWWW
WWWWWWW
WWW
hhhhhh
tttttttttttt
uuuuuuuu uuuuuuuu ttttttttttttt
iii ttttttttttttt
ooooo ooooo
WWWWWW
WWWWWWWW
WWW
hhhhhh hhhhhhh
uuuuuu
uuuuuu
iiiiiiii
ooooo
oooooo
tttttt
WWWWWW
WWW WWWWWW
WWW
hhhhhhhhhhhhhhh
tttttt
uuuuuu
uuuuuu
iiiiii
oooooo
ooooooo
tttttt
WWWWWW
WWW WWWWWW
WWW
hhhhhh
hhhhhh
tttttt
uuuuuu
uuuuuu
iiiiii
ooooooo
tttttt
WWWWWW WWW
WWWWWW WWW
hhhhhh
hhhhhh ooooooo
tttttt
uuuuuu
uuuuuu
iiiiii
ooooooo
tttttt
WWWWWW WWW
WWWWWW WWW
hhhhhh
hhhhhh ooooooo
tttttt
uuuuuu
uuuuuu
iiiiii
ooooooo
tttttt
WWWWWWWW
WWWWWWWW
hhhhhh
hhhhhh ooooooo
tttttt
uuuuuu
uuuuuu
iiiiii
oooooo
oooooo
tttttt
WWWWWWW
WWWWWWW
hhhhhh
hhhhhh
tttttt
uuuuuu
uuuuuu
iiiiii
oooooo
ooooo
tttttt
WWWWWW
WWWWWW
hhhhhh
hhhhhh
tttttt
uuuuuuuuuuuuuuuuu tttttttttt
iiiiii
oooooo ooooo
WWWWW
WWWWW
hhhhhh
hhhhhh
tttttttttt
uuuuu
uuuuu
iiiiiiiiii
ooooooo
ttttt
WWW
WWW
hhhhhhhhhh hhhhhhhhhh
ttttt
dd
dddddddd
WWWWWWWWWWWW
WWW
WWWWWWWWW iiii
dddddd
iiiiii
WWWWWWW
WWWW
WWWW
dddddd
iiiiii
WWWWWW
WWWWW
WWW
dddddd
iiii
WWWWWW
WWWWWW
WWW
dddddd
wwwwwwwwww
ww
wwwwwwww
sssss
WWWWWW
WWWWWWW
WWW
oooooo
ddddddddddd
wwwwww
www
wwww
sssssssss
iii
WWWWWW
WWWWWWWW
WWW
nnn
nnnnn
ooooo ooooo
ddddd
dddddd
wwwww
www
ssss
sss
ss
iiiiiiii
WWWWWW
WWW WWWWWW
WWW
nnnnnnnnnnnnnnnnn
ooooo
oooooo wwwwww
ddddd
dddddd
wwwwww
ww
www
sssss
ss
iiiiii
WWWWWW
WWW WWWWWW
WWW
nnnnnn
nnnnnn
oooooo
ooooooo wwwwww
dddddd
dddddd
wwwwww wwwwwwww www
sssssssss
iiiiii
WWWWWW WWW
WWWWWW WWW
nnnnnn
nnnnnn
ooooooo
ooooooo
dddddd
wwwwww ww wwwwww www
sssssssssss
ssssssssss
iiiiii
WWWWWW WWW
WWWWWW WWW
nnnnnn
nnnnnn ddddddd
ooooooo
ooooooo
dddddd
wwwwwwww wwwwwwww
ssssssssss
iiiiii
WWWWWWWW
WWWWWWWW
nnnnnn
nnnnnn ddddddd
ooooooo
ooooooo
dddddd
wwwwww
wwwwww
ss
ssssss
iiiiii
WWWWWWW
WWWWWWW
nnnnnn
nnnnnn ddddddd
oooooo
oooooo
ddddddd
dddddd
wwwww
wwwww
sss
sssss
iiiiii
WWWWWW
WWWWWW
nnnnnn
nnnnnn
oooooo
ooooo
ddddddd dddddd
wwww
wwww
ssss
sssss
iiiiii
WWWWW
WWWWW
nnnnnn
nnnnnn
oooooo ooooo
ddddddddddddddddd
www
www
ssssssss
iiiiiiiiii nnnnnnnnn nnnnnnnnn
WWW
WWW
ooooooo
The new Server Core is a stripped-down,
rock-solid version of Longhorn.
OOOOOOO
OOOOO
OOOOO
OOOOO
OOOOOO
OOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOOO
OOOOO
OOOOO
OOOO
OOOOOOOOOO
OOOO
ne of the most innovative features coming in Windows “Longhorn” Server
isn’t really a feature as much as a whole
new version of Windows. It’s called
Server Core, and it will only take onesixth of the disk space of a normal
Longhorn installation. It’s not expected to need anywhere
near as many patches and hotfixes as Windows 2000. It’s a
version of Windows that does not, in fact, use windows. It’s
breaking Microsoft’s long-standing reliance on graphical
interfaces and shaking things up in several of Microsoft’s
product groups.
Server Core reflects a changing view of servers. “Administrators are accustomed to thinking of servers by their
role. That’s my file server, that’s a domain controller, that’s
an Exchange server,” says Andrew Mason, a Microsoft program manager for Server Core. Some of those roles really
don’t use much of what is built into Windows.
Server Core also recognizes—based on painful experience—
that fewer “moving parts” in an operating system equates to
BY DON JONES
fewer vulnerabilities, stability issues and maintenance
points. Reducing the amount of code can help reduce the
amount of bugs. That’s what Server Core is all about.
Server Core can only act as a file server, domain controller, DNS server or DHCP server. As such, it’s far from
being a full-fledged Windows operating system (although
Microsoft is considering other roles for future versions).
Besides these four core roles, Server Core also supports
Cluster Server, Network Load Balancing, the Unix subsystem, the new Windows Backup in Longhorn, Multipath
I/O, Removable Storage Management, BitLocker drive
encryption and SNMP. Server Core also supports
Remote Desktop administration, although you’ll only
get a command-line window when you connect.
That’s about it. There’s no Internet Explorer, no Outlook
Express, Calculator or Windows Paint, no Wordpad,
Windows Messenger or Media Player—just the basics.
Microsoft did add Windows Notepad to Server Core at
the request of several sneak-preview customers, but even
that’s a stripped down version. You can’t, for example, use
9/15/06
3:26 PM
Page 42
Server Core
Figure 1. While Server Core is essentially Windows without
windows, you do still have access to some Windows tools.
the “Save As” function, because Server Core doesn’t have
dialog boxes for functions like Open and Save As.
There’s also no Microsoft .NET Framework. This means
you can’t run any managed code on Server Core. Mason says
his development team wants to add the .NET Framework to
Server Core, but they first need the Framework team to
modularize the code so they can add just the essentials. The
Framework’s absence in Server Core is significant. For example, you can’t run Windows PowerShell, Microsoft’s vaunted
new management shell, on Server Core. That doesn’t mean
you’re out of remote management options, however.
Server Core will come in Standard, Enterprise and Datacenter editions for i386 and x64 platforms. Most companies
will probably opt for the Standard edition because most of
the differences found in the Enterprise and Datacenter editions of Longhorn won’t be present in Server Core. The
Enterprise Server Core does, however, get you more processor and memory support, as well as clustering. Datacenter
adds the whole Datacenter hardware program and 99.999
percent reliability—although the current Datacenter isn’t
exactly flying off the shelves.
Get to the Core
Server Core comes up as an installation option when you
install Longhorn Server. It’s important to understand that
going with Server Core requires a clean install (no
upgrades from earlier versions or from the full version of
Longhorn). There’s also no “upgrade” path from Server
Core. You can’t, for example, make it into a full Windows
server without performing another clean install.
The absence of a graphical interface is almost immediately
apparent. Logging onto the server doesn’t bring up the usual
first-run “Finish setting up Windows” screen displayed by
the full version of Longhorn. This also brings up your first
quandary: How do you change the Administrator password?
How do you join a domain? How do you activate the thing?
After all, without system notification, there are no “Activate Windows” balloon reminders (not that anyone will
miss those). There’s certainly no Start Menu from which to
launch activation. The setup experience, in fact, is one of
the primary challenges Mason and his team had to handle.
For all of Microsoft’s boasting about the ease of remote
Windows management, the Server Core team has dealt with
a slightly different story. They’ve built custom utilities to
cover for Windows’ remote management shortcomings. The
only file that comes with Server Core and no other edition of
Windows is SCRegEdit.wsf, a VBScript the team cobbled
together to set up Windows Update, configure a pagefile, set
up the time zone and enable Remote Desktop. You would
normally need a mouse and a GUI to complete those steps.
