mcs.ireland.blog/infrastructure

Offline Virtual Machine Servicing Tool - Beta

If you are interested in BDD we think you would be interested in the following new program:
Offline Virtual Machine Servicing Tool - Beta

The Solution Accelerators Communication and Collaboration group is pleased to announce the availability of the Offline Virtual Machine Servicing Tool for download on Connect.
The increasing use of virtual machines creates new challenges for IT.
Virtual machines that are left offline for extended periods of time do not automatically receive operating system, anti-virus, or application updates that would keep them compliant with current IT policy. An out-of-date virtual machine poses a risk to the IT environment. If deployed and started, the out-of-date virtual machine may be vulnerable to attack or may be capable of attacking other network resources.
The Offline Virtual Machine Servicing Tool provides a way to automate the process of updating virtual machines with the latest OS patches.

Solution Accelerator Components
The Offline Virtual Machine Servicing Tool is built on Windows Workflow Foundation and PowerShell. It works with Microsoft System Center Virtual Machine Manager 2007 to manage a library of offline VMs and with either Microsoft System Center Configuration Manager 2007 or Microsoft Windows Server Update Services.

The Offline Virtual Machine Servicing Tool consists of the following software components:
. A configuration user interface
. A .NET based workflow execution infrastructure
This Solution Accelerator is supplied with the following guidance:
. Getting Started Guide
. Help file
. Release Notes
. Executive Overview on TechNet

Overview of the Tool

The Offline Virtual Machine Servicing Tool manages the workflow of updating large numbers of offline virtual machines according to their individual needs. To do this, the tool works with Microsoft® System Center Virtual Machine Manager 2007 (VMM) and with software update management systems (at present, either Microsoft Windows Server® Update Services 3.0 (WSUS) or Microsoft System Center Configuration Manager 2007). See the following figure for how information flows between the tool and other system components

The tool uses "servicing jobs" to manage the update operations based on lists of existing virtual machines stored in VMM. Using Windows Workflow Foundation technology, a servicing job runs snippets of PowerShell scripts to work with virtual machines.

For each virtual machine, the servicing job:
. "Wakes" the virtual machine (deploys it to a host and starts it).
. Triggers the appropriate software update cycle (Configuration Manager or WSUS).
. Shuts down the updated virtual machine and returns it to the library.
The tool works with Windows Task Scheduler to determine when to run the servicing job.

Help us make this a better Solution Accelerator by trying it out and providing us feedback!

If you want to have a closer look, you can sign up for this program here:
https://connect.microsoft.com/programdetails.aspx?ProgramDetailsID=2192

Regards

 

MCS Ireland infrastructure bloggers

Windows Vista Deployment - Part 1 - "Where do I start?"

Being involved with deployment projects recently I have found that deploying Vista in the enterprise is not a hard task. The biggest question that I'm often  asked is: "Where do I start?"

There are countless resources in web sites ready for you to consume, however it is quite difficult if you don't organize and plan for a deployment project. The task can become quite daunting since now the problem is not the lack of information but the surplus of it. I don't pretend for this guide to be a deployment cookbook, but rather a good source of information compiled in a way that is easy to understand and read.

My first piece of advice is to Reduce the Unknowns, by this I mean tackle the uncertainty surrounding deployment projects.

The first step on your plan is to really understand and accept that you may not know what you don't know. There are 5 areas that need to be looked at in order to achieve this:

• Application Compatibility
• Hardware Suitability
• Supporting Infrastructure
• Business Requirements
• End User Experience

These are not in any order of importance and can be started as independent streams of work, however there are clear interdependencies between them that you need to be aware of. For example:

Business Requirements: "I need to Lower the TCO of my Workstation Infrastructure and prevent security breaches"

Hardware Suitability: "Will my laptop & desktop estate handle the requirements, what do I need to upgrade?"

Application Compatibility: "I need to test my application for the new operating System and new security measures"

End User Experience: "What is new for my users, what will they and what won't they see now? What do I need to communicate to them"

Supporting Infrastructure: "What do I need to remediate in order to deploy according to specifications? What deployment strategy will I use?

These are some of the questions that you have to take into consideration on the different areas of a deployment project.

The next parts of the this series will be too look at each of them individually, giving you specific advice on each of them and links to relevant content. As a first step please download the Microsoft Deployment Toolkit 2008 (MDT 2008) I will be referring to a lot of documentation that is included in there.

Part 2 - Application Compatibility is up next!

BitLocker tools available for download

If you're rolling out BitLocker, there are 2 free tools now available for download which can come in useful in day to day management of the environment.

