It was generally known on the Internet that something was up; Forefront Threat Management Gateway (TMG) was considered by many (on forums and blogs) as walking dead. People knew it was just a matter of time that an announcement would come. And so it did yesterday, but I did not expect the actual breadth of the announcement. The following products will no longer be available after December 1st, 2012:
User Access Gateway continues; it’s been used by people who have deployed W2008 R2 Direct Access so that they don’t have to deploy IPv6 on the LAN. It’s only a matter of time, because that functionality has been put in WS2012 Direct Access, meaning that UAG won’t be required for current version DA deployments.
Forefront Identity Manager apparently has a roadmap and will “continue to be actively developed”.
The produce formerly known as Forefront Endpoint Protection (the client and server file system/memory AV scanner) was moved to System Center with the release of SysCtr 2012 because of the reliance on Configuration Manager as the management console (also can use Intune). The definition updates are common across versions so updates will continue.
What about anti-malware protection for Exchange? Here’s what Microsoft had to say:
As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection.
In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013. This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense.
Forefront Online Protection is the cloud based product; think Postini or MessageLabs, but run by Microsoft for Exchange. Anyone planning on running Exchange 2010 or older will not have an on-premises defence for Exchange after December 1st (see FPE in the above table). If you want on-site Exchange protection, you’ll have to look at 3rd party Exchange security solutions, otherwise upgrade to Exchange 2013 for “basic antimalware protection”. I’ve been recommending online and onsite protection – onsite protection defends against “internal” threats such as roaming or remote workers.
It’s not often that you come across a Microsoft licensing article that is written in plain English where non-constitutional lawyers can understand complete sentences of the text. But this one (admittedly a guest post by Amy Konary of IDC) does a very nice job of explaining the differences between Microsoft licenses that you can buy outright and licenses that you can lease.
I didn’t like the idea of the lease model when I first heard about it back in 2002 or thereabouts. I wondered why you’d want to do it. But I’ve seen it in the real world, why it’s important, and how it can offer very valuable benefits to customers.
SPLA is a lease model for hosting companies. Customers have a 1 month commitment to the license, paying for what they use, when they use it. It’s perfect for the very fluid hosting model, and enables upgrades when new SKUs are available. SPLA is very specialised licensing and even has it’s own dedicated product usage rights document.
I see a lot of SMEs and service providers to that market who love the Open Value Subscription (OVS) scheme. There is a low entry cost, enabling the SME to keep cash for business operations. It’s flexible, enabling the business to true-up or true-down to reflect headcounts. It builds in Software Assurance giving the customer all the benefits such as Windows Enterprise for the client, free upgrades, and so forth. And it gives the business peace of mind that they’re probably compliant.
An example: a company has 100 employees this year and licenses Windows 7 and Office 2010 for them under OVS. They are entitled to use Windows 7 Enterprise with BitLocker for disk encryption and DirectAccess for a VPN alternative. In a few weeks when MSVL is updated, they’ll have rights to upgrade to Windows 8 Enterprise, with a simpler/better DirectAccess and Windows-To-Go to enable employees to work from home with company Windows builds booting from a USB 3.0 stick. Give it another couple of months and they can upgrade to Office 2013 with all it’s new information consumption and touch features. In the meantime, the company grows to 150 employees and doesn’t have to buy new licensing until their annual report when they true up. Maybe in a year they hit hard times and shrink to 80 staff. At the next annual report, they true-down to 80 seats instead of being stuck with 150 perpetual licenses on the books where 70 of them are wasted. They also have SA so they’re entitled to support calls, MUI, Office roaming rights, TechNet for trial/lab, training vouchers, etc.
For the MSFT partner or service provider, it also means that there’s a reason to talk to the customer on an annual basis, and the customer already has a lot of licensing that can solve problems with some consulting days/hours.
I try to steer clear of the education side of licensing because it is complex. But there is an OVS in that space which is very cool. Microsoft licensing in education is already highly discounted. However, schools under this scheme only have to license full time equivalent employees for the licensing and this covers all the students too. Imagine a school of 1,000 students with 50 teachers and 20 admin staff (not including cleaners, etc that don’t use PCs). That school, under this scheme, could license all 1,070 users based on the 70 employees that are full time equivalents and use PCs. That’s a pretty nice deal!
The Microsoft Worldwide Partner Conference (WPC) is in Toronto next week. I won’t be going; it’s more important for networking and sales folks. But there are a few reasons that it is of interest to me.
