Over pints Pierre Roman, Bruce Cowper and Rick Claus decided they would put together a concise and timely podcast each “Update Tuesday”. The object is to keep it simple by letting you know in plain non technical language what the updates are, what they resolve and why you should care.
Have a listen directly from the embedded Silverlight player OR subscribe to the feed and download it to your iTunes / Zune software.
As always - if you have suggestions on making it better - please pass on your comments. Mail Rick directly – rick.claus@microsoft.com
Direct Download:
Subscribe to the podcast: (so you don't miss an episode)
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
In Depth Webcast on this months bulletins will take place: Wednesday, Feb 10 - 11:00 a.m. PST (UTC -8). (Registration link):
Bulletins discussed for February 9th, 2010:
Podcast Participants: Pierre Roman, Bruce Cowper and Rick Claus.
Additional Technical Show Notes:
- Recorded at Starbucks across from 100 Queen Street (Microsoft Ottawa office).
- Beverage of choice for this edition: Chai Latte, Grande Vanilla and Venti Vanilla latte.
PodSafe music from PodSafe Music Network @ http://music.podshow.com/. Artist: Derek K Miller, song - “You’re the Big Sky - rock guitar instrumental”
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
As part of EnergizeIT 2010 we have partnered with RunAs Radio to produce some podcasts on Office 2010. The first podcast of this 4 part series was posted yesterday. If you don’t already subscribe to RunAs Radio I encourage you to do so. It is a great podcast aimed directly at IT professionals.
-------------------------
Richard and Greg talk to Rodney Buike about the upcoming Office 2010. While he couldn't commit to a launch date (go search online, there's lots of rumors), it is safe to say that Office 2010 will ship in 2010. Rodney digs into the relevant changes in the suite, including the focus on Microsoft's "three screens" strategy, providing equal access online, on the desktop and on mobile devices. Check out the Office Product team blog at http://blogs.technet.com/office2010 and the Outlook 2010 Beta at http://www.microsoft.com/office/2010/.
I received the following post from Philip Elder of MPECS Inc, and Edmonton based SBS specialist. As hardware nears its end of life more and more people are starting to migrate their SBS installations to new hardware and in the process moving to SBS 2008 as well. Philip has done a number of migrations and has some thoughts to share.
------------------------------
Now that we have been into a number of different SBS 2003 to SBS 2008 migrations, it is perhaps a good time to share some thoughts on those experiences.
The first thought that comes to mind is that the Microsoft method for migrating is not an easy one. But, it goes without saying that any migration process is not easy.
We are talking about taking a very complicated piece of software in Small Business Server 2003 that has since had third party applications installed on it, updates, patches, and service packs installed on it, and then any number of customizations to meet the client’s particular needs and moving the entire domain and the server’s contents over to a new box running Small Business Server 2008.
There are two reasons why we dove into the Microsoft method:
- An oncoming migration was well before Jeff’s new methodology was going to be ready.
- Constanza Zalba sent an invitation to present on migrations since we were running through trials to figure out the Microsoft method.
The greater the number of migrations that we have run through, the better prepared we have become for jumping into any migration request.
The second thought that comes to mind is that there was a huge difference between migrating an existing client’s SBS network that we have been a part of since day one and a new client whose network we have never touched.
In the former case, we are aware of everything that is running on the server and clients and how they all work together to provide our clients with the best possible user experience.
In the latter, there can be any number of things that come together to cause a hiccup in the migration process that can be worked through. There are times though, where those things can bring about a complete melt down of the process.
Even worse, when we are starting out at ground zero with a new client and did not get enough time to scope the source server completely we may get the, “Where is my Line of Business application?” question that may really throw us for a loop after the source server has been completely decommissioned and taken offline.
At that point the, “But you did not tell me about that LoB when we were in discussions about the migration” excuse will not work.
Having a good fallback plan and an excellent image based backup of the source server before being touched and at each stage of the migration process will pay off. A good System State before being touched is an excellent way to step back if things choke before the mailbox move step.
And therein lies the two keys to having successful SBS Migrations:
- Planning, a good backup, more planning, and a thorough questionnaire for the client.