You can use existing tools like Netdom.exe to join the
machine to a domain, rename it and so on. For automatic
product activation, you can use Slmgr.vbs. That can even
handle phone-based activation, although given the length
of the activation code you have to type into the command
line, you’ll want to make sure automatic activation works if
at all possible. You can even use Slmgr.vbs from another
machine for true remote manageability.
Zen-like Simplicity
When you first log onto a Server Core console, you’ll see
two command-line windows. Why two? In case you close
one, of course. The final version will probably display only
one command-line at logon—you can hit Ctrl | Alt |
Delete and bring up the Task Manager to launch a new
Cmd.exe process if you accidentally close one.
In fact, Figure 1 shows that the statement “Windows without windows” isn’t exactly true. You’ll see that it does have a
bare minimum of Windows’ GUI capabilities for simple
dialogs like Task Manager and basic installation software.
The mouse also works, in case you were wondering.
Want to make a domain controller? Just run Dcpromo.exe,
as always. Because Dcpromo.exe can’t display graphically,
however, you’ll need to provide an unattended installation
text file. This is the same kind of file you would use to promote any DC in your environment. Server Core uses Longhorn’s technique of actually installing and removing the real
binary code when you add and remove roles. It’s not just
starting a few services. It’s actually copying real bits into the
system directory. This helps improve security. If you aren’t
running a feature, physically removing its code ensures that it
can’t be used against you.
Managing the Beast
Forget about logging onto a Server Core console and managing it from there. Sure, you can do it. There’s no GUI on
the server, though, and there’s no point making the trip to
the datacenter or even firing up the Remote Desktop con-
Project3
7/17/06
12:04 PM
Page 1
Citrix Education
Has Rolled Out New,
Advanced Certifications...
...and IT professionals
everywhere are celebrating.
With advanced certifications and training, IT professionals
now can provide the best access experience by:
• Designing and building the most efficient Citrix environments
• Providing optimal support for Citrix Access SuiteTM products
• Drastically reducing implementation costs
Citrix’s advanced certifications are among the most highly
respected in the industry:
Citrix Certified Enterprise AdministratorTM 4.0 (CCEA)—
provides extensive preparation for build, test, rollout and
support of all Citrix Access Suite products.
Citrix Certified Integration ArchitectTM 4.0 (CCIA)—
provides advanced preparation to analyze the existing IT
environment, and design for a successful implementation of
the Citrix Access Suite.
Get rolling with our most advanced certifications and
more at www.citrix.com/edu/redmond
C I T R I X
E D U C A T I O N
©2006 Citrix Systems, Inc. All rights reserved. Citrix ® , Citrix Access Suite TM , Citrix Certified
Enterprise Administrator TM and Citrix Certified Integration Architect TM are trademarks or
registered trademarks of Citrix Systems, Inc. in the United States and/or other countries.
All other trademarks and registered trademarks are the property of their respective owners.
9/15/06
6:07 PM
Page 44
Server Core
sole. You can do everything you need remotely. Just use the
Right now, WinRS doesn’t support interaction. Your comMicrosoft Management Console snap-ins you always have
mands must be all-inclusive so the command doesn’t need
for administering DHCP, DNS or Active Directory.
additional information. That may improve later in the LongUse Explorer for file and folder management. Heck, use
horn development cycle as the product teams try to add
your VBScripts or Windows
more back-and-forth capabilities.
PowerShell, since Server Core
Less Is More
supports both remote WinServer Core is not
Cramming Windows into a
dows Management Instruthe stripped-down
single gigabyte or less (down
mentation and Active
Yugo of the Windows
from Longhorn’s 5GB to 6GB
Directory Services Interface
world. It has what
footprint) requires leaving out
connections. The only differplenty of elements. Drivers
ence is that you’ll run these
you need, and only
are a good starting place.
management tools on your
what you need.
Server Core doesn’t do sound,
system, not the server console.
so it doesn’t need sound-card
You can use Group Policy to
centralize configuration. Server Core reads and obeys Group drivers. It doesn’t print, so it doesn’t need printer drivers.
This is the type of missing stuff that, quite frankly, you’ll
Policy objects (GPOs) from the domain just fine. In fact,
GPOs are the best way to configure Server Core features like never miss.
On the topic of drivers, though, how the heck do you install
the Windows Firewall and Automatic Updates client.
new hardware without the Control Panel or Add Hardware
If your workstations will be running Windows Vista, you
can use a cool new feature called WS-Management. Server Wizard? Relax, Server Core supports plug ‘n’ play, but it
does so silently. If you need to provide a custom driver, install
Core includes a WS-Management “listener.” Vista has the
it first with the Drvload utility. Point it at the driver’s INF
new WinRS—that’s the Windows Remote Shell client.
file and your driver will become part of Windows’ built-in
Type a command and WinRS transmits it to the server,
list and you can silently install the hardware.
where the command executes. Any output is displayed on
That will work if the driver itself is digitally signed. Right
your workstation. Finally, a compelling reason to upgrade
now, there’s no GUI to configure driver-signing policy.
to the much-delayed Vista.
Project1
8/3/06
9:38 AM
Page 1
9/15/06
3:26 PM
Page 46
Server Core
Server Core does have the Group Policy client, so you
could use Group Policy to configure driver signing.
Microsoft is considering adding a command-line utility to
control driver signing options for Server Core.
Server Core isn’t the stripped-down Yugo of the Windows
world. It has what you need, and only what you need—
IPSec, Windows Firewall, Event Log, Performance Monitor
counters, Licensing, Windows File Protection, outgoing
HTTP support and then some. Nothing strictly necessary
was tossed overboard. The default services list is miniscule,
with about 40 entries.
If you use third-party software agents to help improve
manageability, software deployment or other tasks, you
should be in good shape. Most agent software doesn’t
display any kind of GUI, so they’ll usually install fine.
This is especially true if they’re packaged in an .MSI file
(Server Core includes the Windows Installer service).
If they use .NET managed code, however, you’re out
of luck. Make sure you test any agents you plan to use
in advance.
Systems Management Server and Microsoft Operations
Manager, for example, seem to work fine. The anti-virus
software used by Microsoft and many other enterprise-class
anti-virus packages also work. Microsoft’s “Designed for ...”
logo program for Windows Longhorn Server will include a
Server Core element, so third-party developers can identify
code that’s compatible with Server Core.
Ready for Your Core?
Perhaps more interesting than Server Core itself is what it
promises for the future. With a stripped down version of
Windows, Microsoft has to provide better remote, non-GUI
management tools. These tools can make it easier to automate repetitive administration tasks.
Microsoft product teams will have to think in layers, imagining a minimum set of features that can run on Server Core
with minimal dependencies. Then they can conjure a broader set of features for full versions of Windows. Manageability
will become distinctly separate from server products.
Server Core is shaping up as the perfect infrastructure
server. With a smaller disk and memory footprint, there are
more system resources available for the server’s workload.
The reduced management and attack surface also make it
more stable and reliable than other versions of Windows.
When Longhorn Server ships in 2007, Windows will
have finally “caught up” to Novell NetWare 3.x. Server
Core is a server that’s just a server, not a full-fledged client
as well. Get your hands on the public beta of Longhorn
Server to check out Server Core. In the meantime, start
getting used to that command-line prompt. It’s your new
best friend. —
Don Jones is a contributing editor for Redmond. He’s currently
working on “Windows PowerShell: TFM” (www.sapienpress.com).
You can reach him at [email protected].
NORTHERN
STORAGE
SUITE
More than a third of your company’s saved data is irrelevant, outdated and nonwork related. Where do more than half of the Fortune Global 100 turn when they
need intelligent storage management?
“Microsoft is pleased about Northern’s focus and 10 year history in developing and delivering complete storage resource management solutions for
Windows environments, making it a good choice for Microsoft’s internal deployment”, said Ben Fathi, General Manager, Windows Server Division.
WWW.NORTHERN.NET / [email protected] / 1.800.881.4950
© Northern Parklife, Inc. All trademarks are properties of their respective owners.
Project3
7/17/06
11:15 AM
Page 1
The Most Universal Three Letters Since URL
At HP, a PMP® [credential] is a stamp of
approval. Our major reason for focusing
on project management certification is customerbased: We want to make sure we’ve got the best
project managers. Customers across countries
and industries ask us, what kind of project managers do you have? What
kind of certification do they have? We can tell them that the majority of our
project managers are certified. HP values certification. We have four levels of
project managers, and the top three require a PMP certification.
Ronald L. Kempf, PMP | Director, HP Services Project Management Competency Development & Certification
®
Making project management indispensable for business results.
www.pmi.org/pmpredmond.htm
®
Project Management Institute
© 2006 Project Management Institute, Inc. All rights reserved. “PMI”, the PMI logo, “PMP”, and “Making project management indispensable for business results” are registered marks of the Project Management Institute, Inc.
