Gilham Consulting Microsoft Solutions Notepad

SharePoint 2010 Search Features (Including FAST)

MOSS-04\john — Wed, 01 Sep 2010 16:10:27 GMT

Body:

Here are some of my top capabilities offered with FAST for SharePoint 2010:
1. Preview of PowerPoint slides and Word document thumbnail. When search results are returned for PowerPoint presentations, you have the ability to flip through the slides using a previewer built in Silverlight. For Word documents, you are able to view a thumbnail of the first page in the document.

2. Deep refiners and counts. These are very powerful. Rather than having to do advanced searches and use Boolean search operators, both of which SharePoint and FAST search supports, the refiners allow you to easily view and drill into your search results. For example, refiners can be used to filter the search results to see just PowerPoint presentations or documents modified within the past month. The experience is very similar to what consumers are used to on Bing. FAST for SharePoint 2010 also includes counts in the refiners so you know before you drill deeper that there are 5 documents that were modified in the past month in the example below.

3. Entity extraction is a capability that FAST provides to enable you to automatically build search refiners for content even if that content has not been explicitly tagged with metadata properties. This becomes important in many cases especially when you are indexing older content (e.g. on a file share) and don’t have the time/resources/money to tag all of the documents to have nice refiners to improve the search experience. A good example of this feature in action is the Financial Times web site.
4. Tremendous scale: both SharePoint standard and FAST for SharePoint 2010 have been improved for high availability and scalability. SharePoint 2010 standard search is able to scale up to approximately 100 million items. FAST for SharePoint 2010 is designed to handle over 500 million items.
5. Pipeline customization and search relevancy and tuning: There are many options for tweaking and refining the search engine in terms of the content sources and types it can crawl; how relevancy is handled (e.g. promote/demote certain content sources or documents); have search audience targeting; and to use key words and best bets (e.g. similar to how Bing allows advertisers to show sponsored links or to have selected content always show at the top of the search results page).
Want to go deeper on SharePoint 2010 search? Check out these resources:

SharePoint enterprise search overview: Learn more about SharePoint enterprise search. Includes some end user demos and whitepapers.
SharePoint Server 2010 Search Evaluation Guide: Detailed feature comparison for end user, administration and development.
Product Comparison: Compare the functional differences between the different search offerings from Microsoft.
SharePoint Search Datasheet: Good summary overview of the SharePoint search solutions.
Enterprise Search resource center: Your starting point on TechNet for all technical things related to SharePoint enterprise search solutions from Microsoft. This includes links to virtual labs, technical whitepapers, reference architectures and blogs.
MSDN resources: The Microsoft Developer Network (MSDN) provides a number of training videos and code samples for developing and extending custom search solutions based on SharePoint.

Keep an eye out for more technical training and resources on FAST for SharePoint 2010.

SharePoint 2010 Search - Chris Bortlik's Blog - Site Home - TechNet Blogs

Published: 9/1/2010 9:10 AM

Remote Desktop Connection Manager (RDCMan)

MOSS-04\john — Wed, 30 Jun 2010 16:07:52 GMT

Body:

RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated checkin systems and data centers. It is similar to the built-in MMC Remote Desktops snap-in, but more flexible.

Download details: RDCMan

Published: 6/30/2010 9:07 AM

SharePoint Server 2010 Product Licensing Details

MOSS-04\john — Wed, 30 Jun 2010 16:00:13 GMT

Body:

You can use SharePoint 2010 to set up intranet, extranet, and Internet sites. Intranet sites are licensed using a Server/CAL (Client Access License) model. SharePoint Server 2010 is required for each running instance of the software, and CALs are required for each person or device accessing a SharePoint Server. Extranet and Internet sites are licensed using a Server-only model—no CALs are required. For more information on licensing models, see Licensing Details.
SharePoint Server 2010: Intranet Scenarios
Client Access License
The Standard CAL delivers the core capabilities of SharePoint 2010:

Sites: A Single Infrastructure for All Your Business Web Sites

Communities: An Integrated Collaboration Platform

Content: ECM for the Masses

Search: Relevance, Refinement, and People (excludes FAST Search)

Composites: Do-It-Yourself Business Solutions (excludes Access Services and InfoPath Services)

Enterprise Client Access License
The Enterprise CAL delivers the full capabilities of SharePoint 2010:

Sites: A Single Infrastructure for All Your Business Web Sites

Communities: An Integrated Collaboration Platform

Content: ECM for the Masses

Search: Relevance, Refinement, and People includes FAST Search)

Composites: Do-It-Yourself Business Solutions (includes Access Services and InfoPath Services)

Insights: BI for Everyone (includes PerformancePoint Services, Excel Services, and Visio Services)

Note that the Enterprise CAL is additive: To access the Enterprise edition features, a person/device must have both the Standard CAL and Enterprise CAL. Below is a detailed comparison of specific features available in SharePoint Foundation, Standard & Enterprise CAL.
Foundation:
Accessibility
Audience Targeting
Blogs
Browser-based Customizations
Business Connectivity Services
Business Data Connectivity Service
Claims-Based Authentication
Client Object Model (OM)
Configuration Wizards
Connections to Microsoft Office Clients
Connections to Office Communication Server and Exchange
Cross-Browser Support
Developer Dashboard
Discussions
Event Receivers
External Data Column
External Lists
High-Availability Architecture
Improved Backup and Restore
Improved Setup and Configuration
Language Integrated Query (LINQ) for SharePoint
Large List Scalability and Management
Managed Accounts
Mobile Connectivity
Multilingual User Interface
Multi-Tenancy
Out-of-the-Box Web Parts
Patch Management
Permissions Management
Photos and Presence
Quota Templates
Read-Only Database Support
Remote Blob Storage (SQL Feature)
REST and ATOM Data Feeds
Ribbon and Dialog Framework
Sandboxed Solutions
SharePoint Designer
SharePoint Health Analyzer
SharePoint Lists
SharePoint Ribbon
SharePoint Service Architecture
SharePoint Timer Jobs
SharePoint Workspace
Silverlight Web Part
Site Search
Solution Packages
Streamlined Central Administration
Support for Office Web Apps
Unattached Content Database Recovery
Usage Reporting and Logging
Visual Studio 2010 SharePoint Developer Tools
Visual Upgrade
Web Parts
Wikis
Windows 7 Support
Windows PowerShell Support
Workflow
Workflow Models
Standard:
Ask Me About
Basic Sorting
Best Bets
Business Connectivity Services Profile Page
Click Through Relevancy
Colleague Suggestions
Colleagues Network
Compliance Everywhere
Content Organizer
Document Sets
Duplicate Detection
Enterprise Scale Search
Enterprise Wikis
Federated Search
Improved Governance
Keyword Suggestions
Managed Metadata Service
Memberships
Metadata-driven Navigation
Metadata-driven Refinement
Mobile Search Experience
Multistage Disposition
My Content
My Newsfeed
My Profile
Note Board
Organization Browser
People and Expertise Search
Phonetic and Nickname Search
Query Suggestions, "Did You Mean?", and Related Queries
Ratings
Recent Activities
Recently Authored Content
Relevancy Tuning
Rich Media Management
Search Scopes
Secure Store Service
Shared Content Types
SharePoint 2010 Search Connector Framework
Status Updates
Tag Clouds
Tag Profiles
Tags
Tags and Notes Tool
Unique Document IDs
Web Analytics
Windows 7 Search
Word Automation Services
Workflow Templates
Enterprise:
Access Services
Advanced Content Processing
Advanced Sorting
Business Data Integration with the Office Client
Business Data Web Parts
Business Intelligence Center
Business Intelligence Indexing Connector
Calculated KPIs
Chart Web Parts
Contextual Search
Dashboards
Data Connection Library
Decomposition Tree
Deep Refinement
Excel Services
Excel Services and PowerPivot for SharePoint
Extensible Search Platform
Extreme Scale Search
InfoPath Forms Services
PerformancePoint Services
Rich Web Indexing
Similar Results
Thumbnails and Previews
Tunable Relevance with Multiple Rank Profiles
Visio Services
Visual Best Bets

SharePoint Server 2010 Product Line-up - Gurmeet Singh's SharePoint 2010 Blog - Site Home - TechNet Blogs

Published: 6/30/2010 9:00 AM

Manage Windows 7 Power Options from the Command Line

MOSS-04\john — Sat, 12 Jun 2010 19:12:30 GMT

Body:

Windows 7 includes the Power Configuration utility (Powercfg.exe) for managing power options from the command (CMD) line. You can view a list of parameters for this utility by typing powercfg /? at a command prompt. The parameters you’ll work with most often include:

–a Lists the available sleep states on the computer and the reasons why a particular sleep state is not supported.
–d [guid] Deletes the power plan specified by the globally unique identifier (GUID).
–devicequery all_devices_verbose Lists detailed power support information for all devices on the computer. Be sure to redirect the output to a file because this list is very long and detailed.
–energy Checks the system for common configuration, device, and battery problems and then generates an HTML report in the current working directory.
–h Toggles the hibernate feature on or off.
–l Lists the power plans configured on a computer by name and GUID.
–q [guid] Lists the contents of the power plan specified by the GUID. If you don’t provide a GUID, the contents of the active power plan are listed.
–requests Displays all power requests made by device drivers. If there are pending requests for the display, these requests would prevent the computer from automatically powering off the displays. If there are pending requests for any device including the display, these requests would prevent the computer from automatically entering a low-power sleep state.
–s [guid] Makes the power plan specified by the GUID the active power plan.
–x [setting] [value] Sets the specified value for the specified setting in the active power plan

Published: 6/12/2010 12:12 PM

Download details: Windows Phone 7 Training Kit for Developers - April 2010 CTP

MOSS-04\john — Sun, 23 May 2010 18:22:23 GMT

Body:

Windows Phone 7 Series promises to be an amazing mobile phone operating system given its innovative user interface and functionality, as well as its great development platform upon which you can quickly and easily build games and applications. With a myriad of new devices, a powerful and immersive software platform, and a new marketplace to attract developers and provide easy access to applications, consumer demand for Windows Phones will be high, and developers will quickly adopt the Windows Phone platform to capitalize on this growing mobile marketplace. This Training Kit will give you a jumpstart into the new Windows Phone world by providing you with a step-by-step explanation of the tools to use and some key concepts for programming Windows Phones.

Download details: Windows Phone 7 Training Kit for Developers - April 2010 CTP

Published: 5/23/2010 11:22 AM

GoGrid Dedicated and Virtual Server Hosting Review – Cool Concept, but Poor Technology and Service.

MOSS-04\john — Sun, 07 Mar 2010 04:26:45 GMT

Body:

I wanted to tell you a few brief things about GoGrid server virtual or dedicated server hosting.I don’t talk much about hardware infrastructure on this blog. I’m looking for the day of utility based computing that companies are bringing to market (Azure being one of them from Microsoft) where the platform owner can take responsibility for the implementation.

In the meantime, customers need a hosting system that can run traditional windows applications, as well as evolve to integrate with cloud services. I started using GoGrid after one of my customers needed Agile computing infrastructure for their national chain of gym’s. It looked great on paper, hybrid hosting of virtual or dedicated systems…with API to handle future load demands. The reality turned out behind their flashy management application, the server reliability was really lacking.

GoGrid such a frustrating experience over the years…I must recommend that no business should use GoGrid or ServePath for virtual or dedicated servers due to completely unreliable server and billing infrastructure…two key areas your infrastructure partner needs to excel at. Some issues I experienced we’re:

6 Incidents of 3 day+ downtime due to multiple machines blue screening using their overloaded HyperVisors or other system errors. 3-4 servers running completely different windows applications would blue screen out of 20 servers. I’ve run 26 Hyper-V instances on a server for 2 years months without a blue screen.
I notified GoGrid of a billing problem on my account that caused it not to bill my credit card for over 8 months. They ignored my requests for 6 months after I notified them on the second month they failed to bill my card. Then they billed my card $1,800 without any warning. While we don’t have issues with them collecting they’re fees, they could have at least warned customers of a large pending charge…especially when I notified them of a problem of their buggy bill system.
They run their dedicated “server hardware” with Shuttle PC’s. I have nothing against shuttle, they we’re my first home built Microsoft Media Center…but not quite the speed needed for server class processing and reliability.
They’re answer to every root cause of the issue was to buy a more expensive virtual machine with more memory.
I have spoken to both the director technical support and business development on numerous occasions about these issues. Their explanations over the years has been they are a “small and growing business” and took weeks to return my email regarding a billing issue we’re they charged my 8 times my normal bill amount.

I recommend Microsoft Azure or EC2 for customers that need reliability and great service for their cloud platform infrastructure…anything but GoGrid.

Published: 3/6/2010 8:26 PM

Clustering Remote Desktop Connection (RDC) Broker for High Availability when Deploying Microsoft VDI

MOSS-04\john — Sat, 22 May 2010 04:30:04 GMT

Body:

A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The clustered servers (called nodes) are connected by physical cables and by software. If one of the cluster nodes fails, another node begins to provide service (a process known as failover). Users experience a minimum of disruptions in service.
This guide describes the steps for configuring Remote Desktop Connection Broker (RD Connection Broker) in a failover cluster, as part of a configuration that provides users with access to personal virtual desktops or virtual machines in a virtual desktop pool through RemoteApp and Desktop Connection. To configure RD Connection Broker in this way, you start with a server that can act as an RD Session Host and RD Connection Broker, configure that server as a one-node failover cluster, then add additional servers (configured in the same way) to the cluster. This can increase the availability of the access you provide to users.
As you work with the configuration in this guide, you can also learn about failover clusters and familiarize yourself with the Failover Cluster Manager snap-in in Windows Server® 2008 R2 Enterprise or Windows Server 2008 R2 Datacenter.
Note
The failover cluster feature is not available in Windows Web Server 2008 R2 or Windows Server 2008 R2 Standard.
For information about the features and functionality in Remote Desktop Services and in failover clustering in Windows Server 2008 R2, see the following topics:

What's New in Remote Desktop Services (http://go.microsoft.com/fwlink/?LinkId=185916)
What's New in Failover Clusters in Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=147426).

Overview of Remote Desktop Services and virtual machine redirection in the context of a failover cluster

By using the steps in this guide, you can provide users access to personal virtual desktops or virtual machines in a virtual desktop pool, through RemoteApp and Desktop Connection. This is called virtual machine redirection. You can provide virtual machine redirection by configuring a server with specific role services and settings that are available through the Remote Desktop Services server role (as described in Role, role services, and feature requirements for a failover cluster that supports virtual machine redirection, later in this topic). Then, to increase the availability of the services that you are providing, you configure that server as a one-node failover cluster and add more servers (configured with the same role services and settings) to the failover cluster. If one of the servers fails or must be taken offline for maintenance, another server begins to provide service through a process known as failover.
The following illustration shows a failover cluster with a clustered instance of RD Connection Broker. Node 1 and Node 2 are connected by multiple networks. Node 1 has failed, and Node 2 has begun running the clustered instance of RD Connection Broker. Node 2 is also running RD Session Host, although not as part of a cluster. When Node 1 recovers from the failure, it will also be able to run RD Session Host. In other words, even if one node fails, RD Session Host and RD Connection Broker continue to be available.
Figure 1   Failover of clustered RD Connection Broker

Although it is not called out in the previous illustration, the clustered instance of RD Connection Broker stores important state information in registry keys that the Cluster service monitors and replicates between the cluster nodes. (This differs from some other clustered services or applications, which typically store such information in cluster storage.) Because the information is automatically replicated between nodes, when Node 2 begins running the clustered instance of RD Connection Broker, the state information it needs is already stored in the local registry on the node.
The following illustration shows the sequence of events that begins with the user requesting a connection to a virtual desktop, and ends with the virtual desktop being displayed on the client.
Figure 2   Servers providing a virtual desktop

The user requests a connection to a virtual desktop, either a personal virtual desktop or one from a virtual desktop pool.
The RD Gateway receives the request.
The RD Gateway sends the request to a virtual machine redirector (that is, RD Session Host running in virtual machine redirection mode). The virtual machine redirector informs RD Connection Broker, and then waits for the IP address of a virtual machine.
RD Connection Broker requests information about a virtual machine from the RD Virtualization Host.
RD Connection Broker receives information about a virtual machine and then provides that information to the virtual machine redirector.
The virtual machine redirector communicates through the RD Gateway, providing the client with the IP address and connection information for a virtual desktop.
The client connects to a virtual desktop.
The virtual desktop is displayed on the client.

