Simon May

Client and cloud

September, 2010

  • is an IE9 Web Application and so is Facebook (#IE9)

    facebook IE9 icontwitter as a web app in IE9

    It seems the good folks @twitter have jumped out of the starting blocks and enhanced to take advantage of the pinning technology in IE9.  As a twitter addict (@simonster on there) I love this, genius.

    They aren’t the only ones Facebook have done something similar.  Be interesting to see if anyone else takes advantage of this functionality and more.

    This is what it looks like when you take advantage of the technology. In a few lines of simple code they just turned into an app.

    Go to for more or watch my series of one minute videos on Internet Explorer 9 Beta

  • How we (Microsoft) are using Azure for internal apps

    One of things I love about working for Microsoft is that we use our own stuff, we really trust, we really deploy it, we really use it.  Not all our competitors do, you can tell because they don’t talk about it, they don’t run their own massive data centres for example.  We do and it gives us experience.  MSIT – our IT department, yes we do have an IT department too, has built and deployed SXP or Social eXperience Platform) on the Windows Azure platform – and more stuff is going that way too.


    So what is SXP and what makes it special?  Well SXP runs on this site our video showcase and it is essentially a platform that allows us to manage and understand the social aspects of our content.  That content can be web pages, videos (as in the video show case site), blog posts, new stories, press releases…anything.  Essentially you could say it adds social context to anything and allows us to understand that context.  It’s a back end tool, it’s not doing the content hosting.

    The platform is built on Azure (one web server role running on 3 medium instances) and storage is taken care of by SQL Azure with each subside of having it’s own database allowing customisation and isolation of problems, should there be one.  The user interfaces are delivered with Silverlight.

    There are some cool management things too, SCOM integration being handled by some custom code right now but the RC of the Azure Management pack is being run in parallel and that’s going to be something every IT Pro who’s managing Azure will love.  There’s also an interesting tool called “Keynote” running that checks that the web service is available from different points all over the globe and the tool the user facing tool for managing the workflow has been created in Silverlight and uses AD FS (Active Directory Federation Services) for authentication – meaning that once you’re signed into your desktop you’re signed into the app.

    This is obviously not new functionality to us, commenting and rating of videos has been with us for some time but the 3rd party solutions we had in place don’t seem to have been the most manageable.  On that point we get quite a lot of comment spam that has to be filtered away.  The service has been live for about 120 days now and MSIT tell us that they’ve saved about $14k PER MONTH! in management costs, upped availability by 8 fold and made provisioning a staggering 240 times faster!  That’s Azure for you.

    The team learnt some excellent lessons, which they’ve published here along with more detail on the above, but the lessons are really important and I want to call them out:

      • Pick the right application. The primary key to success in developing for Windows Azure is to pick the right application. Windows Azure is great for building a Web application or a compute-intensive application, but it is not yet a general-purpose application development platform. The SXP team started with a lower-risk customer-facing project to validate that everything worked as planned.
      • Prepare for the impact on operations. Operations is the biggest change when developing for Windows Azure. It is critical to understand the operations impact, get the operations team on board early, and design for operations. Because the SXP team knew that it faced an unknown operations environment, the team heavily instrumented its code so that it would know exactly how many transactions succeeded or failed. The team took advantage of the out-of-the-box Windows Azure Diagnostics to do the bulk of the work but also wrote some small custom tools.
      • Prepare early for security and integration. Security and integration are very important considerations. AD FS is a great security solution for authentication. Integration is challenging if there is data inside and outside the firewall. For projects that require integration, it is important to make sure that those problems can be solved before development starts.
      • Build in SQL Azure retries. SQL Azure moves databases to balance load. When a database is moved, the connection pool becomes invalid. If the service does not retry the SQL connection, the connect request fails, causing errors. So it is critical to build in SQL Azure retries. For examples of code that retries connections, see the blog entries at
      • Conduct performance testing. Running performance and stress tests with Visual Studio and Windows Azure can be challenging. The problem is the wide area network (WAN) link between the client and the server. The results can become skewed, and the network can quickly become a bottleneck. The potential to accumulate bandwidth costs also exists. The SXP team solved this problem by creating a simple application that it deployed in Windows Azure in the same data centre, in order to test heavily on the same network. This testing provided feedback on real performance data.

