In most if not all enterprise customers most technology areas are driven by various teams responsible for a technology area. Some enterprise customers have more integrated technology teams then others. So how does this affect the common approach today of infusing virtualization into datacenters and building out a virtualization utility/service? To date this task has been assigned to a virtualization team or a virtualization expert in most companies folks that understand the virtualization technology well. This is reflective of the disruptive nature of the virtualization technology initially and companies reacted by creating teams to work on Virtualization. The virtualization projects started out small with Test/Development environments and expanded into production then into full blown virtualized datacenter projects.
So of course the datacenter existed long before the project to create a virtualization utility/service with various technology and process areas. Some will say the datacenter was lumbering along (no offense to present datacenter operations managers) with various issues and challenges and that virtualization is going to cure all the ills of the datacenters. I am a virtualization person and I love the virtualization technology and I happen to believe that virtualization capabilities have the potential to change how we build and use capabilities in the datacenter and beyond. Ok with that said without reference architecture of these new datacenters where virtualization is a key pillar we may miss some opportunities to completely realize all of the potential across datacenter service areas.
A Virtualization datacenter project should seek to review present datacenter capabilities determine gaps, leverage existing capabilities and redesign others that do not fully leverage or hinder the virtualization effort. What are some of the areas that have to be taken into account when embarking on this journey to build a virtualized datacenter? Well let's look at some of the services that a present day datacenter offers:
- Power and Cooling
- Systems/Service Management
- Backup services
- Disaster Recovery services
- Security Services
- Capacity services
- Storage services
Equipment Provisioning
- Servers
- Network devices
- Storage
- Backup devices
- Compliance services
So it is pretty clear that today's datacenters offer a range of complex services and you thought all it did was keep servers from being homeless. So a project to infuse virtualization as a core pillar has to seek to understand how virtualization impacts the various datacenters areas. I know what people are thinking, I already have virtual machines in production so this is a mute point. There is some production virtualization but very few projects that have truly looked at all of the datacenter areas and designed the area to fully leverage virtualization. This is an opportunity for datacenter architects and datacenter service owners to think and rethink how virtualization can affect some of the service areas in the datacenter. This exercise will help unlock potential that relooking at some of the services with virtualization capability in mind will provide. Some core areas to start are Storage and Business continuity areas that receive a lot of interest especially from the Virtualization community but have very little architecture patterns and practices. I look forward to your comments on this and experiences' looking deeper at datacenter services that Virtualization affects.
Allen Stewart
Principal Program Manager
Windows Server Group
Hopefully you get better presents than this, but if not, here are a couple of web casts I just did that you might be interested in:
Certificate Services Updates |
Amesh Mansukhani, Senior Product Manager, speaks with John Morello, Program Manager, Windows Server Division, about Windows Server 2008 and what's new with Certificate Services. John lists the four major pillars of Server 2008 for cryptography and certificate services, and they continue their conversation around the two biggest features—manageability and revocation—that will be impactful for customers. |
http://www.virtualteched.com/pages/videos.aspx
TechNet Webcast: Windows Server 2008 Terminal Services Security and Authentication (Level 300)
Are you looking to extend remote access to users on the road or at home? Learn how Windows Server 2008 Terminal Services can provide a solution. Join Microsoft Program Manager John Morello in this webcast as he provides an overview of Terminal Services Gateway and Terminal Services Authentication, and shows you how they can help take your business to the next level. Additionally, he demonstrates anywhere access to remote programs using single sign on (SSO).
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032355426&CountryCode=US
Because CRL validity is so important to the functionality of your PKI, it's important to have proactive monitoring of the validity of your CRLs. Particularly in situations where you're using smart cards for logon, having a CRL go stale can be a very disruptive experience to end users.