Keynotes: Last year we got some snippets such as the early announcements on Hyper-V replica and the then scalability figures. On Monday it is Steve Ballmer headlining and it looks like we’re getting cloud-cloud-cloud. On Tuesday … I really can’t figure out a theme other than cloud-cloud-cloud. On Wednesday it is the Microsoft Partner Network – maybe the website has been burned to the ground? Kevin Turner will also be talking compete on Wednesday. Some hippie will also be smoothing your chakras – incense optional.
No SBS 2012: A lot of Irish MSFT partners specialise in the SBS space so I want to hear what they thing of the move to Windows Server 2012 Essentials.
What’s the plan for Windows 8/Server 2012: What will MSFT be telling partners about the enterprise and retail spaces?
Then again, why would Microsoft release Surface at all? Windows 8 is a huge play call by Microsoft. By re-imagining Windows, they are bringing in major change. And there hasn’t been anything like this amount of change since Windows 95. It’s a risk and everyone wants to mitigate risk.
What we’ve learned in the last 3 years is that the device plays as much of a role in the consumer sale as the operating system, if not more. Microsoft has always relied on hardware partners for the most part. Yes, they’ve built a better mouse, a better web cam, and the XBox. But in the PC realm, they relied on partners.
Look at some of the devices that we’ve seen announced. There have been many slate PCs and tablets that offer nothing new – just more of the same that used to run Android and would now run Windows 8 – former wannabe iPad killers. In the the Ultrabook market we have seen some rather strange device choices too … that one with the screen on the outside was ridiculous.
Not all have been silly or lacked innovation. I like the look of some of the slide-out slates/tablets where the keyboard lives under the screen and can slide out to produce a more normal looking laptop experience.
My guess is that Microsoft wanted to lead on the success of Windows 8, rather than depend on the hardware leadership of others. By creating Surface, Microsoft has built sexy, stylish, and innovative devices, something that the OEMs should have done. They have challenged the OEMs to produce something different, something better. Don’t just reinvent the same old thing with a different OS and new processor version. Be creative. Use new form factors. Take advantage of new components. Challenge each other and steal the lead from Microsoft.
By launching now instead of at Windows GA (October is my guess) it’s giving the OEMs time to get their act in gear sooner rather than later. I hope the OEMs do respond positively – I’d like to see cool devices for Windows 8 being sold outside of the USA.
So I was wrong. I was sure the big secret Microsoft announcement last night would just be some streaming media subscription service for the USA. Instead, 99% of the press got it right and Microsoft announced a Microsoft branded tablet line. Stealing the name from the table top device … welcome the Surface:
It is thin, 9.3mm, and that depends on which version of the Surface you choose:
It has a case that doubles as a keyboard and comes in different colours. The case features a built-in kickstand for when you want to prop it up. There is an audible snap when it closes which is nice. It is 0.7mm thick, thinner than a hotel room key:
Two Models
The Surface comes in two models. In broad strokes, the Windows RT (NVIDIA-made ARM-based CPU) is aimed at the consumer and competes with the iPad. It’s the thinner and lighter of the two devices. The Windows 8 Pro version is a twofer: it’s a tablet (slate PC) and a PC replacement. The Pro has an Ivy Bridge Intel i5 CPU and I’m guessing it’ll have around 10 hours battery life based on what we’ve seen from Dell’s future device.
The Body
No, I’m not talking about Elle McPherson, but sexy is what MSFT is aiming for none-the-less. The screen is Gorilla Glass 2. The chassis is made from VaporMg (pronounced Vapor-Mag), an injection moulded metal tolerant down to 0.65mm, and providing a perfectly smooth surface. The cover is snap on. It apparently has a solid snapping action which I saw being described by a present journalist as reassuring. This cover doubles as the keyboard which is flat. Size-wise, it’s thin. It’s the 1300 * 768 screen ratio you can expect of Windows 8 devices, with a landscape layout preferred over portrait.
Price
Nothing was confirmed. The Pro edition will allegedly compete in the Ultrabook price range. The RT edition will be similar to other ARM based tablets. The Pro edition will be some 90 days later.
Release Date
Good luck! Surface RT will be shortly after the Windows 8 GA. It’ll be sold via Microsoft Stores (USA only) and the Microsoft Online Store.
Apps
Windows 8 is still a Release Preview. Metro apps will be released via the Microsoft Store, built into Windows 8. Being Windows with 300+ million PC sales per year, the apps will definitely come. Already there are some big names there, and a Netflix Metro app was announced last night too. This won’t be Windows Phone. Office 2013 RT will be bundled with the RT edition. Only Metro apps and Office 2013 RT can run on the RT Surface. The Pro Surface will run any .exe or Metro app that can run on any Intel/AMD-based Windows 8 PC/laptop.
