Month: August 2010

Prevent the Theft of Company Data

news story has hit the wires with the results of a survey that was done with USA and UK workers.  29% of US and 23% of UK employees would steal data from their employers if leaving the job, presumably to use it in a new job.

I’ve talked about the methods to prevent all of this before:

  1. Calculate the value of your data and the loss that will be caused if it leaks or gets into the hands of partners, customers or competitors.  Use that risk value to budget your plans.
  2. Understand that this isn’t something a secretary or IT admin does.  This is something that the information worker does.  It’s more likely to be done by a senior person than a juinor person because they have more access to sensitive data, understand the data more, and have more to gain.
  3. User proxy controls to preven access to webmail and upload services.  That’s only a slow down.  Wifi services and mobile computing pretty much kill this one.
  4. Prevent access to removable media usign Group Policy and/or third party solutions.  This is another slow down, rather than prevention mechanism.
  5. Implement real processes with data owners to authorise access to data and regularly review the granted access permissions.  Prevent the usage of nested permissions because that’s when things do go wrong here.  If the business doesn’t buy into this process (because they are too busy) then IT/security hasn’t a hope; this is business data, not IT data.
  6. Implement AD Rights Management Services to control who can view your data and what they can do with it, no matter where it goes.
  7. Encrypt your PC/laptop disks.  Yes: PC’s too cos they can get stolen.  Critical servers might be included in this as well.  And look at solutions such as BitLocker To Go for removable media (if allowed) to force encryption on users.
  8. Forget Sandra Bullock clicking PI symbols or Keifer Sutherland running around with a perspex box full of circuitry.  Physical security is key.  If I can get to your server then I can get to your data.  How hard is it to slid some disks out?  Not very.  Do you have sensitive data sitting on a server, in a broom closet (or under the reception desk) in a branch office?
  9. Audit, audit, audit.  Use OpsMgr ACS, etc, to gather the logs.  I have seen a case where a sales person was suspected of leaking customer data to his new employers.  The client (a pharmaceutical multinational) did not have any auditing of any kind on their email or web proxy systems and could proove nothing.
  10. Work with local employment law experts with a specialisation in IT.  One corporate right that applies in Canada or the USA, might not apply in the UK, and might get you sued (and lose) in Germany or Italy.
  11. Communicate that you are auditing everything that happens everywhere.  Let people know that you’ll rip their heads off and squish their livlihood like a bug in a court of law if they are caught.  Repeat this message regularly.
  12. Work as a team.  There’s no point in the insecurity officer being all hush-hush when he suspects something.  He has to work with IT to prevent a leak or investigate it because IT understand the systems – they also might be ordered by the person who is being investigated to help with the leak!  I have seen this happen.
  13. Don’t be afraid of setting an example, especially if it is a senior person.  Coverups don’t stay secret and don’t send out the required message of prevention.

That’s 5 minutes of thinking about this.  Give me a bit more time and I’d have an entire data security strategy to keep a lid on things!

Updated Recommended Reading

I have updated the recommended reading page on my site.  You will obviously find a link to Mastering Hyper-V Deployment there.  Amazon had it listed as a Nov 19th release.  We might actually have it “on the shelves” a week or two early; Sybex/Wiley are working very hard on it.

A few other additions/changes include:

What is Windows Core?

Every now and then you’ll hear a Microsoft person, usually from Redmond, talking about Windows Core.  Are they talking about Server Core?  The answer is no.

We’ll keep this one short and simple.  Windows Core is Microsoft’s set of people that develop the central components of Windows.  This includes the kernel, security, storage, and hyper-v groups.  Mark Russinovich happens to work closely with them.

Server Core is the installation option that gives you a stripped down installation of Windows Server 2008 or Windows Server 2008 R2.  It is Windows without the windows, giving you a command prompt to manage the server (or manage it using remote GUI tools).  The purpose of it is to reduce the footprint and to reduce the attack surface.

Analysis: Windows 8 Wish List of Features and Functions

I’ve just read an IDG article on the Reuters website where there is some wishing on what would appear in Windows 8.

“I really hate seeing that a copy will take 13 minutes, no four hours, no 25 minutes, etc., etc.”

