Windows Vista is coming. You can live in denial all you want but change is on the way. Vista features lots of changes: h/w requirements, user interface, deployment, but most of all, the biggest changes seem to be in the security features and functionality. My gut is telling me that most organisations will be slow to adopt Vista due to the amount of change and the costs of purchasing new hardware. But I do see it prematurely making it’s way into networks for a few reasons:
- OEM Licensing: Organisations with OEM desktop licensing will start seeing Vista as an OS option from January onwards. I doubt it will take long for MS to withdraw Windows XP as an option.
- Some applications will have an OS dependency. Some cutting edge business applications may take advantage of new features available to programmers.
- Windows Vista is chock full of new security features. This may make it a candidate for complete or targeted deployment by security planners. One feature likely to draw attention is BitLocker, a login integrated, complete disk encryption solution that makes us of TPM architecture for secure key storage. BitLocker is a feature of Windows Vista Enterprise which is only available to Software Assurance customers.
January isn’t far away so proactive administrators and consultants should be making plans now. Part of this is understanding the security implications associated with Windows Vista. You can download a beta release of the Windows Vista Security Guide from Microsoft’s Connect web site.
A new (version 2.0) management pack for ISA 2000/2004/2006 is avaiable for download. Microsoft’s comments are:
"The ISA Server Management Pack monitors ISA Server events and alerts for all ISA Server versions (2000, 2004 and 2006). With detailed alert information you can quickly identify and troubleshoot ISA Server issues, minimizing time-to-resolution when problems occur. Collect and analyze performance trends and metrics. Performance information allows you to manage bottlenecks, identify capacity requirements, and proactively manage your ISA Server configuration to resolve issues before problems occur"
If you are into or working with Microsoft Terminal Services or any of the Server Based Computing (SBC aka "thin client") solutions out there, I’d highly recommend that you attend PubFourm Amsterdam, starting on 2/11/2006. The name correctly suggests that the the social side of things is good fun (don’t try to keep up with those crazy Swedes!) It’s a small conference with about 50-100 Level 400 types there. Presentations are by these folks and some of the major players in the industry of server based computing. At €215 for 4 days, you will not be able to say you did not get value for money.
I attended it earlier this year in Brussels for the first time not having the highest of hopes. I was greatly surprised and my eyes were opened. I like 99% of people in IT, when I thought of SBC and getting it to really work I always thought of Citrix. I assumed that Citrix was the only player. Anyone who has deployed Citrix knows that licensing costs an absolute fortune. You’ve also probably had problems with printing (especially over WAN links) and with user profiles. I was stunned to see how alternative and widely adopted solutions that sit on top of Terminal Services can solve these cost and functional problems. We also had indepth sessions from the folks in Citrix and a sneak (secretive) peak at Terminal Services on Windows Longhorn.
The conference is great fo getting questions answered, making contacts and learning about what alternatives there are and what is in the pipeline. The low costs are there to cover costs and the conference is as good as those who attend.
Some interesting topics are being discussed this year. One of Microsoft’s newest acquistions, Softricity, is on the card. This applicaiton virtualisation solution, SoftGrid, is not only an ideal and simple way to rapidly deploy applications to the desktop but also to Terminal Servers. I’d also recommend the session on Propalms. This is the successor to Tarantella, a Citrix alternative. I spent some time with 2 of their people in Brussels. They were very excited about this feature rich and economic solution. I’m hoping I get to spend some time looking at a demo copy they gave me that I unfortunately have not had time to try out.
The social side of the conference aint bad either 🙂
Nathan Winters, a MS infrastructure pro, has an article on the TechNet blogs site that goes into great detail on how time works and is synchronised in a Microsoft Active Directory network. It’s a good read and goes into all sorts of detail. I doubt you’ll have any questions after reading it.
Windows Time is critical for the correct functioning of the Kerberos protocol which is the primary authentication and authorisation method used in an Active Directory environment. Many of these problems I’ve encountered have been a result of time not being syncronised. Speaking of which, I’m usually surprised by how few people realise that there already is a synchronisation mechanism running in an AD environment. So stop shopping for a third party clock synch product and read this article an you will understand how time synch in AD works, how to configure it and how to troubleshoot it.
ISA 2004 was a considerable improvement over ISA 2000. It was more secure, feature rich and much easier to configure. I find it funny now that I had trouble getting used to how easy it was to configure 2004 as opposed to 2000.