- Experience.
The first gives us as much information in as short amount of time as possible.
The second prepares us to deal with the messes left by other folks that did not really understand how Small Business Server was supposed to be set up, configured, and managed.
Between the two we can be pretty confident about quoting out a set price on the migration and coming away with a fairly accurate or better margin on the deal.
Always remember the Star Trek engineer’s rule of thumb:
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book
Hi I’m Christian Beauclair, Senior Developer Advisor at Microsoft Canada. Listening to IT Professionals across Canada, we heard clearly that in today’s ever-changing IT environment, you are tasked with finding new ways to with do more with less. From increasing productivity, reducing costs, and helping your organization move forward, flexibility is the key and you are looking for a solution, not just technology to meet your needs. We’ve also heard loud and clear it is a challenge keeping up with technology.
It’s my role and our team’s mission to ensure that we support you in understanding the possibilities of what technology can do to help you deliver on real-world solutions. That’s why we created the Energize IT Program. Energize IT is about showing you what’s possible from a solution perspective, connecting you with your peers while highlighting what others are doing in an effort to support you and your organization.
In just a couple of weeks, we will be announcing EnergizeIT program details, including registration options to our complementary event series to TechNet Flash newsletter subscribers. If you are not a subscriber, I’d encourage you to subscribe today! 2010 EnergizeIT program will be kicking off and wanted to give you a heads up. This year’s focus is on how you can leverage the Microsoft platform to help satisfy business requirements while increasing IT and end-user productivity. Through Energize IT: From the Client to the Cloud events that are being scheduled in cities across Canada , along with webcasts, our team will show you how to take advantage of the Microsoft-based platform to help your organization navigate the choppy waters of the current reality, and help provide guidance on how to get there.
You will learn how to help reduce capital costs while increasing scalability through Microsoft’s Client and Cloud approach of bringing together the best aspects of Software and the best aspects of the Internet - Software+Services. We’ll also show you the value and potential of the new Microsoft Office 2010 platform, including SharePoint 2010, to take the way you work to the next level, and how to develop the next generation of applications, both on premise and for the Cloud, using Visual Studio 2010. You will see how the power of the Microsoft platform can help you as a developer form a solution perspective. .
Subscribe to the TechNet Flash newsletter today to be the first to hear about the free Energize IT program offerings and registration details including, From the Client to the Cloud event series; Community connection events; Install Fest events, podcasts and more.
I look forward to connecting with you in the near future,
Christian Beauclair
Senior Developer Advisor, Microsoft Canada Inc.
Over pints at D’Arcy McGee’s, Pierre Roman, Bruce Cowper and I decided we would try to help solve the issue of information overload regarding patching and put together a timely podcast to go live each “Patch Tuesday”.
Goals:
- Use plain English terms and every day language that any Technical professional can understand – minimize “corporate speak”.
- Breakdown each Security Bulletin with summary information first followed by more details as to the impact an IT Pro would face.
- Outline mitigation factors in case patches couldn’t be tested or applied in a timely fashion
- Keep it top 20 minutes OR LESS. This one is critical – Keep It Simple, repeatable and get out of the IT Pros way to get on with their day.
- Have fun!
Have a listen directly from the embedded Silverlight player OR subscribe to the specific feed and download it to your iTunes / Zune software.
As always - if you have suggestions on making it better - please pass on your comments. Mail me directly – rick.claus@microsoft.com
Direct Download:
Subscribe to the podcast: (so you don't miss an episode)
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
Bulletins discussed for January 21th, 2009:
Podcast Participants: Pierre Roman and Rick Claus.
Additional Technical Show Notes:
- Recorded remotely in Rick’s HomeOffice and Pierre’s Basement.
- Beverage of choice for this edition: water
- You are REALLY going to want to check out the Microsoft Security Response Center blog - lots of very good information
PodSafe music from PodSafe Music Network @ http://music.podshow.com/. Artist: Derek K Miller, song - “You’re the Big Sky - rock guitar instrumental”
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
This alert is to provide you with an overview of the new security bulletin being released (out-of-band) on January 21, 2010.
