Active Directory design considerations: part 6 (domain controller placement and site design)

Posted on By Mark Wilson

Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links.

Domain controller (DC) placement can have a huge impact on user experience (e.g. the impact on logon times) but generally the choices are for placement on hub sites or at satellite (branch) locations and these should each be considered on a case-by-case basis, looking at the network and application requirements.

It’s worth mentioning that available network bandwidth has generally increased considerably since early Active Directory deployments were designed and this will allow for consolidation of the overall number of domain controllers in many cases.

With regards to global catalog (GC) servers, there are very few reasons not to make all domain controllers global catalog servers. Indeed, in a single-domain forest, all domain controllers are effectively GCs. In particular, multi-domain forests using user principle names (UPNs) for logon should consider making each DC a GC.

Read-only domain controllers (RODCs) are new in Windows Server 2008 and provide read-only access to Active Directory. Many people (myself included) have compared this functionality with Windows NT backup domain controllers (BDCs) but that’s not a true comparison as no passwords are stored locally and an RODC cannot be promoted to a full DC. The introduction of RODC functionality is really a security feature to mitigate against the theft of a DC on a high-risk site (e.g. a branch location without a physically secure computer room) and is not really intended for DMZ access to AD. RODCs can reduce replication, as they only replicate inbound traffic; however where users travel between several remote sites they can increase logon traffic as the users details may not be available on the RODC.

The decision as to whether to deploy an RODC or a full DC will depend on:

  • Application requirements (e.g. does the application need to write to the directory).
  • Site topology (e.g. site link bridging turned off – see below).
  • Password replication policy (no account caching will lead to increased WAN/hub DC traffic).

Further details may be found in Microsoft’s RODC planning and deployment guide.

AD site design is closely linked to DC placement and there are two basic models:

  1. A logical site for every physical location, assigning subnets for each physical location to the corresponding site.
  2. A logical site for every physical location that has one or more DCs, assigning subnets for physical locations to the most appropriate site (based on the underlying network).

Both approaches work well; however with the first option, DNS site coverage must be considered (i.e. ensure that that appropriate name server records are in place). With the second option, clients are automatically referred. It’s also worth considering other applications (e.g. DFSR) and if there is no DC on site then option 1 may make more sense.

Site links should map to the underlying physical network with appropriate costs and replication schedules applied. According to Microsoft, one common mistake is to assign all sites to the DEFAULTIPSITELINK – effectively using a single link for replication and preventing the application of appropriate costs for least-cost routing.

Also, the option to bridge all site links is on my default and, although this is appropriate on a fully routable network (i.e. one where all DCs can communicate freely) it is not recommended for branch offices (due to the overheads associated with the intersite messaging transport and calculating site links) and can be disabled using repadmin /siteoptions (which still allows DFSR to calculate site link costs).

Custom site link bridges may be used where a network is not fully routable (e.g. if firewalls restrict communication between DCs).

The AD replication topology is automatically managed by the knowledge consistency checker (KCC) based on the site link design, automatically creating the connection objects that are required for replication. The KCC-generated topology is used for AD and sysvol replication using the file replication service (FRS); however in Windows Server 2008 sysvol is replicated using DFSR, once the domain functional level is at Windows Server 2008. This increases scalability (removing inefficiencies around FRS version vector joins). For new Windows Server 2008 native domains, replication of sysvol via DFSR is automatic but for upgraded domains there is a migration process to follow.

In the next post in this series, I’ll take a look at the design considerations for domain controller configuration.

More on Microsoft’s ad campaign – are you a PC?

Posted on By Mark Wilson

So, were the Gates/Seinfeld ads canned? Who knows – right from the start they were supposed to be teasers, something to get a conversation started – and they sure did that – the ‘net is awash with people (like me) saying how lame they are (although I’ve seen a few comments from people saying that they were starting to get into things with the second ad). PC
Now the blogosphere (and mainstream industry sites) are awash with people saying how Microsoft has come up with “I’m a PC” to take a swipe back at Apple – but without being funny. Hang on guys… you’re missing the point! I’m a PC is just a soundbite – saying how (Windows) PCs have been stereotyped as dull things from the office, things that are unreliable, things that can’t do anything exciting – but that over a billion real people use (Windows) PCs to do real things and showing some of those people. Personally, I don’t like the “I’m a PC” statement from the myriad users featured in the ads (“I use a PC” would be fine) but, then again, I come from the country that invented the English language (England) and these ads are targeted at people who speak American (there is no such thing as US English!).

