Keith Combs' Blahg

Ramblings from another nerd on the grid

September, 2009

  • TechNet Plus Direct 25% Discount Code – Use TMSAM07

    banner

    Now is a really good time to purchase the TechNet Plus Direct subscription.  Think about it for a second, Windows 7 is already on the download area.  So is Windows Server 2008 R2.  Exchange 20101, Office 2010 and many others are on the way.  So what better way to get access to all of the technologies and build a strong project plan?  There isn’t one.

    Oh wait, it gets better.  Use my US TMSAM07 promotion code for a 25% discount off the new subscription price.  The prices in the pic below are the full USD advertised price so expect to see the 25% knocked off the new subscription price in the order cart.

    image

    Ready to order?  Head on over to http://technet.microsoft.com/subscriptions/bb892754.aspx.  Be sure to put in TMSAM07 are the promotion code and watch the price drop to $261.75 USD. Enjoy !!!

  • Windows 7 Dual Boot Revisited with Bitlocker

    windows7_bloglogo A few months ago I started investigating the latest techniques for building a dual boot system.  I was interested in Windows 7 and Windows Server 2008 R2.  There is a wrinkle.  I wanted to boot one of them using “boot from vhd” AND use Bitlocker.

    The Corporate Mandate

    Bitlocker is a required security component for Microsoft assets.  Because all of our products are moving to 64 bit versions and Hyper-V is the only Microsoft virtualization technology currently capable of executing 64 bit virtual machines, the software mix was decided for me.

    The problem is that you cannot “boot from VHD” an operating system that is on an encrypted drive or partition. Ah ha!  That’s the key.  You can either partition your drive, or use a second drive to store the .VHD file that contains the second OS you want to make available for boot.  I chose the later.

    I have a laptop that allows me to have two hard drives in it.  I simply pull the CD/DVD drive out and pop in a hard drive adaptor and second hard drive.  This is the standard configuration for Microsoft presenters because we typically load the OS and apps on drive C:, and store data (virtual machines) on drive D:.

    Demo Heaven

    So in this dual boot configuration, I built a demo environment for the upcoming Windows 7, Windows Server 2008 R2 and Exchange 2010 launch events.  Windows 7 is installed on drive C: (100GB drive).  Windows Server 2008 R2 is installed into a .VHD file on Drive D: (320GB).  After I confirmed that dual boot config was working, I kicked off Bitlocker in Windows 7 and encrypted the entire contents of drive C:.  Again, I verified dual boot was working.  At this point R2 does not have access to the contents of drive C:.  We can fix that.

    During the Bitlocker initiation and encryption process, you’ll be prompted for the storage of a recovery password/key.  One of the options is to store the information on a USB memory stick.  That is the option I used.  In order to access the encrypted information from R2, you’ll first need to install the Bitlocker feature in Server Manager.  After that, you can access the drive contents using the USB stick and recovery key. 

    Here’s the summary of the steps to accomplish the above:

    1. Install Win7 first.  I used the demo platform from http://wdt.  This is the Microsoft Windows Demo Toolkit (WDT) available to employees and partners.
    2. Install R2 into the .vhd on a second drive (multibay) or partition using the WIM2VHD script.  See http://blogs.technet.com/keithcombs/archive/2009/06/17/automating-boot-from-vhd-os-installation.aspx for some information on that.  The script when done dismounts the VHD.
    3. Attach the VHD and assign it a driver letter.  This can be done using the GUI Disk Manager or via the command line with diskpart.
    4. From an elevated cmd console, enter Bcdboot <driveletter>:\windows for the location of the R2 mounted image.  Bcdboot is part of the AIK installed in the WDT image.
    5. Test dual boot
    6. Turn on Bitlocker and encrypt C:.  Make sure to have a USB stick handy for storage of the recovery key.
    7. Test dual boot after encryption is complete.
    8. Boot up R2 and install the Bitlocker feature.
    9. Access the files on the encrypted drive from R2 using the USB stick and the recovery password.
    10. If you are planning on running the Hyper-V role, most likely you’ll need to fix the BCD store.  Use the “bcdedit /set hypervisorlaunchtype auto” command from an elevated instance of cmd.

    This design will work very well for my demo environment or my production work environment.  I can fully encrypt the contents of my documents on drive c: and not worry about the contents of the machine is stolen.  That happens.

    image Backup and Restore

    The last thing you want to have happen to you when you have a room full of 300-1000 people, is to have a hard drive crash on you and be forced to send everyone home.  To prevent that from happening, I routinely clone my drives with a backup/recovery tool.  Since we are using Bitlocker, you need to use a Bitlocker aware utility.