The following illustration shows the same sequence of events occurring despite the failure of one node of the cluster. Because a second cluster node is still running, it can respond to client requests as they occur.
Figure 3   Servers providing a virtual desktop after a failure

From time to time, a user might attempt to connect with a clustered server just before it fails. In that case, when the server fails, the user will have to try again. On the next attempt, assuming that the connection attempt is made with a functioning server, it will succeed.
When you create a clustered instance of RD Connection Broker, you configure certain settings differently than you would for a standalone RD Connection Broker server. For a table of the differences, see Appendix A: Differences between a clustered RD Connection Broker and a standalone RD Connection Broker.
Hardware, software, and network infrastructure requirements for a failover cluster

Deploying Remote Desktop Connection Broker with High Availability Using Failover Clustering

Published: 5/21/2010 9:30 PM

SharePoint 2010 Reference .Net Software Development Kit (SDK)

MOSS-04\john — Sat, 22 May 2010 04:21:31 GMT

Body:

The Microsoft SharePoint 2010 Software Development Kit (SDK) includes documentation and code samples for Microsoft SharePoint Foundation 2010 and for Microsoft SharePoint Server 2010, which builds upon the SharePoint Foundation 2010 infrastructure. The documentation includes detailed descriptions of the technologies that SharePoint Server 2010 and SharePoint Foundation 2010 provide for developers, reference documentation for the server and client object models, and step-by-step procedures for using these technologies and object models and programming with them. This SDK also includes best practices and setup guidance to help you get started with your own custom applications that build and extend upon the SharePoint Foundation 2010 and SharePoint Server 2010 platforms.
For additional information, you can visit the SharePoint Developer Center on the Microsoft Developer Network (MSDN): http://msdn.microsoft.com/sharepoint. Visit frequently to learn about recently published content; to view essential getting-started content; to view rich media content such as videos and screencasts; to get connected to instructor-led training and other learning resources; to learn more about product features and scenarios in our MSDN Resource Centers; and to find community resources such as MSDN forums, newsgroups, MVP blogs, and much more.
The SDK also includes many code samples that address common customization scenarios and solution building blocks. Future (quarterly) releases will contain additional samples, and you can also check MSDN Code Gallery for SharePoint solutions and code samples.

Download details: SharePoint 2010 Reference: Software Development Kit

Published: 5/21/2010 9:21 PM

Microsoft Private Cloud “AppFabric” Prepares for Release

MOSS-04\john — Sat, 22 May 2010 02:23:21 GMT

Body:

Several weeks ago, I told you about our upcoming Application Infrastructure Virtual Launch event. Today, I am pleased to announce the availability of the Windows Server AppFabric Release Candidate (RC). To learn more, I recommend tuning into the keynote (and the many other sessions we have going on) today at the App Infrastructure Virtual Launch event!
Here’s a brief overview of the announcements we’re making during the event this morning:
First off, we’re officially launching Windows Server AppFabric, with the immediate availability of the Windows Server AppFabric Release Candidate (RC); the final RTM release will be available for download in June. I would like to invite you to check out the new Windows Server AppFabric MSDN page (also revamped today!) and download the release candidate to get started.
Also today, we’re excited to announce the availability of the first BizTalk Server 2010 Beta; which now seamlessly integrates with Windows Server AppFabric, combining the rich capabilities of BizTalk Server integration and the flexible development experience of .NET to allow customers to easily develop and manage composite applications. To learn more (and download the beta), visit the BizTalk website at www.microsoft.com/biztalk.
Together with the already available Windows Azure AppFabric, Windows Server AppFabric and BizTalk Server 2010 form Microsoft’s application infrastructure technologies, bringing even more value to the Windows Server application server. These offerings benefit developers and IT pros by delivering cloud-like elasticity, high availability, faster performance, seamless connectivity, and simplified composition for the most demanding, enterprise applications.
If you’ve been following this blog, we hope you’ve been enjoying the technical insights that the product team has been providing into AppFabric and the underlying technologies (WCF and WF). To gain a broader context about our technologies, and to gain access to a wealth of technical resources, be sure to visit the virtual launch event. In particular, here are some specific sessions and content that the team would like to highlight for your consideration:

Application Server Session
Enterprise Integration Session
Windows Server AppFabric Product Stand

Malware and Virus Scanning Architecture in Forefront Threat Management Gateway (TMG) 2010

MOSS-04\john — Thu, 29 Apr 2010 22:10:20 GMT

Body:

Being a security gateway, the new TMG 2010 has a malware inspection capability built right in it. It inspects all http as well as https traffic to ensure none of the malware infected traffic can get into the corporate network. You may ask my company antivirus program is doing exactly the same thing why do I need to use the gateway to do this? It is important all computers within the corporate network have Anti-Virus installed but sometime their definition may not be up to date especially roaming users by using the gateway not only you can protect those server and client machine, it also provides a centralized monitoring role as well as content policy enhancement.
By using the malware filter, you can safeguard your corporate network with the Microsoft Anti-Malware engine.

From the diagram above it shows how the Malware inspection works starting from
1. PC requests some resource from the internet, it can be a web page or downloading a file.
2. The Forefront TMG will check whether this user is allowed to connect to the request web page by company policy.
3. If the user is allowing to connecting to his/her desire web site, the connection will proceed. On the other hand if the user is not allowed to connect to his/her desire web site the TMG will return a restriction or warning (subject to the policy) message back to the user.
4. If the user is allowing to connecting to the web site a request will reach the intended website and the web server will serve back the content right back to the user.
5. If the Proxy feature is enabled it will catch in the proxy engine.
6. The content then pass on to the Malware Inspection Filter to ensure it is free Malware and serve back to the user’s PC. If there is some form of Malware embedded within the content, TMG will stop it right away.
The TMG is using the Microsoft Anti Malware Engine for malware detection and it will automatically update its engine as well as the AM signature from the Microsoft Cloud service and have them stored locally to ensure the signature database is always up to date and efficiently.

Read the whole article @> Microsoft Hong Kong ITPro 's blog : Forefront Threat Management Gateway TMG 2010 part 1

Published: 4/29/2010 3:10 PM

Best Practices Analyzer (BPA) for HYPER-V (RTM and R2)

MOSS-04\john — Thu, 29 Apr 2010 17:38:20 GMT

Body:

You can use Hyper-V Best Practices Analyzer to scan a server that is running the Hyper-V role, and help identify configurations that do not comply with the best practices of Microsoft for this role. BPA scans the configuration of the physical computer, the virtual machines, and other resources such as virtual networking and virtual storage. Scan results are displayed as a list of issues that you can sort by severity, and include recommendations for fixing issues and links to instructions. No configuration changes are made by running the scan.

Download details: Update for Best Practices Analyzer for HYPER-V for Windows Server 2008 R2 x64 Edition (KB977238)

Published: 4/29/2010 10:38 AM

Microsoft Threat Management Gateway (TMG) 2010 - Key Features & Capabilities

MOSS-04\john — Thu, 08 Apr 2010 15:15:23 GMT

Body:

Microsoft Forefront Threat Management Gateway 2010 (TMG) is designed to provide a comprehensive, secure Web gateway that helps protect employees from Web-based threats.
URL Filtering
Destination URLs are examined for compliance with corporate policy and for malicious potential of destination Web site. Forefront TMG uses Microsoft Reputation Services for URL filtering, combining multiple sources to increase coverage of URLs and categorization.
URLs and categories will increase as the Forefront TMG Beta 3 continues through Summer 2009.
Web antivirus/anti-malware protection
Inbound and outbound Web traffic is inspected for viruses and malware, including archived folders. Encrypted folders can be blocked. For large files, users are trickled the file to assure them the file is being downloaded.
E-mail security
Forefront TMG provides central management for Exchange and Forefront Protection 2010 for Exchange when located on the same server. Forefront TMG does not include either Exchange or Forefront Protection 2010 for Exchange. Both must be purchased and installed separately.
HTTPS inspection
HTTPS-encrypted sessions can be inspected for malware or exploits. Specific groups of sites—such as banking sites—can be excluded from inspection for privacy reasons. Users of the TMG Firewall Client can be notified of the inspection.
Network Inspection System (NIS)
Traffic can be inspected for exploits of Microsoft vulnerabilities. Based on protocol analysis, NIS enables blocking of classes of attacks while minimizing false positives. Protections can be updated as needed.
Enhanced Network Address Translation (NAT)
Forefront TMG now enables you to specify individual e-mail servers that can be published on a 1-to-1 NAT basis.
Enhanced Voice over IP support
Forefront TMG includes SIP traversal, enabling simpler deployment of Voice over IP within the network.
Windows Server 64-bit support
Forefront TMG is installed on Windows Server 2008 with 64-bit support.

Firewall Protections
Feature
Description
Multi-layer firewall
Forefront TMG provides access control and protection on three layers: packet filtering, stateful inspection, and application layer filtering.
Application layer filtering
Forefront TMG provides deep content filtering through built-in application filters.
Granular HTTP controls
Forefront TMG delivers customizable, granular controls to HTTP traffic, including:
- File download controls
- Signature-based blocking
- HTTP method controls
Forefront TMG provides strong controls over Web-based threats.
DoS protections
Forefront TMG provides resiliency against flood attacks and re-allocates resources to provide higher security inspection.
Extensive protocol support
Forefront TMG delivers out-of-the-box support for many protocols. New protocols can be defined.

Highly Secure Application Publishing
Feature
Description
Highly secure e-mail access from Outlook Client
Remote users can access Exchange Server using the full Outlook MAPI client over the Internet without establishing a VPN connection. The connection is encrypted for security.
Simple Outlook Web Access and Microsoft Office SharePoint Server publishing
Simple wizards allow quick configuration of remote access for both Outlook Web Access and SharePoint servers. Outlook Web Access users can be authenticated at the Forefront TMG server, preventing attacks by unauthenticated users.
Highly secure publishing of Web servers, internal servers, and Terminal Services
Remote users can access internal resources or Web servers more securely. Link translation is provided.
Single sign on
Forefront TMG allow users to access a group of published Web sites without being required to authenticate with each Web site.
Delegation of basic authentication
Forefront TMG helps protect published Web sites from unauthenticated access by requiring the Forefront TMG firewall to authenticate the user before the connection is forwarded to the published Web site. This prevents exploits from unauthenticated users from reaching the published Web server.
Link translation to internal servers
Forefront TMG includes a link translation feature that you can use to create a dictionary of definitions for internal computer names that map to publicly known names.
Implements link translation automatically during Web publishing.
SSL bridging support
To guard against embedded attacks in HTTP traffic, SSL bridging allows SSL protected packets to be decrypted by Forefront TMG, inspected, and re-encrypted.

Virtual Private Networks
Feature
Description
Site-to-site VPN
Forefront TMG enables quick connectivity between sites via wizard-based approach. Also can be configured for tunnel-mode IPSec for support of third party devices.
Remote access VPN
Forefront TMG provides termination of L2TP/IPSec and PPTP VPN sessions, using the native Windows VPN services.
Inspection of VPN traffic
VPN traffic terminated on the Forefront TMG server is inspected according to the appropriate security policy.
VPN quarantine
Forefront TMG provides deep VPN client inspection and integration of your firewall policy.
SecureNAT for VPN clients
Forefront TMG helps ensure remote users connected to the network can gain Internet access while maintaining a strong security policy for the corporate network.
Publish VPN servers
Forefront TMG can be used to publish internal Windows Servers as VPN servers.

Management
Feature
Description
Enterprise policy
Policy can be assigned to gateways, arrays, or enterprise-wide.
Easy-to-use wizards
Forefront TMG simplifies configuration with multiple wizards for features such as Web publishing, Web access, and array configuration.
Real-time monitoring and reporting
Logs may be viewed real-time or historically – including active sessions.
Query building
With a built-in query tool, historical data can be found quickly. Complex queries can be built.
Report creation and publishing
Reports can be designed for specific needs and then published locally or to a network file share.
External logging
Logs may be sent to a Microsoft SQL Server located on the internal network.
Delegated permissions
Admin roles can be delegated to users or groups.

Networking and Performance
Feature
Description
Network load balancing
Forefront TMG leverages network load balancing to provide fail over and scaling of performance.
Network-based configuration
You may configure one or more networks, each with distinct relationships to other networks. Access policies are defined relative to the networks and not necessarily relative to a specific internal network. Forefront TMG extends the firewall and security features to apply to traffic between any networks or network objects.
Caching
Forefront TMG provides caching to improve user experience and reduce bandwidth costs. With the centralized cache rule mechanism of Forefront TMG, you can configure how objects stored in the cache are retrieved and served from the cache.
Background Intelligent Transfer Service (BITS) caching
Forefront TMG provides the caching mechanism for data received through BITS. Any cache rule that you create can be enabled to cache BITS data.
HTTP compression
You can reduce file size by using algorithms to eliminate redundant data during transmission of HTTP packets.
Diffserv (Quality of Service)
Forefront TMG includes packet prioritization functionality (provided by the Diffserv Web filter), which scans the URL or domain and assigns a packet priority using Diffserv bits.

URL Filtering

Quick Introduction

URL Filtering allows controlling end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or pornographic materials, based on predefined URL categories.
The typical use case for this feature includes:

Enhancing your security
Lowering liability risks
Improving the productivity of your organization
Saving network bandwidth

The URL Filtering administration experience is pretty straightforward. All you need to do after enabling the feature is add one or more of the predefined URL categories into Forefront TMG policy (you can find some UI snapshots further below). Once this is done, end-users browsing to a Web site included in one of those categories will be blocked and presented with a relevant notification page, which you can customize.
Additional value can be obtained from URL Filtering related reports and log entries. Have you ever wanted to understand how Web usage in your organization is distributed? And how about identifying those users who consistently violate your Web usage policy? You can do those easily now by looking at the built-in URL filtering reports.
Finally, URL Filtering categories can also be leveraged to exclude sites from being inspected by the HTTPS Traffic inspection and the Malware Inspection features. For instance, you may wish to exclude financial sites from HTTPS inspection, due to privacy considerations.
Before going into further details, note that the feature is still in Beta, so we do expect significant improvements in coverage and accuracy by the final TMG release.
URL categorization data, where does it come from?

TMG features over 80 URL categories ranging from security-oriented selections, like Phishing, Malicious and Anonymizers, through productivity-oriented categories such as Games, or Instant Messaging, and ending with liability-oriented categories like Criminal Activities and Pornography. Categories are also grouped into a higher-level hierarchy which we call Category Sets. The latter can also be used in TMG policy to simplify configuration.
As some of you may have noticed, at the RSA 2009 Conference Microsoft announced its new reputation services and its intention to provide these capabilities for our security products and solutions. Microsoft also announced several key partnerships in the URL filtering space that will be used to support these reputation services. Forefront TMG will be the first system at Microsoft to leverage and utilize Microsoft Reputation Service (MRS).
MRS is a cloud-based object categorization system hosted in Microsoft data centers and designed to provide comprehensive reputation content to enable core trust scenarios across Microsoft solutions. In the case of Forefront TMG, in order to find out the category of a URL, TMG issues an online query to MRS. MRS maintains a database with tens of millions of unique URLs and their respective categories.
Does this mean every end-user request is sent out to the cloud? No it doesn’t. To improve bandwidth utilization and performance, we have implemented a local cache (residing on a TMG server), that stores the recently queried URLs and their respective categories. Cache entries are subject to a time-to-live value, allowing refreshing the entry periodically. This local cache is expected to serve the overwhelming majority of user requests. The cache is persistent so it doesn't need to be refreshed after each reboot. TMG will query MRS only when a request cannot be served from the local cache.
But that's only the tip of the iceberg. Read on to find out why we think we are building something special with TMG and MRS together.
What is so special about Microsoft Reputation Service (MRS)?

