TechNet UK

Useful tools, tips & resource for IT professionals including daily news, downloads, how-to info and practical advice from the Microsoft UK TechNet team, partners and MVP's

October, 2013

UK  TechNet Flash Newsletter
Featured
  • Six months to Windows XP end of support – have you made the move?

    IMG_8912_cropped_lo

     

      By Asavin Wattanajantra, writer at Metia.

     

     

     

    Windows XP was born in 2001 – which remarkably makes it almost a teenager! Perhaps it’s time to start thinking about avoiding those difficult teenage years?

    What was technology like at the beginning of the millennium? Well for a start there were no smartphones or consumer devices with the accessible touchscreens of today. It would be a few years before we even considered using our fingertips to do fun stuff. It was also the year of the first Xbox, Microsoft’s move into the area previously dominated by the likes of Sony, Sega and Nintendo.

    For most people email was the sole online communications tool, the web existed solely for consuming websites and a small number of technical forums offered the merest glimpse of the social media revolution that was to follow.

    Technology has changed beyond recognition since Windows XP was launched, but for many businesses, amazingly, it is still a central part of their IT structure. XP worked superbly for so many organisations it pretty much created a cult following. Numerous updates over the years made it stable and reliable enough to last this long.

    But technology evolves and will continue to do so. Next April we'll be ending support for Windows XP, as well as Office 2003. Very simply, they don’t match up to the requirements of today’s businesses. You're demanding technology that fits the way you work inside and outside of the workplace, as well as the capability to handle the security and compliance challenges of today. XP and Office 2003, which have been around more than a decade, simply aren't up to the task any longer.

    Importantly, ending support means no security updates, which inherently means Windows XP users will be open to security and compliance risks.

    However, this is an excellent opportunity to think about what Windows 8.1 and Office 365 can do for you, particularly if you're looking to do a general upgrade of your IT.

    Windows 8.1

    Windows 8.1 has been created with the future in mind, with really interesting features making it a good choice for consumers and businesses.

    • It's a reimagined form of Windows, but you won't find it unfamiliar - there's a new Start screen which allows you to launch apps and find the desktop
    • It's built for modern business, meaning you can be connected everywhere. A fantastic new feature called Windows To Go allows you to stick Windows on a USB, making it possible to work efficiently on any device
    • You’ve got a set of in-built apps for email, calendaring, social networking and photos. If you want any more apps you have the fast-growing Windows store to choose from
    • Windows 8.1 is touch-screen friendly, built for a world of smartphones and tablets. And if you're using a laptop or desktop PC, it still delivers a great user experience.

    Office 365

    This is built for the modern workplace, and allows employees to use their favourite applications, such as Word, Excel and PowerPoint, on any device.

    · With Office 365 there will be no large one off payments. It’s provided on a monthly fee, per user plan

    · Users will be able to access Office 365 applications on browsers and devices with the same features and functionality as on their PCs and laptops.

    · With always-on protection and automatic updates, there is no need to for you to spend time updating the software – and it comes with a financially backed 99% uptime guarantee.

    How to upgrade

    With six months to go, hopefully you’ve made plans for the move. If you haven’t, you better move fast – start planning and get the business involved, as an unsupported system is open to attackers. You’ll also need to figure out if your Windows XP apps will work on Windows 8.1, and whether you need to new hardware to run the new software on. If in doubt, contact a Microsoft accredited reseller which should be able to give you some valuable advice over Windows XP migration.

    It’s always sad to wave goodbye to a reliable old friend, but the advantages of upgrading to a newer model are clear to see.

  • TechDays Online – November 6-8: The final programme update! Featuring Steve Ballmer, Will Greenwood and the Lotus F1 team!

    Print

    Here is the Final programme update for each day of Tech.Days Online from Wednesday November 6-8. Not only are we delighted to confirm that Steve Ballmer will be joining us on the first day, but we also have British Lions rugby legend Will Greenwood confirmed to share the British Lion and Microsoft story as well as the Deputy CIO of Lotus F1 on board to talk about Office 365. You can still send in you questions to Microsoft CEO, Steve Ballmer before Wednesday, just send them to ukitpro@microsoft.com and we’ll select the best to ask him during the interview.

    All sessions are 30-minutes and the technical experts running these sessions consisting of Microsoft product experts and Microsoft Most Valued Professionals (MVP's) will be available post-session for further online chat and follow-up to any questions you have.

    Remember that there will also be competitions and prizes to be won throughout each day from T-shirts to an X Box One so do switch on, tune in and join us for all the sessions you want to participate in by registering for Tech.Days Online starting on Wednesday November 6th.

     

    Tech.Days Online – November 6-8 - The Final Programme Update

    Wednesday November 6 – Windows Client for IT Pros and Developers

    Start time

    Session No.

    Session Title (all sessions are 30 minutes)

    09:30

    -

    Overview of the day

    09:35

    1.1

    Windows 8.1 – devices galore! + interview with Will Greenwood on devices and British Lions

    10:25

    1.2

    MDOP 2013 Overview and Deeper Dive on changes in Application and User Experience Virtualisation

    11:00

    1.3

    Management in the cloud with Windows Intune Configuration Manager

    11:40

    1.4

    Steve Ballmer, Microsoft CEO, Live Interview

    12:20

    1.5

    Device Management – Heterogeneous Device Management

    13:00

    1.6

    Office 365 – The Evolving Service + Interview with Michael Taylor, Deputy CIO, Lotus F1 team

    13:55

    1.7

    Building business Apps with Visual Studio DevOps

    14:35

    1.8

    Windows 8.1 – Workplace Join

    15:15

    1.9

    Windows 8.1 - VDI

    15:55

    1.10

    Find out about what you can do with Intel vPro

    16:35

    1.11

    Windows 8.1 Enterprise

    17:15

     

    Wrap-up of Day 1 (inc. announcement of today’s Xbox One winner)

    Thursday November 7 – Server and Cloud for IT Pros

    Start time

    Session No.

    Session Title (all sessions are 30 minutes)

    09:30

    -

    Overview of the day

    09:35

    2.1

    2012 R2 - Virtualisation

    10:15

    2.2

    Building Windows Server 2012 R2 Networking with System Center 2012 R2 Virtual Machine Manager

    10:55

    2.3

    2012 R2 - Storage

    11:35

    2.4

    Extreme automation - Learn automation or get better at golf!

