June 2007

Transcription

June 2007

0607red_Cover.v2
5/11/07
9:59 AM
Page 1
PowerShell Provides Power to the People
JUNE 2007
REDMONDMAG.COM
Taking in
Orphanware
$5.95
1
25274 867 27
7
JUNE
•
05 >
What you need to
know about its care
and feeding. 30
+
Vista Gets a New Crop of Deployment Tools 50
Developing Successful Outsourcing Relationships 45
Beta Man: Is Longhorn Beta 3 Worth Migrating To? 15
27
Project2
5/11/07
1:51 PM
Page 1
Take a more automated approach to file data management.
Brocade File Area Network (FAN) solutions enable you to
structure your unstructured file data. Now you can consolidate,
migrate, and manage your file data like never before.
To get the complete story on how to centralize
management of your unstructured file data,
download INTRODUCING FILE AREA NETWORKS,
a free 250-page eBook from Brocade,
at www.brocade.com/bookshelf.
© 2007 Brocade Communications Systems, Inc. All Rights Reserved. Brocade is a registered trademark and the B-wing symbol is a trademark of Brocade Communications Systems, Inc.
All other names are or may be trademarks or service marks of their respective companies.
0607red_TOC1.v7
5/11/07
10:10 AM
Page 1
Redmond
2007 Winner for Best Single Issue
Computers/Software, Training
& Program Development/Trade
The Independent Voice of the Microsoft IT Community
Contents
J U N E 2 007
COV E R STO RY
REDMOND REPORT
Please, Sir,
May I Have
Some More?
9
Microsoft Shines
Its Silverlight
Ozzie offers a peek at the
next-generation Web
development tools.
Taking in orphanware can be frustrating,
but there are steps you can take for its
proper care and feeding.
Page 30
Page 9
12 The Low Down
Attack of the Podcasters
F E AT U R E S
45
15 Beta Man
Longhorn Beta 3 Drops
A Developing Relationship
How one software company successfully teamed
with an international outsourcer to get its products
to market.
50 Deployment Done Right
The new crop of deployment tools for Windows
Vista is a marked improvement over its predecessors.
52
COLUMNS
4
Page 45
Take No Prisoners
18 Mr. Roboto:
Jeffery Hicks
Smaller Is Better
More Power
for PowerShell
ImageX is a slick compression tool that can
help with Windows Vista deployment, as well as
everyday file compression.
61
Barney’s Rubble:
Doug Barney
68 Never Again:
Steven Fishman
Green Mountain Gets
the [Share]Point
All’s Well that Ends Well
Alex Albright
Coffee maker deploys Web-based portal to solve
data-sharing problems.
When Less Protocol Is
a Good Thing
Page 61
71 Windows Insider:
Greg Shields
REVIEWS
Product Reviews
21 Ready to Rumble
IBM’s System x3650 is impressive
in both performance and price.
22
Still a Friendly Ghost
Whether you’re an enterprise network
or a small company, there’s nothing to
be scared of with this Ghost.
Reader Review
27 The Power of PowerShell
Readers have high praise—and high
expectations—for Microsoft’s new
command-line shell and scripting tool.
Isolation Automation
Exploration: Part II
75 Security Advisor:
Joern Wettern
Protect Your
Customer Data
80 Foley on Microsoft:
Mary Jo Foley
Compliance vs.
Compatibility
A L S O I N T H I S I S S U E 2 Redmondmag.com | 7 [email protected] | 79 Ad and Editorial Indexes
COVER IMAGE FROM CORBIS IMAGES
0607red_OnlineTOC_2.v5
5/11/07
10:11 AM
Page 2
Redmondmag.com
JUNE 2007
ENT In-Depth
Microsoft Moves Forward
with Messaging
W
ith all of the effort Microsoft’s putting into messaging and its related
products—Exchange Server 2007, Communications Server 2007 and
more—it sure appears that the company’s looking for a major boost in this area.
“It’s hard to find another area within Microsoft that’s
producing products at a pace that can match the messaging
and collaboration teams,” writes Redmondmag.com
contributor Keith Ward, author of this ENT special report.
“[Microsoft] sees a huge potential market for its messaging
and collaboration products, like VoIP.”
Find out more about Microsoft’s overall messaging strategy.
FindIT code: ENTMessage
Keith Ward
Redmond Report Newsletter
Interact with Redmond
Editors on Redmond Report
T
he pages of this magazine aren’t the only place you’ll find Redmond’s
editors. In our entertaining Redmond Report newsletter, Doug, Ed,
Lafe and Peter dish on the industry’s daily tech news, sharing their take
plus soliciting yours for the newsletter’s Mailbag section. You’ll also get
the latest breaking news, easy links to onlineonly editorial, chances to enter T-shirt
contests and more.
Start interacting with Redmond’s editors! Sign
up for our newsletters. FindIT code: Newsletter
REDMONDMAG.COM RESOURCES
Resources
Enter FindIT Code
>> Daily News
>> E-Mail Newsletters
>> Free PDFs and Webcasts
>> Subscribe/Renew
>> Your Turn Editor Queries
News
Newsletters
TechLibrary
Subscribe
YourTurn
Questions with ...
Brad Becker
Read the full Q&A with
Brad Becker, group product
manager of Microsoft’s
Expression suite, online.
FindIT code: QAExpress
How does Expression push
Brad Becker
Microsoft’s Web strategy?
Expression exists to help get designers
into the game. You can’t just give a
graphic tool to a developer and get
good design unless that developer
happens to be a great designer.
How does XAML enhance Silverlight’s
value proposition?
It’s the reuse of skills. Many .NET
developers who want to target the
Web don’t want to start from scratch—
same with designers.
What advantages does Silverlight offer
over Flash as a creation platform?
No. 1: Quality. Our video story is better
than anyone else’s and it’s crossplatform. For individual artists, where
the big companies go, there’s work,
there’s money and there’s new
opportunity to try new things.
FACTOID
$85,331
Average salary of a
consultant that is/works for
a Microsoft partner.
Source: Redmond Channel Partner 2007
Salary Survey FindITcode: RCP2007Sal
Redmondmag.com • RCPmag.com • RedDevNews.com • VisualStudioMagazine.com
MCPmag.com • CertCities.com • TCPmag.com • ENTmag.com • TechMentorEvents.com • ADTmag.com • ESJ.com
2 | June 2007 | Redmond | Redmondmag.com |
Project12
5/3/07
3:10 PM
Page 1
®
Swift. Nimble. Relentless.
Can you describe your antivirus
software with the same certainty?
Just set it and forget it. That’s the beauty and
the power of NOD32’s ThreatSense® technology.
NOD32 proactively protects against viruses,
spyware, rootkits and other malware. And,
its high-performance engine won’t slow your
system down. Take a free NOD32 30-day test drive.
Call 866.499-ESET or download at ESET.com.
“Best Antivirus Product of 2006”
– AV Comparatives
© 2007 ESET. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET. Ad code: RM07
0607red_Rubble4.v3
5/11/07
10:16 AM
Page 4
Barney’sRubble
by Doug Barney
Redmond
THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY
R E D M O N D M AG .CO M
JUNE 2007
Take No Prisoners
■
VO L . 1 3
■
N O. 6
Editor in Chief Doug Barney
Editor Ed Scannell
Executive Editor, Features Lafe Low
Executive Editor, Reviews Peter Varhol
Managing Editor Wendy Gonchar
A
s a journalist I absolutely love to cover Microsoft.
After 30 years, the company has more attitude
and spunk than a West Coast rapper—and lots
more enemies.
This makes great copy, and this kind of
tension is what excited me about the PC
business when I first started covering it
almost exactly 23 years ago. The business
was full of personality and competition.
And a lowly journalist like me could get
within spitting distance of the action.
Back then, like now, Microsoft had a
personality that would do a professional
wrestler proud.
I can be blasé about the Microsoft
attitude because I don’t buy or sell or
use large quantities of its software. If a
multi-billion-dollar Microsoft exec puts
down Google or open source or Oracle,
I’m not really affected—except when I
have to write a story or newsletter item
about it!
But customers are affected.
Let’s look at IBM. When IBM, especially Global Services, walks through
the door it’s often ready for a freewheeling conversation about your entire
shop. Want desktop Linux? Here you
go! Want Windows XP or Vista tied to
Windows 2003 Servers? We can do that
too! While product groups tout their
own gear, IBM is no longer terribly
religious about software.
In contrast, Microsoft asks its customers and partners to take a stand the
same way it always has. It wants you to
believe in the Microsoft vision where
Microsoft products all interoperate first
and work with other vendors second.
Its “take no prisoners” public statements ram the point home. This is
nothing new. Back in the day, Bill
Gates always had a few choice words
for Lotus, WordPerfect, Borland,
Apple and IBM.
Associate Managing Editor Katrina Carrasco
Editor, Redmondmag.com Becky Nagel
Associate Editor, Web Gladys Rama
Contributing Editors Mary Jo Foley
Jeffery Hicks
Greg Shields
Joern Wettern
Art Director Brad Zerbel
Senior Graphic Designer Alan Tao
A young Ballmer?
President Henry Allain
VP, Publishing Matt N. Morollo
VP, Editorial Director Doug Barney
VP, Conferences Tim G. Smith
Director, Marketing Michele Imgrund
Executive Editor, Michael Domingo
New Media
Executive Editor, Becky Nagel
Web Initiatives
Director, Rita Zurcher
Web Development
Senior Marketing Tracy S. Cook
Manager
Marketing Programs Videssa Djucich
Manager
Steve Ballmer, today’s more visible face
of Microsoft, is equally un-shy, making
for great press conferences and quotes.
But is this good for IT? Do you want
to hear that your decision to run Web
servers on Apache is wrong, that open
source is a cancer and that Microsoft
wants to bury Google, from whom you
just bought a pallet of enterprise
search appliances?
As Microsoft ages and matures, I
believe it’ll have to act more like IBM,
being technology neutral and focusing
on solutions rather than the platform.
Ultimately, Microsoft can make a lot
more money this way. And it can still feel
free to develop its own platform(s). After
all, IBM didn’t stop making mainframe
operating systems, it just stopped being
so narrow minded in promoting them.
As a selfish journalist, I’m not sure I
want Microsoft to act so shiny and
happy. It could make Redmond a
boring magazine. What about you?
Would you sacrifice a bit of spunk and
entertainment in return for a bit less
software religion? Let me know at
[email protected].—
President & CEO Neal Vitale
CFO Richard Vitale
Sr. VP, Michael J. Valenti
Human Resources
VP, Financial William H. Burgin
Planning & Analysis
VP, Finance & Christopher M. Coates
Administration
VP, Audience Marketing Abraham M. Langer
& Web Operations
VP, Erik Lindgren
Information Technology
VP, Print & Mary Ann Paniccia
Online Production
Chairman of the Board Jeffrey S. Klein
Reaching the Staff
Editors can be reached via e-mail, fax, telephone or mail.
A list of editors and contact information is available at
Redmondmag.com.
E-mail: E-mail is routed to individuals’ desktops. Please use the
following form: [email protected].
Do not include a middle name or middle initials.
Telephone: The switchboard is open weekdays 8:30 a.m.
to 5:30 p.m. Pacific Time. After 5:30 p.m. you’ll be directed
to individual extensions.
Irvine Office 949-265-1520; Fax 949-265-1528
Framingham Office 508-875-6644; Fax 508-875-6633
Corporate Office 818-734-1520; Fax 818-734-1528
The opinions expressed within the articles and other contents
herein do not necessarily express those of the publisher.
Project11
5/8/07
11:00 AM
Page 1
MULTIPLY VIRTUALIZATION
AND MAXIMIZE SERVER HARMONY.
THE WORLD’S FIRST QUAD-CORE PROCESSOR FOR MAINSTREAM SERVERS.
With four energy-efcient processor cores and Intel® Virtualization Technology, Quad-Core Intel Xeon®
Processor 5300 series delivers the most headroom for virtualization on a 2P server.* Now you can maximize
system utilization and reduce costs by seamlessly consolidating your server resources, all while getting recordsetting performance. Learn why great business computing starts with Intel inside. Visit intel.com/xeon
Project2
5/11/07
12:30 PM
Page 1
“Hey, where’d all the servers go?”
Customer Success #18,328
Once you have seen the dramatic cost savings,
increased utilization, and reduced power & cooling
requirements made possible with virtualization,
you will understand why 20,000 VMware customers
worldwide have a success story to tell.
What will your story be?
Create your own success story.
Get your FREE VMware Virtualization Kit, including an analyst report.
Get a kit now at www.vmware.com/go/savenow
VMware, Inc. 3145 Porter Drive Palo Alto CA 94304 USA Tel 650-475-5000 Fax 650-475-5001
© 2007 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156,
6,795,966, 6,880,022, 6,961,941, 6,961,806, 6,944,699, 7,069,413; 7,082,598 and 7,089,377; patents pending. VMware, the VMware “boxes” logo and design, Virtual SMP and
VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks
of their respective companies.
0607red_Letters7.v5
5/11/07
10:18 AM
Page 7
[email protected]
Print Lives!
Just like the microwave didn’t throw
the oven out of the kitchen, the Internet won’t kill print media—but it will
considerably reduce its power. I don’t
subscribe to a newspaper and have
very few printed magazines (including
Redmond, of course!). I get all my news
Let’s start at the positive end of Doug
Barney’s article: I agree with him 50
percent. I enjoy reading tangible items
such as newspapers, magazines and
books. I can’t force myself to read an
eBook to save my life. A majority of the
Web sites he mentions (Drudge in par-
There will always be books and magazines because some people
won’t part from them, but they’ll be the minority.
through the Internet, radio and TV (in
that order). If I want to read while on
the throne, I bring my wireless laptop.
There will always be books and magazines because some people won’t part
from them, but they’ll be the minority.
What I’m worried about is losing our
history. Right now I can go to a library
and search newspapers from 75 years
ago and see the news of that time.
What about 75 years from now? Will
we be able to browse the Web site of
today? Probably not. And he who forgets his history is bound to repeat the
Louis Vincent
same mistakes ...
Ottawa, Ontario, Canada
Whaddya Think
?!
Send your rants and raves to
[email protected].
Please include your first and
last name, city and state. If we
use it, you’ll be entered into a
drawing for a Redmond t-shirt!
ticular) do receive their information in
the form of print publications. But I
have an issue with his stance on bloggers. He refers to them as “amateurs.”
Amateurs in regard to what—journalism? Wouldn’t Barney place himself in
this category as well? I mean, all he really
does is print information that he gathered from printed material given to him
by Microsoft and other companies.
He also mentions the term “annoying.” Does someone force him to read
these blogs? Bloggers are the Internet’s
version of journalists. They find information, post information and give
opinionated comments on the subject
matter. Isn’t this what he’s done by
“printing” this article for all to read?
He gives an example of Moby’s blog
not being “news.” If I read something
on a blog—or even a printed publication such as this magazine—I research
it. I don’t believe everything I read,
whether it comes from bloggers or
Redmond. And it’s “news” to me if I
didn’t know about it.
PHOTO ILLUSTRATION BY ALAN TAO
Recently, Redmond Editor in Chief Doug Barney wrote in his
Barney’s Rubble column about the battle between print and Web
media (“Print Is Dead—Not!” April 2007). You had a lot to say,
both in favor of online news and in opposition to it, but you made one
thing clear: Print may be facing a new challenger in Web-based
media, but it won’t go down without a fight! Here’s a sampling of
what your peers had to say:
I think it’s shortsighted of him to
lump bloggers into the “amateur and
annoying” category. That’s a very
broad stroke Barney painted.
Michael D. Alligood
Jacksonville, Fla.
I finished reading Doug Barney’s editorial piece on print versus the Web
as a news source and I think he’s spot
on in his assessment. I prefer the look
and feel of the print media. He mentions many of the pet peeves I have
with online news but he left out one of
the biggest annoyances in my opinion—stupid, online advertisements!
With print, I can easily turn the page
if I don’t want to read an advertisement. In many articles on the Web
they’re placed right smack-dab in the
middle of the text. They break up the
flow of an article and make it more difficult to comprehend. For crying out
loud, does everyone have ads today?
Yes, I know that’s how Web sites generate revenue, but [they should] stick
the ads on the borders or somewhere
where they aren’t so intrusive.
Bill O’Reilly
Seattle, Wash.
I purposefully avoid eReading when
possible and print every online admin
manual that comes my way. Doesn’t
PDF stand for “Print da file?”
I enjoyed Barney’s column so much I
think I’d like to link it in my blog!
Mark Danner
… not!
Spokane, Wash.
| Redmondmag.com | Redmond | June 2007 | 7
Project5
4/30/07
2:56 PM
Page 1
Knock out spam at
Exchange level!
Only
$ 1195
for 100
users!
DOWNLOAD YOUR FREE TRIAL FROM WWW.GFI.COM/RMM/
Anti-spam for Exchange, anti-phishing and email management
Eliminate spam from your mail server with GFI MailEssentials for Exchange/SMTP:

Block spam at server level No need to update email clients
Bayesian filtering Detects spam based on statistical message analysis
Anti-phishing Detects and blocks phishing emails
Automatic whitelist management Keep whitelists up-to-date without extra admin
User-based spam quarantine Sort spam to users junk mail folders
Blacklists scanning Stop mail from blacklisted senders and invalid domains
SURBL checking Checks email content against SURBL servers
Email header analysis and keyword checking Blocks spam based on message field info and keywords
Directory harvesting detection Checks validity of all recipient email addresses in an email
Also supports Lotus Notes & SMTP mail servers
tel: +1 888 243 4329 | fax: +1 919 379 3402 | email: [email protected] | url: www.gfi.com/rmm/
0607red_RedReport9-16.v13
5/11/07
10:24 AM
Page 9
RedmondReport
Microsoft Shines Its Silverlight
Ozzie offers a peek at the next-generation Web development tools.
By Michael Domingo
IX07 was another first for
Ray Ozzie.
In his keynote speech at Microsoft’s
annual Web development conference,
the company’s chief software architect
addressed a large developer-focused
audience for the first time in his current role. Unfortunately, Ozzie’s presentation got something of a mixed
reaction, no pun intended.
Ozzie’s speech focused on a blend of
old and new news including the muchanticipated first beta of Silverlight, the
browser plug-in for cobbling together
interactive Web-based applications,
along with Expression Studio 1.0, Silverlight Streaming and Silverlight’s
Common Language Runtime support.
But he still wasn’t done. Without missing a beat, Ozzie drew back the curtains
on a new technology, along with its
obligatory acronym: rich Internet
application, or RIA.
While the RIA concept has been
around for years, Microsoft appears to
be gaining some traction with it recently.
Company officials believe RIAs encapsulate the idea of pushing the envelope
with AJAX and Web applications within
the context of what Microsoft is calling
its software-plus-services initiative. “To
support that rich interaction,” said
Ozzie, “we’ve now gone well beyond
AJAX through the power of browser
extensions, extensions for media and
advanced controls.”
RIA development isn’t being done at
the expense of Windows-based desktops, but rather to extend their reach.
“There’s a resurgence of interest in
service-connected desktop applications,
and applications that connect the activities on Web sites to local media, local
documents and local applications,”
Ozzie explained in his speech.
M
In his MIX07 keynote, Ray
Ozzie showcased the old and
new pieces of Microsoft’s
Web development strategy.
PHOTO BY MICHAEL DOMINGO
Proving Microsoft’s commitment to
that concept, most of the examples
Ozzie showcased during the keynote
were mirrored on Macs—even debugging sessions—as well as on mobile
devices and even gaming consoles.
Ozzie devoted the rest of the keynote
to kicking the tires on Silverlight, formerly known as Windows Presentation
Foundation/Everywhere. While attendees were generally impressed with the
Silverlight demos, some developers had
reservations and were taking a waitand-see approach to its adoption.
“We won’t be using it until 1.1, 1.2.
But even with 1.0, you have to install
the plug-in with the browser, [so] it’s
something that’s questionable. We
have machines that are locked down
with Group Policy,” says Raj Kaimal, a
Texas-based systems analyst. “If someone tries to install something on a
machine, they have to call an administrator and get that thing installed on
those machines. Installing a plug-in is a
question mark right now.”
But demos can be like boomerangs
that quietly whisper through the air
only to come back and hit with a kick.
One such example was Ozzie’s demonstration involving Major League Baseball’s MLB.tv, which included live
game stats, live game video and replay,
and video sharing. Another example
showed NetFlix delivering jagged-less
video performance for on-demand
movies over the Web. Both application
concepts were developed in the Silverlight .NET runtime environment.
Still, developer skepticism abounded.
“I’m not sure which components our
company will be able to use, if any,
immediately. I worry about putting a
download in front of the user in our
specific application. We don’t want to
do anything that would cause the user
to shy away from the sale,” says Brad
Godkin, a .NET developer.
Answering recent criticisms that
Silverlight is merely an Adobe Flex
clone, Ozzie contended it’s more than
that, pointing to the technology’s high-
5/11/07
10:25 AM
Page 10
RedmondReport
definition, 720p video quality, its ability
for developers and designers to collaborate in the programming language of
their choice (although support for
Ruby, which will be in the 1.1 version,
was met with silence), and its scalability
to render video and vector-based content on TVs to PCs to mobile devices
without taking a performance hit.
“Essentially, our video story is better
than Adobe’s or Real’s or anyone
else’s story, and it’s cross-platform,”
said Brad Becker, group product
manager for the Expression suite, in a
conversation with Redmond after the
keynote. “Because it’s the VC1 codec,
that’s already a Windows Media
Video codec, and people like CBS
who have thousands and thousands of
[items of] content already encoded
don’t have to re-encode it into Flash
video or for Real or something else,”
he explained.
During the same keynote, Scott
Guthrie announced the addition of a
Silverlight Roadmap
May 2007
■ Silverlight 1.0 beta
■ Silverlight 1.1 alpha
■ Expression Studio 1.0 RTM
■ Expression Blend 2 Preview
■ Silverlight Tools for Visual
Studio “Orcas”
Summer 2007
■ Silverlight 1.0 Ships
■ Expression Media and
Expression Media
Encoder Ship
Products With Yet-To-BeDetermined Ship Dates
■ Silverlight 1.1
■ Silverlight for
Mobile Devices
■ Expression Studio 2.0
■ Visual Studio Orcas
Dynamic Language Runtime, intended
for encapsulating Silverlight development, as well as a go-live license that
effectively gives developers permission
to use the Silverlight plug-in on production Web sites.
Another demonstration that drew a
positive response was that of
Silverlight Streaming. The essential
idea of the technology is to allow
Microsoft to play host, with some
limits, to Silverlight content. Ozzie
said that developers and designers
have up to 4GB of storage to play
around with Silverlight-enabled content and have no immediate host for
the media. It’s up to developers how
they want to use the storage, whether
they want to stream high-quality short
pieces or smaller but longer-duration
content streams.—
Michael Domingo (mdomingo
@1105media.com) is Redmond Media
Group’s executive editor, new media.
EventSentry_Redmond.ai 175.00 lpi 45.00°
15.00° 1/5/2007
75.00°
0.00°
1/5/2007 12:40:42
12:40:42PM
PM
Process CyanProcess
MagentaProcess
Black
Project2
1/16/07
11:16 YellowProcess
AM Page
1
5/11/07
10:25 AM
Page 12
RedmondReport
The
LOW
DOWN
By Lafe Low
Attack of the Podcasters
J
ust when you thought you’d
seen it all, there’s a new magazine in town—Blogger &
Podcaster Magazine. Take a wild
guess at who it’s geared for. The publishers say they believe it’s the first title to
launch simultaneously in three formats:
digital, podcast and good old print.
The editorial content is focused on
“serious” bloggers and podcasters, not
just your average, everyday geeks.
Larry Genkin, CEO of Larstan Publishing Inc., the magazine’s parent
company, figures total circulation in all
formats will reach 250,000 within the
next year. The digital edition and the
podcast edition are free. A print subscription, however, costs $79 per year
($99 international). The fact that a
magazine of that nature is still coming
out on paper and ink should be proof
positive that actual, corporeal magazines will never go away. Check ‘em
out at www.bloggerandpodcaster.com.
Virtual Gains
Virtualization continues to gain respect
and momentum as a technology and
soon figures to be an essential component of any organization’s
IT infrastructure. Storage
virtualization, disaster
recovery and SAN management vendor DataCore
Software Corp. has partnered with Centia Ltd.
Centia distributes the
smart “Access” and virtualization tools. This gives DataCore a
huge leg up in the U.K. and boosts
Centia’s value proposition.
By adding a virtual storage layer,
DataCore essentially does for storage
what VMware Inc. does for servers and
what Citrix Systems Inc. does for desk-
tops. Under the terms of this freshly
minted agreement, Centia will distribute DataCore’s storage virtualization,
disaster recovery and continuous data
protection solutions.
Investment Firm Issues
Web Warning
Would that other companies were so
proactive—investment services broker
AXA Distributors LLC is beefing up its
Web site and refining online processes
to mitigate the likelihood of fraud.
These three major upgrades ought to
help AXA Distributors keep a tight grip
on its Web site:
• The Message Center
gives each registered
representative specific
details about his book of
business, including an email record of all clientrelated transactions.
• The Staff Access Level Mechanism
lets firms decide on the types of information that individual reps can view,
including client account information,
policy details and underwriting details.
This ought to help newbies and
veterans alike.
• The E-mail Subscriptions
Mechanism lets reps receive
notices about product updates
and money manager changes.
AXA is also distributing the
following “Tips for Reps to
Protect Privacy and Security”:
• Whether prompted or not,
change your password every 90 days.
• Don’t share your ID and password
unless absolutely necessary. If it’s necessary, periodically review your account
activity with the user to ensure that your
information, and your clients’ information, is safe and secure.
• If you access the AXAdistributors.com
Web site, or other secure sites, from a
computer that’s different than the one
you use regularly, be sure you’ve completely logged off the site. Just to be
safe, you should shut down the browser
before leaving the work area.
• If you don’t currently use anti-virus
and anti-spyware or security software
on your computer, consider doing so. If
you do, make sure it’s up to date.
Sound advice—and demonstrating that
kind of proactive thinking about security
ought to make AXA’s customers feel safe
having the company manage their moola.
Share and
Share Alike
Archiving e-mails and documents is a requirement in
this world of regulatory compliance. Just keeping them in a
massive digital shoebox won’t do
you much good when it comes time to
retrieve or manage all those files.
Using SharePoint as a repository
works well, but you can’t just drag and
drop documents to store them, work
with discrete message properties like
message addresses and subject lines as
SharePoint metadata, classify content
for search purposes or sort and filter
metadata—or can you? Colligo Networks Inc. is pumping up SharePoint
with a new e-mail content management
system that’s an Outlook add-in called
Colligo Contributor. It will perform all
the above functions and organize your
content without leaving Outlook. Sharing with SharePoint just got better.—
Lafe Low ([email protected]) is the
executive editor, features for Redmond
magazine. Contact him with any product
or company scoop.
Project3
4/16/07
2:56 PM
Page 1
Project1
5/10/07
4:11 PM
Page 1
5/11/07
2:21 PM
Page 15
RedmondReport
BetaMan
By Peter Varhol
Longhorn Beta 3 Drops
Is it worth migrating servers in the next year?
M
ore control. Increased protection. Greater flexibility.
How important are these
characteristics in your servers? More
important, does it look like Longhorn
Server (still using the code-name
inherited from Vista) has those characteristics in abundance enough to merit
an early migration?
The answer, like most, is “it
depends.” If you’re looking for a gamechanger, Longhorn may not be it.
Except in cases involving edge computing, there may be no compelling reason
to get ready to migrate quickly. But
there are some organizations for which
one or more Longhorn features fill a
major need. Among the key features
that could make Longhorn a must-have
OS: Server Core or the read-only
Active Directory domain controller.
I grabbed Longhorn beta 3 from the
Microsoft download site using my
MSDN subscription to obtain a product
key. It comes as an .ISO file, which I
burned onto a DVD, making it bootable
on a clean system. The entire process,
including downloading, burning the
DVD and installing, took most of a day.
However, the installation-only portion
of that was about three hours.
Installing requires choosing the roles
you want the server to play. Longhorn
Server offers roles. Many roles. But
you’re able to install only those roles
that you want the target server to have.
This accomplishes two things: First, it
simplifies administration of Longhorn
systems in that you only have the features on the server that you need for its
role; second, it allows for server specialization. You can design server configurations for the role they’re
Figure 1. Windows Reliability and Performance Monitor is an MMC snap-in that
provides a graphical view for customizing performance data collection and
Event Trace sessions.
intended to play and not worry about
overloading them.
The roles include Active Directory
Domain Services, Application Server,
DHCP Server, DNS Server, File Server,
Print Services, Terminal Services and a
number of others. During setup, you
add the roles you want the server to
play, and you can add to and modify
the roles from the console to keep up
with the shifting requirements of your
organization. There’s your flexibility.
Protect and Defend
Greater protection is exemplified by the
read-only domain controller (RODC).
Let’s say you have a geographically separated branch office where a couple
dozen employees log in every morning.
Your first inclination might be to have a
domain controller at that location, but
there may be no way to guarantee the
physical security of that computer.
So you make that domain controller
an RODC. Except for account passwords, an RODC holds all the objects
and attributes that a writable domain
controller holds. Changes cannot be
made to the database that’s stored on
the RODC; instead, changes are made
on a writable domain controller and
replicated back to the RODC. This
prevents a change that could otherwise
be made at branch locations from replicating to the entire domain.
And, of course, there’s Server Core. I
didn’t install Server Core, but it comes
as a part of the package. Server Core
installation provides a minimal environment for running specific server
5/11/07
2:21 PM
Page 16
RedmondReport
roles such as Windows Server Virtualization, AD, DNS, Dynamic Host
Configuration Protocol, Windows
Internet Name Service, Media Services, and File and Print Server, reducing both the servicing and management
requirements and the attack surface.
To provide this minimal environment, a Server Core installation
deploys only the subset of the binaries
that are required by the supported
or to remove currently installed ones.
Server Manager is also used to manage
a server’s identity and system information, display server status and identify
problems with role configuration.
Even in this day and age, there are
some admins who prefer to work at the
command line. I understand that concept well. While I like a GUI as much as
the next person, I find myself dropping
down to the command line several times
Figure 2. Longhorn Server Manager provides a Web-based console for performing
just about any administrative task needed on the system or network.
server roles. This is somewhat reminiscent of the older Windows Embedded
Editions, in that you could pick and
choose which features and capabilities
you needed in an embedded system and
then assemble them into a unique configuration. In the case of Server Core,
you only get the one minimum configuration, with several possible roles.
For Control Freaks
The key to more control is Server Manager. Server Manager uses both a GUI
and command-line tools that allow you
to efficiently install, configure and manage Longhorn roles and features. Its
Add/Remove Role Wizard allows you
to add or configure one or more roles,
a day, primarily because I prefer not
waiting for the GUI to respond.
That’s what PowerShell is for. This
new command language adds to that
productivity. PowerShell will remind
veteran admins of one of the Unix shells
with its ability to write complex scripts
to call tools and perform just about any
activity. Rather than being a usual command-style language, PowerShell is
built on .NET and returns .NET
objects. You write scripts to create and
manipulate these objects. PowerShell
gives you access to the file system, registry and the digital signature certificate,
among other stores on the system. You
can also use it to perform actions on
remote systems. PowerShell is a major
new system-scripting environment that
current Windows script jockeys could
conceivably use to enable the data center to run itself.
By the Numbers
Longhorn Server includes Internet
Information Server (IIS) 7 and the
.NET Framework 3.0 in its arsenal.
This means that Longhorn is almost
certainly the new Web server, and that
more Web applications will use .NET
3.0 features, such as LINQ and
Windows Communication Foundationbased Web services.
Here are the particulars of the Longhorn product. There are four editions of
Longhorn: Standard, Enterprise, Datacenter and Web Server. There’s also at
least one 64-bit edition for the Intel Itanium architecture. The minimum
processor speed is 1GH and the minimum memory configuration is 512MB,
although 1GB is recommended.
Longhorn Server gives the impression
of a solid, if unspectacular, upgrade
from Windows Server 2003. Microsoft
listened to its customers for this product
release and added features that made
sense to run an enterprise and to give
admins more tools. There’s nothing
earthshaking about Longhorn, which
means it should be able to slip right into
a data center with minimal effort. The
added capabilities of Server Manager,
PowerShell and Server Core will make
admins happy for the increased power
they’ll now have at their command.
On the downside, there are no “wow”
capabilities that make this a mandatory
upgrade, unless one of them really
makes a difference in workload or reach
for your organization. If you’re running
Windows Server 2003 and happy with
it, there’s no reason to do anything until
you’re ready to upgrade servers. If
you’re running Windows 2000 Server
or earlier, this is your logical upgrade
path, as soon as it comes out and your
admin staff is comfortable with it. —
Peter Varhol is Redmond’s executive
editor of reviews.
Project1
5/11/07
11:27 AM
Page 1
-XPSLQ:H·OOWDNH\RXIURP]HURWRVFULSWLQJLQQRWLPHÁDW
• Supports Windows PowerShell™, VBScript and over 30 other languages
• 2RSV5HVLOLHQFH,QÀQLWH8QGR)LOH+LVWRU\DQG5HF\FOH%LQ
• Supports SourceSafe, Perforce, CVS/Subversion
• Advanced Database Tools
• Visual XML Editor
Take a test drive at http://redmond.primalscript.com
Are you sure your network is secure?
With RecordTS you can confirm your
network is secure & compliant.
RecordTS acts as Your Terminal Services
& Remote Desktop “Security Camera”.
· First ever Citrix/ICA Session Recorder
· Records ALL Terminal Server Sessions (RDP)
· Monitors ALL User Activity on Your Servers
· Produces More Information Than Event Logs
· Eases Auditing & Compliancy Tasks
· Prevents Corporate Data Loss
· Assists in Detecting Unethical User Activity
· Produces Compact, Digitally Signed Video Files
Citrix
Versio /ICA
n
Availa Now
ble!
Visit www.TSFactory.com for a FREE Trial.
© 2006 TSFactory. All rights reserved. The names of actual products and companies mentioned herein may be the trademarks of their respective owners.
See us at
TechEd
Booth 429
0607red_Roboto18.v5
5/11/07
10:29 AM
Page 18
Mr. Roboto
Automation for the Harried Administrator | by Jeffery Hicks
More Power for PowerShell
B
y now you’ve probably been kicking the tires of
PowerShell for a while. I’m sure you’ll agree that it
will be a big help when it comes to managing your
systems. PowerShell is here to stay and will only get better
with time. If you’re like Mr. Roboto, though, you always
need more power and you need it now.
To boost the power you can get out
of PowerShell, try adding Power Gadgets to your toolbox. Power Gadgets is
a PowerShell snap-in that gives you
graphical widgets for displaying performance information using dials,
gauges, bars and charts.
Power Gadgets is actually a commercial product (www.powergadgets.com),
but you can download a free trial. Normally, Mr. Roboto prefers to offer up
his own work or free solutions, but the
licensing costs for Power Gadgets are
very reasonable. Even a small business
should be able to justify the cost, given
the value. Let me illustrate—literally.
Suppose I want to monitor disk utilization on one of my servers. In PowerShell, I’d execute an expression like this:
get-wmiobject -query "Select
DeviceID,Size,Freespace from
Win32_logicaldisk where drivetype=3"
computer " DC01"
It works, but I need more power.
Here’s the same expression, except this
time I sent it through Power Gadgets:
Roboto on Demand
Get some practice with Power
Gadgets and PowerShell at:
www.jdhitsolutions.com/scripts
What Windows admin task would
you like Mr. Roboto to automate
next? Send your suggestions to
[email protected].
get-wmiobject -query "Select
DeviceID,Size,Freespace from
Win32_logicaldisk where drivetype=3"
computer " DC01"| out-chart -values
FreeSpace,Size -label DeviceID -title
"Disk Utilization Report"
Now I have a terrific visual representation of disk utilization. I can even
instruct the Out-Chart cmdlet to
Figure 1: This Power Gadgets graph gives
you a quick look at memory usage.
refresh the information at specified
intervals. I can leave this chart on my
desktop and have it updated as often as
I want, even after I close my PowerShell session.
Suppose you want to keep an eye on
how much memory your system is currently using. This expression will create
a nifty dial gauge:
(get-process | measure-object -property
workingset -sum).sum/1mb |
out-gauge -floating -refresh 0:0:2
-tooltip "Total Working Set Size"
This gadget will refresh every two
seconds and display “Total Working
Set Size” when you hover your mouse
over the chart. Here’s one more for you
to try on your own:
Get-wmiobject win32_processor |
out-gauge -type digital -value
loadpercentage -float -refresh
0:0:5 -tooltip "CPU Load %"
You can also use Power Gadgets to
send SMTP mail, create maps, return
information from a database and even
invoke Web services. And I’ve only
scratched the surface. You aren’t
restricted to using the existing cmdlets
either. You can create your own
scripts or functions, and pipe that
information to Power Gadgets.
All of the Power Gadget cmdlets are
highly customizable to a very granular
level. To simplify the process, Power
Gadgets also comes with a utility where
you can create self-contained and customized gadgets. You can have the
source data come from a PowerShell
expression, a database or a Web service.
Once you’ve created a gadget, you can
redistribute the stand-alone files in
your network (you’ll need to install
Power Gadgets) or use them on your
own desktop to quickly get the system
information you want without having
to retype a complex expression or run a
PowerShell script.
You could easily create your own network operations center on your desktop
with real-time monitors and graphs for
just about everything running on your
network. There’s no need to spend a ton
of money on a high-end solution.—
Jeffery Hicks ([email protected]),
MCSE, MCSA, MCT, is the co-author of
“Advanced VBScript for Microsoft Windows
Administrators” (Microsoft Press 2006),
“Windows PowerShell:TFM” (Sapien Press
2006) and several training videos on
administrative scripting.
Project2
4/24/07
4:43 PM
Page 1
Project3
4/9/07
4:42 PM
Page 1
User Account Control
for the Enterprise
™
Do you trust your users with Administrative Rights? Windows Vista’s User Account Control
asks users for administrator passwords in order to run many critical applications. Distributing
administrator passwords to end users is not a secure enterprise solution.
Least Privilege Management. BeyondTrust enables enterprises to move beyond the need
to trust users with excess privileges or administrator passwords. Apply the principle of Least
Privilege to all users by securely elevating privileges for authorized applications without end
user input, pop-ups or consent dialogues. Empower network administrators to set centralized
security policy. Built for Windows 2000, XP, Server 2003, and Vista; integrated with Active
Directory and applied through Group Policy.
For a free pilot installation call 1.603.610.4250 or visit www.beyondtrust.com.
Windows and Vista are trademarks of Microsoft Corporation. Other company, product and service names may
be trademarks of their respective owners. © 2007 BeyondTrust Corporation. All rights reserved.
0607red_ProdRev21-24.v8
5/11/07
10:31 AM
Page 21
ProductReviews
Ready to Rumble
IBM’s System x3650 is impressive in both performance and price.
By Chris Wolf
For the thrifty at heart, there are few
things in life better than finding a bargain. When I first started looking at the
IBM System x3650, my first shock
came from—of all things—the price.
In the past, I was accustomed to seeing IBM products priced higher than
those of their competition. This was
usually backed by the tried-and-true
cliché, “you get what you pay for.” The
IBM with which I’m most familiar has
long had a tradition of quality products
with high-end prices.
With these expectations, I compared
the price of the x3650 against the