The MRS team wanted to confront an inherent problem with traditional URL Filtering solutions: the problem domain is simply too large for any single vendor to provide a complete solution on its own. As a result, there are multiple vendors out there, each one specializing in a specific area of the solution.
Some vendors specialize in identifying malicious sites and spam URLs; others are rich with productivity related categories. Some specialize in covering the Internet's “long tail”; others are great with quick classification of previously unknown sites. Some use human-based classification where others use machine-based techniques. Some are great with Web2.0 style URLs… OK, I'll stop here as you get the idea by now. Even those vendors who employ several classification techniques and cover multiple categories can't deal with the huge and ever-expanding challenges of today's Web.
MRS team's idea was simple; let's leverage complementary capabilities of different vendors/sources to create a unified database that is best suited to deal with the challenges described above. And so, they have implemented a scalable architecture that allows incorporating multiple streams of data into a merged database. This way – each vendor/source brings its unique strengths to the table into a common solution.
MRS already integrates several data sources and others will be on-boarded in the following months. Some of these data sources are Microsoft internal, and others are the result of collaboration with 3^rd party partners. One such agreement, announced during RSA, is an agreement with Marshal8e6. Other agreements have not been disclosed yet. Expect some surprises...
But the real beauty is that being a Web service, and given its unique architecture, MRS can easily incorporate new DBs completely transparently to the customers. We expect the MRS unified database to expand over time and become the recognized industry leader. TMG customers will benefit naturally from this ongoing upgrade, through our Web security subscription services.
Other interesting aspects – security, privacy, licensing

Security – Both Forefront TMG URL Filtering and MRS were designed with security in mind, following Microsoft's Security Development Lifecycle (SDL) strict standards and guidelines. Both are resilient to a variety of attacks, and the communication between the two is encrypted.
Privacy – this is a known concern when discussing cloud based services, and therefore the privacy of our customers' data is paramount. We are issuing detailed privacy statements along with the Beta 3 release to provide clarity and transparency on our privacy policies. Make sure to read those.
Licensing – URL Filtering is subscription based, and is part of the Forefront TMG Web Security Service license (together with the Malware Inspection updates).
The small (but important) things

As this is a high-level overview of the feature, we will not dive into all the small details that make for a complete, rich user experience. We will cover some of those in subsequent posts, as we go along. But here are few examples for flexibility you are likely to need/want when working with URL Filtering:

You can locally override a URL category
You can query for a URL's category in the TMG UI
You can customize the block page displayed to end-users, introducing your own HTML tags into the text area.
You can leverage URL Filtering for ad blocking
You can use the build-in TMG scripting capabilities to allow non-TMG administrators to locally override a URL (enabling advanced help-desk scenarios)
You can use URL Filtering related reports to figure out how your organization uses the Internet (which are the top browsed categories for instance)

ü You can report classifications issues to Microsoft (this one is not available in Beta3)

A sneak peek at the UI

TMG Web Access Wizard allows you to easily introduce URL categories into your policy:

This is how the policy may look like after completing the Web Access Wizard (viewed from the Web Access Protection node). Note that URL Categories are standard TMG network objects, so you can use the toolbox on the right to drag-drop additional categories into an existing rule, or to create new rules.

You can query for a URL's category (available as a task in the Web Access Protection node)

You can locally override a URL's category (available as a task in the Web Access Protection node)

You can customize the block page presented to end users, introducing your own HTML tags (this is a per-rule setting available from the ‘Action’ tab of the rule’s properties)

Read the whole article @> Infrastructure Tek Bits : Microsoft Threat Management Gateway (TMG) 2010 - Key Features & Capabilities

Published: 4/8/2010 8:15 AM

The forecast is sunny for [Microsoft] cloud services.

MOSS-04\john — Sat, 03 Apr 2010 04:58:57 GMT

Body:

Sunny Days for Cloud Services
I spent the weekend at a Microsoft internal event hearing from the makers of the next generation of cloud services to be available from Microsoft. It’s too soon to discuss details but wanted to share some of my excitement about what’s coming nonetheless.
Regarding Business Productivity Online Suite, the current online services provide an excellent value and deliver the key features that many users need. That said, there are differences between Exchange on premise and Exchange Online and in some cases, those features are important to users. Understanding these differences is key to having a smooth migration experience. This requires reviewing the service descriptions at microsoft.com/online and the deployment guide at quickstartonlineservices.com which is available to Microsoft Partners.
So what’s the news? As Microsoft has been saying from day 1 with BPOS, our vision is to work continuously to close the gap so that our online services offer parity or near parity with on premise services. I can say with authority that the next release of our services will make significant progress in closing that gap.
What does that mean? It means that you can look at Exchange 2010 and SharePoint 2010 on premise servers and get a good idea of the kinds of features, administration, and capabilities of future cloud services. Yes, there will still be differences as there are unavoidable impacts from large scale, multi-tenant hosting as it is fundamentally different in significant way than a single tenant, on premise implementation. Those differences, however, are soon to become a lot less significant.
If you considered a company’s suite of on premise solutions and services as a portfolio, with the new services to be available later this year, Microsoft will significantly expand the percentage of that portfolio that can be moved to the cloud. This means a dramatic increase in the size of the opportunity for Partners as there will be more markets, and greater opportunity to provide customizations, deep integrations, and automate administration with the new services.
This is good news for IT Pros who are concerned that servers moving to the cloud means their skills will not be needed, when in reality – their skills are simply “relocated” to managing cloud services. That’s different that managing servers, in that you don’t need to manage anti-virus implementation or service pack applications, and fight the never ending process of maintaining security and high availability. These tasks are now managed for you in a very high end data center with millions of dollars of equipment and ISO 27001 certification and SAS70 type I and II audits among others. (http://blogs.technet.com/msonline/archive/2010/02/24/microsoft-online-services-announces-new-certifications-bpos-federal-for-us-government.aspx)
The result is that IT Pro’s are released from doing mundane, ongoing maintenance and freed to focus on high-value projects that can make a significant business impact. Not to mention that IT Pros that “speak cloud” are going to be in high demand as millions of users, thousands of new services, and hundreds of data centers come online. (One tip – Powershell is your friend.)
The forecast is sunny for cloud services.

Read the whole article: BPOSitive : The forecast is sunny for cloud services.

Published: 4/2/2010 9:58 PM

Microsoft announces "RemoteFX," the Calista-based Hyper-V-requiring PC-over-IP competitor

MOSS-04\john — Fri, 02 Apr 2010 05:02:36 GMT

Body:

Today is a huge day for desktop virtualization. Microsoft, Citrix, and several other partners are announcing a slew of new things specifically related to desktop virtualization, and we'll dig deep into each of them over the next few days. There's even a dedicated website, DesktopVirtualizationHour.com, setup for the announcements.
The first announcement we'll dig into today is that Microsoft's Calista-based graphics remoting capabilities will be called "RemoteFX" and shipped as part of SP1 for Windows 7 and Windows Server 2008 R2. I've written quite a bit on Calista in the past, including Microsoft's purchase of the company over two years ago and some updates (1, 2) on their progress along the way.
For those who don't know, RemoteFX is an enhancement to RDP's graphics remoting capabilities. The goal of RemoteFX is to deliver the full modern Windows desktop experience—including multiple displays, Aero, and multimedia—to all types of client devices including very thin, sub-$100 thin clients. RemoteFX does this via a technique known as host-based rendering, which means the entire final composited screen image is rendered on the remote host and then compressed and sent down to the client. (In effect this moves more computing into the datacenter and lessens the importance on specific client devices or client specs.)
Fundamentally RemoteFX is just a codec (like H.264) that's been written for real-time encodes. (H.264, on the other hand, is meant for content that can be pre-rendered not in real time, like TV shows and movies.)
There will be several initial ways RemoteFX will function once it's released, including:

Full software-based encoders on the host.
a GPU/CPU-based encoder (with extensions to Hyper-V to let GPUs be shared between multiple VMs).
A custom chip-based encoder, either on a plug-in card or built-in to the host.

Read the rest @> Microsoft announces "RemoteFX," the Calista-based Hyper-V-requiring PC-over-IP competitor. Here's our full analysis. - Brian Madden - BrianMadden.com

Published: 4/1/2010 10:02 PM

How to setup an Exchange 2010 CAS Array to Load Balance MAPI

John Gilham — Mon, 07 Dec 2009 06:26:56 GMT

Body:

An awesome post by the Three Amigos:

Since Exchange 2010 CAS servers now handle all internal and external client traffic to Exchange mailbox servers including Outlook MAPI traffic, the need for a highly available CAS array is critical to your design.

So how do you load balance MAPI traffic? I found a some useful bits of information to help out:

Load balance your CAS servers in a CAS array by whatever method you choose – Both Hardware LB or Windows Network LB are supported load balancers
Create a MAPI A record in your internal DNS infrastructure that resolves to the Virtual IP Address (VIP) of the CAS load balancing array. The DNS entry, for example, could be outlook.school.edu
Configure your load balancing array to load balance the MAPI RPC ports:

TCP 135
UDP/TCP 6005-65535; or set static ports

Use the new-clientaccessarray cmdlet to create the CAS array object. Such as:

New-ClientAccessServer –Name “School CAS Array” –Fqdn “outlook.school.edu” –Site “Boulder”
More here.
5. You need to revisit any Exchange databases that were created before the CAS array was created and set the rpcclientaccessserver property to match the newly created CAS array. Such as:
Set-MailboxDatabase DB1 -RpcClientAccessServer “outlook.school.edu”
For more on Exchange Server 2010 CAS visit here.

Published: 12/6/2009 10:26 PM

Dynamic Memory (aka Memory Overcommit) Coming To Hyper-V

MOSS-04\john — Thu, 18 Mar 2010 15:54:48 GMT

Body:

I’ve had the pleasure of talking with customers in the last few months and the Hyper-V R2 reception has been nothing but unequivocally positive. Whether it’s been folks in small, medium or the enterprise, they appreciate the new capabilities in Windows Server 2008 R2 Hyper-V and the free Microsoft Hyper-V Server 2008 R2. At the same time, we’re always listening to our customers to better understand their business requirements and requests so we know know what to build for subsequent releases. Today, we’re pleased to announce new capabilities that will enhance both virtualized server and virtualized desktop deployments:

Remote FX: With Microsoft RemoteFX, users will be able to work remotely in a Windows Aero desktop environment, watch full-motion video, enjoy Silverlight animations, and run 3D applications within a Hyper-V VM – all with the fidelity of a local-like performance. For more info, check out Max’s blog here.
Hyper-V Dynamic Memory: With Hyper-V Dynamic Memory, Hyper-V will enable greater virtual machine density suitable for servers and VDI deployments.

What Virtualization Users Have Told Us
When it comes to virtualization and memory, virtualization users have repeatedly provided the following requirements:

Use physical memory as efficiently and dynamically as possible without impacting performance. Customers investing in virtualization hosts are purchasing systems with larger memory configurations (32 GB, 64 GB, 128 GB and more) and want to fully utilize this system asset. At the same time, they’re purchasing this memory to provide superior performance and to avoid paging.
Provide consistent performance and scalability. One frequent comment from virtualization users is that they don’t want a feature with a performance cliff or inconsistent, variable performance. That’s makes it more difficult to manage and increases TCO.

Their comments are clear: Maximize our investment in the hardware resources, provide high density, and with a minimal performance impact.
(Speaking of performance, Hyper-V R2 performance is exceptional. We recently released an in depth performance analysis on Windows Server 2008 Hyper-V R2 Virtual Hard Disk Performance using a variety of workloads including SQL, Exchange, Web and more. This is a must read: http://download.microsoft.com/download/0/7/7/0778C0BB-5281-4390-92CD-EC138A18F2F9/WS08_R2_VHD_Performance_WhitePaper.docx)
Virtual Machine Performance & Density
If you think about Virtual Machine Performance and Virtual Machine Density as a continuum and you can place the slider, where would you position the slider?

Up to now, we’ve opted to err on the side of performance with excellent results. Now, customers are asking us to start moving that slider over to increase density and still minimize performance impact, so that’s what we’re doing.
So, what is Dynamic Memory? At a high level, Hyper-V Dynamic Memory is a memory management enhancement for Hyper-V designed for production use that enables customers to achieve higher consolidation/VM density ratios. In my next blog, we’ll dive deep into Hyper-V Dynamic Memory…

Read the whole article @> Windows Virtualization Team Blog : Dynamic Memory Coming To Hyper-V

Published: 3/18/2010 8:54 AM

SharePoint Overwhelms Business Intelligence - Gartner

MOSS-04\john — Sun, 14 Mar 2010 18:13:22 GMT

Body:

SharePoint overwhelms business intelligence as a top search term on Gartner.com, that is. On Google, the SharePoint yield back in May, 2008 was 19,600,000. Today, the number is 15,100,000 (I wonder if Google’s competitive instincts have infected its algorithm). What caused something to finally overtake BI among Gartner’s clients? A number of factors, not the least of which is relentless marketing and promotion by Microsoft. Added to the hype perhaps is client confusion on what SharePoint actually is. Further factors might include the broader prospective user population – as a portal, a collaboration tool, library services, ECM, BCS, and so on, SharePoint is relevant to many levels of technology and business interests. But the single most likely driver for the rise in popularity of SharePoint as a search subject stems from partner (and competitor) compulsion to consciously (or unconsciously) promote it to an unusual extent.

Read the rest @> SharePoint Overwhelms Business Intelligence (repost from May 2008)

Published: 3/14/2010 11:13 AM

Active Directory Power Tool: AD Explorer (and Editor)

MOSS-04\john — Thu, 11 Mar 2010 17:30:17 GMT

Body:

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.
AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them.

Download AdExplorer
(227 KB)
Run AdExplorer now from Live.Sysinternals.com

Learn more @> AD Explorer (from Bink.nu)

Published: 3/11/2010 9:30 AM

Protect your Business Information for Free using Encrypting File System (EFS)

MOSS-04\john — Wed, 10 Mar 2010 06:11:39 GMT

Body:

Every day, your users work with information that is valuable to your business. However, this same information—including your customer databases, product price lists, and financial information—is constantly at risk of discovery. You see the reports in the papers nearly every day: laptops are stolen, removable hard drives are sent to the wrong recipient. Savvy businesses realize they need help to secure their business information and protect it from inadvertent or deliberate disclosure.
That’s why Microsoft created Encrypting File System (EFS), a powerful tool for encrypting files and folders on servers and client computers. EFS helps secure confidential information that should not be disclosed without authorization, information that resides on remote servers or on portable computers such as laptops or netbooks, or confidential information on computers that are shared by multiple workers at a business. With EFS, you can protect your business’s information in case someone gains physical possession of the computer that the files reside on. Even people who are authorized to access the computer and its file system can’t view the data that they shouldn’t. Files are encrypted when you close them, but are automatically ready to use when you open them. If you change your mind about encrypting a file, clear the check box in the file's properties.
EFS is an integral part of the file system and is transparent to your users and applications; you don’t need to install any special software to work with encrypted files. It’s available on Windows Small Business Server (Windows SBS) 2008 and the Windows 7 Professional, Enterprise, and Ultimate operating systems, including both 32-bit and 64-bit platforms.
How EFS works

EFS helps secure the information that is contained in your folders and files by creating a unique key that uses a combination of the server’s credentials and the user’s credentials. When you first apply EFS to a folder, any files that are created in that folder or moved into that folder are encrypted, and only you and the recovery agent are given access to encrypt or decrypt the file. You can give any other user access to individual files in this folder. However, users can only be added to the access list individually; it is not possible to grant an entire group access to a file. Also, although you can give users access to individual files, it is not possible to give users access to an entire folder.
After a folder is marked for encryption, it isn't necessary to manually mark the files in it for encryption. But when you move a file out of the encrypted folder, the file may be decrypted, depending on whether you move the file into an NTFS volume. The best practice is to keep a file in its encrypted folder until the file is no longer needed.
If a person or program doesn’t possess the correct key to read the encrypted file or folder, an “Access Denied” message appears. EFS is an excellent file encryption system—there is no "back door”—however, anybody who can obtain the user ID and password can log on as that user and decrypt that user's files.
Encrypting File System Best Practices

Because EFS is so secure, it’s critical to enforce a strong password policy. It’s also a best practice to archive and back up the recovery keys for your domain and keep them in a safe place to ensure recovery should the keys become damaged or lost. If you don’t take these precautions, you can permanently lose the information in encrypted files and folders. We will cover recovery keys in the next section of this post.
When encrypting removable media, it is important to keep in mind that the encrypted files will only be accessible on computers that have certificates for users who are listed as having access to the file (or the recovery agent key). This means that if you are working on an encrypted file at work, and you bring it home to finish up on your home computer, you will only be able to access this file if your home computer has your user certificate.
Similarly, you should take great care when you enable EFS on a SharePoint site. Any user who has access to a SharePoint site can encrypt any file on that site. However, once that file is encrypted, only users listed as having access to that file (or the recovery agent) will be able to access it.
For more information on EFS Best Practices, read this TechNet article*: http://support.microsoft.com/kb/223316/en-us.
Using Encrypting File System

As previously mentioned, it is essential to back up your user certificates and recovery key before you use EFS to encrypt anything on your computer or the server. Once you have backed up these certificates, you can encrypt folders and files either directly or using group policy.