Agreed.  The problem is that the copy time is a result, not just of the amount of data to copy, but of the physical storage media, network, removable media interfaces, contention, and fragmentation.  It’s impossible to accurately predict the time it will require.  But I still want some sort of clue rather than an empty copy status box.

Features such as “map a network drive”, “uninstall or change a program” or “burn to DVD” are buried or keep getting moved around from one Windows version to the next.

I 100% agree with this.  Windows Explorer needs a complete reversal back to Windows XP.  Get rid of that annoying breadcrumb trail and give me back the actual path.  I should not have to click “just so” to see it or quickly type over it.  And fix the Folders pane on the left.  I want it to show where I currently am in the file system.  Stop hiding information from me and making my job more difficult.  Actually, let’s do an FRS on this: scrap Windows Explorer and start again (FRS -> DFS-R).

I attended a focus group event on Windows 7 and I wasn’t alone in this sentiment about Windows Explorer.  Pretty != better.

“An important feature I would like to see is simply a timely release of the next version”

I completely disagree.  That’s the sort of attitude a salesman or marketing person will have.  We techies would rather have the product released when it is right.  Give the devs and testers a chance to finish the job (while keeping the objectives ata  reasonable level).  Let’s compare two products:

  • Windows Server 2003: It took its time coming out.  It was ready when it did.  It pretty much had widespread acceptance.
  • Exchange 2007: We were back in the bad old days of SP1 fixing it.  I’ve heard some comment that Exchange is still in that quagmire: SP1 is fixing Exchange 2010.

The “wait for SP1” syndrome helps no one.

Use Roles in Windows 8

The idea here is that a machine could be better tuned for the device or environment.  I don’t know that MS can do with Windows 8 or not.  But I love the idea.  A very modular version of Windows where roles/features (like in Windows Server 2008/R2) would be enabled/disabled depending on the product edition that was licensed would be great for businesses, end users, and MS.  Think about it: a netbook, tablet, slate, or workstation could all be based on the same image but be tuned according to an answer file.  Unwanted components could be disabled manually.  New components could be added manually.  Mobile devices could start up in seconds if tuned correctly, depending on the hardware.  Kiosks could be locked down, not (just) by policy but by what is installed.  I like this.

“An interesting side effect of adding roles might be faster start-up times,”

Anyone with a mobile device wants faster startup times.  It reduces the battery and it reduces the amount of time it takes to quickly check that email, check those directions on a map, make a note, etc.  Ideally you want the process of waking up a mobile device to be as easy and as quick as opening up a notebook (paper, not computer).

Integrate Windows Phone 7 UI

The idea here is to use the touch interface that you are familiar with on the newest generation of smartphones.  Hmmm, this seems like it would be a nice-to-have.  I can definitely see it being useful for kiosk/appliance types of installations and media centres but little else.

Windows error messages are often cryptic, showing hexadecimal error code such as 0xe0000100.  “You end up having to put code in a search engine to find out what the problem is.  If you can’t explain in an error message what went wrong and clearly indicate what to do about it, then you shouldn’t have an error message.”

Sorry; I cannot agree with this one.  I would rather get a cryptic message than not be told there is a fault.  At least I can search for the reason behind a cryptic message.

Here is what I do want: I want the links in Evenrt Viewer to actually lead to a page that is useful, e.g. the support page where the search eventually leads you to.  I expect this will not happen because it hasn’t happened since the links started appearing many versions ago.

More Powerful Power Management

The commentator spends more time talking about startup times than actual power management.  I have to say, a Windows 7 machine does wake up from hibernation pretty quickly when it’s a clean installation.  My netbook suffers because of the Live Mesh beta (a process called MOE.EXE).  I reckon AV scanning of files doesn’t help either.

For real power management, I think we do have a good solution now.  I wouldn’t be surprised if MS squeezes out a few more minutes here and there out of a laptop battery in Windows 8.  Windows 7 gives me more than Vista did.  BTW, MS’s corporate power management solution is System Center Configuration Manager 2007 R3 (or later) or Group Policy.