PMP_ad_Redmond.indd 2
5/18/06 10:10:15 AM
Project1
9/15/06
10:08 AM
Page 1
1006red_F2SharPnt49-58.v9
9/15/06
10:18 AM
Page 49
Itching to deploy Microsoft’s powerful new SharePoint
portal server technology? Better know what you’re
getting yourself into first. BY RICK TAYLOR
icrosoft’s SharePoint Portal Server 2003 lets
enterprises gather, leverage and expose vast
stores of knowledge. However, the process of
deploying the software can overwhelm IT managers who
find themselves working across a dizzying array of technical and business disciplines to tie it all together.
How do you make a SharePoint deployment fly at a large
enterprise? Join me on a high-stakes deployment at a very
large Food and Beverage Company that we will call FBC.
I meet with the CIO for the first time since I’ve been
hired. Nice guy. He asks me how much I really know about
SharePoint because he saw my resume, which mentioned
my expertise. It turns out one of his direct reports has been
charged with finding a solution for document collaboration and management. One of the project managers has
some SharePoint experience and FBC is looking seriously
at the software. The project manager and I hit it off almost
immediately and start geeking out on SharePoint technology. The project manager tells me he’s a developer and is
glad an IT guy like me can help with the deployment.
I meet with key stakeholders in the project. I have been
around the block enough times to know that leaving people out of the loop can build walls, and in the case of
SharePoint, you need to know who all the players are from
a business perspective. The taxonomy in SharePoint is key
and this makes knowing who’s who in the organization an
immediate priority.
I make it clear in the meeting that SharePoint will not
automatically organize the information, that care and planning on our part will be critical to success. Then I drop the
bomb: “Where’s the information that your organization
needs to have and use to be successful?” I ask.
9/15/06
10:18 AM
Page 50
The silence is deafening. The most common answer
after the silence is “Everywhere.” Sorry, but that doesn’t cut
it. We need to know exactly where the information is. Don’t
know? Find it. And once you find it, figure out what’s relevant and what’s not relevant. Based on the looks I get in the
meeting, answers won’t be easy to come by. And yet, this is
probably the No. 1 planning issue in deploying SharePoint
Portal Server 2003—knowing where the relevant information resides and how much of it there is. (In Microsoft
Office SharePoint Server 2007, the Knowledge Network
feature makes this issue a lot less daunting.)
After the information is located and assessed, the decisions as to what content sources to include are all but
made. In SharePoint a content source can be a file share,
an Exchange public folder, other SharePoint servers, or
other Web sites. Content sources are important because
SharePoint uses them to build a Content Index, which is
created when SharePoint crawls the locations where the
information resides and stores them. The context index is
then accessed by search queries. In order to create and
manage additional indices, you’ll need to enable Advanced
Search Administration mode.
Everyone is on board. Actually, the word’s gotten out and
more people want to get on board! I’m starting to get emails about when the application will be deployed and when
particular departments will receive their “portal.” I share the
e-mails with the project manager who moves them up the
chain to his boss. As this is a pilot project, we need to keep
the lid on things and limit the scope of the effort. This
means no extra “stuff” or “tools,” and all the hardware and
software must be commercial, off the shelf (COTS).
Actually, all this makes the job more manageable. We
know how many departments and groups will be allowed to
participate in the project and we can avoid fighting with
vendor support in this deployment. The server stack
includes Microsoft Server 2003 Enterprise Edition, SharePoint Portal Server, Microsoft SQL Server 2000 Enterprise
Edition, Microsoft Cluster Server and Microsoft Network
Load Balancing. Next, I interview the groups to find out
exactly what their individual needs are, and how many documents they are planning on using to collaborate with others.
The interviews were informative. I now have enough
information to start planning the logical structure. I’ve
decided that a large server farm is appropriate, even for
this pilot project. There are five business units in four distinct locations (all in North America) that make a convincing pitch for needing SharePoint.
Now for the physical infrastructure. I need to figure out
where the servers will be placed geographically, what DNS
entries to make (A records and CNAME records are used
heavily in SharePoint) and the exact topology. I will have
to work with the Active Directory team to ensure that the
proper accounts are created and I will need to work with
the Network team to get the appropriate IP addresses for
each server. I wonder if is there is a database team? (I later
find out that there was.) I will need to bring them in the
loop since SharePoint must store its configuration information there. Emails go out to about 40 people.
While I wait for the response to the emails, I use the time
to think about the hardware. What type, how much and
what are the specifications? Because FBC has a contract
with a very large hardware vendor (LHV), my options are
somewhat limited. This is a large server farm, so I will
need servers to host the Web front-ends (WFE), Search,
Index and a clustered database. I calculate how much space
I will need for the implementation. This gets interesting. I
will need about a 5:1 disk space ratio—for every 1GB of
data I want to put into SharePoint, I will need 6.5GB of
free disk space. Where does that ratio come from? Let’s do
the numbers.
If I have 1GB of data, I’ll need 1GB of free disk space,
obviously. Because this space is in SQL server, I will also
need 100 percent free disk space equal to the size of the
database for SQL DB maintenance routines. We estimate
we’ll need about 300MB of storage for the internal index,
and four times that amount for indexing external data,
such as data from file servers, public folders, other Web
sites and the like. Finally, we’ll need plenty of available
storage for the farm backup. The numbers for our project
shake out as shown in the table below.
Free Space Needed
Documents . . . . . .
Database . . . . . . .
Index (internal content)
Index (external content)
Farm backup . . . . .
GRAND TOTAL . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 1.5TB
. 1.5TB
. 300GB
. 1.2TB
. 3.0TB
. 7.5TB
Because this is a large server farm, the server components
need a high-speed connection between them (and a T1 is
decidedly not high speed). The reason: WFE and Search
servers talk to one another constantly and a long delay (of say
more than 30 seconds) could bring down the server farm.
Also, FBC utilizes SSL on its Web servers and uses ISA
Server as its proxy, which may be an issue. Incoming
HTTPS request packets are received as an HTTP address by
SharePoint, which makes it impossible to upload documents.
The folks in Information Security aren’t likely to
change their default configuration just for me. But when
I show them that we can end run the problem by implementing host-header forwarding, the group gets on
Project1
9/13/06
1:27 PM
Page 1
7:30 - Running with Marty
9:00-12:00 - Replace RAID controller
12:00 - Lunch with Dennis
12:30 - Installing SQL Server 2005 Class
2:00-4:00 - Meet w/ hardware vendor
it’s your time.
4:30 - Monitor usage queue’s
5:30 - See tape library demo
6:30 - Managing SQL Server Security Class
Focused learning. One-on-one mentoring. Flexible scheduling.
New Horizons Mentored Learning program puts time back in your hands. Flexible
course schedules allow you to acquire valued new skills around your daily schedule.
Targeted learning means you learn what you need to learn without wasting your
time with what you may already know. New Horizons knows that time is money and
Mentored Learning allows you to maintain productivity, schedule around deadlines
while increasing your capabilities. Choose from over 280 learning centers in 56
countries. Certified instructors are available to lead you through a variety of
programs at your pace. Stay productive, stay in charge.
Start here at www.newhorizons.com
mentored
learning
9/15/06
10:18 AM
Page 52
board. Now ISA Server can forward the HTTPS packets
to the WFE without altering the original host header in
the HTTPS packets.
Another option is SSL bridging, though it’s more problematic when troubleshooting search than host-header forwarding. ISA Server enables HTTPS-to-HTTP bridging,
but the functionality is not supported when publishing
with SharePoint. SharePoint uses absolute URLs, and the
URL from the client and the URL sent to the server must
match. To keep the URL sent from the client to ISA Server the same as the URL sent from ISA Server to the Web
server, a new SSL connection must be established between
ISA Server and the Web server.
SharePoint Infrastructure
Client using
Web browser
SEARCH01
ISA 2004
INDEX01
Database
WFE01
Figure 1. ISA Server receives a secure HTTPS request, then
uses host-header forwarding to send an HTTP request for the
published site.
I tally up the best estimates from all the groups as to how
many documents they have and decide that I will need substantial hard drive space; somewhere in the neighborhood
of three terabytes. I make a call to the hardware vendor and
get the exact specifications for the servers and RAID arrays
and receive a quote. I send the quote to the finance guy and
he gives me an ETA on when I can get the hardware.
With infrastructure pieces of the deployment planned, it’s
time to pull in the project manager who has development
experience to discuss possible development issues in SharePoint. Some groups will be developing custom web parts,
and as a responsible administrator I need to negotiate what
should and should not be done in SharePoint from a development perspective. This means a discussion about Code
Access Security (CAS).