Reaction
Positive first. Wow, how the hell did MSFT keep this secret? We already know the spec for the XBox 720 and that it’ll likely have Azure integration for cloud content/games. The device is sexy. It’s got a lot of features that I like … built in kick stand for the plane, and a keyboard cover are cool.
My main concern is simple: Will Microsoft release this device outside of the USA? Will it suffer from The Curse Of Zune?
Secondly: how did the CEOs of Acer, Asus, Toshiba, Sony, etc, react when they woke up in Asia this morning? They’re allegedly being charge $85/device for Windows 8 OEM for their devices. Now they will compete with Microsoft on device sales? What will this mean?
The way the announcement was made was strange. It was 23:30 UK/IE time, 00:30 German/France time and God-knows what time in Korea/Japan. Choosing 15:30 Pacific Time said to me that this was an event for an American audience. If an International announcement was important, surely they would have gone for 09:00 or 10:00 PST? Choosing not to stream the event was strange too. I’d scream from the mountain tops if I was announcing this. Inviting 150 journalists, many of whom wouldn’t know Windows from a door, to be your single channel of communications is very strange. Yes, they want to copy Apple and have exclusivity, but this seems wrong to me. Just my independent opinion.
People are talking about this device. I’ve already had 5-6 conversations about Surface this morning in the office in the last 90 minutes. Strange, considering that it looks like only 5% of the world’s population (USA) will be able to buy one.
Summary
The Surface is a fab looking device. I’d like to have a try, and maybe consider buying the Pro version. Will it be an XBox/Kinect or a Zune/Kin? Will I end up even being able to buy one of these innovative devices? Time will tell. Have a look and make up your own mind:
EDIT #1
Some more notes. MSFT released video recordings of the event. You can stream it, or download it.
Above, you can see that the kick stand angles the Surface at 22 degrees. What if you wanted to record something at the table? Having the camera pointed downwards would be useless. The back camera is pointed upwards at 22 degrees to compensate for the kickstand angle.
The keyboard/cover snaps into a magnetically bonded spine. The Metro UI changes colour to match the colour of the Touch Cover! There are aligning and clamping magnets to organically connect correctly. You can hear it snap into place in the video. When you fold it back, the keyboard turns off, thanks to an accelerometer. Touch cover allows your fingers to touch the keyboard and it measures force to count those touches as types. Therefore you can touch type from the rest position.
The Pro edition has a wrap around vent so it’s never blocked. It is silent – I rarely even notice the vent on my Ultrabook, whereas I do on my Build slate.
The screen supports 600 DPI digital ink using a stylus pen. Zoom in and the ink is still smooth. The touch digitiser detects the pen being used and blocks touch so your hand on the screen doesn’t cause chaos for the pen digitiser. The screen is 0.7mm thick, making it the thinnest of it’s kind. The pen clicks into the side of the Surface.
TPM apparently is included. It supports HDMI and DisplayPort. They demo Adobe Lightroom on the Pro edition.
The cover comes in two models:
Touch Cover: a 3mm cover with a multi-touch keyboard.
Type Cover: designed for the touch typist wanting great speed. Key has 1.5 mm travel with full modern trackpad.
This is a beautifully designed device. But I’m told that the same was said of Zune which defined The Curse Of Zune by being only available to 5% of the world’s population – the web site wasn’t even visible to us back then! I’ve asked a person who understands channel, and he reckons it’ll allow MSFT to control the distribution with more quality. Maybe they’ll reach out to large chains like PC World (UK) and Best Buy (USA) next year, or the year after if Surface doesn’t go the way of Zune.
In the last couple of weeks we’ve heard quite a bit about the alleged “Stuxnet” variant called Duqu. This Trojan uses a zero-day vulnerability that exploits the TrueType font parsing engine. The Trojan replicates itself, does whatever it does (still not entirely clear), and removes itself after 36 days to avoid detection. That last bit is sneaky; it could steal passwords or certs, high-tail it before the heat arrives, and you’d never know to reset anything that was stolen. Very clever!
While Microsoft are working on a hotfix, they have issued an advisory that contains a workaround to prevent infection. The actions depend on your operating system, but revolve around changing the permissions of t2embed.dll.
I’ve become very hesitant of these workarounds. A few months ago I worked on a site that had no choice but to deploy such a workaround for Conficker.