Small Business Server(s) v.Next

Small Business Server (SBS) isn’t really my cup of tea but Microsoft has been doing some impressive stuff for the newest version.  Paul Thurrot has all the details

There will be 2 versions.  The first is the traditional all-in-one-server package that supports up to 75 users.  The second is called Aurora at the moment (I’m sure the naming department is call is something like WSCPSSBSMBWA 2011).  The concept of Aurora is that it’s similar to Vail (the new Home Server) and it places the services like Exchange and SharePoint up in Microsoft Online Services.  I agree with Paul’s assessment: this will be ideal for many small businesses because the painful bits of IT will be in the Cloud.  The interface in Aurora is simple to use and allows the owner to simply add users that will be provisioned in the Cloud.  Aurora will support up to 25 users.  I’ve got to think that many are going to want this to compete fairly against the traditional SBS product and support more than 25 users.

The beta is open now.

Interview Questions … To Ask The Interviewer

I’ve worked for a lot of companies over the years, either as an employee or as a contractor. Some of those experiences has been fastastic.  Some of them have been regretably dreadful.  I’ve decided to put together a set of questions to ask during an interview to decide if a company is worth joining or not (I am interviewing the company as much as they are interviewing me).  These are not the usual “what pension plan is there” questions.  We’ll start with staff and training:

  • How many people are in the team and what are their skills and experience levels?  I want to discover what has to be done to bring the team up to speed if I am going to be in charge of it.
  • What is the training program and budget?  There are all sorts of wrong answers for this question.  Any manager who thinks that a person reading a book or doing a 5 day course is a qualified expert will go down in my opinion.  You need to invest in people to develop them.  You need to give them budget and time.
  • What is the lab environment and what is the budget?  This is really important for a consulting company.  None = the skill levels are out of date and there is little desire to improve them.  No budget and procrastination on providing one indicates more issues.

Next we move onto the IT infrastructure:

  • What laptop or PC will I be getting and when will I get it?  Wrong answer: “Bob was just made redundant and you can have his hand-me-down when someone has a chance to look at it”.  Anything like that or that is not precise indicates a lack of caring, probably a mess that they acknowledge but don’t want to change.
  • What is the standard desktop operating system?  If you are a consulting company then the wrong answers are Windows XP and Windows Vista.  You cannot sell what you don’t use.
  • What Microsoft licensing do you have?  If you are in charge and you are signing the checks then you bet your ass that you know what MS licensing program you are on.  See no evil, hear no evil and any “oh Bob the sys admin does all that” means they’re using TechNet or MSDN.  That means there is no care for the infrastructure and that there is a potential €10,000 reqard from the BSA.

The HR stuff:

  • Why is this position open and why would you hire me?  What will I be doing?  This is so I can find out what is the motivation behind the hiring.  I don’t want to fall into a trap where someone has had an idea and middle management haven’t bought into it.
  • Tell me about a relevant project that you have complated that I could have worked on.  Do they have a history in this field?  If not, then I want to know why not, and what they are doing to develop a program.  Fluffy management speak wins zero points in this category.
  • How will you be selling my services?  This is important if you are a consultant.  70-80% utilisation/billable rates must be maintained or you lose your job.  The wrong answers include “we’re having a meeting about that after you join” (meaning they have decided to hire but don’t have plans for the hiree) or  “that’s your responsibility” (meaning they really don’t care and they should hire a sales person instead).

Company politics:

  • Are any of the directors or managers related to each other?  I’ve been there and done that.  That’s a mess you want nothing to do with.

When I interview people, I not only pay attention to the answers but to the way that the questions are answered.  Any odd looks, answers, delaying tactics, etc, and I know that there’s a rotten fish.

Sysprep & Hyper-V

You can automate the deployment of Hyper-V host servers using Sysprep.  W2008 would disable the autostart of the hypervisor in any machine deployed from a sysprepped template.  Ben Armstrong has confirmed that this is different with Windows Server 2008 R2; the hypervisor will automatically start.

You could use soemthing like WDS to deploy a new host.  I’d prefer MDT or ConfigMgr OSD because they use task sequences.  That will allow you to automate a bunch of operations using command line, batch scripts, or PowerShell scripts.

I did actually use WDS to build my original W2008 cluster back in 2008.  I didn’t have ConfigMgr and I wasn’t comfortable yet with MDT.  I prepped the initial build, figured out the kinks, and modified the images.  I repeated for the pilot.  The production deployment was completed in 1 hour (bare metal to functioning Hyper-V cluster) from a meeting room in a hotel room via VPN and HP ILO.