In my session at IT Forum in Barcelona this week, I'm showing some of the new manageability features of Certificate Services in WS08. One of the major investments for CertSrv in this release is manageability, including integration with MOM/SCOM. One of the features I'm demonstrating is the extensibility of SCOM to help with monitoring the freshness of CRLs. The following scripts can be used to alert you to the status of CRLs before they go stale, allowing you to avoid outages before they happen. They can be integrated with MOM/SCOM for centralized alerting and reporting or just run by themselves.
Here's how the scripts work:
- checkCrlFreshness.cmd calls wget.exe (you'll need to download this separately) and downloads the CRL from whatever location you specify
- checkCrlFreshness.cmd then calls compareNextUpdateToNow.vbs
- compareNextUpdateToNow.vbs calls certutil "nameOfCrl" and scrapes the NextUpdate: line from its output
- compareNextUpdateToNow.vbs then compares the hourly NextUpdate value to whatever value is passed by checkCRLFreshness.cmd when it calls compareNextUpdateToNow.vbs
- if the NextUpdate value is < the threshold value (i.e. the CRL's expiration is below your minimum value), an alert is written to the application log on the machine where the script is run
SCOM can then be leveraged to watch the event logs for this particular event and then alert or take whatever other action you've specified. Note that if you're running the scripts on Vista or WS08, you can also take advantage of the new Windows eventing infrastructure to run a task or send an email when the event occurs, without having to have MOM/SCOM involved at all.
The nice thing about this script is that it can easily work against any HTTP CDP. So, you can use it to monitor CRLs inside or outside of your organization, including those of partners or service providers that you might depend on.
Scripts are provided as is, us at your own risk, no support, etc, etc…
checkCrlFreshness.cmd
:: CRL freshness monitoring master script
:: downloads all relevant CRLs with wget, calls VBScript to compare NextUpdate time with current system time to determine freshness
:: John Morello, Windows Server Division
:: uses wget to download CRL; -r says to overwrite existing copy, -nH --cut-dirs=1 says to save in current directory (removes --cut-dirs value from end of URI)
:: wget must be in same directory as this script or in %Path%
wget.exe -r -nH --cut-dirs=1 "http://ws08rc0.pki.test/certenroll/pki-ws08rc0-ca.crl"
:: calls compareNextUpdateToNow.vbs to compare time difference between Now() and NextUpdate value in CRL
:: if difference is < the second parameter (in hours), compareNextUpdateToNow.vbs writes warning to AppEvent
cscript compareNextUpdateToNow.vbs "pki-ws08rc0-ca.crl" 336
compareNextUpdateToNow.vbs
' CRL date comparison script
' takes 2 command line parameters, the name of the CRL and the acceptable age threshold
' if NextUpdate time from CRL is not > acceptable threshold (or other error condition exists), writes event to AppEvent
' Robert Deluca, Windows Server Division
' John Morello, Windows Server Division
Option Explicit
' check if command line parameters were passed
If WScript.Arguments.Count < 2 Then
wscript.echo "Usage: cscript crldatecheck.vbs <CRL filename> <age threshold in hours>"
wscript.quit
End If
' assign params to variables
Dim CRLFilename
CRLFilename = WScript.Arguments.Item(0)
Dim ThresholdHours
ThresholdHours = CInt(WScript.Arguments.Item(1))
' Create wscript.shell object for exec
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
' Execute certutil
Dim oExec
Set oExec = WshShell.Exec("certutil """ & CRLFilename & """")
' Wait for certutil to finish running
Do While oExec.Status = 0
wscript.sleep 100
Loop
' Read certutil output until end of stream or found the NextUpdate: line
Dim DateString
Dim Found
Found = false
Do While (Not Found) And (Not oExec.StdOut.AtEndOfStream)
DateString = oExec.StdOut.ReadLine
Found = instr(DateString,"NextUpdate: ") = 1
Loop
' exit if the proper line wasn't found
Dim NoNextUpdateFoundMessage
NoNextUpdateFoundMessage = "Failure to read Next Update time from CRL."
If Not Found Then
wscript.echo "Failure to read Next Update time from CRL."