    12:15

    2.5

    What’s new in Ops Manager

    12:55

    2.6

    Cluster in a box

    13:35

    2.7

    Moving VMs from on-premise to Azure

    14:15

    2.8

    Automating the Azure Datacentre with PowerShell

    14:55

    2.9

    Cloud backup

    15:35

    2.10

    Ask the Experts – Your questions answered by today’s expert presenters

    16:15

    2.11

    Windows Azure Platform

    17:00

    -

    Wrap-up of Day 2 ((inc. announcement of today’s Xbox One winner)

    Friday November 8 – Visual Studio, Azure, Dev tools for Developers

    Start time

    Session No.

    Session Title (all sessions are 30 minutes)

    09:30

    -

    Overview of the day

    09:35

    3.1

    Asynchronous C# development in Visual Studio 2013

    10:15

    3.2

    Agile development with Team Foundation Server

    10:55

    3.3

    Quick and Easy Cloud Back-Ends for Mobile Apps

    11:35

    3.4

    Using the Nokia Music C# API on Windows Phone 8 / Windows 8

    12:15

    3.5

    Azure Cloud Services Architecture

    12:55

    3.6

    From Whiteboard to deployed in 15 minutes

    13:35

    3.7

    What's new in Visual Studio 2013 for Web Developers

    14:15

    3.8

    What's new in Visual Studio 2013 for App Developers

    14:55

    3.9

    What's new in Windows 8.1 for App Development

    15:35

    -

    Wrap-up of Day 3 (inc. announcement of today’s Xbox One winner)

    Remember to register for Tech.Days Online from November 6-8 here

  • Is it time to upgrade your Hypervisor?

    One of the great things about virtualisation, is that the host operating system running the hypervisor is independent of the operating system in the VMs. For example VMware ESXi is not the same as Linux and Windows operating system in the guest VMs that reside on it.  You might be a little confused when you look at Hyper-V in the same way, but actually it’s the same again.  You could run Windows Server 2012 Hyper-V and have Windows Server 2003/2008/200R2 in the VMs and contrary to popular belief Linux also works well on Hyper-V and is fully supported for the latest versions. Note: It is technically possible to run much older operating systems on Hyper-V, such as MS-DOS, OS/2, Windows for Workgroups it’s just that those aren’t supported because those operating systems aren’t supported at all even if they are ran on physical hardware.

    The point I want make here is about what effect upgrading the hypervisor has on the guest operating system in the virtual machines.  This can be likened to reinstalling that operating system on new hardware, which in turn means driver support.  VMware Tools/ Hyper-V Integration Components provide these synthetic drivers to spoof such things as CPU storage, networking, time synchronisation and also feed back to the hypervisor the state and usage of these resources. So from the perspective of the guest operating system, moving hypervisors is the ripping and replacing of these drivers. Of course from the host this might mean a change of the metadata and hard disk files that represent that virtual machine on the host.

    None of this is difficult but does involve some change albeit less than changing the guest operating system, but why bother upgrading or changing a hypervisor?

    If I look at what Hyper-V offers in Windows Server 2012R2 compared with the original version that shipped with Windows Server 2008, then everything has got easier, faster, with corresponding improvements in high availability(HA) and the different but equally important world of disaster recovery (DR). Some of this is a reflection of what hardware can do now such as NUMA in CPUs, SR-IOV on network cards while other improvements have totally been down to reworking the hypervisor itself to provide access to parallel processing without getting caught up with waiting for availability of threads on cores in a CPU.

    So you’d have to have some obscure use case to stop you upgrading  from one to the other as there would be no license cost involved because Microsoft doesn’t charge for Hyper-V, just the licensing in the VMs - I am assuming you are already licensed for those! So in return for a bit of work you get access to all the new stuff in Hyper-V.

    Of course you could also move from Hyper-V in whatever version of Windows Server to VMWare and use one of their many licensing options to suit your HA & DR needs and how many VMs per server you have and so on.  In preparing your cost benefit analysis for this compared with moving to Windows Server 2012 R2, it’s worth bearing in mind that you’ll still need licenses for the operating systems in the VMs themselves whatever hypervisor you choose. Often the best way to do that is to license the host with Windows Server Datacenter edition which covers you to run as many VMs as you want on that host each of which is then licensed to run Windows Server and then covers you to run Hyper-V on the host as well.   For a few edge cases that analysis might weigh in favour of VMware or be worth paying because of some particular feature like VM fault tolerance that doesn’t exist in Hyper-V.  I say edge cases because I don’t see that happening a lot in the current market.

    What I do see is movement from VMWare to Hyper-V. I don’t propose to do a feature comparison here (If you are interested then Keith Mayer’s post is as good as it gets) . What I want to focus on is three things:

    1. Hyper-V advances over the last five years have outstripped enhancements in VMWare.  For example the list of new features in Windows Server 2012 to 2012R2 all enhance Hyper-V in some way be that for VDI, for storage or DR.  That rate of change isn’t evident in VSphere 5.1 – 5.5  most of which means the scalability numbers are in line with Windows Server 2012 R2.

    2. Windows is Windows.  If you know how to manage a windows server you can manage Hyper-V.  This reduces the staff costs associated with running server virtualisation, because you don’t need a different team with different skills.  A good example is to fire up Server Manager and see your physical hosts, alongside your virtual machines in one screen. This is actually good for us IT Professionals in those teams, we can either acquire a broad windows server knowledge including virtualisation in a smaller team or have the ability to transfer skills and have career progression in a larger one

    3. Hyper-V is fit for purpose.  While the Hyper-V that you buy in Windows Server 2012R2 is not exactly the same as the one runnning behind Azure , Office 365, Bing etc.  there is a lot of common code. I could rattle out a list of references who are on Hyper-V now like Royal Mail, Unilever and Aston Martin, but perhaps the best evidence of Hyper-V being ready for business is silence.  By this I mean that when things go wrong with anything technical these days forums and social media are alive with it very quickly and that has not been the case with Hyper-V.

    So my assertion is that to upgrade your Hypervisor you need to consider Hyper-V

    Please discuss    

     

  • Protecting your legacy data in the great migration to the cloud

    Dana Simberkoff_png

     

      By Dana Simberkoff, Vice President, Risk Management & Compliance, AvePoint.

     

     

    For most organisations worldwide, it’s no longer a matter of “if” they will move to the cloud but rather “what” they will put in the cloud. Keeping everything on-premises within the walls of an organisation is unrealistic. Cloud is increasingly a part of more and more IT business strategies, at least judging by the rapid spending on cloud-related services. According to a recent IDC study, public cloud services spending will reach $98 billion USD in 2016, with a compound annual growth rate five times that of the IT industry overall.