Then there is the Life without Walls campaign – showing how many things can be done on a PC and how one operating system transcends so many devices used throughout the world.

Windows - Life Without Walls

And the Mojave Experiment, which basically said “come and look at Windows before writing it off as a disaster”.

I can see that this campaign is multifaceted. It seems to lack something to link the disparate themes of Mojave, Seinfeld/Gates, I’m a PC, Life without Walls and the manufacturer-focused Vista Velocity but I do at least understand where this is heading now. And I think it’s a smart move inviting consumers to add their own videos to the campaign, further underlining the fact that ordinary people use Windows PCs (a PC is not a stereotype).

As for the Microsoft-bashers, well, they’ll always find something to poke at, like that the ads were apparently made on a Mac Apple PC – but really, so what? (Many professional design studios do use Macs but that doesn’t mean a Windows PC is not perfectly good enough for home movies).

At last, this campaign seems to be going somewhere, but I can’t help thinking there are a bunch more Bill and Jerry ads waiting to slip out one day.

An alternative view

The links below highlight the views on this subject from a few well-known Microsoft-watchers:

Active Directory design considerations: part 5 (security groups)

Posted on By Mark Wilson

Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for the creation and use of security groups within Active Directory.

First of all, let’s recap on the various group scopes.

Account groups are used to group users and computers. There are two types:

  • Global groups may contain members from their own domain (only).
  • Universal groups may contain members from any domain in the same forest and their membership is included in the global catalog in order to support mail-enabled groups.

Permissions may be assigned to either type of group (as long as they are in the same or a trusted domain).

Resource groups are used to assign rights and permissions and, again, there are two types:

  • Domain Local groups may contain members from any trusted domain in any forest (so are required if there is to be a cross-forest group membership).
  • Built-in local groups.

Permissions may be assigned to either type of group but only in their own domain.

Some organisations will ignore the differences in group scope if they are using a single domain environment, as the various types of group will function in a similar manner; however it’s worth considering that the forest/domain design may change over time (e.g. as a result of business changes) and so it is always good practice to use the appropriate group type.

The recommended approach is to add users to account groups, then add account groups to resource groups and use the resource groups to assign permissions on objects.

One consideration is nesting – whilst nested groups help to keep the size of the kerberos token down (Microsoft knowledge base article 263693 is old now, but explains why this this may be an issue), it can also make auditing difficult. Nesting is not to be totally avoided; however the complexity of the nested groups should be carefully considered. In particular, nesting groups into the built-in Administrator group should be avoided as it creates a potential “back door” into a system – anyone with the ability to add users to one of the nested groups can effectively make themself an administrator!

Adding users directly to a domain local group is not good practice but there are situations where it can be useful. For example, if there are two forests with a trust relationship, adding user accounts from one forest into a domain local group in the other may be preferable to adding a global group from the trusted domain to the domain local group, which effectively delegates control over the domain local group to the administrator in the trusted forest – almost certainly undesirable.

Basically, add users to account groups, account groups to resource groups and assign permissions to resource groups where possible but sometimes a little flexibility may be required.

In the next post in this series, I’ll take a look at the design considerations for domain controller placement and the associated site links.

Bye bye iTunes… hello 7digital

Posted on By Mark Wilson

For the last few years, I’ve been using Apple iTunes to manage my music collection. I ripped all of my full length CDs to MP3 using iTunes (at the highest bitrate it allowed at the time – 192kpbs) although I still have about 500 CD singles to do and I now favour a higher bitrate (even if I can’t hear it, I’d like to know that the quality is there should I want to do something else with the media at a later date as technology progresses). Sam C. Lin carried out an interesting study comparing MP3 encoding with and the linear PCM recording used for CD audio.