ISAServer.org posted an article on why you should consider ISA 2006 and why it is better than ISA 2000/2004. Given how quickly it followed the 2004 release, I wouldn’t have thought there was much time to make signifcant improvements. Microsoft proved me wrong. It’s a good read and anyone using or considering ISA should give it a read. It would appear that ISA 2006 provides the most benifit to anyone using it to publish function rich web services thanks to new features such as:
- Web Farm Load Balancing.
- Forms-based authentication support for all Web Publishing Rules.
- Kerberos Constrained Delegation.
Mark Minasi, famous IT journalist, author, speaker and consultant, has just finished writing his update to Mastering Windows Server 2003. The updated book will include the new features included in SP1 and the R2 release of Windows Server 2003. Mark has gotten permission from the publishers to post one of the chapters (on Windows Firewall) on his web site.
The publishers state that the following will be covered in the book:
- Getting and installing SP1
- Hiding folders from prying eyes with ABE
- De-worming Windows with Data Execution Prevention (DEP)
- Solving SP1/R2 incompatibilities
- Stopping spyware and locking up ports
- Stopping mobile thieves by blocking USB memory sticks
- Upgrading to R2 and getting to know its GUI
- Understanding R2’s new Print Management Console
- Controlling folder usage with quotas and more
- Integrating Unix and Windows
- Working with Active Directory
At the very least, I’d recommend you read this chapter. I’d also recommend a purchase of this book if you plan to deploy Windows 2003 or make use of Service Pack 1 or R2 features. I read Mastering Windows Server 2003 when I first started to deploy the operating system. Mark really makes his *ahem* mark by telling you both the official Microsoft story and, importantly, how the product really works and how you should really use it. Given that the original book is 1753 pages long and the new Windows Firewall chapter is 48 pages long, I’m left wondering if a free JCB is provided to carry the book.
Make sure you also check out Mark’s free forum, MR&D, and his audio books based on his seminars that cover subjects such as Windows Vista, Microsoft network security and the SMTP service. If you get the chance to, I would also recommend that you attend his seminars. Mark is not only informative but also very entertaining … something that is tough to be in a world full of geeks and nerds!
I was recently working on a customer site where they used Virtual Server 2005 for their test environment (excellent!). They had a production Exchange cluster but had not simulated in test because they believed it was not possible to recreate in Virtual Server. I remembered seeing some sessions at TechEd on the subject but had never actually done it. A quick google gave us step-by-step instructions on how to get this done.
Clustering in Virtual Server 2005 makes use of the virtual SCSI adapters. You set node one to ID 7 and node 2 to ID 6. Then create a fixed size virtual disk and set it to use a shared SCSI bus. Connect both virtual machines using SCSI bus 0 and then you can implement your cluster as you normally would.
The client was well impressed with the virtual Exchange cluster they had at the end of the engagement.
I’ve done some googling and it appears you can do something similar with VMware Server by mucking around with configuration files. I also found this on the VMware site but I haven’t tried it yet.
If you want 4 node virtual clusters then you need to use the Microsoft iSCSI Initiator and the demo release of StarWind or WinTarget.
The following updates were released by Microsoft on Patch Tuesday:
- MS06-052 – addresses a vulnerability in Microsoft Windows
- MS06-053 – addresses a vulnerability in Microsoft Windows
- MS06-054 – addresses a vulnerability in Microsoft Office
They also re-released the following 2 security updates on September 12, 2006:
- MS06-040 – addresses a vulnerability in Microsoft Windows
- MS06-042 – addresses a vulnerability in Internet Explorer, a component of Windows
As usual, it is recommened that you test these updates before deploying them on your network. BTW, there have been some rumblings on the net about a performance hit and/or machines failing to start up after this months deployments. I’ve not had any problems myself but there have been some problems with updates over the last two or three months … please make use of the free VM solutions that are out there or the targetting mechanisms built into SMS/WSUS and test before you deploy.
Microsoft Ireland is proving an afternoon of FREE level 300 SQL 2005 training in Belfast and Dublin at the end of this month. More details are on the Microsoft Ireland Technet Blog. I’ll be at the Dublin event if all goes to plan.
Microsoft has released Windows Vista RC1 to the public. This much anticipated release brings a lot of new features in user collaboration and user interface. But for us pro’s, the main things of importance are the new security features, some popular and some not so popular.
You can get access to RC1 on the Microsoft website. Beware that it requires a serious piece of kit to run this OS and the new Aero interface requires high spec and compliant hardware.