Redmond Magazine did a good interview with Stephen Toulouse, the guy who runs the Microsoft Security Response Center (MSRC). As most of you know the MSRC is the central point of control and coordination that Microsoft uses for identifying, managing, and responding to security issues across the entire spectrum of products. In the interview Steve describes the history of the MSRC, how their response has improved through some of the major security events of the last 5 years, and some of the factors around their toughest decisions such as whether or not to release an emergency patch out of band. Among other things, you will learn that Steve knows exactly how long it takes to get from his house to the Microsoft campus at 3am...
Other related resources include:
http://www.microsoft.com/security/msrc/default.mspx
http://www.microsoft.com/technet/security/default.mspx
Finally, this month's security bulletins are especially critical:
http://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx
InfoWorld has a very positive review of Exchange 2007 on their website.
http://www.infoworld.com/reports/32SRexchange.html
InfoWorld: "Multiple precooked configs, a vastly improved Web client, a power command line, and bundled anti-malware add up to a whale of an upgrade"
I picked up two books this weekend on storage area networks (SAN) and SAN virtualization. The first is Resilient Storage Networks by Greg Schulz and the second is Storage Virtualization by Tom Clark. Since there are relatively few books out there on storage, both authors spend time up front with very basic info about SCSI, Fibre Channel, FICON, etc. Resilient Storage Networks is a good overview of SAN technology and design. The best chapters are toward the end where it talks about large distributed storage network design and heterogeneous SANs with Windows, Unix, and Mainframe. Storage Virtualization, which I just started, looks pretty good as well. The author (who's written several good books on storage), goes into detail about virtualization possibilities at all levels of the storage stack from disk to array to fabric, etc. Storage virtualization is another foundational component required for dynamic systems and infrastructure optimization. Decoupling logical from physical, whether it be data from drives or operating systems from servers is the key. With these foundations in place, the appropriate management tools and processes can then be developed for optimization, ie. data located where its needed, or server cycles allocated to needed workloads. This is a topic I'll be writing about pretty frequently.
Microsoft and a bunch of other major tech vendors announced publication of a draft specification for an XML language for system management. The spec is called the Service Modeling Language (SML) which is derived from a lot of the work Microsoft has been doing on the System Definition Model. The intent is that with a commmon language, vendors can define models for each of their products and systems which can then be composed into larger systems and managed by compliant management systems. Modeling is a big theme being added to a lot of Microsoft products as you can see in Visual Studio.