I am (very busy)..
I'm still working on my attempt at finding security related content a bit easier. I've found loads of security content - too much if I'm honest. My plan is still to frame it all around Defense in Depth, but now that this has grown into a bigger thing than expected (I'm now re-vamping http://www.microsoft.com/ireland/security - a slightly bigger task than I had planned) I have to get the right content for the right audience. I don't think my Mum will find the "Microsoft Security Assessment Tool (MSAT)" of much use to her - whereas you might (have a look at: https://www.securityguidance.com/). I did find a couple of very good links (in my opinion at least): http://www.microsoft.com/technet/security/learning/default.mspx helps you to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. And http://www.microsoft.com/smallbusiness/support/computer-security.mspx to find out about the 7 steps to get your small business secure (it's good content even if you haven't got a small business).
Anyway, the security stuff is happening (just a bit slower than I would have liked).
Yesterday I was out on site with one of Ireland's major telcos - setting up a demonstration lab to show off Windows Mobile access to Exchange. I had a bit of a hectic day installing ISA Server, Active Directory and both a Front-End and Back-End Exchange Server. I had to configure a stand alone CA to issue certificates to use for the SSL connection to both the ISA Server and the Front-End Exchange Server and got to spend hours diagnosing why it didn't work! Half of my problem was "user error" (I hadn't typed in the correct IP address on a network interface -just happened to be the one the MX record was pointing to) and the other is yet to be solved (OWA over https works fine inside the firewall but gives an error from the Internet - I connect OK, accept the SSL certificate and then get: "Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)"). MSN Search kind of tells me that this is quite a common problem - So I'm researching the solution today & will be back in to implement the fix on Monday.
I was showing off what I'd installed yesterday evening & they were blown away by how easy all this stuff is nowadays: Configuring ISA Server for Internet Access, Publishing an Exchange Server and enabling OWA and Windows Mobile is as easy as running through a couple of wizards. Getting a Domain Controller, a SharePoint Portal Server and two Exchange Servers (Front-End & Back-End) installed all within a couple of hours using Virtual Server was amazing. I'd bought a long the Virtual Hard Disk (vhd) file of a Sysprep'ed Windows Server 2003 with SP1 and all the updates already applied - all I had to do was copy this file for each server I was creating, boot the virtual machine, give it a machine name & I had the server up and running (5 minutes per server). Then it was just a simple(ish) dcpromo and an two Exchange installs and I was done. Virtual Server really is something else - I don't know how we survived before it.
If you've not experienced the latest version of Virtual Server, go to: http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx and download the evaluation kit. For production you need Windows Server 2003 (x64 if you've got one - you'll get twice as many guest machines per server), but for test it runs on Windows XP. One day I intend to setup Virtual Server on a cluster (I have the servers & disk enclosure already to go - hand-me-downs from Microsoft's datacentre in Dublin) - I just need the time..
That's it for now (work to do)..
Dave
I'm very aware that finding stuff on Microsoft.com isn't as easy as it should be (some of our competitors search engines are better at finding content on our website than we are) - this can't be right. It will get sorted, it has to get fixed. Microsoft is putting a lot of time & effort into getting our search products to be world class. Have another look at http://search.msn.com and compare the results with your current favourite search engine - we're getting better. Then have a look at our Desktop Search tool http://www.microsoft.com/windows/desktopsearch/default.mspx (for enterprises) and http://toolbar.msn.ie/ (for consumers). I use Desktop Search and it's brilliant - it must save me loads of time during my day to day work. If your company uses SharePoint Portal Server then you already know how good our search technology can be.
Anyway, back to what I can do - I'm in the process of putting together a "sign post" (for want of a better description) to the best of our Security advice & guidance, tips & tricks, tools & downloads. My intention is to use our "Defence in Depth" model (picture below) as the front end. Each layer will have links to useful info for our different audiences (Consumer, Small Business & IT Professionals). e.g. The "Host" layer would have links to tools to help with updating Windows (Microsoft Update for Consumers, WSUS for Small Business & SMS for IT Pros) as well as the best practice procedures and guidance. I'm kind of doing this as a background task, but a few people inside Microsoft Ireland have gotten wind of what I'm doing, so now it has to be finished asap. I "should" have it done in a week or so, so watch this space...