New Security Bulletin
Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities:
| Bulletin ID | Bulletin Title | Maximum Severity Rating | Vulnerability Impact | Restart Requirement | Affected Software |
| MS10-002 | Cumulative Security Update for Internet Explorer (978207) | Critical | Remote Code Execution | Requires a restart | All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*. |
| * Where indicated in the Affected Software table on the bulletin Web page, the vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Please see the bulletin Web page at the link in the left column for more details. |
Microsoft will host a webcast to address customer questions on this bulletin:
Title: Information About Microsoft's January 2010 Out-of-Band Security Bulletin Release
Date: Thursday, January 21, 2010, at 1:00 P.M. Pacific Time (U.S. & Canada).
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032440627
Public Resources related to this alert
· Security Bulletin MS10-002 – Cumulative Security Update for Internet Explorer (978207):
http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx
· Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/
· Microsoft Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/
· Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/
· Microsoft Security Development Lifecycle (SDL) Blog: http://blogs.msdn.com/sdl/
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
| Bulletin Identifier | Microsoft Security Bulletin MS10-002 |
| Bulletin Title | Cumulative Security Update for Internet Explorer (978207) |
| Executive Summary | This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352. |
| Affected Software | All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*.
* Where indicated in the Affected Software table on the bulletin Web page, the vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Please see the bulletin Web page at the link below for more details. |
| CVE, Exploitability Index Rating | · CVE-2010-0244: Uninitialized Memory Corruption Vulnerability (EI = 1) · CVE-2010-0245: Uninitialized Memory Corruption Vulnerability (see note below) · CVE-2010-0246: Uninitialized Memory Corruption Vulnerability (see note below) · CVE-2010-0247: Uninitialized Memory Corruption Vulnerability (EI = 1) · CVE-2010-0248: HTML Object Memory Corruption Vulnerability (EI = 2) · CVE-2010-0249: HTML Object Memory Corruption Vulnerability (EI = 1) · CVE-2009-4074: XSS Filter Script Handling Vulnerability (see note below) · CVE-2010-0027: URL Validation Vulnerability (EI = 1)
Note: Please see the Exploitability Index table of the bulletin summary page for more details: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx |
| Attack Vectors | · A maliciously crafted Web page · A maliciously crafted HTML e-mail |
| Mitigating Factors | · Users would have to be persuaded to visit a malicious Web site. · Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted Sites zone. · By default, IE on Windows 2003 and Windows 2008 runs in a restricted mode. |
| Restart Requirement | The update will require a restart. |
| Bulletins Replaced by This Update | MS09-072 |
| Publicly Disclosed?
Exploited? | CVE-2010-0249 has been publicly disclosed prior to release. CVE-2010-0249 has been exploited in the wild at release. |
| Full Details | http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx |
| | |
Regarding Information Consistency
Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
I was chatting with Brian Bourne from CMS Consulting in Toronto about some Hyper-V R2 work that they have done recently. In the conversation Brian shared a ton of learning's from the field on some of the Hyper-V R2 upgrades, deployments and V2V/P2V migrations. I asked him to write up a post and he did, so much so that I had to split it into two posts. You can find Part 1 here!
-------------------------
The release of R2 has been a major step forward for Microsoft’s virtualization strategy. It has also meant a rise in customer interest and willingness to move their data center and production servers on to the platform. Here at CMS Consulting, we’ve been offering both training and consulting services to help customers through the process. Here are some of the things we’ve learned along the way.
Virtual to Virtual (V2V) Migrations
In theory, this should be easy as pie right? The machine is already virtualized. How hard can a conversion be? Once again think about cloning to new hardware. For Virtual Server or VMWare to Hyper-V migrations, it truly appears as a completely new hardware platform to the operating system. This leads us to a few tips I’d like to add to the standard documentation.
- Cleanly shutdown the virtual machine, merge snapshots if they exist.
- After migration, logon to ensure the Hyper-V integration components are installed and working. VMM may think its ok, but it may not be. More tips on this below.
