Well folks it's here!  The highly anticipated Hyper-V has shipped!  We've got the early scoop with an interview with Mike Neil where he discusses why virtualization is important to Microsoft and the challenges we've had along the creation process.

UPDATE:  Here is the link for the complete Hyper-V RTM package. 

http://www.microsoft.com/downloads/details.aspx?FamilyId=F3AB3D4B-63C8-4424-A738-BADED34D24ED

For management tools and other downloads please see www.microsoft.com/hyperv

You can also check out the press release or just head over to www.microsoft.com/hyperv for more details!

At my sessions at TechEd I tell a fictional story of the domain controller stored underneath the receptionists desk serving not only as a DC, but also as a stand for the water cooler.  I know it's an extreme example of branch office craziness, but it helps people understand the sensitivity of our domain controllers and the information that they hold.  With the new Read Only Domain Controller role in Windows Server 2008, we significantly reduce the security risk if someone where to back a truck in through the glass window and drive off with our server.  Well what about when I want to run things Virtually?  What about the rest of the data on the server?  How do we protect that?  The answer my friends is Bitlocker!

Essentially bitlocker is an OS based feature that works with server hardware and firmware to provide secure OS boot and drive encryption.  It's designed to safeguard the integrity of the OS and data on your hard drive.  So even if it's stolen and put in another machine, your data is protected. 

Now the guys over in the Virtualization and Bitlocker  teams have published a step by step whitepaper on configuring Hyper-V with Bitlocker encryption.  Give it a look and see how you can enhance the security of your branch office with this really cool technology.

It's been a couple of weeks since TechEd and I'm finally getting caught up.  A good friend and fellow Geek Gordon Ryan (Gordo) and I were having a chat about Powershell before one of my sessions.  As we were chatting he mentioned some work he was doing with Data Protection Manager (DPM) and how a Powershell is playing into his management of DPM.  Here's a quick post from Gordo on how Powershell was used to remove inactive protection points in DPM 2007.

I am sure you've seen the headlines on the interwebs about this being Bill Gates last full time week at Microsoft.  Bill is still going to hold the post of Chairman and will still be a part of what is going on here, but day to day he's going to focus more on the activities of the foundation he started.  Since I've only been at Microsoft a short time, I've never had the opportunity to meet Bill Gate, but have always been interested in what Bill has had to say.  You can see in his eyes when he speaks about technology (and even coding) that he's got a passion for it.  I've read his books and watched his keynotes and other speeches from year to year and am constantly impressed by not only his passion, but also his knowledge.

Charles over at Channel 9 got a chance to sit down and have a conversation with Bill Gates.  In it are cool thoughts on where things are headed not only with Microsoft, but also technology in general.  Yes it's got a developer flavor to it, but you IT Pros out there may want to pay attention to the comments made about where the Windows platform fits in today's world of services and cloud computing. 

Once a year you get that email or knock on the door from the auditor. It didn’t used to be this way, but Enron and other scandals have changed the way we track our user’s actions. I still wake up in cold sweats with memories of the audits I used to have to do yearly. Previously, in order to get rudimentary SQL Server logging it took writing complicated triggers that fire when certain actions are performed. Even then there were significant limitations to the data that you could collect. You couldn’t write a trigger against a select event. SQL Server 2008 changes all of this with the introduction of SQL Server Audit.

Who’s it for? DBA’s and IT Pros who need to audit activity on SQL Servers.

When does it ship? Auditing is part of SQL Server 2008 and will ship as part of the SQL Server 2008 product.

What does it do? Improves compliance and security by allowing you to customize audit activity on your SQL Server Data. SQL Server 2008 provides the tools and processes you need to effectively enable, store and view audit data stored on SQL Server 2008.

What are the components of SQL Audit? There are several components that you create/configure that makes up a single package that audits a server or database actions. These include:

· SQL Server Audit: This is the object that collects server or database audit actions and groups of actions to monitor. When you create an audit you choose where the output of the audit results are stored as well as the maximum file size. You can have multiple audits per SQL Server instance

· Server Audit Specification: This objects belongs to the Audit you created above. You can create one server audit specification per SQL Server per audit. This specification collects many server-level action groups raised by the Extended Events feature.