Read the rest @> The Official SBS Blog : Help Secure your Business Information using Encrypting File System

Published: 3/9/2010 10:11 PM

How to: Integrate Office Communications Server (OCS) 2007 R2 with Exchange 2010 OWA/CAS

MOSS-04\john — Tue, 09 Mar 2010 07:25:00 GMT

Body:

One of the new features of Outlook Web App (OWA) in Exchange 2010 is the ability for OWA to act as an IM client if you have Office Communications Server (OCS) in your environment. Once configured, you’ll be able to see and manage your buddy list, manage presence, as well as participate in IM conversations while logged in to OWA. Configuring this integration requires a number of steps on each of your Exchange 2010 Client Access Servers (CAS’). Many of the changes discussed in this blog post will cause brief service interruptions so it is highly recommended that you perform this work during a maintenance window where these interruptions are tolerable.
You’ll need to download two packages in order to proceed:

The web service provider
The latest ucmaredist.msp rollup package (currently January 2010)

Read the rest @> How to Integrate Office Communications Server 2007 R2 with Exchange 2010 : Brian Desmond's Blog

Published: 3/8/2010 11:25 PM

Microsoft Forefront Identity Manager (FIM) 2010 Released

MOSS-04\john — Mon, 08 Mar 2010 07:06:54 GMT

Body:

All organizations need to manage identities, credentials, and resources. Some lucky organizations only have to deal with one directory, but most have to deal with multiple directory trees and application-specific identity sources. The IT departments in those organizations are expected to deliver this management efficiently, cost-effectively, and securely. When this management goes bad, IT departments can lose the ability to be agile, and custom solutions created to manage identities can inhibit their ability to adapt to business change efficiently. These solutions may require manual intervention, inevitably resulting in higher costs.
What organizations need is a comprehensive identity and access management solution that can integrate certificate and smart card management with the traditional identity management lifecycle, while it brings a level of self-service management to users. Microsoft Forefront Identity Manager 2010 (FIM) is a component of Microsoft’s Identity & Access Management solution that brings powerful capabilities, administrative tools, and enhanced automation to organizations to help them efficiently manage identities.
FIM is not the first identity management product from Microsoft. FIM has evolved from Microsoft Identity Lifecycle Manager (ILM) 2007, which was previously Microsoft Identity Integration Server (MIIS) 2003, which originated from Microsoft Metadirectory Services (MMS). These products provide two, stable engines for delivering the core services of FIM. These engines deliver core provisioning and synchronization services between different systems, as well as certificate and smart card management. FIM then builds on previous releases by wrapping these core services in a rich management environment, including workflows and self-service capabilities for end users, making it easier for IT Administrators to manage the identity management lifecycle, and enabling them to delegate some tasks to end users.
How does FIM make identity management easier? FIM 2010 provides the ability to manage multiple credentials in an integrated manner. IT Administrators have centralized management tools where they can view and define policies, such as defining smart card templates and processes for resetting PINs.
Today, IT Administrators often spend time adding people to groups, removing people from groups (if they are ever told access is no longer needed ), creating and managing accounts, or at least trying to. When a new hire arrives at a company it can turn into a departmental sweepstakes - “Guess the date when Joe will have access to our systems?” When you think about your organization, think of all the accounts you have. You have an network account, then you almost certainly have an email account, which is also almost certainly a member of a number of distribution groups, an account in the finance system so you get paid, and an account in a customer relationship system. Then there are the file shares and web sites which you have access to internally. Finally, like me, you may have a building access card that may be a smart card with certificates on it. All of these have to be created, authorized, and issued. This is what FIM does, or moreover, this is what FIM enables the IT Administrators to do more efficiently.
When new hire “Joe” starts, he may well go through some new employee orientation. At that point, the HR representative could add or approve “Joe” in their system. Then “Joe” officially exists. In the background, FIM has seen this change because of the policies defined by the Administrators. FIM now starts the enrollment process, a network access account is created, a corresponding email account is created, requests for certificates are generated, and requests are sent to the appropriate people to authorize the creation of accounts in the CRM system or the finance system. At every stage, the policy and workflow dictates who gets notified to authorize the change. So when “Joe” gets to the security office to have his picture taken and added to his access card, the card can be loaded with the right certificates and “Joe” can walk into his new department all ready to go.
This isn’t a one way process. Should “Joe” leave, when his final salary is paid, FIM can reverse all these changes, certificates can be revoked and accounts disabled, etc. FIM also provides the IT Administrators the ability to delegate certain information management tasks to users. During “Joe’s” employment, he can self-manage some of his own identity information such as his mobile phone number, as well as reset his password or smart card PIN. Tasks like password or PIN reset, in estimates, can cost around $35 per request, which can quickly accumulate over the course of a year.
FIM allows IT Administrators to spend more time managing their systems' security, and less time managing people’s identity. In the next part we will look at the self-service capabilities in FIM, and how access management of resources can be delegated to end users.
Related Resources

Videos / Webcasts

TechNet Webcast: Forefront Identity Manager 2010: Technical Overview and Deployment
TechNet Webcast: Forefront Identity Manager 2010: Deploying FIM
TechNet Webcast: Identity and Access Management Solution
Webcast: Forefront Identity Manager 2010 – Technical Overview and Feature drill-down
TechNet Edge Video: Forefront Identity Manager- Reducing cost of group management
TechNet Edge Video: Identity and Access Management Solution
Channel 9 Video: Alex Weinert on Forefront Identity Manager 2010
Datasheets and downloads
Identity and Access Management Datasheet
Trial Download FIM 2010

Manage Your Organization's Identity with Microsoft Forefront Identity Manager 2010 | Media | TechNet Edge

Published: 3/7/2010 11:06 PM

Microsoft Thinks VDI Might Not be the Answer to Every Desktop Scenario

MOSS-04\john — Mon, 08 Mar 2010 05:51:56 GMT

Body:

With the launch of Windows 7, more and more organisations are weighing up their options for their desktop strategy going forward, with Virtual Desktop Infrastructure, or VDI, becoming an attractive option with popularity growing almost daily. The question however, still remains. Is VDI the answer to your desktop problems? Certain vendors would lead you to believe that it is, yet, if all you have in your toolbox is a hammer, every problem is going to look like a nail. Microsoft, with Partners such as Citrix, Quest and Ericom to name but a few, take a different approach, with Microsoft in particular focusing on the 'Optimised Desktop' as a starting point for discussion. An optimised desktop to me, may look very different to you, so it's incredibly important to perform a thorough assessment of your users, and business requirements, before deciding on a particular solution to optimise your desktops.
To help with the assessment, Microsoft has developed an IPD Guide known as Windows Optimised Desktop Scenarios, which aims to segregate users into categories, based on their usage patterns and business requirements. These categories include Office, Mobile, Task, Home, and Contract Worker, with each having different needs to perform their role effectively. Now, there is no perfect description that will be applicable 100% of the time, but it's a great starting point. Take me as an example. I'm on the road a great deal, so the things that are important to me, to do my job effectively, include streamlined access to my corporate data, combined with local access when on the road. Security of data, both locally, and on removable devices, but also applications being provided locally, that can be used when I'm not connected to the internal network. I'm sure I'm not alone with that description, so you'll agree that a Virtual Desktop, in a datacenter, isn't the ideal solution for me, as I can't always guarantee a network connection, so to be productive, an offline solution, utilising in-box features of Windows 7, like DirectAccess, BranchCache and BitLocker, with App-V for streamlined applications offers me the best solution.
If on the other hand, I fell into the Task Worker category, perhaps in a Call-Center, or Warehouse type environment, a session-based experience (TS or RDS) would offer me the simplest, most cost effective way of working effectively. Task Workers by nature, don't need to be installing, configuring, tweaking or modifying an OS, so a well-managed session-based environment is ideal, and will allow the organisation to provide users with a working environment at a higher density than an equivalent VDI rollout, with a strong ROI to boot, with simpler licensing, and storage requirements.
Don't get me wrong, this isn't designed to dismiss VDI as 'the way to go', as for certain segments of the organisation, it could be perfect. It allows users to retain their power user status, with a rich, true desktop environment, plus overcomes barriers where certain applications won't run in a session-based environment. It can also bring a very dynamic edge to desktop delivery, enabling an agile infrastructure that can adapt to change quickly. The key thing to think about is, ensure you perform a thorough assessment, and don't simply move your current desktop problems into the datacenter, but instead, use this as an opportunity to optimise, with the right technologies, for the right user, to enable them to do their job more effectively. That answer may or may not be VDI.
With Windows 7, the Microsoft Desktop Optimisation Pack, and Remote Desktop Services in Windows Server 2008 R2, the options around the Optimised Desktop have never been greater, so I encourage you to make use of the tools and resources available, and ensure your desktop of the future is the right one for your business.

Read the whole article source @> virtualboy : TechNet Article: VDI is the answer. Now, what was the question?

Published: 3/7/2010 9:51 PM

Creating Hyper-V Virtual Machine Templates for VDI or SCVMM Library

MOSS-04\john — Sun, 07 Mar 2010 04:29:16 GMT

Body:

My friend Brian Posey writes a great article on creating template and clones of Hyper-V virtual machines. This relevant for VDI or using System Center Virtual Machine Manager to deploy machines from a template library.

Although it is relatively easy to make a clone of a virtual machine, the cloning process is less than intuitive. This article series shows you how to avoid disaster by creating a virtual machine clone in the proper way.
You have probably heard that server virtualization products such as Hyper-V make it easy to clone virtual server images or to move virtual servers to new hardware. However, if you ever actually tried to build a server image and then clone it, you might have been surprised by how non intuitive the process actually was.
The first time that I ever had to create a virtual machine clone, I was a little taken back. All I kept hearing about was how easy the process was. Because of that, I really expected the Hyper-V Manager to have a Clone Virtual Machine button. As you have probably already guessed though, such a button simply does not exist.
Since that time, I have tried a lot of different methods to cloning virtual machines. Some of them have worked, and some of them have not. Since there are so many techniques that you could potentially use, I wanted to take the opportunity and explain which cloning techniques actually work, and why.
The Challenge of Cloning Virtual Machines

Before I get started, I think that a little explanation of the challenges involved in cloning virtual machines is in order. The problem with cloning a virtual machine is that you can not have two identical computers on the same network. You can have machines that are almost identical, but they can not be 100% identical. The reason for this is that certain machine attributes are used as a means for identifying the machine on the network. Therefore, if you have two machines that are completely identical, then networking ceases to function. In case you are wondering, some of the things that have to be unique for each computer include:

The Windows Security Identifiers (SIDs)

The Media Access Control (MAC) address

The Internet Protocol (IP) address

The NetBIOS and Fully Qualified Domain (FQDN) names

Given that some system attributes are required to be unique, simply copying virtual hard drive files and building another virtual machine around them will not work. Out of curiosity, I actually tried to shut down a virtual machine, copy its files to another location, and create another virtual machine using those files. When I booted the new virtual machine I received the Blue Screen of Death.
As you have probably already figured out, successfully duplicating a virtual machine requires stripping any attributes that are required to be unique from the clone. There are at least two good ways of accomplishing this.

Read the rest @> Cloning Hyper-V Virtual Machines the Right Way (Part 1 of 4)

Published: 3/6/2010 8:29 PM

Microsoft’s Balmer on Cloud Computing: "All In"

MOSS-04\john — Fri, 05 Mar 2010 07:15:00 GMT

Body:

Today, Microsoft held a live event from the University of Washington where Steve Ballmer outlined Microsoft's view on the power of clouds to drive innovation. (You can find replay, transcripts here.) This was a pivotal speech not only for the company, but for the industry as a whole. For additional context you may find Dan Reed's blog post very revealing about how Microsoft view research insight into the current & future state of the cloud.
Why is this pivotal? Tone and Breadth. When you sit back and understand all of the investments we continue to make, you realize there is no other company investing in the cloud to drive the industry forward. Many pundits have remained skeptical about Microsoft's commitment to evolve our offerings to meet the demands of the next wave of computing. Is Microsoft a leader, a follower, a fast follower, etc., where much of this debate has been isolated to one very specific market or segment. It's unfortunate because if you zero on one tile, you aren't seeing the mosaic. Steve's tone was strong and unwavering, we are leading with the future. He also discussed the sheer breadth of our cloud offerings from MSN, Xbox all the way to Azure etc.
Microsoft at the core is a software company. It's simply what we do and we do it really well. Cloud, Distributing Computing, Grid, Utility, SaaS, et al (insert market term du jour) are all evolving terms that seek to define this next step in computing. Whether you are a bleeding edge cloud purist or a first generation Fortran geek with punch cards, you agree on one thing: It's all software! We get that and it's why we are 'all in' when it comes to driving the software industry forward to meet the demands of a new model. We really see this next wave as another opportunity to use great software to propel new scenarios.
Over 12 years ago, I was part of a small start up (Pandesic) that was SaaS before it was called SaaS. (It was called Application Service Providers then). And Microsoft's technology was at the core of what used to drive for the cloud. At the time we needed a way to make our three tier architecture behave in real time transactions for commerce at scale. We used DCOM and IIS at the heart. Once we had a customer make an appearence on the Oprah show to sell his book, we called Microsoft for help to understand how to scale. When we luanched a commerce site for adidas and the Womens World Cup, we called Microsoft. From then to now, Microsoft has been at the heart of the software for many companies. So for me, I've lived with Microsoft at the heart of the early cloud and now I am a part of that continued push here at HQ.
Which brings me to my first point, experience matters. Only Microsoft provides a comprehensive set of cloud services with the reliability, security and global reach you expect for your business. We do this without compromise. Going to the cloud should not come with caveats. The same great tools, manageability, control you have today should be offered in the cloud if you want it. Our recent announcements to provide a Government cloud with the highest level of security measures, industry certifications etc means we get it. The fact that you can be a small business who wants an easy way to provide mail and collaboration with Microsoft Online, means we get it. For the developers, Azure really demonstrates how our experience is helping to drive the future of cloud platforms.
Second, Microsoft is full completely committed the cloud. If you are customer who wants to be there now, you can use any one of our products to support your strategy. If you aren't there yet, but want to be in the future, this is what we mean when we say 'cloud on your terms'. By having Microsoft technology, you can be assured your onramp is there when you want it. It's about confidence in the roadmap and responsible innovation. I meet with lots of customers who want to know where we are going. Simply talking about our investment in data centers and Gen4 concepts means we build for a cloud at scale. From the ground up, most of our products now are also built for the cloud. They can work in a orchestrated ways across multipe run time environments, whether its a PC, Phone, Browser from our data center to yours.
Finally, Microsoft is a leader in cloud services. MSN and Windows Live alone get over 600Billion (with a 'b') visits a month. We process nearly 10B Live Messenger messages a day. Now with Microsoft Online, we've scaled to over a 1 million paying customers in 36 countries. Numbers alone aren't meant to impress so much as impress upon you just how much we remain a leader in the cloud today. From the media center to the data center, we are a leader.
So if you are an IT Pro who is trying to understand "Why Microsoft" for the cloud, I'll hope you'll take some time to understand what we offer, possibly start a trial (Azure / MS Online) and see how we can help you meet your strategic needs.

Why Microsoft : Microsoft on Cloud Computing: "All In" & Why Microsoft

Published: 3/4/2010 11:15 PM

System Center Configuration Manager (SCCM2007) and Microsoft Deployment Toolkit (MDT) Video Walkthrough

MOSS-04\john — Wed, 03 Mar 2010 05:06:08 GMT

Body:

For integration of System Center Configuration Manager (SCCM 2007) and Microsoft Deployment Toolkit (MDT) for automated Windows Deployments.