CAS is an important aspect of SharePoint. If you, as an
administrator, allow developers to write and deploy whatever
they want, you are asking for problems. If a developer were
to create an assembly that performs file I/O, you should
ensure that the code is restricted to specific (and hopefully
isolated) areas of the file system. CAS also means that you
should prevent other code developed externally from calling
internal code. CAS can also use an assembly’s URL, or hash,
to identify code. In the .NET framework, evidence is used to
identify assemblies and grant appropriate permissions to
those assemblies. This can be the URL, or Zone, from which
the assembly was obtained. Evidence could also be a digital
signature or hash. In addition to the default ASP.NET security policy files, Windows SharePoint Services (WSS) provides two policy files: (wss_minimaltrust.config and
wss_mediumtrust.config). Each policy file has a set of code
groups which are used to assign permissions to assemblies.
What does this information mean to an IT administrator? For one, it means understanding and restricting the
behavior of assemblies installed on your WFEs. A utility
called PERMVIEW lets you view all declarative security
used by an assembly. The syntax is: PERMVIEW [/output
filename] [/decl] manifestfile
Let’s say that your developer created an assembly called
UBERassembly.exe and you want to know all the declarative security on this file. You would run PERMVIEW /output whatsitdoing.txt /decl UBERassembly.exe. Review the
output and if you see RequestMinimum permission,
understand that this lowers the security threshold required
for the code to run. Also, if the output shows
Unrestricted, you’ll know that once it has obtained minimum permission, the code will enjoy unrestricted access to
whatever resource it is calling. You are well advised to
make sure that developers understand this code will not run
on your WFEs. Here is a short list of questions you should
be asking your developers:
• Is your assembly strong named? That is, does it have
a hierarchical name, rather than a weak (flat) name?
• Do you request minimum permissions? Minimum permissions make it much easier for code to run unrestricted.
• Have you scanned your code for Assert calls?
Remember, Asserts that are not handled carefully may allow
malicious code to call your code through trusted code.
If your developer gets uppity, or tries to dazzle you with
dev talk simply tell him/her that the code will stay in a dev
environment until proven safe.
The rest of the day is spent developing Visio diagrams of
the proposed SharePoint infrastructure, to be presented at
the stakeholder meeting tomorrow. Figure 2 on p. 58
shows how it might look.
Hardware will be here in a few days and I’m preparing to
present to the stakeholders again. The number of stakeholders has grown from eight to more than 20. My goal at
the meeting is to present the proposed infrastructure diagram, outline principles of governance, and have a minitraining session over how to navigate the user interface. I
will break out of the meeting and meet with the future
application owners to show them how to craft a useful
search result, which may take half the day.
1006SharepointGuideFinal.qxd
9/15/06
1:32 PM
Page 53
Redmond’s SharePoint Partner Showcase
FREE TRAINING
Ź www.organice.com
NEW! Microsoft®
SharePoint® Server 2007
up to a $125 value!
SharePoint®
2007
easy.
affordable.
integrated.
See AppDev quality for
yourself!
Visit our Web site today and get
your FREE Exploring SharePoint
Server 2007 training CD-ROM or
download. You will receive up to
3 hours of award-winning training
taken directly from our NEW
SharePoint Server 2007 training
course.
See why thousands have voted AppDev the best!
Request your FREE CD-ROM or download today.
Document Management
TM
Tech
n
ical learning...in a
yi
sb
clas
www.appdev.com/freetrain/12
lf
t se
Ŷ Create
Ŷ Search
Ŷ Print
Ŷ Capture
Ŷ View
Ŷ Distribute
Ŷ Structure
Ŷ Publish
Ŷ Archive
9/15/06
1:32 PM
Page 54
Find information. Understand Information.
Act—much faster.
Coveo Enterprise Search for SharePoint (CESS) offers
“supercharged search” for content in Microsoft
SharePoint Portals and WSS sites.
Winner of the 2006 Microsoft Partner Regional Winning
Customer Award, CESS delivers the best value in the
marketplace with out-of-the-box security, unparalleled
accuracy, ease of use, and an implementation cycle of
less than 24 hours.
Whether it’s to meet regulatory compliance, respond
faster to customers, or to improve processes, Coveo
Enterprise Search for SharePoint offers advanced search
that improves user adoption of SharePoint, and enhances
the value of an organization’s investment in SharePoint.
Free 30-Day Evaluation.
www.coveo.com
800-635-5476
9/15/06
1:32 PM
Page 55
Advanced SharePoint
Migration Solutions
Tzunami, a Microsoft Gold Certified Partner, is the
leading provider of migration solutions for SharePoint
2003 Products and Technologies, Windows
SharePoint Services, and Office SharePoint
Server 2007.
Tzunami offers a proven track record of advanced
migration solutions from Documentum, LiveLink,
Notes, eRoom, Exchange Public Folders, legacy
SharePoint servers, and various other systems.
Tzunami is selling and supporting migration projects
worldwide.
http://www.tzunami.com
[email protected]
Improved search on SharePoint
Mondosoft provides a complimentary suite of products and web parts designed to improve and enhance
your SharePoint portal. Our solutions increase SharePoint portal adoption by helping your users find the
information they are looking for the first time - every time.
Can your users find relevant information in SharePoint?
Can you measure the success of your SharePoint Portal?
How do you get a faster ROI on your SharePoint investment?
The answer is Ontolica PortalSearch
- download a free evaluation copy on www.ontolica.com
www.mondosoft.com
Toll Free +1 800 625 1175
www.ontolica.com
9/15/06
10:18 AM
Page 56
The mini training goes longer than expected. So many
questions! The training aspect of this initiative suddenly
hits me like a ton of bricks. Universal adoption requires
that the end user be trained, but you can’t expect everyone
to acquire significant new skill sets.
The breakout meeting was also interesting. They were
surprised the search functionality of SharePoint was as
It gets better. The newest version of the SharePoint
platform greatly improves the collaborative tools,
content management, tracking capabilities and
hosting of other services to the knowledge worker.
According to Kurt DelBene, Microsoft’s corporate
vice president of the Office Server Group, the
extensibility of Windows SharePoint Services is
a conscious design choice to create a product
that takes advantage of the industry’s rich ecosystem of solution providers and highly specialized
software developers.
“We have designed Windows SharePoint Services
with the foundational components that enable customers and partners to develop solutions for collaboration, content management, and portals,”
DelBene says.
As in WSS v2, the new version can provide a single
workspace for teams to coordinate schedules,
organize documents, and participate in discussions—
within the organization and over the extranet.
So what’s new? To begin with, the new user interface is breathtaking. There’s a ton of information on
Figure A. The new start page puts everything at a
mouse-click away.
the starting page of the new Windows SharePoint
Services version 3 (WSSv3).
It’s all about organization. As you can see the five
main areas of Permissions, Look and Feel, Galleries,
Site Administration and Site Collection Administra-
powerful as it was configurable. Unlike other search
engines, SharePoint’s search uses what is called “Free Text
Queries” and ignores wildcards and Boolean expressions.
SharePoint attempts to understand what you are searching
for rather than matching the words you put in the search
field. It uses different components to help best match your
intent. One of those components is the Thesaurus. The-
tion are all laid out for you on the same page, a
real improvement over version 2. There are two
key component improvements in WSSv3:
— Improvements to collaboration workspaces.
SharePoint sites now offer e-mail and directory integration, alerts, Really Simple Syndication (RSS) publishing, templates for building blogs (also known as
weblogs) and wikis (Web sites that can be quickly
edited by team members requiring no special technical knowledge), event and task tracking, improved
usability, enhanced site navigation and more.
— Enhancements to content storage. SharePoint
lists and libraries now provide per-item security for
better data control and integrity, a recycle bin and
enhanced flexibility for storing more types of content. Row and column capacity has also been
increased, as has retrieval speed. WSSv3 can be easily integrated with smart client tools. In particular,
close integration with Microsoft Office Outlook 2007
provides offline access to events, contacts, discussions, tasks and documents.
One of the best interface updates is the breadcrumb feature, which always shows users where
they are in the site hierarchy. It’s a well-known fact
that if users have to click more than six times to
get somewhere, they’ll become frustrated and give
up. Breadcrumbs should eliminate this issue.
Microsoft shied away from the term “document
management” in the last version of WSS, but no
more. Version 3 is a full-blown document management environment, with workflow, scheduling,
tracking, and other features vital to keeping tabs
on document creation and archival.
The new SharePoint even boasts a built-in calendar,
which can sync with Outlook and has an RSS feed
that allows you to subscribe to sites. The new version also adds item level security in lists, providing
much higher granularity when managing access to
information. It’s a long-awaited improvement that
most IT managers will welcome.