    Windows 7 Ultimate includes full “System Image” backup and recovery.  When the backup is created, the resulting data is not encrypted.  Therefore, the restore will not be encrypted.

    The BCD store remains intact after the restore so the only real difference is the status of Bitlocker.  That is of course easily solved if desired.  The backup feature I used is easily accessed under Control Panel and if you squint really hard, you can see the “Create a system image” task in the top left corner of the screenshot.  This process was called Complete PC Backup and Recovery in the Windows Vista era.

    So there you have it.  A dual boot machine that will run Windows 7 or R2 and Hyper-V.  This is a great design for your production environment or setting up a demo environment.  Enjoy.

  • Microsoft Deployment Toolkit (MDT) 2010 RTM – now available for download

    windows7rc_bloglogo

    Deploy Windows 7 and Windows Server 2008 R2 with the newly released Microsoft Deployment Toolkit 2010. MDT is the recommended process and toolset for automating desktop and server deployment. MDT provides you with the following benefits:

    • Unified tools and processes required for desktop and server deployment in a common deployment console and collection of guidance.
    • Reduced deployment time and standardized desktop and server images, along with improved security and ongoing configuration management.
    • Fully automated Zero Touch Installation deployments by leveraging System Center Configuration Manager 2007 Service Pack 2 Release Candidate and Windows deployment tools. For those without a System Center Configuration Manager 2007 infrastructure, MDT leverages Windows deployment tools for Lite Touch Installation deployments.
    What’s New in MDT 2010
    Improvements to the newest version of MDT allow you to:
    • Access deployment shares from anywhere on the network and replicate files and settings across organizational boundaries or sites.
    • Organize and manage drivers, operating systems, applications, packages, and task sequences with an improved UI.
    • Automate UI functionality using the Windows PowerShell command line interface.

    ws2008 r2 blog logo Choosing the Right Version
    Microsoft Deployment Toolkit 2010 is offered in two versions to support Solution Accelerator component installation on x64 or x86 hosts. Select the version that corresponds with your host hardware type. Both versions of MDT 2010 support deployment of x86 and x64 Windows operating systems.

    The What’s New in MDT 2010 guide and Release Notes are available as separate downloads on this page for those who want to quickly evaluate MDT 2010. The full package of guidance is available in .chm format as part of the toolkit. For those who want it in Word format, a separate download is available in the Files in this Download list.

    Get it @ http://www.microsoft.com/downloads/details.aspx?familyid=3bd8561f-77ac-4400-a0c1-fe871c461a89

    More Information

    Michael Niehaus did a great series of blog posts on most of the new features of MDT 2010.  You can review those posts here: http://blogs.technet.com/mniehaus/search.aspx?q=MDT+2010+New+Feature&p=1.  Not to mention he’s the man when it comes to MDT.

  • SCVMM 2008 R2 – now available for download to TechNet subscribers

    scvmm_r2_logo

    It took a while, but the System Center Virtual Machine Manager 2008 R2 released bits are now on the TechNet Direct Plus subscriber download area.  Looks like it’s right at 3.4GB so expect it to take at least twenty minutes to download.  Grin.  This is the 64 bit download and here are the highlights for this product release:

    System Center Virtual Machine Manager (VMM) 2008 R2 RTM is now available. VMM 2008 R2 RTM is the latest upgrade to VMM 2008, Microsoft’s comprehensive management solution for the virtualized datacenter which enables consolidation of physical servers, rapid provisioning of new virtual machines and unified management of physical and virtual infrastructure through one console. VMM 2008 R2 now manages many of the great new features of Windows Server 2008 R2 RC Hyper-V including:

    • Live Migration -- for moving virtual machines between hosts with no downtime

    • Additional enhanced migration support for SAN migration in and out of clusters

    • Multiple virtual machines per LUN using Clustered Share Volumes

    • Hot add of virtual machine storage

    Additional features:
    • Functionality to migrate storage for running VMs

    • iSCSI target and SAN-based migration across clusters

    • Template-based rapid provisioning

    • Maintenance mode to automate the evacuation of VMs off host machines,

    • Live Migration host compatibility checks

    Downloading VMM 2008 R2 Evaluation:

    The VMM 2008 R2 RTM evaluation download is located in the Download Center site.

  • Students get a great deal on Windows 7 - $29 until 1/3/2010

    image

    Click the pic to take you to the buying site with the full details on the promotion.