prices of similar models from IBM’s
competitors, HP and Dell Inc. Much
to my surprise, the x3650 was more
affordable than comparable Dell and
HP 2U servers. The IBM model also
offers up to 48GB of RAM, while
similar HP and Dell servers maxed out
at 32GB.
This seeming change in IBM’s strategy made me wonder if the IBM
brain trust was receiving advice from
Rocky Balboa, who once stated: “If I
can change and you can change, everybody can change.” While Sylvester
Stallone may not be serving on IBM’s
board of directors, it’s fair to say that
RedmondRating
Documentation 10%
9.0
Deployment 10%
9.0
Expandability 20%
9.0
Feature Set 20%
9.0
Performance 20%
9.0
Management 20%
10.0
Overall Rating
Key:
1:
Virtually inoperable or nonexistent
5:
Average, performs adequately
10: Exceptional
9.2
IBM System x3650
Pricing begins at $2,169
IBM Corp. | 866-872-3902 | www.ibm.com
the winds of change are blowing
strong at IBM.
The x3650 is a 2U server with a starting price of around $2,100. It offers the
following features:
• Support for up to two quad-core
Intel Xeon CPUs
• 12 DIMM slots with support for up
to 48GB of RAM
• Up to eight Serial Attached SCSI
(SAS) hot swappable drives
• Hot swappable redundant cooling
and power
• Four PCI Express slots
• Onboard SAS RAID controller (supports RAID
0, 1, 10 with optional
RAID 5 or 6 upgrade)
• Onboard dual gigabit
Ethernet card
This server is very wellcrafted, with all of its 2U space maximized. The flexibility of the expansion
slots, which support four PCI Express
cards or two PCI Express and two PCIX slots, was also impressive.
Cool Down
Many of the server deployments with
which I’m involved support server virtualization. In these deployments, storage and network I/O are the most
critical. So, when configured with two
dual-channel fiber channel host bus
adapters and two dual-channel GB
NICs, you can have a total of four fiber
channel ports and 6GB network ports
(including the two onboard ports).
The server can accommodate up to
eight 2.5-inch SAS drives or up to six
3.5 SAS drives, which offer a maximum
Receiving a rating of 9.0
or above, this product
earns the Redmond Most
Valuable Product award.
internal storage of 1.8TB (SAS) or 3TB
(SATA). The base unit includes a single
power supply with five cooling fans.
For redundancy, you can add a second
power supply, along with an additional
five fans. This will give you redundant
power and cooling.
One of the unsung features of this unit
is its Calibrated Vectored Cooling
(CVC). With CVC, the speed of each
cooling fan will run anywhere from
4,250 RPMs to 8,000 RPMs.
The speed of the fan will increase as the
temperature in the fan’s associated server
zone increases. It decreases as the zone
temperature falls. By allowing fans to run
at a variable rate, the system noise and
power consumption are both reduced.
Knock Out Failures
Let’s face it—hardware always seems to
fail at the least opportune times. Isolating a faulty component like a bad stick
of DRAM can sometimes be a process
of trial and error. With the Light Path
Diagnostics feature of the x3650, troubleshooting is greatly simplified. The
Light Path Diagnostics card displays an
error LED when a failure occurs. You
can then push a button to extend the
5/11/07
10:31 AM
Page 22
ProductReviews
card from the chassis to view additional
LEDs. This lets you identify the part
causing the error.
Suppose that the error is caused by a
faulty dual in-line memory module
(DIMM). With Light Path Diagnostics, each individual DIMM has its own
error LED. So isolating a faulty
DIMM is as easy as checking which
LED doesn’t look like the others.
That’s something even Rocky can do.
When combined with IBM’s Director
Management tool, Light Path Diagnostics can alert you of failures once they
occur. Another nice feature that you can
also integrate with Director is IBM’s
Predictive Failure Analysis (PFA). PFA
monitors resources while tracking
repeated errors (such as disk I/O)
errors. Once a series of errors surpasses
a predetermined threshold, the system
will generate an alert. This helps you
spot a failing device before it actually
fails, and thus take preemptive action to
prevent unscheduled downtime.
The x3650 literally took everything
that I could throw at it without missing
a beat. With its very reasonable entrylevel price, this server would be a nice fit
for medium-sized and growing organizations. With its low profile and excellent expansion options, this server is also
a nice fit in data center environments.
While I would always like more features, I realize that there are physical
limitations of a 2U chassis, and IBM has
done a nice job shoehorning as many
high-performing devices and expansion
slots into the server chassis as possible.
With excellent performance and config-
uration options, intelligent power management and aggressive pricing, the
IBM x3650 is definitely worth a look.
With or without the help of Rocky, it’s
clear that IBM is trying to once again
reign over the heavyweights. —
Chris Wolf ([email protected]) is a
Microsoft MVP for Windows Server—File
System/Storage and is a MCSE, MCT, and
CCNA. A senior analyst for Burton Group,
he specializes in the areas of virtualization
solutions, high availability, enterprise storage
and network infrastructure management.
Wolf is the author of “Virtualization: From
the Desktop to the Enterprise” (Apress,
2005) and “Troubleshooting Microsoft
Technologies” (Addison Wesley, 2003), and
a contributor to the “Windows Server 2003
Deployment Kit” (Microsoft Press, 2003).
Still a Friendly Ghost
Whether you’re an enterprise network or a small company, there’s
nothing to be scared of with this Ghost.
By Greg Shields
Ghost gave my IT career a jump-start.
The same goes for a whole crop of IT
people. Ghost was the tool that arrived
just when we needed it to speed up new
workstation deployment. During one of
my projects many years ago, Ghost
increased our deployment productivity
by 1,100 percent over the manual
method. It was so successful, I ended up
getting promoted.
Ghost Solution Suite version 2.0 is
Symantec Corp.’s most recent release
of a product line that has been around
for a generation of IT workers. It has
RedmondRating
Documentation 25%
9.0
Installation 25%
8.5
Feature Set 25%
8.5
Management 25%
9.0
Overall Rating
8.8
Key:
1:
Virtually inoperable or nonexistent
5:
Average, performs adequately
10: Exceptional
Ghost Solution Suite
Pricing starts at $39.20 per user for 10-24 users
Symantec Corp. | (408) 517-8000 | www.symantec.com
long provided an easy-to-use and highperformance mechanism for deploying
operating system images to workstations and servers. Ghost is so synonymous with image deployment that the
imaging process for applications is
often referred to as “ghosting.”
The New Boo
The new version of the Ghost Solution
Suite has three major enhancements to
the core Ghost engine, as well as a
group of updates to the Ghost Console.
While Ghost Server, the core Ghost
product, does most of the heavy lifting,
the Ghost Console often goes unnoticed. It’s this console that is the focus
of the first major set of enhancements.
The Ghost Console is intended to be
an elementary inventory system to help
you create dynamic machine groups
based on inventory data. Once you’ve
created those groups, you can use them
to deploy images and software packages
based on policies. You can assign a task
to a target machine group that clones
the machine, captures the user configuration, deploys a software package, executes a scripted command or many
other options. This process lets you
take a more holistic approach to
deploying OS images, elevating what
was before just a straight image dump
to a more process-centric approach.
While it certainly has enough features
for the small- to medium-sized network, the Ghost Console’s functionality
may not be granular enough for enterprise-level customers. Most likely,
these large customers are already using
a fully featured systems management
tool like Microsoft Systems Management Server or Altiris. For those who
don’t, however, the Ghost Console
Project4
5/10/07
2:27 PM
Page 1
RARE OCCURRENCE.
For a limited time, upgrade to Crystal Reports® XI for only $99.
Create brilliant reports in minutes from any data, anywhere, then
instantly share them over the web. Business users get what they
need, when they need it, and you get a solution that frees up your
day. A rare occurrence, indeed.
• Simply access any data, anywhere
• Easily create reports – whatever your level of expertise
• Instantly share reports over the web
Act fast. Go to www.businessobjects.com/rare
or call 1-888-229-2276 today.
NOW $
99
UPGRADE
or
$395 NEW
© 2007 Business Objects. All rights reserved. Business Objects and the Business Objects logo, Business Objects and Crystal Reports are trademarks or registered trademarks of Business
Objects in the United States and/or other countries. All other names mentioned herein may be trademarks of their respective owners.
5/11/07
10:31 AM
Page 24
ProductReviews
provides some critical inventory information like hardware composition,
installed applications and patches on
the target systems.
One of the console’s new features that
will be useful for Vista deployments is
the ability to filter all your systems to
show which ones are candidates for a
Vista upgrade and which ones are not.
This feature alone will be a great assistance to the harried administrator
tasked with Vista upgrades, but having
trouble determining the actual hardware requirements.
Ghost’s improved capability to do
user state migration is arguably the
most impressive of the new features in
version 2.0 of the core Ghost engine.
Although user data migration tools
have been around for a while, previous
attempts were often difficult to implement. The way Ghost handles user
migration takes everything off a
several dozen third-party applications
like Yahoo! Messenger, Lotus Notes,
Palm Desktop and Acrobat. The comprehensive manual (at 700-plus pages)
will give you detailed information
about the captured settings. All the
migration pieces are now integrated
with the Ghost Console itself.
The third new feature is compatibility with Vista upgrades. Any Vista
installation requires a 32-bit pre-OS,
which is different from any of
Microsoft’s earlier OSes. Ghost uses
this pre-OS, typically the Windows
Preinstallation Environment (WinPE),
to deploy images to workstations.
This shift to a 32-bit pre-OS for
installation opens up a host of new
functionality. First, images are now
essentially architecture-independent.
You should be able to deploy a Vista
image generated on one processor
architecture to a machine with a differ-
additional bootstrap drivers that let you
use Ghost with more types of RAID
arrays than previously possible.
Interestingly enough, in an era where
many companies are trying to scale
their products to enterprise-level customers, Symantec’s focus is on the
SMB user. While many enterprise-level
customers use the Ghost Server piece
to handle their image deployment, they
may not need the Ghost Console to
manage inventory. SMB customers,
however, have a defined need for Ghost
Console support and the functionality
that comes with the console, including
application packaging.
The application packager in Ghost is
designed for the IT administrator
who’s not necessarily a pro at package
development. It includes features like
pre- and post-installation differencing
to identify the updated files and registry keys. These features are available
in other packaging tools, but usually for
an additional cost over and above the
deployment mechanism.
Hauntingly Good
So, do Ghost’s new features and functionality warrant a purchase or an
upgrade? If you’re a small-market customer and you need an integrated
inventory and image deployment tool,
Ghost is a mature product that has
been doing it well since many of us
started our careers.
If you’re an enterprise customer
who’s been using Ghost Server for
years, you’ll want to consider an
upgrade, if for no other reason than to
add Windows Vista deployment support. In either case, this new release
matures a successful product that continues to hold a special place in the
hearts of many IT old-timers. —
Figure 1. The Ghost Console lets admins perform multiple tasks from a single GUI.
machine that makes it unique, such as
desktop configurations, profile information and application settings.
Another aspect where Ghost excels is
in its handling of third-party applications and their associated customizations. It supports configurations for
ent architecture. You can now mount
and edit offline any file-based Ghost
images created from NTFS partitions.
This means you can manipulate the
image contents offline without having
to deploy, update and recreate a new
image. The 32-bit pre-OS also sets up
Greg Shields, MCSE: Security, CCEA, is
a principal consultant for 3t Systems
(www.3tsystems.com) in Denver, Colo. A
contributing editor to Redmond magazine
and a popular speaker at TechMentor
events, Greg provides engineering support
and technical consulting in Microsoft,
Citrix and VMware technologies.
Project11
3/13/07
4:08 PM
Page 1
BRIDGE THE GAP BETWEEN
DATA PROTECTION AND APPLICATION AVAILABILITY
SteelEye solutions ensure the availability of your critical data and applications across any environment.
To request your free bridge building kit
and discuss your availability needs with
our experts, surf to www.steeleye.com
or phone 866-318-0108.
SteelEye integrates continuous data
protection, the ability to cluster together
physical servers with virtual machines
and support for both shared storage and
data replication configurations across
LANs and WANS, so that you are fully
protected in any situation.
Monitoring and Recovery of:
•
•
•
•
•
Servers and Storage Devices
Windows and Linux
File systems and Data volumes
Network connections
Application and Services including:
•
•
•
•
•
•
Exchange
SQL Server
Oracle 9i and 10g
SAP NetWeaver
Apache and IIS
SharePoint
All products referenced are the trademarks or copyrights of their respective owners.
Project5
2/12/07
11:14 AM
Page 1
0607red_ReaderRev27-28.v5
5/11/07
10:34 AM
Page 27
ReaderReview
Your turn to sound off on the latest Microsoft products
The Power of PowerShell
Readers have high praise—and high expectations—for Microsoft’s new
command-line shell and scripting tool.
By Joanne Cummings
To know Microsoft’s PowerShell is to
love it. That’s how most readers feel—
it’s just tough getting to that point.
PowerShell 1.0, formerly code-named
“Monad” and later “MSH,” is
Microsoft’s new object-oriented scripting language and command shell.
Readers say it’s a huge improvement
over Windows command shell
(CMD.EXE), especially when it comes
to being productive when managing
Windows environments. Although the
learning curve is a bit high, they say,
getting comfortable with the tool is
well worth the time and effort.
“Admins are pretty busy already,” says
Dmitry Sotnikov, new product research
manager at Quest Software Inc. and a
member of the PowerGUI forum. He
has been using PowerShell for more
Microsoft PowerShell 1.0
Pricing Info: PowerShell is available as a free download from
Microsoft. (Eventually it will be included as part of Windows.)
Microsoft Corp. | 800-426-9400 | www.microsoft.com
day long. It’s part and parcel of what I
do. I have scripts that automate the
interactions with the database that are
very repeatable. If I need to change a
database object, and I need to know
which other objects depend on this
one, I can get that straight from the
PowerShell prompt.”
On Par with Unix and Linux
Windows has never been strong when
it comes to scripting, readers say. That
has made administering large
Windows environments more difficult
than it should be. PowerShell shines in
Now I use these PowerShell scripts all day long.
It’s part and parcel of what I do.
Chris Leonard, Senior SQL Server Database
Developer and Administrator, GoDaddy.com
than a year now. “Just learning another
scripting syntax has a steep learning
curve, but once you get past that transition, you’re golden.”
That’s true, says Chris Leonard, senior SQL Server database developer and
administrator at GoDaddy.com, a
domain name registrar in Scottsdale,
Ariz. Leonard says he spent several
weeks going through PowerShell’s user
guide at a rate of about five or 10 pages
a night, slowly getting a handle on how
it worked and what it could do.
“It took a while to plow through it,
and to port all my other scripts over to
it, but the results are worth it,” he says.
“Now I use these PowerShell scripts all
those typical administrative environments, in which users are tasked with
repetitive tasks that can quickly drive
GUI users crazy.
“GUIs are great when you don’t know
what you’re doing or when you want to
do something just once,” says John
Vottero, partner at MVP Systems Inc.
in Columbus, Ohio. “But when you
need to do something more than once
and you want it to be something you
can repeat, you need to script it. It’s
taken Microsoft a long time to learn
that lesson, but they’ve finally figured it
out with PowerShell.”
Readers have used other scripting
tools for Windows, especially the old
command shell (CMD.EXE), but
weren’t always satisfied with the
results. “Historically, the scripting
ability in Windows has always been
second class compared to what you
can do in Unix or Linux, with nice
shells like Korn shell and bash,”
Leonard says. “In Windows, you’re
either stuck working with the limitations of command-shell scripting or
you could load something like CygWin and their bash shell.”
Leonard says the biggest difference is
that PowerShell’s scripting language is
much more robust. Previously, he had
tried to use CMD.EXE to script and
push database deployments to multiple
servers. He found that as the scripts
became more complex, debugging and
maintaining them became nightmarish.
“If I had scripts with dependencies—
like this script has to run before these
other two can run—I wanted to be able
to represent that in some kind of a control file, and I was really struggling
with it,” he says. “When I would go to
make enhancements, the code was fragile and easy to break. And it was tough
to figure out why it broke. PowerShell
is a big improvement.”
The “Aha!” Moment
The differentiator between PowerShell
and other scripting tools is that it’s
object-oriented and built atop Microsoft’s
.NET framework. That means PowerShell scripts aren’t just piping around
plain ASCII text. Instead, they’re actually scripting entire .NET objects,
including all properties and methods.
0607red_ReaderRev27-28.v5
5/11/07
10:34 AM
Page 28
ReaderReview
“You pass information from one command to the next, and it can get pretty
awkward,” says Leonard.
Because PowerShell works with complete objects, you can do much more
with the scripts. “Those objects still have
their native properties and methods
attached, so if I want the length of that
file, I just say ‘GET-LENGTH,’ and
there it is, boom. I didn’t have to figure
out where they put it in the display,”
know how to get a widget, well, the command is probably GET-WIDGET.”
Leonard’s other “Aha!” moment had to
do with PowerShell’s ability to interact
with the Windows registry. “PowerShell
extends the idea of a drive, so that things
besides file locations can be pointed at by
drives,” he says. “For example, certain
pieces of the Windows registry are
accessible as drive letters, much like the
C: drive on your computer.”
Just learning another scripting syntax has a steep learning curve,
but once you get past that transition, you’re golden.
Dmitry Sotnikov, New Product Research Manager, Quest Software Inc.
Leonard says. “And I’m free to do anything with the object, not just display it.
That was definitely an ‘Aha!’ moment.”
What makes PowerShell strong, he
says, is that it follows conventional programming constructs. It even has a
built-in debugger, which is a huge
improvement over CMD scripts. “If it
breaks, I don’t have to just stare at my
command-shell script and try to find a
syntax error,” he says. “I can actually
use the debugger to step through my
code like I would in a compiler environment, almost. Plus, it handles
arrays, looping and branching—all
these things you look for in a fullblown programming language.”
Compared to other scripting tools,
PowerShell’s commands and utilities
are very standardized. This is because
it enforces a verb-noun naming convention for all of its cmdlets (pronounced “command-lets”), the built-in
commands within the scripting tool.
“With PowerShell, you don’t get to
name your cmdlet,” Leonard says.
“You have to specify your verb and
your noun and then you get a name,
verb-noun, like GET-DRIVE.” That
level of standardization ratchets up the
performance and efficiencies when
using PowerShell, he says.
MVP’s Vottero agrees that the standardized commands are powerful and
intuitive. “It’s very easy for an end user
to pick up on,” he says. “If you want to
One particularly helpful key in
PowerShell is HKLM. “It points to a
well-known location in the registry
called HKEY_LOCAL_MACHINE,
and that’s great,” he says. “All of the
sudden, without leaving the command
prompt, I can navigate into the registry, look things up and script interactions with the registry just like I’m
working with files.”
Only a Few Downsides
Early users say the pros far outweigh
the cons with PowerShell, but there are
a few missing pieces. For example, it
seems to have limited capabilities for
remote machines. “I’m controlling a
whole bunch of servers, so it would be
cool if there was some kind of naming
syntax that would let me do tasks on
each of my servers,” Leonard says.
“That could easily streamline our
deployment process when pushing
things out across the server farm.”
Vottero adds that it’s also a bit slow at
times. “It’s slow, but it’s not so slow
that it’s not usable,” he says, adding
that much of what appears to be
GetMoreOnline
Learn more about getting
comfortable with PowerShell at
Redmondmag.com.
FindIT code: ReadRev0607
PowerShell running slow is really due
to the way .NET works. “A directory
search looks slow, but it’s the fault of
the way .NET hands your directory
entries when you’re doing a directory
search. It’s up to the .NET Framework
to fix that, not PowerShell.”
PowerShell for Everyone
Perhaps the biggest plus to PowerShell
is Microsoft’s intention to include it as
a unifying component across its product lines. For example, PowerShell is
already included with Exchange 2007
and Systems Center Operations
Manager. It just debuted in beta 3 of
Longhorn server. Microsoft has also
signaled its intention to include PowerShell in future versions of Windows.
“That unification is the biggest advantage,” Sotnikov says. “I can use it against
Exchange and Operations Manager and
[Internet Information Server] IIS 7 and
whatever other applications are going to
be released with PowerShell support.”
Vottero, who’s an ISV, says the next
version of his product, the JAMS job
action and management system, will
require PowerShell. That type of unification and standardization will act as a
catalyst for the Windows third-party
marketplace. “Microsoft’s laying down
the foundation and saying, ‘here’s how
you do command-line script-oriented
stuff for Windows.’ And now everybody can write to that framework,” he
says. “Until PowerShell, that was
always sort of up in the air—everybody
kind of invented their own and there
was no standard. Now, when we do
stuff that fits into PowerShell, it will
work with other ISVs’ stuff that fits
into PowerShell. And that means end
users can combine everybody’s stuff
into whatever they need to do to get
their job done.”
That’s something Windows users have
long clamored for. “If I was talking to
Microsoft and the PowerShell guys, I’d
say, ‘Great job,’” Vottero says. “Too bad
you didn’t ship it five years ago.” —
Joanne Cummings (jcummings@redmond
mag.com) is a freelance technology journalist.
Project11
1/16/07
11:19 AM
Page 1
Lose that important file?
Protect against accidental file deletions with NEW Undelete® 5
Now with version protection for Microsoft® Office files
According to the New York Times, file loss costs businesses an estimated $13 billion per year. The problem
is that the Windows® recycle bin doesn't capture every deleted file, particularly files deleted over the
network and older "saved-over" versions of Microsoft Office files. Not even your backup system provides
comprehensive real-time protection.
Now you can get complete up-to-the-minute file protection with
instant recovery—get new Undelete 5!
• NEW! Version protection allows instant recovery of older versions of Microsoft
Word, Excel and PowerPoint® files
• EXCLUSIVE! Recovery of deleted files is easy and instant
• EXCLUSIVE! Undelete 5 captures and protects all deleted files in real time — even
files deleted by other systems over the network. No more lengthy backup restores!
• Server and workstation editions available
Try Undelete FREE!
Visit: www.undelete.com/recover
For volume license pricing and government or educational discounts,
contact your favorite reseller or call 800-829-6468 reference number 9246
®
©2007 Diskeeper Corporation. All Rights Reserved. Undelete, Diskeeper and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper
Corporation in the United States and/or other countries. Microsoft, Windows and PowerPoint are either registered trademarks or trademarks owned by Microsoft
Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.undelete.com
0607red_F1Orphan30-36.v7
5/11/07
2:30 PM
Page 30
Please, Sir, May I H
Taking in orphanware
can be frustrating, but
there are steps you
can take for its proper
care and feeding.
By Lafe Low
S
everal years ago, Jacques Francis was charged with finding a
highly specialized business
process automation tool. His
firm, a small London-based