The list goes on and on and the best part is
that it’s free. You can download your copy at
Redmondmag.com. FindIT code: SPDiary
— R.T.
Project1
7/6/06
9:52 AM
Page 1
9/15/06
10:18 AM
Page 58
Client
Client
Client
saurus files are located in %systemroot%\Program
Files\SharePoint Portal Server\DATA\Config. The files
are separated by language and if you are using English, be
sure to edit the correct English file (ENU for USA, ENG
for UK). For FBC, there were many words for which we
needed to expand the Thesaurus. For example, “Water” was
expanded to “Still,” “Sparkling,” “Spring” and “Drinking.”
It was also suggested that certain words be excluded—
achieved using the Noise Word file. It tells SharePoint to
exclude words from the Index, such as prepositions, conjunctions and articles. Just realize, if a library wanted to
index the movie “The Way We Were,” it would be invisible
Search Server
FBCSR800
Index/Job Server
FBCIDX01
Index Server
FBCIDX00
Search Server
FBCSR801
Web Front-End
FBCWFE03
Web Front-End
FBCWFE02
Web Front-End
FBCWFE01
Web Front-End
FBCWFE00
Hardware IP
Load Balancer
SQL Server
Cluster
FBCSQL00
Microsoft SQL 2000 Log Shipping
SQL Server
Cluster
FBCSQLX00
Figure 2. An overview of FBC’s SharePoint environment reveals
ample redundency.
to SharePoint. Every word in the title is a default Noise
Word. If changes are made to the file, you must restart the
Microsoft SPS Search service. Troubleshooting the Search
functionality is the most time consuming and sometimes
the most frustrating of all. Since the Thesaurus is case sensitive, both cases of the word should be tried if necessary.
Now I just wait for the hardware, fill out the appropriate
change request forms, hold the proper follow-up meetings,
purchase the software licenses, do my normal day-to-day
chores and work with the facilities managers at each location
to actually get the hardware racked and cabled up. The hard
part—planning—has been done. Then we’ll have to work on
training the users. Now that will be a major headache. —
Rick Taylor is a consultant who has been deploying every version
of SharePoint portal for major corporations since 2001. You
can reach him at [email protected].
An effective SharePoint deployment must
be built with a solid understanding of the
organization’s design needs. Here are some
of the most common things you should take
into account before (or as) you design your
SharePoint infrastructure.
1. Thou shalt not put all documents into
SharePoint. This is a common mistake. SharePoint is a good document repository, but it
should not replace your file servers. Keep noncollaborative documents on your file servers
and point SharePoint to the file server as a content source. Dropping all documents into SharePoint unnecessarily grows your SQL database
and makes a backup and restore more cumbersome, especially for a file-level restore.
2. Thou shalt put processing power on the
Web front-end. Architects often place the
biggest, most powerful piece of hardware at
the back-end with SQL. But if that database
is dedicated to SharePoint, you are off
course—the “hoss” should be placed at the
front-end with the WFE. That’s the end that
gets busy with crawling content and serving
up user requests.
3. Thou shalt not underestimate storage
requirements. Obey the Golden Rule of SharePoint—for every 1GB of data, set aside 5GB to
6GB of storage capacity. If you don’t adequately
size your disk space, you’ll be forever adding
space at inconvenient times.
4. Thou shalt not scrimp on user training.
What if you built a killer app and no one used
it? Fail to train your users, and you’ll find out.
Develop an internal training program or pay
for competent external training, but do not let
your investment go down the drain.
5. Thou shalt respect search. If you
deployed SharePoint for its search, you must
invest man-hours to make it work right. Expect
to budget 0.5 FTE (Full Time Employee) for
every 100 content sources SharePoint server
must crawl. That half-day will reflect time
spent ensuring content sources are being
correctly crawled, that filters are working and
that quality results are being returned. — R.T.
Project1
8/3/06
10:20 AM
Page 1
1006red_Never60.v7
9/15/06
10:28 AM
Page 60
NEVER
AGAIN
By Jim Desmond
SQL Slip Up
arly in my IT career I worked for a small training-
E
resource software firm. At the time, my company
was at the cutting edge of client/server-based
applications, employing Microsoft SQL Server 4.2
as its back-end database.
One of our largest customers was using
our software to support its training
department. The software let thousands
of employees register for classes, checkout resources and see their progress
toward certification. They needed some
customizations done to support a government client, so as the only person
with experience in Microsoft SQL
Server, I traveled to the customer site.
Our company president, who also doubled as our head programmer, came to
support the database side.
The customizations had been completed, tested and saved to floppy disk
before we left our office in Chicago.
Before we could install the code
changes, however, we had to massage
the live production data. Simple
enough. The first step was to run a
SELECT query that looked for
records in the STUDENT table that
would not fit into the new customizations. We needed to make sure our
final query would successfully update
the table with the correct information.
What’s Your Worst
IT Nightmare?
Write up your story in 300-600 words
and e-mail it to Michael Desmond at
[email protected].
Use “Never Again” as the subject line
and be sure to include your contact
information for story verification.
My boss worked up a query that
returned all students who did not have
an employee ID registered. A second
UPDATE query then altered the data
in the LAST_NAME field for all the
matched records. This way, the records
would remain in the
database, but would
not display in the
application.
My boss was flying
through the
process, which,
to be honest,
he was very
good at.
However, he
accidentally
placed a carriage return in the
SQL query text, causing the UPDATE
query look to overwrite the last name
for every record in the customer’s
database and made it TERMINATED.
I watched him prep the query and
remember wanting to scream “Nooooo!”
as his hand hovered over the Enter button. I said to my boss, “David, do you
realize what you just did?” His eyes
flicked back and forth over the screen
and he whispered, “Oh my god.”
It was bad. We had been working on
the production database. That’s never a
good idea, especially when the database
belongs to your largest client.
My boss was frantic, trying to keep
the customer from finding out what
happened while we tried to recover
the lost data. I searched for recent
database dumps. There were none.
After a couple of hours, we knew we
had to tell the client.
They were … unhappy. They had to go
to their tape storage facility and perform
a full restore of their database. And back
then, restoring from tape was really hard.
Needless to say, all of our professional
services during that trip were gratis,
including our expenses. I think the only
reason they didn’t kick us to the curb
right then was that our software was
so heavily embedded into their business.
To appease them, we offered
deep discounts and
free professional
services for a
year. We lost a
lot of money on
that trip, but
we did keep
the customer.
Like most
disasters, a lot
of little mistakes were made
on the way to a big
calamity. But one error stands out: The
decision to run an untested query on a
production database. We also failed to
confirm the presence of a recent data
backup. Had we taken that step, we
might have been able to quietly recover
from our error without involving the
client. Instead, we learned a hard lesson
in customer retention.
As for the president of the company, he
stopped working on live data, providing
only pre-tested scripts to customers that
need data customizations.—
Jim Desmond, CISSP, works in information security and contingency planning in
the San Francisco Bay area.
ILLUSTRATION BY MARK COLLINS
Project1
7/6/06
9:30 AM
Page 1
Project3
7/17/06
11:24 AM
Page 1
Get noticed
for the right reasons
Not standing out as the professional you are? Increase your career opportunities and earning power. Get your
CAPM® credential — the globally recognized certification for IT professionals with project responsibilities. You’ll
catch the eye of management with your proficiency in project management application.
Start getting noticed. Earn your CAPM® credential, brought to you by the organization that furthers careers in
project management: Project Management Institute.
®
Making project management indispensable for business results.
www.pmi.org/capmredmond.htm
®
© 2006 Project Management Institute, Inc. All rights reserved. “PMI”, the PMI logo, “CAPM”, “PMP”, and “Making project management indispensable for business results” are registered marks of the Project Management Institute, Inc.
PMI_CAPM_peek_Redmond.indd 1
5/17/06 4:41:18 PM
1006red_Winsider63-64.v5
9/15/06
10:25 AM
Page 63
WindowsInsider
Greg Shields
Cut the Crap
Y
ou’ve tried everything from subtle cajoling to aggressive user policies, yet it still manages to seep and creep
into your network. You know the four-letter word I’m
talking about: crap. Whether it’s MP3s, .MOVs or boatloads
of inappropriate pictures and videos, it is filling up your
expensive hardware drives with useless information.
Let’s face it; dealing with unwanted
excrement is just a fact of life in IT.
But if you’re one of the lucky ones who
have upgraded to Windows Server
2003 R2, you may have already played
around with Microsoft’s new tool
designed to stop the inevitable pileup
of digital dung, the File Storage
Resource Manager (FSRM).