Are you struggling with setting up SCCM 2007 Operating System Deployment and integrating MDT? - download and view the video walkthrough that shows you how to:

Setup the server environment for SCCM 2007 OS deployment
Configure the SCCM 2007 Site Settings
Configure the SCCM 2007 Computer Management Settings
Configure the SCCM 2007 Operating System Deployment Settings
Setup and use MDT integration with SCCM 2007
Add a reference machine object to SCCM 2007
Create a build and capture reference image for mass deployment using SCCM 2007

View the SCCM and MDT Video Walkthrough from the Windows Media Servers here!
View the SCCM and MDT Video Walkthrough from the TechNet Edge Media Servers here!
The download pack contains the following high resolution (1024 x 768) narrated video

SCCM2007 and Microsoft Deployment Toolkit Setup and Config.wmv

From: The Deployment Guys : SCCM 2007 and Microsoft Deployment Toolkit - Video Walkthrough

Published: 3/2/2010 9:06 PM

Microsoft Perspective on SharePoint 2010 Search Engine Optimization (SEO)

MOSS-04\john — Tue, 02 Mar 2010 03:10:21 GMT

Body:

Expanding on my original SharePoint 2007 SEO article, here is a great follow up by Jean-Paul at Microsoft.

SEO involves configuring site structure, navigation, page content, metadata and labels to improve search engine relevance and ranking and aims at making it easier for customers and partners to find you through search engines, notably via Bing and Google.
Out-Of-The-Box, SharePoint 2010 is far more SEO-friendly: far more semantic HTML (which helps with WCAG 2.0 AA compliance), powerful metadata management and capture, SEO feature on publishing pages, are only a few of those enhancements. In addition, Microsoft released the new IIS 7.0 SEO Toolkit, which helps Web developers, hosting providers, and Web server administrators to improve their Web site’s relevance in search results by recommending how to make the site content more search engine-friendly. The Toolkit includes the Site Analysis module, the Robots Exclusion module, and the Sitemaps and Site Indexes module, which let you perform detailed analysis and offer recommendations and editing tools for managing your Robots and Sitemaps files. Let’s take a closer look at the benefits of this toolkit:
Improve the volume and quality of traffic to your Web site from search engines

The Site Analysis module allows users to analyze local and external Web sites with the purpose of optimizing the site's content, structure, and URLs for search engine crawlers. In addition, the Site Analysis module can be used to discover common problems in the site content that negatively affects the site visitor experience. The Site Analysis tool includes a large set of pre-built reports to analyze the sites compliance with SEO recommendations and to discover problems on the site, such as broken links, duplicate resources, or performance issues. The Site Analysis module also supports building custom queries against the data gathered during crawling.
Control how search engines access and display Web content

The Robots Exclusion module enables Web site owners to manage the robots.txt file from within the IIS Manager interface. This file is used to control the indexing of specified URLs, by disallowing search engine crawlers from accessing them. Users have the choice to view their sites using a physical or a logical hierarchal view; and from within that view, they can choose to disallow specific files or folders of the Web application. In addition, users can manually enter a path or modify a selected path, including wildcards. By using a graphical interface, users benefit from having a clear understanding of what sections of the Web site are disallowed and from avoiding any typing mistakes.
Inform search engines about locations that are available for indexing

The Sitemaps and Site Indexes module enables Web site owners to manage the sitemap files and sitemap indexes on the site, application, and folder level to help keep search engines up to date. The Sitemaps and Site Indexes module allows the most important URLs to be listed and ranked in the sitemap.xml file. In addition, the Sitemaps and Site Indexes module helps to ensure the Sitemap.xml file does not contain any broken links.
Site Analysis Features

Fully featured crawler engine

Configurable number of concurrent requests to allow users to crawl their Web site without incurring additional processing. This can be configured from 1 to 16 concurrent requests.

Support for Robots.txt, allowing you to customize the locations where the crawler should analyze and which locations should be ignored.

Support for Sitemap files allowing you to specify additional locations to be analyzed.

Support for overriding ‘noindex’ and ‘nofollow’ metatags to allow you to analyze pages to help improve customer experience even when search engines will not process them.

Configurable limits for analysis, maximum number of URLs to download, and maximum number of kilobytes to download per URL.

Configurable options for including content from only your directories or the entire site and sub domains.

View detailed summary of Web site analysis results through a rich dashboard

Feature rich Query Builder interface that allows you to build custom reports

Quick access to common tasks

Display of detailed information for each URL

View detailed route analysis showing unique routes to better understand the way search engines reach your content

Robots Exclusion Features

Display of robots content in a friendly user interface

Support for filtering, grouping, and sorting

Ability to add ‘disallow’ and ‘allow’ paths using a logical view of your Web site from the result of site analysis processing

Ability to add sitemap locations

Sitemap and Sitemap Index Features

Display of sitemaps and sitemap index files in a simple user interface

Support for grouping and sorting

Ability to add/edit/remove sitemap and sitemap index files

Ability to add new URL’s to sitemap and sitemap index files using a physical or logical view of your Web site

Ability to register a sitemap or sitemap index into the robots exclusion file

Read the original article @> SharePoint Experts Blog : A note on Search Engine Optimization (SEO)

Published: 3/1/2010 7:10 PM

Understanding SQL Server Joins Basics (Query and Internals)

John Gilham — Mon, 01 Mar 2010 06:55:52 GMT

Body:

Great post by Biplab Paul on SQL joins and por/cons of each one on his blog.

I love to explain things in much simpler way but SQL Joins are one of those concepts which are not so simple to explain and I really spend a lot of time in scribbling on White Board for this. But finally I found an article from Jeff Atwood where he did an incredible job by simply using Venn Diagrams to explain the whole concept. I will take few extract from his article but rest you can read from his blog.

INNER JOIN:

SELECT * FROM TableA

INNER JOIN TableB

ON TableA.name = TableB.name

OUTER JOIN (1):

SELECT * FROM TableA

FULL OUTER JOIN TableB

ON TableA.name = TableB.name

OUTER JOIN (2):

SELECT * FROM TableA

LEFT OUTER JOIN TableB

ON TableA.name = TableB.name

OUTER JOIN (3):

SELECT * FROM TableA

LEFT OUTER JOIN TableB

ON TableA.name = TableB.name

WHERE TableB.id IS null

OUTER JOIN (4):

SELECT * FROM TableA

RIGHT OUTER JOIN TableB

ON TableA.name = TableB.name

OUTER JOIN (5):

SELECT * FROM TableA

FULL OUTER JOIN TableB

ON TableA.name = TableB.name

WHERE TableA.id IS null

OR TableB.id IS null

CROSS APPLY (1): without Where Clause

SELECT p.SalesPersonID, t.Name AS Territory

FROM Sales.SalesPerson p

CROSS JOIN Sales.SalesTerritory t

ORDER BY p.SalesPersonID

Note: This can’t be represented by Venn Diagrams but above would multiply all the contents of First Table with all the contents of the second table.

CROSS APPLY (2): with Where Clause

SELECT p.SalesPersonID, t.Name AS Territory

FROM Sales.SalesPerson p

CROSS JOIN Sales.SalesTerritory t

WHERE p.TerritoryID = t.TerritoryID

ORDER BY p.SalesPersonID

Now when we understood these different types of Joins, let’s talk about some of the internal on How these joins would work internally within SQL Server.

Read the rest @> Few things which you may find helpful!! : Simplifying SQL Server Joins (Query and Internals)

Published: 2/28/2010 10:55 PM

Simple Xcopy Backup of Hyper-V VMs

John Gilham — Tue, 23 Feb 2010 16:53:57 GMT

Body:

John Kelbley has a great post covering export/backp of Hyper-V Virtual Machines (VM).

I mentioned in my last post the diskshadow command line tool that was introduced in Windows Server 2008. Jose Barreto did a nice job over viewing the command in his blog, so I won't cover the same ground. I’m going to walk you through how I use diskshadow to create a consistent, restorable, consolidated backup of Hyper-V and running VMs.
Diskshadow is a tool to manage VSS that can run interactively or execute a predefined script. For my tiny lab, I use a script so I can easily repeat the backup process. To run a diskshadow script, call it like this:

diskshadow –s

The script can include all sorts of interesting VSS related stuff as well as external commands. My basic script file is named HyperVBackup.txt, and looks something like this:

set context persistent
set metadata C:\backup.cab
set verbose on
begin backup
     add volume C: alias ConfigVolume
     #The GUID of the Hyper-V Writer
     writer verify {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de}
     create
     EXPOSE %ConfigVolume% Y:
EXEC HyperVBackup.cmd
     UNEXPOSE Y:
end backup

You can dig around TechNet and MSDN for more details on what it all means (and what else you can do in a diskshadow script), but the key things to note are the housekeeping lines at the top and the backup section (between “begin backup” and “end backup”). What’s going on in “backup” this part of the script is the step-by-step process for creating and exposing a VSS snapshot for a single drive system, as well as the kickoff of a backup (using Xcopy). Once a point-in-time snapshot of the C: drive is created, it is exposed as Y: so that files of interest can be copied off. The contents of HyperVBackup.cmd (a batch file) are pretty tiny:

Xcopy y:\VMs\*.* g:\HyperVBackup\VMs\*.* /e /s /y /F /O /X /R /H
copy c:\Backup.cab g:\Hypervbackup

In the batchfile, I copy all of the VMs (their VHDs and configuration information which on this server lives in the C:\VMs directory) to an attached USB drive, as well as a copy of the metadata generated by diskshadow (contained in backup.cab). Note all the switches for Xcopy – they are necessary to preserve the security and other attributes of the files for a successful restore.
If you store your VMs on another drive (other than C:) you would to add those additional volumes to the diskshadow script (via add volume and expose) as well as add another Xcopy to the batch file.
That’s pretty much it. Just those two files (one text file and one short batch file) used by calling diskshadow and the running Hyper-V VMs are backed up using the tools included in Windows Server 2008 R2! Here’s a few screen shots of the process running on a system in my lab, incase you are interested (I’ll show you what was going on with the VMs in a later post).

The bad news is that this process does not work with CSV volumes (I’m sure that question was going to come!).
We’ll get to how to backup and restore R2 failover clusters in later posts.
While a simple backup is great, the IMPORTANT piece- restoring! I’ll cover that in my next post.

Read the complete article @> John Kelbley's real life enterprise interop and administration : DiskShadow / Xcopy BACKUP of Hyper-V

Published: 2/23/2010 8:53 AM

App-V 4.6 Released – Get the Training Materials to Learn to Sequence Applications

John Gilham — Tue, 23 Feb 2010 05:46:21 GMT

Body:

Learning App-V Basics includes preparation, streaming and launch of virtual applications
Learning App-V Intermediate Skills includes Application update, Dynamic Suite Composition and Metering

Learning to Configure App-V for Standalone Client Mode includes Standalone Client Mode and AppLocker

Read the whole article @> The World Simplified is a Virtual World : App-V 4.6 Virtual Labs

Published: 2/22/2010 9:46 PM

Windows Desktop Optimization – Which Technology Solution Depends on your Users

John Gilham — Thu, 18 Feb 2010 05:21:43 GMT

Body:

Desktop management never gets the credit it deserves. Most companies to leverage automation for their time intensive tasks such as desktop upgrades, rebuilds, and other user workstation management scenarios.

Our firm uses a universal boot USB key to install all Client and Server OS…with all the drivers dynamically slipstreamed.

Interested in dynamic desktop management for Windows…learn more about Desktop and VDI solutions from a Microsoft perspective.

The Vision of the Optimised Desktop - http://www.microsoft.com/windows/enterprise/solutions/default.aspx
People are the most important resource in any organisation. The role of technology is to unlock their potential. The Optimised Desktop is about empowering your people to be more productive with a flexible technology infrastructure, while providing the IT department the needed level of control, manageability, and security. Learn more about five scenarios for enabling workers to be successful in their jobs with Microsoft desktop solutions, or read the Optimised Desktop eBook
Balancing the Needs of End Users and IT - http://www.microsoft.com/windows/enterprise/solutions/desktop/default.aspx
Organisations look to their people to drive business success, and to the information technology (IT) department to build and manage an infrastructure that supports and enables people to be successful in their jobs. Often, these expectations create a natural tension between end users, who want the flexibility to support a dynamic work environment, and an IT department that needs greater control and manageability.
The solution to this challenge is an "Optimised Desktop" infrastructure. An Optimized Desktop describes a state in which your organisation has attained the right balance in its desktop infrastructure - empowering employees with the flexibility they need to be productive, while providing IT the necessary level of control, manageability, and security
Ease Desktop Management with Microsoft Solutions - http://www.microsoft.com/windows/enterprise/solutions/management/default.aspx
Managing desktops across an enterprise is often time-consuming, complex, and costly. IT organizations face difficult PC manageability tasks on a daily basis. The Windows 7 operating system, Microsoft Desktop Optimization Pack (MDOP), and System Center provide you with the infrastructure to enable business agility for end users in addition to increased control, streamlined management, and cost reduction for IT.
How Desktop Virtualisation Transforms your Business - http://www.microsoft.com/windows/enterprise/solutions/virtualization/default.aspx
Now more than ever, organisations are looking to increase business flexibility while reducing the total cost of ownership (TCO) for their desktop infrastructure. Microsoft Desktop Virtualisation solutions provide IT managers with flexible desktop management options, from deploying virtual applications to gaining efficiencies with centralised and diskless PCs.
So, some great resources there, however, if I had to choose one, above all the others, based on my experience, I would point you to the Windows Optimised Desktop Scenarios. In a nutshell, Microsoft has identified 5 common scenarios, or, types of users, that exist within organisations. These are, Office, Mobile, Task, Contract and Home. Each have their own methods of working effectively, and require different tools based on their scenario. Each also require a different level of user experience. Some may require a rich, graphical OS environment, with local access to data, whereas others may require a very traditional, locked down, low-graphics type environment, for entering customer related information into a CRM system for example. Taking these scenarios, you can start to map these scenarios, on to the most optimal (in most cases) technologies that would meet their requirements. Take me for example. I’m a mobile worker, on the road a great deal. I can’t always guarantee an internet connection, and if I could, I couldn’t guarantee the quality of that connection. Would a remote working environment be ideal for me? No chance. That would actually have a detrimental effect on my working capabilities. A Windows 7 laptop, with locally installed apps, or App-V delivered apps, combined with some of the inbox features like DirectAccess and BitLocker, would give me a greater level of productivity. Once you’ve watched the videos, Microsoft also provide a tool, in the form of the Windows Optimised Desktop Scenarios, on which to work with a customer, or your business teams internally, to help define the different types of users in the environment. You can read more about WODS here.

Read the original article @> virtualboy : Desktop Optimisation – Which technologies, for which users?

Published: 2/17/2010 9:21 PM

Microsoft Desktop Virtualization Webcast (VDI)

John Gilham — Wed, 17 Feb 2010 02:45:44 GMT

Body:

Looking at Desktop Virtualization including VDI? Thinking about migrating to Windows 7? Want savings, but unsure of the tradeoffs? Have more questions than answers on the topic? Join this moderated televised discussion for an hour full of virtualization insights.

Next one is Thursday March 18th, 9am PST.

Support for Two Exchange 2010 Servers Separated in Multi-site Architecture

John Gilham — Tue, 16 Feb 2010 19:56:06 GMT

Body:

This post is in response to a recent customer question. Henrik from MSExchange.org posts:

Over the time, I’ve seen/had several questions on whether this is a supported scenario or not. A two-member DAG with a member server in the primary datacenter and one in the backup datacenter is an attractive solution for especially SORGs that want to deploy a solution where mailbox data are replicated to another site, but where local HA for the HT, CAS, and MBX roles is not a requirement.
The short answer to the question is yes, this is a supported scenario.
The long answer is yes this is a supported scenario, but you should bear in mind that datacenter activation coordination (DAC) mode is not supported with only two members servers in a DAG. This means that you will not be able to benefit from the automatic failover mechanism provided by DAG and that you cannot use the site resilience tasks built into Exchange 2010 (Stop-DAG, Restore-DAG, Start-DAG) to activate the DAG member in the backup datacenter. When you need to bring the DAG member in the backup datacenter online, you must instead use the Windows Failover cluster tools.