WshShell.LogEvent 2, NoNextUpdateFoundMessage
wscript.quit
End If
' remove the header from the line
DateString = Replace(DateString,"NextUpdate: ","")
' exit if the rest of the string isn't recognized as a date
If Not IsDate(DateString) Then
wscript.echo "Date not recognized as valid."
wscript.quit
End If
' convert the string to a date variable
Dim d
d = CDate(DateString)
' calculate hours until NextUpdate
Dim HoursUntilUpdate
HoursUntilUpdate = DateDiff("h",Now,d)
' display update and threshold information
Dim Message
Message = "Next CRL update is in " & HoursUntilUpdate & " hours. Threshold is " & ThresholdHours & " hours."
wscript.echo Message
' update time is below acceptable threshold, write message to screen and event log
If HoursUntilUpdate < ThresholdHours Then
wscript.echo "Time is below acceptable threshold! Writing warning to event log."
WshShell.LogEvent 2, Message
Else
wscript.echo "Unknown failure! Manually verify CRL and diagnose run time failure."
WshShell.LogEvent 2, Message
End If
wscript.quit
Pete Rivera is the Windows Team Lead on one of our DoD support teams and we've been working together on a NAP project. In addition to being a master of style and male fashion, Pete also puts together some great guidance for his customers. Recently, he wrote a detailed description of all the various logging capabilities that you might ever need to use to debug a NAP problem. Thanks, Pete!
- NPS has various places where it does logging and/or creates a log… First off we do accounting IAS logging of the NPS status and network connection process data in %windir%\system32\LogFiles, but it can be configured to an alternative location. The log is:
IN<date>.log
2. Secondly we also can do SQL logging to a SQL 2k or SQL 2k5 database. This is used for logging user authentication and accounting requests: Logs user authentication and accounting requests in a stored procedure in a SQL Server 2000 or SQL Server2005 database. Request logging is used primarily for connection analysis and billing purposes. It is also useful as a security investigation tool, providing a method of tracking down the activity an attacker.
3. Likewise you can enable debug trace logging via netsh and this can be used to help provide detailed information about the Network Policy Server operation when NAP policies are configured: Netsh ras set tr * en
%windir%\Tracing\IASNAP.log
4. In addition this enabled a slew of other IAS/RAS related logs in the same folder (i.e.: IASSAM.LOG, IPSEC etc ):
%windir%\Tracing\*.log
5. You also have Event Logs. These provide a lot of info about the operation of NAP and connecting clients but is used primarily for auditing and troubleshooting connection attempts. Depending upon your build they are either in the SYSTEM (B3) log and/or the security log (RC0). There is also the Network Access Protection event log which you'd find on NAP clients.
6. On the client side we can enable NAP client Debug Tracing logs as well. This is enabled either via netsh or via the NAP client Configuration snap-in. It's an ETL file which is generated only by using logman… so you'll need to do a logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o %systemroot%\tracing\nap\QAgentRt.etl –ets in order to turn start .etl generation.
7. likewise we can also do WHSA tracing for NAP also… the trace GUID is 789e8f15-0cbf-4402-b0ed-0e22f90fdc8d
8. DHCP QEC tracing…
Netsh dhcpclient trace enable. This command enabled QEC tracing and the trace files will be generated at %WINDIR%\System32\LogFiles\WMI\DHCP*.*
9. EAPHost Tracing for 802.1x
Trace logs containing debugging information can assist users in finding the root causes of issues that occur during the EAP authentication process. The debugging information can include API calls performed, internal function calls performed, and state transitions performed. Tracing can be enabled on both the client side and the authenticator side.
When EAPHost tracing is enabled, logging information is stored in an .etl file in a user-specified location. Tracing generates an .etl file.
