Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

October, 2010

  • Microsoft is all in

    When Steve Ballmer says “We’re all in the cloud”  this should be viewed in the same way as when  Bill Gates talked about “a PC in every home”.  I could quote statistics on the investment Microsoft is making in the cloud or show you some cool pictures of containers in one of the data centres, but I think this whitepaper on internal adoption of the cloud by Microsoft’s internal IT department is in many ways more compelling.

    Why? because if you asked anyone working in IT what the major concerns are about adopting cloud services, I can guarantee that security and compliance will come up.  So the fact that Microsoft is putting two of its most important systems in the cloud..

    imageimage

    the performance and bonus HR stuff, and the volume licensing service manager is proof that this should not be seen as a barrier to moving to the cloud.

    Actually Microsoft already has loads of personal data about us on its cloud servers, I say us because if you have

    • An account with BT Vision
    • XBox Live
    • Hotmail
    • Skydrive

    ..those are Microsoft cloud services for consumers.  It’s a similar story with Microsoft’s business facing services like BPOS and Azure.  What all these services have in common is that they are all delivered form the same infrastructure.  So it’s a logical next step for Microsoft to use this platform for its own internal services including those with sensitive personal data in them.

    However what makes this interesting is that this decision was not based on some corporate mantra, it is based on cold hard economics as the return on investment calculations in the whitepaper show. These are based on the standard commercial charging for Azure that any business would be charged compared to the cost of running those services in house, and so the same numbers could be used to look at the value you could get from using cloud services.

    So is it time to consider a cloud first rather than a virtualisation first strategy in your organisation?

  • Why I use IE9

    The obvious answer to this question is I am an evangelist who works fro Microsoft and while that is true just bear with me for a paragraph or two.

    You’ll probably like the speed and clean looks of this incarnation of IE, you might like the side by side comparison option by tearing off tabs, or the fact that you can make mini –apps out of your favourite sites by pinning them to the taskbar.  Actually I know these are popular because Simon’s one minute videos on these things have had a huge amount of hits.

    However one of my favourite features isn’t actually new for IE9 (it came in with IE8) and you don’t even know your using it, namely SmartScreen..

    image

    .. which checks pages you visit against a central database and blocks them, and has a similar setup for downloads. It’s basically crowd sourcing with added intelligence from Microsoft’s security teams so everybody wins who contributes to the program.  You can opt in or out by disabling it as indicated above and you can report bogus sites with it that may have been missed as well as identify false positives – so sites that are OK but have been identified previously as being malicious.

    It’s not just me that thinks this is all pretty clever, the independent Online Trust Alliance (OTA) recognised IE8 with its 2010 Excellence in Online Trust Award a couple of weeks ago. I have to confess I am not exactly sure why SmartScreen is already better in IE8 than its equivalents in other browsers, but this fact has also been picked up by NSS Labs in its latest browser report (you’ll need to register but it’s free).

    This will be further improved in IE9 with the download reputation notification that warns users about higher risk downloads. If like me you want enjoy the simplicity or relax with the security of IE9 the latest beta can be downloaded here.

  • SQL Server spatial stuff on Codeplex

    The net is awash with more reruns than Dave and so I try and be brutal about not doing too much rebroadcasting myself, so here’s a rare exception and I hope if spatial is your thing then these two things are are really useful:

    I have just spotted a quick way to get rich mapping information on to Bing Maps directly without using reporting services.  There’s a new project on Codeplex call the Data Connector which makes the whole process of using SQL server with Bing maps..

    image

    One problem I have mentioned before is that in SQL Server 2008 R2 there are shape files for the US, the rest of the world is missing. So there is another codeplex project, MapGallery to encourage you to upload and share shape files. It’s run by the community in this case Diego Nogare. I see the UK (although less than Northern Ireland) is already there courtesy for my friend Robert Edgson.

  • Microsoft Support Calls

    3 basic life skills:

    • You don’t give your car keys or house keys to strangers. 
    • You only trust certain friends and family to look after your young children while you go out for dinner. 
    • You only let people fiddle with your computer you trust.