Until today, all of my digital downloads have come from the iTunes Store (DRM-free where the record companies allow it). Unfortunately the record companies don’t like Apple’s market dominance and the DRM-free iTunes Plus catalogue is still very limited.

Whilst indie music fans have DRM-free alternatives like eMusic, for my more mainstream tastes I’ve been waiting for Amazon to bring their digital download service to the UK but then, frustrated by the 30 second clips of various mixes on iTunes of “Paddy’s Revenge” by Steve Mac (sampling the Penguin Café Orchestra), I decided to Google a little and found an alternative download site – 7digital. 7digital logoNot only did 7digital sample a different section of the track (allowing me to decide which mix I would like) but it offers MP3 downloads at up to 320kbps and a big discount if I buy all the mixes together (just like when I used to buy CD singles). Furthermore, 7digital has just become the first European music site to offer DRM-free downloads from all four of the big music publishers.

Within a few minutes, my shopping basket included a couple more individual tracks that I’ve been thinking of getting – “Love Is Noise” by The Verve and “Sex on Fire” by Kings of Leon (I did stop short of buying Katy Perry‘s “I Kissed a Girl” though). Then I saw that 7digital had a section for music from TV Ads and I got browsing… a few minutes later I’d also picked up “She’s So Lovely” by Scouting for Girls.

I still don’t buy albums in digital format as I’d like a physical media backup and, to be perfectly honest, knocking a pound off the retail price is not a big enough discount – it’s not as if the artists get paid a bigger share and the distribution costs must be almost nothing – but then I saw that 7digital had albums on sale at £2, £3 (and even free). It’s not just obscure stuff that’s reduced either – I could buy “Yours Truly, Angry Mob” by Kaiser Chiefs in 320kbps MP3 format for £4.99 (although I chose to buy just the tracks I wanted) but not all albums are that cheap as their earlier album “Employment” was £7.99 (so, pretty much on a par with the supermarkets, Amazon.co.uk and Play.com).

To checkout, I needed to create an account but I could pay by card, PayPal or text message and, once my payment had been processed, I could download my tracks individually or as a zip file (even change format for tracks that had multiple formats available at the same price) and those tracks are still available for me to download again at a later date (via a feature called my locker).

7digital locker

After downloading, I simply dragged the MP3 files to iTunes, switched to my “Recently Added” playlist, selected the new tracks and added them to the “Purchased” playlist. As should be expected, all tracks were supplied complete with album art and other metadata.

So what does this tell me?

  1. iTunes is easy – that’s why I’ve been buying tracks there for the last few years. But, now that DRM is no longer an issue, downloading tracks from somewhere else is just one extra step (after importing them into iTunes they can be synced with my iPhone/iPod).
  2. It is possible to get better quality downloads (legally) and better pricing if you shop around. Maybe not everyone will have the same catalogue but 7digital has a major advantage through its arrangements with all four major music publishers.

What should it tell the music industry?

  1. People will still pay for DRM-free music, at the right price.
  2. People like me, who are too old to spend Saturday afternoons hanging around HMV (anyway, I have a family these days) will still buy music if you make it easy enough – maybe not in the quantities I used to but it’s worth noting that I spent money this afternoon that I wouldn’t have done if there wasn’t a legal download option.

I’ll still use iTunes to manage my music and video library but I don’t see any reason for me to go back to the iTunes store now… regardless of what the the new “Genius” sidebar in iTunes 8.0 tells me (I hate Apple’s use of that word!) – from now on, it’s 7digital all the way for me.

Apple iTunes 8, showing recently added tracks and the genius sidebar

Active Directory design considerations: part 4 (group policy objects)

Posted on By Mark Wilson

So far in this series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, I’ve looked at forest and domain design and organizational unit (OU) structure. This post discusses some practices for the application of group policy objects (GPOs).

Group policy is a powerful feature of Active Directory but it’s important to consider management at the design stage as GPO management can become problematic if not carefully controlled.

At present, Microsoft Consulting Services is advising the use of:

  • Separate OUs for user and computer settings – this makes GPO application easier to troubleshoot, especially if complex features such as loopback (see Microsoft knowledge base article 231287) are in use.
  • Small GPOs with fewer settings where possible – whilst this will increase the overall number of GPOs to process, it aids management (easy to keep track of which GPO is doing what) and if a policy change is detected by a client at startup or during a scheduled refresh downloading a smaller GPO will assist with performance.