10. EAPHost Tracing for 802.1x (client side)
To enable tracing on the client side:
Run the following command: logman start trace EapHostPeer -o .\EapHostPeer.etl -p {5F31090B-D990-4e91-B16D-46121D0255AA} 0x4000ffff 0 -ets
Run the following command: logman stop EapHostPeer -ets
Convert the etl file into text using the following command: tracerptEapHostPeer.etl –pdb <pdbpath> -tp <tracemessagefilesdirectorypath> -o EapHostPeer.txt
11. EAPHost Tracing for 802.1x (Authenticator side)
To enable tracing on the authenticator side:
Run the following command: logman start trace EapHostAuthr -o .\EapHostAuthr.etl -p {F6578502-DF4E-4a67-9661-E3A2F05D1D9B} 0x4000ffff 0 -ets
Run the following command: logman stop EapHostAuthr -ets
Convert the etl file into text using the following command: tracerptEapHostAuthr.etl –pdb <pdbpath> -tp <tracemessagefilesdirectorypath> -o EapHostAuthr.txt
12. The we have the SCCM related logging specific to the SCCM SHA and shv. The Configuration Manager 2007 client computer log files are found, by default, in %windir%\CCM\Logs. For client computers that are also management points, the log files are found in %ProgramFiles%\SMS_CCM\Logs.
13. Ccmcca.log
This file logs the processing of compliance evaluation based on Configuration Manager NAP policy processing. It also contains the processing of remediation for each software update required for compliance.
14. locationservices.log
This log is used by other Configuration Manager features (for example, information about the client's assigned site), but it also contains information specific to Network Access Protection when the client is in remediation. It records the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health.
15. SMSSha.log
This is the main log file for the Configuration Manager Network Access Protection client, and it contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA).
This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the computer compliance agent and location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.
16. CIAgent.log
This tracks the process of remediation and compliance. However, the software updates log file, Updateshandler.log provides more informative details on installing the software updates required for compliance.
17. SDMAgent.log
This log file is shared with the Configuration Manager feature desired configuration management, and it also contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log provides more informative details about installing the software updates required for compliance.
- On the server side for the System Health Validator point, you should first check the Windows Application event log on the Windows Network Policy Server computer. This log will record any failure categories and errors with the source being SMS_SYSTEM_HEALTH_VALIDATOR. These are also raised as Configuration Manager status messages. Otherwise More detailed logging information can be found in the Configuration Manager logs and the System Health Validator point log files are located in %systemdrive%\SMSSHV\SMS_SHV\Logs.
19. Ccmperf.log
This log contains information about the initialization of the System Health Validator point performance counters.
20. SmsSHV.log
This is the main log file for the System Health Validator point. It logs the basic operations of the System Health Validator service, such as the initialization progress.
21. SmsSHVADCacheClient.log
This log file contains information about retrieving Configuration Manager health state references from Active Directory Domain Services.
22. SmsSHVCacheStore.log
This log file contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file.
23. SmsSHVRegistrySettings.log
This log is used to record any dynamic changes to the System Health Validator component configuration while the service is running.
24. SmsSHVQuarValidator.log
This log file records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location:
HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL
25. <InstallationPath>\Logs\SMSSHVSetup.log
This log file records the success or failure (with failure reason) of installing the System Health Validator point.
A customer I work with recently wanted to have a scriptable method to take any given CRL and determine the total number of revoked objects it contains. Luckily, certutil combined with your favorite findstr / grep / regex application can do this quite easily:
certutil.exe –dump <CRLFileName>| findstr "Entries"
The output will be a numerical count of the total number of revoked items. Note that this doesn't need to be run from a CA, nor does it have any dependencies on the issuer's chain.
Allen Stewart from the Windows Server Division (WinCat) team. I spend a lot of time with companies that are deploying a virtualized architecture for Datacenters and Branch offices. Some of the technologies leveraged in these scenarios, capacity planning tools, workload migration technologies, P2V, V2V, High Availability, virtualization management, virtual machine backup/snapshots and service oriented management. While the technologies are well understood one thing has been pretty fluid is the administration model for the virtualized environment. Lets dive in there does not seem to be a consistent model some companies have taken the approach of keeping things the same way as the physical environment, others have created a virtualization group and assigned them the task of managing the virtual world. I understand both schools of thought, the virtual world should not change the administration model, or the virtual world is so disruptive and demands new skills, approaches that we need a group directed at the technology. So what I am really interested in is the administration model that will win out and your thoughts on the topic because this should drive flexible administration models in virtualization products.