insurance broker, made as its final choice a
work in progress that was being offered to
the company and other small brokers at a
price well below that of what more established players could offer.
That low-cost choice proved more expensive than Francis
could have ever imagined.
“[The vendor] never finished the product, went to the
wire financially and was bought by another financial
services provider that promptly pulled the plug to stem
the hemorrhaging of cash,” Francis says. And just like
that, Francis had become the proud owner of orphanware. Fortunately for Francis, now the IT manager for
global financial services firm Demica Ltd., his story
didn’t end there.
The ingenuity and entrepreneurial spirit of many technology companies breeds innovation and unique solutions
to complex problems. It does not, however, breed stability.
That’s especially true for some of the smaller companies. If
you’ve ever purchased a piece of software only to have the
vendor go under or be acquired by a larger company
shortly thereafter, you can empathize with the inconvenience, expense and exposure of being orphaned.
5/11/07
2:30 PM
Page 31
I Have Some More?
Most IT administrators maintain a respectful level of vigilance when selecting, deploying and relying on any piece
of software or hardware, especially for mission-critical
functions. Some even eschew smaller companies or startups, opting instead for established companies with lengthy
track records.
“The big dogs eat the little dogs,” says an IT manager
with a medical firm who prefers to remain anonymous, “so
PHOTOS FROM CORBIS IMAGES
we try to use the big dogs whenever possible.” But when a
specialized utility or application with unique features is
needed, administrators don’t always have the luxury of
relying on proven vendors.
Analysts agree that instances of orphanware are more
common when smaller vendors are involved. “Orphanware
is less prevalent in core business applications,” says Ray
Wang, senior analyst for market researcher Forrester
5/11/07
2:30 PM
Page 32
Orphanware
Research Inc. Smaller vendors getting gobbled up by larger
vendors, Wang finds, is the situation that most commonly
leads to products being orphans.
Ironically, Wang also sees a strong likelihood of
orphanware resulting from systems integrators
developing customized applications for large platform
deployments. “Systems integrators continue to add code
on top of existing base products,” he says. “Many of
those integrators are small shops. Some may go under or
be acquired.”
The open source arena is another place where orphanware has become a common occurrence. “In custom development and the open source side, it’s more prevalent. I
don’t think it’s become a disaster or a tragedy, but it’s
more prevalent,” Wang believes. He cites the nature of
highly specialized applications and people moving on to
other positions with other companies as the primary reasons for open source orphans.
“
Orphanware is less
prevalent in core business
applications. … In
custom development and
the open source side, it’s
more prevalent. I don’t
think it’s become a
disaster or a tragedy, but
it’s more prevalent.
”
Ray Wang, Senior Analyst, Forrester Research Inc.
Plan Ahead
So how can you protect yourself? David Reitz, systems
administrator for the Coors Brewing Company in Golden,
Colo., has become the caretaker of orphan technology several times. His first step is to batten down the hatches and
try to minimize the impact by putting together a sensible
migration plan. “The short term plan deals with assessing
the impact, freezing the environment and looking at other
people to support it, including former employees [of the
defunct company]. The longer term plan deals with moving away from the product,” he says.
While it’s important to have a plan of action in the
immediate event of being orphaned, it’s equally essential
to negotiate up front what will happen in the event of a
company’s demise or sale to another firm. “Terms in the
contract should include software escrow and code ownership if the company fails,” Reitz advises. “We have used a
software escrow account and obtained the source code. It
was a little out of date, but it helped a lot,” he says.
Planning ahead ultimately worked out well for Francis.
Fortunately, he had organized a user group as his firm was
purchasing the yet-to-be-finished software. He realized
there’s safety in numbers to a certain extent, and that
there’s some leverage available to help those left short by
a vendor’s dissolution. His user group had seen that the
end was coming and negotiated with the new owners to
receive the code that had been placed in escrow during
the sale. “The new owners gave us the code under the
contractual understanding that we could maintain and
develop the system for our own businesses, but not exploit
it commercially,” he says.
That type of arrangement is fairly typical when placing
source code in escrow to provide to customers when a
company goes out of business. Customers can typically
receive the code to maintain and update the product for
their own use, but not use it to realize a profit. Vendors
will also update source code in escrow from time to time.
This is yet another legal point that IT managers should
clarify during their negotiations.
A software escrow account should be established any
time there’s a change in control within the company or
any financial viability issues, says Wang. “Not only the
software in escrow, but also the support contracts, training
materials, installation guides and platform certification
specs,” he says. “Make sure the documentation is there.
Make sure the knowledge transfer is in place.”
If you haven’t established these types of guidelines and an
escrow account for the source code up front, be certain to
act on it at the first indication that a company may be
going down. “You have to do this before the bankruptcy
process starts, if possible,” says Reitz.
Having a backup plan like this can help, but it’s no
guarantee that you won’t be left high and dry. “Sometimes you get lucky and sometimes you eat it,” says one
anonymous IT manager. “I had one product that was
bought out by Macromedia a month after release and
never had its bugs fixed. Another case was when a blade
vendor almost had 125 grand of my money. I called
them to clarify part numbers and the phone was disconnected.” Doing a lot of research prior to signing a check
and having more than one option is the best course of
action, he says.
Plan B
No matter how much preparation and planning you do,
you may still find yourself pursuing your Plan B. Randall
Stevens goes into any negotiation with a backup plan
Project4
5/10/07
2:21 PM
Page 1
Redmond magazine named
Centeris Likewise Management Suite
Roundup Champion
The Likewise Management Suite allows you to
seamlessly integrate Linux, UNIX, and Mac systems
with Microsoft Active Directory. Enterprise organizations
with mixed networks can now improve security, simplify
administration,
lower
IT
costs
regulatory compliance.
Visit Centeris at Tech∙Ed booth #828
www.centeris.com/freetrial
and
demonstrate
5/11/07
2:30 PM
Page 34
Orphanware
Protecting
Yourself
Y
ou can take several steps up front
that will give you a modicum of
protection in the event that your
software vendor is acquired or goes under:
✦ Formulate a step-by-step backup plan.
✦ Negotiate ownership of source code
in escrow.
✦ Check financial stability of the
company.
✦ Test software if possible.
✦ Consider alternative solutions.
When It Happens
You need to act immediately if a software
package you’re using suddenly becomes
orphanware. Here’s what to do:
✦ Act on your step-by-step backup plan.
✦ Lockdown and assess the situation to
limit exposure.
✦ Consider employing or contracting
with former employees of defunct
vendors who worked on your product.
✦ Aggressively look for alternatives.
✦ Begin a phase-out plan.
already in mind. As a software engineer and independent
consultant, he tries to line up a vendor with a similar
replacement product, but even that doesn’t always work
out. “If none is available, we’ll reverse-engineer the
functionality,” he says.
Another IT manager, who preferred to remain anonymous, rebuilds his systems every five years. Consequently,
he always has his eye on an alternative approach. “We’ve
found a different vendor, found a way to do without the
product, or built our own,” he says. “You always have a
Plan B at the ready.”
Lining up an alternative solution is often an effective
strategy. “Once a buyout happens,” says John Pitton, systems administrator for Discorp, “we go into reactive mode
“
The short term plan
deals with assessing the
impact, freezing the
environment and looking
at other people to support
it, including former
employees [of the
defunct company]. The
longer term plan deals
with moving away from
the product.
”
David Reitz, Systems Administrator,
Coors Brewing Company
and search for a similar or better solution.” Pitton has experienced both situations where products were dropped right
away and where they were maintained for a while following
a sale. Most of the time, the buyout company will renegotiate with customers to continue support and upgrades.
Occasionally, the new company will sideline a product or
phase it out. Even when a product is phased out, though,
there’s usually enough time to select and install a replacement. Pitton has found this is most often the case with
smaller companies purveying the latest technology.
Researching available options among competitors to that
technology is vital.
Project8
5/10/07
4:17 PM
Page 1
you can’t monitor every
student every minute...
iPrism can.
®
®
can
iPrism from St. Bernard is the award-winning Internet
filtering appliance that starts working right out of the
box, blocking dangerous URL, IM and P2P traffic so your
students and networks are protected 24/7.
Contact us to qualify for a
Free Evaluation Unit
iPrism is a completely self-contained solution with no extra
1• 800 •782•3762
hardware or software to purchase. It’s easy to install and
www.stbernard.com/Redmond
use and with its low-cost, zero-maintenance technology,
iPrism is an excellent choice for schools and libraries.
iPrism’s comprehensive on-box reporting helps you
meet critical CIPA compliance requirements and its
hardened and optimized OS has never been hacked–
even proxy tunnels can’t get around it. No wonder our
renewal rates are 98%!
Find out more about the IDC ranked #1 web filtering
appliance. Go online for a Quick Quote or call today!
Focused on Schools
©2007 St. Bernard Software, Inc. All rights reserved. The St. Bernard Software logo and iPrism are
trademarks of St. Bernard Software, Inc. iPrism is a registered trademark of St. Bernard Software, Inc.
5/11/07
2:30 PM
Page 36
Orphanware
“Research first what viable options are available from
other similar software manufacturers,” Pitton says.
“Bleeding-edge software isn’t for everyone. However,
if you’re going to take the leap of faith in software
that no one else is manufacturing, be prepared to
self-support,” he adds.
Start Me Up
The experience of buying from a start-up company is similar to that of buying from a smaller or specialized vendor.
Many of the risks are the same, as are many of the precautions you should take. In either case, once again, research
and contingency plans are essential.
First, make sure a start-up is on sound financial footing.
This can sometimes be problematic, but most should be
willing to give you a good indication of their financials.
Even if you’re dealing with a smaller, privately funded
company that’s reluctant to divulge details, market
research reports can give you a good feel for how the company fits into the context of its market.
While he focuses on major players for his company’s
critical business applications, Deon Pretorious, the lead
“
Bleeding-edge software
isn’t for everyone.
However, if you’re going
to take the leap of faith
in software that no one
else is manufacturing,
be prepared
to self-support.
”
John Pitton, Systems Administrator, Discorp
developer for Geckotek in South Africa, has shopped
around at start-ups for some unique solutions. “I’m not
averse to purchasing non-critical software from start-up
companies,” he says. “I usually take the precaution of
testing the software on a trial basis in order to satisfy
myself that it can perform the necessary functions
and is bug-free.”
The specific focus of some start-up software developers
puts the company, and therefore its customers, in a
unique situation. The prospective competitive advantages
can overshadow the potential risks. “In certain cases,
niche software is provided by start-up vendors that’s not
available elsewhere. This makes it a viable proposition,”
says Pretorious.
Francis says he no longer relies on start-ups for line-ofbusiness applications, but still considers them for utilities and second-tier functions. “The risk to the business
is too great. An exception would be if I knew a start-up’s
people well and was convinced they understood my business and its requirements,” he says, or if he was considering software that provided “non-essential functionality
that couldn’t compromise the business core operations
by its absence.”
Learning from Experience
While experience may be a harsh teacher, most IT professionals left high and dry by orphanware have adjusted
their tactics to better manage the situation should it
happen again.
Sometimes, when you negotiate ownership of source
code in escrow, you may get more than you bargained for.
“We’ve been in the position where we were offered the
entire company’s assets,” says Coors’ Reitz. “Our maintenance contract exceeded the value of the company’s stock,
so we turned them down, but referred them to other software companies,” he says.
To maintain the value of his software investment, Reitz
has also found those who did the initial work are often
available to keep it going. He sometimes runs ads in local
papers where a company was based and contracts with the
former employees to do work and support.
Francis’ user group members had a similar experience.
They employed a developer who had originally worked on
the product to finish it off and provide maintenance. Several of the members continued using the product for years,
although Francis says he replaced it with an established
product after a couple of years. Still, he and his user group
members were able to preserve much of the value of their
initial investments.
Dealing directly with the original developers is the best
response to orphanware, says Wang. “Reach out to existing employees and bring them on board,” he says. “The
key ones to know are heads of development and releasepatch engineers.”
The rewards of dealing with smaller, intensely specialized vendors or start-up software companies can outweigh
the risks, but you have to go in with eyes wide open and a
ready backup plan. You can stick with the big dogs, or you
can isolate products you buy from potentially questionable
vendors, but you had better be ready for anything. Companies will come and go, and you don’t want to get caught
in the vacuum they leave behind. —
Lafe Low ([email protected]) is the executive editor of
features at Redmond magazine.
Project1
5/9/07
9:49 AM
Page 1
0607TechEdShowcase.final.qxd
5/11/07
2:32 PM
Page 38
Redmond’s TECH•ED Partner Showcase
GOING TO TECH•ED? MEET WITH YOUR FAVORITE VENDORS ONE-ON-ONE
Tech•Ed Booth #725
UltraBac Software has been offering cutting-edge
technology for more than 25 years. They were first with
physical-to-virtual disaster recoveries in the Windows
market space. At the forefront of dissimilar hardware
restores, UBDR Gold users were some of the first to be
able to truly recover to different hardware manufacturers.
Not to mention, UltraBac Software recognized early on the
importance of 64-bit processors, introducing support in
January 2005.
Visit us at Tech Ed Booth #725 to learn more!
www.ultrabac.com/download
425-644-6000
5/11/07
2:32 PM
Page 39
x86 Server Virtualization with Blazing Fast Performance
• Easy Installation and Deployment
• Support for Windows and Linux
• Multi-Server Management Console
• Choice for Every Server—with a Seamless Upgrade Path
www.xensource.com
650-798-5900
Lieberman Software, a Bronze Sponsor at Microsoft
Tech•Ed, provides mass management tools that reduce
security vulnerabilities, increase productivity, minimize
system failures and ensure regulatory compliance.
Our multi-threaded, agentless solutions allow you to
simultaneously manage thousands of systems from a
single console. Drop by our booth (#815) and we’ll
demonstrate how our products can help you randomize
your local admin account passwords, streamline the
management of your servers and workstations, and improve
the security, uptime and auditability of your Windows and
Linux systems. With five (5) Windows Vista Certifications,
we know you’ll be amazed at what our products can do.
www.liebsoft.com
Have you experienced the horror of an
Exchange database recovery?
Does your existing solution restore your
Exchange server in days—not minutes?
Would you like to see completely automated
Exchange failover (locally or around the world),
without the complexity, expense and pain of
clustering?
Do you want to eliminate backup windows forever and have up-to-the-second data recovery?
Are you interested in a solution that can protect and accelerate your Exchange 2007 migration?
Come see a demonstration of this software-only solution
that works with your existing hardware.
www.inmage.net
5/11/07
2:32 PM
Page 40
Turbocharge Microsoft Office and SharePoint
Applications over the WAN
Certeon is the leader in accelerating Microsoft applications
over the WAN. Running Microsoft Office System and
SharePoint with Certeon’s S-Series Application
Acceleration Appliances and Blueprints provides optimum
speed, security and scalability for applications being
accessed over the WAN. Accelerating both encrypted
and unencrypted traffic, Certeon turbocharges application
response times while maintaining end-to-end data security.
Certeon S-Series acceleration enables the highest
productivity possible for remote branch office employees.
Speed
Security
If you have Windows Web sites or .NET apps, you rely on
Internet Information Services (IIS) to serve them—and Port80
Software is the leader in IIS security and performance. Visit
Port80 at Tech•Ed for a quick performance analysis of your
Web site, IIS7 demos, HTTP caching/compression savings,
plus unique network security solutions, including Port80’s
new ServerDefender Web app firewall for IIS!
Scalability
www.certeon.com/teched
www.port80software.com/teched
Illuminate your reporting for
better decision making.
Business Objects is the world leader in business
intelligence. Our technology is integrated into Visual
Studio 2005 and Microsoft Business Solutions products
and is tightly aligned with Office and SharePoint. Speed
the deployment of comprehensive Web-based reporting
solutions and get the details on upgrading to Crystal
Reports XI for just $99 at TechEd, Booth #1225. And
while you’re at it, receive a free massage.
Connect your World of Mixed Computing Environments
with MKS Interoperability Products
• Connectivity • Compatibility • Interoperability
We Bring the Power of Unix/Linux to Windows
www.businessobjects.com
www.mkssoftware.com/eval
5/11/07
3:17 PM
Page 41
Active Directory Auditing, Access Control and
Authentication for Unix, Linux and Mac
Centrify enables a secure, connected computing environment
by centrally securing your heterogeneous systems, Web
applications, databases and storage systems using
Microsoft Active Directory. Centrify DirectAudit and
DirectControl help you improve IT efficiency, better comply
with regulatory requirements, and centrally audit and control
access to your heterogeneous computing environment.
Come by booth #935 at TechEd for a demo!
Server consolidation and virtualization: simple, right?
Simple until you realize that you have provisioned an
unknown number of virtual machines ... each with a custom
OS ... with no way of managing them. Server virtualization
can be manageable, find out about Virtuozzo—OS-level
server virtualization. Virtualization for the REAL world.
R
www.centrify.com
www.swsoft.com
Visit Centeris at Tech•Ed to find out why Redmond
magazine named the Centeris Likewise Management Suite
the Redmond Roundup Champion for Active Directory
integration of Linux, Unix and Macintosh systems.
www.centeris.com/freetrial
800-378-1330
5/11/07
2:32 PM
Page 42
WhatsUp Gold v11
WhatsUp Gold isolates network problems and provides
awareness and understanding of network performance
and availability. WhatsUp Gold:
• Discovers and maps network gear and Windows
Servers
• Monitors performance and “state” changes
• Provides out-of-the-box e-mail, visual and audio alerts
• Industry leading web app and reporting engine
In addition, WhatsUp Gold delivers all the tools you need
to monitor and manage your network including Cisco
gear, Windows Servers, SNMP & WMI out of the box,
scripting, localizable and IPv6. Take the free trial and find
out why more than 50,000 administrators call WhatsUp
the most trusted name in network monitoring.
Get your free trial today at
Imagine … a directory of the people,
for the people, by the people!
Make it a reality! Enable your Active Directory users to
self-manage their own profiles, groups, passwords and
more! Stay in control with Native & Delegated Roles—you
decide how much or how little they can do.
Namescape’s rDirectory & myPassword supports Simple
& Advanced Searching, Photos, Password Reset, E-mail
Notification, etc. Download Community Edition FREE!
Don’t stop there … Empower your admins with powerful
tools—streamline those bulk, repetitive Active Directory
tasks that bog them down. Try mPowerTools FREE!
www.ipswitch.com
www.namescape.com
We know how you feel...
Take control of your IT infrastructure and help it reach its
full potential by using virtual infrastructure solutions from
VMware to:
• Provision new servers by up to 70 percent less time
• Reduce hardware and operating costs by as much
as 50 percent
• Save more than $3,000 per year for every server
workload virtualized
Monitoring, alerting and
reporting software
created by IT Professionals
for IT Professionals.
www.tntsoftware.com
Stop by to get your own evaluation software!
www.vmware.com/go/teched
Get a Free Virtual Starter Kit
5/11/07
2:32 PM
Page 43
Securent delivers its innovative, standards-based
Entitlement Management Solution, enabling organizations
to consistently manage, enforce and audit permissions to
any Microsoft Office SharePoint resource—including
document libraries, lists, search queries and web parts—
across distributed sites and site collections.
XenSource virtualization products are based on the open
source Xen™ Hypervisor, driving high performance for
Windows and Linux guests. Founded and run by the Xen
development team, XenSource delivers products that
allow enterprises to realize the total cost of ownership
savings that result from server consolidation, increased
utilization and reduced complexity in the data center.
Download XenExpress, the production-ready virtualization
starter product, for free today.
www.securent.com/solutions/
microsoft_sharepoint/
The Ultimate in Data Protection:
• Perform bare metal recoveries in as little as 5 minutes.
• P2V, V2V, and V2P for total virtual disaster recovery
flexibility.
• Image live servers, including domain controllers.
• Perform true dissimilar hardware restores.
• 100 percent scripted, no user intervention backup and
restore capability.
• Perform system migrations and deployments.
www.ultrabac.com
425-644-6000
[email protected]
www.xensource.com/win
Visit us at booth #324
GFI MailArchiver is an email
archiving solution that enables
you to archive all internal and
external Exchange server
email, reducing reliance on
PST files. It allows network
admins to provide users with
easy, centralized access to
past email via a web-based
search interface.
www.gfi.com/teched
Project3
4/16/07
1:25 PM
Page 1
Windows Vista® Ready!
Secure Network Monitoring Software you can rely on
to proactively Monitor, Alert and Recover your critical
applications and network infrastructure equipment.
ADMIN DASHBOARD - centralizes status,
reports, system information in a single
convenient location.
• Windows Monitoring
• Resource Monitoring
• QA Monitoring
• Protocol Monitoring
• SNMP Monitoring
• Trouble Alerting
• Detailed Reporting
• Secure Web Interface
WIZARDS - make it easy to add
new monitors and perform complex
configuration tasks.
• Admin Dashboard
• Agentless Architecture
2007 Winner of Network World Clear
Choice Award for Management wares
that fit the bill but don’t break the bank.
See how we scored at www.ipMonitor.com/scorecard/
Just
Released
Download the
Fully-Functional 21 Day Trial
REPORTING - completely configurable
Reports provide statistical and performance
measurements for everything from critical
applications to SNMP-enabled equipment.
www.ipMonitor.com
Sales: 819-772-4772
Copyright© 2007 ipMonitor Corporation. All rights reserved. ipMonitor® is a trademark or registered trademark of ipMonitor Corporation in Canada, the United States of America and other
countries. All other trademarks are the property of their respective owners. ipMonitor Corporation, 15 Gamelin Blvd., Suite 500, Gatineau, Quebec, Canada, J8Y 1V4
0607red_F2Outsource45-48.v7
5/11/07
10:44 AM
Page 45
How one software company successfully
teamed with an international outsourcer to
get its products to market.
By Jeff Angus
W
hile Deloitte Consulting LLP’s most
recent report on outsourcing cites a
majority of projects ending up as failures,
IT management continues to feel the pressure to outsource development as a way to
accomplish the ever-impossible mission of doing more