FSRM is actually a suite of three tools
designed to give you more flexibility in
identifying, monitoring and preventing
useless and redundant data from getting onto your file servers. You should
think of FSRM as your old friend the
disk quota, but all grown up.
To install FSRM on a new R2 server,
navigate to the “Manage Your Server”
wizard and add the File Server role. If
you’ve already created a file share,
select the existing File Server role and
choose “Upgrade This Role.” In either
case, you’ll be given the choice of
adding four optional services for DFS
Replication, NFS, Macintosh Services
or the Storage Manager for SANs. As
an aside worth noting, though considered to be part of FSRM, the Storage
Manager for SANs fulfills a much different function by providing management for iSCSI and Fibre Channel
disk arrays.
To launch the FSRM’s MMC console,
click on the File Server Resource Manager link from Administrative Tools.
The three tools that comprise FSRM
are designed to address three critical
data storage problems.
Figure 1: FSRM’s robust e-mail engine can
send detailed reports to offending users on
their disk waste problems.
The first problem is limiting the
quantity of crud. By using Quota Management, you can create quotas for any
drive or folder on your network. Unlike
disk quotas, which are only enabled at
the volume level, FSRM’s quota management can create multiple quotas at
every level in your file structure.
When quotas are reached, the
administrator can configure reports
to be generated, scripts to be run,
Event Log entries to be sent or e-mail
messages to be delivered. The e-mail
engine is robust enough to send preconfigured messages populated with
selected variables to the offending
users telling them exactly what they
have done wrong. Event Log messages
can be similarly customized.
One of the most useful features is the
ability to generate and send detailed, customized reports on disk use directly to
the offending user when they approach
or hit their quota. The administrator’s
biggest disk management headache has
always been sifting through the important data to find what’s useless and
redundant. Because you, the administrator, don’t know what’s bad, you probably
choose to just enlarge the volume. The
user, however, likely does know. By
receiving a usage report, they can take
matters of deletion into their own hands.
Second is generating administrative
reports of online offal. The FSRM’s
storage reports management exposes
eight canned reports that can be further
configured to best suit your reporting
needs. Although creation of additional
reports is not an option in this version
of the tool, the existing reports on
duplicate files, file screening, files by
file group or owner, large files, least
and most recently accessed files, and
quota usage should provide most of the
necessary information.
Because a detailed scan of a folder
structure’s tree can consume system
resources, FSRM configures and schedules reports to be run during off-hours.
These reports, when complete, are
stored in %SystemDrive%\Storage
Reports and can be sent via e-mail to a
pre-configured account. Reports can be
saved in DHTML, HTML, text or
.CSV formats. But if you’re integrating
them with out-of-band databases or
third-party applications that support it,
an .XML document can be delivered.
The third problem has to do with
blocking certain types of junk. If setting
quotas, monitoring reports and notifying users of their bad behavior does not
satisfy you, then FSRM also has the
ability to completely block storage of
files. This capability is based on what
are called “file screens,” which is a configurable set of files specifically permit-
1006red_Winsider63-64.v5
9/15/06
10:25 AM
Page 64
WindowsInsider
ted to or restricted from being copied
to the server.
File screens are broken up into three
components. The first, called the file
group, establishes the type of blocked file
by its file name or extension. File groups
To get around the file screens, users
only have to rename the file to something not scanned by the engine.
According to Microsoft, file screens
based on content are forthcoming, so
this feature is worth keeping an eye
With tools like Microsoft’s FSRM, systems administrators can
now have the ability to add monitoring, file screening and hardline blocking of inappropriate file types to their quiver of tools.
are collected into file screen templates
that tell the system what action to take
when a user attempts to copy a restricted
file. Actions here are similar to those for
quota management in that scripts or
reports can be run or e-mail or event log
messages can be generated.
Although useful for preventing the
worst kinds of data storage violations
of things like MP3s or .MOVs, file
screens have a major limitation in that
they are currently name-based only.
Microsoft, Sun,
CompTIA, Cisco
on. Also, no capability for managing
any of these settings via Group Policy
is currently supported, although this
capability is also being planned for a
future release.
Lastly, like any new Microsoft tool, a
command-line interface to the tool is
available and fairly representative of the
capabilities contained in the GUI. Three
command-line utilities represent the
three nodes in the FSRM tree: dirquota
for Quota Management; filescrn for File
Screening Management; and storrept for
Storage Reports Management. Like the
GUI, the command-line tools have the
capability of managing remote FSRM
instances, as well.
For many, the solution for growing
storage needs has been to purchase
increasingly larger disk arrays, moving
from DAS to SAN or NAS storage, or
the manual deletion of aged data. With
tools like Microsoft’s FSRM, even in its
first release, systems administrators can
now have the ability to add monitoring,
file screening and hard-line blocking of
inappropriate file types to their quiver
of crap-deflecting tools. —
Greg Shields, MCSE: Security, CCEA,
is a senior consultant for 3t Systems in
Denver, Colo. (www.3tsystems.com). A
contributing editor to Redmond magazine
and a popular speaker at TechMentor
events, Greg provides engineering support
and technical consulting in Microsoft,
Citrix and VMware technologies.
Do you have a certification from one of these organizations?
Then you may have completed up to 25%
of your bachelor’s degree at WGU.
Let’s face it, IT certification earns you a job. But you need a degree to advance your
career. At Western Governors University (WGU), you can earn the only accredited,
online competency-based IT degree in the country, including up to eleven respected IT
certifications. If you already hold major IT certifications, you may be able to waive some
of your degree requirements and graduate faster—and for a lot less money. WGU is ideal
for working IT professionals because you can study when it’s convenient for you, under the
guidance of faculty mentors dedicated to your success.
Call us today at 1.800.219.6689
or visit us online at www.wgu.edu/rdm
Bachelor of Science in Information Technology
Emphasis Areas Offered: Networks, Databases, Security, and Software
Western Governors University
KJHEJA =??AHAN=PA@ =BBKN@=>HA =??NA@EPA@
Project6
9/12/06
2:47 PM
Page 1
1006red_SecAdvisor66-68.v6
9/15/06
3:29 PM
Page 66
SecurityAdvisor
Joern
Roberta
Wettern
Bragg
Risky Travels
S
taying connected while you’re traveling is a challenge.
Establishing secure connectivity is even trickier. My
work has involved a lot of travel over the last few
years. While it’s exciting—and sometimes tedious—the one
constant of traveling is the challenge of maintaining secure,
reliable and affordable connectivity on the road.
Fortunately, you can get relatively reliable connectivity in most places, even
though speeds can be surprising. The
slowest public access speed I have seen
was a 9600 baud modem connection
shared between two computers. Considering that was on a remote island with
only a satellite telephone connection to
the mainland, even that was remarkable.
While getting a connection might be
easy, paying for it is another matter.
Hotels are notorious for charging
guests “extras” for things like connectivity. I have seen rates that were more
than $30 a day—and that was in a place
where the local phone company
charges their subscribers that much for
an entire month of DSL service.
There are also wireless hotspots,
cafés and hotels that offer fast, reliable
Internet connections for cheap or free.
Connecting anywhere is indeed getting
easier all the time, but it still creates
some unique security challenges.
Want Coffee with That?
If you’re traveling without your computer, the most obvious choice for
Internet access is to visit an Internet
café. These days, you can find them just
about anywhere. Internet cafés often
brew some good coffee, as well, so
they’re a pleasant place to take a break
and do some browsing.
However, public-access computers in
Internet cafés, airports or hotel lobbies
are not a secure way to access your corporate network. While these computers
are often configured to prevent someone from installing a key logger or
other monitoring device, it’s often a
simple solution that is easy for a criminal to circumvent. The technician at a
neighborhood Internet café may be an
honest and knowledgeable guy, but he
probably can’t stop a determined hacker from installing rogue programs on
one of the computers. Even in places
you trust, you’ll find surprising risks.
Unfortunately, I have seen many
cases of people displaying risky com-
There’s nothing wrong with
checking the weather report
from an Internet café,
but be careful when reading
and sending e-mail.
puting behavior, even when they
should know better. For example, I
often teach in classrooms where students all log on with administrative
privileges (the Administrator password
is identical on all computers). With this
configuration, any student in the classroom could install a keystroke logger
on any of the computers.
Typically, about half of the attendees,
many of whom work in the security
field, still check their work e-mail during class or do other things that require
them to enter passwords. While it’s
unlikely that anyone has ever tampered
with any of the classroom computers,
there’s no guarantee that this hasn’t
happened in any classroom, lab, hotel
lobby or Internet café.
There are different ways to protect
yourself against password theft on a
public computer, like one-time passwords. However, even those don’t protect you against someone intercepting
the characters you type or taking snapshots of everything displayed on your
computer screen. The only effective
defense against those types of threats is
to stay away from public-access computers unless what you’re doing doesn’t
involve anything confidential.