So in the centralized approach Tier 1 and Tier 2 have complete rights to the environment and handle activities like VM creation from templates, deleting VM'S, starting/stopping, workload migration. The Engineering team handles, virtualization product evaluation, environment build out, creating standard VM builds/templates.
Tier 1 Support – Initial call support and case management
Tier 2 Support- Escalation deep troubleshooting
Windows Server Engineering/Dedicated Virtualization Team – Escalation deep troubleshooting/environment design changes.
Certain environments like branch offices and test/dev labs may dedicate a different model where Virtualization tasks and activities are delegated to business units or IT in branch offices. I am not going to cover the scenario where there is decentralized IT and each business unit does their own engineering (that to me still looks like the model above abet more political). In the branch office scenario you can still manage centrally but in the case where you have an IT person in the branch this forces delegation of activities. In this case it seems the activities that get delegated the most are the same as Tier 1 and Tier 2 personnel. So this starts to look and feel like the Active Directory Organization Unit delegation model a person is able to handle virtualization tasks in single or multiple sites with the central IT group having complete access. Please send in comments on how your virtualization environment is structured and any ideas you have on how you feel the administration model should be structured. My next blog will cover virtualization administration roles another fun topic on this path, thought being do we create specific in box roles or just leave it completely, flexible. Also, next in that path is assigning roles to tasks in the new Virtual Datacenters.
Allen Stewart
Principal Program Manager
Windows Server Division
Jeff Sigman (NAP Release Manager) just added a post I wrote to the NAP blog about an upcoming customer webcast. If you weren't able to make it to TechEd, you probably missed the session that fellow WinCAT PM Pat Fetty did with Hunter Ely, who is charge of Louisiana State University's IT security technology and is one of our NAP TAP customers. Pat and Hunter's session covered LSU's architecture, deployment process, and lessons learned. So, if you've wanted to hear some real world experiences on NAP, tune into the web cast.
Morello
Most of the WinCAT team will be at TechEd next week delivering sessions and answering questions. Here's an overview of who's doing what when and where.
Robert DeLuca (identity management)
Working at the various Active Directory and Identity Lifecycle Manager booths.
Pat Fetty (NAP and networking)
Working at the NAP booth and delivering the following:
SEC320 - Network Access Protection: Real World Customer Case Studies and Discussions
Tuesday, June 5 1:00 PM - 2:15 PM, N220 E
Speaker(s): Hunter Ely, Pat Fetty
Network Access Protection (NAP) is a policy-based network health solution that is built into Microsoft Windows Server codename "Longhorn", expected to ship in 2007. NAP is being tested in its beta form by several customers around the world who have deployed the solution on their production network and have seen tremendous benefits. Microsoft has written up case studies on some of these customers and these are the main topic of discussion in this presentation.
Track(s): Security, Windows Server Infrastructure
Level: 300
John Morello (security and anywhere access)
Working at the IPsec and PKI booths and delivering the following:
SVR04-TLC - Deploying Terminal Services in Windows Server 2008
Monday, June 4 1:15 PM - 2:30 PM, Yellow Theater 1
Speaker(s): John Morello, Bernhard Tritsch
Discuss new Terminal Services features and explore deployment architectures and decision points and the importance of x64. Learn best practices for implementing TS RemoteApp™, TS Gateway, TS Web Access and TS Easy Print. This will be a highly interactive session and is your chance to get answers to your key questions.