    I mention the last one because there are increasing reports of unsolicited calls offering technical support some of whom pretend they are working for Microsoft.  These are not going to be from Microsoft, they could legitimately be from a Microsoft partner trying to promote their services.  However you might want to think about who you would trust to remotely manage your home PC with all your personal details on, credit card and direct debits, contact details.  So find out who you are talking to and verify who they are – it won’t be Microsoft. You’ll only get a call from Microsoft if you’ve raised an incident with support in which case they’ll give you a reference which anyone else contacting you will be able to verify.

    You also want to be sure people are who they say they are, so take a number and ring them back.  I do this myself and so if my bank calls I won’t go through security, I offer to call them back to check I really am talking to them, it might confuse them but it’s my money.

    I have had a few e-mails asking me what Microsoft is doing to prevent this:

    • Firstly Microsoft can’t shut down this kind of activity as some of these calls could be a legitimate business looking to sell its services.  The only thing you can do is register with the telephone preference service and hope that these businesses abide by it. 
    • Microsoft does regularly updates it Protect web site and the latest on this fraud issue is here.
    • Try and identify the real fraudsters and work with authorities to shut them down.

    So  privacy and identity is and should be your own affair, and you need to protect your online identity in just the same way as you protect your children and your home.

  • Business Intelligence & Cognitive Psychology

    One of the most interesting session at the recent SQL Bits 7 was Jen Stirrup’s talk on use of charts in reporting services, partly because I am a failed graphic designer by training and partly the study I made of it for my MSc at the OU. 

    What she has done is to explain the business of using charts to quickly and accurately inform the report consumer by building on the way we perceive visual information. Her drive for simple clean charts might fly in the face of fashion and all the fluff in a lot of the latest visual tools, but there’s no denying that the result is going to make this information more presentable.

    The only disagreement we have is that I am a little more pro pie charts than she is.  I think humans are pretty good at telling the time from analogue watches and pilots rely heavily on dials to make quick decisions.  So I think Jen’s observations on clean design can be applied to pie charts and for example they should have only 3 or 4 pieces of pie which are clearly coloured.  Pie chats like this can also be very useful on  maps  or Visio diagrams and I have seen some example where the size of each pie varies by the total and the pies are centred on where the activity is occurring.  However you also have to watch out for clutter and confusion as too many pie charts might obscure the underlying map / diagram and overlap each other as well.

    I also have to agree with Jen that all the shading and boxes that are turned on by default in the reporting services chart and map wizard can confuse and of course slow down report rendering if only marginally.

    Anyway Jen’s session on this topic is pretty rare, most of the stuff on reporting services you’ll find on the web shows you how to design reports and use the tools.  I think more of this is needed so check out her blog or her session recording at SQL Bits 7 when it goes live.

  • Metadata Databases & System Center Essentials 2010

    One of the reasons SQL server can spread through your organisation is that it underpins so many applications, including quite a few candidates from Microsoft, like Project Enterprise , Visual Studio Team Server, and the System Center line-up.  All of these use SQL Server to store metadata, for example in the case of System Center Virtual Machine Manager (SCVMM) the catalogue and state of the virtual machines under control of SCVMM is stored in a series of tables.  This is a good thing as SQL server is being used for the right reasons and in the right way:

    • The data is typically quite compact and structured lending it self to a relational database. 
    • With SQL server already installed the additional benefits of reporting services can be used to monitor the application.
    • SQL Server can be used to store authorisation information – who can do what to the various parts of the application.  In this case the database can be protected with a certificate to ensure it is secure.
    • Multiple  (concurrent) user access to the tools can occur while maintaining this data in a consistent known state

    However in the case of System Center Essentials (SCE pronounced as “ski”) which is designed for the small medium sized business there probably isn’t going to be a dedicated database administrator in the business and this might end up being the first exposure to SQL Server.  I mention this because one of the killer reasons to use a database for storing all this data is that it is pretty simple to backup the data.

