markwilson.it

Some more on Windows Vista

Posted on Wednesday 15 February 2006Tuesday 15 May 2007 By Mark Wilson

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Thomas Lee‘s second session at the recent IT Forum ’05 highlights (part 2) event was a Windows Vista overview and roadmap. I blogged about Vista a few months back, based on a marketing-led presentation that I seen. Thomas’ slide deck was also marketing-led, but I was pleased to see that he only followed it loosely and talked about the technology instead. These were some of the points that jumped out for me:

PC technology trends are shifting. 64-bit computing is finally going mainstream (the Longhorn server wave of products will be 64-bit only). At the same time, the x86 architecture is proliferating with new compact PCs (and even new Intel-based Apple Macs). Graphics processor improvements are exceeding Moore’s law (hence the reason for designing the operating system around graphical capabilities). Networking is increasingly wireless. Multi-core CPUs are now appearing on the market. Storage availability is rising, with a tremendous variety in flash-based devices. Memory is faster (and we’re using more of it). Flat-screen monitors are now the norm, getting larger (and drawing less power than their CRT-based counterparts). Windows Vista is designed to take advantage of all of these technology trends.
Windows Vista has new some new/updated administrative tools including enhancements to computer management (the diagnostic console and reliability monitor) and a vastly improved event viewer (featuring many more logs, and an XML view).
My recent post about opening multiple home pages in Firefox was thanks to Thomas highlighting this feature in Internet Explorer (IE) 7, along with tabbed browsing, RSS integration and a phishing filter which highlights suspect URLs in yellow and has a feedback mechanism so that often-reported sites show up with a red highlight). One item that I think is particularly cool is the Quick Tabs view with a thumbnail of each open browser tab.
Control Panel got bigger (more granularity).
Desktop search actually works.
Fast user switching is available for domain-connected PCs and there is the new user access protection (UAP) functionality. For example, if I try to change the date/time (an incorrect time would be critical to Kerberos) on a Vista machine, UAP kicks in and prompts me before allowing the change. I’m going to try and run using an unprivileged account and switch users where I absolutely need to be an administrator. As Thomas put it, this is effectively helping out the naive without holding back advanced users.
On the deployment side – forget everything you know about NT/2000/XP deployment. Windows Image (.WIM) files replace setup folders and there are new tools such as ximage to manipulate them.
Although not deployed by default in Windows Vista, the Microsoft command shell (codenamed Monad) can be used to automate a variety of functions.

Windows Vista is a huge investment (both for Microsoft and for organisations upgrading from Windows 2000/XP). I have to agree with Thomas when he says that instead of concentrating on the negative (the current version is buggy, slow, and there is stuff missing), let’s remember that this is a beta product! I don’t really care about the new interface (I think many corporates will find this a burden both in terms of hardware requirements and end-user re-training) but there are a whole host of features that I can’t wait to get into production.

Windows Vista doesn’t really need new hardware

Posted on Wednesday 15 February 2006Tuesday 15 May 2007 By Mark Wilson

Whilst driving to work this morning, I heard a piece on Slashdot Review about how 50% of PCs will be prevented from running Windows Vista, citing problems with graphics capabilities and the Aero interface. Wrong. The operating system will run – just it will be without some of the new graphical features. I’m running the December CTP (build 5270) on a 2 year old 1.5GHz Pentium 4 Mobile notebook PC with 256MB of RAM. Granted, it’s not what you might call fast (a bit more RAM would fix that), but it runs. Whilst I may not have the Aero “glass” eye-candy, Vista is there, along with all its other features. If, however, I want high-end graphics, then I’ll have to upgrade my machine.

Mobile messaging and Exchange Server 2003 SP2

Posted on Tuesday 14 February 2006Friday 9 March 2007 By Mark Wilson

Apart from a short post announcing the arrival of Exchange Server 2003 service pack 2 (SP2), I haven’t written much on the topic. Often the first service pack for a product brings functionality that didn’t quite make it in time for the release. Second service packs are more likely to include features that have become significant in the market – for Windows XP that was security and for Exchange, that’s mobile messaging and tackling UCE – but SP2 also brings a number of other improvements:

Probably the most significant change for small businesses (and branch office deployments) is the increased storage potential for Exchange Server 2003 standard edition (now limited to 75GB, rather than the 16GB limit that existed previously). Of course, enterprise edition is still “unlimited”, but for those organisations running the standard edition, 16GB might only have been a few mailboxes!
SP2 also enhances some of the management tools – particularly with a “panic button” to prevent public folder replication (a lengthy process that was previously difficult to stop once started).
The Exchange Server 2003 intelligent message filter (IMF) – previously a separate download, it is now included in SP2. SP2 also supports SenderID – the proposal from Microsoft and others for validation that a message did actually originate from the organisation from which it claims to be.
Finally, on the mobile messaging front, SP2 adds direct push support, device and message security, and support for device policy provisioning.