  • Springboard Series - Windows® 7 Application Compatibility Part 2: Virtualization

    windows7rc_bloglogo Hear from a panel of experts how virtualization tools can help you with application compatibility concerns whether you're migrating from Windows Vista® or Windows® XP. Join us to discuss how presentation virtualization, desktop virtualization and application virtualization can reduce testing times, expedite deployment and ultimately help you streamline PC management. We'll cover the latest desktop virtualization technologies from Microsoft, including Microsoft Application Virtualization (App-V), Microsoft Enterprise Desktop Virtualization (MED-V), and Windows XP Mode for Windows 7. Plus we share tips and tricks and demonstrate free tools to analyze and fix applications while answering your questions live during the event.

    Find answers to your Windows client OS deployment and management questions with resources, tools, monthly feature articles, and guidance from subject matter experts and early adopters. To learn more, visit www.microsoft.com/springboard.

    As part of the “virtual” experience, you may submit your questions about Windows 7 Beta to the panel live during the event—or submit questions in advance to vrtable@microsoft.com.

    Windows® 7 Application Compatibility Part 2: Virtualization

    ADD TO CALENDAR
    Date: Thursday, September 24th
    Time: 9:00am Pacific Time

    Join live on Thursday, September 24th, 2009, 9:00am Pacific Time. Missed Part 1? Watch the replay.
    For IT Pro tips, tricks and resources for Windows 7, visit the Springboard Series

  • Intel VT compatible CPUs for Windows Virtual PC and Hyper-V

    Logo - IntelIncreasing manageability, security, and flexibility in IT environments, virtualization technologies like hardware-assisted Intel® Virtualization Technology (Intel® VT) combined with software-based virtualization solutions provide maximum system utilization by consolidating multiple environments into a single server or PC. By abstracting the software away from the underlying hardware, a world of new usage models opens up that reduce costs, increase management efficiency, strengthen security, while making your computing infrastructure more resilient in the event of a disaster.

    See http://ark.intel.com/VTList.aspx for the list of Intel VT compatible processors.

  • I wonder how much Sony wants for this – VAIO X Series

  • Wow, this is a Dell?

    ZNow available for purchase at http://www.dell.com/us/en/business/notebooks/laptop-latitude-z/pd.aspx?refid=laptop-latitude-z&s=bsd&cs=04&~ck=mn.  Doesn’t run Hyper-V or have a Quad core, but this is a swanky machine.  This is not your Dad’s Dell, dude.

    [Note]  After I posted this, I did some checking.  Apparently the SU9400 and SU9600 processor you can order with this machine is Intel-VT capable.  So, it could very well run Windows Server 2008 R2 and Hyper-V.  Tell you what Dell, send me one for testing.  Just don't expect to get it back.  :-)

  • Windows 7 Enterprise 90-day Trial - now available

    windows7rc_bloglogo Welcome to the Windows 7 Enterprise 90-day Trial. It is designed specifically for IT Professionals, so that you can test your software and hardware on a final version of the product. In addition, it provides the opportunity for you to become more familiar with the key improvements over previous versions of the Windows operating system, and experience firsthand how Windows 7 can make your PC environment more productive, secure, and manageable.

    Guidelines on usage:

    • Protect your PC and data. Be sure to back up your data and please don’t test Windows 7 on your primary home or business PC.
    • You have 10 days to activate the product. If not activated within 10 days, the system will shut down once every hour until activated. Unsure on how to activate? Visit our FAQ.
    • The 90-day Trial is the full working version of the Windows 7 Enterprise, the version most of you will be working with in your corporate environment. It will not require a product key (it is embedded with the download).
    • The 90-day Trial will shut down once every hour when you have reached the end of the 90-day evaluation period.
    • The 90-day Trial is offered for a limited time and in limited quantity. The download will be available through March 31, 2010, while supplies last.
    • After the 90-day Trial expires, if you wish to continue to use Windows 7 Enterprise, please note that you will be required to purchase and perform a clean installation of Windows 7, including drivers and applications. Please keep this in mind; Windows 7 Enterprise is not available through retail channels.
    • Technical details/updates/questions: Please review our FAQ or visit the Windows 7 support forum.
    • Stay informed. You can keep up with general technical information and news by following the Springboard Series blog. Want technical guidance, tips, and tools? Visit the Springboard Series on TechNet.
    • Keep your PC updated: Be sure to turn on automatic updates in Windows Update in case we publish updates for the 90-day Trial.
    • Microsoft Partners-: Learn more about Windows 7 on the Microsoft Partner Portal.

    NOTE – pay particular attention to the bullet that explains what happens after the 90 days is up.  This trial cannot be upgraded to production with another key.  In other words, a complete re-install will be necessary.

    Get the trial at http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx.