Oh, if this already exists please tell me - don't want to re-invent the wheel.
Dave.
So today was the fifth and final day of TechReady – my annual “chip in the back of the head”. I think I may be getting too old for all this – early starts, late finishes, too much beer, not enough sleep – I still enjoy the learning though (you’re never too old to learn)…
Today’s keynote presentation wasn’t (a presentation); it was an open Q&A session with both Kevin Johnson and Jeff Raikes. Kevin is the Co-President of our Platform division and Jeff is the President of our Business division (so between them they know pretty much everything that’s going on inside Microsoft). They got to answer some pretty good questions, but to be honest they didn’t tell us anything that we didn’t already know: Google is a big competitor, Search is a big thing, Windows Vista is great, Office 12 will be fantastic, etc…
I did learn quite a bit about System Centre Data Protection Manager 2006 (DPM) http://www.microsoft.com/windowsserversystem/dpm/default.mspx which as you know is our “backup to disk” solution. I got to talk to some of the product group guys and had a chance to “play” with the product. It’s extremely easy to setup and use, and the end user experience is exactly the same as if the Volume Shadow Copies were taken locally. DPM keeps a centralised replica of the file data on the managed servers and it keeps this replica in sync by just passing over the network the bytes of data that have changed on the managed servers. The replica is not always in sync, we take snapshots at regular intervals (one hour is the default), so the worst case scenario is that you could loose one hour of work (which is a lot better than what you have now).
I also got to learn a lot more about Windows Vista – today I got to find out what we are doing to make it more Reliable. More info on Vista can be found here: http://www.microsoft.com/windowsvista on our new look site.
I got to see some more great demonstrations of Exchange 12 and both Outlook 12 and the new Outlook Web Access (which I was convinced was actually Outlook until someone pointed it out to me) – it’s going to be extremely good…
That’s it from me for now – I’m out for my last evening in Seattle and have an early start tomorrow (at half past five) for my long trip home - I won’t get back to my house until mid-morning Sunday.
No keynote presentations today. Jetlag kicking in lots – not much sleep last night. Missed the first session.
My first session was about the next big release of Systems Management Server – (version 4), which is a way off yet. It builds on SMS 2003 and focuses in on four main themes: Operating System Deployment, Security, Simplicity and Desired Configuration.
I learned about the next big release of Microsoft Operations Manager (version 3), which is due out in the second half of this year. I thought the current version (2005) was great; the next version will be fantastic. Some of the really cool features are: Client Monitoring (get to see how everything is performing) and Security Event Collection (get to see who’s doing what on your systems). It takes the management of the Microsoft Applications and Platform to be world class (no one can manage Microsoft stuff better than Microsoft). It will provide service oriented monitoring of packaged and custom applications (which will help to improve service levels and reduce the TCO of all applications that support the business). We’re also making it very easy to develop your own management packs for your in-house developed apps.
The only other good session I went to today was an overview of our High Performance Computing (HPC) solution: Windows Compute Cluster Server 2003 – which is due out before this summer. More info here: http://www.microsoft.com/windowsserver2003/ccs/default.mspx A very interesting fact was that 10 GFlops back in 1991 would have set you back $40 million (Cray super computer). 10 GFlops in 1998 was $1 million (24-way Sun box). 10 GFlops on Windows can be had for around $4 thousand (on 4 single processor PCs). There’s probably not much call for HPC in Ireland (where I live), so I probably will never get to “play” with it, but if I’m wrong & you have an interest and you’re from Ireland, please contact me.
That’s it for today – more tomorrow
Today the keynote presentations were from Bill Gates & Brian Valentine.