    Why? Companies are constantly looking for ways to do more, to collaborate better, to create more product, to continue pushing the revenue needle forward – all the while, enabling an increasingly global workforce. Cloud computing offers many advantages to technology providers and their customers, allowing companies to invest far less in infrastructure and resources that they must host, manage, administer and maintain internally. This instead allows them to invest in the advanced applications they build on an externally hosted and fully redundant environment that they can access at a fraction of the cost - not just for saving costs on what is traditionally capital expenditures on hardware, but more so for business agility. The business landscape has never been more competitive, and every enterprise is looking for an edge. Judging by the numbers, many believe utilising the cloud to manage enterprise systems and content with repositories such as Microsoft SharePoint Online will help pave their way to victory.

    With this great reward, however, comes great risk. Hosting SharePoint through Microsoft Office 365 could reduce cost and improve global access to content. However, for organisations subject to regulatory requirements (and that’s essentially every organisation today regardless of size, vertical, or geography), the move to the cloud isn’t without risk. Enterprises have tremendous concerns about storing business data outside their own walls because it means relinquishing control – control of information, user access, authentication, and data exposure (whether intentional or accidental) of sensitive personally identifiable information, classified information, or otherwise non-compliant content.

    So you accidentally let someone take a peek at the wrong data – how much harm can that data breach possibly do? About $5.4 million USD worth, according to a recent study by Ponemon. The study found that the average organisational cost for a single breached record – a document, user ID, email, email address – is $188 USD. Think about the number of emails clogging up your own inbox, and documents in your shared drive right now … it adds up very, very quickly.

    Before you call your sales representative selling you a cloud platform and tell her no thanks, consider this: There is a way to gain value from cloud computing while addressing compliance concerns. Many companies are offloading select content or workloads into the cloud, and keeping their most regulated content on-premises. You won’t be alone. Many organisations are following this approach, a report by IDC found that 80 percent of the world’s 2,000 largest companies will still have greater than 50 percent of their IT onsite by 2020.

    So, what’s your move to start the migration from your old on-premises technology platforms to the cloud? Here’s your four-step playbook:

    1) Assess existing sites and content. Identify at-risk content and sensitive data within your “as is” on premises environments – including SharePoint or file share content – that could potentially violate your compliance policy. Perform a risk analysis to understand exposure levels for a defined scope of content, as well as the effectiveness of existing controls to determine the overall sensitivity of an existing SharePoint environment.

    2) Report on and classify content. Implement an effective and realistic compliance program that can be enforced, measured and modified as needed. Identify what data your organisation collects, processes and stores (and where it comes from) and decide on applicable/mandatory privacy and security requirements – what, where, why, and how. Provide information classification based on risk exposure to the organisation. Define minimum content and physical security access controls based on risk classification. Assign metadata and restrict access to sensitive content.

    3) Design compliance information architecture. This is your chance to expose, access, and manage all content residing in your network and/or the cloud for centralised document management in SharePoint based on your specific business requirements – such as restructuring permissions, and adjusting access, metadata and security settings of content. Strictly regulate user-generated content to prevent the creation or uploading of non-compliant, harmful content.

    4) Determine cloud migration approach. Utilise content and site assessment reports and subsequent tagging to develop a best practices approach to migrate select content and workloads to the cloud. You can do so by identifying cloud-appropriate content for migration with customisable filters based on metadata or content types you established in Step 3. Scan, flag and/or block all contents prior to upload to ensure compliance. Detect and make changes to content and/or user permissions and access that violate your policy. Then, just as in any other migration – determine your schedule and project milestones to ensure that the project meets your business needs and keeps your end users focused on what they should be focused on: doing their jobs.

    As companies and government agencies move their applications increasingly to a cloud based infrastructure, they must also understand and fully review the associated privacy and security considerations.  Privacy is a global issue, and one thing is certain, even if you build software applications to serve a very specific market segment - you cannot ignore privacy as a fundamental issue that your customers will demand. Change can be hard, but this is a positive change. You’ll be utilising a new way of working in the cloud that can vastly improve your business agility, while keeping traditional hardware costs low and safeguarding your sensitive data. In the meantime, keep your feet firmly planted on the ground as your applications move to the sky!

     


  • Gadgets for the IT Guy: Surface 2 and Surface Pro 2

    The iconic kickstand a better, full HD screen, lighter form factor and superior sound make Simon May, Microsoft Evangelist, rather obviously fall in love with the new Surface 2 and Surface Pro 2 devices. But are they good for the IT guy.

    Surface Pro 2_Type Cover_purple

    Last week I was lucky enough to be one of the first people to go “hands on” with the new Surface 2 and Surface Pro 2 devices from Microsoft. As always this series is about writing about what they’re like for IT Pros which I’ll get onto in a few lines but before I do let me tell you how I use my current Surface devices. Currently I only own a Surface RT, actually I own three of them and two are for demo purposes. My main Surface device spends most of its time sat by the sofa and it’s used for casual non-work stuff but it’s also used heavily for commuting. For the times I go into London to for work I only take my surface, I don’t need anything else for emails, for meetings, for blogging or my general day to day non-technical work. Surface RT is the perfect device for this because it’s light and I don’t need to charge it. I also have an Android tab sat there, invariably I prefer Surface RT.

    Surface 2

    Surface RT2_Rear view

    Let’s start off looking at the new Surface 2 then which runs Windows RT. The very first thing I noticed when I grabbed the device was how much lighter it feels than the Surface RT, I am sure there’s not much of a weight difference but it’s enough to be noticeable. The very next thing I did was to try the iconic kick stand, it feels as solid as the Surface RT with that pleasing spring when it gets to the end of its movement but the kickstand can be pulled to make it move a smidge further and provide a flatter working angle. I moved the kickstand to the second position and I was quite surprised about how that affected by ability to type. With the first position and on the Surface RT it’s pretty cumbersome to type on screen, with Surface 2 the kick stand position makes it easy to type with both hands –almost touch type.

    My very next move was to power the device up and log in to set it up. Immediately I noticed how sharp the 1080p screen is compared with the 720p screen is on the Surface RT which just made the Surface logo that little bit smoother. It’s also noticeable on the labels on live tiles which are just that little bit more readable. Personally I prefer to have more tiles so I quickly set my Surface 2 to display 4 and the 1080p screen handles that really nicely too. Within about 10 minutes my apps had started to sync down too so I jumped onto twitter which did exactly what you’d expect on a 1080p screen. Wanting to test the screen more I popped into the Windows Store and installed the 500px app to view some beautiful photography. I have to say the clarity of the screen, the contrast of the colours everything about the screen makes it wonderful to look at.