First is the BitLocker Repair Tool, at http://www.microsoft.com/downloads/details.aspx?FamilyID=4ffd0d16-a51b-48b1-9042-ae1fb2de40c6&DisplayLang=en:

Overview

This tool helps access data encrypted with BitLocker if the hard disk has been physically damaged. This tool attempts to reconstruct critical data from the drive and salvage any recoverable data.
To decrypt the data, a recovery password or recovery key is required. In some cases, a backup of the key package is also required.
Use this command-line tool if the following conditions are true:
• A volume has been encrypted by using BitLocker Drive Encryption.
• Windows does not start, or you cannot start the BitLocker recovery console.
• You do not have a copy of the data that is contained on the encrypted volume.

 

 

Second is the BitLocker Password Recovery Viewer, at http://www.microsoft.com/downloads/details.aspx?FamilyID=2786fde9-5986-4ed6-8fe4-f88e2492a5bd&DisplayLang=en:

Overview

The BitLocker Active Directory Recovery Password Viewer lets you locate and view BitLocker recovery passwords that are stored in AD DS. You can use this tool to help recover data that is stored on a volume that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer is an extension for the Active Directory Users and Computers MMC snap-in. After you install this tool, you can examine a computer object's Properties dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest.
Note To view recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator.

Get all the key technical information you need in 1 place

Some of our colleagues in Microsoft UK publish a monthly "tech rollup" email which you can subscribe to internally. This is a great resource, put together voluntarily by some of our support engineers. From a consultant's perspective, the content is invaluable because it puts all the key "must know" information in one place, broken down by subject area e.g. web, platforms, databases, management, etc. It saves a ton of time which would otherwise be spend needlessly surfing the web or reading millions of RSS feeds.

 

I hadn't realised these guys also publish the same content to their public blog - link is below. If you're involved in supporting, designing, or implementing solutions using Microsoft technologies then subscribing to this blog is a must.

http://blogs.technet.com/trm/

How and why - BitLocker

In recent days, everybody here in Ireland is talking about BitLocker and laptop encryption.

In fact, when I took the train this morning and I was reading the newspaper, I found another article highlighting the importance of encrypting sensitive data in laptops. In fact, BitLocker is a technology that helps to protect laptops preventing the loss of sensitive data.

But what is BitLocker? How do I implement it? Should I deploy a BitLocker solution in my organization?

Basically, BitLocker is a fully Active Directory-integrated technology that encrypts the entire hard drive, protecting data on lost or stolen machines. For Windows Vista, BitLocker is included in the Enterprise and Ultimate versions.

In the following video, Russell Humphries (Microsoft Senior VP) gives a very detailed explanation of what's BitLocker, how does it work, how to implement it, why implement it and finally he describes some disaster recovery scenarios.

The video (35 minutes) can be watched at the following URL

http://www.microsoft.com/windows/products/windowsvista/editions/enterprise/videos/bitlocker.asx

Enjoy

 

Windows Server 2008 - High Availability - Failover Clustering

Microsoft IT Showcase is pleased to announce the publication of Windows Server 2008 - High Availability - Failover Clustering,  which discusses how Microsoft IT uses failover clustering in the Windows Server 2008 operating system to support users worldwide.

Microsoft Information Technology (Microsoft IT) uses failover clustering in the Windows Server® 2008 operating system to support users worldwide. Microsoft IT found the solution easy to plan and deploy, especially because of built-in migration tools. The result is a set of Windows Server 2008 clusters that support more users through increased reliability and features.
Technical Case Study | IT Pro Webcast

To learn more about how Microsoft does IT, please visit

www.microsoft.com/technet/itshowcase

New Storage Designs for Exchange Server 2007 in Microsoft IT

Microsoft IT Showcase is pleased to announce the publication of New Storage Designs for Exchange Server 2007 in Microsoft IT, which discusses how Microsoft IT uses Exchange Server 2007 to enable large accounts to replace SAN with DAS solutions while maintaining high availability standards.

Exchange Server 2007 enables large accounts to replace SAN with DAS solutions and still maintain high availability standards. With 64 bit and lower IOPS, customers have the ability to go for lower cost storage technology. CCR enables high-availability with DAS. Disk-based backup solutions can enable IT organizations to eliminate tape backups and achieve associated cost savings.
Technical White Paper | IT Pro Webcast | WMA | MP3

To learn more about how Microsoft does IT, please visit

www.microsoft.com/technet/itshowcase

Microsoft Operations Framework (MOF) 4.0-a Comprehensive IT Service Lifecycle

We are pleased to announce that the MOF 4.0 Beta has been updated! We have updated the content based on customer and partner review and have added one new SMF (Team SMF).