Heck, if you use one of the tasq sequence deployment solutions for normal server deployment then you only need to create a new task sequence to run against an existing Windows image (most probably Datacenter edition) and use the Server Manager powershell modules to enable the Failover Clustering feature and the Hyper-V role, reboot, install DPM/OpsMgr agents, etc.

So, if you deploy Hyper-V hosts freqeuently or you are planning a huge farm deployment, take a look at Sysprep, WDS, MDT and ConfigMgr OSD to automate the process.  A little work up front can save you a lot of time later on and give you a consistent result.

Notes for sysprepping a configured Hyper-V host:

  • External networks in the image will be converted into internal networks.
  • Passthrough disks will need to be reconfigured in the Hyper-V Manager.
  • The Dynamic MAC address pool on the host will be recreated so that it is unique.

Selling Servers Is Changing

Big shocker! Server sales are down thanks to virtualisation!  Whoda thunk it!  Duh!  What is news is that the type and design of servers that manufacterers are trying to sell has changed.

That Network World article tells us that blade servers with integrated storage (I/O) is the way to go.  You can get more blades into a rack than you can with 1U servers.  For example, a 42U rack can take 64 * HP BL460C blades or 42 * DL360 rack servers.

I noted something interesting.  Manufacturers “are still fighting the perception that blade servers–which make up only 15 percent of the total market–are more expensive than other servers and that consolidated infrastructure products would be more expensive still”.  The reality is that blades are more expensive than rack server installations unless you are doing massive installs.  A blade server by itself is quite a cheap unit.  But add on the mezzanine cards, enclosure, switches (one per card/socket), enclosure admin module, remote management, power supplies, ….. well, you get the picture.

For me, my server decision making process starts with CPU/RAM capacity and my ability to monitor them with OpsMgr.  I’ve preached about the latter enough.  Once I have the basic requirements, iron is iron.  I’d prefer blade servers with integrated networking because I hate cabling and I’m a disaster at it.  But to be honest, storage is more important.  That affects performance, scalability, provision automation, backup (via VSS provider), and disaster recovery design.

And that’s what hardware salesmen who anticipated the changes brough by virtualisation have been focusing on.  Server sales have gone down.  The individual units are more powerful but revenue has gone down.  Storage requirements, on the other hand, have gotten more complex and larger.  Virtualisation with good performance requires more disk rather than less.

The Irish Government Versus the Irish Economy

In the Green (Party) corner we have the challenger, weighing in at €.5billion per week in additional debts and wasted spending on their buddies in the trade unions and the property sector …. they are The Government!  In the blue corner, weighing in at an anorexic 14% unemployment crushed by a decade and a half of waste and stealth taxes, we have “The Celtic Tiger”, the Irish economy!

That’s the formalities over with.  I have worked in the hosting industry in Ireland, a part of the so called “smart economy”.  We’re told that cloud computing is a key to that.  I can tell you that we have two great challenges in cloud computing.  One is bandwidth availability and costs.  Data centres can be build close to major lines so that’s OK on the provider side of things.  The biggest problem was the cost of electricity.  Forget staff costs.  Forget hardware costs.  Software costs are transparent.  The biggest cost we had was electricity.  No matter what we did, when I heard a potential customer was looking at a foreign hosting company I just gave up.  There was no point in fighting it.

You see, we have (depending on what stats you read) either the third or second most expensive electricity in Europe.  That affects absolutely everything we do.  Manufacturing, agriculture, tourism, pharmaceuticals, cloud computing, it just doesn’t matter; they all consider electricity to be a huge cost.  We’re haemorrhaging jobs to cheaper economies in the EU and outside of the EU not because of the lack of demand for services, but because it is too expensive for a business to operate in Ireland.  Many of those on the 400,000+ dole queue (out of 4 million people) lost their jobs, not because the companies closed down, but because they moved abroad to find somewhere cheaper.  So called smart economy businesses have been moving shop for years.

Then 2 days ago a bombshell lands.  The government has approved a further 5% tax on electricity.  They made the decision a month ago but kept it secret until the Dáil (parliament) broke for a summer break.  We’re told it’s a decision by the regulator (a quango can create taxes?) and that the minister in charge cannot overrule them.  But the regulator tells us that it is a decision by the minister.  I think we all know who is telling porky pies.