    Office Work

    Taking a look at the desktop to use the Microsoft Office apps also didn’t disappoint me. The higher resolution makes office just that little bit nicer to work with which I think is possibly because it’s slightly more congruous with the display on my Asus Zenbook Prime, things just seem to be the right dimensions.

    Everything starts to feel snappier around the interface than my Surface RT with apps loading just that little bit more quickly. Overall I found the Surface 2 to be a pretty great improvement over the Surface RT for me, I’ll probably be buying my own. Sometimes people say to me that it’s not a great device for IT Pros because it doesn’t run desktop apps, I however find that it does almost everything I need for short periods and does much better than anything else I’ve ever used for such. I have easy access to PowerShell and to Remote Desktop and in fact though remote desktop I deliver a couple of apps I need occasionally (like the RSAT) using Remote App and they basically feel like native tools.

    Another thing I like, which is actually a Windows 8 feature is the ability to wipe my device. The device I used for this review wasn’t mine, was not going to be mine and other people needed to use it, so I used the reset ability of Windows 8 to just reset the device and take away all my customizations before I handed it off. Very handy for recycling your old Surface RT device I thought.

    Surface Pro 2 for the Professional

    Surface Pro 2 RHS

    Next I was onto taking a look at the Sur face Pro 2, a colleague had signed into this device first and it was setup with their Microsoft Account. The very first thing I did was play a movie trailer from Xbox video, not so that I could see the screen – it’s 1080p just like the Surface Pro, but so I could the sound. The Surface Pro 2 and actually the Surface 2 have Dolby audio built in and wow do they sound good! The sound is excellent and probably the best of any tablet device since they have two speakers (lots of tablets only have one – aka Mono) but Surface has multiple drivers and sounds superb. I could happily use the Surface Pro 2 as music device or to watch whole movies on.

    I wanted to give the USB 3 on the device a try so I moved a huge amount of data over from a USB3 memory stick and transfer speeds averaged about 34mbs. Copying from the Surface 2 to the stick managed a similar average transfer speed, so we can tick the “it just works” box. I also ran some benchmarks on the device and it out performed by new laptop (Asus Zenbook Prime) in almost every way from drive speed, 3D graphics performance and various CPU tests. I have to say it was impressive in every respect and obviously a total laptop replacement for an IT Pro – with this you’d only need one device for everything in your life – even a little bit of virtualisation!

     

  • How to convince your boss to let you attend SQLRelay..

     

    Why is it so hard to get time off for training? It can be hard, because there is a cost associated with a training event. However, whilst SQLRelay offers free training, you may still need some help to explain the value of SQLRelay to your boss.  Here are some useful reasons you can provide when you ask for the time to attend a SQLRelay event, and we hope to see you there!

    Here are some signs that your organisation needs to send you to SQLRelay…

    • You’re fed up of paying contractors or consultants to do things for you
    • You’re starting new projects in the short to medium term, and want to be as prepped as possible to make the project a success
    • You’re buying new hardware rather than performance tuning properly. You need tips and tricks to do that in the latest versions of SQL Server, but need pointers where to start
    • You are suffering from a data deluge, and are thinking of taking a step back to evaluate your architecture, and perhaps considering Big Data technologies

     Well, lots of conferences can give you that! Let’s look at why SQLRelay isn’t like other conferences…

    • It’s free and it’s near you. You aren’t coming to us: Microsoft team members, and world experts, are giving SQL Server advice in your area – for free
    • We don’t hang around playing golf or other ‘networking’ events. SQLRelay attendees turn up and just learn about SQL Server for the day.  If your boss doesn’t believe you, ask them to look at the SQLRelay website.  There aren’t any ‘after event party’ pictures - just people listening to speakers
    • Free consultancy. Come along and ask Microsoft and the expert speakers about your problems. That’s what they’re there for. Come along and meet people who eat, live and breathe SQL Server all day long.
    • A ‘sense check’ of your SQL Server strategy. Come and attend SQLRelay in order to get an understanding if your organisation’s strategy on data is in line with Microsoft’s strategy. Also, learn about the new tools and techniques for business users that are coming out of Microsoft
    • SQL Server technologies have had a paradigm shift.  Join us at SQLRelay in order to learn about the range of SQL Server technologies that are available to your organisations. In other words, make the most of your SQL Server licenses!

     How SQLRelay can make things easier for people who don’t attend…..

    • Attendees get access to a lot of the presenter material, for free. This means that they can come back and share their learning with the rest of the team
    • Get performance tuning techniques that can save you money on hardware.
    • Learn whether technologies are worth getting. What’s worth paying for and how can it improve things for everyone else?

    To summarise, attending a free training event, given by Microsoft and world-experts, is an excellent investment of your organisation’s time, resources and energy. SQLRelay is coming to a location near you. Come and join us: learn, and get help with your SQL Server issues, for free. We look forward to seeing you there!

     About SQLRelay

    SQLRelay is a series of day-long conferences held around the UK by local community organisers.  Each event covers a wide range of SQL Server related content delivered by expert speakers from around the world.  In its fourth iteration, it’ll be appearing in a city near you during November. For more details consult sqlrelay.co.uk

    • 11th Nov – Reading
    • 12th Nov – Southampton
    • 13th Nov – Cardiff
    • 14thNov – Birmingham
    • 15thNov – Hemel Hempstead
    • 25thNov – Newcastle
    • 26thNov – Manchester
    • 27thNov – Norwich
    • 28thNov – Bristol
    • 29thNov – London

    Help spread the word by getting in touch with us via -  Twitter  @SQLRelay2013 - Facebook/SQLRelay2013 or via LinkedIn

      

      Event Speaker: Jen Stirrup - Most Valuable Professional (MVP) - SQL Server

      

    Jen is best-known for her work in Big Data, Business Intelligence and Data Visualisation. She is Joint Owner of Copper Blue Consulting, delivering business-critical solutions that add enterprise value in addition to provisioning technical integrity. Jen is a Director-At-Large (Elect) for the Professional Association of SQL Server (PASS) organisation, holding the EMEA seat. Jen is also a current holder of the SQL Server ‘Most Valuable Professional’ Award (MVP) who has also won the SQLPASSion Award, presented by PASS at Summit 2012, for her work in helping the European SQL Server community. Jen has presented at a variety of world-class events including TechEd North America, TechEd Europe, PASS Summit, PASS Business Analytics Conference, SQL Live! 360 and SQLBits, along with SQLSaturday events throughout Europe and the United States.