Track(s): Windows Server Infrastructure
SVR13-TLC - Using Microsoft SoftGrid Application Virtualization with Terminal Services
Tuesday, June 5 4:30 PM - 5:45 PM, Yellow Theater 3
Speaker(s): Chad Jones, John Morello
Learn how SoftGrid for TS enables consolidation of terminal servers, reduced downtime, improves time to solution. Learn best practices for implementing SoftGrid on TS and interoperability with SoftGrid for Desktops and the SoftGrid SMS connector. This is a highly interactive session and is your chance to get answers to your key questions.
Track(s): Windows Server Infrastructure
SVR322 - Microsoft Windows Server Network Policy Server Fundamentals
Wednesday, June 6 10:15 AM - 11:30 AM, N320 E
Speaker(s): John Morello
The Network Policy Server—formerly known as Internet Authentication Services (IAS)—is a core component of a number of networking and security solutions. These include secure wireless, VPN, and Network Access Protection. This session covers NPS fundamentals such as the product architecture, policy management, deployment planning, and on-going operations. Live demonstrations are used extensively to illustrate key concepts and advanced troubleshooting.
Track(s): Windows Server Infrastructure
Level: 300
Allen Stewart (virtualization and dynamic datacenter)
Working at the Virtual Server / Windows Server Virtualization booth.
it's official, Windows Server 2008 (a.k.a Longhorn) was announced at WinHEC in Los Angeles. They keynote has a few cool demos and can be watched here (Windows 2008 details starts around 26 mins). Eweek has done a good summary of the launch; I love their title – Microsoft: Hardware Trends Create 'Perfect Storm'. Have few mins, you can take it for a spin using the TechNet Virtual labs.
.
Timing is everything. About a week after the TechNet podcast went live, the Channel9 video did too. Check it out at http://channel9.msdn.com/Showpost.aspx?postid=307679. If you'd like to learn more about the PKI concepts I talk about in the video, you can check out Oded Ye Shekel's presentation at TechEd in Orlando next month (SVR305 - PKI Enhancements in Microsoft Windows Vista and Windows Server 2008). Speaking of TechEd, the whole WinCAT team will be in Orlando to deliver various sessions and chalk talks. So, if you see one of us, feel free to stop and say hello.
I've written a number of articles for TechNet magazine over the past year (http://search.live.com/results.aspx?q=morello+site%3Amicrosoft.com%2Ftechnet&mkt=en-us&FORM=LVCP) and they recently interviewed me for their monthly podcast series. The article from the April issue was focused on the Security Configuration Wizard and the first part of the podcast covers that. We also talk about smart cards, HSPD-12, and how we used Groove during Katrina. Check out the podcast here: http://www.microsoft.com/technet/technetmag/podcast/default.aspx. My part starts around the 9 minute mark.
-John Morello, WinCAT security PM
Allen Stewart from the WinCat team I focus on the Datacenter from an Architecture standpoint across many technologies and I have expertise in Virtualization Technologies as well. Service Oriented Applications, Real Time Infrastructure. Service Oriented Infrastructure is all new buzz words to describe various application and infrastructure design approaches for the datacenter. Add the various Virtualization technologies: Hardware, Application, Storage, Network, Presentation and Virtualization management into the mix of technologies for someone looking at changing, implementing or redesigning a datacenter it is an exciting time.
In today's datacenter are we just adding technologies to solve today's problems or are we retrofitting the datacenter one disruptive technology at a time? Take for instance Hardware Virtualization (I will not preach about all of the benefits we know them well) it changes the way we provision, manage and allocate resources in the datacenter. As I work with customers it becomes apparent in some cases that Virtualization has been deployed without looking at things like what is the over arching impact to various datacenter services. Take for instance what is the Storage Architecture required to support the Virtual environment especially as virtualization makes workloads portable between servers. In addition, what are the types of servers we should be purchasing there are various camps blades, larger multiple core machines with Virtualization as the partitioning technology that allows the best server asset utilization. What are the management/security requirements for the virtualized world are they so different then the physical world?