with less. According to one study Deloitte cites, about 66
percent of projects fail to achieve most or even any of the
benefits the client was aiming for, while 78 percent of buyers
end up cutting the engagement short.
While such engagements do fail, it seems they fail for a
cluster of common but very avoidable reasons. There are
organizations that have succeeded not just with outsourcing
but with offshoring as well, which is the process of sending
the jobs overseas. They’ve succeeded for several reasons.
eProject Inc., a Seattle-based Software as a Service (SaaS)
provider of project management systems, has had unabashed
success partnering with an outsourcing firm located in the
Ukraine and in Redmond, Wash. (“The Ukraine of Washington State,” as it’s known locally). Since eProject has succeeded where the majority have failed, it’s useful to know
what it has done differently, and how it has built success
while others have reduced development projects to piles of
rubble with their own unreconstructed incompetence.
“We went out and got references for offshoring partners.
The qualifications we were looking for were unusual,” says
5/11/07
10:44 AM
Page 46
OUTSOURCING
Chris Lynch, eProject’s vice president of engineering. “We
were looking for quality of work rather than lower costs … I
was hiring locally, so costs were budgeted,” he says.
“Quality was always the biggest need. Our specs called
for a partner that was technically competent and independent, [who] would tell us what they thought we were
doing right or wrong, and who would function as an
extended part of our team. We wanted a peer who had
enough expertise of their own to recommend content and
coding techniques as well,” Lynch explains.
The skill of this approach is borne out by the evidence of
the financial results. eProject has expanded through a
steady march of quarterly product updates to about $16
million in sales with over 125 percent growth in each of
the last two years. Some choices are easy to follow by any
organization trying outsourcing for the first time or
improving other aspects of its existing outsourcing model.
The Right Reason Is Not Cost
While the most common reason the organizations the
Deloitte survey queried were looking to outsource was
cost-savings (70 percent), this wasn’t the reason eProject
succeeded. In fact, the focus away from cost-savings may
have been its key success factor.
Lynch originally sought outsourced development
resources because there was a shortage of skilled talent
available in the Seattle metro area at the time. One of the
organizations he found anxious to take on work in the
United States was Validio Ukraine Ltd., with a business
office in Redmond and project talent in the Ukraine’s
second-biggest city, Kharkov. Validio specializes in projects that require help in requirements definition, testing
and support, as well as implementation.
“We put out a technical design doc, user requirements
and the functional specs, and we asked how they’d do it,”
Lynch explains. “We didn’t tell them too much … We
didn’t want them telling us what we wanted to hear, but to
see what they could bring to the table. We were looking in
the response for project-team thinking more than we were
the logistics of outsourcing,” he says.
Lynch adds that there have been cost-savings relative to
Seattle-based development, but that’s a by-product, not
the main course.
Integral Part of the Team
Rather than industrialize the process—exhaustively define
the specs then sub-contract out the work to outsiders as
though manufacturing sub-components—the eProject
employees work as peers with the people who get their
paychecks from Validio.
The eProject staff members update each other every single
day in stand-up meetings, an artifact of their commitment
to Agile project management techniques that complement
their Agile development methods. The Kharkovians are
part of those meetings. Participants practice a staple of
stand-up meetings: What did you do and find out yesterday, what’s on your list today, what’s coming up next that
we should consider or knit into today’s plans?
All the development talent marinates in the shading,
knowledge-immersion and exchange that happen in the
quotidian practice of fine-tuning the day’s output. This follows the principles of the most—perhaps the only—successful
school of development management thought, which is
elaborated by Timothy Lister and Tom DeMarco in their
book “Peopleware.” The “Peopleware” approach involves,
among other practices, mutual coaching, with everyone
being a coach on some topics and a learner on others, with
management committed to making room for that activity.
eProject employees actively encourage the process and
work from the presumption, which can be self-fulfilling,
that the team members from Validio will bring as much to
the knowledge environment as the Seattle team members.
eProject’s Software Foundation
The eProject Inc. staff members use a wide
spectrum of software to get their work done,
based mostly on Microsoft operating systems
with a mixture of non-Microsoft and Microsoft
applications. The products used within their
engineering group include:
■ eProject PPM6 for Scrum/Agile
Project Management
■ Microsoft Visual Studio Team
Foundation Server
■ Microsoft SQL Server 2005
■ Microsoft .NET Framework
■ AutomatedQA Corp.’s TestComplete
■ MediaWiki
Outside development, key tools include:
■ Salesforce.com.
■ Skype
■ Microsoft Live Meeting
■ WebEx
■ Windows Live Messenger
■ Google Talk
■ Google Docs & Spreadsheets
■ Google Enterprise Search Appliance
■ Microsoft Word, Visio, Excel and
Powerpoint
They run mostly Microsoft Windows XP, 2003
or Vista, with a small but growing fraction
using Mac OS X.
Project1
4/9/07
4:11 PM
UB_Firewall_Redmond.ai
Page 1
4/6/07
11:37:57 AM
™
Open door policy?
Does Your Backup Software Create a Big Hole in Your Firewall?
With UltraBac Software’s advanced backup technology this issue is practically eliminated.
Previously there wasn’t a way to securely back up your network through a firewall without
excessive risk, or having to place your entire backup infrastructure in the DMZ. The new
version of UltraBac will allow you to quickly and easily back up your servers and workstations
without having to compromise security by opening many ports in your system. This innovative
solution allows you great flexibility by uniquely regulating exactly which ports are used for
communication. A one way connection is initiated from inside your firewall so that the outside
communications are initiated using a defined range. This means that networks remain more
secure by eliminating unnecessary port usage, and you can easily configure your firewall for
this defined range to include only your expected backup clients. If you need to better lock
down your environment then you need UltraBac’s backup and disaster recovery protection.
Your organization’s data is an extremely valuable asset. Keep your data safe and secure
inside your firewall, no open door policy allowed.
B AC K U P A N D D I S A S T E R R E C OV E RY S O F T WA R E F O R P E O P LE W H O M E A N B U S I N E S S
WWW.ULTRABAC.COM
© 2007 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, UBDR Pro, and Backup and Disaster Recovery Software for
People Who Mean Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies.
5/11/07
10:44 AM
Page 48
OUTSOURCING
No Loss of Quality
The Deloitte study doesn’t cite a concrete percentage of
service buyers’ overall disappointment with the quality
of outsourced work, but they mention it enough to make
it clear that in the general outsourcing case it’s a significant drawback.
Because eProject makes it clear that quality is a goal, and
because the Validio part of the team is so
thoroughly knit into the everyday work of the
group, Validio staff will turn down immediate
profits to reinforce project quality.
At one of the quarterly planning meetings where a cross-section of the talent
from Kharkov was in Seattle (eProject
alternates quarters, sending part of
the team to Kharkov every other
quarter), Project Manager Tatyana
Yanush, software engineer Oleksandr Megel and quality assurance
engineer Marianna Almakaieva
attended. When a manager on the
Seattle part of the team sought a
Kharkov resource for documenting some
software development kit (SDK) methods, Yanush pushed
back, essentially turning down billable hours, because she
believed the job could be more effectively delivered by
someone with proximity to the SDK’s Seattle authors.
Diffusion of Knowledge
Daily stand-up meetings are high-velocity knowledgetransmission vehicles, but not everyone can attend every
meeting. Also, what knowledge management honchos call
“institutional memory”—wisdom both explicit and
unspoken—isn’t ultimately reusable in quick meetings.
eProject’s remedy to this is to have one of its senior team
members maintain an outline-shaped institutional memory
in a wiki container. The team member updates it during
meetings based on consensus understanding of decisions
and issues.
Tag-Team Process
Proximity, whether geographic, cultural or domain understanding, is the single ingredient that—if missing—is the
factor most likely to crush the value out of outsourcing. The
rubbing elbows with end users, seeing them work in their
jobs, overhearing their concerns, watching them interact
with the end products of developed code—all these inputs
inform developers in ways you can’t replace with even a perfect specification, and it doesn’t make a difference whether
the outsourced coders are in Calcutta or Cleveland.
eProject has figured out not only how to partially neutralize the 10-hour time difference between Seattle and
Kharkov, but appears to have actually turned it into a virtue.
At the end of every workday, the people on the team in one
location send a detailed e-mail message to the other shop so
the antipodal team can work on those tasks deemed most
critical while the senders are at home. Like a pro wrestling
tag-team, the paired groups pass work back and forth,
resolving issues and speeding delivery against calendar time.
They don’t tag-team everything, though. “There are certain times that we need very quick turnaround. If we need
a solution within a day, we may not go to Validio. But if
we have more than a day, we’re fine,” Lynch states.
A final method that reins in the quaquaversal nature
of offshoring skilled work is that Validio has chosen to have its staff work entirely in the client’s
language. Perhaps unsurprisingly, the Ukrainian
team members in Seattle speak English to
each other even when no Seattleites are
around. But this rule holds even in
Kharkov, even when there are no
native English-speakers present.
Using common language tugs
thinking into alignment.
Other Factors
While the eProject outsourcing
model has many components you can
copy, there are a few you probably won’t.
Agile development methods, which lean towards evolutionary releases, fit its SaaS deliverable very precisely. eProjects’ quarterly planning meetings dovetail perfectly with its
quarterly release schedule, an affordance it wouldn’t likely
have if its deliverable was a set of client-server executables
that had additional change management overhead built in.
eProject was founded with a strong knowledgemanagement practice, even before specific software it uses
had come into existence. So the company, even with rapid
growth, has shot up around a knowledge-sharing ethic
driven by upper management. Executives like Lynch and
Christian Smith, the vice president of sales and marketing,
witnessed in previous rapidly-growing start-ups the diseconomies of scale that come with corporate expansion.
They very deliberately set out to pave the path with sensible,
explicit organizational designs and methods based on
management innovation. Also, they hire in part based on
how well the talent is predisposed to fit into their
collaboration-rich, knowledge-sharing teamwork model.
“The commitment to using Validio forced us to tune our
knowledge sharing in even sharper ways,” Lynch notes.
If your organization did not grow up on top of a
knowledge-management ethic, it’s a bigger challenge to
insert it at an advanced stage than it is to maintain it from
organizational conception or adolescence.
Regardless, as the pressure to deliver more projects
while not adding to staff seems inevitable, many can ponder
the outsourcing lessons eProject offers. —
Jeff Angus is a management consultant, speaker on management topics, trainer and the author of the book “Management
by Baseball: The Official Rules for Winning Management in
Any Field” (Harper Collins, 2006).
Project5
4/30/07
2:20 PM
Page 1
New Vista. New Office.
You’re going to need these.
®
From basic Excel programming to Vista security administration to certification,
we have what you need.
978-0-470-10832-1
978-0-470-04688-3
978-0-470-10881-9
978-0-470-09740-3
978-0-470-04614-2
978-0-470-04401-8
978-0-470-10486-6
978-0-470-04615-9
Visit the Wiley booth #653 at Tech•Ed to learn more about our technology books.
Available wherever books are sold, or order online at wiley.com.
Wiley, the Wiley logo, Sybex, and Wrox are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates.
Microsoft, Excel, SharePoint, and Windows Vista are trademarks or registered trademarks of Microsoft Corporation.
0607red_F2CTools50-60.v10
5/11/07
D
1:25 PM
Page 50
eployment
Done Right
The new crop of deployment tools
for Windows Vista is a marked
improvement over its predecessors.
By Rhonda Layfield
W
hen you’re creating the massive disk images you’ll need to deploy
Windows Vista or Longhorn, you need a powerful tool. Windows
Deployment Service (WDS) provides a central storage and
deployment point for Windows XP, 2003, Vista and Longhorn images. WDS
is intended to replace Remote Installation Service (RIS). And before you ask,
yes—it is much better than RIS.
WDS lets Pre-Boot Execution Environment (PXE) clients connect and
download operating system images with little or no human interaction. You’ll
need an established Active Directory (AD) domain, plus DHCP and DNS
servers prior to installing WDS. Your WDS servers must be members of an
AD domain and require NTFS partitions to store images.
You can upgrade your old RIS to WDS by running the Windows-deployment-services-update.exe (found in the Windows AIK\WDS folder). After
you’ve upgraded an RIS server to WDS, it can still offer RIS images, but it can
also distribute Microsoft’s new Windows Image (.WIM) type files (see “Laying
the Groundwork for Vista,” February 2007).
To install WDS from scratch, first install Windows Server 2003 SP2. Then add
WDS from Control Panel/Add or Remove Programs/Windows Components/
Windows Deployment Service (see Figure 1, next page). When you install WDS,
you’ll have to reboot your server, so plan accordingly.
Project10
2/8/07
3:02 PM
Page 1
Work Smarter,
Not Harder...
...with Citrix Training!
Citrix Training provides the experience and knowledge
you need to maximize the performance of your Citrix
IT environment.
Acquire knowledge to:
• Maximize Return on Investment (ROI) through
proper implementation and support
• Improve the reliability and efficiency of your
Citrix environment
• Increase levels of service and customer
satisfaction
• Reduce implementation and support costs
Available as Instructor-led Training and 24/7
eLearning, Citrix Training will help you exceed
your business and career goals.
Citrix Training—Work Smarter
Visit www.CitrixEducation.com/redmond to find out which
training courses and certifications are right for you.
C I T R I X
E D U C A T I O N
©2007 Citrix Systems, Inc. All rights reserved. Citrix ® is a trademark of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark
Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.
5/11/07
1:26 PM
Page 52
Deployment
Configuring WDS is as straightforward as any of the rest
of the current crop of wizard-driven Microsoft platforms.
Open the Windows Deployment Services snap-in found in
Administrative Tools. If your local server doesn’t appear
under Servers, right-click the Servers node and choose
“Add Server.” You could also choose to manage a remote
WDS server by selecting “Another computer” and browsing to the remote server’s name.
Right-clicking your server name and choosing “Configure server” launches the WDS Configuration Wizard.
Click “Next” on the Welcome page and choose the NTFS
partition you’d like WDS to store your images on. If
you’re configuring WDS on a DHCP server, you’ll see the
“DHCP Option 60” page.
Smaller
Y
ou know what they say about good things
coming in small packages. Well, when it
comes to deploying disk images, smaller is
definitely better. Of all the new Windows
Vista deployment tools in the Windows Automated
Installation Kit (WAIK), ImageX is by far our favorite.
ImageX is Microsoft’s new command-line tool for
creating, modifying and deploying .WIM image files
(.WIM is the Microsoft Windows Imaging Format).
Looking at Vista’s installation image—install.wim—
gives us a view of ImageX’s compression abilities. The
install file is about 2GB to start, which expands to
about 8GB when you install Vista. That got us
thinking—what else could ImageX crunch down with
that amount of force?
ImageX vs. the Other Guys
Figure 1. You can add these new Windows Deployment
Services through the Windows Components Wizard.
Both the WDS and DHCP services listen on port UDP
67. When WDS and DHCP are installed on the same
machine, you’ll have to configure WDS to not listen on
port UDP 67 so it will be available for DHCP. So, if
WDS normally listens on UDP 67 for inbound PXE
client requests, and you configure WDS to not listen on
UDP 67, how will the clients ever find the WDS server?
That’s where the DHCP option 60 comes in. When the
DHCP server responds to DHCP client requests, option
60 is included in the response. Option 60 lets the DHCP
client know that the DHCP server is also a WDS/PXE
server. You can set DHCP option 60 by putting a check
mark in the Configure DHCP option 60 to “PXEClient.”
Configuration Control
Chances are you wouldn’t want just anyone in your company
to be able to install a new OS on a whim. So WDS allows
three levels of controls as shown on the “PXE Server Initial
Settings” page.
The first option, “Do not respond to any client computer,” is fairly straightforward. This is the default selection. The second option is “Respond only to known client
computers” and the third is to “Respond to all (known and
We ran a few benchmark tests of ImageX against
some popular zip tools (WinZip, WinRAR and
Windows built-in compressed folders) to see what it
could really do. ImageX is a command-line utility. In
all fairness, we’re not huge fans of the command line.
In this case, though, we readily admit it speeds up the
process and conveniently lets you script practically all
ImageX abilities. Plus you’ll be using the same two or
three commands every time.
We’ll go through the examples step by step. For the
first test, we compressed 1GB of music files using a
folder called “Music” on our D: drive, which was
stuffed with a random collection of MP3s. Here are
the results after selecting “Maximum Compression”
using our popular tools:
WinZip
1 GB
WinRAR
1 GB
Windows Compression
1 GB
Then it was ImageX’s turn. We have the ImageX
utility on our C: drive, for simplicity’s sake. Otherwise, we’d have to navigate to the directory where
it’s located. Here’s what we entered: imagex /capture
/compress max D:\Music D:\music.wim "musicimg".
ImageX has a variety of switches from which to
choose. The ones we’re focusing on here are
“/capture,” which tells ImageX that we want to
5/11/07
1:26 PM
Page 53
r Is Better
By J. Peter Bruzzese and Tim Duggan
ImageX is a slick compression tool that can help
with Windows Vista deployment, as well as everyday
file compression.
create a .WIM file, and “/compress,” which lets us set
the compression level by following it up with
Max | Fast | None after a space.
The result was 1GB—not so hot. For this first example,
though, we used MP3s, which are already pretty well
compressed. There isn’t much room for improvement.
The same would be true of video files. You won’t get an
.AVI to compress much further.
Up next was a handful of Word, Excel and PDF files,
totaling 1GB in a folder called “docs.” The results were:
WinZip
620 MB
WinRAR
656 MB
Windows Compression
689 MB
ImageX came in at 680MB. It only beat the
built-in compressed folders.
Finally, we tested with a
folder filled with 1GB worth
of multiple copies of the
same document. WinZip,
WinRAR and Windows
compressed folders all kept
the folder at 1GB with maximum compression. ImageX
created a .WIM file that
weighed in at 1MB. It took
the multiples copies and shrunk them down to one. That
validated our initial thoughts of ImageX’s capabilities.
The reason for this is ImageX’s ability to perform
single instancing. Essentially, if you’re compressing a
folder that has more than one instance of a file,
instead of compressing that file twice, it images one
copy and points to other copies from that single copy
image. A file getting copied over and over again happens all the time, especially on a file server.
You may never use ImageX to replace a simple compression tool, but you can create .WIM files and use its
compression capabilities to create an image of folders, an
entire disk or even your entire OS.
ImageX vs. CompletePC
In a rapid deployment scenario you’d install Vista plus
any patches or applications. Then you’d seal the
image with sysprep before booting with your
Windows PE CD and using ImageX to create your
deployment image. However, you could also use
ImageX to make an image of your personal system.
Not only is imaging your system a great way to create
backups, you can also create multiple images for
demonstration purposes.
We decided to test ImageX against Vista’s CompletePC backup for disk
imaging purposes. We started
with a system running Vista
Ultimate, using 77.6GB of
disk space. We performed a
CompletePC backup. The
end result was a .VHD file
(which is fully mountable, so
you can retrieve any of your
backed up files at a later time)
weighing in at 32.4GB. It
took a total of 41 minutes and 53 seconds to complete.
This was an interesting result, because most of what
we’d heard about CompletePC backups was that there’s
no compression and it’s a one-to-one ratio.
Next, we needed to test ImageX. We created our
Windows PE disk, booted the system from the disk
(which took us to the command-prompt) and ran
ImageX. It failed at first. We had to create an exclusion list called wimscript.ini and place it in the
ImageX directory. This exclusion list would filter out
Continued on page 54
Not only is imaging your system
a great way to create
backups, you can also create
multiple images for
demonstration purposes.
5/11/07
1:26 PM
Page 54
Deployment
Continued from page 53
the page file, hibernation file, the “System Volume
Information” (the source of the errors) and any other
file types we wanted to exclude.
The wimscript.ini file looks like this:
[ExclusionList]
Ntfs.log
Hiberfil.sys
Pagefile.sys
"System Volume Information"
RECYCLER
[CompressionExclusionList]
*.mp3
*.zip
*.cab
You can add or remove elements from the list. For
testing purposes, we didn’t want to exclude too
much because this would conflict with the findings.
This was one benefit of ImageX over CompletePC
(which does a full system backup, no questions
asked)—you can choose not to back up specific files
or file types. We were able to create the exclusion
list from within our Windows PE environment
using an old friend called Notepad.
We ran through the process without compression the
first time and maximum compression the second time.
We ended up with our non-compressed version shrinking down to an impressive 24GB. The compressed version came in only a little smaller at 23.5GB. It took the
non-compressed version one hour and 28 minutes
(much longer than CompletePC) and the compressed
version took almost three hours.
These time frames or compression results aren’t constant. Each system and each set of files is different, so
each zip, backup or compression will yield varying
results. The main point here is the flexibility of ImageX.
So what does all of this teach us? What is ImageX
really good for? You can use ImageX to compress
files and folders, but where it really shines is in imaging systems. In fact, in many ways it outshines the
built-in CompletePC tools. While CompletePC has
simplicity and speed, ImageX gets better compression
and can filter out unwanted files in the backup. —
J. Peter Bruzzese ([email protected]) is a tech writer
and trainer. He recently started a community forum for
clustering technology at www.clusteringanswers.com.
Tim Duggan ([email protected]) is a network
specialist for Solution32 in New Jersey and co-founder
of ClipTraining.com.
unknown) client computers.” You could also choose the
latter option, notify the administrator and respond after
approval. Think of unknown clients as wireless laptops in
the company parking lot.
You configure known client computers in Active Directory
Users and Computers (ADUC). In ADUC, known computers are referred to as “managed or pre-staged computers.”
Create a computer object in ADUC, name the computer
object and click next to get to the “Managed” page.
Selecting “This is a managed computer” and typing the
computer’s GUID in the “Computer’s unique ID
(GUID/UUID)” box identifies that system as a known
client. You can usually find the client’s GUID in the computer’s BIOS. If the computer doesn’t have a GUID, you
can use the MAC address.
MAC addresses are only 12 characters and GUIDs are 32,
so you’ll need to pad the MAC address with leading zeros.
A MAC address of 00-0F-B1-F6-21-33 would look like
this: 00000000000000000000000FB1F62133. You could
also type the MAC address (with no dashes) and then add
