How Microsoft Manages their Sharepoint Services 3.0 Deployment

Microsoft is claiming they have the largest Windows Sharepoint Services 3.0 deployment in the world.  I don’t doubt them.  Having talked to various MS people about the subject of Sharepoint, I know how much they use it.  They’ve been using it for 6 years now and have all but eliminated the use of the file share for document sharing (there’s probably some left, in some dark corner!).

They’ve published a document that describes the lessons learned by Microsoft IT from their day-to-day operations of managing Sharepoint Servces 3.0 and Office Sharepoint Server 2007.

Microsoft Key Management Server

As you may know, every version of Vista, either off the shelf or volume license, requires activation.  I can’t say I’m a big fan of activation in the volume license market but I’ve no say in the matter.

The silver lining on this cloud is that we can limit our communications with Microsoft in the activation process if we have volume licensing by using a Key Management Server (KMS).  You can install a KMS on a server in your network and input your one volume license key.  You can then instruct clients to activate against this KMS server.  This is kind of like W2003 Terminal Server licensing.

You get 1 license key that you can install on 2 KMS servers.  This allows for a DR installation.  You can prbably use it again after talking to Microsoft.  You need to install the KMS on a secure network.  This key is being trusted to you by Microsoft to facilitate easier use of their anti-piracy system.  The KMS is very light … MS claim they could run their 55,000 user network off of 2 laptops.  It will have little impact on existing machines.  Clients only activate after their 25th attempt … this allows for temporary machines.  Clients will continually reactivate every 7 days … you can consider it as a lease.  The license timeout is 180 days plus a 30 day grace period … after this your client will be reduced to core funcationality, i.e. enabling you to reactivate.

Considering the criticality and lightweight nature of this function, I’d want to implement this service on a virtual machine, e.g. Microsoft Virtual Server 2005 R2 or VMware ESX/Virtual Server.  Being lightweight is perfect for VM’s, even for VM sceptics.  And the DR possibilities and mobility of the VM files means you can quickly recover this machine to alternate locations, e.g. full file backup, snapshots in VMware, volume shadow copy of the VM in Virtual Server 2005 R2 SP2.

Vista and Longhorn machines have the native ability to be a KMS server.  Windows 2003 servers require a download an an installation.  Microsoft has just made those downloads available.  There is an x86 and an x64 version.

Credit for KMS Information: PFoster.

WSUS Release Candidate

Microsoft has published a release candidate of WSUS 3.0.  You can download it from Connect.  You will have to register, even if you were a beta tester of WSUS 3.0.  WSUS 3.0 features:

  • Improved architecture possibilities.
  • Delegation of reports.
  • More reports.
  • More granular automated approval rules.
  • Use of an MMC 3.0 administration console instead of the web console.

Check out my whitepaper on WSUS 3.0 if you are interested in this product.

Minasi: February 2007 Newsletter

Mark Minasi published his February newsletter over the weekend.  Mark is continuing his current them of working with WAIK by having a look at how you can use WinPE to capture and deploy a Vista PC using the ImageX command.  This works just like you would work with Ghost, but with some expcetopns as Mark notes:

  • It isn’t destructive.
  • It is folder/file based and not sector based like Ghost.

Mark also mentions that you can deploy XP and Windows 2003 with this method.  This is true.  I actually have an example of it being done via WDS in my WDS whitepaper

You can use Mark’s method to also access devices over the network.  This will require network card drivers to be added.  Mass storage drivers will also needed to be added.  I’ve previously blogged how to update a WinPE image to add network card drivers for a VMware VM and how to add storage drivers for a HP DL380 – don;t worry about these being a server or a VM because the comands are the same … just get your hands on the right drivers first and secondly make sure you decompress them correctly to get at the folder with the INF file that is usually required by plug and play.

Check out Mark’s article and you will learn something useful.

Credit: Mark Minasi.

Citrix Presentation Server 4.5 Details

Brian Madden has blogged some information about the new release from Citrix including:

  • New software bundling/packaging: No more standard edition.  Presentation Server Platinum Edition suite includes Presentation Server, Password Manager, Citrix Access Gateway with SmartAccess and the EdgeSight application performance monitoring product.
  • Server OS support: Windows 2003 only.  PS 4.0 CD’s for Windows 2000 will be included.
  • Pricing:  Very pricey.  Very.
  • Availability: Public availability on March 8th, earlier for "My Citrix".

I have to admit that I’ve fallen behind with Citrix.  My last certification and personal hand-on admin experience was with Metafame XP.  I never used any of the other products like Password Manager, etc.  But having seen Citrix PS in action in numerous sites, I really wonder if you are moving costs and problems from the desktop and onto the server, where 1 glitch can affect many users at once.  Printers, dodgy apps, profiles, etc all just seem to be a pain … not to mention that laptops (with offline data replicas) and PDA’s are still required.  I used to be a huge fan but I’m firmly in the managed desktop/server camp now.