Read the rest @> Henrik Walther Blog » Blog Archive » Two-Member DAG in a Multi-site scenario supported?

Published: 2/16/2010 11:56 AM

Remote Desktop (Terminal Services) Session Host Capacity Planning in Windows Server 2008 R2 for Physical and Virtual Machines

John Gilham — Wed, 10 Feb 2010 18:04:11 GMT

Body:

This capacity planning guide describes the most relevant factors that influence the capacity of a given deployment along with methodologies to evaluate capacity for specific deployments.

The Remote Desktop Session Host (RD Session Host) role service lets multiple concurrent users run Windows-based applications on a remote computer running Windows Server 2008 R2. This white paper is intended as a guide for capacity planning of RD Session Host in Windows Server 2008 R2. It describes the most relevant factors that influence the capacity of a given deployment, methodologies to evaluate capacity for specific deployments, and a set of experimental results for different combinations of usage scenarios and hardware configurations.

Download @> Download details: RD Session Host Capacity Planning in Windows Server 2008 R2

Published: 2/10/2010 10:04 AM

Windows Firewall with Advanced Security: Step-by-Step Guide to Deploying Windows Firewall and IPsec Policies

John Gilham — Thu, 21 Jan 2010 16:47:52 GMT

Body:

This step-by-step guide illustrates how to deploy Active Directory® Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008. Although you can configure a single server locally by using Group Policy Management tools directly on the server, that method is not consistent or efficient when you have many computers to configure. When you have multiple computers to manage, create and edit GPOs, and then apply those GPOs to the computers in your organization. Common scenarios, including firewall rule deployment, server and domain isolation, and IPsec tunnel mode configuration are discussed.

Read the rest @> Download details: Windows Firewall with Advanced Security: Step-by-Step Guide: Deploying Windows Firewall and IPsec Policies

Published: 1/21/2010 8:47 AM

Automatically Test Application Compatibility for New Apps on Terminal Server/RDS Farm using the RDS Application Compatibility Analyzer

John Gilham — Wed, 20 Jan 2010 17:25:35 GMT

Body:

The Remote Desktop Services (RDS) Application Compatibility Analyzer is a runtime program analysis tool that enables administrators and users to determine the compatibility of an application with a Remote Desktop Session Host (RD Session Host) server before deploying it. The tool provides a summary of incompatible behaviour between the RD Session Host server and an application, and provides recommendations for deploying the application on an RD Session Host server. The RDS Application Compatibility Analyzer uses the LUA (Least Privileged User Account) Predictor technology, which is part of Microsoft Application Verifier.
This blog post describes how to:

Install the RDS Application Compatibility Analyzer
Run an application in the RDS Application Compatibility Analyzer
Test an application for RDS compliance
Debug info and blog feeds
Filter noise, detailed stack trace, and logging
Interpret RDS Application Compatibility Analyzer logs

1. Installing the RDS Application Compatibility Analyzer

The RDS Application Compatibility Analyzer installer can be found at https://connect.microsoft.com/tsappcompat/Downloads.
The Application Verifier must be installed before the RDS Application Compatibility Analyzer is launched. The recommended version (3.5) of Application Verifier can be found at [X64] [X86]. On 64-bit operating systems, the RDS Application Compatibility Analyzer needs both 32-bit and 64-bit versions of Application Verifier. If Application Verifier is not installed, or the installed Application Verifier version is less than 3.5, the RDS Application Compatibility Analyzer will point to the Application Verifier 3.5 download location. If the installed Application Verifier version is greater than 3.5, the tool does not prompt for Application Verifier. However, we recommend that you uninstall the latest version of Application Verifier and install Application Verifier 3.5. Microsoft .NET Framework 3.5 is also required to run the tool. The tool can be run on a client or server operating system. It does not require that the RD Session Host role service be installed.
2.Running an application in the RDS Application Compatibility Analyzer

A. From the UI:
1. Click Start, point to All Programs, and then click RDS Application Compatibility Analyzer.

2. On the App Info tab, in the Target Application box, enter the directory location of the target application’s executable file or use the Browse function.
3. On the App Info tab, in the Parameters box, enter parameters for the application, if applicable.
4. Ensure that the RDSAnalyzerService is up and running. Select or clear the Launch Elevate check box as appropriate.
5. Click Launch.
B. From the command-line (batch mode and no UI):

Read the rest @> Remote Desktop Services (Terminal Services) Team Blog : How to detect RDS-specific application compatibility issues by using the RDS Application Compatibility Analyzer

Published: 1/20/2010 9:25 AM

Hyper-V Live Migration Network Configuration Best Practices

John Gilham — Tue, 19 Jan 2010 05:43:41 GMT

Body:

Its quite hectic these days in Virtualization world as i am actively involved in planning Practice Accelerator for Virtualization. In addition to that I’ve been engaged in lots of Virtualization opportunities and whenever i speak to customers and partners, I tend to get lot of questions about setting up preferred network for Live Migration on Hyper V based clusters.
Its highly recommended to use Cluster Shared Volume (CSV) while setting up the storage for Live Migration, CSV has following advantages:

All the nodes in the cluster has concurrent access to the shared storage.
Multiple VHDs can be stored on a single shared Volume.
No Drive letter problems
Faster failovers

It looks like something like the diagram below, You can see in this diagram, that all the three nodes has simultaneous access to the same share running their respective VHD files. In the event of one node failure there is no drive ownership change and hence faster failover.

By default, Cluster Shared Volumes (CSV) and Clustering use a private network with the lowest value for Metric property. To prevent CSV and Clustering from sharing the same network with live migration, the default network order used for live migration is changed so that a network with the lowest value for Metric property is at the bottom of the list of networks for live migration. This will reduce the possibility of CSV, clustering, and live migration using the same network.
This helps ensure live migration speeds by placing live migration traffic in a separate network path.
In the Failover Cluster Manager, right-click on the virtual machine and select Properties:

By selecting the “Network for Live Migration” tab, you can specify what network is used for Live Migration. You can specify multiple networks in order of preference. For me, I normally have my 10 Gb/E network set as the first network.

Read the rest @> Virtually Yours.. : Microsoft Virtualization: Hyper V Live Migration Network configuration.

Published: 1/18/2010 9:43 PM

Forrester Research Posts on Legal Implications of Cloud Computing

John Gilham — Mon, 18 Jan 2010 16:51:56 GMT

Body:

Cloud computing is the availability of standard IT resources over the internet in a pay-per use model. Initially this is an attractive proposition. However there are many challenges which CIOs will face when running firm critical applications and data over the internet. The most successful CIOs have built an IT governance strategy to avoid the uncontrolled variety of technologies, meta data and business process evolution in their IT landscape. A good governance strategy ultimately makes the implementation of legal compliance requirements from Basel II or SOX much easier. Without searching first for critical data, an orderly approach is much simpler and the CIO won’t be the only one sleeping better.
So long as everything is in your own company or at local infrastructure, IT governance and compliance should be governed centrally from the CIO office. But what happens when a firm’s cloud computing is effectively deployed? This technology paradigm has its largest cost savings when applications and business processes have extremely high and uneven resource requirements. In most cases these are automatically firm critical applications and confidential data. The responsibility of a CIO then moves from pursuing operational excellence in the datacenter, to the greater responsibility of developing and managing intelligent sourcing concepts in the cloud and bringing its consequences under control. The large cloud computing vendors are nearly without exception international firms and a core basis for their cost-effective deployment lies in their global sourcing strategies. IT governance and legal compliance must also be developed to cloud governance and global provider governance.

Read the rest @> The Forrester Blog For Vendor Strategy Professionals

Published: 1/18/2010 8:51 AM

Planning for an Automated Windows 7 Upgrade from Windows XP

John Gilham — Sun, 10 Jan 2010 17:09:25 GMT

Body:

In this article, Jeremy Chapman, a senior product manager at Microsoft, In this article, Jeremy Chapman, a senior product manager at Microsoft, documents the high-level steps for IT professionals to perform an enterprise-scale desktop deployment project—starting with Windows XP and moving to Windows 7.
Documents how to perform an enterprise-scale desktop deployment project—starting with Windows XP and moving to Windows 7.

Get the Word Document @> Microsoft Download details: Deploying Windows 7 from A to Z

Published: 1/10/2010 9:09 AM

A CIO Check List for eDiscovery and Litigation

John Gilham — Sat, 09 Jan 2010 02:49:15 GMT

Body:

Today’s CIO encounters many challenges handling security and regulatory mandates that extend far beyond the once-simple duties of maintaining firewalls. CIOs are today’s corporate first responders to spot insider theft or illegal activity, recover lost or deleted data, and to ameliorate poor document retention.
Even before 2008's financial meltdown, courts realized that the amount of electronic data in litigation was growing exponentially. As a result, new Federal guidelines were introduced in 2006 http://www.cioupdate.com/article.php/3646801 to address this growing problem. At the core of any litigation today is the concept of understanding electronic data―where it is located, how it is managed, and how it can be accessed.
In the past, the litigation team consisted of inside and outside counsel, the business unit manager and outside suppliers. The legal responsibility for the management of a company’s data in most businesses falls squarely on the shoulders of the CIO. Thus, if a company is ever entrenched in a legal battle, the CIO needs to be part of the team and must be prepared to take the stand. Because of this person’s unique ability to discuss the internal systems that generate the data in question, a CIO will almost inevitably make any trial attorney’s short list.
In preparing to testify, a CIO must create a plan of action to address the data involved in the litigation. The CIO must be able to speak to the company’s internal IT functions as well as the complexity of the company’s data architecture. A CIO must also be prepared to defend the company’s work practices and policies in anticipation of, not just in response to, litigation. Creating a litigation response team that prepares these responses and policies ahead of time is critical.
The following are sample issues and questions that a CIO may need to address on the stand and, as part of the litigation response team, should be prepared to tackle:

Read the rest @> CIOs on Trial: A Check List for eDiscovery and Litigation — CIOUpdate.com

Published: 1/8/2010 6:49 PM

Microsoft Announces New SharePoint 2010 Certifications

John Gilham — Thu, 07 Jan 2010 20:11:17 GMT

Body:

Ian posts the latest SharePoint certification news on his blog.

The following certifications (According to the MS Partner web site https://partner.microsoft.com/global/40121316) should be available in June.
IT Pro

70-667 TS: Microsoft SharePoint 2010, Configuring
Microsoft Official Curriculum: Will cover configuration of SharePoint 2010 including deployment, upgrade, management, and operation on a server farm.
70-668 PRO: SharePoint 2010, Administrator
Microsoft Official Curriculum: Will cover advanced SharePoint 2010 topics including capacity planning, topology designing, and performance tuning.

Developer

70-573 TS: Microsoft SharePoint 2010, Application Development
Microsoft Official Curriculum: Five-day instructor-led course designed for developers with six months or more of .NET development experience. Course covers what you need to know to be an effective member of a SharePoint development team using Visual Studio 2010.
70-576 PRO: Designing and Developing Microsoft SharePoint 2010 Applications
Microsoft Official Curriculum: Five-day instructor-led training course designed for development team leads who have already passed the Developing on SharePoint 2010 technical specialist exam. The course covers choosing technologies for and scoping a SharePoint project, best practices for SharePoint development, configuring a SharePoint development environment, advanced use of SharePoint developer features, and debugging of code in a SharePoint project.

Read the source @> SharePoint 2010 Certifications - Ian's SharePoint Blog

Published: 1/7/2010 12:11 PM

Transitioning Client Access Servers (CAS, OWA and ActiveSync) to Exchange Server 2010

John Gilham — Mon, 04 Jan 2010 18:26:23 GMT

Body:

By now most of you have heard about the release of Exchange 2010. Those of you that are upgrading from Exchange 2003, Exchange 2007 or a mixture of the two, are probably curious about the client access upgrade strategy. To satisfy your curiosity, we are releasing a series of blog articles on the subject. The first in this series provides a summary of the steps that are required to introduce Exchange 2010 within your environment from a client access perspective. More detailed information about the upgrade process is discussed in TechNet and within the Deployment Assistant. The second and third parts in this series will discuss the end user experience for OWA and ActiveSync, respectively. Look for those in upcoming weeks.
Many of you have been asking how you can transition your existing Exchange environment to Exchange 2010 from a client access perspective. For most of you, this will also mean coexisting with legacy Exchange and Exchange 2010 for a period of time. This post will hopefully answer these questions by breaking down your transition into two scenarios:

Transitioning an Exchange 2003 environment to Exchange 2010.
Transitioning an Exchange 2007 (that may or may not contain Exchange 2003 mailbox servers) environment to Exchange 2010.

The underlying goal here is to move your primary namespace, mail.contoso.com and autodiscover.contoso.com, over to Exchange 2010 and introduce a new namespace for legacy access, legacy.contoso.com and associate it with your legacy Exchange client access infrastructure. Users will continue to use mail.contoso.com as their access point into the organization for messaging services. While Exchange 2003/2007 end users will see the legacy.contoso.com namespace in their browser address bar, ActiveSync settings, and Test Auto-Configuration output within Outlook, they only need to use the mail.contoso.com namespace as their primary entry point into the organization; in addition, IT should continue directing customers to utilize the mail.contoso.com namespace for all external connectivity mechanisms.
Note: The host names, mail.contoso.com or legacy.contoso.com, that are referenced in this document are not hard-coded or required. You can utilize whichever names make the most sense for your environment (e.g. owa.contoso.com and legacyowa.contoso.com). From a documentation perspective, we are going to utilize mail.contoso.com and legacy.contoso.com so that we are consistent in our transition story. For more information on Autodiscover namespaces, please see http://technet.microsoft.com/en-us/library/bb332063.aspx.
Transitioning an Exchange 2003 Environment to Exchange 2010

When you are ready to begin transitioning your organization to Exchange 2010, you must transition the "Internet Facing AD Site(s)" first, and then transition your internal Active Directory sites. It is not supported to transition an internal Active Directory site before all your Internet-accessible sites have been transitioned.
The steps for introducing Exchange 2010 into the environment are:
Note: These steps do not discuss how to set up your CAS2010 servers in a load balancing array. Please review your load balancing solution's instructions for how to properly create and join your CAS2010 servers in a load balancing array.
1. In order to support external client coexistence with CAS2010 and legacy Exchange in your "Internet Facing AD Site", you will (potentially) need to acquire a new commercial certificate. As a best practice, Microsoft recommends utilizing a certificate that supports Subject Alternative Names; however, you can utilize a wildcard certificate as well.
This commercial certificate that will be leveraged by external clients will contain at a minimum three SAN values (note that other scenarios may require you to add additional values):

mail.contoso.com (your primary OWA/EAS/OA access URL)
autodiscover.contoso.com
legacy.contoso.com (your OWA/EAS namespace for legacy mailbox access)

Prior to Windows Vista SP1, the Windows RPC/HTTP client-side component required that the Subject Name (aka Common Name) on the certificate match the "Certificate Principal Name" configured for the Outlook Anywhere connection in the Outlook profile. Therefore, as a best practice, you should ensure that mail.contoso.com is listed as the Subject Name in your certificate unless you plan on changing the configuration which can be achieved by using the Set-OutlookProvider cmdlet with the EXPR parameter as described in http://msexchangeteam.com/archive/2008/09/29/449921.aspx.
2. Ensure all Exchange 2003 servers are at Service Pack 2 and that you meet all forest/domain pre-requisites.
3. Install CAS2010 and configure it accordingly:

During the installation of CAS2010 you have the option to enter the external namespace that will be used for the virtual directories. You can enter this value in both the graphical user interface or the command-line setup:

For the graphical user interface setup experience of CAS2010 you are asked to configure a Client Access external domain. At this point you canter the domain name of mail.contoso.com.
If installing via the command line, you can utilize the setup property /ExternalCASServerDomain and specify mail.contoso.com