· Audit Action Groups: Audit Action Groups are predefined groups of actions exposed by the Database Engine. An example here would be the SERVER_ROLE_MEMBER_CHANGE_GROUP which will raise an audit event whenever a login is added or removed from a fixed server role.

· Database Audit Specification: This object like the Server Audit Specification belongs to a SQL Server Audit. You can have one database audit specification per database, per audit. You can add either audit action groups or audit events to a database audit specification.

· Audit Events: Audit Events are specific database actions that can be audited by the SQL Server. A good example of an audit action is the ability to capture and audit when a SELECT statement is run against a specific table in a database.

· Target: The results of an audit are sent to a target. The target can be a file, the Windows Security Event log, or the Windows Application event log.

What is the process for creating an audit? The basics of creating and using an audit includes:

· Create the audit and define the location of the audit data.

· Create a server audit specification or a database audit specification, map it to the audit created above. Enable the audit specification (these are created disabled by default).

· Enable the audit (also created disabled by default)

· Read the audit events using the Windows Event View, the log file Viewer in SQL Management Studio, or the FN_READ_ADUIT_FILE TSQL function.

Anything I need to be aware of that could cause problems?

· When you create an audit, you have the ability to shutdown a server if a particular audit fails. If this occurs the MSG_AUDIT_FORCED_SHUTDOWN event is written to the log. If you need to bypass an audit-induced shutdown, you can start SQL Server in Single User mode using the –m flag.

· There are also considerations that you need to be aware of when attaching a database with an Audit already defined. If you attach a database that has an existing audit specification and specifies a GUID that does not exist on the server, no audit events will be recorded. To correct this, you can alter the audit specification and point it to an existing audit or use the CREATE SERVER AUDIT WITH GUID command to create a new audit with the GUID from the other server.

· If you use database mirroring and have a database audit specification defined you must do the following:

•   The mirror server must have an audit with the SAME GUID to enable the audit. Use the CREATE SERVER AUDIT WITH GUID command.
•   The mirror server service account must have appropriate permissions to the location where you are writing the audit information.
•   If you are writing events to the Windows Event log, the security policy on the mirror server must allow for service account access to the security or event log.

Get started

SQL Server Books Online (CTP 6 Version)

Last week I presented three different sessions at TechEd and used my laptop to run at five different Virtual Machines at once in order to demonstrate various Windows Server 2008 technologies.  The performance of Hyper-V was amazing, but I tell you I wish I knew of the Performance Tuning Guidelines for Windows Server 2008 document before I presented.  I just took the last ten minutes reviewing the guidelines for Hyper-V and have already jotted down a few things that would have helped my VM's performance.  The guide is not exclusive to Hyper-V though.  In fact it's got all sorts of goodness in terms of tuning up your Windows Server 2008 boxes for optimal performance.  I highly recommend downloading and reviewing this guide if you are deploying and using Windows Server 2008.

TechEd 2008 has come to an end.  I'm over the minor bit of Jet Lag/Timezone shift that I've had and am back in Redmond trying to dig through email.  TechEd was great.  I met some amazing IT Pro's that are doing some REALLY cool things not to mention the fact that they are really cool people.  You can catch up with all the madness that was TechEd on Edge.  I would like to extend a special thank you to all of you who attended my sessions and the precon that I happily gave some color commentary with Corey.  It was a great week and I appreciate all of the great feedback you provided.

A pretty big announcement slipped in before TechEd and I wanted to make sure that you my loyal audience is aware.  We have released SQL Server 2008 RC0.  If you haven't yet, I suggest going out and downloading this bad boy and taking it through it's paces.  Also for you Identity Management folks out there, at TechEd we announced availability of Identity Lifecycle Manager 2 Beta 3.  If you are interested please go sign up for the beta.  It's a really cool piece of technology.  For more on ILM take a look at the videos we have up on Edge.

Those of you at TechEd may have been lucky enough to score one of our Edge t-shirts.  Well if you walked away empty handed, you may still be able to get yourself one.  We just got our first postcard and it's now proudly being displayed in the halls of Building 18!