      

     

  • Lab Ops 7 – Setting up a pooled VDI collection in Windows Server 2012 R2

    In Windows Server you can create two kinds of Virtual Desktop Infrastructure (VDI), personal or pooled.  A personal collection is a bit like a company car scheme where everyone chooses their own car. This means there needs to be car for everyone even if they are on leave or sick etc. and each car needs to be individually maintained. However the employees are really happy as they can pimp their transport to suit their own preferences.  Contrast that with a car pool of identical cars, where an employee just takes the next one out of the pool and when its brought back its refuelled and checked ready for the next user, and you don’t need a car for everyone as there’ll be days when people just come to the office or use public transport to get to their destination.  That seems to be a better solution than company cars for the for the employer but not so good for the employees. Pooled VDI collections work like pool cars in that they are built from one template and so only one VM has to be maintained, but that means every user has the same experience which, might not be so popular.  However Pooled VDI in Windows Server 2012 has a method for personalising each users experience while still offering the ability to manage just one template VM and that’s why I want to use pooled VDI in my demos. 

    Carrying on from my last post I right click on RD Virtualisation Host and select Create Virtual Desktop Collection

    image

    Now I get specify the collection type

    vdi collection type

        

    Having chosen the collection type I now need to pick a template on which to base the pool..

    vdi template selection

    I found out that you can’t use the new Hyper-V generation 2 VMs as a VDI template even in Windows Server 2012R2 rtm. This does mean you can use that WimtoVHD Powershell script I have promoting in earlier posts in this series to create my template directly from the Windows installation media. 

    Note: you’ll need windows 8.1 enterprise for this which is currently only available on msdn, until 8.1 is generally available in a couple of weeks when there should be an evaluation edition available

    In fact for a basic VDI demo the VHD this creates can be used as is; all you need to do is create a new VM from this VHD to be configured with the settings each of the VDI VMs will inherit, such as CPU, dynamic memory settings, Virtual NICs and which virtual switches they are connected as well as any bandwidth QoS you might want to impose..  

    vdi template details

    Here you can see the setting for my template VM such as it being connected to my FabricNet virtual switch.

    Normally when you build VMs from templates you will want to inject an unattend.xml file into the image to control its settings as it comes out of  sysprep (as I have done in earlier posts in this series). This wizard helps you with that or you can just enter basic settings in the wizard itself as I have done ..

    vdi template settings

    and not bother with an unattend.xml file at all.

     

    vdi template unattend settings

    Now I can start to configure my collection by giving it a name, how many VMs it will contain and specifying who can access it ..

    vdi create collection

    In a production environment you would have several virtualization hosts to run your collection of VMs and here you can specify the load each of those hosts will have. 

    vdi specify hosts for collection

    Having specified which hosts to use I can now get into the specifics of what storage the VMs will use. I am going for a file share, specifically one of the file shares I created earlier in this series, which will make use of the enhancements to storage in R2.  Note the option to store the parent disk on a specific disk, which might be a good use of some of the new flash based devices as this will be read a lot but rarely updated.

    vdi vm location

    My final choices is whether to make use of user profile disks.  This allows all a users settings and work to be stored in their own virtual hard disk and whenever they log in to get a pooled VM, this disk is mounted to give them access to their stuff.  This is really useful if all your users only ever use VDI as you don’t need to worry about all that roaming profiles and so on.  However if your users sometimes use VDI and sometimes want to work on physical desktop such as laptops then you’ll want to  make use of the usual tools for handling their settings across all of this so they get the same desktop whatever they use - remember we work for these people not the other way around! 

    vdi user profile disk location 

    That’s pretty much it - the desktops will build and your users can login via the web access server in my case by going to http://RDWebAccess.contoso.com/RDWeb

    To demo the differences in performance on a pooled VDI collection that sits on a storage space that's had deduplication enabled I could create another collection on the Normal* shares I created in my post on storage spaces by doing this all again.  Or I could just run a PowerShell command, New-RDVirtualDesktopCollection,  and set the appropriate switches..

    $VHost = "Orange.contoso.com"
    $RDBroker = "RDBroker.constoso.com"
    $ColectionName = "ITCamps"

    #The VDI Template is a sysprepped VM running the Virtual Hard Disk, network settings etc.  that all the pooled VMs will inherit.  The VHD will run windows 8.1 configured and sysprepped with any applications and setting needed by end-users

    $VDITemplateVM = get-vm -ComputerName $VHost -Name "Win81x86 Gen1 SysPrep"

    New-RDVirtualDesktopCollection -CollectionName "ITCamp" -PooledManaged -StorageType CentralSmbShareStorage -VirtualDesktopAllocation 5 -VirtualDesktopTemplateHostServer $VHost -VirtualDesktopTemplateName $VDITemplateVM -ConnectionBroker $RDBroker -Domain “contoso.com” -Force -MaxUserProfileDiskSizeGB 40 -CentralStoragePath”\\fileserver1\NormalVMs” -VirtualDesktopNamePrefix "ITC" -OU “VDICampUsers” -UserProfileDiskPath “\\fileserver1\NormalProfiles”
    My good friend Simon May then gradually add in more and more VMs into the collection with the Add-RDVirtualDesktopToCollection cmdlet to see how much space he can save.

    The other really clever thing about a pooled VDI setup like this, is maintaining it.  Clearly you will want to change the tem[plate the Pooled collection is based on from time to time, for example to add or remove version of applications and to keep patches up to date.  All you have to do is to make another template VM with the new applications and latest patches and then   Update the collection from the Collection management screen, or via the Update-RDVirtualDesktopCollection PowerShell cmdlet for example

    PS C:\> Update-RDVirtualDesktopCollection -CollectionName "ITCamp" VirtualDesktopTemplateName "$VDITemplateName" -VirtualDesktopTemplateHostServer $VHost -ForceLogoffTime 12:00am -DisableVirtualDesktopRollback -VirtualDesktopPasswordAge 31 -ConnectionBroker $RDBroker

    where I would have set $VDITemplateName to be the modified and sysprepped VM to base the updated collection on. Note the Force LogOffTime setting; that’s where users will be thrown out and forced to log on again.  If you don’t set this they’ll only get to use the new version when the login and logout again.  However you manage that if you have used User Profile in the collection as I have done their preferences and setting will persist on the updated collection.