    I have a bet with myself about what the first comment will be on this post…

  • DNSSEC explained beautifully by Mark Minasi

    DNS security and the way to spoof and poison DNS is a pretty complicated area.  Luckily we have DNSSEC which can help to resolve the issues quite simply.  It’s an area that I needed to understand a bit more about and as I happened to be doing so I found this video with Mark Minasi.  Oh and yes, it’s another reason to move to Windows 7, as XP and Vista don’t support all the DNSSEC flags.  He’s got some other great background on why you should choose to go 64bit over 32 in your Windows 7 deployment.

    Mark Minasi at TechEd North America | Media | TechNet Edge

  • Internet Explorer 9 BETA for IT Professionals (#IE9)


    And here it is folks the new Internet Explorer 9 Beta has just landed and everyone can download and go play with it as you wish.  I’ve done quite a bit of that for you with NINE 1 minute tours of some of IE9’s new features.  Features like tab pinning, OneBox, Notifications and Privacy all covered in under a minute each.  If you’re an IT Pro though you’re going to want more details about things like IEAK (!!) (Internet Explorer Administration Kit) how to manage IE 9 through group policy and lots more lovely stuff.  You might want to watch my one minute videos on Internet Explorer 9 Beta.

    Quick and Clean

    So what can I tell  you about IE9 from the IT Pro's point of view.  The first thing you notice is that it’s fast, the 2nd that it’s clean.  It’s fast in every way I’ve used it, it’s fast at shopping on Amazon, it’s fast at Hotmail, it’s fast at Google reader, it’s fast at administering my blog on Wordpress, it’s fast at SharePoint stuff, it’s fast at Outlook Web Access, It’s fast administering Windows Intune (which uses Silverlight so plugins are fast) and uploading 9 videos to YouTube means I can tell you it’s fast with flash.  Fast, Fast, Fast.

    It’s also damn pretty to look at, that stripped down UI which melts into the background means I can concentrate on my SharePoint site or on my web site.

    OneBox is like a command line for the web.  I’ve actually found the OneBox to be a huge improvement as an IT Pro with our penchant for command lines because it brings everything together and I can type faster than I can point to things with a mouse!  I want to go to a Favorite called “Dashboard” and I just type D-A-S-H-Shift+Enter in OneBox and it’s done.  Visual search is a stellar feature which builds on the instant searching already built into OneBox and all those existing search providers work with OneBox too.  A point to note on security here.

    A point to note on security here, any kind of instant searching of the web includes a two way dialogue with the search provider.  Be that in the web page itself or in a search box in a brower.  We’ve taken a stand for user rights with IE9 and we make it so that that functionality has to be initially enabled and you can disable it at any time.  Not all browsers do this, it’s important.

    imageThe back and forward buttons, the mainstay of navigation in a browser hold some magic sauce too.  When you pin a tab – oh yeah you can drag tabs to your task bar to pin them! – it turns the website into an application and the back and forward buttons follow the websites colour scheme.  It’s a small thing but it makes an amazing difference changing from the browser centric approach of other browsers to this web-centric one.

    The web just works

    ie9 beta with acit 3It’s kind of obvious for a web browser but the key thing is that it’s about the web.  Immediately in IE9 you see that the browser melts into the background but it does that in more than just a visual way.  IE9 is very standards compliant and interoperable really taking advantage of HTML5 standards and making them fly, our most standards compliant browser yet. 

    Ok lets stop.

    Usually when we (Microsoft) say that people think we mean we took a spec and built on it to make it better, not in this case, we took the HTML5 spec (an area we’re leading the W3C with) and made it the best it could be by extending into the power of the PC using the he 90% of the PC that most browsers don’t.  You’ll have seen the fish.

    But what if you don’t have a mega whizzy PC?  Well your devs still get the opportunity to code in a ubiquitous, reusable way.  Code once, run everywhere.