    SCE 2010 actually uses a number of databases, as it is a cut-down combined version of its bigger brothers like SCVMM:

    • SUSDB has all the deployment data about updates
    • VirtualManagerDB has all the metadata about the virtual machine templates, which is similar to Virtual Machine Manager
    • OperationsManagerDW all the monitoring event data in a format that can be used for reporting
    • SystemCenterEssentials has everything else in so the monitoring data, security and even a data warehouse scheme used by the reports

    System Center products like SCE aren’t  mission critical applications but that doesn’t mean you shouldn’t back them up as the history of what has been done and how systems are behaving could be important in future either for troubleshooting, asset management, or other compliance work.  SCE Books online has some advice on making backups, but I am not sure who would dig down into that so here’s a cut & paste of the important bit:

    Component to Back Up Full Backup Incremental Backup

    SystemCenterEssentials

    Daily

    Not applicable

    OperationsManagerDW

    Monthly

    Weekly

    ReportServer

    On a recurring basis, with the frequency depending on how often reports change in your organization, and every time after significant changes to report definitions (additions, changes, and deletions).

    Same as full backup

    SUSDB

    According to WSUS recommendations. For more information, see Backing Up Windows Server Update Services 3.0 SP2

    According to WSUS recommendations. For more information, see Backing Up Windows Server Update Services 3.0 SP2

    VirtualManagerDB

    Daily

    Not applicable

    Master database (Master)

    Every time after installing and configuring the database components and after making significant changes to logons or other security changes.

    Per IT policies

    Msdb database (Msdbdata)

    After the initial installation and configuration of the Essentials database components.

    After changing the scheduled SQL Server agent jobs that Essentials 2010 uses.

    Custom Management Packs (.xml files)

    Monthly or after making significant changes to management packs.

    Not applicable

    Notice the additional entries here for the non-SCE databases Master, msdb & ReportServer.  If SCE is not sharing the installation of SQL Server with other applications then don’t assume these are being backed up unless you as the SCE administrator are doing it.  Actually you might want to check anyway as everyone on a shared SQL Server might assume that someone else is doing it. 

    One final thing is that there other data outside these databases to consider including encryption keys and certificates as well as parts of active directory that should be backed up to ensure you can recover from every type of failure that could affect SCE which is also detailed in books on line here.

  • A cloudy day at EZE IT

    I got asked to do a 40 minute slot on Virtualisation and cloud at a partner event to day run by EZEIT, while Simon got the tough job of condensing windows deployment down to  40 minutes as well (his post and deck is here)..

    I got a bit flat footed here, as the audience were already familiar with Hyper-V, and live migration which is what I had planned to demo, and actually the demos were in the Reading Microsoft Technology Centre and worked flawlessly.  I simply maxed out a SQL Server VM with a simply repetitive query and showed this in perfmon and then live migrated this in System Center Virtual Machine Manager.

    Fortunately the rest of my talk was on public and private cloud as you can see from my deck.  The public cloud message is getting out there, although each vendor has there take on it and I’ll come back to that in several more posts. It’s the private cloud that causes most confusion and if I am honest not all of my colleagues get this, and I certainly didn’t until I had coffee with Zane Adam the general manager for Azure.

    He simply makes the point is that it’s the next step on the road following server virtualisation, and the dynamic data centre.  However it’s not that straightforward to grow your own although there many of the essentials components in the latest versions of the System Center Suite:

    • SCVMM now has a self service portal to allow users to provision VMs and be charged monthly for them.  It also has an understanding of workloads and knows the best location for a new VM.
    • Service Manager can create tickets for errors and issues that arise in System Center Operations Manager as well as user issues.
    • Opalis can create workflow for management tasks.

    However as at today (November 2010) there is no actual private cloud software you can buy, and although the Azure appliance is coming this is only suitable for the biggest business at the moment.  Actually this concept is difficult to achieve anyway because the  IT manager/CIO/CTO is back in the business of trying to buy enough computing power to meet predicted needs. Imagine if a hypothetical System Center Private Cloud product did exist which could provision extra services on demand you would still actually need idle hardware resources to run the extra services and surely no one deliberately has this spare capacity lying idle, unless by a fortunate coincidence another service has been throttled back at the same time.

    That’s not to say that the service model of computing can’t be applied today for example charging business per user per month for access to on premises services or based on data volumes, just that the automatic scalability and elasticity associated with public cloud is difficult to achieve in all but the largest businesses.