  • Build a Windows 7 HDTV DVR Yourself

    FINALLY!!!  We made some seriously cool announcements tonight at CEDIA.  Here’s an excerpt from the press release:

    Today at CEDIA EXPO 2009, Microsoft Corp. discussed key Windows Media Center features for Windows 7 and announced a series of initiatives that enhance the digital cable experience in Windows Media Center. With the addition of native support for additional international broadcast TV standards, including QAM and ATSC, there will now be support for switched digital video (SDV), a new tool that will make it possible for end customers to add a digital cable tuner with CableCARD to their PC, and for existing digital cable tuner with CableCARD customers to enjoy more portability for digital cable TV that is marked as “copy freely” (CF). In addition, Microsoft and the Media Center Integrator Alliance (MCIA) announced the winner of the 2009 Windows Media Center Ultimate Install Contest, showcasing the many ways Windows Media Center can be used in a whole-home solution.

    See the full release @ http://www.microsoft.com/Presspass/press/2009/sep09/09-09MSWinMCCEDIAPR.mspx.

    It used to be you had to buy a very specific configuration from the OEMs to be able to record premium high definition programming across a CableCard OCUR configuration.  Now you can build it yourself!!!  This is really good news for enthusiasts that want to take advantage of Windows 7 and the Media Center functions.

    Look very closely at the press release.  There are a number of jewels in it.  Man, my Christmas list keeps getting longer and longer.

  • Back to the Future IV – DeLorean morphs into Steenstra Styletto

    If the DeLorean went to the future and really came back, this machine would be a good contender for the upgraded model.

    steenstra_styletto

    See http://www.autoblog.com/2009/09/14/introducing-the-next-eco-supercar-the-steenstra-styletto/ for the full article and gallery.

  • Official Windows Mobile 6.5 Details Emerge

    One Phone for Work and Play

    mobile65start_lgWindows phones are ideal devices for work and play, giving consumers the confidence to get things done with mobile versions of the software they recognize and expect from their PCs. The redesigned Internet Explorer Mobile browser includes a new engine and built-in Adobe Flash Lite support for better rendering and completion of tasks, so it’s easy to do more from a phone, such as check in for a flight, get directions or pay bills while on the go. Microsoft Office Outlook Mobile delivers a familiar, consistent e-mail experience across the PC, phone and browser, while Microsoft Office Mobile allows customers to open and edit Word, Excel and PowerPoint documents right from their phone. With Windows Live on their phones, users can keep track of friends in one place, no matter which social networking sites they belong to — Facebook, Twitter or MySpace Windows Live.

    Powerful Mobile Services

    Windows phones will debut with two new powerful mobile services so that the information, contacts and applications customers want are always at their fingertips. A wide variety of approved and certified applications will be available for direct download to Windows phones from Windows Marketplace for Mobile, and an easy return policy lets customers buy with confidence. The free My Phone service allows customers to automatically back up and sync photos, music, contacts and text messages from their phone to the Web, making it easy to access and manage them from their phone or PC or restore the information in the event of a lost phone.

    A Customized Experience, From Keyboards to Widgets

    Windows phones give consumers the choice of a broad selection of form factors from sleek, touch-screen devices to full QWERTY keyboards to make it easy to find a phone that fits their needs. Windows Mobile 6.5 provides easy access to third-party applications such as Facebook, Netflix and Zagat, and an improved, touch-friendly user interface that allows customers to tailor their phone to suit their individual style. With the new version, users can change the look and feel of their phones with designer themes or a personal background and customize their home screen with widgets so the information they need is always easy to find.

    Industry Players Rally Behind Windows Phones

    Partners from around the globe are committed to updating or expanding their portfolios to include phones with Windows Mobile 6.5.

    • In North America: Mobile operators AT&T, Bell Mobility, Sprint, TELUS and Verizon Wireless, and phone manufacturers HP, HTC Corp., LG Electronics, Samsung and Toshiba Corp.
    • In Europe: Mobile operators Orange, Deutsche Telekom AG and Vodafone Group Plc, and phone manufacturers Acer, HTC, LG Electronics, Samsung, Sony Ericsson and Toshiba
    • In Latin America: Mobile operator TIM Brazil, and phone manufacturers HTC, LG Electronics and Samsung
    • In Asia Pacific: Mobile operators NTT DOCOMO Inc., SOFTBANK Mobile Corp., SK Telecom, Telstra and WILLCOM Inc., and phone manufacturers Acer Inc., HTC, LG Electronics, Samsung, Sony Ericsson and Toshiba

    See the press release @ http://www.microsoft.com/presspass/press/2009/sep09/09-01windowsphoneavailablepr.mspx.

    See more product images @ http://www.microsoft.com/presspass/newsroom/mobile/images.mspx.

    See the Windows Mobile site @ http://www.microsoft.com/windowsmobile/en-us/default.mspx.