- If you are migrating offline or inactive virtual machines, remember they do get started as part of the migration process. This means you better think about the consequences of having that machine come online and what network its virtually “plugged in to” when it does.
Overall V2V migrations from Virtual Server and Hyper-V do go smoothly, but realize that the machine will be stopped and offline for the duration of the migration. Online migration is not a listed option. Data copy and fix-up time will determine the outage duration. Also, plan additional outage time so you can manually clean up and test the server. You may wish to have a strategy to block user access to services until you’re confident you want to introduce the server back into the environment.
If you want to do a migration “online” you will need to treat the VM as if it was a physical machine and follow the steps for P2V online migration. In fact, my team has used this strategy a number of times for migrating difficult VMWare virtual machines. Success when migrating a VMWare source varies widely based on ESX version, complexity of “hardware” configuration under ESX and other environmental factors. Sometimes treating the source as a P2V really is the best option.
Physical to Virtual
What I find odd about the VMM wizard for physical machine migrations is that it assumes you want to do an online migration and actually hides the tab for offline options from plain sight. Sure, I trust VSS enough for backups – but if I’m going to take a production server and virtualize it, I’d like the data to be as stable and consistent as possible. So for my money, I do an offline P2V if at all feasible. There are a few scenarios where you might forego an offline migration. Here are some scenarios where I would do an online P2V:
- You just want a copy of the server for testing or giggles, so data consistency doesn’t matter
- You truly can’t afford the server outage while data copies
- You have a source server with less than 512MB. (I recently had to migrate an old server with 448MB - online worked but offline won’t even start.)
- Finding drivers for WinPE to boot on some old hardware appears to be more effort than it’s worth.
I’d like to also suggest than when you’re looking at doing a P2V you also consider the “build fresh” strategy. This could be your opportunity to upgrade to Server 2008 R2 as the operating system and consolidated roles and services. There are two reasons to do this. First is to take advantage of the new features and increased performance of R2. Perhaps more importantly is to reduce the number of overall machines in your environment. I don’t mean physical machines here. I mean machines you have to license, patch, monitor and otherwise manage. If you can consolidate roles and services to a single VM then now is a good time to do it. Let’s not forget that fewer VM’s also means a reduction in hardware requirements and those ever-important spindle counts.
I also want to talk about P2V of non-domain machines. If you read the documentation on Technet, it very clearly states that the source machine needs to be either a member of the domain or there must be a domain trust. I have found this to be categorically untrue. I’ve had no issue doing P2V with both workgroup and isolated domain machines (including the DC of an “isolated” domain). The trick was to make sure the source machine had connectivity with both the VMM server and the target Hyper-V host. Once that was sorted out, I simply entered the appropriate machine credentials in VMM and everything worked fine. In theory you could also use the SysInternals Disk2VHD utility. This tool is designed for online use only. Although I previously recommended against online migrations, I started thinking about using Disk2VHD while booted to an alternate OS. We did some basic testing and found it won’t run under WinPE. In theory you could cobble together a full Win7 boot from USB and make it work. If we ever get around to that, we’ll post the results. In all cases so far, it’s easier to move everything on to a temporary network switch, P2V and then move back to the appropriate networks.
Before attempting a P2V, try to get the source machine “as clean as possible”. Ensure the source meets the requirements for free space and service pack levels, run a checkdisk and defrag on all partitions and remove unused programs and drivers. You will also want to remove hardware-vendor specific management tools. If you are doing a P2V migration against a virtual machine, be sure to remove VMWare tools, or the Microsoft Integration components. Stop all non essential services and applications. If you find that the P2V task is failing in the SCVMM scan, then start by looking at what security products you have installed. The P2V agent is installed at the time you click “scan system”. I have had it hang with no errors on either the SCVMM server or the source physical machine. In my case, the VMMInstallDetector service was hanging, and the culprit turned out to be the anti-virus product on the server. You can try to manually run the agent installation from “\\vmmservername\c$\Program Files\Microsoft System Center Virtual Machine Manager 2008 R2\agents\p2v\” if you’d like a closer look at what’s happening.
