How Device Based Terminal Services CAL’s Work

Brian Madden posted an excellent and to-the-point article on how TS CAL’s work.  The emphasis was on those clients that do not have local storage.
 
As he points out in a respnse to reader feedback, User based TS CAL’s are different.  Up to now, Windows 2003 has not tracked their usage.  A Terminal Server simply checks to see if a license server is valid, if the license types match (user VS device) and if that there are user CAL’s available.  No CAL’s are counted or issued.  This is very likely to change with Windows "Longhorn".  Like I said, this is just with User CAL’s.  Read Brian’s article to see how TS CAL’s work.

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

There’s a really important article on Bink that you should check out.  Gartner (I rarely pay attention to these sort of companies) has recommended that all organisations should deploy the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
 
What’s the big deal?
 
Anyone who’s been in the business for a while remembers the "good old days" when every version of Office had it’s own unique formats that were not backwards compatible, e.g. someone would mail and Office 97 document to a client who had Office 95 … the recipient wouldn’t be able to read it and would have to get the sender to save in the older format and resend.  This fun and games probably caused millions of helpdesk calls.  This all went away with the last few versions of Office, e.g. an Office 2003 user could send a file to an Office XP user with no problems.
 
Things are changing.
 
Microsoft has changed the format of Word, Excel and Powerpoint documents in Office 2007 so that they are XML based.  Why?  Are they trying to cause us grief?  No.  This change in formats will likely be welcomed by busienss software developers.  XML is a language that is portable between applications and is often used to transport data between those applications.  This will make it easier for business applciation developers to integrate their solutions into the Office suite. 
 
Sure, some developers and vendors will kick and scream about the new formats sayign they’ve not had a chance to keep up.  But here’s my opinion take … Tough!  The product has been available for aroudn a year in public beta and release candidate versions, just like Vista was.  If you cared about the customers who bought your products then you’d keep up and take advantage of the new features.
 
Office 2007 does support the older versions.  This means you can still save documents in these old .DOC, .XLS and .PPT formats for sharing with non 2007 users.  But if they use this new compatibility pack, they’ll be able to open, edit and save the new formats that you can use.
 
Credit: Bink.

WSUS 3.0 Release Candidate Coming Soon

The WSUS team has stated that the RC of WSUS 3.0 is on the way pretty soon.  It’ll be available on the Connect website.  If you want to know a bit more about WSUS then check my whitepaper out.
 
The big things I like about the new release are:
 
  • MMC 3.0 interface
  • More and better reporting
  • Delegation of reporting function (for auditors and security officers so they can do this without asking admins)
  • Improved architecture for centally managed branches that have their own dedicated internet link, i.e. their WSUS content is centally managed but downloads can be configured to come from the Internet rather than over an already busy WAN.

How Microsoft Distributed Office 2007

Microsoft documented their findings from "eating their own dogfood" when they deployed Office 2007 internally.  They’ve documented their findings and are sharing a guide on how they deployed the product on their network.
 
"Deploying the 2007 Microsoft Office system has provided Microsoft IT with the opportunity to test improved deployment tools, which are designed to simplify the enterprise rollout of applications. Microsoft IT discovered that features such as the single build folder and single customization patch resulted in a more efficient deployment solution. This helped to ensure fully-tested deployment scenarios, before the public release of the 2007 Microsoft Office system. These features also extended the productivity-enhancing benefits of Office system applications throughout the company".

How Microsoft Configured Their SMTP Gateways

If you want to learn the best way to use Microsoft infrastructure products then you should look at how microsoft has been employing them.  Microsoft proudly boast that they "eat their own dogfood".  What that means is they are using pre-release builds of products in production ont heir own networks.  This enables them to test, tweak and learn the best ways to implement the solutions.

Microsoft makes a lot of this information available, in particular, their Exchange infrastructure.  They have shown how 55,000 global users with a lot of email activity are served by 3 or 4 data centres with clustered Exchange.  They’ve just released a document that explains their current processs for configuring their SMTP gateways to maximise performance, usability and security.

Microsoft Intelligent Application Gateway 2007

Microsoft has announced the release of IAG 2007.  This is a result of the Whale Communications acquisition.  Here’s the blurb:
 
"IAG 2007 combines the secure sockets layer virtual private networking (SSL VPN) and Web application firewall product obtained in the acquisition of Whale Communications in July 2006, with the Microsoft® Internet Security and Acceleration Server (ISA Server), integrated to provide a single, consolidated appliance for network perimeter defense, remote access, endpoint security management and application-layer protection".
 
Microsoft has partnered with two companies to provide this solution in an appliance. 
 
"The blending of stateful packet filtering, circuit filtering, application-layer filtering, Web proxy, and endpoint security into a single appliance affords the administrator a variety of options for configuring policy-driven access to applications and network resources".
 
Microsoft says that the usage scnearios are:
 
  • Provide Secure Remote Access to Corporate Applications and Data. IAG 2007 helps you control access through unified SSL VPN, application-layer filtering, and endpoint security management, providing employees with secure intranet access to critical applications, documents, and data from a broad range of devices and locations.
  • Strengthen Information Security Specific to Your Environment. With flexible and differentiated access to extranet resources for employees and partners to Web and legacy applications, IAG 2007 protects infrastructure through easily adaptable application-specific security.
  • Defend Against Web-based Data Exploits and Theft. IAG 2007 enables Internet-based and mobile access from unmanaged endpoints, and enforces proper information usage with granular identity-based policies, helping the business comply with legal and regulatory guidelines.

There’s a pretty good overview on the Microsoft website.

Some people I know and trust with this stuff have been working with Whale’s solution for a while now.  They like it.  What’s more, customers who ran it on trial liked it.  Customers who consider security to be critical (read this as major financials) liked it.

As usual, there’ll be those who use the "we won’t use a Microsoft firewall … it’s just proxy server and full of bugs" line.  Their loss, really.  If they want to bleed money through the nose for the old dinosaur solutions that are painful to manage and horrible for users to live with then good for them.  You can read my recent article on Microsoft software not being "scalable nor secure" to see what I think of those people who rely on no longer relevant sterotypes.

Sending SNMP Traps to MOM 2005

Another useful article for MOM 2005 admins.  This one described the process for configuring MOM 2005 to accept and process SNMP traps.  Between application logs, SYSLOG and traps, you should be able to manage a lot, if not most, of your heterogeneous environment with MOM 2005 without buying 3rd party manaagement packs and agents (though I think I might still recommend this for time savings).