Dave Northey, from Microsoft Ireland, has recorded a cracking little video where he shows the ease with which he can create a highly available file server, built on the Failover Clustering technology in Windows Server 2008 (Enterprise and Datacenter).
In the video, Dave uses six virtual machines all running on his laptop (domain controller, iSCSI SAN, three Server Core Cluster Nodes and a 2008 Member Server). He shows and explains the 'Validate' process, along with the new quorum configurations. The idea of Failover Clustering in 2008 is simplicity, and Dave brings this across perfectly.
Enjoy the video!
James unearthed a couple of beauties from YouTube, which take a comical, yet informative look at the next generation of Server Suites, namely, Small Business Server 2008 and Essentials Business Server 2008.
Nice find James :-)
James and Andrew from my team have been busy with the video camera (careful :-)) recording some more interesting Partner-TV videos. The latest series of video's are focusing on System Center; Microsoft's management platform. The guys have recorded and produced 2 video's so far, and there are a few more to go yet!
Their first video discusses System Center Configuration Manager...
While the second video discusses System Center Operations Manager...
A word of advice - don't press play on both of them at once :-) and another, make sure you keep tabs on the Partner TV blog - it's a great source of information!
This is something I'm really excited about - Virtualisation of desktops. Now, it's not the silver bullet that everyone thinks, and it's important to understand the licensing implications etc, plus I'm always in favour of a TS solution over VDI in terms of return on investment, but that said, there's something cool about virtualisation of your desktops, and some even cooler stuff taking place around the broker, that sits in between the end user's access device, and the virtual desktop in the datacenter; a component that Microsoft doesn't make itself...
Enter our Partners - Partners like Citrix, with the up and coming Citrix XenDesktop platform, but also Quest Software, with their Provision Networks Virtual Access Suite. I'm excited about both, and I'm keen to get some hands on time with each so I can start talking to our Partners about the opportunities of an integrated solution around VDI and Hyper-V.
There's an interesting article on InformationWeek and don't forget to check out the comments - there's a few Citrix fans (and rightly so) having a few things to say around the Quest offering, and vice versa (again, and rightly so!). I'm staying impartial, as I haven't used either, and being new to their technologies, ease of administration will obviously come into it.... :-)
"Microsoft is winning the NAC war, expert says"
Taken from the article:
"...the key is that people seem to be willing to let Microsoft take a leading role in NAC (Network Access Control). So we really focused on that: what comes built-in with XP SP3 and Vista? And then how do you extend things if you don't like what's built-in? We definitely had other policy decision points besides MS NPS---Cisco, Avenda Systems, Juniper, and Radiator, plus FreeRADIUS sort-of. Even on the client side, there are interesting things. For example, you can add more system health agents/verifiers, or you can go for other supplicants, or you can do non-Windows or pre-XPSP3 operating systems, or you can worry about other devices, like cameras and VoIP phones and printers. What we ended up with was about a dozen demonstrations, all showing what you need for a complete NAC solution. And it really focused on "let's start with Microsoft and work out from there."
I'm really looking forward to more and more 3rd parties writing their own Security Health Agents and Security Health Validators to extend the default configuration and capability of NAP, especially with non-PCs, like Mobile devices, cameras and printers. I blogged about the Forefront team doing just that, in this video, where they have written a Forefront Security Health Validator for NAP, to extend the functionality to a more granular level.
XP SP3 has been released into the public domain after a short delay. Get all the info, and the updates themselves, by following this link:
There's also an interesting whitepaper available, entitled Windows XP Service Pack 3 Overview, which you can pick up from here:
My favourite improvement within XP SP3 is the Network Access Protection integration:
"NAP is a policy enforcement platform built into Windows Vista, Windows Server 2008, and Windows XP SP3 with which you can better protect network assets by enforcing compliance with system health requirements. Using NAP, you can create customized health policies to validate computer health before allowing access or communication; automatically update compliant computers to ensure ongoing compliance; and optionally confine noncompliant computers to a restricted network until they become compliant. For more information about NAP, see Network Access Protection: Frequently Asked Questions."
I've been doing a couple of events recently with my manager, James and one of the points he always raises is around protection of information, especially things like emails and documents. The example James gives is around the internal Microsoft emails/memo's that, a few years back, seemed to always find their way out onto the wonderful world wide web, and once it's left your 'four walls', that's it, it's out of your hands.
Step up, Windows Server Active Directory Rights Management Services.
"The goal of an AD RMS deployment is to be able to protect information, no matter where it goes. Once AD RMS protection is added to a digital file, the protection stays with the file. By default, only the content owner is able to remove the protection from the file. The owner grants rights to other users to perform actions on the content, such as the ability to view, copy, or print the file. For more information about the business reasons behind an AD RMS deployment, see the white paper "Windows Rights Management Services: Helping Organizations Safeguard Digital Information from Unauthorized Use" (http://go.microsoft.com/fwlink/?LinkId=64636)."