Here’s one last thought on P2V. I always choose the option to shutdown the physical machine after conversion. I don’t want the machine restarted. As soon as it restarts, I know my virtual machine and physical machine are no longer the same and who knows what might change, update or replicate when the physical machine starts. So I want to make sure it stays offline and the machine continues its new life as a virtual machine. There’s one catch. This strategy will result in the overall conversion job ending in a warning state with error 458. The warning essentially tells you that because the machine shutdown, the VMM agent didn’t get removed. If for some reason you decide to bring the machine back online – remember to manually remove it.
Some Hints for All Migration Scenarios.
There are a few things that SCVMM “fix up” doesn’t consider that you will need to.
- Windows will need activation again. Just like when you clone a machine and there’s a substantial hardware change – a VM migrate will trigger re-activation.
- Personally, I’m fussy about my machines looking for hardware that doesn’t exist. It just slows down boot time and I believe, overall machine stability. If you follow the instructions in KB241257 you’ll be able to see all the phantom devices in device manager on all versions of Windows (not just 2000 as the KB suggests). Delete these non-present devices.
- Near every physical machine I’ve ever converted starts with an ominous “Service Failed to Start” message. A quick look at the event viewer shows EventID 700 –The Parallel port driver service failed to start due to the following error”… the quickest way to make this problem go away is to change HKLM\SYSTEM\CurrentControlSet\Services\Parport\Start from a value of 3 to a value of 4.
- Various other products might complain, thinking they’ve been moved, so you should test everything. A perfect example is a terminal services licensing server will need activation again. If you don’t think to look at this, then 90 days from now you can expect user calls.
- On the odd occasion, when migrating 2008 servers the HAL may not get switched when it is supposed to be. The symptom isn’t obvious. Integration components will appear to be fine. You’ll run and re-run integration services setup and it will install successful but simply not work. This means no mouse control in the virtual machine which will add to your frustration if you are using remote desktop to connect to the VMM server or Hyper-V Manager. Here’s the trick. On the VM open the system configuration utility (MSConfig.exe). Click the Boot tab, and then click Advanced options. Select the Detect HAL check box, click OK, and then restart the virtual machine. You’ll find that your integration services will now magically start working.
- Time synchronization is a funny thing. It’s ok to have VM’s sync time with the host, if the host syncs with a domain controller (PDC emulator) but if you’ve gone and virtualized your PDC emulator you’ll be in for an entertaining circle of lost time. Don’t have your PDC emulator syncing time with the host. (See reference links below).
Conclusion
I’d suggest that if you were hoping to point a wizard at your server VLAN, cross your fingers and click “Next, Next, Finish” – then you’re probably going to be disappointed. The migration to Hyper-V needs to be approached with the same planning and consideration you would give to any server refresh or move. With a cautious approach and a maintenance window that will allow for testing and troubleshooting time, you will be ensured success.
Additional Resources:
Deployment Considerations for Virtualized Domain Controllers
Considerations when hosting Active Directory domain controller in virtual hosting environments
Microsoft Virtualization Solution Accelerators
Microsoft Assessment and Planning Toolkit
Microsoft Virtualization Team Blog
The System Center Virtual Machine Manager Team Blog
I was chatting with Brian Bourne from CMS Consulting in Toronto about some Hyper-V R2 work that they have done recently. In the conversation Brian shared a ton of learning's from the field on some of the Hyper-V R2 upgrades, deployments and V2V/P2V migrations. I asked him to write up a post and he did, so much so that I had to split it into two posts.
-------------------------
The release of R2 has been a major step forward for Microsoft’s virtualization strategy. It has also meant a rise in customer interest and willingness to move their data center and production servers on to the platform. Here at CMS Consulting, we’ve been offering both training and consulting services to help customers through the process. Here are some of the things we’ve learned along the way.
