Andrew’s Tech*Ed Blog

No, I’m Not at the Pool!

Free eBook at Apress.Com

Anybody want a copy of the eBook “Silverlight 2 Visual Essentials” for free?

I picked up one of these coupons at Tech*Ed, and it looks like a generic coupon code.  So, if anyone would like it:

Go to:  http://www.apress.com/ebook/firstpress

Select the book mentioned above, and then use the following promotional code:  TECHED2008SL

June 12, 2008 Posted by | Tech*Ed 2008 | 1 Comment

Windows Server 2008 Hyper-V

Excellent session on the new Hypervisor architecture & features. Here are my notes from the session:

——————————–

Hyper-V is written for 64-bit throughout its entirety, and will NOT work and will never work on x86 machines.

Hyper-V can actually take advantage of up to a Terabyte of physical memory.

It is nothing like Virtual Server or Virtual PC, which are hosted solutions on top of Windows. Think of Hyper-V as sitting on top of the bare metal (sounds like VMWare ESX).

Architecture

  • At initial installation, Windows 2008 is just like Win2k, & Win2k3. If you want Hyper-V, then you simply check a check-box to enable it and reboot. Windows 2008 then reboots into Hyper-V. (See page 11 of attached presentation, and run it in slide-show mode to see the transitions)
  • You will need *at least* 2 network adapters on every Hyper-V machine, b/c it will saturate network bandwidth when you get 10-20 virtual machines on there.
  • Automatic failover clustering is built-in. If you have 15 vm’s running and the server comes down, you can have all of those vm’s migrate to another server seamlessly. (See page 14 of attached presentation)
  • What should you NOT run on Hyper-V?
    • Only apps that need more than quad-processors
    • Only solution that has something like a dongle that needs direct, physical machine access
    • Other than those, nothing! (SQL Server is fine!)

Virtualization Comparisons (with VMWare and Virtual Server 2005, R2)

  • See pages 42 & 43 of the attached presentation

Testing Out Hyper-V

So, how can you easily create a dev/test environment for playing with Hyper-V and checking out its capabilities? Here are specs for a cheap machine to use for this purpose:

  • Single Proc Quad Core
    • 2.4 GHz
    • 300 GB Drive
    • DVD-RW Burner
    • 1 Gb NIC
    • $700
  • 8 GB DDR2 800 MHz
    • $150
  • Two 500 GB SATA disks
    • $200 ($99 x 2)
  • Total: $1,050

hyper-v

June 12, 2008 Posted by | Tech*Ed 2008 | , , , , , , | Leave a comment

Sharepoint Support of Encryption

Ok – Well I went to a session that said “Q&A with Sharepoint Architects – A Panel Discussion”.

So, I tried my question again (hoping for better results than my last attempt in the community lounge).

Question:

  • I work in the financial services industry, and more and more of our customers are requiring that all of our data (primarily at rest) be encrypted.  We have a large investment in Sharepoint.  What options do we have in order to meet our customer’s security needs?

Answer:

  • Use SQL Server 2008 (when RTM’d), because its Transparent Data Encryption (TDE) will encrypt the database at the disc level.  This should address the “data at rest” part of the issue.
  • In order to address the transaction level security, use SSL between Sharepoint & SQL Server.

So, initial impression is that this may meet the needs for our customers, but will need to vet this out further with Speas.  Still need to work on how to prevent people from taking the data outa Sharepoint with them when data is not in a format covered by IRM.

FOLLOWUP:  So, What Exactly is Transparent Data Encryption in SQL Server 2008?

  Here’s the official verbiage from Microsoft:

“Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data “at rest”, meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.”

June 12, 2008 Posted by | Tech*Ed 2008 | , | 10 Comments

Differences between 2 different Tech*Ed’s this year

Well, this is the first year that Microsoft split up the annual Tech*Ed conference in order to appeal to 2 separate audiences … developers and IT Professionals.  Last week was the part of the conference that was targetting developers, and this is the week targetting IT Pros.