Beta members can download the content now.

MOF 4.0 delivers practical guidance that connects concepts to everyday IT practices and activities, helping to establish reliable and trustworthy IT services that deliver business value. MOF 4.0 has evolved beyond operations to include the entire IT lifecycle-it's an integrated model that includes best practices from Microsoft Solutions Framework (MSF); governance, risk, compliance; planning activities; and management reviews. MOF 4.0 has also created a new structure for its SMFs that now emphasizes outcomes, results, and roles. With MOF 4.0 guidance, you'll be able to assess your customer's current IT lifecycle, prioritise processes of greatest concern, and apply proven principles and best practices to optimise planning, development, operation, and management of IT services.

Please send your comments and feedback to mof@microsoft.com.

 

Thank you!

 

MCS Ireland infrastructure team

Technet webcasts on Vista deployment techniques and App Compat

In May, there will be a series of new TechNet webcasts focusing on Windows Vista deployment:

• An Introduction to Microsoft Deployment Toolkit Tools

• Lite Touch Installation Using Microsoft Deployment Toolkit

• Zero Touch Installation Using Microsoft Deployment Toolkit and System Center Configuration Manager 2007

• Microsoft Deployment Toolkit Advanced Scenarios

• Microsoft Advanced Group Policy Management

 

Additionally, the below series of level 300-400 webcasts will help IT people to evaluate, test and mitigate applications for Vista compatibility:

• Making Windows Vista Application Compatibility Testing More Predictable with Effective Project Management

• Application Compatibility Toolkit

• Mitigating Application Issues Using Shims

• LUA Buglight

• Application Compatibility in 50 Days

Remote Server Administration Tools (RSAT) now released

Today we released the Remote Server Administration Tools (RSAT) to the web.  RSAT is the collection of Windows Server 2008 management tools which enable management of your Windows Server infrastructure from a PC running Windows Vista with SP1.

 

x86 download: http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960

x64 download: http://www.microsoft.com/downloads/details.aspx?FamilyId=D647A60B-63FD-4AC5-9243-BD3C497D2BC5

 

Below is the list of Windows Server 2008 administration tools which are included in RSAT:

Role Administration Tools:

· Active Directory Certificate Services (AD CS) Tools

· Active Directory Domain Services (AD DS) Tools

· Active Directory Lightweight Directory Services (AD LDS) Tools

· DHCP Server Service Tools

· DNS Server Service Tools

· Shared Folders Tools

· Network Policy and Access Services Tools

· Terminal Services Tools

· Uniiversal Description, Discovery, and Integration (UDDI) Services Tools

· BitLocker Drive Encryption Tools

· Failover Clustering Tools

· Group Policy Management Tools

· Network Load Balancing Tools

· SMTP Server Tools

· Storage Manager for SANs Tools

· Windows System Resource Manager Tools

The below tools are also able to be used to manage Windows Server 2003 servers as well:

· Active Directory Domain Services (AD DS) Tools

· Active Directory Lightweight Directory Services (AD LDS) Tools

· Active Directory Certificate Services (AD CS) Tools

· DHCP Server Tools

· DNS Server Tools

· Group Policy Management Tools

· Network Load Balancing Tools

· Terminal Services Tools

· Universal Description, Discovery, and Integration (UDDI) Services Tools

 

On a similar note - the RC release of the Hyper-V MMC tool is now available also. More info on the Virtualisation blog at http://blogs.technet.com/virtualization/

Download details: Windows Vista Product Guide

A comprehensive feature-by-feature guide to Windows Vista with Service Pack 1 is now available at the link below. This is essential reading for anyone deploying or using Vista in corporate environments.

Download details: Windows Vista Product Guide

Free support for Vista SP1 installs

SP1 support options are detailed at https://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11274&gprid=500921

Source article: Microsoft offers free support for Vista SP1 installs

Understanding the Value Proposition of the IT Lifecycle

Microsoft IT Showcase is pleased to announce the publication of Understanding the Value Proposition of the IT Lifecycle, which describes how the IT Lifecycle drives consistency and simplicity with a single set of standardized processes, provides a structured approach that fosters cross-team collaboration, and establishes a framework for standardized, repeatable process solutions, and governance.

Understanding the Value Proposition of the IT Lifecycle (Level 100)
Thursday, April 24, 2008 11:00 AM - 12:00 PM Pacific Time
Carol Zeumault, Senior Director, Microsoft Corporation
Learn about how IT can increase its value proposition by implementing the ITLC framework. Find out how to make the process actionable and align to business strategy.

