BT Openzone: First Impressions

I changed the hotel I’m staying at in Belfast for this job after the Radisson (a) refused to give me a corporate rate and (b) upped their prices by £30 a night!  On the recommendation of someone from my client’s site, I’ve moved over to the Hastings/Stormont beside the government buildings that often feature on the news.  It’s a decent place and charges normal rates.  On the downside, the room rate does not include free broadband.

They do offer broadband via BT Openzone, a Wi-Fi "hotpoint" pay-for service.  There’s a bunch of services including 1 hour, 1 week and 1 month subscriptions and an annual contract rate.  For £40, I’ve gotten 4,000 minutes in a month.  You get a user name and a password for that period.

Yo can subscibe via the website, by phone (during M-F business hours) or via the default webpage that opens up in your browser when you connect to the Wi-Fi network.  The process is easy.  just have a pen and paper handy to document the random looking username and password – they promise to SMS it out to you but I never got the text!

The Wi-Fi signal in the hotel is excellent.  I’ve got a full signal in my room and in the bar where I am sitting now, waiting on a "heart attack on a plate" while downing a pint of Stella.  The £40 seems steep on the face of it, but that’s just over half what I’m saving by being in this hotel instead of the overpriced Radisson.

I had my first hiccup with the service today.  There was a national failure with the authentication system.  I rang the helpdesk, preparing myself for a 45 minute wait to speak with an idiot (as you get with Eircom or BT Ireland).  Instead, the phone was answered immediately by a well spoken rep who quickly and clearly explained the problem and gave me a free 1 hour pass to get me online while things were being repaired.  Bravo!

There’s a tool you can download from their site for managing your Wi-Fi access.  It has 3 profiles: Home, Office and Roaming.  You can configure your security and credentials for each of these.  By clicking on the corect profile, the tool reconfigures your NIC and connects to the network.  The roaming profile refers to your BT Openzone account.  It simply asks for and saves your username and password and then connects you.  It also records your connection times so you can account for your usage. 

The utility also includes a complete listing of hot spots across the globe.  This can be searched quickly and conveniently by location name or by drilling down through country, city and location.  BT has negotiated roaming agreements with other operators, e.g. T-Mobile so you can roam if you have a contract … though roaming charges will apply.

If you’re in need of a hotel with Internet access, don’t limit yourself to the business hotels that over charge based on their name.  Consider the alternatives, get yourself a wi-fi subscription and save yourself some cash.

How Device Based Terminal Services CAL’s Work

Brian Madden posted an excellent and to-the-point article on how TS CAL’s work.  The emphasis was on those clients that do not have local storage.
 
As he points out in a respnse to reader feedback, User based TS CAL’s are different.  Up to now, Windows 2003 has not tracked their usage.  A Terminal Server simply checks to see if a license server is valid, if the license types match (user VS device) and if that there are user CAL’s available.  No CAL’s are counted or issued.  This is very likely to change with Windows "Longhorn".  Like I said, this is just with User CAL’s.  Read Brian’s article to see how TS CAL’s work.

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

There’s a really important article on Bink that you should check out.  Gartner (I rarely pay attention to these sort of companies) has recommended that all organisations should deploy the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
 
What’s the big deal?
 
Anyone who’s been in the business for a while remembers the "good old days" when every version of Office had it’s own unique formats that were not backwards compatible, e.g. someone would mail and Office 97 document to a client who had Office 95 … the recipient wouldn’t be able to read it and would have to get the sender to save in the older format and resend.  This fun and games probably caused millions of helpdesk calls.  This all went away with the last few versions of Office, e.g. an Office 2003 user could send a file to an Office XP user with no problems.
 
Things are changing.
 
Microsoft has changed the format of Word, Excel and Powerpoint documents in Office 2007 so that they are XML based.  Why?  Are they trying to cause us grief?  No.  This change in formats will likely be welcomed by busienss software developers.  XML is a language that is portable between applications and is often used to transport data between those applications.  This will make it easier for business applciation developers to integrate their solutions into the Office suite. 
 
Sure, some developers and vendors will kick and scream about the new formats sayign they’ve not had a chance to keep up.  But here’s my opinion take … Tough!  The product has been available for aroudn a year in public beta and release candidate versions, just like Vista was.  If you cared about the customers who bought your products then you’d keep up and take advantage of the new features.
 
Office 2007 does support the older versions.  This means you can still save documents in these old .DOC, .XLS and .PPT formats for sharing with non 2007 users.  But if they use this new compatibility pack, they’ll be able to open, edit and save the new formats that you can use.
 