I’ve started to notice quite a difference in the level of expertise in the community lounges/areas this year.  I’ve asked several “experts” recommendations on things like “How can we address encryption concerns with data at rest while depending heavily on Sharepoint?”  I got answers like … “Sharepoint just uses whatever SQL Server supports, so maybe you should ask someone at the SQL Server area”.  When I explained that Sharepoint did not even support SQL Server 2005’s database encryption, the Sharepoint guy said “Oh, really, uh, I guess that is a Sharepoint issue, huh.”  Thanks for the help, dolt.

I also noticed that there are NO sessions that center/focus on Visual Studio.  Hmmm, I guess that makes sense – it’s a development tool, not an IT Pro tool.  But, I really got value out of much of that stuff last year.

It seems a lot clearer that a lot of material (and expertise) was pulled from the IT Pro part of Tech*Ed this year.

June 12, 2008 Posted by | Tech*Ed 2008 | , , , | Leave a comment

Upgrading to SQL Server 2008

 

This session was pretty good – primarily just touched on the stability of the current 2008 version of SQL Server, encouraging people to play with prebuilt VPCs before upgrading and even testing upgrades as they can.  Below are highlights of the upgrade discussion.

 

In-Place Upgrade

  • Instance name remains the same after upgrade
    • Existing instance is overwritten post-upgrade
  • pros
    • easier, mostly automated
    • generally fast overall process
    • system data upgraded
    • may require no additional hardware
    • apps remain pointing to same server/database name
  • cons
    • less granular control over upgrade process
    • instance remains offline during part of upgrade
    • not best practice for all components
    • complex rollback strategy (you’ve got to build a new box and restore backups, etc. … this will not be quick)

Side-by-side (migrate) Upgrade

  • Install new instance of SQL Server
  • Pros
    • more granular control over upgrade process (at the database level)
    • can be used to perform test migration (document process & gather metrics)
    • ability to run systems side-by-side for parallel runs
    • relatively straightforward rollback strategy
    • can leverage failover/switchover to reduce downtime
  • Cons
    • usually require additional hardware
    • server/database name changes (other ways to solve this problem, but will just take extra work)
    • not practical for VLDB (multiple terabytes) unless utilizing SAN

Other Core Components

  • Analysis Services
    • Simple in-place upgrade for 2005
    • Side-by-side upgrade for 2000
  • Reporting Services
    • In-place upgrade supported for 2005 and 2000, sp2.
    • No upgrade support for:
      • Report Server that uses a remote 2000 database
      • 2000 report server web service – endpoint de-supported
      • earlier versions of WMI provider
  • DTS
    • Simple in-place upgrade for 2000 and 2005
    • DTS packages are retained (need to run DTS Package Migration Wizard to migrate to SSIS format)
    • No 64-bit design/run time for DTS packages
    • No 32-bit design/run time support for DTS packages on Itanium based systems
    • Really, REALLY, consider re-writing or migrating DTS code to SSIS
      • 3rd party tools can be helpful (e.g. DTSXchange.com)

June 11, 2008 Posted by | Tech*Ed 2008 | | 2 Comments

IE8 Beta Experience

Just a quick followup to the IE8 post I published earlier.  Many of the Tech*Ed public terminals have IE8 beta 2 on them.  So, I thought, “Hey, I’ll check my work email real quickly”.  WRONG!

When using IE8 Beta 2, after you login to email.rmic.com, you have to re-login every time you double-click (to open) an email.  Man, that sucks!  Real Nice.

June 11, 2008 Posted by | Tech*Ed 2008 | , | 2 Comments

Migrating from LCS 2005 to Office Communications Server 2007

Pretty good session on upgrading/migrating from LCS to the new version of Office Communications Server 2007 (OCS).

The attached Powerpoint Presentation contains a lot of good information, best practices & links to other best practices.

Also – something that is VERY useful is the Communicator Web Access (CWA).  We really need to look into how we might be able to make this feature available in our environment at RMIC.  NOTE:  This exists in both LCS 2005 & OCS 2007.  In OCS 2007, however, the CWA client has full feature capabilities including multiple party chat/meetings.

 migrate_from_lcs_to_ocs2007

June 11, 2008 Posted by | Tech*Ed 2008 | , , | 2 Comments

Anna just showed up

Well, Anna finally showed up at Tech*Ed.  She stumbled over to where I am (I think she’s been drinking).  She said that she has posted about 10 blog entries, though.  Hmmm, don’t think I saw those.