Well that's it for now... I already miss Florida (well the sunshine not the humidity and of course the fun nightlife :) ).

WOW!  I didn't realize I've neglected this blog for so long.  I've got no excuses so hopefully I'll make up for it by giving you guys some good stuff today. 

I'd like to thank all of the people who attended and especially like to thank the speakers and other staff members from the SQL Firestarter Event held in Irvine just over a week ago.  It was a great event and I hope everyone got some good real world SQL experience to take back with you.  If you didn't get a chance to make it to this event, we've got plans to do more of these events. 

Speaking of events, TechEd 2008 Developer is set to begin in Orlando next week.  I'll be there giving a special Infrastructure track session on Windows Server 2008 on Friday the 6th.  If you are an IT Pro, you can catch a special Windows Server 2008 Overview session that I'm presenting along with Adam during TechEd 2008 IT Pro.  We also will be covering all of the major TechEd IT Pro events on Edge.  We've got the major keynote announcements along with some special interviews with speakers and other folks at the event planned.  It's going to be great so tune in to Edge or better yet, get down to Orlando and visit in person!

Next item on the agenda is Hyper-V.  Hyper-V if you have not heard is the next generation of Virtualization technology that is due to RTM soon.  It shipped in beta form with Windows Server 2008.  Well we eat our own dog food here at Microsoft and as proof of that TechNet and MSDN are both running 100% on Hyper-V!  Think about this... MSDN gets 3 MILLION hits a day with TechNet getting over One MILLION per day.  The folks over at Virualization.info have more details.  Check that report out!

Finally... a geeky game for you all to enjoy.  Are you geek enough to win the entire office's respect?  Prove it!  Play Server Quest, where you'll navigate through the perils of office life, protect the server, and keep clear of the arrogant sales guy.

If you’ve played in the IT Pro playground long enough, I’m sure that you have seen the database that is impossible to backup. This is that database in your organization that continues to grow and grow and your backups take longer and longer. Next thing you know, you are using two tapes, then three, and possibly more. Help has arrived! A new SQL Server 2008 Feature called:

SQL Server 2008 Database Backup Compression

Who’s it for? DBA’s and IT Pros who backup and restore databases in SQL Server 2008.

When does it ship? Backup Compression is part of SQL Server 2008 and will ship as part of the Enterprise Edition of the SQL Server 2008 product.

What does it do? It compresses backups. But how much? Well the simple answer is that “it depends”.

Compression Ratio Factors:

· Data Type: Random Data and GUID’s don’t compress nearly as well as character data.

· Encryption: Encrypted data compresses significantly less (if at all) than unencrypted data.

· Database compression: Just like encryption a database that is compressed may not compress for backups.

Based on those factors database compression ranges in the 50-70% range.

What is the performance impact? When database compression is enabled database backups are smaller, however, that compression does significantly increase CPU utilization. But don’t let that scare you off completely. Backup compression also has the effect of reducing the amount of time to backup. I have seen demonstrations where the CPU utilization increase is around 25-30% during the backup/compression operation, however the backup run time was reduced in the 45% to 50% range. Paul Randal over at SQL Skills has a great blog post that shows visually the impact of database compression on both backup and restore operations. (http://www.sqlskills.com/blogs/paul/2008/01/09/SQLServer2008BackupCompressionCPUCost.aspx) So even though you have higher CPU utilization, your backups run in a shorter time.

What do I need to be aware of before I start compressing my backups?

· Have I mentioned that the ability to compress a backup is a feature that is only available in the Enterprise Edition?

· Any edition of SQL Server 2008 can ‘decompress’ a compressed backup.

· You cannot mix compressed and uncompressed backups in a single media set. Make sure you are putting your compressed backups together and your uncompressed in another separate set of media.

· Make sure that the compression is worth the CPU performance hit.

How do I set compression on my backups?

· In SQL Server Management Studio, in the options pane of the backup database task wizard you can select encryption.

· In the Define Backup Database Task Window of the Maintenance Plan Wizard

· Using Integration Services define a package to backup databases.