Credit: Bink.

WSUS 3.0 Release Candidate Coming Soon

The WSUS team has stated that the RC of WSUS 3.0 is on the way pretty soon.  It’ll be available on the Connect website.  If you want to know a bit more about WSUS then check my whitepaper out.
 
The big things I like about the new release are:
 
  • MMC 3.0 interface
  • More and better reporting
  • Delegation of reporting function (for auditors and security officers so they can do this without asking admins)
  • Improved architecture for centally managed branches that have their own dedicated internet link, i.e. their WSUS content is centally managed but downloads can be configured to come from the Internet rather than over an already busy WAN.

How Microsoft Distributed Office 2007

Microsoft documented their findings from "eating their own dogfood" when they deployed Office 2007 internally.  They’ve documented their findings and are sharing a guide on how they deployed the product on their network.
 
"Deploying the 2007 Microsoft Office system has provided Microsoft IT with the opportunity to test improved deployment tools, which are designed to simplify the enterprise rollout of applications. Microsoft IT discovered that features such as the single build folder and single customization patch resulted in a more efficient deployment solution. This helped to ensure fully-tested deployment scenarios, before the public release of the 2007 Microsoft Office system. These features also extended the productivity-enhancing benefits of Office system applications throughout the company".

How Microsoft Configured Their SMTP Gateways

If you want to learn the best way to use Microsoft infrastructure products then you should look at how microsoft has been employing them.  Microsoft proudly boast that they "eat their own dogfood".  What that means is they are using pre-release builds of products in production ont heir own networks.  This enables them to test, tweak and learn the best ways to implement the solutions.

Microsoft makes a lot of this information available, in particular, their Exchange infrastructure.  They have shown how 55,000 global users with a lot of email activity are served by 3 or 4 data centres with clustered Exchange.  They’ve just released a document that explains their current processs for configuring their SMTP gateways to maximise performance, usability and security.

Microsoft Intelligent Application Gateway 2007

Microsoft has announced the release of IAG 2007.  This is a result of the Whale Communications acquisition.  Here’s the blurb:
 
"IAG 2007 combines the secure sockets layer virtual private networking (SSL VPN) and Web application firewall product obtained in the acquisition of Whale Communications in July 2006, with the Microsoft® Internet Security and Acceleration Server (ISA Server), integrated to provide a single, consolidated appliance for network perimeter defense, remote access, endpoint security management and application-layer protection".
 
Microsoft has partnered with two companies to provide this solution in an appliance. 
 
"The blending of stateful packet filtering, circuit filtering, application-layer filtering, Web proxy, and endpoint security into a single appliance affords the administrator a variety of options for configuring policy-driven access to applications and network resources".
 
Microsoft says that the usage scnearios are:
 
  • Provide Secure Remote Access to Corporate Applications and Data. IAG 2007 helps you control access through unified SSL VPN, application-layer filtering, and endpoint security management, providing employees with secure intranet access to critical applications, documents, and data from a broad range of devices and locations.
  • Strengthen Information Security Specific to Your Environment. With flexible and differentiated access to extranet resources for employees and partners to Web and legacy applications, IAG 2007 protects infrastructure through easily adaptable application-specific security.
  • Defend Against Web-based Data Exploits and Theft. IAG 2007 enables Internet-based and mobile access from unmanaged endpoints, and enforces proper information usage with granular identity-based policies, helping the business comply with legal and regulatory guidelines.

There’s a pretty good overview on the Microsoft website.

Some people I know and trust with this stuff have been working with Whale’s solution for a while now.  They like it.  What’s more, customers who ran it on trial liked it.  Customers who consider security to be critical (read this as major financials) liked it.

As usual, there’ll be those who use the "we won’t use a Microsoft firewall … it’s just proxy server and full of bugs" line.  Their loss, really.  If they want to bleed money through the nose for the old dinosaur solutions that are painful to manage and horrible for users to live with then good for them.  You can read my recent article on Microsoft software not being "scalable nor secure" to see what I think of those people who rely on no longer relevant sterotypes.

Sending SNMP Traps to MOM 2005

Another useful article for MOM 2005 admins.  This one described the process for configuring MOM 2005 to accept and process SNMP traps.  Between application logs, SYSLOG and traps, you should be able to manage a lot, if not most, of your heterogeneous environment with MOM 2005 without buying 3rd party manaagement packs and agents (though I think I might still recommend this for time savings).