Advanced Group Policy Management (AGPM) (formerly DesktopStandard GPOVault) is a feature of the Microsoft Desktop Optimisation Pack (MDOP) – a software assurance benefit for Microsoft customers with particular licensing agreements. It allows the creation of a change control and reporting workflow so that GPOs are not created at will by administrators but are implemented in a controlled manner (i.e. check out policy, offline edit, check in policy, gain approval, release new policy). AGPM v3.0 (which is due for imminent release) will provide new features including increased granularity, a role-based administration model and improved reporting.

Windows Server 2008 also implements a new feature called Group Policy Preferences (formerly DesktopStandard PolicyMaker Standard Edition and PolicyMaker Share Manager). Group Policy Preferences is included within the Group Policy Management Console in Windows Server 2008 but requires client side extensions to be installed on downlevel clients (see Microsoft knowledge base article 943729. The technology allows the configuration of items that are not normally possible in Group Policy (e.g. granular targeting of printer assignment) to avoid the use of login scripts (which increase login times and create additional management overhead).

In the next post in this series, I’ll take a look at the design considerations for creation and use of security groups within AD.

In case you were wondering why I don’t write much about VMware…

Posted on By Mark Wilson

VMware logoWearing as many hats as I do, I enjoy a variety of relationships with a number of IT hardware, software and services companies on various levels. I try to remain objective when I write on this blog but sometimes those other companies make it difficult.

For example: Microsoft talks to me as a partner, as a customer and as press (they take a very broad view of the press and include bloggers in that group – real journalists will almost certainly disagree) and I get a lot of information, some of which I can write about, and some of which is under NDA (sometimes the problem is remembering in which context I heard the information and therefore what I can or can’t say!); Fujitsu talks to me as an employee (and for that reason I can’t/don’t/won’t say very much about them at all); VMware sort of talk to me as a customer and it would be nice if they talked to me as a partner (they do speak to a number of my colleagues) but mostly they don’t talk to me at all…

This summer, I attended two events about desktop virtualisation within a few days of one another – one from Microsoft and the other from VMware. I was going to write a blog post about desktop virtualisation and Microsoft but I decided to hold back, in the interest of balance, to compare the Microsoft desktop virtualisation story with the VMware one. Except that the “VMware VDI Roadshow” event that I was attending turned out to be hosted by a partner (BT Basilica) and VMware were just the warm-up act for the pre-sales pitch. There was no mention of that when I registered – in fact no mention of Basilica until the last pre-event e-mail (when the sending address switched from events@vmware.com to marketing.campaign@basilica.co.uk) but within a few hours of attending (and before I was back in the office) I’d received an e-mail from someone at BT Basilica asking if they could help me at all with my virtualisation deployments.

Meanwhile, VMware had promised that the slide decks from the event would be made available if I asked for them on my feedback form (I did), so I didn’t make full notes at the presentation. Almost three months on, with calls to BT Basilica, an e-mail to the VMware presenter from that day, and having registered my displeasure in a follow-up telesales call on behalf of BT Basilica, I still don’t have the presentation slides.

So that’s one reason why I don’t have much that’s good to say about VMware right now. That and the fact that I have enjoyed almost no benefits for being a VMware Certified Professional. I would hope that VCPs would be the ideal audience to target for information about product developments, new releases, roadmaps, etc. but apparently not. If I want to stay current on VMware products then I have to do my own research (or pay for a training course).

Then there’s my purchase of VMware Fusion. After weeks of asking why their licensing system showed the license key for my copy of the product (which was purchased in an Apple store) as an evaluation copy, I was unable to get a satisfactory answer. Then version 2.0 was released as a free upgrade for existing registered customers and I heard… silence.

Next week, VMware is running its Virtualisation Forum in London and I registered for attendance a few weeks back but, with a week to go, I’m still waiting to hear if my registration has been accepted (despite having received confirmation that they have my details and will be in touch) – and my follow-up e-mails are, as yet, unanswered. Maybe I’m on a waitlist because the event is full but it would be good to know if that’s the case.