I was installing a ConfigMgr 2007 R3 site server. I installed ConfigMgr and checked the health of the system (it’s easy to miss a pre-req and get some sort of error). Then I got the strangest error that I had never seen before; the management point role would not install. What normally happens is the site server is installed (not far from next-next-next), and then a number of default roles install automatically. The management point is usually painless. I googled, binged, you name it, and had no joy. A day later and 2 things gave me the solution:
I had been told of the Conficker infection and clean up job that was done
I found an obscure post with a similar error that pointed to a system registry key permissions issue.
1 + 1 and I verified this key was a part of the Microsoft Conficker workaround advisory. Now, I needed to find how this was deployed. GPMC made it easy to find a GPO that was responsible. Permission changes via GPO are tattooed so I reversed the edits (AV was up to date). I forced the policy refresh on the site server, reran the ConfigMgr install and the Management Point installed. Luckily the customer had used GPO and made this workaround very easy deploy for them, and ID/reverse for me.
By the way, part of the change was changing permissions of scheduled tasks. It turns out that backup jobs hadn’t been running correctly for a while.
So the lesson is:
When there is a zero-day exploit, Microsoft can issue workarounds to prevent infection.
Sometimes treatment for an illness can do quite a lot of damage to the patient. Understand what you are doing and document/communicate it.
If at all possible, do what my customer did. Use a GPO because it is (a) fast to deploy and (b) fast to reverse once the long term defences (patch/AV) are deployed. And that means impacted systems can be put back to rights.
It’s clear from Hyper-V’s Linux support developments over the last year that Microsoft is serious about supporting and managing Linux. The IC’s were submitted to the Linux kernel, making Microsoft a top 5 contributor. Then we had CentOS distro support – making a lot of people very happy. And now we have a new 3.1 version of the IC’s that adds newer OS version support and more Hyper-V features.
Over in OpsMgr world, guidance for installing Linux agents is placed right up there with guidance for installing Windows agents. I’ve made it no secret that I actually like how the OpsMgr team did OpsMgr 2007 Linux agents (self-serviced cross certification) way more than how they did Windows workgroup agents (flaky MOMCERTIMPORT based on custom x.509 certificate templates).
Microsoft are really taking cross-platform or heterogeneous environments seriously.
Here’s hoping for a Microsoft-written DPM agent for LAMP, and maybe a Microsoft-written ConfigMgr client/agents for Linux too! That would complete the stack and probably help System Center Management Suite sales in those beloved Fortune 1000’s.
It used to be that we had an official page on TechNet for updates for Windows Server 2008 R2 Hyper-V. It has since been decided to move the Windows Server 2008 R2 Service Pack 1 Hyper-V recommended updates list over to the TechNet wiki where it is community driven.
I’ve just wrapped up my guest appearance on the Microsoft Talk TechNet webcast. It was a really interesting afternoon for me.
The show follows the model of a USA sports radio show – luckily I am a Niners fan (as was discussed) so my podcast subscriptions feature such content and it’s what’s on the dial when I rent a car in the USA. Some hosts drive conversation on a topic, and the moderator/producer takes questions from online/phone callers. The guest provides some expertise on a topic.
The guys, Michael, Keith, and Matt were really nice. I called in 30 minutes before it started to do the sound check and briefing. The show started and it’s very loose and relaxed. There’s a bit of banter to get things going, just like in sports radio. And we got into it: things I see a lot, public/private cloud, why Hyper-V, and so on.
Thanks to the TechNet folks for inviting me on, and for giving me the opportunity to plug Mastering Hyper-V Deployment. And thank you too to those who tuned in and contributed. The hour absolutely flew past. That’s always a sign that I’ve had fun. Those who’ve had the “Aidan Finn Experience” know that it’s hard to shut me up when I get started. It felt like 15 minutes to me. I’d strongly recommend it to any experts/MVPs that get the opportunity to be a guest.
Edit #1:
It’s just been tweeted that my session with Talk TechNet will be posted online later this week.
Microsoft just announced that some regions/exams will undergo price increases come July 1st (August 1st for India).
I checked the Irish price, and it remains unchanged at €140 or £124.40. I was asked to check the UK price. It’s going up from £88 to £99. Wait; the UK price is still going to be £25.40 cheaper? Hmm, something smells rotten to me. It isn’t a tax difference. Sounds awful like the Office365 pricing issue I blogged about recently.
Surface RT will be shortly after the Windows 8 GA. It’ll be sold via Microsoft Stores (USA only) and the Microsoft Online Store.