I’m planning a separate post on tacking unsolicited commercial e-mail (UCE – commonly known as spam) using the IMF so here I’ll concentrate on the mobile messaging improvements in SP2.

At last week’s IT Forum ’05 highlights (part 2) event, Ewan Dalton (one of the Microsoft Exchange team members) demonstrated some of the new mobile technologies. I was quite impressed – up until now, Windows Mobile users only really had POP/IMAP/HTTP e-mail whilst Blackberry users were bragging about their instant delivery (“push” e-mail). Actually, none of it is instant – there’s actually a polling mechanism in place and push does involve some pulling (as does it for Blackberry), but even so it’s pretty good.

The ActiveSync direct push process works as follows:

The mobile device sends a request to the Exchange Server front end server.
The server holds the request pending until the heartbeat interval expires (default 15 minutes) – effectively keeping a connection open, but with no traffic).
If no mail arrives before the heartbeat interval expires, the device sends another request but if new mail arrives in the meantime, the server notifies the device that changes have occurred in the mailbox.
Upon receiving a response from the server, the device immediately issues a synchronisation request to pull e-mail. Once synchronised, the process restarts at step 1.

In practice, I’m told that mail will probably be on the mobile device before it would arrive in Outlook in cached mode.

When asked about the cost of keeping the device connection open using the heartbeats, Microsoft replied that their testing indicates an extra 1MB of traffic per month; however, because the new ActiveSync is using GZIP compression, traffic levels have dropped by 50%, so it could actually result in lower bandwidth charges.

Another improvement with SP2 is the new mobile device policy functionality, allowing organisations to enforce device security requirements, e.g. password length, complexity, inactivity timeout, refresh interval and also the ability to wipe the device after a specified number of attempts (the handset would still be usable, but it would no longer contain any data). All of this can optionally be overridden with exceptions (e.g. for older devices which do not support the policy). Certificates are also supported in place of username and password/PIN combinations; however these need to be provisioned over a corporate network (not the mobile operator’s network).

Microsoft also demonstrated the ability to wipe a device when chosen from a list of devices associated with a user, sending a dummy contact which effectively applies a new policy and wipes the device. Because this is a notification, not an SMS message, it is effective immediately.

Using a traditional middleware approach (e.g. BlackBerry Server for Microsoft Exchange), device support is limited and the network operator has to be involved in mail delivery:

Mobile middleware

With Windows Mobile and Exchange Server 2003 SP2, there is no middleware and devices connect via HTTPS straight into the corporate infrastructure:

Windows Mobile

In practice, this looks something like the following:

Windows Mobile in the Enterprise

Microsoft recommend using a domain-joined ISA Server with one NIC in the corporate network and another in a DMZ (i.e. behind another firewall) to pre-authenticate user requests. In this manner the front-end server no longer has to be located inside the DMZ and there are less firewall ports to be opened for Active Directory connectivity, decreasing the attack surface for the corporate network.

For scalability, Microsoft quote their own metrics from internal deployment.

Worldwide, the software giant has 106,000 user mailboxes with four front end hubs. About 25% of these mailboxes use mobile devices – and two thirds of these are smart phones with the remaining third running Pocket PC Phone Edition.
In Redmond alone, there are 60,000 mailboxes with all mobile services running on three Exchange Server 2003 SP2 servers (dual CPU and 2GB RAM). This breaks down to 20,000 simultaneous HTTP sessions per server (although they do concede that a more realistic benchmark would be 10-15,000 sessions). The same servers are used for Outlook Web Access (OWA) and Outlook RPC over HTTP.

ActiveSync uses a single HTTPS connection.
OWA uses 3 or 4 connections.
RPC over HTTP typically uses between 10 and 12 connections.

In the Europe, Middle East and Africa (EMEA) region, 9000 users are supported from one 5-node Exchange Server cluster in Dublin. Two of these are front end servers but one would be sufficient – the second is for resilience.

In order to use the new Exchange Server mobile functionality there are some device and server requirements:

The device must be running Windows Mobile 5.0 (older devices will work, but will not benefit from the SP2 improvements). Also, the messaging security feature pack (MSFP) is required for much of the new functionality – this is part of the adoption kit ROM update 2 (AKU2), currently being tested by network operators and expected to ship during March/April 2006. Device manufacturers can use an image update to refresh older Windows Mobile 5.0 devices that are already on the market.
The front end server needs to have Exchange Server 2003 SP2 installed. In addition, Microsoft recommend that the IIS and firewall HTTPS timeout is increased for the ActiveSync virtual directory (to between 15 and 30 minutes).