  • War on Cost 2010

    I used to talk to a number of universities about business intelligence, balanced scorecards et al. I could see that lights were coming on and that this basic use of information to drive decision making was both new and a good idea.   This might not seem to be odd until you realise that these same universities all had business schools and were usually running MBAs. So they were teaching performance management, scorecards and so on but not actually using the same techniques to improve the performance and efficiency of the university itself!

    IT Pros could learn something from this example – The BI tools & techniques that are in your organisation to improve its performance can be applied to the management of the data centre and network infrastructure.  The problem is how to do that and there are two parts:

    • Collecting the right information, in this case telemetry about usage patterns stored over a period of time and inventories of hardware and software on each machine.  This is further complicated by physical and virtual machines, whether servers or running VM’s offering VDI.
    • Having a set of tools to quickly show not only what’s going on but aggregate information  and show trends.

    System Center does a very good job of capturing all the telemetry and does have an extensive list of reports showing what’s going on.  However there is no in built analytic capability to show trends and patterns.  So if this stuff isn’t there is it important?

    As virtualisation becomes as common as smartphones you need to consistently monitor and tune your data centre to balance the physical capacity you have to meet the demands of the services on it.  It’s all too easy to create vm sprawl and loose the advantage of consolidation you had when you first went virtual.  You need to understand where best to deploy new services and gradually especially if you plan to create a private cloud in your organisation because you can’t, for whatever, reason use public cloud services.  Of course all of this management intelligence can also really help you to manage costs and move to the sort of service charging model that is so attractive with public cloud services.

    I mention all this because Inframon have cracked how to tune System Center to do exactly this sort of thing whether or not you’re on Hyper-V.  They style their approach as War on Cost and have chosen the Cabinet War Rooms in London to present this on 5th November.  They have got a great group of Microsoft speakers together including Jason Buffington form the System Center Product team in Redmond, and I’ll be standing at the back as all this stuff fascinates me as a BI specialist trying to break back into the world of system management.

    To find out more and register please visit the event site here – hopefully I’ll see you there.

  • SCE Sunday part 2 – configuration

    Last week I showed you how to install System Center Essentials 2010 (SCE) and this week I want to move onto configuration. When SCE finishes installing it  will open automatically and then present you with a wizard to help you configure the various options in one simple process. You can ignore this and do each piece in turn but using the wizard shows all of the tasks you should consider, and that’s what I’ve done in this screencast:

     

    The wizard is easy to use but you need to think about how you want to manage your infrastructure:

    • How will you control the machine you want to manage. The default is through domain group policy, in other words you have a active directory setup and you can use this to push out the rules you are going to set in the rest of the wizard.  In my demo I am managing virtual machines which are in a domain, however the physical machine running hyper-V isn’t domain joined so I needed to go back in after the demo and add it in.  This simply meant identifying  the name of the machine and a local admin account on it.
    • Do you want to enable Remote Assistance to allow you to see and if necessary take control of users’ desktop sessions (with their permission).
    • Computer Discovery allows you to specify whether to automatically find new computers to manage and how often you want to do this.
    • Would you like Email Notifications to give you a daily health report so you you know what’s going on before your users start calling you.
    • How should SCE synchronise with Microsoft Update. If you have a proxy server you’ll need to configure this
    • What software do you want to monitor, e.g. Windows Server, SQL Server etc.
    • Do you need centralised error reporting to round up all the errors on all the managed machines to one central location, and possibly share this anonymously with Microsoft.
    • How do you want to to setup Automatic Updates for all the managed machines?  SCE can do this centrally and you have fine grain control of what sort of updates you want to manage for example drivers, service packs, critical updates and so on and decide what update language packs to pull down.
    • You can also decide to enforce updates after a grace period for the manages PCs and set a different policy for your servers

    Having run the wizard, don’t expect SCE to immediately spring in to life, it can take several hours for the configuration to bed in.  This is simply because SCE operates in the background of any network without hogging resources either on the managed computers or the network.   

    Next Sunday I’ll show you what SCE looks like after its finished configuring the client machines and what it has done to the rest of you infrastructure so it can be managed. If you want to try this yourself SCE which is included in TechNet subscriptions here or you can get a time bombed trial version here.