What about encryption and Backup Compression? Backup Encryption can be accomplished by enabling Transparent Data Encryption and then taking a backup. However when you enable encryption you lose the ability to compress the backup. Unfortunately backup compression and Transparent Data Encryption are mutually exclusive.  It is not recommended to enable database backup compression when using Transparent Data Encryption.

Get started

Backup Compression on Microsoft TechNet

SQL Server Books Online (CTP 6 Version)

I realize that I have only been at Microsoft a couple of months, but I am continually amazed by the technologies that are researched and developed here.  There is an amazing technology that is being highlighted on Edge today.  Take a look and let me know your thoughts!

As a tool to manage end user desktops, Group Policy is very powerful, but how many times have you wanted to manage a users printer settings or drive mappings and not been able to do it outside of a script? How about the challenge of copying a set of files or a registry change for a set of computers? Again Group Policy isn’t the best answer and we are forced to scripting. Well let me introduce you to a new feature in Windows Server:

Windows Server 2008 Group Policy Preferences

Who’s it for? IT Professionals who manage desktop systems.

What is it? Group Policy Preferences allows IT Professionals to manage operating system and application settings via centralized Policy previously unavailable via Group Policy.

What can I do with Group Policy Preferences? There are too many items to list here (over 20 new policy extensions) but some of the items available for configuration are:

· Create, replace, update and delete files, folders, and .ini files on destination computers.

· Create, replace, update, and delete network drive mappings.

· Create, replace, update, and delete registry settings on multiple computers.

· Configure ODBC data sources! That’s right you can create, replace, update, and delete for both user and Computer ODBC data sources. This is one item that regular Group Policy lacks.

· Remote networking options such as VPN Connections and Dial Up Networking and then target the configuration specifically at mobile PC’s in your environment.

This sounds an awful lot like Group Policy. What’s the difference?

It really comes down to enforcement. Group policy strictly enforces policy settings. When Group Policy is processed settings are written to the policy areas of the registry and then secured via ACL that prevents users from changing them. If a user does change the setting, periodic policy refresh intervals reset the settings.

Group Policy Preferences do not strictly enforce preferences. Preferences are not written in the policy branches in the registry, they are written to the same locations in the registry that the setting would be written to if the user themselves made the change. Because of this model, preferences can support features and applications that are typically not Group Policy aware. Group Policy preference settings are also not secured via ACL’s that prevents the user from changing the setting. This allows you to set a particular preference one time and then allow the user to change it, or you can have the preference refreshed using the same interval used by Group Policy.

There are also significant differences in how you are able to filter or target Group Policy Preferences. In regular Group Policy you are limited to filtering using WMI and those filters determine whether the entire GPO (Group Policy Object) is applied. You cannot specify individual settings within a GPO. Group Policy Preferences support item-level targeting. Imagine a policy that has 50 settings and each setting can be targeted on criteria such as IP address, if that machine is a laptop or desktop, security group membership and so on. Group Policy Preferences then becomes a very powerful tool to manage desktops.

How do I get Group Policy Preferences? Group Policy Preferences are available in the GPMC on Windows Server 2008 systems and also available to run on Windows Vista with the release of the Remote Server Administration Tools.

What systems can I use Group Policy Preferences on? In order to take advantage of Group Policy Preferences, the following clients require the installation of the Client Side Extensions (CSE’s) that have been released as separate downloads (hyper link leads to the download site for the CSE). Windows Server 2008 ships with these extensions already installed.

· Windows XP 32 Bit

· Windows XP x64 Edition

· Windows Server 2003 32 Bit

· Windows Server 2003 x64 Edition

· Windows Vista 32 Bit

· Windows Vista x64 Edition

In closing: Group Policy Preferences comes at no added cost and are available to use with NO TRAINING to the IT Professional. A simple user interface allows for easy configuration of policy preferences helping to decrease the configuration errors that are common when deploying and managing desktop systems. With over 20 available settings with the flexibility to filter and apply settings to specific users, groups, computer types and more the IT Professional has a new tool that will help reduce the reliance on logon scripts and fine-tune settings for users and computers in users organizations.

Get started

Check out the screencast on Edge.

The essential resource for Group Policy Preferences is the Group Policy Preferences White Paper.

A FAQ is also available.