Bill’s presentation was “Innovating through the digital decade”. He spoke about Microsoft’s big dreams and investments over the years: The Windows PC, The Web and .NET Web Services. And he spoke about the big investments we are making now, which is all about software and services. We got to see demonstrations of Office 12 (the next release of Office, due out this summer), Exchange 12 (the next version of Exchange, due out towards the end of this year) and Windows Live (which you can experience for yourselves at: http://www.live.com) – it’s one place on the internet where you can go and look at everything you want, a focal point if you like. Bill also spoke about Microsoft Assets both in the terms of the products we make and in terms of the technologies that we have and that we research – things like Translation, Speech, Ink, DRM, and the likes. Some technologies we have had for years but the products are only just coming into play – IPTV for instance (we’ve had that for nearly ten years, but it’s only now that broadband internet is more widely available, that television over the internet is becoming a reality. Bills presentations are always pretty interesting – it’s good to hear “the bosses” views on things.
Brian’s presentation was about Windows Vista (the next version of our client operating system, due to release to manufacturing (RTM) this summer – it will be widely available sometime before next Christmas. Brian only had a couple of slides, which meant that his session was nearly all demonstrations.
I also attended a session that covered off the next point release of Systems Management Server 2003 R2 – which basically is SMS 2003 with service pack two applied and with two neat additions: a scan tool for vulnerability assessment and an inventory tool for custom updates. The scan tool for vulnerability assessment uses the Microsoft Baseline Security Analyser (MBSA) 2.0 engine to perform vulnerability assessments on your machines and then lets you report on all the misconfigurations that you might have. The inventory tool for custom updates will let customers deploy updates to any software, not just Microsoft (things like Adobe for example – or any in-house written application).
There was a good session on System Centre Reporting Manager 2006 – which has been in beta for a long while now. It should be released before the summer. SCRM takes operational data from SMS and MOM and joins it with business context data from Active Directory. It’s going to helps IT and Business Managers to make better decisions, to improve their service quality and to better manage their IT resources.
I also attended a great session on Windows Mobile. We’ve gone from having pretty much zero percent of the market (when the big battle was Palm vs. Pocket PC) to a place where Palm are shipping devices running Windows Mobile and we have the biggest share of the handheld market. There are some great devices out now that are either telephones first (with all the other PDA software as secondary – mail, calendar, contacts, etc) or a PDA that has the telephone functionality built in. We got to see loads of demos of the new devices and got to see how we can now compete with RIM – our solution is better and cheaper than Blackberry.
That’s it for Wednesday – more tomorrow..
Today was the first "technical day". The keynote was from Bob Muglia, who's our VP for Server & Tools. He spoke about our commitments to our customers – which are: Fully Integrated Servers, The Right Server for the Right Job, Self Managing Dynamic Systems, End-to-End Connected Systems, Comprehensive Database and Analysis Tools, Universal Distributed Storage, Secure Anywhere Access, Rapid Application Development Tools, Direct Customer Connection, Cut the Cost on the Desktop and New World of Work Infrastructure. The point being that we (Microsoft) are “doing stuff” to make each of these a reality. e.g. The Right Server for the Right Job (role based servers) – we have done a lot (and will do more) around the branch office (with Windows Server 2003 R2 and Longhorn Server), around the Web Platform (with IIS 6.0 and 7.0 in Longhorn), Virtualisation with Virtual Server, etc (you get it). For each of our commitments we have evidence of what we have done so far and a roadmap of what’s coming to make it even better. In Longhorn Server for example, the Right Server for the Right Job, would include the Server Core (Windows Server without the GUI and all the other stuff not needed to run Windows), the ability to install just the bits required to run a particular role (File Server, Print Server, etc). Secure Anywhere Access, would include our Federated Identity stuff, Network Access Protection (the ability to only allow “approved” PCs onto the network) and the great stuff that we’re doing with Terminal Services (application publishing & seamless windows).
Other sessions I attended included a great session on Longhorn Server, and a fantastic demo of Voice Recognition in Windows Vista. The Voice Recognition bits are in the December Customer Technology Preview (CTP) of Vista, so if anyone is running that, have a play - it's VERY impressive.
That's all I’ve got time for today, so that’s it – more tomorrow…
As promised, I'm blogging from my annual "chip in the back of the head". I'm over in Seattle attending a Microsoft, internal only, technical readiness conference (TechReady).
Today, the first day of the event, didn't have much / any technical content - it was a "role day", where Microsoft people in the same role gather together and discuss what it is we do and what we should be doing better. We did have a couple of great keynote presentations from Steve Ballmer and Kevin Turner (Steve Ballmer called them: "the least technical thing you're going to do all week").