leading zeros until you can select the NEXT button.
The third setting lets known clients download images
from the WDS server. Unknown clients will generate
something called a pending request. You’ll find pending
requests in the WDS snap-in under “Pending Devices.”
Once a pending request appears under Pending
Devices, you’ll have the option to “approve,” “reject” or
“name and approve” the request by right-clicking the
pending request. The “approve” or “reject” options are
pretty straightforward, but “name and approve” may
need a little explanation. You’d use this when you want
to approve the request and name the ADUC object it will
create for the new computer.
The last dialog box in the WDS configuration wizard lets
you add images to the WDS server. You’ll need at least one
boot image and one install image. I like to clear the check
mark in the box next to “Add images to the Windows
Deployment Server now” and add them manually. Why?
Adding the images manually gives you more flexibility. If
you choose to add the install.wim that lives on the Vista
product DVD in the Sources folder, you’ll install all seven
images. If you choose to add them later by right-clicking
either “Boot” or “Install Images” and then choosing “Add
Boot/Install Image,” you can choose to add only one or
two of the seven images.
Boot images are WinPEs, but the WinPE on the Vista
DVD (boot.wim) is different than any you’d create. You’ll
have to add the boot.wim from the Vista DVD that calls
for the OS install program (setup.exe). If you don’t, your
PXE client will boot and download your custom WinPE
and that’s it. You won’t get a list of OSes to install from
the WDS server.
The Power of One
You have to add installation images to an image group,
which gives you two important features—security and
Project7
5/2/07
11:24 AM
Page 1
5/11/07
1:26 PM
Page 56
Deployment
single instance store (SIS) techmachine. The PXE client
nology. Let’s say you have two
sends out a DHCP discover
image groups (each containing
packet looking for a DHCP
multiple images), one for an
server from which to get an IP
office in Dallas and one for an
address. Our DHCP
office in New York. You’d like
server not only gives the PXE
to give the administrators in the
client an IP address, but also
Dallas office full control perthe DHCP Option 60 that
missions for the Dallas image
defines the DHCP server as a
group. You’d like to do the
WDS server as well.
same for the New York admins
If you choose the “Respond to
with the New York image
all (known and unknown) client
group. Right-click the Dallas
computers, but for unknown
image group, choose “Security,”
clients, notify the administrator
2. Running sysprep is a critical step. Make sure to
and then add the Dallas admin- Figure
and
respond after approval”
run the right version for the OS image you’re creating.
istrators group (this is an
option in your “PXE Server IniADUC security group). Set the permissions to “Read &
tial Settings,” your PXE clients will be on hold until an
Execute, List folder contents and Read permissions.”
administrator approves or rejects the pending request.
SIS greatly reduces the amount of disk space required to
Step two is to download a WinPE. Once you connect to
store your images. Let’s say there are three images in your
the WDS server, you’ll need to authenticate to confirm that
Dallas image group called Marketing, Sales and Research.
the account you’re using has permissions to the images
Each image installs Vista Ultimate, but different applicastored on the WDS server. The last step is to create and
tions specific to the departmental needs.
format a partition to which you’ll install, or click next and
Vista Ultimate takes up more than 2GB, so if you stored
the entire disk0 will be your C: partition. Then about 20 to
three complete copies of Vista Ultimate, you’d need almost
30 minutes later, you’ll have a brand new machine.
8GB. SIS stores the files needed for Vista Ultimate just
Creative Customizing
once. It stores the applications in three separate image files
within the Dallas image group. So when you view the Dallas Creating your own custom images configured with your
choice of applications and desktop settings is a snap. You’ll
image group, you’d see a large .RWM (resource .WIM) file
containing Vista Ultimate and three smaller image files con- need a master machine and a utility called WDSCapture (you
could also use ImageX.exe; see the companion story, “Smaller
taining the applications. These smaller image files are typiIs Better,” which begins on p. 52). The master machine is the
cally around 20MB to 30MB (depending on the apps you’ve
machine upon which you’re going to create the image to
installed). So in this scenario, SIS saves 5GB of disk space.
deploy to other machines. Let’s look at the six steps for creatYou have to authorize WDS servers in AD. You can pering a custom image using the WDSCapture utility:
form authorization in the DHCP or WDS snap-in. To
1. Install an OS (XP, 2003, Vista or Longhorn).
authorize in the DHCP snap-in, just right click your server
2. Install and configure applications and desktop settings.
name and choose “Authorize.” The red down arrow on the
3. Sysprep the master machine and shut it down.
server changes to a green up arrow (you may need to press
(Sysprepping the machine will scrub out any identifying
F5 to refresh).
information like the computer name or SID so the
Authorizing in the WDS snap-in is a little trickier.
deployed image will receive unique information. Make sure
Right-click your WDS server and choose “Properties.” In
you use the correct sysprep utility for the OS image you’re
the “Advanced” tab, choose “Yes, I want to authorize the
creating, down to the service pack level. If using a Vista
WDS server in DHCP.” When you authorize from the
WDS snap-in, you have to restart the DHCP server service. master machine, run sysprep version 3.14 with the generalize
switch. You’ll find sysprep in the system32 folder.)
Otherwise, when you look at the server in the DHCP
4. Restart the master machine by booting to a WinPE.
snap-in, there’s a red down arrow and right-clicking the
5. Launch the WDSCapture utility (included in a
server only lets you “Unauthorize.”
WinPE by default).
The WDS Process—Start to Finish
6. The WDSCapture utility launches the WDS Image
Let’s set the scenario first. You have a bare metal machine
Capture Wizard. Click “Next” on the Welcome page and
upon which you’d like to install Vista. Your WDS server
you’ll see the Image Capture Source page.
contains only one boot image (the one from the Vista
Select the volume you want to capture (if nothing shows
DVD) and one install image and has DHCP installed and
up here, the machine was not properly sysprepped), give
configured with an active scope.
the new image a name and description and click “Next.”
A PXE boot (when you see “Press F12 to perform a netWhen prompted for credentials to connect to the WDS
work boot,” press F12) is step one for your bare metal
server, type an administrative account and password. On
Project7
5/2/07
11:27 AM
Page 1
5/11/07
1:26 PM
Page 58
Deployment
the Image Capture Destination page, you’ll have to enter a name and
location to store the image locally (you can store it on the same volume
you’re capturing if there’s enough space. The image will not contain
your .WIM file).
Next, check the box next to “Upload image to WDS server.” Under
server name, enter either the WDS server’s name or IP address. Once the
WDSCapture utility has authenticated to the WDS server, a list of Image
Groups will appear in the drop-down box (image groups are created on the
WDS server). Choose your image group and click “Finish.” You’ll have to
store your new image locally first, then upload it to the WDS server.
You can automate the WDSCapture process by creating a capture
boot image. Add the boot.wim from the Vista DVD to your boot
images in the WDS snap-in. Highlight “Boot Images” and in the
details pane right-click the boot image and choose “Create Capture
Boot Image.” Name your new capture boot image and store it locally.
Once you’ve created your new capture boot image, right-click the
Boot Images node again and choose “Add Boot Image.” Then browse
to your new capture boot image.
After you’ve built and sysprepped your master machine, you can PXE
boot to connect to the WDS server. You’ll see a list of two boot images.
Choose the new capture boot image. This will download a WinPE and
launch WDSCapture automatically.
The Need for Speed
Downloading an image from a WDS server can be time consuming.
You can speed this up by increasing the block size, but please proceed
with caution and test first. The command-line utility we’re going to use
is bcdedit. Vista and WinPE have bcdedit natively, so running this command from Vista or WinPE is the simplest method. We’ll run the bcdedit
command from a machine named Vista1:
1. On a WDS server (ours is named WDSServer) share the \REMOTE
INSTALL\Boot\x86 folder (this is the default folder for storing your
images). For this example, we’ll use x86 as the shared folder name.
2. From Vista1, map a drive to the x86 shared folder (net use W:
\\WDSServer\x86). If prompted for credentials, enter administrative credentials.
3. Copy the default.bcd found in the x86 folder to Vista1’s local C:\ drive.
4. The command to change the TFTP block size to 8192KB is typed
on the Vista1 machine as one long command from the C: drive:
Bcdedit -store default.bcd -set {68d9e51c-a129-4ee1-97252ab00a957daf} ramdisktftpblocksize 8192
(You could use different block sizes such as 4096 or 16384, but the 8192
seems to work well.)
5. Copy the default.bcd from the Vista1 machine to its original location on the WDS server.
6. On the WDSServer, go to a command prompt and type: Sc control
wdsserver 129 (this will reset the TFTP block size for the WDSServer).
All this should help you install, configure and enhance your Windows
Deployment Service server. Whether you’re deploying on a single
machine or across a network, Vista can be a monster to deploy. These
tools and techniques should help. —
Rhonda Layfield ([email protected]) has been involved with IT for 25 years.
She recently co-authored “Mastering Windows Server 2003 Upgrade Edition for
SP1 & R2” (Sybex, 2006). She’s a regular presenter at TechMentor
Conferences and currently offers a series of Vista deployment seminars.
3_07_Redmond_Dorian_WTB.ai
133.00 lpi
15.00° 1/31/2007
45.00°
0.00°
75.00°
1/31/2007
Yellow Process Black
Cyan 10:44
Process AM
Magenta
Process
Project2 Process
2/9/07
Page
1
12:20:16
12:20:16PM
PM
Project11
3/13/07
3:58 PM
Page 1
E-Learning is the ultimate online learning tool. It’s all yours 24 hours a day, 7 days a week, and it will
give you everything you need to conquer even the toughest IT challenge. Give e-Learning a try and
we’ll teach you everything we know. Visit www.transcender.com or call 1-866-639-8765.
© 2005 Kaplan IT, Inc. All rights reserved. TRANSCENDER ® Kaplan IT, Inc. All rights reserved.
0607red_F2GrnMtn61-66.v10
5/11/07
11:13 AM
Page 61
Green Mountain Gets
the
[Share]Point
Coffee maker deploys Web-based portal to
solve data-sharing problems.
By Michael Desmond
W
hen Jim Travis arrived at his new job as
director of sales and marketing at
Vermont-based Green Mountain Coffee
Roasters Inc. (GMCR), it didn’t take him long to realize
he had a big job ahead of him. In fact, the scope of the
challenge became crystal clear almost the instant he
noticed a tall stack of FedEx mailers near his secretary’s
office at Green Mountain Coffee’s offices in South
Burlington, Vt.
“I asked, ‘What are these?’ and she said, ‘That’s our
field sales mailing,’” recalls Travis. “I said, ‘You’ve got to
be kidding me.’”
She wasn’t. Every Friday, Green Mountain Coffee would
overnight to about 70 field sales reps an updated stack of
printed material, to be inserted into the company’s thick
Marketing Resource Guidebook. It was a clumsy, manual
and error-prone process that led to a lot of waste and a lot
of lost sales, says Travis.
To see where [the salespeople] are now,
with the set of reports and tools they had
available, and where they were, e-mailing
100MB spreadsheets around the country,
is absolutely phenomenal.
Chris Wasserman, Technical Lead,
Competitive Computing Inc.
Project3
4/16/07
1:21 PM
Page 1
FREE DOWNLOAD
available for evaluation
AvePoint, the AvePoint logo are registered trademarks of AvePoint, Inc. in the United States and/or othountries. © 2007 AvePoint, Inc. All rights reserved
www.AvePoint.com
Caught with
your pants down?
AvePoint’s
got you covered.
Call 18006616588
to schedule a demo
SharePoint® ItemLevel Backup, Recovery & Archiving Solutions.
5/11/07
11:13 AM
Page 63
SharePoint Deployment
“This has to stop. Every time you hire a person you have to
take them page by page through this five-inch [thick], threering binder. It’s not appropriate,” Travis recalls thinking.
Travis knew from his experience at Ocean Spray
Cranberries Inc., where sales reps accessed product and
sales information over the Web, that it was high time to
digitize the marketing and sales material at Green
Mountain Coffee. He just didn’t know how to do it.
That’s where local consulting outfit Competitive
Computing Inc.—also known as C2—came in.
“Once Jim made his case to the management committee
there and got the approval to go ahead and spend some
money on [the problem], we got contacted by Rob Ely, the
director of the [management information systems] department at GMCR. He was the person managing the project
from [its] end,” says Chris Wasserman, technical lead at
C2. “[GMCR] didn’t come with a solution set in hand—
[the company] came and said, ‘Here’s the problem and
what we want to do about it.’”
Given the distributed sales force, a Web-based portal
solution made immediate sense. And the folks at C2 knew
Green Mountain Coffee well enough—both firms were
founded by Digital Equipment Corp. employees—to know
the company was heavily invested in Microsoft solutions.
That made SharePoint Server 2003 an easy call.
5
Lessons
Learned
1
Don’t Fly Blind: Rather than trying to
come up with a solution to its information
sharing problem on its own, Vermontbased Green Mountain Coffee Roasters Inc.’s
Director of Sales and Marketing Jim Travis
and Director of Management Information
Systems Rob Ely turned to knowledgeable
consulting firm Competitive Computing Inc.
(C2) to help them target a solution platform.
2
Take an Incremental Approach: The
initial rollout was limited strictly to the
sales and marketing organization, and
focused on areas of business collateral and
document retrieval, sales data access and
light contact management. Additional phases
are already underway or planned.
“Pretty Straightforward”
One thing C2 didn’t do was pretend to know GMCR’s
business. Led by Wasserman and Business Lead Jeff
Pratt, the team sat down with Travis, Ely and the rest
of the Green Mountain Coffee group to build a view of
the challenge.
Pratt says the two groups talked through a high-level
view of the design, covering issues like process flow and
storage of assets. “Having these groups get into a room
and talk about these topics with an eye toward automating
them, getting them to think about the process …
independent of automating all these things—this process
has been hugely beneficial to the company,” Pratt says.
The discussion quickly moved to planning, including discussions of metadata handling and access, as well as
design-level issues within the SharePoint environment.
“The stuff they were trying to do—if you step back from
it—was pretty straightforward,” Wasserman says. “Tap
into the back-end database and present documents through
the Web interface.”
Straightforward, yes. But matters were complicated by an
unrelated PeopleSoft-based customer relationship management (CRM) deployment that consumed resources and
spurred GMCR to outsource the SharePoint project. Part
of the problem: The deployment team found that PeopleSoft and SharePoint couldn’t coexist with SQL Server.
“We had to change some low-level [collation] settings
on SQL Server that were incompatible with PeopleSoft,” recalls Wasserman. “The plan was for database
3
Stand and Configure: If Travis could
do one thing, it would be to extend
the SharePoint Web interface to the
company’s wholesalers and independent
retailers. In retrospect, it might have been
worth extending the project to get that
functionality online from the beginning.
4
Path of Least Resistance: Replacing
the inefficient and costly paper-based
process with a digital Web portal was
not only important, it was easy. In fact, once
the heavy lifting of transferring and cataloging the collateral was finished, the marketing group was free to work on more strategic
issues that could help improve the business.
5
Hold On: Rather than dismiss the C2
deployment team after the system was
installed, Technical Lead Chris Wasserman stayed on board for several months in a
support and maintenance role. That decision
allowed Green Mountain Coffee to tune the
new environment, even as it dedicated
resources to the ongoing customer relationship management project.
—M.D.
5/11/07
11:13 AM
Page 64
clusters to serve SharePoint and PeopleSoft both, but
they were incompatible.”
That reversal forced the team to go with separate database servers for SharePoint and PeopleSoft. To expedite
the SharePoint deployment, the database was housed initially on the same server as the Web front-end. Later, a
new database server was deployed and SharePoint migrated
to a three-tier structure.
“For the load they were getting and the number of users,
it was acceptable,” says Wasserman.
Crawl, Walk, Run
Jim Travis, director of sales and marketing, Green
Mountain Coffee Roasters Inc., says the impact the
initial SharePoint deployment is having on his sales
and marketing teams has caused “a deeper appreciation
of the metrics behind the business.”
Rather than charge into a fully interactive environment,
Green Mountain Coffee deployed its portal functionality in
three granular stages. The first stage simply took the massive Excel spreadsheets that had been e-mailed to field reps
in the past and hosted them on the SharePoint Web portal.
“We adopted a crawl, walk, run approach to the data,”
C2’s Wasserman says.
Next, C2 added Web views of the Excel spreadsheets.
This eliminated bulk file downloads and made access to
specific data much easier and quicker for field personnel.
In the third stage, C2 deployed SharePoint-based analytics, cubes and SQL Server reporting services on top of the
portal. It was at this stage, says Wasserman, when things
really started to click.
NORTHERN STORAGE SUITE
RECLAIM
It’s the natural state of every organization – an ongoing battle. Taking back all
the unnecessary, duplicate and obsolete data. Without causing user push-back.
Northern Storage Suite helps you reclaim this wasted capacity: easily and routinely.
First, it shows you who is saving what, how much and where. Then it enables you to
keep storage costs down by automating archiving and cleanup jobs.
Reclaim wasted capacity – remove unnecessary costs.
Sample the power of Northern Storage Suite – download
Northern’s Free Analysis Tool: www.northern.net/redmond
WWW.NORTHERN.NET / [email protected] / 1.800.881.4950
NORTHERN – MANAGING STORAGE SINCE 1995. TO US IT’S SECOND NATURE.
Project2
5/10/07
1:39 PM
Page 1
5/11/07
11:13 AM
Page 66
“Now they’ve got a whole set of reports that are available on their portal, from personalized reports for a sales
person and what their numbers are, to numbers on the
whole company and what [its] sales are,” he continues.
“To see where [the salespeople] are now, with the set of
reports and tools they had available, and where they were,
e-mailing 100MB spreadsheets around the country, is
absolutely phenomenal.”
Among those resources are a completely retooled set of
marketing and presentation materials, which replace the
bulky Marketing Resource Guidebook. Web-enabling
these resources was more than simply a matter of slapping
them online. The glossy color pages were redesigned for
online presentation, as well as for effective output on the
inkjet printers used by field staff.
Next Steps
With the CRM deployment project still boiling, Green
Mountain Coffee decided to keep C2’s Wasserman on
board to help with the transition and manage configuration issues. “This guy worked tirelessly over four or five
months,” Travis says.
For all the early successes, Travis says he wishes he
could have done more up front. “We still need to do a lot
of work on our pricing models. I probably would’ve
pushed a little harder on our scorecard for the dash-
board,” he explains. “I think that’s because I was pulled
off on other things. I should’ve stayed with it.”
Travis says he won’t make that mistake again. A host of
follow-up efforts are in the offing, including a self-service
portal serving Green Mountain Coffee’s growing network of
wholesale customers. The new resource will do everything
from providing ordering and costing services to presenting
best practices and roasting recipes for coffee shops. An
enterprise-wide portal is also planned, and should help drive
efficiencies beyond the marketing and sales organization.
Still, Travis can’t say enough about the impact this initial
SharePoint deployment is having on his sales and marketing
teams. “There’s a deeper appreciation of the metrics
behind the business,” Travis says. “The nomenclature is
changing. People are beginning to talk a bit more professionally about their brand and their metrics. You don’t get
that from training.”
Ultimately, Wasserman credits the success to his client’s
readiness to commit to the solution.
“I’m a firm believer that most IT projects are personalityrelated and not technology-related,” says Wasserman.
“GMCR was really ready and willing to take this stuff on. It
was a very good fit, it really was.” —
Michael Desmond is the founding editor of Redmond Developer
News. You can reach him at [email protected].
Consolidate
Windows Servers
Now!
Proven Server Virtualization
• Blazing Fast Performance
for Windows Guests
• Multi-Server Management
• Seamless Upgrade Path
• Powerful Administrator Console
• Easy Installation and Deployment
• Windows SMP Guest Support
• Fully Supported
Download XenExpress for free!
Plus, get a free t-shirt when you refer three friends!
www.xensource.com/tshirt
Project2
5/7/07
ow
N
sta
i
V
10:21 AM
Page 1
ted
r
po
p
Su
Maximum Control. Minimum Effort.
PC Remote Control
Providing desktop support can be a headache with the large number of systems, servers and mobile devices
located on today’s corporate network. With NetSupport Manager remote control software, you can provide
seamless IT support centrally from one location, improving response times and reducing associated IT costs.
Support, monitor and train your users securely over a LAN, WAN and the Internet. Manage and monitor multiple
systems simultaneously with NSM’s multi-platform support including Windows, Linux, MAC, Solaris, and Windows Mobile. Troubleshoot help requests efficiently with NSM’s inventory and desktop management tools.
Take control of your network before it controls you.
For more information and to download a free trial copy visit:
www.netsupportmanager.com
[email protected]
770-205-4456
www.netsupport-inc.com
0607red_NeverAgain68.v8
5/11/07
11:16 AM
NEVER
AGAIN
Page 68
By Steven Fishman
and Alex Albright
All’s Well that Ends Well
W
e pride ourselves on being early adopters, so on Jan.
31, 2007—the day after the official launch of
Windows Vista—we activated our volume license for
Vista Ultimate along with Windows Live One Care.
We proceeded put it on our desktops
and servers in hopes of a seamless
upgrade from XP. We quickly discovered, however, that Windows Vista
Firewall and Windows Live One
Care Firewall conflicted with
one another. We discovered
another problem when we
found Windows
Defender wouldn’t
work well together
with Windows Live
One Care.
Cry for Help
We made the 911 call
to Microsoft, and the
company’s tech support
call center in India was
great. Amey (our tech support person) was reassuring,
saying “not to worry.” Using
Windows Easy Assist, he proceeded to
uninstall Windows Defender from
Windows Vista.
There was one problem with this: He
didn’t realize that Windows Defender
What’s Your Worst
IT Nightmare?
Send us your 300-600 word story
—if we print it you’ll win $100 and
a Redmond T-shirt! E-mail your
story to Editor Ed Scannell at
[email protected] and use
“Never Again” as the subject line.
is an integral part of Windows Vista,
unlike in Windows XP where it’s a separate program. Since he carried out the
uninstall at the server level, everything
crashed and no one knew why. In
the process we also discovered that our Dell computers wouldn’t allow
the Windows Vista
Ultimate Installation disks to boot
up from the disks,
so we were up a
certain creek—the
one that can’t be
mentioned in a
family publication—
without a paddle.
Luckily, our data was
backed up, but we had to
reformat our hard drives and
do fresh installs of everything. And I
mean of every program we ever had.
Unexpected Upgrades
Well, this eventually turned out to be a
good thing because in the process we
eliminated all instances where drivers
were not available yet for Windows
Vista. The only bad news in all this was
being told by Dell that the drivers for
all of our Dell 922 printers wouldn’t be
available until April. Consequently, we
had to purchase 86 HP inkjets (which
delighted HP).
The somewhat unexpected—though
happy—ending is that the Windows
Vista Reliability Monitor says we are
now at an 8.4 rating, which is much better than we ever could’ve expected had it
not been for our four days of madness.
Since all’s well that ends well, we still
love Microsoft.
When Less Protocol