The IDA, ISME, IFA, etc, are all telling us that their members will have no choice but to either raise prices, layoff employees, or relocate abroad.  People barely able to afford their mortgages (which are paid to banks that we effectively own now) will be pushed over the edge and lead to an increase in jingle mail, further increasing the pressure on tax payers to further bail out the banks through the black hole that is NAMA.

Even a fool can tell you that if your operating costs are some of the highest in the market you operate in then you don’t increase them to resolve economic woes.  You cut your costs.  You trim the fat.  You become more efficient.  But no; the Green (Tax) Party agenda is to screw this country every which way they can in cooperation with Fianna Fail politicians who are holding onto their ever increasing pensions and expense accounts with their fingernails.

But don’t worry!  While we all sink under the rising tide of taxes with our so-called smart economy, our dear leaders will be able to expense their increased electricity bills.

Windows User Group Ireland, September 10th 2010

The Windows User Group is back with a day-long event featuring updates on the latest in Microsoft IT infrastructure. Join us on Friday, September 10th in the Microsoft Auditorium in Leopardstown to hear expert speakers talking about Windows Server, virtualization, Exchange, unified messaging, and System Center for the small/medium enterprise. This day will give you valuable information that will educate you on what benefits new technologies from Microsoft will bring to your business.

The agenda is

Start

Finish

Session

Speaker

08:45

09:15

Registration

09:15

10:45

Service Pack 1 for Windows 7 and Windows Server 2008 R2: Dynamic Memory and RemoteFX

Aidan Finn (MVP), System Dynamics

10:45

11:00

Break

11:00

12:30

Service Pack 1 for Exchange 2010

Nathan Winters (MVP), Grey Convergence

12:30

13:15

Lunch

13:15

14:45

Communications Server 14

John McCabe (MVP), CDSoft Limited

14:45

15:00

Break

15:00

16:30

System Center Essentials 2010: Enterprise Management for the SME Customer

Wilbour Craddock, Microsoft

You can register and attend the event for free.

Date: Friday, September 10th, 2010

Location: EPDC-2, South County Business Park, Leopardstown, Dublin 18

Registration: 08:45 to 09:15 with a strict start time of 09:15

The detailed agenda and speakers’ bios are as follows:

Service Pack 1 for Windows 7 and Windows Server 2008 R2: Dynamic Memory and RemoteFX (90 Minutes – 09:15 until 10:45)

Speaker: Aidan Finn (MVP: Virtual Machine), Infrastructure Team Lead with System Dynamics

Webcast: LiveMeeting

Service Pack 1 for Windows 7 and Windows Server 2008 R2 is around the corner. It introduces some new features that will be of huge interest to anyone that is interested in Hyper-V or Remote Desktop Services (including Citrix software). Memory is often the main constraint in virtual machine to host density. Dynamic IT provides a new mechanism for configuring virtual machines with a variable amount of memory. Aidan will discuss what over commitment is and how it is bad. He’ll then introduces you to the mechanics behind Dynamic Memory and show it in action. Aidan will also introduce you to RemoteFX. This is a new solution to provide high quality graphics, such as 1080p video, to Remote Desktop clients. This will be used in Remote Desktop Services and compatible Citrix solutions.

About Aidan Finn:

Aidan is the Infrastructure Team Lead with System Dynamics, a consulting services company located in Dublin that provides IT infrastructure and business intelligence expertise. He has been working in IT since 1996 and has specialised in working with Microsoft infrastructure solutions including Server, desktop, System Center and virtualisation. Aidan is an MCSE and a Microsoft Valuable Professional with an expertise in virtualization. Aidan co-wrote Mastering Windows Server 2008 R2 (Sybex), is the lead author of Mastering Hyper-V Deployment (Sybex), and is contributing to Mastering Windows 7 Deployment (Sybex). You can find his blog at https://aidanfinn.com.