Other OEMs are licensing Exchange technologies so the new features will be supported on a broader range of devices (Palm, Nokia, Motorola, etc.). Another option is the use of third-party software, like the Java-based DataViz RoadSync.

Unusually feature-packed (for a service pack), SP2 is expected to be the last major functional improvement for Exchange Server 2003 but it brings a whole host of valuable functionality. Watch this space for more about the next version of Exchange Server (codenamed Exchange 12).

Google web accelerator – a mixed blessing

Posted on Monday 13 February 2006Monday 9 July 2007 By Mark Wilson

A few days back, I noticed that my PC’s IP address was reported by a website as being 72.14.192.45. That address isn’t in my IP stack, and isn’t my router’s ISP-provided IP address either.

After checking the address out at DNSstuff, I found that address is registered to Google and then I remembered that I’d installed the Google web accelerator. As far as I can see, this is acting as a big proxy server, caching and prefetching my Internet search requests. It claims so far to have speeded up my downloads by 25% but there are some negative points too:

Some people have reported being logged in to websites as someone else – it seems that Google caches personal details, meaning that unsecured (HTTP) logins are cached. HTTPS sessions are not stored though.
Some websites have recorded difficulties with Google’s prefetching having unexpected results on dynamic pages.
Some webmasters have decided that the prefetching steals too many of their CPU cycles and have blocked access to those who have the Google web accelerator enabled. Privacy advocates have similar concerns.
Some sites use geolocation to determine whether or not the viewer is local to the content. I tried to stream some content from the BBC tonight and was met with a message informing me that the content was restricted to UK users (Google’s address is flagged as American – my ISP-provided address is British).

It is possible to stop the web accelerator from caching certain sites, as well as switching it on/off without re-installing – details of this, along with how it all works can be found at the Google web accelerator support page, but to be honest, that’s a pain in the backside – I already have to switch my proxy settings when I jump from my corporate VPN to my home network and don’t want to have to think about another set of proxies. On that basis, I think the web accelerator will be off my PC soon.

As a web site administrator, I’ll also be giving serious thought to implementing a Google web accelerator blocking method (and the update). Rather than blocking IP ranges, I’m more likely to reject x-moz: prefetch requests and, instead of sending back a custom HTTP error page, I’ll probably refer to no web accelerator (unnecessary proxying considered harmful).

To Google’s credit, they have published web accelerator information for webmasters. What’s not clear to me though, is whether or not blocking/ignoring prefetch requests will also prevent Google from crawling my site. I’d rather lose a few bytes to a prefetch than see my page ranking start to slide.

Whilst writing this post, I found that some versions of Firefox also prefetch by default (I’m using Firefox 1.5 and that certainly does). Most websites don’t seem to care about this as they are looking for Google’s web accelerator IP addresses, but any form of prefetch will load unnecessary content over slow links, or hit web servers with unnecessary requests. For details, read more about prefetching or to turn this off in Firefox’s about:config, set network.prefetch.next to false.

Live Communications Server 2005 overview

Posted on Monday 13 February 2006Friday 27 April 2007 By Mark Wilson

Next week, I’m planning to spend three days on a Microsoft Live Communications Server (LCS) 2005 course, which has prompted me to look back at some earlier notes from last year’s Microsoft Technical Roadshow. At that event, Paul Brombley, a Messaging Technology Specialist with Microsoft UK, gave an overview of the LCS product – this post repeats the key messages from that presentation.

Enterprises face a number of communication challenges. One of these is productivity and cost, with disconnected data, processes, platforms and people. Communications are full of inefficiencies – playing e-mail/voice-mail “tag”, considering geographic/time zone separations, understanding availability before attempting to contact – and whilst technology can help, it is sometimes difficult to automate real-time processes and notifications. Even in these days of widespread Internet access, it can still be difficult to connect to other organisations due to the variety of standards in use, often requiring organisations to resort to specialist (and sometimes expensive) third party products. Additionally, although communications costs are dropping, long distance phone calls are still expensive, virtual meetings can’t always substitute face-to-face interaction, and e-mail systems are still used by many as huge filing systems.

Many people (myself included) have resorted to using public instant messaging (IM) services such as MSN Messenger for instant communications with presense awareness; but public IM networks are not secure (messages are transmitted in clear text over the Internet), client management is not easy, there are regulatory and compliance issues around auditing – besides which using a Hotmail address for business communications just does not look professional.

Even so, according to Microsoft, 38% of information workers use at least one IM client and whilst in 2004, 20% of enterprise users worldwide were using IM, by 2008 this is expected to grow to 80%. IM is moving from the consumer space to into business – and it’s the presence information that makes a difference.