  • Security Essentials – free and now available for download

    mse Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

    Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple. It runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want, without interruptions or long computer wait times.

    *Your PC must run genuine Windows to install Microsoft Security Essentials. Learn more about genuine.

    Get the download at http://www.microsoft.com/security_essentials/.

  • Infrastructure Planning and Design Guides for Virtualization – now available

    Get Started with the IPD Guides for Virtualization

    Streamline and clarify your virtualization infrastructure design processes with concise planning guidance from IPD Guides for Virtualization.  Each guide addresses a unique virtualization infrastructure technology or scenario, provides critical architectural decisions to be addressed, available options, as well as a means to validate design decisions to ensure that solutions meet requirements of both business and IT stakeholders.

    Download the IPD Guides for Virtualization

    Multi-product planning and design guidance for Microsoft virtualization technologies are available in the following IPD Guides for Virtualization:

    *updated for Windows Server 2008 R2

    See the rest of the information at http://technet.microsoft.com/en-us/solutionaccelerators/ee395429.aspx.

  • How about a new PMP for Christmas?

    Every year a new crop of Portable Media Players (PMP) comes out and tempts you to spend your hard earned cash on one.  This year is no different and most of the major makers have tipped their hand and have their product in the channel, or will very soon.

    archos5_2009Archos

    The Archos 5 Internet Tablet for 2009 has been revealed.  Anyone serious about video is probably already familiar with Archos.  Their players rock.  I bought the Archos 605 WIFI in September of 2007 and would like to get the new one pictured at right.

    The one problem with the new Internet Tablet is that it’s pricey.  Checkout the prices at bhphoto.com.  By comparison, the Archos 32GB flash memory unit is $370 compared to $290 for the new Zune HD.  Now keep in mind there are some pretty big differences in the two, but money is money.  So what are you getting for the extra bucks?  For starters, the Archos player has a 4.8” screen compared to the Zune’s 3.5”.  That doesn’t sound like a big difference, but it is if your primary desire is to watch movies and other video.  On the other hand, the Zune HD screen is beautiful and I haven’t seen the new Archos screen yet.

    This years the Archos 5 sports the Android operating system.  On top of that they’ve layered all sorts of applications and functions like GPS (add-on), Twitter client, email, games, etc.  As with past players, photos, music and video playback are still core to the Archos legacy.  Archos players support more formats than just about any other player I can think of.  See the complete specs at http://www.archos.com/products/imt/archos_5it/specs.html?country=us&lang=en.

    So you can purchase a lean flash based Archos player or the fatty with a hard drive.  One of the cool features of the flash player is the Micro SD slot so you can add memory to the unit.  Nice.  This is going to be a touch decision.

    Black and Platinum Family Shot Microsoft Zune HD

    I had the opportunity last week to try out the Zune HD for a few days and see how I liked it.  There’s a lot to like.  But the new Zune player is shockingly small.  Almost too small. Almost.  For you runners, you are going to like the small size and weight.

    For those of you toting around a Zune 80 or Zune 120 from last year, you’ll be pretty surprised at the size difference.

    There has been a lot written already about the new Zune HD screen. The organic light-emitting diode (OLED) multitouch screen and NVIDIA Tegra HD processor are simply killer.  The color, contrast and brightness of the screen is very good. The default setting for brightness is medium and I turned it up to high.  My only complaint with the screen is that it’s too small. I watched three movies on the unit I had and although the screen is very nice, size matters to me.  If your primary use is music the screen is plenty big.

    The touch screen navigation on the Zune HD is very nice.  It’s intuitive and the screen responds when you want it to.  I had very little difficulty adjusting to the Zune HD and liked the way the three buttons worked. I would have preferred to have a manual pause button but I no longer run 20-30 miles a week so it would not be a show stopper for me.  A next button would be nice but pause and next are only two gestures away.

    There are many more reviews out there that are going to be far more comprehensive.  I think the Zune team hit a nice sweet spot with the player.  Since I watch a lot of movies, I’m a bit of a storage hog so 32GB isn’t impressive to me but I could manage to it.

    I love the look of the black player but there’s no way I could live with 16GB of storage with my video appetite.  However, $220 for the 16GB unit is a nice price point.  The 32GB unit is $290 but smart shoppers have been able to find better deals via bing.com cash back bonuses.  Then of course you can always trick out your player at Zune Originals.