General Planning
When you plan to move to Hyper-V, the source machine is going to be one of the following:
· Virtual machine running on VMWare
· Virtual machine running on Virtual Server
· Virtual machine running on Hyper-V 2008 (R1)
· Physical machine on domain
· Physical machine off domain
If you are unsure where to start, then I strongly recommend you start by running the MAP tool and using the Virtualization Candidates Assessment for Hyper-V Server Consolidation. A key part of your migration success will be ensuring that the virtual machines perform as well or better than their physical source machines. This exercise in performance counter gathering and capacity planning is where the MAP tool can really assist you.
This entire article assumes you will be using System Center Virtual Machine Manager (SCVMM) to do your migration. Ideally you would own both SCVMM and System Center Operations Manager so that you can take advantage of advanced performance and resource optimization (PRO) and reporting. But here’s a tip. You can download a 180-day evaluation copy of SCVMM (the last one I downloaded showed 365 days left in the eval). The evaluation copy doesn’t appear to be crippled in any way and can be used for your migration.
Here are a few high level tips on migrating to a Hyper-V based virtual environment. Actually, it all really boils down to one thought that you have to stick in the front of your brain. “I’m cloning to new hardware”. If you think about cloning to new hardware and the various challenges that brings, you’ll be able to predict most of the failures and gotchya’s.
Upgrading from Hyper-V 2008 to 2008 R2
Skip to the next paragraph if you don’t already have Hyper-V. If you have an existing Hyper-V environment, then you’ll likely want to upgrade it in-place. Performance benefits alone should compel you. The in-place upgrade generally goes smoothly. During the compatibility check portion of the installation you’ll be warned to remove the Hyper-V role from the server and directed to KB957256. Here’s the deal. Just make sure all the VM’s are cleanly shut down and that no snapshots are left behind before you start the upgrade. If you do this, you can safely ignore the warning and proceed with an in-place upgrade. For the most part, the process is then fairly obvious with one exception. The network adapters often end up mucked up. This could mean IP addresses missing or assigned to the wrong adapter. Be sure to be physically present for the upgrade. In my experience, this seems to happen consistently when you have allowed the management operating system to share the adapter. Be careful when you “fix” this since it can be a little confusing as to which adapters are real and which ones are virtual on the host machine.
The next blog post will cover the migration aspects and look at some best practices for virtual to virtual (V2V) and physical to virtual (P2V) migrations.
Deployment Considerations for Virtualized Domain Controllers
Considerations when hosting Active Directory domain controller in virtual hosting environments
Microsoft Virtualization Solution Accelerators
Microsoft Assessment and Planning Toolkit
Microsoft Virtualization Team Blog
The System Center Virtual Machine Manager Team Blog
Over pints at D’Arcy McGee’s, Pierre Roman, Bruce Cowper and I decided we would try to help solve the issue of information overload regarding patching and put together a timely podcast to go live each “Patch Tuesday”.
Goals:
- Use plain English terms and every day language that any Technical professional can understand – minimize “corporate speak”.
- Breakdown each Security Bulletin with summary information first followed by more details as to the impact an IT Pro would face.
- Outline mitigation factors in case patches couldn’t be tested or applied in a timely fashion
- Keep it top 20 minutes OR LESS. This one is critical – Keep It Simple, repeatable and get out of the IT Pros way to get on with their day.
- Have fun!
Have a listen directly from the embedded Silverlight player OR subscribe to the specific feed and download it to your iTunes / Zune software.
As always - if you have suggestions on making it better - please pass on your comments. Mail me directly – rick.claus@microsoft.com
Direct Download:
Subscribe to the podcast: (so you don't miss an episode)
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
Bulletins discussed for January 12th, 2009:
Podcast Participants: Pierre Roman, Bruce Cowper and Rick Claus.
Additional Technical Show Notes:
PodSafe music from PodSafe Music Network @ http://music.podshow.com/. Artist: Derek K Miller, song - “You’re the Big Sky - rock guitar instrumental”
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
Are you running Windows XP? Are you feeling the pressure of creating a deployment plan? Have no fear! Leveraging learning’s from two Windows 7 early adopters this session will give you the skills you need to proceed with your own deployment. The session will focus on free Windows 7 deployment planning and deployment tools that customize operating system packages and automate deployment planning and network deployments seamlessly.