Steve spent his time framing the event by sharing his "confidence, passion and enthusiasm" and reminding us that we do well because we innovate in the right areas (which are pretty much everything): The Core Platform and User Experience, Business & E-commerce, Information Access & Organisation, Entertainment, Analysis, IT & Dev Platform / Tools, Communication Collaboration & Expression. He covered what we have done over the last five years and shared with us the direction for the next five. He called out where our competition is and closed by calling out the fantastic new products that we will be releasing over the next 12 to 18 months.
Kevin Turner, our new chief operating officer, told us why he joined Microsoft: He loves our mission statement (which is "enabling people and businesses throughout the world to realize their full potential") and the fact that we all work for a company where we're all part of something that is bigger that ourselves. Our values (integrity and honesty, open and respectful, big challenges, passion, accountable, and self-critical) offered him something to aspire to and something that he would enjoy working towards. He then reminded us what the company stands for and what we (the technical people within Microsoft) should be focusing on.
We did get a chance for a Q&A session with both Steve and Kevin, but because this is an internal event, I won't tell you any of the detail (suffice to say that they were asked some very difficult questions and gave some very open and honest responses).
Something I will share (because I'm sure we all know it), is the fact that Microsoft are putting a lot of effort into making our search technologies world class. So on that note, here's my tip for today: Go to http://www.microsoft.com/windows/desktopsearch/default.mspx and download our free desktop search tool and give it a try. It's not just for home use, it's enterprise ready and comes with Group Policy templates for centralised management.
That's all for today,
OK, I've been back from my holidays for three days now. I've nearly caught up with everything that I missed while I was away and somehow squeezed in a day and a half out of the office talking to customers.
Something I often find when talking to non-Microsoft people is the lack of awareness of new Microsoft product releases (there's been a few in the last few weeks alone). I hadn't intended this becoming a marketing bulletin for new stuff, but figured it was worth calling out a few (just in case you also are not aware of them):
We completed System Center Capacity Planner 2006 (SSCP) just before Christmas - it will be in your Technet Plus subscriptions this month. The last beta can be found here: http://www.microsoft.com/windowsserversystem/systemcenter/evaluation/capacity/default.mspx SSCP is all about helping you size and plan your Exchange and MOM deployments. Future releases will help with other products (SQL & the likes).
System Center Data Protection Manager 2006 (DPM) (http://www.microsoft.com/windowsserversystem/systemcenter/evaluation/capacity/default.mspx) has been available for about a month now. It's all about backup to, and recovery from disk - reducing the backup & retsore windows (initially just for File data, but extending to Exchange and SQL in future releases).
Windows Server 2003 R2 is a re-release of Windows Server 2003 roughly two years after we initially shipped. It's basically Windows Server 2003 with SP1 applied, it includes everything that has shipped for Windows Server 2003 since it shipped (things like: 64-bit support, version 2.0 of the .Net Framework, Windows SharePoint Services, Automatic Deployment Services, etc) and a couple of great solutions to big business problems: Do I put a server in a branch/remote office or not? How do I enable resource sharing between separate directories without duplicating users? and how do I manage file servers more effectively? More info here: http://www.microsoft.com/windowsserver2003/default.mspx
Virtual Server 2005 R2 was launched at IT Forum in November and is a major update to our award winning (and very cost effective) virtualisation technology. It includes things like 64-bit support and clustering. More info here: http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
I'm off to Seattle on Saturday for my annuall "dipping" in Microsoft technologies - more on this next week.
I still want to close with a tip (seeing as my last one was so successful that it's now been included on the advanced search page on microsoft.com).
I'm often asked things like "wouldn't it be great if Microsoft added this feature to this product?" or "This feature is so complicated to use, why don't Microsoft make it easier by changing it?" Well I'm probably the wrong person to ask, but there is a process for getting your "wishes" answered. Just send a mail to mailto:mswish@microsoft.com and your wishes will be listened to. The MS Wish Program is your route into the product groups for feature changes. Do note however, that most (about 90%) of requests are for features that already exist in the products...
That's it for today. I'll post again from Seattle next week.