  • Internet Safety for adults

    I did an internet safety presentation to the association for retired police officers on Friday, and it still amazes me  how little my generation know about social media and the internet in general.  There are basically three camps when it comes to awareness of the dangers the internet poses to children..

    image 

    and my mission is to move everyone into the middle, i.e informed but concerned.  The biggest problem I have is with the group on the right as they are minded to completely block all access to the internet for children and this simply doesn’t work for a number of reasons.

    • Banning anything often makes it more attractive, especially for more vulnerable children
    • Locking down the home computer with all sorts of parental guidance software, doesn’t prevent access at a friend’s house or from a smart phone
    • At some point children are going to have to fend for themselves and work out how to spot threats in much the same way they need to learn how to cross the road safely. Most of what I talk about can also be applied to parents as well so their online lives are safe from such things as identity theft.

    Sadly there is no one piece of software, or one technique I can recommend for you or your children to be safe online, so what I talk about is what to be aware of and how to discuss this difficult area with you children.  I can’t claim any credit for any of this, the program is worked out by CEOP and volunteer organisations like the NSPCC, all I do with like minded individuals is to deliver the excellent content they provide. 

    One other area that  I talked about was cyber bullying, and here I must put myself in the blissfully ignorant camp as I thought this was really only a child related problem. However after my session a number of these retired officers told me they were working on cases of internal cyber bullying in the organisations they now work for.  The approach in both cases is the same, as the law doesn’t really make any distinction between how harassment occurs, however with cyber-bullying, you can be traced and the evidence cannot easily be destroyed as it’s in the cloud.  The only challenge is to give the victims the confidence to come forward and the reassurance that their complaints will be treated seriously and sensitively.

    imageSo the other key thing that CEOP provide is an extensive program for children to report abuse sensitively and confidentially wherever they see this sign.

     

    BTW all the CEOP advice is on line and embedded into sites like Facebook

  • SCE Sunday - part 1 installation

    Years ago I spent many a happy Sunday afternoon watching the SKI Sunday on the off chance a hapless brit would avoid the orange crash barriers and post a decent score. In porbably the most tenous link on any blog System Center Essentials or SCE is pronounced SKI by the engineering team that developed it.

    So my SCE sunday will be a slalom through the various things you can do in SCE  and one reason for making a series like this is that SCE takes a long time to setup and so is not easy to demo live.  It really needs about 20 minutes to install not because it’s especially difficult but because of all the things it needs to touch. Thanks to the power of video editing I have got this down to under 5 minutes.  So just like the original SKI Sunday you can watch all the action of the edited highlights..

    Incidentally the screenshot above is my SCE demo environment, which is 4 x virtual machines one for SCE itself, a domain controller and 2 windows 7 clients, as that covers the basics and allows it all to run on my trusty old dual core laptop.

    I am also hoping that just like the real SKI Sunday which inspired a generation to go on the piste, you’ll take a closer look at  SCE which is included in TechNet subscriptions here or you can get a time bombed trial version here.

    Next Sunday I’ll go through configuration using both the wizard and the built in tools.

  • System Centre Configuration Manager 2007 R3– going for green

    I have never heard of an R3 of a Microsoft product before so I wanted to know more about what’s in SCCM 2007 R3 now it’s been released.  First of all the R3 suffix is about Microsoft being clear on the differences between release service packs etc.  A release is about added functionality without changes to the underlying engine while service packs are about rolling up cumulative updates that have been released to fix things which are broken.

    So what new in SCCM 2007 R3?

    1. My top feature would be improved power management and more importantly sophisticated reporting about how much energy you are using so you can see how the impact your policy and infrastructure changes make to your carbon bottom line.  Note: the key here is to baseline your consumption  before you make any changes.  Then you are in a much better position to evaluate the real energy savings of virtualisation in all its forms.

    One thing to note about SCCM is that it makes the best use of the power management capabilities of the OS it is targeting so although it can enforce polices on XP, Windows Server 2003 and so on there won’t be the fine grain of control that there is in Windows 7 / Windows Server 2008 R2.

    2. My other top feature isn’t really a top feature of SCCM at all, it’s the planned integration of Forefront Edge Protection into SCCM for reporting.  This will give you one screen to show that your infrastructure is compliant in the many contexts that this word is used:

    • Security compliant, both in terms of anti malware but up to date patching, firewall settings, and your own policies for example drive encryption like BitLocker and local administrator access.
    • Software compliant] -  you have license for all the software running on each device
    • and Energy compliant as I have just mentioned 

    3. There are architectural improvements to SCCM as well to make it pick up changes to the infrastructure more quickly through better active directory integration and to further improve the scale and topologies of larger SCCM deployments.