Credit for original article: Brian Madden.

Russinovich Article: PsExec, UAC and Security Boundaries

I’ve just seen this very interesting article on Mark’s blog.  It explains how Vista’s User Account Control (UAC) and Integrity Levels work toether to create a sandbox environment to eliminate direct interaction between processes of differing secuity levels.  It’s not complete speration because this is not possible, as Mark explains, and hence they should not be referred to as secuity boundaries.  They just make it much harder for malware authors to transfer data from a low level process to one with admin or system rights.  Mark also explains how PsExec interacts with this environment.

Novell/Microsoft Partnership: Details Start to Emerge

These once fierce competitors have announced details of their partnership that was announced late last year.  Considering some of the public "discussions" of what the partnership meant to those who ran Linux, I’m impressed that they kept the train on the tracks because this deal will offer some benefits for those running products from both of these companies.

Virtualisation
  • Novell’s Suse Linux Enterprise 10 will be a supproted guest on Windows Virtual Server 2005 R2 Service Pack 2 (out in Q2).  We can read from this that there will be support on the "Longhorn" Hypervisor product, due out 6 months after "Longhorn" is released.
  • Speakign of which, Suse Linux Enterprise 10 will be supported as an "enlightened guest" on "Longhorn" Hypervisor.
  • Support for "Longhorn" on Suse Linux using Xen’s (another Microsoft partner) virtualisation solution.

There’s a comment in the press release that "Longhorn" is due out in H2 of 2007.  It’s either going to be very late 2007 or early 2008.  MS will not rush it out just to meet deadlines … they will want to get this right like they did with Windows 2003.

Web Based Management

The two companies are workign together on WS-Management solutions to manage Windows Server, Suse Linux and virtualisation.  Both Novell Zenworks Orchestrator and Microsoft System Center Operations Manager 2007 will feature WS-Management support.

Directory and ID Interoperability

Both companies have their own directories, Active Directory and Novell’s eDirectory.  Both will work closely with each other to increase interoperability in heterogeneous environments.

Document Interoperability

Micosoft has already announced the release (via SourceForge.net) of the Open XML/ODF Translator for Microsoft Word 2007, Word 2003 and Word XP.  Novell will release an Open XML/ODF Translator for the Novell edition of OpenOffice.org.

Irish Blog Awards

I’ve been nominated for the Irish Blog Awards under the "Best Technology Blog/Blogger" section.  If you have some time, I’d appreciate a vote.  If necessary, I’ll visit your local town in a speeding bus, shake hands and kiss babies 🙂  I can’t promise to get rid of global warming or reduce taxes (a pity) but I’ll be grateful for any votes I get.

 

MS System Center Configuration Manager 2007 Update

I’m about 25% way through a whitepaper entiled "An Introduction to Configuration Manager 2007".  In it I breakdown the changes from SMS 2003 to CM 2007.  I don’t assume the reader is an SMS buff so I also am doing a high level pass on the components and design concepts of CM 2007.  Low level detail and recommendations still are not available seeing as it’s still a Beta 1 product, but documentation does refer you to the first 4 chapters of the SMS 2003 online guide.  From what I’ve seen, this is indicative of little change in core functionality – lots of other stuff has changed/improved/been added.  I’m also going to document a typical, single server install.

This will be the first in a series of documents.  They’ll take some time seeing as I’m doing them after work.  The other docs will break down other components of CM 2007, e.g. Software Update Management, Branch Distribution Points, etc.

This first document is taking much longer than I expected.  Looking back on it, I have no idea how I typed up my SMS 2003 guide in 2 days.

Update (13/Feb/2007 23:06GMT): I’m about 60% through the document and just finished page 43.  Hopefully I’ll post it before the end of next week.

Vista: RAM, SuperFetch and ReadyBoost

Bink just posted a link to a very interesting and informative article on Tom’s Hardware Guide.  The article explains:

  • How SuperFetch pre-caches commonly used applications in RAM so they load quicker after you start them.
  • How ReadyBoost can be used to store SuperFetch data on a USB flash drive if you don’t have enough RAM.
  • Compares the performance of the various scenarios to give a clear analysis.
  • Makes a recommendation on RAM for Vista.

The results: if you have a PC with 512MB then you should upgrade to 1GB for some serious performance gains.  That 512MB makes a big difference.  Running 512MB with ReadyBoost will offer a small gain in performance but nothing compared to more RAM.  And in the end, having more RAM means you can do more anyway.

My suggestion if you are running business desktops and want to deploy Vista is to try to budget for 2GB RAM.  I think that you will eventually use it … you’ll likely have started out with 128 or 256MB RAM XP PC’s and upgraded them all to 512MB.  If you can’t afford to go 2GB then 1GB is the way to go … don’t skimp and go with 512MB RAM.  512MB will work fine for a typical business dekstop with XP Pro but Vista is a much hungrier beast.

Credit: Bink.