    The Zune 4.0 software is a nice improvement and I had absolutely no issues installing it on Windows 7 or Windows Vista.  See the rest of the Zune HD features and specs at http://www.zune.net/en-us/products/zunehd/default.htm.

    ipod touch Apple iPod Touch

    What can be said about the iPods that hasn’t already been said?  They are super popular and rightfully so.  This year Apple improved the Touch models hardware and software, then bumped the flash storage on their flagship.  I used to complain 32GB wasn’t enough storage.  So Apple called my bluff and created a 64GB unit.  Now what do I do?

    Like many of you, I have tons of friends and family that have the Touch or iPhone.  My son-in-law has the iPod Touch and loves it.  He works for Starbucks so he is always using his free WIFI account.  Nice.

    Considering I already have several Zunes, an Archos 605 WIFI player, Sony PSP, and the Creative Zen W, it’s probably time to more seriously consider the iPod Touch.  It’s certainly a good way to keep an eye on the competition without committing to a phone and ATT.  See the specs for the iPod Touch at http://www.apple.com/ipodtouch/specs.html

    I’m going to wait a few weeks to see the new Archos player up close and personal.  They’ll probably have one in DFW airport Terminal D before anywhere else.  There’s a cool little gadget shop there.

    There are certainly many other MP3 players on the market.  Some of them are also competitive video players but the three above are probably most peoples vote for the top three.  Certainly worthy of careful consideration for your Christmas shopping list.

  • Transparent corporate network access via DirectAccess

    Executive Summary

    Desktop software integration is part art, part science.  Desktop administration is hard and rarely leads to inspired users.  DirectAccess is going to change all of that.  With Windows Server 2008 R2 and Windows 7 you can now create an environment that is secure, always connected to the corporate network and a joy to use.  A number of benefits can be realized with DirectAccess including greater user satisfaction with the corporate desktop standard, lower training costs, more efficient network use, and a higher degree of management for the mobile workforce.

    Some History of the Challenge

    Virtual Private Networks (VPN) have been around for many years now.  Users tend to despise VPN because it’s an interruption to their workflow in order to grab a document or access an internal corporate resource.  Corporate network managers haven’t exactly been enamored with VPN either.  The VPN entry point into the network must be safeguarded, VPN client integration into the desktop is problematic, training users is hard, and all of the network traffic associated with the VPN connection comes to the corporate network.

    split network What if you could make those connections seamlessly work for the users?  What if the traffic for the corporate connection is only the network traffic for the internal resource and not all of the typical internet browsing?  What if the connection could easily be secured at multiple levels?

    DirectAccess to the Rescue 

    Well you can do all of that with a new enterprise feature of Windows Server 2008 R2 and Windows 7 called DirectAccess.  DirectAccess splits the traffic and only sends traffic to the corporate network that is needed to use the internal resource like a file share, SharePoint site, or internal line-of-business application.  All of the users internet traffic remains just that, destined for the internet web sites.

    There are many benefits to this approach.  The first big one is that this is totally transparent to the user.  They don’t need to be trained to use complicated VPN software and procedures.  Instead, they just access the data they need as if they were sitting in a corporate office directly connected to the corporate LAN.  Internal sites work just like public internet sites as far as the user is concerned.

    This was a truly eye opening experience the first time I sat down and tried it.  After thirteen years with the company I felt like my home office was finally part of the corporate network.  It was like sitting in Seattle sixteen hundred miles from Texas.  Here’s a screencast I did of that experience using the beta of Windows 7 in early 2009 :

    Get Microsoft Silverlight

    Now imagine for a moment how much bandwidth is consumed by VPN users.  It you were the network manager for the company, wouldn’t you like to keep public internet browsing and the associated traffic off your corporate network?  DirectAccess helps you do that.  As you can see in the picture above, the internet traffic never hits your network and causes bottlenecks at the VPN or proxy servers. 

    Let’s Talk Security

    DirectAccess uses a variety of security technologies and techniques to provide a secure and manageable infrastructure.  Internet Protocol version 6 (IPv6) and Internet Protocol Security (IPSec) are core technologies in the foundation. 