If you haven't already done so, install the RPC over HTTP proxy component. You can do this utilizing the ServerManagerCmd tool: ServerManagerCmd.exe -i RPC-over-HTTP-proxy
Configure your OWA settings appropriately (e.g. forms based authentication vs. basic authentication). For the purpose of this document, the default OWA settings are assumed.
Configure your EAS authentication settings appropriately (e.g. Basic vs. certificate authentication). For the purposes of this document, the default authentication mechanism, basic authentication, is assumed.
Enable Outlook Anywhere (for the purposes of this document, the default authentication settings are assumed): Enable-OutlookAnywhere -Server: -ExternalHostName:mail.contoso.com - SSLOffloading $false

4. If you chose to not specify the external domain name for CAS during setup, you will need to enable the following ExternalURLs to ensure that clients that leverage Autodiscover function correctly:

Offline Address Book: Set-OABVirtualDirectory \OAB* -ExternalURL https://mail.contoso.com/OAB
Web Services: Set-WebServicesVirtualDirectory \EWS* -ExternalURL https://mail.contoso.com/ews/exchange.asmx
ActiveSync: Set-ActiveSyncVirtualDirectory -Identity \Microsoft-Server-ActiveSync -ExternalURL https://mail.contoso.com/Microsoft-Server-ActiveSync

5. To ensure that Outlook Web Access functions correctly, you will need to enable the following URLs:

Outlook Web Access:

For environments without Exchange 2003: Set-OWAVirtualDirectory \OWA* -ExternalURL https://mail.contoso.com/OWA
For environments with Exchange 2003 mailbox servers: Set-OWAVirtualDirectory \OWA* -ExternalURL https://mail.contoso.com/OWA -Exchange2003URL https://legacy.contoso.com/exchange

Exchange Control Panel: Set-ECPVirtualDirectory \ECP* -ExternalURL https://mail.contoso.com/ECP

6. For your Outlook clients, you can configure CAS2010 to participate in an RPC Client Access Service array:

Create a load balancing array for CAS2010, if one has not already been created.
Create a DNS entry in your internal DNS infrastructure that resolves to the Virtual IP Address (VIP) of the CAS load balancing array. The DNS entry, for example, could be outlook.contoso.com.
Configure your load balancing array to load balance the MAPI RPC ports:

TCP 135
UDP/TCP 1024-65535

Run the following cmdlet to create the Client Access Service array: New-ClientAccessArray -Name outlook.contoso.com -FQDN outlook.contoso.com -Site "Internet Facing AD Site"

7. Install the HT2010 and MBX2010 server roles into the "Internet Facing AD Site" and configure accordingly.

You can change the Offline Address Book generation server and enable web distribution on CAS2010 by performing the following steps:

To move the Offline Address Book: Move-OfflineAddressBook "Default Offline Address List" -Server
To add CAS2010 as a web distribution point:

$OABVDir=Get-OABVirtualDirectory -Server
$OAB=Get-OfflineAddressBook "Default Offline Address List"
$OAB.VirtualDirectories += $OABVdir.DistinguishedName
Set-OfflineAddressBook "Default Offline Address List" -VirtualDirectories $OAB.VirtualDirectories

8. Create the legacy host record (legacy.contoso.com) in your external DNS infrastructure and associate it either with the FE2003 infrastructure (less likely) or your proxy infrastructure (more likely).
9. You will configure External DNS and/or your reverse proxy infrastructure's publishing rules to have the autodiscover.contoso.com namespace point to CAS2010.
10. If utilizing a reverse proxy infrastructure, you will publish the legacy namespace to the FE2003 infrastructure so that at this point the FE2003 infrastructure can be accessed either via mail.contoso.com or legacy.contoso.com namespaces.
11. You will then schedule Internet protocol client downtime (please note that this downtime window should be relatively small - enough time for you to make the change and validate that everything works as desired) and perform the following steps:

You will reconfigure External DNS and/or your reverse proxy infrastructure's publishing rules to have the mail.contoso.com namespaces point to CAS2010.
Users with mailboxes on an Exchange 2003 server who try to use Exchange ActiveSync through an Exchange 2010 Client Access server will receive an error and be unable to synchronize unless Integrated Windows authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. This allows the Exchange 2010 Client Access Server and the Exchange 2003 back end server to communicate using Kerberos authentication.

To enable this authentication change on Exchange 2003 you need to either:

Install http://support.microsoft.com/?kbid=937031 and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory. Repeat this for each Exchange 2003 mailbox server in your organization.
Or, set the msExchAuthenticationFlags attribute to a value of 6 on the Microsoft-Server-ActiveSync object within the configuration container on each Exchange 2003 mailbox server. An example script is provided at http://technet.microsoft.com/en-us/library/cc785437.aspx.

Note: It is important that you do not use IIS Manager to change the authentication setting on the Microsoft-Server-ActiveSync virtual directory as the DS2MB process within the System Attendant will overwrite the settings that are stored in Active Directory.

Disable Outlook Anywhere by utilizing the Exchange System Manager and selecting the "Not part of an Exchange managed RPC-HTTP topology" radial button on the RPC-HTTP tab of the Front-End server's properties. Optionally, you can also remove the RPC over HTTP proxy component (refer to your Windows Server documentation for more information).

Important: This requires an up-front investment in CAS2010 architecture as all Outlook Anywhere clients will utilize CAS2010 once you transition the Outlook Anywhere endpoint. Be sure to follow all proper scalability planning documentation when deploying CAS2010 to ensure that you do not create a bottleneck in your CAS infrastructure due to Outlook Anywhere clients.

Test all client scenarios and ensure they function correctly.

12. Complete downtime and enable Internet protocol client usage.
As a result of following these steps, the environment would look similar to this diagram:

Transitioning an Exchange 2007 environment to Exchange 2010

Read the original article @> You Had Me At EHLO... : Transitioning Client Access to Exchange Server 2010

Published: 1/4/2010 10:26 AM

Exchange 2010 Transport Architecture Diagrams Available for Download

John Gilham — Sun, 03 Jan 2010 21:42:23 GMT

Body:

Bharat Suneja posts:

The Exchange 2010 transport server role architecture diagrams are now available for download. The Hub Transport Role Architecture diagram can help you understand the different transport components involved in processing and routing messages, the different transport agents that act upon messages and the events on which they are triggered, and visualize the mail flow.
The Hub Transport Extensibility diagram can help you understand how different transport agents process a message in the Exchange 2010 transport pipeline.
Both diagrams can be downloaded from Microsoft Exchange Server 2010 Transport Server Role Architecture Diagrams.
Note that Exchange 2010 includes internal or built-in transport agents which are not visible when you use the Get-TransportAgent or Get-TransportPipeline cmdlets. The list includes transport agents that implement Information Rights Management (IRM) functionality- the RMS Protocol Decryption agent, Journal Report Decryption agent, RMS Encryption agent, and Prelicensing agent, as well as the Journaling agent. To learn more about transport agents, see Understanding Transport Agents in Exchange 2010 documentation.

You Had Me At EHLO... : Exchange 2010 Transport Architecture Diagrams Available for Download

Published: 1/3/2010 1:42 PM

Microsoft Forefront TMG Categories for Web URL Filtering/Blocking

John Gilham — Sun, 03 Jan 2010 21:41:37 GMT

Body:

URL Filtering allows you to control end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or pornographic materials, based on predefined URL categories. Visit TechNet to read about Planning for URL Filtering and Managing URL Filtering.
The table below summarizes the URL categories available. Those marked with an asterisk are blocked by Forefront TMG when in the Web Access Policy Wizard you choose to create a rule blocking the minimum recommended URL categories.

URL Filtering allows you to control end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or pornographic materials, based on predefined URL categories. Visit TechNet to read about Planning for URL Filtering and Managing URL Filtering.

The table below summarizes the URL categories available. Those marked with an asterisk are blocked by Forefront TMG when in the Web Access Policy Wizard you choose to create a rule blocking the minimum recommended URL categories.

Category	Description
Liability	Aggregation of sites that may be in conflict with applicable legal and/or policy compliance obligations.
Alcohol	Alcohol Web sites promote or offer for sale alcoholic beverages or the means to create them; supplies, recipes or paraphernalia; glorifies, touts, or otherwise encourages alcohol consumption or intoxication.
Gambling*	Gambling Web sites are sites where a user can place a bet or participate in a betting pool (including lotteries) online; obtain information, assistance or recommendations for placing a bet; receive instructions, assistance or training on participating in games of chance
Tobacco	Tobacco Web sites glorify, promote, offer for sale or otherwise encourage the consumption of tobacco.
Obscene/Tasteless*	Obscene/Tasteless Web sites provide vulgar, crude, disgusting or otherwise offensive material, e.g., mutilation, murder, and defecation.
Profanity	Profanity Web sites are sites that advocate or convey what may be interpreted as insulting, rude or vulgar behavior (through words, gestures, or other behavior); or otherwise show disrespect towards, or desecration of, something held sacred.
Violence*	Violence Web sites are sites which advocate or provide instructions for causing physical harm to people or property through use of weapons, explosives, pranks, or other types of violence.
Weapons	Weapons sites are sites which sell, review, or describe legal weapons such as: guns, knives, or martial arts devices; provide information on their use, accessories, or other modifications.
Nudity	Nudity Web sites are sites containing images of human nudity, e.g., nude art, incidental nudity
Pornography*	Pornographic Web sites are sites containing sexually explicit material for the purpose of arousing a sexual or prurient interest.
Provocative Attire	Provocative attire Web sites are sites which sell, review, or describe alluring attire but do not involve nudity.
Mature Content	Mature sexual content sites contain sexually explicit information that is not of a medical or scientific nature.
Criminal Activities*	Criminal activities Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate illegal activities, or describe how to commit criminal activity.
Dubious	Dubious Web sites are sites with questionable, suspicious, or ethically ambiguous content.
Hacking/Computer Crime	Computer hacking/crime Web sites are sites which advocate or provide instructions for causing harm to people or property through use of unauthorized computer activity.
Hate/Discrimination*	Hate Web sites are sites which advocate hostility or aggression toward an individual or group on the basis of race, religion, gender, nationality, ethnic origin, or other involuntary characteristics; a site which denigrates others on the basis of those characteristics or justifies inequality on the basis of those characteristics; a site which purports to use scientific or other commonly accredited methods to justify said aggression, hostility or denigration.
Illegal Drugs*	Drug Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the recreational or illegal use, cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants or chemicals and their related paraphernalia.
Illegal Software	Illegal Software Web sites are sites which promote, offer, sells, supply, encourage or otherwise advocate the use, cultivation, manufacture, or distribution of software that is illegal in one or more major jurisdictions.
School Cheating Information	School Cheating Information Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate information used to cheat in school.
Bandwidth	Bandwidth Web sites are sites which may result in large amounts of data being uploaded or downloaded, e.g., video download, file download, etc.
Media Sharing	Media sharing Web sites are sites which promote, sell, offer, supply or allow sharing between users of media, e.g., video download, file download, etc.
Streaming Media	Streaming media sites provide media for streaming consumption, e.g., on demand video, internet radio.
Business	Business Web sites are sites which promote, sell, offer, or supply business information, e.g., employment services, financial institutions, online trading and brokerages.
General Business	Business Web sites are sites which promote, sell, offer, or supply business information, e.g., corporate Web site, business to business sites.
Employment	Employment Web sites are sites which promote, sell, offer, or supply employment information including providing job seeking information.
Financial	Financial Web sites are sites which promote, sell, offer, or supply financial information including financial account access.
Online Trading/Brokerage	Online Trading/Brokerage Web sites are sites which promote, sell, offer, or supply trading information including online trading and brokerage account access.
Communication	Communication Web sites are sites which provide a means for digital communications. These sites may include access for adding, removing, and updating personal content, e.g., chat, forums, and blogs.
Blogs/Wiki	Blog/Wiki Web sites are sites which provide dynamic content where users frequently add, remove, and update content.
Chat	Web chat Web sites are sites which provide Web-based chat as the main feature or function of the site.
Digital Postcards	Digital postcard Web sites are sites which enable users to send and receive digital postcards and greeting postcards.
Forum/Bulletin Boards	Forum/Bulletin Board Web sites are sites which provide dynamic content where users frequently add content.
Instant Messaging	Instant Messaging Web sites are sites which provide Web-based or downloadable chat-related applications as the main feature or function of the site.
Online Communities	Online Community Web sites are sites which provide dynamic content for the purpose of social networking. These sites may include access for adding, removing, and updating personal content.
Portal Sites	Portal Web sites are sites where the main purpose is to route users to Web content.
Usenet News	Usenet news Web sites provide access to Usenet archives.
Web E-mail	Web E-mail Web sites are sites that enable users to send and receive email.
Web Meeting	Web Meeting Web sites are sites which provide online meeting services.
Web Phone	Web Phone sites are site which provide online phone services.
Web-based Productivity Applications	Web-based productivity application Web sites are sites which provide Web browser-based productivity application services, e.g., Web browser-based word processing.
Entertainment	Entertainment Web sites are sites that distributes, displays, discusses or promotes entertainment related content - e.g., games, humor, recreation or hobbies.
Art/Culture/Heritage	An art/culture/heritage site is a site that distributes, displays, discusses or promotes art, culture, or heritage related content - e.g., books, literature, theater.
General Entertainment	Entertainment Web sites are sites that distribute, display, discuss or promote entertainment related content, e.g., movies, television, and music.
Games	Games Web sites are sites that distribute, display, discuss or promote game related content, e.g., board games, video games, etc.
Humor/Comics	Humor/Comics Web sites are sites that distribute, display, discuss,. or promote humor related content, e.g., comics, cartoons, etc.
Recreation/Hobbies	Recreation/Hobby Web sites are sites that distribute, display, discuss or promote recreation and hobby related content, e.g., model airplane building, knitting, sewing, etc.
General Productivity	General productivity Web sites are an aggregation of sites believed to engage users in time or resource-intensive activities that may be in conflict with expected use of computer and network resources.
Education/Reference	Education/reference Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate educational or reference information.
Child Friendly Materials	Child friendly materials Web sites are sites which promote, offer, sell, supplies, encourage or otherwise advocate child-friendly materials.
Government/Military	Government/Military Web sites are sites created and maintained by an official government or military organization
Health	Health Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate health information.
History	History Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate historical information.
Legal Services & Reference	Legal services and reference Web sites are sites which provide, promote, offer, sell, supply, encourage or otherwise advocate legal services and reference information.
Non-Profit/Advocacy/NGO	Non-profit/Advocacy/NGO Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate non-profit, advocacy, or NGO information.
Politics/Opinion	Politics/Opinion Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate politics or opinion information.
Public Information	Public information Web sites are sites which provide general reference information for public consumption, e.g., listings, maps, weather, etc.
Religion/Ideology	Religion/Ideology Web sites are site which promote, offer, sell, supply, encourage or otherwise advocate religion or ideology.
Search Engines	Search engine Web sites are sites where the main purpose is to provide search Web content based on user-defined queries.
Information Technology	Information technology Web site are sites which promote, offer, sell, supply, encourage or otherwise advocate technology information, e.g., free hosting, Internet services, Web ads.
Technical Information	Technical Information Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate technical information, e.g., tutorials for computer programming, reviews of computer software or hardware, technical forums, information security.
Edge Content Servers/Infrastructure	Edge content servers/infrastructure Web sites are sites which hosts files for other Web sites usually for high-volume consumption.
Free Hosting	Free hosting Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate free Web hosting information, e.g., Web sites that allow users to create personal homepages.
Internet Services	Internet services Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate Internet services information, e.g., domain registration, ISPs.
Web Ads	Web ads Web sites are sites from which advertising content originates. Advertising content includes but is not limited to banners, marketing trackers, and text ads.
Lifestyles	Lifestyle Web sites are sites that cater to or discuss personal or social interests and activities with content intended for a specific audience.
Dating/Personals	Dating/Personals Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate dating or personal information.
Special Interests	Sites that reflect a group or collection of persons that have a common interest or issue that is representative of who they are, their life situation, or is of closely held significance to them. This includes without limitation, cultural or ethnic identity, organization/club affiliations, or sexual orientation/identity.
Restaurants/Dining	Restaurants/Dining sites are sites which promote, encourage or otherwise advocate information about restaurants or dining choices.
Social Opinion	Social Opinion Web sites are sites that provide information related to variety of social topics, e.g., movie reviews, actor critiques.
Self Defense	Self defense Web sites are site which promote, encourage or otherwise advocate information about self defense - e.g., karate, mace, stun guns.
Travel	Travel web sites are sites which promote, encourage or otherwise advocate traveling.
News/Reports	News/Reports Web sites are sites that provide news or report information.
News	News Web sites provide news media such as local weather, and other relevant regional, national and international information.
Sports	Sports Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate professional athletics, e.g., professional or recreational baseball leagues.
Purchasing	Purchasing Web sites are sites which promote, offer, sell, supply, and encourage purchasing of products.
Fashion/Beauty	Fashion/Beauty Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, or distribution of fashion or beauty related products.
Motor Vehicles	Motor Vehicles Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, distribution or discussion of motor vehicle related products.
Shopping	Shopping Web sites are sites which promote, offer or sell products or services online.
Pharmacy	Pharmacy Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, distribution or discussion of prescription drugs.
Real Estate	Real estate Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the buying, selling, managing or maintenance of real estate.
Security	Aggregation of sites which may either directly constitute a risk to IT resources, or are associated with activities suspected to increase risk of exposure to these dangers.
Anonymizers*	Anonymizer Web sites are sites used to anonymize a user's originating IP address
Anonymizing Utilities	Anonymizing utilities Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, manufacture, or distribution of anonymizing utilities.
P2P/File Sharing	P2P/File sharing Web sites are sites which offer, sell, supply, encourage or otherwise advocate the use, manufacture, or distribution of P2P/File sharing software.
Parked Domain	Parked domain Web sites are sites that no longer contain content or are no longer registered.
Personal Network Storage	Personal network storage Web sites provide Web-based storage for personal files, e.g., pictures, documents, etc.
Remote Access	Remote access Web sites are sites which provide Web-based or downloadable remote access related applications as the main feature or function of the site, e.g., a Web site that allows a user to access a computer from a remote location.
Resource Sharing	Resource sharing Web sites are sites that provide information about applications that utilize otherwise unused system resources, e.g., SETI@home.
Shareware/Freeware	Shareware/Freeware Web sites are sites which provide Web-based or downloadable applications as the main feature or function of the site.
Botnet*	Botnet sites are sites which covertly install applications onto targeted systems allowing unauthorized remote control for malicious activity.
Malicious*	Malicious Web sites covertly install applications onto targeted systems with the intent of causing harm to people or property through use of unauthorized computer activity.
Phishing*	Phishing sites are sites that masquerade as a trustworthy entity for the purpose of tricking users into disclosing personal information.
Spam URLs	Spam Web sites are sites that contain unsolicited information from spam e-mails.
Spyware/Adware*	Spyware/adware Web sites are sites which covertly install applications onto targeted systems with the intent of performing unsolicited activity, namely, transmitting personal information or providing unsolicited advertisements.