Look for a city near you and come out and learn how to deploy Windows 7 into your organization!
Vancouver – January 26
Victoria –January 27
Winnipeg-January 28
Calgary-February 2
Edmonton-February 4
Mississauga-February 8
Waterloo-February 11
Montreal-March 2
Ottawa-March 3 (note date may change to the 4th)
Regina-March 16
Saskatoon-March 18
Exchange 2010 has been released and available for a few weeks now and a lot of people are looking to deploy. I was chatting with Rick Shire, Senior Messaging Consultant at CMS Consulting, who has compiled a list of gotchas, things to look out for, as well as resources for you to be aware of when planning and Exchange 2010 deployment and/or upgrade.
------------------------------
Microsoft Exchange Server 2010 was released in early November of this year with a lot of positive reviews. One of the biggest deployment blockers for some customers has been RIM’s lack of a compatible and supported version of BES for Exchange 2010. Thankfully, RIM recently announced a new version of its popular BES software that has full support for Exchange 2010. While this is fantastic news from RIM, there are some other deployment “Gotchas” to consider.
Client Support
Outlook XP is no longer a supported version with Exchange 2010. Customers will need to factor in an Office refresh into their deployment plans. Another interesting twist is that Microsoft has deprecated the WEBDav API from Exchange 2010. While this may not seem that important at first glance, Microsoft’s client for the MAC, “Entourage”, has leveraged this API over MAPI for several years. Developers have been urged to rewrite WEBDav applications using Microsoft’s latest Exchange API - Exchange Web Services – for some time. And that is exactly what Microsoft has done for the Entourage client. Entourage 2008, Web Services Edition was released in August of this year.
Another important note from the client perspective, is that Exchange 2010 requires RPC encryption to be enabled in Outlook. RPC encryption in Outlook 2007 is enabled by default. But what about Outlook 2003? As you guessed, it is disabled by default. If you migrate mailboxes to Exchange 2010 and RPC encryption is disabled in Outlook, Outlook simply will not be able to connect. Fortunately there are a couple of simple fixes. Firstly, you can disable the requirement for RPC encryption on the Exchange server, or simply deploy a GPO that enforces this setting in Outlook. My recommendation is to deploy a GPO and enjoy the benefits of secure messaging.
Backup Support
The streaming backup API in Exchange 2010 has been deprecated. The only backup API available for Exchange 2010 is VSS (Volume Shadow Copy Service). What this means is that customers will need to upgrade to a VSS aware backup application. That is not the only requirement though. The backup application must also be Exchange 2010 aware and should have full support from your backup vendor. Microsoft DPM 2007 (Data Protection Manager) is a VSS based backup application, but DPM 2007 does not support Exchange 2010. DPM 2010 (currently in Beta) has support for Exchange 2010, but the question becomes, do you want to back up your critical messaging data with Beta software? There are backup vendors that have support for Exchange 2010 today. Symantec Backup Exec System Recovery 2010 is one notable example. Check with your current backup vendor to ensure support and compatibility.
Fax Support
Inbound FAX capability is available in Exchange 2007 if you have the Unified Messaging role deployed. If you are using this capability in Exchange 2007, you must look for a 3rd party solution for Exchange 2010. Inbound FAX has been deprecated from Exchange 2010. Exchange 2010 will still detect a fax tone and will simply hand off the call to the 3rd party fax application.
Other 3rd Party Applications
3rd party applications (or custom in-house applications) that integrate with Exchange should be tested for compatibility and have full support by the application vendor. Take an inventory of these applications and consult with the appropriate application vendors. There have been several APIs deprecated from Exchange 2010, so this step is critically important. Any application written to one of these APIs will simply break in Exchange 2010. The list of deprecated APIs includes a) ExOLEDB, b) WebDAV, c) CDOEx and d) Store Events
Some 3rd party vendors are ahead of the curve and have support for Exchange 2010 today. Mimosa, a 3rd party archiving vendor, has support for Exchange 2010 with its NearPoint product. NetApp has updated its SnapManager for Exchange to support Exchange 2010. The list of products goes on, but check with your vendors to ensure there are no other deployment blockers.