Is a Good Thing
Several years ago the network team was
doing some work over the weekend and
I happened to be there at the time.
When they finished, I noticed that my
log-on was unexpectedly slow. This
should not have been the case given
there were so few people there. I notified my manager, but nothing was done.
Glacial Pace
The next day, when everyone was at
work, the log-on time was beyond
abysmal. You could log-on after half an
hour—if you could log-on at all—but
forget about doing anything else.
There were about 2,500 people whose
productivity came to a standstill. Three
days later the problem was resolved and
everything was back up and running.
That was the good news. The bad news
was to fix it we had to pay $250,000 for
new switches—actually a small price to
pay since we were getting dinged
$800,000 for every day that we had a
total outage.
The problem? Many of the machines
had dual protocols, both Pathworks as
well as TCP/IP. Consequently, the
switches had to register each Network
Interface Card twice, and so ran out of
memory. Ouch. —
Steven Fishman is the CIO of Ultrasonic
Precisions Inc. in Corona, Calif.
Alex Albright is a server administrator in
Barker, Texas.
ILLUSTRATION BY MARK COLLINS
Project4
3/12/07
2:11 PM
Page 1
A D V E RT I S E M E N T
Maximum System Performance
Getting to the Bottom of Common Reliability Problems
As an IT Professional, you know the
importance of maintaining system
performance and reliability. If the
desktops or servers crash, slow
down or freeze, who gets called?
That’s right… you or your IT staff.
This “break-fix” cycle leaves you little
time to be proactive. And yet, many
of these issues stem from a single,
hidden source.
Top 5 reasons customers use Diskeeper
Performance and Reliability
83%
Automatic operation
83%
Much superior to built-in defragmenter
44%
Longer systems life with less maintenance
Reliability issues commonly
traced to disk fragmentation.
The most common problems
caused by file fragmentation are:
• Crashes and system
hangs/freezes
• Slow boot times and boot failures
• Slow backup times and
aborted backup
• File corruption and data loss
• Errors in programs
• RAM use and cache issues
• Hard drive failures
Having files stored contiguously on
the hard drive is a key factor in
keeping a system stable and
performing at peak efficiency. The
moment a file is broken into pieces
and scattered across a drive, it opens
the door to a host of reliability issues.
Even a small amount of fragmentation
in your most used files can lead to
crashes, conflicts and errors.
44%
Fast backups and antivirus and/or spyware scans
35%
From Diskeeper Customer Survey—Read the full
survey at: www.diskeeper.com/survey
Is real-time, automatic
defragmentation needed in
today’s environment?
More than ever! Large disks,
multimedia files, applications,
operating systems, system up-dates,
virus signatures—all dramatically
increase the rate of fragmentation.
Fragmentation increases the time to
access files for all common system
activities including opening and
closing Microsoft® Word documents,
searching for emails, opening web
pages and performing virus scans.To
keep performance at peak, fragmentation must be eliminated instantly.
Advanced, automated
defragmentation
(GET THE PROOF HERE:
www.diskeeper.com/paper2)
The weak link in
today’s computers
The disk drive is by far the slowest
of the three main components of your
computer: CPU, memory and disk.
The fastest CPU in the world won’t
improve your system’s performance if
the drive is fragmented, because data
from the disk simply can’t be
accessed quickly enough.
Maintaining systems can be a
daunting task—maintenance, including regular defragmentation, must
take place regularly to keep them
running at peak levels. However,
with constant uptime required,
scheduling such processes to run
at the right times can be tricky,
since while running they pose a considerable drain on system resources.
Diskeeper 2007 marks the end
of scheduling, and the
beginning of REAL TIME,
on-the-fly maintenance of
systems. Never again
worry about dips in
performance or straining
valuable system resources
—even when demand is
at its absolute highest!
Customers agree Diskeeper maintains the performance and reliability of
their desktops and servers,
reducing maintenance and
increasing hardware life.
“We run [Diskeeper] on our
client PCs as well as our
servers… with Diskeeper
running daily, we can keep
file performance at
peak efficiency.”
Tom Hill, CDR Global, Inc.
Every system you manage needs
Diskeeper for enhanced file system
performance—automatically!
®
Enhancing File System Performance
—Automatically! ™
Special Offer
Try Diskeeper 2007 FREE
for 45 days!
Download: www.diskeeper.com/red7
(Note: Special 45-day trialware is
only available at the above link)
Volume licensing and Government / Education
discounts are available from your favorite
reseller or call 800-829-6468 code 4410
© 2007 Diskeeper Corporation. All Rights Reserved. Diskeeper, Enhancing File System Performance—Automatically, and the Diskeeper Corporation logo are registered trademarks or
trademarks of Diskeeper Corporation in the United States and/or other countries. Microsoft is a registered trademark of Microsoft Corporation in the United States and other countries.
Diskeeper Corporation • 7590 N. Glenoaks Blvd., Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com
Project2
2/9/07
8.
10:29 AM
Page 1
4.
Recognized as the world’s most powerful defrag-
menter, PerfectDisk has always been the secret to
No hidden surcharges. Unlike other defragmenters,
PerfectDisk doesn’t charge you extra for super-sized
faster, more reliable computers. Now, with a
drives, or administrative console features.
powerful new suite of enterprise tools,
Microsoft-certified PerfectDisk simply
PerfectDisk 8.0 takes disk defragmen-
makes it easy to defrag every
tation to the farthest reaches of the
drive on the enterprise. Period.
enterprise, while placing total
control right at your fingertips.
7.
3.
The
Top
8
Are you sitting down?
To ensure your
drives are always in shape,
new AutoPilot Scheduling™
Reasons
lets you set your computers to
Good, because the PerfectDisk
Command Center™ lets you deploy,
defrag automatically. What’s
configure and manage the defrag-
more, unlike the competition, new
intelligent Screen Saver Mode auto-
mentation of every system on the
enterprise ... all from the comfort of your
matically defragments idle computers if
own desktop.
a user-defined number of days has
passed since the last defrag.
6.
2.
Your
Enterprise
Can’t Wait
For
PerfectDisk
PerfectDisk's new
patent-pending Resource
Saver™ technology finds all
the fragments of a file without
and CPU throttling features
automatically detect when
a system is “busy” and
8
first opening the file, efficiently
defragmenting even the largest
reduces its disk I/O or CPU
usage accordingly, making the
of drives with minimal system
defragmentation of even the
impact.
5.
PerfectDisk's new I/O
busiest drives practical.
1.
PerfectDisk's Space Restoration
Technology,™ with its Consolidate Free Space
defragments, optimizes and consolidates even
Defrag, lets you create the largest piece of contiguous free
space available prior to creating large files or performing
And best of all, PerfectDisk 8
the largest drives in a single pass. Done. And with our
Competitive Trade-up Program, the time is great to migrate to
partition resizing operations.
8. So why wait? Download a FREE trial at
www.perfectdisk8.com.
1-800-546-9728
www.perfectdisk8.com
®
June 8, 2004
PerfectDisk 6.0
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. PerfectDisk is a registered trademark of Raxco Software. PC Magazine Editors’ Choice Award
Logo is a registered trademark of Ziff Davis Publishing Holdings Inc. Used under license. All other product names mentioned herein are the trademarks of their respective owners.
¤
May 24, 2005
PerfectDisk 7.0
0607red_WinInsider71-72.v9
5/11/07
1:28 PM
Page 71
WindowsInsider
by Greg Shields
Isolation Automation
Exploration: Part II
I
n last month’s column we introduced the idea of isolation groups with Windows Vista. These groups add an
extra layer of authentication—way down at the network
layer—that forces a Kerberos computer authentication before
checking any user credentials. Adding
in this extra authentication restricts
highly sensitive data communication to
occur only among specific computers.
Using Vista’s improved Windows
Firewall with Advanced Security, it’s
much easier than before to leverage
IPSec and Kerberos authentication to
create an isolation group. Let’s take a
look at the steps necessary to implement a simplistic one on your network.
The first step in creating an isolation
group is to identify the workstations
and servers that will be in the group.
That group can range from a few workstations and a single server on up to
every machine in your domain. In those
cases where only a single server is isolated,
it can be used to ensure only certain
workstations can access data on that
server. When an entire domain is isolated,
all traffic initiated from outside the
domain can be blocked. This helps protect the domain from external attack.
In our example, we’ll set up an isolation group between a payroll server,
\\payrollsrv, and two payroll workstations, \\payrollwks1 and \\payrollwks2.
Once isolation is established, only the
two payroll workstations will be able to
initiate a connection to the server. All
other network traffic initiated from other
computers, within or outside the domain,
will be blocked by the isolation policy.
Note that the way we’ll configure this
policy will not affect the payroll server’s
ability to initiate a connection to another
computer. That would prevent it from
being a part of the domain or resolving
other computers. Our policy will only
affect other computers’ ability to initiate
a connection to the payroll server.
To set up the isolation group, open
the Group Policy Management Con-
Next, we’ll need to edit the GPO and
configure the Connection Security
Rules for our isolation group. As before,
this needs to be done on a Windows
Vista computer. Why? Because the
options to configure the Windows Firewall with Advanced Security are only
available when the GPO is edited from
within Windows Vista.
Choose to “Edit” the GPO and navigate to Computer Configuration |
Security Settings | Windows Settings |
\\payrollwks 1
\\payrollsrv
\\marketingwks 1
\\payrollwks 2
Isolation Group
\\nondomainwks 1
Windows Domain
Figure 1. Workstations in the isolation group are allowed to contact the payroll
server. Workstations outside the group and outside the domain are not.
sole (GPMC) on a Windows Vista
machine and create a new GPO that is
attached to the domain. Isolation
groups are supported on Windows
Vista and Longhorn machines only, so
we need to create a GPO with a WMI
filter that limits its application to just
those versions. The query we’ll use for
this WMI filter will be SELECT *
FROM Win32_OperatingSystem
WHERE version >= '6'. You must
ensure that the GPO is linked to this
WMI filter.
Windows Firewall with Advanced
Security. You’ll immediately notice that
the interface looks very similar to the
one used in Vista to configure local
firewall rules. This makes the process
very easy, because if you’ve tested using
local configurations then it’s nearly the
same process to upgrade that local configuration to a Group Policy.
Then, you create a Connection Security Rule:
1. Right-click “Computer Connection
Security” and select “New Rule.”
0607red_WinInsider71-72.v9
5/11/07
1:28 PM
Page 72
WindowsInsider
2. Select the type of Connection
Security Rule. We discussed the types
of Rules in last month’s column. For
our example, so we can see all the possible options, we’ll choose to create a
“Custom Rule.”
3. In the next screen, we need to
know the IP addresses of the computers
at both endpoints. Enter the address
for the server into Endpoint 1 and the
IP address for the workstations into
Endpoint 2.
4. Next, you’re asked how you want the
authentication to occur. In this example,
you want all inbound traffic to the pay-
Controller services. So, in this step you’ll
choose to “Require authentication for
inbound connections and request authentication for outbound connections.”
5. The next screen allows you to select
User, Computer or Computer Certificate Authentication. You want to restrict
access to specified computers, so we’ll
choose “Computer Authentication.”
6. You’re then asked to limit the rule
to Domain, Private or Public network
connection types. Because this authentication occurs within a Domain, you
need to choose only the “Domain”
connection type.
The options to configure the Windows Firewall with Advanced Security are
only available when the GPO is edited within Windows Vista.
roll server to authenticate but you don’t
want to require outbound traffic to do
so. Doing this could prevent the payroll
server from interacting with other network resources like DNS or Domain
7. Lastly, we give the Rule a name
and finish the wizard.
The GPO is now configured, but because that GPO is currently attached to
the Domain, it now applies to all objects.
GetMoreOnline
Learn more about configuring
Windows Server 2003 for isolation
at Redmondmag.com.
FindIT code: Insider0607
You must limit its application to just the
payroll server and the two workstations.
To do so, create a “Universal Group” in
Active Directory Users and Computers
and add the three computer accounts to
that group. Then, in the GPMC, remove
“Authenticated Users” from the securityfiltering box for the GPO and replace it
with our Universal Group.
Once Group Policy application is
complete, the isolation group will be
established between the Vista workstations and the server.
Remember, this process works only if
the workstations are Windows Vista and
the server is Windows Longhorn. Previous versions will not support Connection Security Rules, and so must be
configured using a local IPsec policy.
Previous versions also require the IPsec
Simple Policy Hotfix (downloadable at
http://support.microsoft.com/kb/
914841). After installing the hotfix, create a registry entry at HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControl
Set\Services\PolicyAgent\Oakley\IKE
Flags. Then, set the REG_DWORD
value for IKEFlags to 0x14.
Once the hotfix is installed, you’ll use
the local IP Security Policy Management MMC console to create the policy
on the Windows Server 2003 system.
This can be a complicated process. In
the online version of this article, we’ll
provide a simple netsh configuration file
that can get you started. —
Greg Shields ([email protected]),
MCSE: Security, CCEA, is a principal consultant for 3t Systems (www.3tsystems.com)
in Denver, Colo. A contributing editor to
Redmond magazine and a popular speaker
at TechMentor events, Greg is also the
resident editor for Realtime Publishers’
Windows Server Community (www.realtime-windowsserver.com) providing daily
commentary and expert advice for readers.
Project1
4/10/07
10:01 AM
Page 1
Project5
4/30/07
2:29 PM
Page 1
0607red_SecAdvisor75-76.v5
5/11/07
11:25 AM
Page 75
SecurityAdvisor
by Joern Wettern
Protect Your Customer Data
O
ne of the most challenging tasks facing businesses
today is protecting customer data. Identity theft
cases and high profile data privacy breaches fill
the headlines, which only underscores how essential it is to
keep your customers’ data private and secure.
A few years ago, Oracle Corp. CEO
Larry Ellison proclaimed that “privacy
… is largely an illusion.” These days,
that sentiment doesn’t go over well
with consumers, who are increasingly
sensitive about the security of their personal data. Before long, companies that
don’t take steps to safeguard their customers’ data won’t have any customers
to worry about.
If your business revolves around collecting and maintaining customer data,
such as names, e-mail addresses, credit
card numbers or any other potentially
sensitive data, then safeguarding the privacy of that data is essential to your company’s continued existence. Accidental
disclosure of data that hasn’t been properly safeguarded is a disaster on many
different levels—financial, customer trust
and quite possibly legal ramifications.
Most organizations are required by
law to inform customers when their
personal information is compromised.
Consider the cost of not being careful
with names, addresses, credit card numbers and other customer data. Research
firm Gartner Inc. estimates that an
average data breach costs $140 per
affected customer. This includes direct
costs like legal fees and the cost of notifying customers, as well as indirect costs
like losing customers and employee
productivity. While the impact on your
bottom line may not equal that experienced by The TJX Companies Inc.,
which recently admitted that data for
more than 45 million customers was
stolen from their servers, any theft of
customer data is bound to be more
expensive than you dare to imagine.
Policies Matter
A good starting point for protecting
customer data is to establish and
enforce a privacy policy. Most people
do actually read these policies, which
are routinely posted on Web sites. Customers are also becoming increasingly
sophisticated about analyzing policies
and determining how they will affect
the security of their personal data.
what each of these principles mean.
ING Direct’s policy identifies what data
it maintains, the limited conditions
under which it will share customer data
with third parties and what happens to
your data when you’re no longer a customer. The policy is easy to understand
and demonstrates that the company is
concerned with privacy.
Unfortunately, you can also find
many examples of meaningless privacy
policies. You don’t have to search for
long to find companies that essentially
state that they may use all information
they collect as they see fit, including
sharing this information with third parties for advertising purposes.
There’s a trend to have privacy promises made meaningless by stating that a
company reserves the right to change
its policy at any time without notifying
customers of such changes. Lawyers
may advise you to include such a statement in your policy, but you should
A good privacy policy clearly states what types of information you collect,
how long you need to keep this data, under what circumstances you may
share the data with others and how you safeguard this information.
A good privacy policy clearly states
what types of information you collect,
how long you need to keep this data,
under what circumstances you may
share the data with others and how you
safeguard this information. A good policy also describes how your company
protects customers, rather than merely
justifying overzealous data collection.
A good example of a customer-friendly
privacy policy is the one used by ING
Direct (http://home.ingdirect.com/
faqs/faqs.asp?s=PrivacyPolicy). The
bank clearly lists four principles of data
collection and use and then explains
look for more customer-friendly alternatives. For instance, Amazon.com Inc.’s
privacy policy contains a similar provision, but it’s supported by a pledge to
always protect any data according to the
privacy policy in effect when the customer initially supplied the information.
What Do You Need
to Know?
As you’re evaluating your data collection
policies, carefully consider what you
really need to know to run your business.
This starts with basic demographic information. If you’re a software vendor who
0607red_SecAdvisor75-76.v5
5/11/07
11:25 AM
Page 76
SecurityAdvisor
offers trial software for download, you
may require visitors to your Web site to
fill out a form before they can initiate the
download. Many such forms ask new
customers for their name, address, phone
number, e-mail address, job role, nature
of their business and more.
Some of this information is collected in
order to contact the prospective customer. Other times, the reason for collecting it is simply that someone thought
it would be nice to know as much about
prospective customers as possible. Is it
really useful, though, to know someone’s
press that someone stole thousands of
credit card numbers from your servers.
Where Should You Keep It?
Most businesses provide their customers with Web forms to enter information about themselves, whether this
is an e-mail address or a Social Security
number. Just because you need to collect this information with a server that’s
on the Internet doesn’t mean that same
server that holds the data should also
be accessible from the Internet. Fortunately, most businesses place their data-
Collecting unnecessary information doesn’t just annoy customers,
it also leads to clutter that can make it much more difficult to
safeguard the data.
address if you don’t plan to send them
any mail? Does gathering statistics about
your Web site visitors outweigh the risk
of annoying potential customers who
may feel they’re being asked to provide
too much information?
As you’re evaluating what to collect,
take a long, hard look at whether you
really need the information. Collecting
unnecessary information doesn’t just
annoy customers, it also leads to clutter
that can make it much more difficult to
safeguard the data.
How Long Do You Need It?
When dealing with your own personal
data, there’s probably no harm in keeping it around forever. Doing the same
for business data can be problematic.
Sure, there are good reasons to have a
data retention policy. Long-term
archiving of certain data can even be a
legal requirement in some industries.
However, this shouldn’t be the default.
If you delete data you won’t need in the
future, you won’t have to worry about
the consequences if it’s compromised.
For example, most businesses have no
need to store a credit card number after
processing a credit card transaction.
Deleting this information from your
servers quickly and consistently will
spare you the agony of reading in the
base servers on a separate network, so
that hackers can’t get at them directly.
In many cases, however, the same Web
servers used for data entry are used to
retrieve information from the database
server. This renders isolation to a different network useless. Such bad network
design is often the result of taking shortcuts, not paying attention to how data is
used or analyzing the value of the data.
Even if you think your databases aren’t
accessible, they may become so inadvertently. One of the most common
vulnerabilities on Web servers is SQL
injection. This type of attack puts a SQL
query into a form field instead of the
expected data, like an e-mail address.
If your Web application doesn’t carefully check that any entered data is not
really a SQL command before it’s
passed on to your database server, you
may let a hacker get to any information
he wants in your database. The only
defense against such attacks is careful
Web application design to ensure that
all data entered by users is indeed valid.
Can They Take It with Them?
Whenever you’re storing customer
data, you should be concerned about
which employees have access to this data.
After all, statistics consistently show that
the majority of data theft is performed by
insiders. Even if all your employees are
trustworthy, it’s not uncommon for
someone to lose a laptop or removable
storage containing confidential data.
Trying to protect against data disclosure by employees exposes an unfortunate dilemma. Employees, such as those
in a customer service department, need
to have access to the data you maintain
to perform their jobs. You also have to
ensure that they can’t steal this data.
There’s no absolute protection against
data disclosure or data theft by someone
who has access to the data, but there are
easy methods to mitigate the risk.
If you make sure employees can only
view a single customer record at a time,
you can at least prevent someone from
taking a large number of customer
records with them. You can also restrict
the use of mobile storage to prevent
someone from easily carrying data out
the door. You can also purchase software to enforce encryption of all confidential data that is legitimately taken
off your premises.
The Simple Things
Preserving your customers’ privacy and
safeguarding customer data is a complex task. It includes business analysis,
Web design, database administration,
network access control and much more.
This may seem like a daunting task, but
you can address many problems by
implementing a few of the simple principles described here.
Keep your customers’ privacy concerns in mind, store only the data you
need, and provide access to customer
data only to the extent required to run
your business. This creates a foundation
for designing secure Web applications
and networks. The result will be more
secure and easier to manage. —
Joern Wettern ([email protected]),
Ph.D., MCSE, MCT, Security+, is the
owner of Wettern Network Solutions, a consulting and training firm. He has written
books and developed training courses on a
number of networking and security topics, in
addition to regularly teaching seminars and
speaking at conferences worldwide.
Project1
5/11/07
11:41 AM
Page 1
Simplify Active Directory Management,
Inventory Control, & Auditing.
®
®
®
®
®
®
®
Provides Custom & Canned Reports
Includes Ability to Schedule Reports
Eases Software Inventory & Auditing
Removes Unwanted Client Software
Offers Hot Fix & Service Pack Viewer
Advanced Export Features
Assists in Compliancy
ING D?
L
E
E
F
LME
E
H
W
OVER
t
See us a
TechEd
9
Booth 42
FREE 30 Day Trial!
Visit CNS-Software.com
TM
Tools by Administrators for Administrators
1-866-344-6267
www.CNS-Software.com
©2006 CNS Software, LLC. All rights reserved. The names of actual products mentioned herein may be the trademarks of their respective owners.
Project2
5/14/07
10:13 AM
Page 1
ZZZUDGPLQFRPUDGPLQ