I could go on but, by now, you are probably getting the picture…

VMware are leaders in their market but my experience of the company is not a good one – neither as a business customer nor as a consumer. This is a tiny blog and I’m sure VMware don’t care what I have to say (far less so than they would for Alessandro Perilli or virtualisation specialists like Scott Lowe) but, as I said at the top of this post, I wear many hats, and one of them involves building up my organisations capabilities around a certain vendor’s virtualisation products. So, next time I write about Microsoft’s virtualisation products here, please bear in mind that I did try to balance things up… and VMware didn’t want to know.

Account lockouts and software updaters

Posted on By Mark Wilson

CA eTrust update configuration, with no option to use the browser settings<rant>Why can’t application developers use the default browser settings for Internet access via a proxy? For two months now, I’ve been struggling with account lockouts whenever I visited the office (thankfully that’s not too often) and then today I discovered, purely by accident, that my anti-virus client was out of date and that I had it configured to use the corporate proxy server using what was probably an old password. Coincidence? We’ll see next time I visit the office. As you can see from this screenshot, I can enter proxy settings, even proxy authentication details but I can’t elect to use the browser settings (which I change according to whether I’m at home or in the office). Gahhhhhh!</rant>

Hate Windows UAC? Have you actually tried the alternatives?

Posted on By Mark Wilson

The next time somebody complains about Windows User Account Control (UAC), I’d like them to actually try using a Mac as a standard user (i.e. not the default setting, which is an Administrator, albeit not the root user). I’m in the process of applying Apple’s latest 10 updates, which are huge (I didn’t notice the total for all 10, but I it was well over half a gigabyte – just one HP Printer Driver Update was 142MB and the Mac OS X 10.5.5 update is 321MB).

In the intervening time, during which I’ve been writing this post on another PC, I’ve had to enter my Administrator credentials four five six times to allow Apple Software Update to do its thing. Mac OS X (and Linux) use a time-based system whereby once I’ve entered my elevated credentials they are valid for a set period but at least once I’ve told Windows Update that I do want to install a bunch of updates, that process (and any child processes) are then allowed to continue unhindered. It seems that the answer for me should really be to use setuid and make Apple Software Update run elevated but that is not necessarily a good idea either.

I guess there are advantages and disadvantages to either approach (actually, the time-based approach has a significant weakness in that any process can run elevated during that window) but the real point is that UAC is there for our protection – and it’s not really that big a problem in my experience.

Meanwhile, for hardcore Windows users that would like to implement an equivalent of the Linux/OS X setuid command in Vista (or Windows Server 2008, I guess), Joel Bennett explains how to do it with PowerShell.

Active Directory design considerations: part 3 (organizational units)

Posted on By Mark Wilson

In the previous post in this series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, I looked at forest and domain design. This post continues with a look at organizational unit (OU) structure.

The OU structure is not exposed to users but can make a big difference to the management of Active Directory objects. It is very flexible and therefore easy to change but change costs money and has a potential to impact on production applications (so should be avoided where possible.

Consequently, there are a couple of guiding principles to be followed:

  1. Design the OU structure for the delegation of administrative responsibility.
  2. Design the OU structure for group policy object (GPO) application.

Delegation of administration should be given priority, because GPO application can also be filtered using security groups, but Microsoft does also recommend the following:

  • Do not move domain controllers out of their own OU (some applications may rely on well-known GUIDs and default GPOs).
  • Do not move built-in users and groups from the Users container (due to the potential impact on the monitoring of ACL changes using AdminSDHolder – see Microsoft knowledge based article 232199).
  • If Windows Server 2008 is being used protect OUs from accidental deletion (this will be enabled for new OUs but not for legacy OUs from an in-place upgrade.

There is no “correct” way to design an OU structure – as the appropriate model varies from organisation to organisation but one approach to OU design is to base the top level OUs on the object type and then subdivide by role. Another approach is a geographic top level (countries do not change very often…) but the most important point is to follow an appropriate administrative model and where different objects are managed by different administrative teams, consider delegation. One thing that is almost universally agreed upon is not to replicate the organisational structure – security groups can be used for this (and are much easier to manage – e.g. for filtering GPO application).