    • Authentication - DirectAccess authenticates the computer, enabling the computer to connect to the intranet before the user logs on. DirectAccess can also authenticate the user and supports two-factor authentication using smart cards.  This is exactly how Microsoft has implemented DirectAccess for employees.  A smart card and the associated X.509 certificates are used for further identity proof.
    • Encryption - DirectAccess uses IPsec to provide encryption for communications across the Internet.  Clients establish an IPsec tunnel for the IPv6 traffic to the DirectAccess server, which acts as a gateway to the intranet. The DirectAccess client establishes two IPsec tunnels:
      • IPsec Encapsulating Security Payload (ESP) tunnel using a computer certificate. This tunnel provides access to an intranet DNS server and domain controller, allowing the computer to download Group Policy objects and to request authentication on the user’s behalf.
      • IPsec ESP tunnel using both a computer certificate and user credentials. This tunnel authenticates the user and provides access to intranet resources and application servers. For example, this tunnel would need to be established before Microsoft Outlook could download email from the intranet Microsoft Exchange Server.
    • Access Control - IT professionals can configure which intranet resources different users can access using DirectAccess, granting DirectAccess users unlimited access to the intranet or only allowing them to use specific applications and access specific servers or subnets.  Granularity and flexibility is key to many implementations of Microsoft product, and DirectAccess was built with that in mind.
    • Access Protection – DirectAccess can be used with other network policies in order to force compliance with the corporate health requirement policies.  This is accomplished using the Windows Server 2008 R2 Network Policy Server (NPS) role and the features collectively called Network Access Protection (NAP).  NPS/NAP policies can be used to check and make sure a DirectAccess computer has the latest security updates, virus/anti-malware signatures and other security settings.  If the DirectAccess node doesn’t pass the health state information check, it will not be allowed to connect to the corporate network thus preventing the potential exposure of a threat to other computers.

    Management Benefits

    The management benefits are primarily for the enterprise desktop administrators although users may benefit in ways they haven’t seen in the past.  Because DirectAccess is an “always on” style technology, desktop administrators have a greater chance of managing remote users.  The greater the connection speed, the more that can be accomplished across the wire.

    For instance, DirectAccess nodes on the network can be queried and patched in a more consistent manner than in the past.  Instead of waiting for the user to come to a corporate campus or branch location, administrators can reach out and touch the machine on a more routine basis.

    Management activities might include simple inventory reporting or something more serious like responding to a zero day vulnerability with a patch or fix.  With DirectAccess, administrators can work with the nodes on the network in off hours and lower the impact to the users.  This will make your users happy.  The last thing they want is a required update in the middle of their busy day.  Now you can schedule updates at a more convenient time.

    More information

    There are a number of whitepapers and guides that are available for DirectAccess. For those of you that are more technically inclined, be sure to check out the Step-by-Step guide for the feature.  You can build and test this in a virtualized environment.

    [NOTE] This blog post was posted to the new team blog at http://blogs.technet.com/windowsserverexperts/.  I am cross posting here because I am looking at a Silverlight 2 issue and I want to see how the container is rendered on my “normal” blog.

  • Steve Ballmer leads Virtual Event - Beyond Cost Cutting: Discover “The New Efficiency”

    On September 29th at 9 am (PST) please join us here on http://www.thenewefficiency.com for a kick-off discussion on “The New Efficiency” live  from San Francisco as a part of Microsoft’s Virtual Launch Event.  Join in the conversation during this must-see event and see top technology leaders across industry and Microsoft’s Steve Ballmer, debate the role of IT during this economic reset. 

    Get a close look at how real companies are justifying IT investments across the desktop, server, the network and beyond.  You’ll also find sessions related to new releases of Windows 7, Windows Server 2008 R2, Microsoft Exchange Server 2010, Microsoft Forefront, Microsoft System Center, and Microsoft Desktop Optimization Pack.

    See http://www.thenewefficiency.com/ for more information.

  • Number 1 is “The Casanova” for a reason

    image

    WARNING:  http://www.cheeseandburger.com/ will make you hungry.

  • Windows Azure Webcast for the IT Pro - registration now open

    What is Windows Azure™? When should I use it? How does it apply to my job?  Whether you’re an IT Professional, Developer or Architect, we’ll address your top of mind questions about cloud computing in this informative webcast delivered by some of our top technologist.

    In this session, we will discuss:

    • Azure architecture from the IT professional’s point of view
    • Why an IT operations team would want to pursue Azure as an extension to the data center
    • Configuration, deployment and scaling Azure-based applications
    • The Azure roles (web, web service and worker)
    • Azure storage options
    • Azure security and identity options
    • How Azure-based applications can be integrated with on-premises applications
    • How operations teams can manage and monitor Azure-based applications

    The live webcast is going to be held Tuesday, September 29, 2009 from 8:30 – noon CST.  To register for the IT Pro portion of this program, head on over to http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032425946&EventCategory=2&culture=en-US&CountryCode=US.

    And don’t forget there’s a developer webcast after lunch on this subject as well.  The MSDN webcast will be held from 1-5pm CST on the same day.  Register at http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032425948&EventCategory=2&culture=en-US&CountryCode=US.

  • Last Chance to Vote for “South By” 2010 Panels

    I submitted a panel proposal to this years South by Southwest (SXSW) Interactive Conference.  The title is, “Screencasting Lessons Learned” and I’ll try to do the subject justice with the knowledge I’ve accumulated over the past four or five years.