5$'0,1 VXSHUVRQLFUHPRWHFRQWURO
5$'0,1LVWKHPRVWVHFXUHDQGUHOLDEOHUHPRWH
FRQWUROVRIWZDUHGHVLJQHGWRPRQLWRUVXSSRUW
RUZRUNRQUHPRWHFRPSXWHUVLQYLUWXDOO\UHDOWLPH
5$'0,1KDVSURYHQWREHLQFUHGLEO\IDVWDQGHDV\
WRXVHDSSOLFDWLRQ5$'0,1LVDFRPSOHWHUHPRWH
FRQWUROVROXWLRQWKDWKDVDOOPLVVLRQFULWLFDOIHDWXUHV
:LWKWKHLQYHQWLRQRI'LUHFW6FUHHQ7UDQVIHU
7HFKQRORJ\5$'0,1UHPRWHFRQWUROVRIWZDUHGH¿QHV
QHZVWDQGDUGVLQWKHLQGXVWU\
6XSHUVRQLFYHKLFOHVSHFL¿FDWLRQV
*HQHUDOFKDUDFWHULVWLFV
3HUIRUPDQFH
0LOLWDU\JUDGHVHFXULW\
6XSHUVRQLFIUDPHSHUVHFRQGVSHHGRQ/$1
IUDPHVSHUVHFRQGRUPRUHRQPRGHP
3RZHUSODQW'LUHFW6FUHHQ7UDQVIHU70
:HLJKW0E
)HUU\UDQJHXQOLPLWHG
:LQJVSDQYDULDEOHJHRPHWU\GHVNWRSVL]HG
)XOO\26LQWHJUDWHG17VHFXULW\V\VWHPZLWK
17/0YVXSSRUW
,3¿OWHUWDEOHWKDWUHVWULFWVUHPRWHDFFHVVWRVSH
FL¿F,3DGGUHVVHVDQGQHWZRUNV
6HUYHUSDVVZRUGSURWHFWLRQ
$GYDQFHGELW$(6HQFU\SWLRQIRUDOOVHQGLQJ
DQGUHFHLYLQJGDWD
$XWKHQWLFDWLRQEDVHGRQ'LI¿H+HOOPDQH[FKDQJH
ZLWKELWNH\VL]H
.HUEHURVVXSSRUW
&RGHWHVWLQJGHIHQVHPHFKDQLVPWKDWSUHYHQWV
WKHSURJUDP¶VFRGHIURPEHLQJDOWHUHG
6PDUWSURWHFWLRQIURPSDVVZRUGJXHVVLQJ
,QFRUUHFW6HUYHUFRQ¿JXUDWLRQVSUHYHQWLRQ
*HQHUDWLRQRIXQLTXHSULYDWHNH\VIRUHDFKFRQ
QHFWLRQ
7ULYLD
1RFRPSHWLWLRQLQGXVWU\EUHDNWKURXJK
9LVWD266XSSRUW
6XSHUVRQLF)36UDWLR
/RZHVWSURFHVVRUXVH
0LQLPXPWUDI¿FFRQVXPSWLRQ
8OWLPDWHVHFXULW\VWDQGDUGV
3ULFHUDQJH
$UPDPHQW
6HFXUHYRLFHDQGWH[WFKDWIHDWXUHV
)LOHFDUJRWUDQVIHU
7HOQHWDQGRWKHUXVHIXOWRROV
7\SH0XOWLUROH6XSHUVRQLF5HPRWH&RQWURO
0DQXIDFWXUHU)DPDWHFK
'HVLJQHGE\'PLWU\=QRVNR
0DLGHQÀLJKW0DUFK
9LQWURGXFHG-XQH
6WDWXVDFWLYHVHUYLFH
1XPEHUEXLOWPLOOLRQV
3ULPDU\XVHUXSWRGDWHEXVLQHVVDOORYHUWKH
ZRUOG
8QLWFRVW86VTXDGURQGLVFRXQWVDYDLODEOH
2SHUDWLRQDOKLVWRU\
FRPSDQLHVRI)RUWXQHOLVWZLWKZLGH
JHRJUDSKLFVSUHDG
1RUWK$PHULFD
6RXWK$PHULFD
(XURSH
$XVWUDOLDDQG2FHDQLD
$VLD
$IULFD
7\SLFDOFRPEDWXVH
&RUSRUDWH
6PDOODQGPHGLXPEXVLQHVV
+HOSGHVNSURYLGHUV
7HOHFRPPXWLQJ
(GXFDWLRQDO
+RPH
)DPDWHFK,QWHUQDWLRQDO&RUSRUDWLRQ
5DGPLQDQG5HPRWH$GPLQLVWUDWRUDUHUHJLVWHUHGWUDGHPDUNVRI)DPDWHFK,QWHUQDWLRQDO&RUS
0607red_Index_79.v2
5/11/07
5:38 PM
Page 79
AdvertisingSales
RedmondResources
AD INDEX
Matt Morollo
VP, Publishing
508-532-1418 tel
508-875-6622 fax
[email protected]
West/MidWest
East
Dan LaBianca
JD Holzgrefe
Director of Advertising,
West/Central
818-674-3417 tel
818-734-1528 fax
[email protected]
Director of Advertising, East
804-752-7800 tel
253-595-1976 fax
[email protected]
Bruce Halldorson
Western Regional Sales Manager
CA, OR, WA
209-333-2299 tel
209-729-5855 fax
[email protected]
Patrick Cragin
MidWest Regional Sales Manager
303-255-1733 tel
440-851-6859 fax
[email protected]
Cecila “CiCi” Ross
Northeast Regional Sales Manager
917-463-4040 tel
917-591-8524 fax
[email protected]
Advertiser
Page
URL
Acronis, Inc.
26
www.acronis.com
AppDev Training
58
www.appdev.com
www.avepoint.com
62
www.avepoint.com
Beyondtrust
20
www.beyondtrust.com
Brocade Communications Systems C2
www.brocade.com
Business Objects
23,40
www.businessobjects.com
Centeris
33,41
www.centeris.com
Centrify
41
www.centrify.com
Certeon
40
www.certeon.com
Citrix Education
51
www.citrix.com
CNS Software
77
www.cns-software.com
Diskeeper Corporation
29,69
www.diskeeper.com
Dorian Software
59
www.doriansoft.com
EmFast Inc.
38
www.emfast.com
ESET LLC
3
www.eset.com
GFI
8,43
www.gfi.com
IBM Corporation
55,57,C3
www.ibm.com
Idera
41
www.idera.com
Inmage
39
www.inmage.com
Intel Corporation
5
www.intel.com
ipMonitor Corporation
44
www.ipMonitor.com
IpSwitch What’s Up Gold
42
www.ipswitch.com
iTripoli Inc.
19
www.itripoli.com
IT CERTIFICATION &
TRAINING: USA, EUROPE
Lieberman Software
39
www.liebsoft.com
Lucid8
13,38
www.lucid8.com
Al Tiano
Microsoft Corporation
14
www.microsoft.com
Advertising Sales Manager
818-734-1520 ext. 190 tel
818-734-1529 fax
[email protected]
MKS Inc
40
www.mkssoftware.com
Namescape
42
www.namescape.com
Netikus
11
www.netikus.com
SALES STAFF
NetSupport Software
67
www.netsupport-inc.com
Danna Vedder
NetOp Tech
72
www.netoptech.com
www.northern.net
Microsoft Account Manager
253-514-8015 tel
775-514-0350 fax
[email protected]
Tanya Egenolf
Advertising Sales Associate
760-722-5494 tel
760-722-5495 fax
[email protected]
CORPORATE ADDRESS
1105 Media, Inc.
9121 Oakdale Ave. Ste 101
Chatsworth, CA 91311
www.1105media.com
MEDIA KITS: Direct your Media Kit
requests to Matt Morollo, VP, Publishing,
508-532-1418 (phone), 508-875-6622
(fax), [email protected]
REPRINTS: For all editorial and advertising
reprints of 100 copies or more, and digital
(web-based) reprints, contact PARS
International, Phone (212) 221-9595,
e-mail: [email protected], web:
www.magreprints.com/QuickQuote.asp
LIST RENTAL: To rent this publication’s email or postal mailing list, please contact
our list manager Merit Direct:
Jeff Moriarty
333 Westchester Ave., South Building
White Plains, NY 10604
[email protected]
(518) 608-5066
Redmond (ISSN 1553-7560) is published
monthly by 1105 Media, Inc., 9121 Oakdale
Avenue, Ste. 101, Chatsworth, CA 91311.
Periodicals postage paid at Chatsworth,
CA 91311-9998, and at additional mailing
offices. Complimentary subscriptions are
sent to qualifying subscribers. Annual
subscription rates for non-qualified subscribers are: U.S. $39.95 (U.S. funds);
PRODUCTION
NORTHERN Parklife, Inc.
64
Mary Ann Paniccia
Port80 Software
40
www.port80software.com
VP, Print & Online Production
Raxco Software
70
www.raxco.com
Julie Lombardi
Redmondmag.com
78
www.redmondmag.com
Sanbolic, Inc.
65
www.sanbolic.com
SAPIEN Technologies, Inc.
17
www.sapien.com
Kelly Ann Mundy
Securent
43
www.securent.com
Production Coordinator
818-734-1520 ext. 164 tel
818-734-1528 fax
[email protected]
Special Operations Software
37
www.specopssoft.com
St. Bernard Software
35,C4
www.stbernard.com
SteelEye Technology, Inc.
25
www.steeleye.com
Production Manager
Canada/Mexico $54.95; outside North
America $64.95. Subscription inquiries,
back issue requests, and address
changes: Mail to: Redmond, P.O. Box
2063, Skokie, IL 60076-9699, email
[email protected] or call (866) 2933194 for U.S. & Canada; (847) 763-9560
for International, fax (847) 763-9564.
POSTMASTER: Send address changes to
Redmond, P.O. Box 2063, Skokie, IL
60076-9699. Canada Publications Mail
Agreement No: 40039410. Return Undeliverable Canadian Addresses to Circulation Dept. or DHL Global Mail, 7496 Bath
Rd Unit 2, Mississauga, ON, L4T 1L2.
SWsoft
41
www.swsoft.com
TNT Software
42,74
www.tntsoftware.com
The Training Camp
73
www.trainingcamp.com
Transcender
60
www.kaplan.com
TS Factory
17
www.tsfactory.com
UltraBac Software
38,43,47
www.ultrabac.om
VMWare
6,42
www.vmware.com
Western Governors University
10,77
www.wgu.edu
Wiley Publishing
49
www.wiley.com
XenSource, Inc.
39,49,66
www.xensource.com
EDITORIAL INDEX
Company
Page
URL
Adobe Systems Inc.
9, 22, 32
www.adobe.com
© Copyright 2007 by 1105 Media, Inc. All
rights reserved. Printed in the U.S.A.
Reproductions in whole or part prohibited
except by written permission. Mail
requests to “Permissions Editor,” c/o REDMOND, 16261 Laguna Canyon Road, Ste.
130, Irvine, CA 92618.
Apple Inc.
46, 80
www.apple.com
Centia Ltd.
12
www.centia.net
The information in this magazine has not
undergone any formal testing by 1105
Media, Inc. and is distributed without any
warranty expressed or implied. Implementation or use of any information contained
herein is the reader’s sole responsibility.
While the information has been reviewed
for accuracy, there is no guarantee that the
same or similar results may be achieved in
all environments. Technical inaccuracies
may result from printing errors and/or new
developments in the industry.
Citrix Systems Inc.
12
www.citrix.com
Colligo Networks Inc.
12
www.colligo.com
DataCore Software Corp.
12
www.datacore.com
Dell Inc.
21
www.dell.com
Discorp
34
www.discorp.be
eProject Inc.
45
www.eproject.com
Google
46
www.google.com
Hewlett-Packard Development Co. 21
www.hp.com
IBM Corp.
21
www.ibm.com
Oracle Corp.
75
www.oracle.com
Symantec Corp.
22
www.symantec.com
VMware Inc.
12
www.vmware.com
This index is provided as a service. The publisher assumes no liability for errors or omissions.
0607red_Foley80.v5
5/11/07
11:27 AM
Page 80
FoleyOnMicrosoft
by Mary Jo Foley
Compliance vs. Compatibility
M
icrosoft screwed up with Internet Explorer (IE).
And I’m not just talking about its decision to wait
five years between IE6 and IE7. I’m referring to
the position Microsoft established years ago—that interoperability and standards adherence aren’t all that important.
Ignorant, arrogant and short-sighted—
Microsoft’s decision to let standards take
a back seat was all of those things. Even
the IE leadership agrees. Now the company is paying for the error of its ways.
It’s a painful process.
The IE team leaders have become serious about standards. They’re so serious
that they’ve brought on Web standards
maven Molly Holzschlag to help dig IE,
and other units within Microsoft’s Web
Platform and Tools division, out of their
self-made standards hole.
Holzschlag is advising Microsoft on
how to make products like IE and
Expression Studio more standardscompliant. If there’s sufficient time and
interest, she’s also telling them to work
on products like Outlook 2007, which,
because of a change to the IE rendering
engine, is breaking many e-mail
newsletters and Web sites.
She’s also working with other vendors, including browser vendors, in an
attempt to get everyone at the table to
“put their knives down” long enough to
make some progress with interoperability, Holzschlag told me recently.
The outspoken and well-spoken
Holzschlag is definitely the right person for the job. She’s got the standards
scars and thick skin to prove it.
But why does Microsoft need an advisor like Holzschlag? Why can’t the
Redmondians simply flip the standards
switch and make IE compliant with all,
most or at least some of the standards
with which Firefox, Opera, Safari and
other browsers already comply?
“The problem is, the Web is already
broken,” Holzschlag says. “We had a
cross-platform, cross-browser [world]
for one year.”
As other Microsoft officials have
noted, with half a billion users already,
Microsoft can’t make changes to IE
willy-nilly without breaking lots of
Web pages. Which is worse: a browser
that’s less than 100 percent standardscompliant, or a browser that is
standards-compliant but wreaks havoc
on the Web sites of developers who
had no choice but to adhere to the IE
guidelines when coding their sites for
IE users?
Microsoft is between a rock and a
hard place of its own making on this
one. It’s damned if it fixes IE to make it
more compliant with Cascading Style
Sheets (CSS) 2.1 layout, cross-browser
object-model and other standards, as
those changes will break a lot of software and many sites that have been
tuned to work with Microsoft’s nonstandards-based code. It’s also damned
if it doesn’t make IE more standards-
GetMoreOnline
Read more commentary about
Internet Explorer and standards at
Redmondmag.com.
FindIT code: Foley0607
based, as a growing number of developers, designers and users are insisting
on standards when making their buying
and/or development decisions.
I’m not even going to touch the
thorny issue of what counts as a standard in the Web world. CSS 2.1 is a
spec that has yet to be ratified,
although it’s the coding target for many
developers. CSS 3.0 seemingly is the
future, but remains “unrecommended.”
So what’s a penitent browser vendor
to do as it seeks to make amends for its
past transgressions? At the MIX07 conference last month, Microsoft officials
floated a trial balloon. What if
Microsoft were to require developers
and authors to “opt in” to standards
mode when designing IE8-and-beyond
sites and products? Holzschlag called
the proposal “interesting,” and said that
like the IE team itself, she still isn’t
sure how or if this kind of opt-in mode
would be implemented.
What would you do if you were part
of the IE team? Although it would be
painful and potentially confusing to
consumers, would it make sense for
Microsoft to simultaneously release
one “standards-compliant” and one
“backward-compatible” version of IE8,
IE9 and beyond to get out of this jam?
Where do you stand on this trade-off
of compliance versus compatibility?
Should Microsoft err on the side of
standards or backward compatibility?
What suggestions would you make for
ways that Microsoft can minimize customers’ and developers’ pain as it finally
does the right thing, in terms of turning
IE into a modern browser? —
Mary Jo Foley ([email protected])
is editor of the new ZDnet “All About
Microsoft” blog and has been covering
Microsoft for about two decades.
Project2
4/18/07
9:40 AM
Page 1
Project1
1/16/07
9:56 AM
Page 1

June 2007

Transcription

Similar documents

REDMOND EYE DOCTORS

MOVE - IN READY IN CHALIMAR [email protected] www

Farrel McWhirter Park

SVR302: Windows Server code name “Longhorn” Technical Overview

INWARD OUTWARD

Mission College

EZStream - ClearOne

matthias kolowrat