In the next post in this series, I’ll take a look at design considerations for group policy objects.

Google Developer Day 2008

Posted on By Mark Wilson

In the past, I’ve been accused of writing too much Microsoft-focused content on this blog and, in my defence, this blog advertises itself as follows:

“Originally created as a place for me to store some notes, this blog comments on my daily encounters with technology and aims to share some of this knowledge with fellow systems administrators and technical architects across the ‘net. Amazingly, it’s become quite popular!”

My daily encounters with technology… well, as I’m an infrastructure architect who (mostly) works with Microsoft products, that would explain the volume of Microsoft stuff around here… but in order to be credible (and retain some objectivity) when I’m talking about Microsoft products, I’m also interested in what their competitors are doing. That’s why I’m also a Mac user and I dabble with Linux from time to time; my website uses an open source CMS (WordPress), running on Linux, Apache, MySQL and PHP (classic LAMP); I keep an eye on what VMware is up to; and, as well as using a bunch of Google products on the web I recently started using Google Apps for e-mail, calendar and contacts.

Google Developer Day 2008Since the Microsoft-Yahoo! merger-that-wasn’t, I’ve become increasingly interested in Microsoft’s online offerings and consequently I’m also watching the dominant force in Internet search as they expand into other areas online – that’s why I spent today at the Google Developer Day 2008. Aside from being an opportunity to visit the new Wembley Stadium (I do think they should have incorporated the iconic twin towers from the old stadium somewhere in the new structure), it’s a chance for me to find out a little about the technologies that Google is pushing right now. I feel a bit of a fraud as I’m not really a developer but I answered the registration form truthfully and Google accepted me here, so I guess that’s OK!

Over the course of the day, I noted some brief (and sometimes frivolous) highlights from the various sessions – think of it as a microblog in one post. Where I understand enough of the dev stuff, I’ll follow up with more detail later…

Stage at Google Developer Day 2008[08.20] Right from the off, it’s been a positive experience. After arriving at the venue almost an hour before registration was due to commence, I was allowed in, invited to have a coffee and some breakfast, and a really helpful guy went and found me my delegate badge. Now I’m sitting here enjoying the free Wi-Fi (and grabbing one of the few seats that’s situated next to a floorbox so I can keep my notebook PC’s battery charged during the keynote).

Google Developer Day 2008 - rooms named after classic arcade games[8.55] As I sat in the “Space Invaders” room waiting for the keynote session to begin, I was thinking that nnly Google would name the session rooms after classic computer games. Now it all makes sense… I just heard that the keynote will include the first public demo of the Android phone!

[9.10] Someone just changed the SSID on the Wi-Fi and I lost my connection mid-post… arghhh!

[9.30] I now have the rest of my delegate pack… including a snazzy gift-wrapped parcel…

Green parcel from Google Developer Day 2008

containing…

Little green Google man from Google Developer Day 2008Little green man USB key from Google Developer Day 2008

A little green man… hang on… he’s removed his head – what’s he doing inside my Mac?

(It’s OK, he’s just giving me a copy of all the materials I might need to make the most of today).

[09:59] What can’t Microsoft events be this much fun?

[10:00] The keynote is about to start…

[10:25] This keynote has lots of slides, few words, lots of pictures. I like it. Whatever the opposite of death by PowerPoint is, this is it.

[10:30] Mike Jennings is performing the first European demo of Android – the open source mobile stack.

Android demo at Google Developer Day 2008

[10:50] The keynote was an overview of what Google is doing to help people develop for the web. Highlights were:

  • The theme for today is client-cloud-connectivity:
    • Making the client more powerful.
    • Making the cloud more accessible.
    • Connecting pervasively.
  • Google Chrome is 100% open source (based on WebKit and the V8 JavaScript engine), designed to support today’s rich Internet applications.
  • Gears is a browser plugin to enable web application functionality that was previously only available on the desktop.
  • Google has two types of API – the various data APIs and those which provide AJAX functionality – both are designed to make Google services programmatically accessible.
  • Google App Engine allows organisation to run their application on the Google infrastructure in an attempt to overcome the financial and administrative hurdles associated with traditional computing.
  • Android provides a mobile application stack.
  • Google Web Toolkit (GWT) allows applications to be written in Java and run in cross-browser compiled JavaScript.
  • OpenSocial provides a family of APIs for connecting social websites.