Read the complete article @> Forefront TMG (ISA Server) Product Team Blog : Categories for URL Filtering

Published: 1/3/2010 1:41 PM

Microsoft OCS 2010 New Features

John Gilham — Wed, 30 Dec 2009 02:36:34 GMT

Body:

Inside OCS posts some of the public features coming in OCS 2010.

The next release of Office Communications Server and Communicator together with Exchange 2010 is currently referred to as UC “Wave 14″ (code-name). The latest publicly available release date is in “late 2010”.
Few details exist, but here is a recap of what is publicly known:
1) A new version of Office Communications Server (likely to be called OCS 2010). Here are the highlights:

Capable of being a full PBX replacement (another step in Microsoft’s software powered telephony vision).
New “Branch Survivability” features (more branch availability options besides deploying more servers).
Emergency 911 support.
PSTN Failover.
Analog Device Support.
Remote Call Control will be deprecated.
There will likely be a new ‘Voice CAL’ (Client Access License) for users to access the new enterprise-voice features.

2) A new version Office Communicator (code-named “14” right-now).

Read the rest @> OCS in 2010 - The UC 14 Wave « Inside OCS

Published: 12/29/2009 6:36 PM

Operation and Failover of Resource Hosting Subsystem (RHS) In Windows Server 2008 Failover Clusters

John Gilham — Thu, 17 Dec 2009 15:27:21 GMT

Body:

In this blog, I would like to explore some of the inner-workings of the Resource Host Subsystem (RHS) which is responsible for monitoring the health of the various cluster resources being provided as part of highly available services in a Failover cluster. A Windows Server 2008 Failover Cluster is capable of providing high availability services using a variety of resources some of which are included as part of the Failover Cluster feature and others are as part of ’cluster-aware’ applications like SQL and Exchange. Resources are designed to work together and are typically organized in Resource Groups (Figure 1). For example, a group of resources supporting a highly available File Server may consist of one or more of the following types of resources – Client Access Point (IP Address(s) + Network Name resource), Physical Disk (Storage), and a File Server. A highly available SQL Instance could contain the following resources - Client Access Point (IP Address + Network Name resource), Physical Disk (Storage), SQL Server and SQL Server Agent. Cluster resources are supported by special ‘plugins’ or resource Data Link Libraries (DLLs) that include coding to allow them to properly integrate\interoperate with the cluster service.

Figure 1
A Windows Server 2008 Failover Cluster is capable of hosting an unlimited number of resources. The management of these resources is the responsibility of the Resource Control Manager (RCM) and the Resource Host Subsystem (RHS) which provide this functionality as part of the Cluster Service itself (Figure 2).

Figure 2
The Resource Control Manager (RCM) is part of the overall cluster architecture and is responsible for implementing failover mechanisms and policies for the cluster service as well as establishing and maintaining the dependency tree (Figure 3) for each resource (e.g. a File Server resource requires a dependency on a Client Access Point and a Storage resource).

Figure 3
The Resource Control Manager maintains the state for individual resources (Online, Offline, Failed, Online Pending, and Offline Pending) as well as for Resource Groups (Online, Offline, Partial Online, and Failed). The Resource Control Manager can execute the following actions on a group of resources – Move, Failover and Failback. Which action is executed depends on several factors including the current ‘health’ of resources in the group, administrative actions taken on the group (e.g. Move Group), or the current policies in effect for the group. Here is an example (Figure 4) of Failover and Failback Group Policies –

Ask the Core Team : Resource Hosting Subsystem (RHS) In Windows Server 2008 Failover Clusters

Published: 12/17/2009 7:27 AM

Migrating Exchange 2003 or 2007 ActiveSync to Exchange 2010

John Gilham — Fri, 11 Dec 2009 17:57:29 GMT

Body:

Many of you have been asking how you can upgrade your existing Exchange environment to Exchange 2010 from a client access perspective. For most of you, this will also mean coexisting with legacy Exchange and Exchange 2010 for a period of time. My first blog article in this series discussed the overall steps in how to upgrade your environment from a client access perspective. This article, the third in the series, discusses how Exchange ActiveSync will function in an Exchange 2003 or 2007 environment that has Exchange 2010 deployed.
Upgrading EAS in an Exchange 2003 Environment to Exchange 2010

Some of you may have environments that have Internet facing AD sites and non-Internet facing AD sites. As part of our upgrade process, you will be following a model where:

Ensure all Exchange 2003 servers are at Service Pack 2.
Deploy Exchange 2010 CAS, Hub Transport, and Mailbox in the "Internet Facing AD Site".
Have legacy Exchange servers in the "Non-Internet facing AD site" (if they exist).

In other words, it would look something like this for an Exchange 2003 upgrade/co-existence:

With this configuration there are typically a few questions that are asked:

What are the configuration changes I must make on the Exchange 2003 Front-End servers to support ActiveSync?
What are the configuration changes I must make on the Exchange 2003 mailbox servers?
What scenarios involve proxying and what scenarios involve redirection for Exchange ActiveSync (Exchange 2003)?

Read the rest @> João Ribeiro : Upgrading Exchange ActiveSync to Exchange 2010

Published: 12/11/2009 9:57 AM

Problem Application Candidates for Virtualization with Microsoft App-V

John Gilham — Fri, 11 Dec 2009 01:09:17 GMT

Body:

To help minimize the costs associated with application management, an organization should follow a specific sequencing process to help reduce the costs of packaging applications.
The process can be categorized into several distinct phases that begin with evaluating the current software catalog, continue with building the sequencing workstation, and then finish with performing the sequencing tasks. The following sections discuss considerations for each phase.
Phase 1: Evaluate the Current Software Catalog

When determining which applications are suitable virtualization candidates, Microsoft evaluates the potential candidate and places the application into one of three categories:

Ideal Candidate. Applications meet all of the possible candidate criteria and have no identifiable roadblocks to success.
Possible Candidate. Applications do not meet disqualifying criteria but may require additional research or validation.
Not a Candidate. Applications are more expensive to virtualize than the benefits achieved from virtualization. This category also includes applications that technically cannot be virtualized because of current limitations.

To assist with identifying applications that are not a suitable candidate for virtualization,
Table. Provides information to consider.
Application type
Definition
Examples
Applications with drivers
Applications that install and rely on a system-level driver, such as an application that installs a print driver or a universal serial bus (USB) device driver.
Some applications may allow for the drivers to be installed independent of the other components of the application. As a workaround for this scenario, the driver portion of this application can be installed locally on the client system, allowing the other components of the application to be virtualized.
OEM hardware utilities
Applications that integrate closely with the operating system
Some applications, such as the Windows Internet Explorer® browser, are closely tied to the operating system. As such, these applications cannot be sequenced.
These applications can be started from within a virtual environment, thus having access to all of the components and configuration settings related to that virtual environment. This is a common technique used for Web-based applications that may require specific ActiveX® controls or need extended security settings.
Windows Media® Player
Internet Explorer
Applications with shell extensions
Microsoft Application Virtualization does not support shell extensions that contain a custom dynamic-link library (DLL). This would require providing access to the virtual environment to Windows Explorer. Shell extensions are in-process Component Object Model (COM) objects that extend the abilities of the Windows operating system.
WinZip
COM+ applications
COM+ is dynamic; it happens at run time. Hence, there is no way (currently) for the Sequencer to capture this information in a "static" form within a sequence. COM and DCOM, by contrast, are recorded in component services and are static.
BizTalk®
Applications with background or headless service “boot-time”
App-V 4.5 supports the virtualization of services; however, they must be started from within the virtual environment. An example of this would be virtualizing PCAnywhere, which installs a service in the background to provide the PCAnywhere server functionality.
PCAnywhere
Firewall Client for Microsoft Internet Security and Acceleration (ISA) Server
eTrust AntiVirus
Applications that integrate with many other applications
Applications with complex or unknown integration with other applications or operating system components need to be fully evaluated to identify and define interaction requirements.
After the issues are defined, an organization can determine whether application isolation will provide a benefit over locally installing the application.
A workaround for this may be to sequence multiple applications into one “suite” that would allow them to communicate within the isolated virtual environment.
Microsoft Office 2007 suites
Microsoft Office Live Meeting 2007
Microsoft Office Communicator 2007
Applications with licensing enforcement tied to a computer
Applications where the license is tied to system hardware or to the system’s media access control (MAC) address.
Computer-aided design (CAD) software
Applications or suites of applications that, when sequenced, will result in an .sft file greater than 4 gigabytes (GB)

The World Simplified is a Virtual World : Candidates for Virtualization

Published: 12/10/2009 5:09 PM

BlackBerry Enterprise Server (BES) fully supported on Exchange 2010 RU1

John Gilham — Thu, 10 Dec 2009 06:06:19 GMT

Body:

I'd like to share with everyone some good news today— BlackBerry® Enterprise Server (BES) is now fully supported on Microsoft® Exchange Server 2010 and BlackBerry® Technical Support Services are readily available.
This is the earliest customers have been able to deploy BlackBerry smartphones with a new Exchange release - ever. Customers who rely on BES as an important part of their messaging and collaboration infrastructure have told us that more rapid support for RIM's solution is critical to them. So we partnered with RIM earlier in the development cycle to ensure organizations moving to the new release experience no user downtime.
In order to enable full support, three updates are required:

Roll-Up 1 (RU1) for Exchange Server 2010
MAPI v6.5.8147
BlackBerry Enterprise Server 5.0.1 Maintenance Release 1 (MR1)

All three of these updates are available to customers of Exchange Server 2010 and BlackBerry Enterprise Server v.5.0 with Service Pack 1 at no cost. BlackBerry Enterprise Server v5.0 Service Pack 1 and Maintenance Release 1 can be found here: http://www.blackberry.com/support/downloads
Additional information on the solution requirements, preparing the BlackBerry environment for Microsoft Exchange Server2010, can be found on the BlackBerry site here.

Today's roll up also includes other minor updates to areas including calendaring, OWA, and transport. You can read more about Exchange Server 2010 RU1 here.

Read the complete article @> You Had Me At EHLO... : BlackBerry Enterprise Server fully supported on Exchange 2010

Published: 12/9/2009 10:06 PM

Getting started with BI in SharePoint Server 2010

John Gilham — Sun, 06 Dec 2009 16:53:30 GMT

Body:

Getting started with business intelligence in SharePoint Server 2010

Download details: Getting started with BI in SharePoint Server 2010

Published: 12/6/2009 8:53 AM

Attachments: http://gilham.org/Blog/Lists/Posts/Attachments/732/image_2_64E65FE8.png
http://gilham.org/Blog/Lists/Posts/Attachments/732/image_thumb_64E65FE8.png

Microsoft Infrastructure Planning and Design Guide Series

John Gilham — Sat, 05 Dec 2009 07:03:08 GMT

Body:

The Infrastructure Planning and Design guide series gives you architectural guidance for Microsoft infrastructure products. The IPD guides help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.
Learn more.

IPD guides provide:

Concise planning guidance to design an infrastructure for Microsoft technologies
The critical decisions to be addressed and the available options
A means to validate design decisions with the business to ensure that the solution meets the requirements of both business and infrastructure stakeholders

Updated! Infrastructure Planning and Design (IPD) Guide for Selecting the Right Virtualization Technology
Updated to include coverage of Windows Server 2008 R2 Remote Desktop Services and Virtual Desktop Infrastructure (VDI), this guide walks the reader through the process of selecting the right virtualization technology for each workload—in five steps or fewer.
New! Infrastructure Planning and Design (IPD) Guide for Windows Server 2008 R2 Remote Desktop Services
Streamline your planning and design process for implementing the Remote Desktop Services infrastructure by using the simple nine-step process presented in this guide. Use this guide to save time and clarify your design and planning process.
New Beta! Infrastructure Planning and Design (IPD) Guide for Microsoft Forefront Unified Access Gateway
Follow the simple, three-step process in this guide to successfully design Microsoft Forefront Unified Access Gateway infrastructure.
New! Infrastructure Planning and Design (IPD) Guide for DirectAccess
This guide provides actionable guidance for designing a DirectAccess infrastructure. The guide’s easy-to-follow, four-step process gives a straightforward explanation of the infrastructure required for clients to be connected from the Internet to resources on the corporate network, whether or not the organization has begun deploying IPv6.

Here is a list of all of them:

IPD One-click Downloads

Download the entire IPD series
Download the IPD series intro

IPD Guides for Virtualization

Microsoft Enterprise Desktop Virtualization
App-V
Windows Server 2008 R2 Remote Desktop Services
Terminal Services
Windows Server Virtualization*
Selecting the Right Virtualization Technology*

IPD Guides for Windows Server

Windows Server Virtualization*
Windows Deployment Services*
Windows Server 2008 R2 Remote Desktop Services
Terminal Services
Internet Information Services*
Print Services*
File Services*
Active Directory Domain Services*
DirectAccess

IPD Guides for Security

Forefront Unified Access Gateway (Beta) (Live ID Required)

*updated for Windows Server 2008 R2

IPD Guides for System Center

System Center Data Protection Manager 2007 SP1
System Center Virtual Machine Manager 2008 and R2 (updated)
System Center Operations Manager 2007 and R2 (updated)
System Center Configuration Manager 2007

IPD Guides for Optimized Desktop Scenarios

Windows Optimized Desktop Scenarios
DirectAccess

IPD Guides for SQL Server

SQL Server 2008

IPD Guides for Microsoft Online Services

SharePoint Online: Evaluating Software-plus-Services
Exchange Online: Evaluating Software-plus-Services

IPD Guides for Network Access Protection

Selecting the Right NAP Architecture

Infrastructure Planning and Design Guide Series

Published: 12/4/2009 11:03 PM