     

    So that’s the basics of setting up VDI on a laptop for your evaluations.  From here I could go on to ad other parts of the Microsoft remote desktop solution such as;

    • Set up RemoteApp the business of delivering individual applications over the Remote Desktop Protocol (RDP)
    • Add in RD Session Hosts and RDS Collections to deliver the traditional terminal services functionality and still the most efficient way to deliver remote desktops top users
    • Add in an RD Gateway to open up the RD infrastructure to remote users.  Clever use of the Remote Routing and Access Services role in a VM that’s connected to virtual networks can be used to simulate this connectivity from just one host. 
    • Add in a Licensing host for production environments 

    However I would be interested to know what you would like me to post next, so please add comments or if you are shy e-mail me

  • Lab Ops - Stop Press Windows Server 2012R2 Evaluation edition released

    I have just got back to my blog after a few days at various events and I see the Evaluation edition of Windows Server 2012R2 has been released.  I need this for my lab ops because I am building and blowing away VMs for er… evaluations and I don’t want to have to muck about with license keys. For example I have a script to create FileServer1 VM but if I use the media from MSDN for this and I don’t add in a license key to my answer file, the machine will pause at the license key screen until I intervene.  Now I have the Evaluation Edition I can build VM’s that will starter automatically and when they are running continue to configure them. For example for my FileServer1 VM I created in earleir posts in this series  I can add a line to the end of that script while will run on the VM itself once it is properly alive after its first boot..

    invoke-command -ComputerName $VMName -FilePath 'E:\UK Demo Kit\Powershell\FileServer1 Storage Spaces.ps1'
    ..and this will go away and setup FileServer1 with my storage spaces.

    Note both the script to create FileServer1 (FileServer1 Setup.ps1) and the xml it uses to add features into that VM (File server 1 add features.xml) and the File Server1 Storage Spaces.ps1 script referenced above are on my SkyDrive for you to enjoy.

    One good use case for executing remote PowerShell  scripts remotely like this is when working on a cluster. Although I have put the Remote Server Administration Tools (RSAT) on my host and to have access to the Failover Clustering  cmdlets I get a warning about running these against a remote cluster..

    WARNING: If you are running Windows PowerShell remotely, note that some failover clustering cmdlets do not work remotely. When possible, run the cmdlet locally and specify a remote computer as the target. To run the cmdlet remotely, try using the Credential Security Service Provider (CredSSP). All additional errors or warnings from this cmdlet might be caused by running it remotely.

    While on the subject of new downloads the RSAT for managing Windows Server 2012R2 from Windows 8.1 is now available, so you can look after your servers from the comfort of Windows 8.1 with your usual tools like Server Manager, Active Directory Administrative Console, Hyper-V manager and so on On my admin VM I have also put on the Virtual Machine Manger Console ad SQL Server Manager and a few other admin tools..

     

    image

    Before you ask me the RSAT tools you put on each client version of Windows only manage the equivalent version of server and earlier.  For example you can’t put the RSAT tools for managing Windows Server 2012R2 onto Windows 8 or Windows 7.

    So using my lab ops guides or the more manual guides on TechNet, you can now get stuck into playing with Windows Server 2012R2, as a way of getting up to speed on the latest Windows Server along with the R2 courses on the Microsoft Virtual Academy.

  • TechDays Online Countdown Conundrum Terms & Conditions

    1. ELIGIBILITY. This promotion is open to any person resident in the United Kingdom who is eighteen (18) years of age or older at the time of entry and who is a registered member of the Website http://www.twitter.com (the "Website"). IF YOU ARE NOT A REGISTERED MEMBER OF THE WEBSITE YOUR ENTRY WILL NOT BE VALID AND YOU WILL NOT BE ABLE TO WIN A PRIZE. Follow the instructions on the Website to register.

    Employees of Microsoft or its affiliates, subsidiaries, advertising or promotion agencies are not eligible, nor are members of these employees’ families (defined as parents, children, siblings, spouse and life partners).

    2. ENTRY. To be entered into the competition you must:

    · Tune in to watch the TechDays Online webcast from http://ukgo.ms/TechDays13 during Promotion Days One or Promotion Day Two, as defined in Section 3 below;

    · During broadcast, a total of 10 (ten) individual letters on Promotion Day One, and a total of 9 (nine) individual letters on Promotion Day Two (each an “Anagram Letter”) , will be shown after each presentation session on the relveant Promotion Day as outlined in the agenda available at the above URL;

    · Each set of Anagram Letters will form a word, as chosen by Microsoft (each an “Anagram Word”);

    · Entrants must collect each Anagram Letter for a relevant Anagram Word, and compile that Anagram Word;

    · To enter, an entrant must then tweet their Anagram Word for the relevant Promotion Day, to @TechNetUK and label the tweet with the hashtag #UKTechDays.

    To the extent that entry requires the submission of user-generated content such as photos, videos, music, artwork, essays, etc., entrants warrant that their entry is their original work, has not been copied from others, and does not violate the privacy, intellectual property rights or other rights of any other person or entity.

    Entries will be ineligible for the prize draw if they:

    · are incomplete;

    · refer to an incorrect Anagram Word (that is, a word other than that chosen by Microsoft, in its absolute discretion)

    · exceed the maximum number of entries allowed per person;

    · violate the rights of any other person or entity;

    · are received outside of an Entry Period set out below; or

    · are reported to violate the terms governing use of the Website.

    Only one (1) entry per person will be accepted perEntry Period. No purchase necessary to enter the promotion. Entry constitutes full and unconditional acceptance of these Terms and Conditions. Microsoft is not responsible for lost, corrupted or delayed entries. Microsoft reserves the right to disqualify anyone who violates these Terms and Conditions.

    3. TIMING. This promotion runs from 0930 GMT on 7th November 2013 until 1530 GMT on 8th November 2013 (inclusive) (the “Promotion Period”). This Promotion Period consists of two distinct Promotion Days (a “Promotion Day”) during which Anagram Letters will be revealed, as defined below:

    · “Promotion Day One” – 0930 GMT on 7th November 2013 until 1615 GMT on 7th November 2013 (inclusive)

    · “Promotion Day Two” – 0930 GMT on 8th November 2013 until 1530 GMT on 8th November 2013 (inclusive)

    Each Promotion Day provides one  entry opportunity (each an “Entry Period”), as defined below:

    · “Entry Period One” – 1605 GMT on 7th November 2013 until 1635 GMT on 7th November 2013 (inclusive)

    · “Entry Period Two” – 1540 GMT on 8th November 2013 until 1545 GMT on 8th November 2013 (inclusive)

    Timings subject to change dependent upon session running time and release time of final Anagram Letter. Each Entry Period will be the duration stated above from the point at which the final Anagram Letter is released during broadcast on the relevant Promotion Day.

    4. USE OF YOUR ENTRY. Personal data which you provide when you enter may be used for future Microsoft marketing activity if you indicate your consent to such activity (if applicable). Otherwise your personal data will be used by Microsoft and agents acting on Microsoft’s behalf only for the operation of this promotion.