Android at Google Developer Day 2008[11:10] Hoping to learn more about Android in Mike Jenning’s session “An introduction to Android”…

[11:15] There’s no code in this session… I should be able to cope then ;-)

[11:25] Mike seems a nice guy but he’s clearly learning this deck as he goes…

[11:30] Into Q&A already?!

[11:50] 35 minutes to go and the Q&A is getting hard for the presenter… what’s interesting to me is that this Google-led presentation has degenerated into a group of developers and users feeding back to Google on things like security, usability, and other common considerations for mobile application development that don’t seem to have been considered. Some of the questions are tough… but that should be expected given the forum.

[12:00] He’s desperate to end this session (twice now he’s asked how much longer to go on for…). Poor guy – I feel really sorry for him the way this session has gone but there was nothing here that shouldn’t have been expected. Hopefully Google has a better idea of the state of the mobile market than this session would indicate.

[12:05] There’s a guy on the front row writing a book: Professional Android Application Development (to be published by Wrox with a November 2008 release date).

[12:20] It seemed to me that Mike was strangled by the Google PR machine but, thanks to his great sense of humour, he still managed to end the session on a high note. Key points were:

  • Based on a poll of the room, around 50% of people have more than one mobile handset; 25% of people have no land-line at home; and there was no-one here that does not have a mobile. This should be caveated heavily – this was a room full of geeks – but it is nevertheless an interesting study.
  • Android is an open mobile handset project: an open development model; open to the industry (free to carriers/manufacturers/enthusiasts); open to the developer with the ability to integrate at a deep level in the stack (e.g. replacing the dialler).
  • The Android runtime environment is implemented in Java running on a Linux kernel. Some classes are unavailable (i.e. those that are not relevant to mobile computing).
  • Android should be expected during the 4th quarter of 2008.
  • Google appears unprepared for the questions that will be asked of any new platform around security, usability, upgradability – over even why people will choice Android over more established competition. Maybe they are prepared but to quote Mike Jennings, “these kind of questions are over my pay grade”.

[12:25] Ooo! Curly Wurlys on the snack table!

[12:30] I like geek t-shirts – I just saw one which said “Gears – we power the Tubes”

[12:35] In this session Aaron Boodman will be talking talking about Google Gears… let’s hope that he is allowed to say more than Mike Jennings was.

[13:10] Great session – gave me just enough to learn something about the APIs that Gears provides. Key points were:

  • Gears is a browser extension which provides JavaScript APIs for web application development, available for Internet Explorer (5 or later), Mozilla Firefox (1.5 or later), WIndows Mobile, Chrome (which is built on Gears) and now Safari. Android will support gears (at the moment it just has a stub API).
  • Gears is now a year old and has dropped its Google prefix.
  • Gears is not just about offline access to web applications although the initial implementation was about a database, local server and worker pool.
  • APIs include desktop shortcuts, file system, binary object access and geolocation.

[13:15] I’ve just managed to sneak a quick peak outside at the stadium itself – it’s very impressive. We’ve been asked not to use any photos that identify Wembley Stadium for commercial purposes but this is just a personal snapshot (actually, it’s five of them, stitched together in Photoshop CS3).

The new Wembley Stadium

(Someone seems to have stolen half the pitch…)

[13:30] Fooling around whilst waiting for lunch…

Me at Google Developer Day 2008

[14:50] I thought that my web access was fast here… I just ran a speed test and I’m getting about 14Mbps! This is the best Internet access I’ve ever had at a conference.

[14:55] Looking around the delegates it seems that Macs are pretty common among developers who follow Google technologies! I reckon I’ve seen 2-3 MacBooks for every PC laptop here today (and several of the PCs I saw were running Linux)… as someone who lives primarily in the Microsoft world, this is an interesting experience.

[15:00] Ryan Boyd is just starting to talk about mashing up Google APIs… hopefully I can keep up!