    We’ve built on the solid safety foundation that came to fruition with IE8 and in IE9 it seems to get even more “comfortable” which I guess is what you get from 2nd generation security.  From the viewpoint of the IT Pro though this level of security is Phenomenal.  IE9 Includes technology to block the single biggest hole in your corporate armour – your users downloading dodgy stuff.  I might not be talking this up enough.

    IE9 users reputation management and SmartScreen technology to instantly, seamlessly respond to new threats.  That means that you don’t have to wait whilst some AV lab dudes cook up antigen.  That reduces the response time and that reduces your attack surface lots!


    Management is something that gets us IT Pros a bit gusshy, we love to manage stuff and know what’s going on.  IE9 includes some amazingly powerful tools out of the box.   NO other browser has this level of managent.  I don’t see any other browser that lets you deploy this easily either.

    Take this scenario:

    Your intranet site is crawling along, your users are complaining, you’ve got a headache, the phone won’t stop…you need to work out what’s going on.

    IE9 includes “Developer” tools which are perfect for you to use (just hit F12).  The tools now include Network tracing, so you can look at your intranet site (or any site) and see what’s causing the performance bottleneck.  Ahh yes it’s that massive JPG that Bob the MD just uploaded to the company home page to announce his new pet Chihuahua! image

    The developer tools give you all manner of tools to fully understand what’s going on and to troubleshoot issues your users are having with the sites their visiting.

    You also get everything you know and trust for managing IE9 – or at least you will do when we reach full release – so you’ll get over 1500 Group policy settings to control all aspects of the users experience (including New in IE9 control over Add-ons!), you’ll get the IEAK to help streamline and manage your Internet Explorer deployment.  WSUS can manage IE9, Windows Intune will be able to and SCCM will have your back too.  Slipstream installation means you can install IE9 into your existing deployment packages with real ease.

    And do you know when anyone else is going to release a patch for their browser?  We’ll do it on patch Tuesday thanks very much!


    The reliability of having patches on the same day every month is just one thing, you need to know that the browsers not going to crash every five minutes and cause your users pain.  It’s not.  If one tab crashes the whole house of cards won’t come crashing down.  IE9 has automatic hang and crash recovery – your user don’t even have to do anything to take advantage of this stuff!

    Tab crash recovery was introduced with IE8 but with IE9 it’s extended to tab hang recovery – so the effects of a particular tab hanging, because of poor java script for example, are kept away from the rest of the experience.  Take that infinite loop!

    How you can be an IE9 hero

    Wouldn’t it be cool if every PC you deployed had a customized icon on the task bar for your company Intranet.  Wouldn’t the boss love that?  Simple.  Take 3 lines of HTML code (+1 for each jump list entry), add it to the header of your web site and save.  Then drag the tab to the task bar.  Check out this video for how to do just that.  I’ll post more on this when some of the dev dudes posts become live.

    Do that and you get a pretty darn custom looking browser for you Intranet site.  Try it now with Gorillaz website, they’ve already made the code changes.

    What’s more this functionality can be enhanced with some java script to include notification icons (just like Outlook and messenger) – perhaps number of new articles on your company intranet today?

    What you should do now

    Go get the IE9 Beta and try it out.  If you need to test code side by side with IE8 for some reason then get the latest platform preview from the IE Test Drive Site or check out for more.

  • A Steady State for PCs that don’t change

    There are times when you don’t want things to change, things are setup just so and those pesky users keep changing things.  It could be when you need kiosk machines, say at en event or in an internet cafe or in a school classroom or lab.  In XP and Vista we had a tool called Steady Sate that made it easy to revert changes to before the users had used the PC.  Windows 7 doesn’t include this so we’ve created guidance to help use the tools at your disposal to provide a steady state, that’s group policy and other free tools.

    I’m not going to go through the white paper in depth but Stephen L Rose, who’s going to be in Reading November 1st for the Springboard tour, has the low down.  Check out his post for details but if you want the whitepaper immediately it’s here.