So, to put that in context, check out this shot from my Outlook 2007 client:
I've created a new email, and I then have the option, with choosing one button, protect this email and restrict it to the person I'm sending it to. Now, I haven't personally created those options in the screenshot - that's the work of the Microsoft IT Admins, but for the end user, it makes it really easy to apply confidentiality to an email and, also, a document:
Now, if I send that email, or document to someone in Microsoft, short of taking their laptop or screen to the photocopier, or handwriting it out, there is no way to distribute that information. That includes screenshots, screen clips etc.
Now, how to set this up?
Well, check out this guide: http://technet2.microsoft.com/windowsserver2008/en/library/437d3040-89f0-40ac-a2af-c288a48714c41033.mspx?mfr=true
Happy days :-)
Think about this scenario. You're embracing virtualisation. More specifically, using Virtual Machine Manager. Your running VMs are happily up to date, healthy and compliant and stay that way, thanks to a constant connection to Windows Update on the web, or a connection to WSUS/System Center Config Manager for centralised patching and updating. So far, so good. You're also using the library functionality of SCVMM, to store offline VMs, ready for deployment. These offline VMs could have been offline for quite some time. They could have missed one, two, three, or more 'Patch Tuesdays', so when they eventually do get brought online, they're out of date and a potential health risk to the organisation. Step in the Offline Virtual Machine Servicing Tool (Beta)...
"The Offline Virtual Machine Servicing Tool allows you to automatically activate virtual machines parked in a library to update their operating systems one by one using System Center Configuration Manager or Windows Server Update Services."
Apply for the beta here: https://connect.microsoft.com/programdetails.aspx?ProgramDetailsID=2192
There's also a good exec overview here: http://technet.microsoft.com/en-us/library/cc501231.aspx
Not particularly new news, but it's been sat in my inbox for a while, and you may still find it useful.
One of my demos I often show around Windows Server 2008 is Server Core; a scaled down version of the OS with a command line interface for local management. Now, being from the School of GUI whilst growing up with technology means that scripting at the command line isn't in my comfort zone, which means it's important to provide powerful alternatives. In the case of Windows Server 2008 and Server Core, I could simply go to another Windows Server 2008 box (GUI version) and manage the Server Core box remotely (providing I've opened up the relevant ports in the firewall). This, however, isn't always convenient, especially if I spend most of my working day working on a client operating system, which in this case, would be Vista SP1.
So, with that, it's useful to learn that there is a tool that can be installed on Vista SP1 (x86/x64) which allows remote management of a Windows Server 2008 machine. So, what does it allow you to manage?
Role Administration Tools:
Feature Administration Tools:
The tools in the following list are fully supported managing Windows Server 2003 servers as well:
Download: Remote Server Administration Tools (x86)
Download: Remote Server Administration Tools (x64)
There are a few common questions being asked around what is required to run RSAT and what it actually replaces:
Q. Is RSAT the next version of ADMINPAK.MSI?
A. Yes. As ADMINPAK.MSI provides IT professionals the ability to remotely manage their Windows Server 2003 servers, RSAT provides updated functionality for Windows Server management from computers running Windows Vista with Service Pack 1. All RSAT tools support the management of servers running Windows Server 2008; some of these tools also support the management of servers running Windows Server 2003, and thus can be considered a replacement for ADMINPAK.MSI.
Q. Will RSAT run on the version of Windows Vista with no service packs installed?
A. No. RSAT requires Windows Vista with Service Pack 1.
RSAT is also available in the following languages:
Happy Managing! :-)
Vista's had quite a lot of negative press since it shipped, some justified, some not. Some people who use it, love it, whilst others would much rather go back to XP. The majority who would rather go back to XP, want to do so due to an initial bad experience, but if you're the bean counter in the organisation, trying to save money wherever possible, Vista's actually pretty good at saving you money, especially when it comes to power savings...
Yes, Vista needs good hardware, but that's available now. There's actually more supported devices and peripherals in the marketplace for Vista, than there are for XP now, and Vista is becoming more and more streamlined month on month. It can also save organisation's a great deal of time and money when it comes to deployment, management and control. The stats from above are taken from an Info-Tech report, which you can download and read here:
Obviously, for an organisation, the savings you make with Vista, only come about when you actually purchase Vista, and have decent hardware to run it on, but I guess with any investment, it's the savings over a period of time that are important, and that's what Vista delivers. Yes, it's a change in behavior when using Vista for the first time, and for some people, there are still issues with certain applications (although the majority of mainstream apps are now certified on Vista) but give a user a good piece of hardware, and show them the ropes with Vista, and their productivity will rise, whilst you, as an IT Admin, have a more granular level of control over that machine, thanks to improvements in Group Policy, and the bean counter is happy, because you're going green, and saving cash. This isn't going to happen overnight, but with SP1, more people are warming to Vista, and are becoming more willing to adopt, particularly when positioned well with Windows Server 2008. Like I said, give people the decent hardware, control the machines well, and Vista in your environment shouldn't be the headache that many found it to be one upon a time.