    If you have a TechNet subscription you can get it form the downloads section now, and if not there is a time-bombed trial version here.

    I realise that evaluating this is going to be more difficult than trying out IE9 or Office 2010, as you’ll need a subset of your infrastructure in a sandbox to do this, such as the a DC a server and a few representative clients.  However this is a simple enough exercise with server virtualisation like Hyper-v, and if you haven’t created a sandbox like this Simon and I will get some content together next week so you can grow your own so you can use it to test pretty any bit of the System Center line up and you windows 7 deployment options.

  • What Kind of MUG are you?

    Whether your thing is windows management or virtual machines there’s interesting user group activity coming up in the next few weeks..

    The virtual machine user group (VMUG) in Leeds gets together on 16th November from 12-6pm at the Leeds Park Plaza hotel ..

    Map picture

    You’ll find me presenting on SQL Server in a virtual world, and I’ll be on hand afterwards to dodge the rotten tomatoes and to buy everyone a pint. You can register for this here.

    However I won’t be at the Windows Management User Group (WMUG) on 1st November, which is a shame as I am a System Center newbie and I could do with some pointers from my good friend Wally Mead from the System Center Product team. Also presenting is Randy Roffey from Silect giving a presentation of Silects latest offering, ConfigWise as well as spending some time checking out their other ConfigMgr centric product CP Studio. This is in  Microsoft Offices at Cardinal Place, Victoria London from 11:30 til 6pm, click here to register..

    Map picture

    Share and enjoy!

  • The Shape of BI

    I spent a couple of hours this morning with a partner who wants to work with the Microsoft platform to deliver spatial business intelligence.  Unlike some companies who have BI skills they are trying to extend into the spatial world, these guys are spatial experts who want to understand Microsoft’s capabilities.  I mention this because they are concerned that in a few years their would be capabilities in SQL Server which would largely replace some of their offerings.  I am not going to speculate in any detail on vnext of SQL Server, but I think that while there may be more spatial features in the next release, there are a few of things that can’t really be fixed:

    • In each country there are differing spatial standards which you really need to convert to latitude/longitude as this is what GPS, Google and Microsoft understand. As I have mentioned before in the UK this means the eastings and northings in the Ordnance Survey and there is a paid for tool for this form SAFE
    • Some systems like UK postcodes boundaries are proprietary – they have to be paid for.
    • How can you clean this kind of data? compare one spatial reference with another and check for a proximity error?
    • As Simon Munro pointed out at SQLBits and on his blog, how do you put spatial data into meaningful hierarchies. For example postcodes might not be that useful to the RSPB if the data they are analysing is bird populations rather than customer marketing.

    While spatial data is now a first class citizen in SQL Server and Report Builder surfaces this data really well, you’ll still need spatial expertise to get the underlying data into shape (pun intended). That’s where partners come in and I think this is very similar to the early days of BI : Businesses knew they wanted something and the vendors made various capability claims, but it was the partner ecosystem that made it work.  Later on as BI matured more self service offerings appeared and more of the presentation layer work was put into the hands of the user.  However after ten years of BI there’s a very healthy partner ecosystem out there and I see the same thing happening as spatial BI evolves.

    I confess to only being an interested amateur in this field so if you want to know more check out the Bing Maps Development resources and follow blogs from the real Microsoft experts in this field:

    ‘Spatial’ Ed Katibah

    Johannes Kebeck on the Bing Maps team

  • Desktop Security - one size doesn’t fit all

    If you follow this blog you’ll realise that every couple of weeks I mention TechNet ON. This one stop portal changes its focus every couple of weeks and this time the focus is on desktop security.  I am not going to try and rework any of the resources as they are all pretty obvious and well written. What isn’t so clear in my opinion is a simple comparison of the different Microsoft solutions in this space so I got out my paints , scissors and camera and made this 2 minute video..

     

    So please Enjoy and then checkout TechNet ON