There’s nothing wrong with checking
the weather report from an Internet café,
but be careful when reading and sending
e-mail. If you need to check your e-mail
while you’re out of the office, take along
your laptop. If you leave your laptop at
home during your next trip, consider setting up a free e-mail account or getting a
phone that can send and receive e-mail.
No Privacy on Public Networks
The best way to avoid the security problems associated with public computers is
to use your own equipment. Lugging
around a laptop can be tedious, but it
makes computing away from home that
much more secure. Taking your computer outside the firewall and the protected
environment of your network and
attaching it to a public network does
require some extra precautions, however,
like enabling a personal firewall and
being more diligent about installing
security updates and virus protection.
Even if you do all the right things, you
should still be concerned about privacy
when you connect your laptop to a public network, whether wired or wireless.
Even the best personal firewall will leak
some information. Whenever you connect a computer running Windows to
any network, it has to initiate broadcasts
and send DNS queries for domain information. Someone who monitors network
traffic with a protocol analyzer like
Project1
9/13/06
12:54 PM
Page 1
1006red_SecAdvisor66-68.v6
9/15/06
3:35 PM
Page 68
SecurityAdvisor
Microsoft Network Monitor or Ethereal
can capture and view this network traffic.
Within that traffic is information like
computer, domain and user names. Having this information won’t let a hacker
break into your network, but it may still
reveal some information you don’t want
to share.
To fully understand the risks, at some
point you should connect a laptop that
is part of your Windows domain to a
segment of your network that you
monitor with a protocol analyzer. Look
at the broadcasts and other packets
transmitted by the computer. Then you
can make an assessment of whether any
of the transmitted data would constitute a security breach if it became available outside of your organization.
Another thing to keep in mind is that
all network traffic going across most
public wired or wireless networks is not
encrypted—unless you connect to an
SSL-protected Web site or use some
application that encrypts the communi-
cations between server and client. To
ensure confidentiality while you’re connecting to the Internet from a hotel
room or a wireless hotspot, you’ll need
to establish a VPN connection to your
corporate network as soon as possible
after initially establishing connectivity.
Then you can work relatively securely
over this VPN.
One thing you can’t hide is the hardware (MAC) address of your network
adapter. Getting this information doesn’t
allow someone access to confidential
information, but it may let someone
hijack your connection and impersonate
your computer. The biggest risk there is
that someone can capture packets
between your computer and a wireless
hotspot. Most of these hotspots require
some initial authentication. After that,
however, they rely solely on the MAC
address to ensure that network packets
come from an authenticated computer.
A hacker monitoring network packets
to and from the hotspot can easily
change his own computer’s MAC address
to match yours. Because the hotspot
treats all network packets from that
address as authenticated, the hacker
would get free Internet access.
Stay Safe
Both public computers and public networks present their own security risks.
The only way to truly stay secure while
you’re on the road is to bring your own
computer and connect to your own network. Bringing your computer is the easy
part. Connecting to your own network
can be more challenging, but a VPN
connection can do the trick. —
Joern Wettern ([email protected]),
Ph.D., MCSE, MCT, Security+, is the
owner of Wettern Network Solutions. He’s
written books and developed training courses
on numerous networking and security topics.
He helps companies implement network security solutions, teaches seminars and speaks at
conferences worldwide.
Project1
9/13/06
12:02 PM
Page 1
Broken links caused
by data migrations?
• Migrating
data due to
server upgrades, server
consolidations or new
storage servers?
LinkFixerPlus is the first application that automatically maintains
links in files when you move or rename files, folders or drives.
With LinkFixerPlus, you can:
• Perform data migrations of Excel, Word, Access,
PowerPoint, AutoCAD, HTML, PageMaker, InDesign
and PDF files, in batch, without causing broken links.
• Folder
reorganizations?
• Automatically fix broken links in files that have already
been moved.
• Server
name changes?
• Generate broken link reports and detailed parent and
child file reports.
• Broken
links?
• Process thousands of files in one run.
Request your free 30-day evaluation copy of
LinkFixerPlus from: www.LinkTek.com. E-mail us
at [email protected] or call 727-442-1822.
Copyright © 2006 LinkTek. All rights reserved.
LinkFixerPlus is a trademark of LinkTek
Corporation. Patent No. 7,032,124. All other
products mentioned are trademarks of their
respective holders.
Project7
4/12/06
3:07 PM
Page 1
1006red_Index_71.v2
9/15/06
3:08 PM
Page 71
AdvertisingSales
RedmondResources
AD INDEX
Advertiser
Page
3CX Ltd.
45
www.3cx.com
Acronis Inc.
C3
www.acronis.com
AppDev Training
53
www.appdev.com
www.avepoint.com
48,53
www.avepoint.com
Citrix Education
43
www.citrix.com
CNS Software
22
www.cns-software.com
Matt Morollo
Coveo Solutions, Inc.
54
www.coveo.com
Associate Publisher
508-532-1418 tel
508-875-6622 fax
[email protected]
DigiVault by Lucid8
15
www.Lucid8.com
Diskeeper Corporation
9
www.diskeeper.com
EMC Corporation
3
www.emc.com
www.eventlogtracker.com
23
www.eventlogtracker.com
West/MidWest
East
Dan LaBianca
JD Holzgrefe
Director of Advertising, West
818-674-3417 tel
818-734-1528 fax
[email protected]
Director of Advertising, East
804-752-7800 tel
253-595-1976 fax
[email protected]
SALES
Bruce Halldorson
Western RegionalSales Manager
CA, OR, WA
209-473-2202 tel
209-473-2212 fax
[email protected]
Danna Vedder
Microsoft Account Manager
253-514-8015 tel
775-514-0350 fax
[email protected]
Tanya Egenolf
Advertising Sales Associate
760-722-5494 tel
760-722-5495 fax
[email protected]
CORPORATE ADDRESS
1105 Media, Inc.
9121 Oakdale Ave. Ste 101
Chatsworth, CA 91311
www.1105media.com
MEDIA KITS: Direct your Media Kit
requests to Matt Morollo, associate publisher, 508-532-1418 (phone), 508-8756622 (fax), [email protected]
REPRINTS: For all editorial and advertising reprints of 100 copies or more, and
digital (Web-based) reprints, contact
PARS International, Phone 212-221-9595,
e-mail: [email protected], Web:
www.magreprints.com/QuickQuote.asp
LIST RENTAL: To rent this publication’s
e-mail or postal mailing list, please
contact our list manager Worldata:
Phone: 800-331-8102.
E-mail: [email protected]
Web site: www.worldata.com/101com.
Postal Address: 3000 N. Military Trail,
Boca Raton, FL 33431-6375.
Redmond (ISSN 1553-7560) is published
monthly by 1105 Media, Inc., 9121 Oakdale
Avenue, Ste. 101, Chatsworth, CA 91311.
Periodicals postage paid at Chatsworth,
CA 91311-9998, and at additional mailing
offices. Complimentary subscriptions are
sent to qualifying subscribers. Annual
subscription rates for non-qualified subscribers are: U.S. $39.95 (U.S. funds);
IT CERTIFICATION
& TRAINING – USA,
EUROPE
Al Tiano
Advertising Sales Manager
818-734-1520 ext. 190 tel
818-734-1529 fax
[email protected]
URL
Famatech
10
www.famatech.com
GFI Software
26
www.gfi.com
GOexchange by Lucid8
65
www.Lucid8.com
GRISOFT Inc.
7
www.grisoft.com
IBM Corporation
C2,1,57,59,61
www.ibm.com
iTripoli Inc.
30
www.itripoli.com
KnowledgeLake
54
www.knowledgelake.com
LinkTek
69
www.linktek.com
Mondosoft Inc.
55
www.mondosoft.com
Microsoft
18
www.microsoft.com
NetSupport Software
20
www.netsupport-inc.com
netikus.net ltd
28
www.netikus.net
New Horizons Computer
Learning Centers
51
www.newhorizons.com
NORTHERN Parklife, Inc.
46
www.northern.net
Organice
53
www.organice.com
PRODUCTION
47,62
www.pmi.org
Kelly Ann Mundy
Quest Software
C4
www.quest.com
Production Coordinator
818-734-1520 ext. 164 tel
818-734-1528 fax
[email protected]
QuickStart Intelligence
54
www.quickstart.com
Raxco Software Inc.