    I am getting ready to record a number of Windows 7 screencasts using both Camtasia Studio and Expression Encoder 3.  I’ll be putting some of them through the ringer with adaptive streaming and Silverlight 3 so the information will be fresh and new.  I may try to get my hands on the new version of Camtasia for OS X and give it a whirl on my Apple MacBook Pro, too.  No promises on the later, but it would be a great comparison if I have time.

    ia-logoScreencasting Lessons Learned (http://panelpicker.sxsw.com/ideas/view/3477)

    Your vote: Yes No
    Event: Interactive 2010
    Level: Intermediate
    Type: Solo
    Category: Blogging, Online Video, Writing / Technical Writing
    Organizer: Keith Combs, Microsoft - IT Pro and Developer Evangelism
    Questions:

    1. How long should a screencast be?
    2. How do I publish my screencast using Silverlight?
    3. What do I need to worry about for a good client experience?
    4. Where do I store my video?
    5. What is the difference between progressive download and streaming?
    6. What format should I use for the source recording?
    7. What type of machine do I need for editing and encoding?
    8. Should I use a demo script or wing it?
    9. How long does it take to create a technical screencast?
    10. Should I worry about my accent?

    Description: Learning to publish screencasts online can be a challenge. Come learn some tips and tricks that will help you use Camtasia or Expression Encoder more effectively with your blog. I am actively recruiting other Microsoft MVPs and speakers with the goal of turning this into a panel.

    NOTE: In order to vote, you need to first create an ID at http://panelpicker.sxsw.com/users/register.  It’s a quick and dirty registration app.  Very little hassle. Please register and vote even if you aren’t going.  Thanks !!!

    And don’t forget all of the other panel nominations.  See http://panelpicker.sxsw.com/ideas/index/4/company:Microsoft.

  • You had me at Veyron

    Full article at http://www.joystiq.com/2009/09/02/forza-3-welcomes-1000-horsepower-bugatti-veyron-supercar/.  SOLD.

  • How about an Intel Mobile Core i7 quad based laptop?

    xps 16 Last year most of the quad core machines were huge.  The vast majority had 17” screens and were rather large pizza box style machines.  This year is going to be different.  It’s already looking like this is going to be the year of the quad.  You might be thinking at this point that cost will still make the technology prohibitive and out of reach for us mere mortals.  Think again.

    Dell announced some really nice configurations this week, and we’re just getting started.  I’m sure all of the other popular OEMs have some goodies coming out as well.  In the meantime, take a close look at http://www.dell.com/us/en/home/core_i7_systems/fs.aspx?refid=core_i7_systems&s=dhs&cs=19.

    And if you want a good explanation of what Dell is up to and some descriptions of the machines, see http://en.community.dell.com/blogs/direct2dell/archive/2009/09/23/march-of-the-dell-core-i7-laptops.aspx.  The Dell Studio XPS 16 looks mighty tempting. Just think, now you don’t have to buy a big pizza box to get high performance computing.  Nice.

  • IT Pro Momentum Program – Update and changes

    ITProMomentum

    Many of you have taken advantage of the IT Pro Momentum Program over the past year to build some impressive projects. I am very proud to have helped you do that.  However, I am making a change to the way I handle incoming requests for inclusion into the program. 

    First of all, if you want to be part of the program you must reside in my territory.  Today that is defined roughly as anyone south of Waco, Texas (Austin, San Antonio and Houston) or in the state of Louisiana.  Second, I need to have talked with you personally about the program.  This means you’ve attended one of the events I am delivering or I’ve attended a user group or event we’ve both managed to be present at.  There’s a hint, invite me.

    The exception to this will be the coming Windows 7, R2, and Exchange 2010 launch events.  It’s going to be much to crazy at those events to have a conversation so I will not be taking requests at those events

    As you can see, I am going old school on the process.  I am making it more personal.  Now before anyone gets upset, consider this. We have IT Pro Evangelists across the globe that are doing the same thing.  Your homework is to find the IT Pro Evangelist in your area and make a connection with them.  The US is covered by the folks at http://technetevents.com/speakers/default.aspx.  If they aren’t familiar to you, they should be.  Dan, John Baker, Yung and Blain cover the East Region.  Kevin, Shawn, Matt, John Weston and I cover Central.  Chris Avis, Chris Henley and Harold cover the West Region.

    So where does that leave you?  If you are already in the program, you’re in for the year that you signed up for.  If you didn’t receive an invitation from me, sorry but I look forward to meeting you at one of the events I’ll be attending in SouthCentral.

    I will adjust my policy again if my territory and role changes, but this will be my plan until something changes my turf.  Best regards.  Keith Combs.