Back when I was supporting a large enterprise Active Directory environment, I was tasked with upgrading our Domain environment from Windows 2000 to Windows Server 2003.  The project was made much easier with the great documentation from the AD team published on TechNet.  That same checklist based, simple documentation is available for Windows Server 2008.  First you will want to get some background information covered in this document, then spend some time reading the detailed information on the upgrade itself.

At a high level, moving from Windows Server 2003 consists of:

• Running ADPREP /forestprep to prepare the schema.
• Running ADPREP /rodcprep if you plan on having Read-only Domain Controllers
• Installing Active Directory Domain Services on a Windows Server 2008 based member server (we suggest doing this in the forest root domain first)
• Then upgrade your existing DC's to Windows Server 2008. 
• Change your forest functional level.
• After all DC's have been upgraded perform some clean up work.

If you are planning to upgrade Windows 2000 AD domains to Windows Server 2008, you must perform and in-place upgrade of all existing Windows 2000 domain controllers in the forest to Windows Server 2003 (supported upgrade path documentation).  Then you can perform a second in-place upgrade of those DC's to Windows Server 2008.  There also are a couple of other smaller steps you need to be aware of in a Windows 2000 to Windows 2008 domain upgrade, and the documentation covers all of those details. 

I suggest you take some time to familiarize yourself with the documentation and utilize the checklists provided to make your upgrade as easy as possible.

Additional information about upgrading Active Directory domains to Windows Server 2008.

Another crazy week, but we have some seriously good stuff coming out of Redmond today.  We have officially released to the web the Remote Server Administration Tools (RSAT).  So what the heck is RSAT?  Well basically it's the next version of ADMINPAK.  Yep you can actually manage your Windows Server infrastructure from you Vista SP1 machine and no I'm not talking via RDP to your server!  RSAT includes tools for Windows Server 2003 as well as Windows Server 2008.  BOOYAH!

The goodies are available via download:

RSAT for Windows Vista SP 1 x86 version

RSAT for Windows Vista SP1 x64 version

Be sure to check out Edge the rest of the week for an interview withe the product manager of RSAT, a blog post on one of the features you can implement using RSAT: Group Policy Preferences as well as a Group Policy preferences screen cast.  Now for some RSAT details:

What does the RSAT include?

Role Administration Tools:

· Active Directory Certificate Services (AD CS) Tools

· Active Directory Domain Services (AD DS) Tools

· Active Directory Lightweight Directory Services (AD LDS) Tools

· DHCP Server Service Tools

· DNS Server Service Tools

· Shared Folders Tools

· Network Policy and Access Services Tools

· Terminal Services Tools

· Universal Description, Discovery, and Integration (UDDI) Services Tools

Feature Administration Tools:

· BitLocker Drive Encryption Tools

· Failover Clustering Tools

· Group Policy Management Tools

· Network Load Balancing Tools

· SMTP Server Tools

· Storage Manager for SANs Tools

And not to be outdone, we have the tools in the following list that are fully supported managing Windows Server 2003 servers as well:

· Active Directory Domain Services (AD DS) Tools

· Active Directory Lightweight Directory Services (AD LDS) Tools

· Active Directory Certificate Services (AD CS) Tools

· DHCP Server Tools

· DNS Server Tools

· Group Policy Management Tools

· Network Load Balancing Tools

· Terminal Services Tools

· Universal Description, Discovery, and Integration (UDDI) Services Tools

Being the complete professionals that we are in the Edge team, we have created a special public awareness video about an upcoming survey that our Edge viewers will be asked to participate in.  Please take the time to watch this video and if you are selected please participate in the survey. 

Disclaimer: No Segways, aliens, pirates, or robots were harmed during the shooting of this video.

Today's post on Edge is an interview I did recently with Michael Niehaus and Jeremy Chapman regarding Vista deployment.  These guys have done a TON of work around making deployment (not just Vista) much easier to handle.  Check out the interview.  For even more good stuff on deployment, you should check out the Deployment Guys blog. 

So I was doing my normal morning run through of the blogosphere and hit a post from James O'Neill on Virtualization that I found really interesting.  I won't give up the details here so James can get his due credit.  Take a look.