29
www.raxco.com
Canada/Mexico $54.95; outside North
America $64.95. Subscription inquiries,
back issue requests, and address
changes: Mail to: Redmond, P.O. Box
2063, Skokie, IL 60076-9699, e-mail
[email protected] or call 866-2933194 for U.S. & Canada; 847-763-9560 for
International, fax 847-763-9564. POSTMASTER: Send address changes to Redmond, P.O. Box 2063, Skokie, IL
60076-9699. Canada Publications Mail
Agreement No: 40039410. Return Undeliverable Canadian Addresses to Circulation Dept. or DHL Global Mail, 7496 Bath
Rd., Unit 2, Mississauga, ON, L4T 1L2.
© Copyright 2006 by 1105 Media, Inc. All
rights reserved. Printed in the U.S.A.
Reproductions in whole or part prohibited
except by written permission. Mail
requests to “Permissions Editor,” c/o
Redmond, 16261 Laguna Canyon Road,
Ste. 130, Irvine, CA 92618.
The information in this magazine has not
undergone any formal testing by 1105
Media, Inc. and is distributed without any
warranty expressed or implied. Implementation or use of any information contained
herein is the reader’s sole responsibility.
While the information has been reviewed
for accuracy, there is no guarantee that the
same or similar results may be achieved in
all environments. Technical inaccuracies
may result from printing errors and/or new
developments in the industry.
Redmond Magazine
17
www.redmondmag.com
SAPIEN Technologies, Inc.
35
www.sapien.com
SharePoint Solutions
55
www.sharepointsolutions.com
Special Operations Software
27
www.specopssoft.com
Specialized Solutions
40
www.specializedsolutions.com
St. Bernard Software
5
www.stbernard.com
Sunbelt Software
13,37,67
www.sunbelt-software.com
SWsoft, Inc.
25
www.swsoft.com
The Training Camp
70
www.trainingcamp.com
TNT Software
21,68
www.tntsoftware.com
Tzunami Inc.
55
www.tzunami.com
Western Governors University
44,64
www.wgu.edu
Wiley Publishing
39
www.wiley.com
EDITORIAL INDEX
Company
Page
URL
Advanced Micro Devices Inc.
14
www.amd.com
DesktopStandard Corp.
19
www.DesktopStandard.com
Donet Inc.
24
www.donet.com
Google
11
www.google.com
IBM Corp.
11, 14
www.ibm.com
Intel Corp.
12, 14
www.intel.com
JW Software Inc.
32
www.jwsoftware.com
Layton Technology
32
www.laytontechnology.com
Lightspeed Systems Inc.
32
www.lightspeedsystems.com
Oracle Corp.
19
www.oracle.com
SpectatorSoft Corp.
32
www.eblaster.com
Surgient Inc.
24
www.surgient.com
VMware Inc.
24
www.vmware.com
XenSource Inc.
24
www.xensource.com
This index is provided as a service. The publisher assumes no liability for errors or omissions.
1006red_Foley_72.v5
9/15/06
10:15 AM
Page 72
Foley on Microsoft
By Mary Jo Foley
What’s Next for Microsoft’s IE?
M
icrosoft’s Internet Explorer (IE) 7 is due to go live
Not all of these items will emerge as
new features in the next versions of IE,
any day now, and you know what that means: Time and other features remain unaddressed.
Two that come to mind are printing
to start talking about what’s next. Hey, just because
support for tables that are hundreds of
Microsoft officials are banned from publicly discussing IE 7.5 columns wide, and the ability to run
different versions of IE simultaneously
and IE 8—or whatever the next pair of
on a single machine.
Beyond CSS, the IE team is considerbrowser updates gets labeled—doesn’t
One feature I want to see is autoing a host of other features. We perused
mean we can’t talk about them. And,
matic page recovery, which can
a couple of transcripts of recent IE
based on remarks the IE team has made
Web chats where Microsoft team mem- restore Web pages that were accidenin various forums over the past couple of
tally closed (or killed during a system
bers solicited and got plenty of user
months, it’s even possible to make some
feedback. Based on those chats, here are crash). Microsoft has deemed this
educated guesses as to what’s in store.
capability a potential privacy issue,
some features Microsoft is considering:
Here’s what we know for sure, based
but I’d like the company to find a
• Including the ability to “lock” a
page to prevent users from accidentally
on comments from Microsoft execs.
way to get this functionality into the
navigating away from a page
Contrary to what the IE team actually
next rev. As a longtime IE 7 beta
believes, users can expect a new release
tester, I have lost my browsing “place”
• Adding a “Find on Page” capability
within nine months, rather than a full
more than once to a system hiccup,
• Updating the IE rendering engine
and Javascript
year. Bill Gates uncorked that surprise
and typically have a heck of a time
at the Mix ’06 conference in March,
remembering where I was before.
• Improving username/password
management
catching both attending Microsoft
One solution: Implement it as off by
developers and Microsoft’s own IE
default, so those running IE 7 on a
• Changing the “mini-address” bar
(part of drop-down browser windows)
team members seemingly off guard.
single-user, private machine can enjoy
to make it more useful
We also know that Microsoft is
this helpful convenience.
already building the next two versions
Another feature I would welcome is
• Lightening up .PNG images
of IE. One of the versions will include
“parallel browsing,” something browser
• Restoring the “Image Toolbar”
provided in earlier IE 7 test builds
“a complete reworking of the networkvendor Maxthon has pioneered. This is
ing stack,” according to Dean Hacham• Changing the download mechanism, a bit like picture-in-picture on a TV,
perhaps eliminating the initial download
ovitch, general manager of the IE team.
allowing you to view pages side-by-side
He articulates three overall goals for the to the “temporary Internet
in the same window,
Be sure to log on
files” folder
next IE releases: great standards suprather than switching
to Redmondmag.com
port, improved safety/security and a
between tabs.
and read more about
• Adding easily editable
IE7, including the
config files (similar to
positive experience for end users.
It seems that after
available add-ons and
Firefox’s userChrome.css
That’s all well and good. The real
years of refusing to
recent chat transcripts.
question is what could, and should, make and UserContent.css)
FindIT code: Foley1006 respond to users’
it into the next release or two of IE?
requests, the IE team
• Enabling draggable
Based on Microsoft’s promises, we can tabs from one IE window to another
finally has its eyes and ears wide-open.
assume better Cascading Style Sheet
So, what’s on your IE wish list? Write to
• Supporting themes
(CSS) standards compliance is coming.
• Configuring tabs so that each has its me at [email protected].—
own private cookie cache
Microsoft already fixed/added 200
Mary Jo Foley is editor of Microsoft
CSS-related tweaks in IE 7 to make it
• Introducing new status bar info,
possibly with fields such as “last accessed
Watch, a Web site and newsletter (Microsoftmore CSS-compliant, but as critics
by user” and “window last updated”
Watch.com), and has been covering Microsoft
have noted, that job is not done. I
for about two decades. You can contact her at
expect a more fully compliant browser
• Enabling add-ons, such as stocks,
movies, etc., a la Mozilla’s Firefox
[email protected].
to emerge down the road.
Project1
9/13/06
1:12 PM
Page 1
FOLD
FOLD
DATA BACKUP
WITH
OUT
THE COMPLETE DATA BACKUP
AND RECOVERY SOLUTION
DOWNLOAD A FREE EVALUATION AT:
FOLD
ACRONIS
WWW.ACRONIS.COM/LOL
FOLD
Project1
9/13/06
11:03 AM
Page 1
W i n d o w s
“
Snap-on Incorporated relied on Quest for our recently
completed Microsoft Active Directory project. It was
a global implementation and Quest’s expertise in
migration and management tools made the project
M a n a g e m e n t
Analysts Rank Quest #1
in Windows Management
And with Quest, you can be #1 at your business.
run much smoother. We’ve been very pleased
with the Quest products as well as their customer
”
support team.
Why shop around when all of your Windows Management needs can be found at one
place — Quest Software. With expert innovation and best of breed solutions to simplify,
automate and secure your infrastructure, your shopping trip ends here.
Steve Reeves
Sr. Director of IT Operations
Snap-on Incorporated
Hear what Quest customers and partners say about us. Watch the “Community on Quest”
video brochure at www.quest.com/numberone
©2006 Quest Software, Inc. All rights reserved. Quest and Quest Software are trademarks or registered trademarks of Quest Software.
All other brand or product names are trademarks or registered trademarks of their respective holders. WM-ONE_REDMOND_Q42006.

Redmond - 1105 Media

Transcription

Similar documents

Mission College

EZStream - ClearOne

matthias kolowrat

konfig - Auto-Trol Technology

Prophix - Corporate Performance Management Brochure

African Youth data points – ¼ of worlds next workforce

dynamics-crm-gp-rms-sharepoint

Microsoft Windows Server Codename "Longhorn"

SVR302: Windows Server code name “Longhorn” Technical Overview