Service Pack 1 for Exchange 2010 (90 Minutes – 11:00 until 12:30)

Speaker: Nathan Winters (MVP: Exchange), Unified Communications Lead with Grey Convergence

Webcast: LiveMeeting

Exchange 2010 SP1 was announced at TechEd US 2010 and contains some exciting enhancements to Exchange 2010. This session will first set the context for these new features and then walk you through what is now possible:

· Reminder of the Exchange 2010 core tenets

· An update on where Microsoft is with Exchange Online

· Introduction to the Feature Enhancements of Exchange 2010 SP1 such as:

· The New Exchange Control Panel Management UI

· Improved High Availability and Disaster Recovery functionality

· Improved Outlook Web App UI and Performance

· Better Mobile Device Experience

· New Information Protection and Control

Ø Personal Archive Enhancements

Ø Retention Policy Management Enhancements

Ø Multi-Mailbox Search Enhancements

· Demo

· Questions & Answers

About Nathan Winters:

Nathan Winters is the unified communications lead at Grey Convergence, a specialist Microsoft partner for unified communications and collaboration. Nathan has been working in IT for eight years and specializes in unified communications with a focus on Microsoft Exchange and Office Communications Server. Nathan has consulted at numerous Fortune 100 companies across a variety of vertical markets.

In 2006, Nathan founded the Microsoft Messaging and Mobility User Group UK, which holds regular meetings in the UK to discuss topics related to Exchange. In 2007, Nathan was named an MVP (Exchange Server) for his work with MMMUG and his regular contributions to the Mark Minasi Forum, and he has received the same honour each year since.

Nathan’s articles have been published on leading websites and magazines, including Windows IT Pro Magazine, MSExchange.org, Simple-Talk.com, Microsoft (TechNet Industry Insiders), and the MMMUG website.

You can contact Nathan at nathan@clarinathan.co.uk or through his blog at http://www.nathanwinters.co.uk

Communications Server 14 (90 Minutes – 13:15 until 14:45)

Speaker: John McCabe (MVP: Unified Communications), Technical Consultant with CDSoft

Webcast: LiveMeeting

Communications Server 2010 (Wave 14) is Microsoft’s Next Generation Unified Communications Platform. It brings many new features including a completely new UI. John will bring you through the main features and some of the new supported scenarios available in this platform and discuss how you can even use it now to replace your PBX! This really will be a serious contender for businesses of all sizes.

About John McCabe:

John currently works as a Technical Consultant for CDSoft Limited providing solutions to the Irish Market Place across multiple industries. John has over 12 years in the IT Industry ranging different disciplines from security, networks and of course Microsoft Infrastructure. John has attained MCITP/MCTS/MCP in various tracks as well as a multiple other professional certifications. John was awarded the Microsoft Most Valuable Professional award in October 2009 for extensive community work and promoting the Microsoft Product Group.

System Center Essentials 2010: Enterprise Management for the SME Customer (90 Minutes – 15:00 until 16:30)

Speaker: Wilbour Craddock, Partner Technical Specialist, Microsoft

Webcast: LiveMeeting

The aim of this session is to provide a technical overview of the key capabilities of SCE 2010, and how it provides an integrated management solution for SMB customers, from hardware right through to the virtual OS’s running on Hyper-V and applications/services in these VM’s. Attendees will gain valuable information around differentiating SCE with the other System Center technologies, which form part of the Server Management Suites, from both a technical, and pricing perspective. We’ll also cover DPM 2010; part of the new SCE Plus SKU, and how it provides a centralized, powerful SMB-friendly application protection and DR solution, protecting both virtualized servers, application workloads, and desktop data.

To help attendees understand the solutions better, we’ll be constructing a customer scenario to provide a complete solution that can be adapted for specific customer and partner engagements. This solution will include both licensing, and pricing information, to give a better idea of the overall solution cost, and ROI. We’ll focus on delivering a demo of this scenario, concentrating particularly on the virtualization management, PRO functionality, hardware integration, and overall management of the environment.

About Wilbour Craddock:

Wilbour is a former Windows Server MVP and Canadian User Group lead now working for Microsoft Ireland in the Partner Team and frequent speaker on the TechNet Ireland tours. Wilbour’s background is not that dissimilar from most IT Professionals, having started on a help desk and progressed through system administration to leadership roles in government organizations serving as a solutions architect overseeing development and deployment teams and helping set long-term IT strategies. He blogs with the TechNet Ireland team on the IEITPro blog.