    5. SELECTION OF WINNERS. All valid entries will be judged as a finalist.

    Winning entries for each Entry Period will be determined by a panel of judges with at least one independent judge on the day that the Entry Period closes, as detailed below.

    The fastest correct entry received during Entry Period One will be selected by the judges at 1610 on 7th November 2013 (Promotion Day One). In the event that there are multiple entries received at exactly the same time, those entries will be entered into a random draw conducted by Microsoft with an independent adjudicator, in order to ensure there is one fastest entry selected, as required.

    All correct entries received during Entry Period One will also be eligible for one of three possible Runner Up prizes, which will be determined by a random draw conducted by Microsoft Limited on at 1610 on 7th November 2013 and will be supervised by an independent adjudicator. Chances of winning depend on the number of entries received.

    The fastest correct entry received during Entry Period Two will be selected by the judges at 1525 on 8th November 2013 (Promotion Day Two). In the event that there are multiple entries received at exactly the same time, those entries will be entered into a random draw conducted by Microsoft with an independent adjudicator, in order to ensure there is one fastest entry selected, as required.

    All correct entries received during Entry Period Two will also be eligible for one of three Runner Up prizes, which will be determined by a random draw conducted by Microsoft Limited on at 1525 on 8th November 2013 and will be supervised by an independent adjudicator. Chances of winning depend on the number of entries received.

    Judging will be based on:

    · Use of all available Anagram Letters;

    · Correct Anagram Word;

    · Adherence with the entry method as per Section 2.0.

    A maximum of one prize per entrant is allowed throughout the Promotion Period. Winners will be notified through the Website on the day that the winning entry for relevant Entry Period is drawn. If a potential winner has not confirmed receipt of the notification within TEN (10) days after the first attempt, an alternative winner will be selected on the same basis as described above (either at random for prize draws or according to the same judging criteria for competitions). Winners may be asked to provide identification proving their eligibility before they are entitled to receive the prize. Winners may be asked to participate in further publicity or advertising.

    6. PRIZE(S). There will be twelve (12) prize(s) in total. The prize(s) will be as follows:

    Entry Period One

    · First Place – One (1) Microsoft Xbox One package, consisting of: 1 Xbox One Games Console, 2 Xbox Games (Fifa 14 and Call of Duty: Ghosts) and one control pad (£525.00 approximate value)

    · Runners Up – Three (3) Microsoft Xbox One Onesies (£50.00 approximate value)

    Entry Period Two

    · First Place – One (1) Microsoft Xbox One package, consisting of: 1 Xbox One Games Console, 2 Xbox Games (Fifa 14 and Call of Duty: Ghosts) and one control pad (£525.00 approximate value)

    · Runners Up – Three (3) Microsoft Xbox One Onesies (£50.00 approximate value)

    Prizes are as stated and are not transferable. No cash alternatives available. Microsoft reserves the right to substitute the prizes with prizes of equal or greater value. All prizes will be sent by Microsoft or its agent no later than 3 months after the prize draw has been made by Microsoft (or such later date as is reasonable, taking into account the availability of Xbox One consoles following the release date). Unless otherwise stated, all prizes are subject to their manufacturer's warranty and/or terms and conditions.

    Prizes may be considered as a taxable benefit to the winners. Winners will be directly responsible for accounting for and paying to HMRC, or other relevant tax authority, any tax liability arising on their prize. Please contact ukstat@microsoft.com for any query related to the taxable amount for reporting to HMRC, or other relevant tax authority.

    7. WINNERS LIST. Each winner consents to his/her surname being made publicly available upon request. Winners’ names will be available for a period of 28 days after the selection of winners by written request to ukitpro@microsoft.com.

    8. OTHER. No correspondence will be entered into regarding either this promotion or these Terms and Conditions. In the unlikely event of a dispute, Microsoft’s decision shall be final. Microsoft reserves the right to amend, modify, cancel or withdraw this promotion at any time but only before the delivery of prizes, without notice.

    Participants in this promotion agree that Microsoft will have no liability whatsoever for any injuries, costs, damage, disappointment or losses of any kind resulting in whole or in part, directly or indirectly from acceptance, misuse or use of a prize, or from participation in this promotion. Nothing in this clause shall limit Microsoft’s liability in respect of death or personal injury arising out of its own negligence or liability arising out of Microsoft’s fraud.

    Microsoft cannot guarantee the performance of any third party and shall not be liable for any act or default by a third party.

    9. SPIRIT OF THE COMPETITION. If an entrant attempts to compromise the integrity or the legitimate operation of this promotion by hacking or by cheating or committing fraud in ANY way, we may seek damages from that entrant to the fullest extent permitted by law. Further, we will disqualify that entrant’s entry to this promotion and may ban the entrant from participating in any of our future promotions, so please play fairly.

    Promoter: Microsoft Limited (“Microsoft”), Microsoft Campus, Thames Valley Park, Reading, RG6 1WG, England.


  • Windows XP を 2014 年 4 月のサポート終了後も使い続けることのリスク

    本記事は、Microsoft Security のブログ “The Risk of Running Windows XP After Support Ends April 2014 (2013 8 15 日公開) を翻訳した記事です。

    今年の 4 月、私は Windows XP のサポート終了に関する「カウントダウン開始: Windows XP のサポートは 2014 年 4 月 8 日に終了」というタイトルのブログを投稿しました。それ以来、話す機会のあった多くのお客様が、所属組織で Windows XP から Windows 7 や Windows 8 などの最新オペレーティング システムへの移行を完了したか、または現在移行作業を進めています。

    実際のところ、事態は切迫しています。というのも、2014 年 4 月 8 日以降、Windows XP Service Pack 3 (SP3) ユーザーには、新しいセキュリティ更新プログラム、セキュリティ以外の修正プログラム、無償/有償の支援サポート オプション、オンライン技術コンテンツの更新は提供されなくなるからです。つまり、Windows XP のサポート終了後に新しい脆弱性が発見されても、マイクロソフトは新しいセキュリティ更新プログラムでの対処を行わないということです。それでも何らかの理由により、4 月 8 日までに Windows XP からの移行を完了するのが困難だというお客様もいます。さらに、Windows XP を実行しているハードウェアが故障するまで移行するつもりがないというお客様もいます。

    Windows XP をサポート終了後も使い続けることのリスクにはどのようなものがあるでしょうか?  第 1 のリスクは、攻撃者が優位に立つことです。実際、Windows XP ユーザーよりも攻撃者のほうが Windows XP の脆弱性情報をより多く入手できます。その理由を説明しましょう。