As you see there are lots of things to think about and incorporate. I have been working with customers architecting Virtualization solutions with Microsoft Virtualization technologies and have taken various architectural approaches. I look forward to hearing your comments and sharing some design decisions with you from various customer scenarios. Here are some areas for us to explore:
Patch Management in the Virtualized datacenter
Capacity planning in the Virtualized datacenter
Storage architecture in the Virtualized datacenter
Business Continuity in the Virtualized datacenter
Configuration management in the Virtualized datacenter
Allen Stewart
Principal Program Manager
Windows Server Division
Little late on this post, nevertheless, it is great news for the Server Division and our customers. The highly anticipated release of Longhorn Server Beta3 is available as of yesterday. Beta3 is a big deal, it is a public release and is feature complete! Beta3 enables some of the coolest scenarios purely based on our customer feedback. The 60 second pitch is:
- PowerShell – play around for five minutes, you will wonder how you lived without this awesome scripting functionality.
- Server Manager – one stop shop to provisioning and managing server roles.
- Internet Information Services (IIS) 7.0 – next gen web and app platform
- Server Core – more roles, low footprint, no GUI!
- Terminal Services Gateway – access your apps with TS web gateway.
- Failover Clustering – improved cluster management, security, and stability.
- Network Access Protection – keep your network safe from un-healthy clients.
- Read-Only Domain Controller – ideal for branch offices.
Below are download links for the available ISOs:
We hope you can take the new scenarios for a spin and provide us feedback using the "Customer Scenario Voting" tool. In this tool you can "vote" on the scenario, tell us your experience, importance, etc. Trust me, we are actively monitoring your feedback. Get started, get the product, give it a spin, keep the feedback coming.
There are few webcasts coming up that will cover various topics in Longhorn Server. Be sure to check out the calendar.
Hello from Windows Server, I am Ram Papatla, the new GPM of the Windows Customer Advisory Team (WinCAT)! Chris McCarron has moved on as an Architect within the Server Division few months ago. I’ve been in the Server Division for the last 8 years and worked on various projects in Windows 2003, R2 and upcoming Longhorn Server and also deploying our technology across hosters, enterprise customers.
Below is a short summary of my team and focus areas.
Who are we?
We are subject matter experts and trusted advisors to customers and engineering teams for complex deployments using Windows Server workloads. Workloads usually comprise of one or more roles are aligned to how our customers deploy/use servers in their business. An example of workload is Security which comprises of several roles like PKI, Remote Access, etc. The team is non-Redmond focused so we have better customer coverage.
What is our typical week look like?
We split our time doing inbound vs outbound work. Inbound work is to obviously support the workloads from an engineering (customer) feedback perspective – reviewing specs, features, driving cross-group design sessions, presenting customer feedback for product enhancements. Our outbound work includes representing the engineering team at key customer deployment, architectural issues, support our consulting arm for complex projects and be the voice of the engineering team at key public events.
Members and workload alignment
The focus areas for each member of the team are:
- Software as a Service for Windows Server – Ram Papatla
- Application Server – Open head count
- High Performance Computing – Open head count
- Datacenter Consolidation – Allen Stewart
- Identity and Identity Lifecycle – Robert DeLuca
- Security – John Morello
- Network Health – Pat Fetty
I have two open positions for Application Development and High Performance Computing workloads. The job postings can be found here. We welcome your interest or referrals.
I promise to keep the blog fresh and updated with lots of good content from our side.
I'm John Morello, the WinCAT PM for security and anywhere access which encompasses a lot of interesting Microsoft technologies, like Terminal Server, Forefront Edge, and the Certificate Server. I've been a frequent contributor to TechNet magazine on these topics so you may have read some my articles. Just a couple of hours ago, I was interviewed by Charles Torre at Channel9 to discuss PKI and crypto improvements in Vista and Longhorn. There's a long list of improvements, including built in OCSP support, CA clustering, CAPI2 diagnostics, and SCOM management pack support, just to name a few. I'm working on an article for a future issue of TechNet to cover these topics in more detail and we'll update the blog once it's online. I'll also post once Charles puts the video online.