🙂 … ok, had to have a little fun since she’s stressing out over here.  Don’t worry, Anna, Andy will take care of Countrywide.

June 10, 2008 Posted by | Tech*Ed 2008 | 2 Comments

IE8 – What’s New for the Enterprise?

 

So, this was a pretty good session.  Most of the guts are listed out below.  The areas I liked the most, which

 

Customer Trust

  • Phishing
    • IE7 – Phishing Filter included & International Domain Name protection (make sure you’re not fooled by international characters)
    • IE8 – the *actual* domain name is highlighted in the address bar after you click link in phishing email.

Security

  • Targeted Phishing Attacks
    • see above
  • Exploits in common ActiveX controls
    • IE7 – “opt-in” option so users approve the ActiveX control for use.
    • IE7 – ActiveX Kill Bits that allow control with known flaw to be prevented from loading in IE
    • IE8 – Per-User ActiveX contains risk to a single user account
    • IE8 – Per-site ActiveX allows developer to restrict the control to only their site/app (things like flash controls are on a pre-approved list)
  • Compromised Partner Site
    • IE7 – No protection
    • IE8 – Cross Domain Requests object ensures data is only shared after a mutual validation of identity
    • IE8 – Cross Document Messaging helps apps send messages between apps only after mutual validation of identity.

Group Policy

  • There’s over 1,300 policies in IE8
  • New features are exposed via group policy

Safari, Firefox and IE8 ALL support the same standards!

  • Decide when your business can afford to stop supporting IE6 & IE7 so you only have to support 1 browser standard (IE8).
  • IE8 will run in “standards” mode, by default, which adheres to only standards.  User can switch to IE7 compatibility mode if a site looks funky (b/c it was written for IE7, but IE8 rendered in standards mode).
  • Go to:  http://msdn.microsoft.com/iecompat to learn how developers can use the page/site compatibility meta tag so that it notifies IE8 that it has code specifically for IE7.  If you use the Meta tag, then user can leave browser in ‘standards’ mode and it will still render fine.

IS Dept can enforce the mode that IE8 uses via Group Policy.

  • You can use Group Policy Editor to set IE8 to IE7 mode if you need to.  That will override any end-user settings.  If end-user sets it to IE8 mode, it will still render sites using IE7 mode.  Very cool.

Crash Recovery (Very Nice)

  • Tabs now isolated into separate processes – one tab crashing does NOT bring down the browser
  • Crash recovery reloads tabs when they crash (like Firefox now)

Announcement regarding Slipstream

  • IE8 – Will be able to add IE8 to your current WinXP image!

Couple new user Features:

  • Activities – Highlight text, like an address, on page and you get a floating box with activities (like ‘translate’, ‘map’, ‘define’, etc.).  You can click to map the address, etc.
  • Webslices – allows you to subscribe to portions of websites and include them in your link bar.  Pretty cool.

June 10, 2008 Posted by | Tech*Ed 2008 | , , | 2 Comments

Forefront Security for Sharepoint

Current version of Forefront provides features like:

  • Scans for infected documents and has content filtering solution (can tell if user attempts to upload .mp3 files that have been renamed to .mp5, for instance)
  • Supports IRM protected docs & Open XML
  • Supports blocking/filtering files based upon both size & type … block .mp3’s > 5 MB.
  • Supports scanning of .zip files, detects prohibited file(s), removes offending file & re-zips package omitting the prohibited file.  (THIS IS PRETTY SLICK!)

Codename “Stirling”

  • Focus is on more enterprise security and support for MOSS & Sharepoint v014 (next version)
  • Unfortunately, no reference to support for encryption & sharepoint … obviously, not something within the Forefront space.

June 10, 2008 Posted by | Tech*Ed 2008 | , , , | Leave a comment

« Previous Entries