References
Proper planning is vital to a successful Exchange 2010 deployment. Please reference the following links for helpful planning guidance.
General Planning Guidance
Exchange 2010 Backup
RIM Announcement
Three guys got together over pints in February 2009 and talked about how one of the issues facing Technical Professionals today is keeping their systems patched and up to date. This issue was brought up to them at a User Group meeting they were attending (Ottawa Windows Server User Group) where we were participating in an “Ask the Microsoft Guy” panel discussion.
Over pints at D’Arcy McGee’s, Pierre Roman, Bruce Cowper and I decided we would try to help solve the issue of information overload regarding patching and put together a timely podcast to go live each “Patch Tuesday”.
Goals:
- Use plain English terms and every day language that any Technical professional can understand – minimize “corporate speak”.
- Breakdown each Security Bulletin with summary information first followed by more details as to the impact an IT Pro would face.
- Outline mitigation factors in case patches couldn’t be tested or applied in a timely fashion
- Keep it top 20 minutes OR LESS. This one is critical – Keep It Simple, repeatable and get out of the IT Pros way to get on with their day.
- Have fun!
Have a listen directly from the embedded Silverlight player OR subscribe to the specific feed and download it to your iTunes / Zune software.
As always - if you have suggestions on making it better - please pass on your comments. Mail me directly – rick.claus@microsoft.com
Direct Download:
Subscribe to the podcast: (so you don't miss an episode)
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
Bulletins discussed for December 8th, 2009:
Podcast Participants: Pierre Roman and Rick Claus.
Additional Technical Show Notes:
- Recorded in the reference library at the Microsoft Canada Ottawa office.
- Beverage of choice for this edition: Tim Hortons regular coffee and Coke Zero.
PodSafe music from PodSafe Music Network @ http://music.podshow.com/. Artist: Derek K Miller, song - “You’re the Big Sky - rock guitar instrumental”
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
(originally posted on blogs.msdn.com/cdndevs by Joey DeVilla)
Some more photos from the Big Apple! Here’s their pie menu:
The Big Apple is an apple-shaped three-storey building with an observation deck on the roof. Here’s a shot of Damir beside the Big Apple:
Here’s a close-up:
Inside the building is an apple museum. We were all rarin’ to go inside and take photos of the various displays inside the museum, but…
Closed! Look at the disappointment on Damir’s face:
I was even more disappointed (look at my sad mug below). “Ain’t that just like an apple,” I said, “tantalizing promises, but you get denied the moment you get close. Now I know how iPhone developers feel.” (Remember, folks – I kid because I care.)
[This article also appears in Global Nerdy.]
(originally posted on blogs.msdn.com/cdndevs by Joey DeVilla)
When people in Toronto and area refer to “The Big Apple”, we’re usually not talking about New York, but the Big Apple in Coburg, Ontario. It’s one of the must-visit stops on that stretch of Highway 401 that spans the Toronto-Montreal corridor: roadside rest stop, mini-amusement park, apple pie facvory, apple museum and giant apple-shaped building with a balcony on top giving a commanding view of the cars whizzing by.
There’s no shortage of interesting signs on the grounds:
Apparently, the Big Apple is about 13,000 kilometres from the city of my birth, Manila:
The place is heaven for people who like pie:
They have a mascot, but no one was running around in the giant apple costume today. Damir and I had to settle for the little statue by the counter:
We arrived in the Ford Flex just before a busload of people, which means that we didn’t have to wait for pie:
More scenes from the Big Apple to follow!
[This article also appears in Global Nerdy.]
(originally posted on blogs.msdn.com/cdndevs by Joey DeVilla)
Here’s the blogging setup I’m using from within the Ford Flex as we drive to Montreal: my laptop with a Rogers stick and carte blanche to use as much bandwidth as I need to continually post from the road. Damir’s at the wheel, I’ve got my seat moved all the way back, my own set of climate controls and Raw Dog Comedy on the satellite radio. It’s a surprisingly decent work setup; I could get a fair bit done this way.
[This article also appears in Global Nerdy.]