    マイクロソフトがセキュリティ更新プログラムをリリースすると、セキュリティ研究者やサイバー犯罪者は即座にリバース エンジニアリングを行い、その更新プログラムが解決する脆弱性を含むコードの具体的な場所を特定します。 脆弱性を特定すると、セキュリティ更新プログラムをインストールしていないシステムを悪用するためのコードを開発します。さらに、同一または同様の機能を持つ他の製品にも同じ脆弱性がないか特定しようとします。たとえば、あるバージョンの Windows で脆弱性が解決された場合、研究者は他のバージョンの Windows にも同じ脆弱性がないかどうか調査します。同様の調査を行う攻撃者からユーザーを保護するため、マイクロソフト セキュリティ レスポンス センター (MSRC) は通常、影響を受けるすべての製品のセキュリティ更新プログラムを同時にリリースしています。これによりユーザーは、攻撃者がリバース エンジニアリングを行う前に、影響を受けるすべての製品のセキュリティ更新プログラムを入手できるため、攻撃者よりも優位に立つことができます。

    しかし、2014 年 4 月 8 日以降も Windows XP を使い続ける組織は、こうした攻撃者に対する優位性を失ってしまいます。マイクロソフトが、サポートされているバージョンの Windows のセキュリティ更新プログラムをリリースすると、攻撃者はひと月もたたないうちにリバース エンジニアリングを行って脆弱性を特定し、Windows XP にも同じ脆弱性があるかどうかを調べあげてしまいます。同じ脆弱性があった場合、攻撃者は悪用コードを開発し、Windows XP の脆弱性に付け込もうとします。これらの脆弱性に対する Windows XP 用セキュリティ更新プログラムはもはやリリースされないため、Windows XP は「ゼロ デイ」脆弱性を永久に抱えることになります。このような事態はどのくらいの頻度で起こるのでしょうか?  2012 年 7 月から 2013 年 7 月の間、Windows XP は 45 件のマイクロソフト セキュリティ情報で影響を受ける製品として記載されました。うち 30 件では、Windows 7 と Windows 8 も影響を受ける製品でした。
      
    私が相談を受けたユーザーの中には、Windows XP にはセキュリティ緩和策が組み込まれているため、悪用される危険性は低いと指摘する人もいます。また、ウイルス対策ソフトウェアにより攻撃をブロックし、感染を除去することも可能です。しかし問題なのは、システムのコンピューティング ベースを信頼できるかどうかがわからないことです。攻撃者は Windows XP のゼロ デイ エクスプロイトに関する公開情報を握っており、システムに侵入して任意のコードを実行できる可能性があるのです。さらに、このような状況下で、ウイルス対策ソフトウェアが使用するシステム API が信頼できるのかという問題もあります。一部のユーザーにとっては、システムの完全性に自信を持てなくても問題ないかもしれませんが、多くのユーザーにとって、これは受け入れられるものではありません。

    また、Windows XP Service Pack 3 に組み込まれたセキュリティ緩和策は、数年前の開発当初は確かに最新のものでした。しかし、マイクロソフト セキュリティ インテリジェンス レポートのデータによると、Windows XP に組み込まれたセキュリティ緩和策は、最新の攻撃からの保護には不十分です。Windows オペレーティング システムのマルウェア感染率データによると、Windows XP の感染率は、Windows 7 や Windows 8 などの最新オペレーティング システムと比べて飛躍的に高くなっています。

    図 1: 2012 年第 4 四半期のオペレーティング システムおよびサービス パック別の感染率 (CCM)、マイクロソフト セキュリティ インテリジェンス レポート第 14 版より

     

    私は最近、悪用活動の調査結果についてまとめた「ソフトウェアの脆弱性悪用の傾向 - 脆弱性悪用のパターンに対するソフトウェア緩和策の影響に関する調査結果」を発表しました。この 7 年間にわたる調査によると、攻撃者は、Windows XP の主なセキュリティ緩和策であるデータ実行防止 (DEP) を打ち破るよう、攻撃を進化させてきました。図 3 は、DEP が有効化された場合に緩和されたエクスプロイトを持つ Common Vulnerabilities and Exposures (CVE) の数と、DEP をバイパスしたエクスプロイトを持つ CVE の数を比較したものです。2007 年と 2008 年を除いて、エクスプロイトを遡及して無効化する DEP の機能は明らかに低下傾向になっています。この傾向は、DEP の効果がなくなったのではなく、DEP があらかじめ有効化されていて、多大なコストと複雑性を要する環境に合わせた変化を攻撃者が強いられたことを示しています。DEP をバイパスしたエクスプロイトを持つ CVE の数がこの証拠です。

    図 2 (左): 特定の悪用技術を使用して悪用された CVE の数; 図 3 (右): DEP が有効化された場合に緩和されたエクスプロイトを持つ CVE の数と、DEP をバイパスしたエクスプロイトを持つ CVE の数の比較

     

      

    この新しいデータは、個人および組織が現在直面する主な脅威が、Windows XP Service Pack 3 リリース時とは大きく異なることを示しています。Windows XP Service Pack 2 以降のオペレーティング システムで Windows ファイアウォールを有効化したことで、攻撃者は攻撃を進化させることを余儀なくされました。攻撃者は現在、リモート サービスを積極的にターゲットにすることよりも、Web ブラウザーやドキュメント リーダーなどのクライアント アプリケーションの脆弱性を悪用することに目を向けています。さらに攻撃者は、より効果的に脆弱性を悪用できるようにするために、独自のツールや技術を過去 10 年にわたり改良し続けています。そのため、Windows XP に構築されたセキュリティ機能は、現在の脅威を防ぐには十分ではありません。図 4 が示すように、Windows 8 は Windows XP よりもはるかに優れたセキュリティ緩和策を備えています。Windows 8 に組み込まれた新しいセキュリティ緩和策の詳細については、前述の調査資料をご覧ください。

    図 4: 下の表で Windows XP Service Pack 3 上の Internet Explorer 8 でサポートされる緩和機能と、Windows 8 上の Internet Explorer 10 でサポートされる緩和機能を比較しています。 この表が示すように、Windows 8 上の Internet Explorer 10 は、Windows XP 上の Internet Explorer 8 には適用されない多くのプラットフォーム セキュリティ改善
    策から恩恵を受けています。

     

    組織は、システムの完全性について一定の安心感を必要とします。この安心感は、サポートされないオペレーティング システムを実行するシステムの数を可能な限り少なくすることで得られます。Windows XP のサポートは 2014 年 4 月 8 日に終了します。

    Trustworthy Computing (信頼できるコンピューティング) 部門
    ディレクター
    Tim Rains (ティム・レインズ)