To learn more about how Microsoft does IT, please visit us!

External:  www.microsoft.com/technet/itshowcase

 

The Developer Highway Code

Hi All,

DO YOU CARE ABOUT HELPING YOUR CUSTOMERS AND PARTNERS WRITE MORE SECURE CODE? PLEASE READ ON...

The Developer Highway Code, written by Paul Maher of DPE, is a concise handbook that captures and summarises the key security engineering activities that should be an integral part of the software development process. This companion guide should be a must for any Developer, Architect, Tester etc. undertaking software development...The book is presented in easy to read checklist form, covering essential guidance on writing and releasing secure code.

Developer Highway Code Statistics:

· 100,000 downloads and  20,000 printed copies in the community to date,

· Featured on the WW  Security Developer Center and adopted by corp. and major subs as essential security collateral,

· Available in both hard copy and electronic form - UPDATED WITH NEW CONTENT!!!

In case you are still not convinced, please read the following endorsements:

“The developer highway code is an innovative guide for ALL developers across the United Kingdom. The weakest link in any Security solution adopted by our customers will be exploited by irresponsible criminals worldwide. The developer highway code empowers developers with the detailed knowledge and practical steps they should take to avoid Security compromises. Now it’s up to EVERYONE in Microsoft Ltd working with customers or partners that have developers to spread the message on this exceptional resource.” Nick McGrath, Director Platform Strategy, Microsoft Ltd.

“Developers are a most critical component to a more safe computing experience for all computer users in the UK and around the world. Code written for a program or operating system, or process must be able to withstand the most aggressive attempts to ‘break it’.  From games to mission-critical operations, secure code will form the base for success or disaster.  The Developer Highway Code should be a required reading. Edward P Gibson, Chief Security Advisor, Microsoft Ltd

WHERE CAN YOU GET THE DEVELOPER HIGHWAY CODE?

Download full book only as a pdf or Download full book only as an xps

Network Access Protection - Microsoft Forefront Integration Kit - Beta Now Available!

Help your customers defend against malware with the Microsoft® Forefront™ Integration Kit for Network Access Protection

Your customers have deployed anti-malware software, but hackers might still find new ways to attack and penetrate their defenses. And if malware infects a network, it can spread with alarming speed, compromising or destroying mission-critical data, disrupting operations, and costing your customers’ organizations valuable time and money.

Your customers need a multi-layered defense strategy to defend against such attacks. They need a way to ensure their anti-malware software is healthy and providing maximum protection. And in the event of a successful attack, they need a way to quickly isolate and remediate compromised systems—before malware can spread. 

Here’s your chance to help your customers get an advance look at a solution that will help protect them from malware attacks. Invite them to join the beta program for the Microsoft Forefront Integration Kit for Network Access Protection.

The Microsoft Forefront Integration Kit for Network Access Protection helps customers defend against malware threats by integrating two key Microsoft security technologies: Forefront Client Security and the new Network Access Protection feature in Windows Server® 2008. 

The Kit helps protect customers by allowing them to configure health policies to monitor the state of Forefront Client Security in real time across their networks, and to remediate problems.

Configure

The Kit’s system health validator (SHV) establishes the Forefront Client Security health policies that will be enforced on every client.

For example, Forefront Client Security must be installed, it must be running, and its signatures must be up to date.

Monitor

The system health agent (SHA) component monitors in real time the health of all the clients on which it is installed to ensure they comply with the organization’s health policies.

Remediate

If the SHA detects a problem with a specific client computer, it will restrict that client’s access to prevent it from spreading malware to other computers. The SHA then works to remediate the client. After remediation, the client is allowed to access network resources.

The Kit provides these important benefits for your customers:

Boosts security. The Kit strengthens your customers’ malware defenses by integrating two key Microsoft security technologies: Forefront Client Security and Network Access Protection.

Saves time and reduces IT costs:  The Kit’s system health validator allows customers to quickly establish health policies for Forefront Client Security installations on all network clients. The system health agent automatically monitors the health of these installations network-wide, and remediates problems—freeing up scarce IT resources for other tasks.

Easy to deploy.  Customers can install and configure the Kit in just a couple of hours.

Tested.  The Kit is being tested in our labs and verified by customers and partners under real-world conditions. 

Free.  The Kit will be freely available on Microsoft TechNet.

To learn more about the Kit, sign in to the Microsoft Connect Web site. Or, to join the program, click here.