[16:10] That was hard work but I just about held in there… Ryan demonstrated a number of APIs working together, including example code. A few points to note:

  • AtomPub is used to define feeds (mostly for blog syndication), made up of entries containing additional information.
  • Four methods are applied to feeds (create, retrieve, update, delete) and these relate to the equivalent HTTP communications (post, get, put, delete).
  • Standard HTTP status codes are returned.
  • Google has extended AtomPub to provide:
    • A data model.
    • Batch operations.
    • Authentication (client login with username and password, AuthSub or OAuth).
      Alternate output formats for non-Atom data (e.g. RSS, KML, JSON).
  • The OAuth Playground is a good place to understand how OAuth authentication works – AuthSub is similar in some ways and has been around longer but OAuth is a standardised implementation and should grow over time.

[16:20] My little green man now has some blue and red playmates.

[16:25] Next up, Google Web Toolkit (GWT): the technical advantage, presented by Sumit Chandel. This will also be developer heavy (this is a developer day after all!) so I may struggle again…

[16:35] Just noticed that quite a few people are using sub-notebook PCs here…

[16:50] And I’ve never seen as many stickers on PCs as I have today… maybe that’s a dev thing too?!

[17:15] Into Q&A now, I won’t understand the answers but to summarise the key points from the GWT session:

  • GWT allows developers to write AJAX applications more quickly, compiling Java into optimised JavaScript and employing techniques such as deferred binding to ensure that only those elements that are required for the local browser implementation are used.
  • Browser quirks are no longer a problem – GWT handles these for all supported browsers.
  • With GWT, there are no more memory leaks! A bold statement and actually there may be some where JavaScript native interface (JSNI) calls are made but there should be none for pure GWT applications (read more in Joel Webber’s article on DOM events, memory leaks and you).
  • GWT adds history support to AJAX applications with its implementation of really simple history (RSH).
  • GWT enables code reuse through design patterns.
  • Faster application development is accommodated using IDEs such as Eclipse and other Java tools bust specifically, GWT allows for debugging in bytecode.

[17:20] Just swapped my evaluation form for a t-shirt… my kids will love the Google icons on the front!

Google Developer Day 2008 T-Shirt

[17:45] Google has a new UK developer blog – and they just showed us a cool wrap-up video from the day – hopefully that will be on YouTube later. [Update: here it is, courtesy of Youtube]:

[17:50] Look! A Googler – complete with lab-coat!

Google employee with labcoat at Google Developer Day 2008

[17:55] Mmm… beer!

[17:55] And the fun continues… with giant Chess, Connect 4, Jenga, arcade games (including Pacman and Space Invaders), Mega Blocks… and… somewhat bizarrely, a PHP Elephant!

PHP Elephant

[18:15] Whilst chatting with Tim Anderson, he made a very valid point that I hadn’t considered whilst I was getting excited about technology – Google is an advertising company and, unlike Microsoft or any of the other vendors that I enjoy a relationship with, they don’t need to sell software – they just want people to use their search, etc. and if their vision of the web continues to develop the ad revenues should keep on rolling in too.

[18:20] Just looked out of the window and saw that the turf is slowly returning to Wembley’s pitch. Only about a quarter missing now!

[18:35] Now that is a good use for the presentation projectors… Wii Sports/Guitar Hero II!

Playing games on the projectors after Google Developer Day 2008

[18:55] Mmm… pizza!

[20:00] I really should head home now!

I’ve really enjoyed this event – a fantastic opportunity to learn more about Google’s developer tools and APIs and, who knows, I may even get around to implementing some of them here (if this site ever gets its long awaited AJAX overhaul). From chatting with the event organisers, I learned that this was the second annual Google Developer Day in the UK and there were just over 500 people here today. Google is looking to run more events as their portfolio expands – possibly even some smaller, more focused, events but, for me, this was the perfect balance between a conference (for which my employer is unlikely to support attendance, based on recent experience) and the shorter events – providing a small amount of information on a wide variety of topics.

Hopefully I’ll be at next years GDD too. As for the Microsoft posts… normal service will be resumed at 9am tomorrow.