According to Microsoft’s marketing information, their products deliver a full suite of communications capabilities:

Integrated communications services are covered with Live Meeting, Live Communications Server and Exchange Server.
Collaborative work space is covered by Office, Windows SharePoint Services and Project Server.
Timely access to knowledge is covered with SharePoint Portal Server and Content Management Server.
People-driven processes are covered by InfoPath and BizTalk Server.
All of the above are supported with Office and the Windows Server System.

Microsoft’s real-time collaboration vision is for “intuitive, integrated software and services that provide pervasive real-time collaboration capabilities enabling people to work together more effectively”.

The products which support this vision are:

Live Communications Server – Microsoft’s communications platform engine for presence information, IM and real-time collaboration (audio, video and data).
Live Meeting – a web service offering conferencing and call screening over HTTPS.
Office Communicator – Microsoft’s latest IM and telephony client, passing calls to wherever a user is physically located (desk, mobile, home, etc.) and identifying callers from the user’s address book.

Microsoft views integrated communications as a series of concentric rings. At the centre is identity, authenticated within a real organisation. The next layer is around presense, understanding context (e.g. a user is online, but their calendar says they are in a meeting, so do not disturb them unless you really need to – that’s not the same as “busy”). Next comes the communication mechanisms – data, voice, e-mail, IM and video. Finally, information agents, workflow and workspaces provide value to end-users, IT operations management and developers alike – an intuitive, contextual user experience; rich, presence-based multi-modal collaboration; universal availability across devices and networks; integrated seamlessly into the organisational infrastructure; built on standards, rich APIs, and development tools.

Enough of the marketing… basically LCS is about connecting people in a world of presence awareness and remote working, whilst keeping data safe and managed, reducing cost, and integrating with other technologies through recognised standards.

LCS connectivity

LCS can be extended outside an organisation using an LCS access proxy – a secure access point (placed in the DMZ) for external clients to interface with the internal LCS server(s). Using this model, the session initiation protocol (SIP) is run over TLS on port 5061 or 443 and no VPN is required as authentication is at the access proxy. It should be noted that although text travels between servers, audio and video are transmitted point-to-point, so may be affected by any intermediate firewalls.

This model can be extended to offer federation between organisations, or to a public IM network with a number of interconnected LCS access proxies (or other SIP proxies). Clearing houses can be used to allow an enterprise to use a single connection to interface with multiple partners, with the advantage of offering a single point of management.

LCS 2005 standard edition uses a single Active Directory-connected server, supporting up to 15,000 users with a local MSDE database. Logging/archiving can be provided using a separate SQL Server and remote access/federation is achieved via a separate LCS access proxy, placed in the organisation’s DMZ.

LCS 2005 enterprise edition provides a two-tiered architecture for scaling out, using SQL Server as the back-end database and supporting up to 20,000 users per LCS server (load balanced so up to 100,000 can be supported in a single pool). As for standard edition, remote users are supported via an LCS access proxy as is federation. High availability can be facilitated by clustering the SQL Servers.

LCS in the Enterprise

Administered via an MMC console, LCS 2005 offers significant feature enhancements over the earlier LCS 2003 product. The licensing model is for a server, plus client access licenses (CALs), with separate CALs for LCS, telephone connectivity, and public IM connectivity (licensed per user, per month). Microsoft claims that the subscription model for public IM connectivity allows for compensation of the public IM networks for lost advertising revenue; however not every LCS user needs to be given public access – this can be controlled via Active Directory.

Opening multiple browser home pages in Firefox

Posted on Monday 13 February 2006Friday 9 March 2007 By Mark Wilson

I’ve not been that bothered with Internet Explorer (IE) 7 up to now – I use Firefox 1.5 on my Windows XP machines and Mozilla 1.7 on Solaris, so I already have the most significant new IE 7 feature (tabbed browsing); however, during his Windows Vista overview and roadmap session at last week’s IT Forum ’05 highlights (part 2) event, Thomas Lee mentioned an IE7 feature that does interest me – multiple home pages. This works by opening a number of home pages at startup, each in a separate tab (e.g. corporate intranet, Google, BBC News, etc.).

It’s not as obvious as entering each on on a separate line in IE 7, but Firefox also supports this feature – in Options, General, Home Page, Location(s), enter a list of home pages separated using the pipe (|) symbol.

This time it’s Apple who’s heading to court

Posted on Monday 13 February 2006Wednesday 31 December 2008 By Mark Wilson

Generally, news about yet another anti-trust suit bores me. Intended to protect consumer interests against monopolistic suppliers, it seems to me that anti-trust court cases rarely have that effect and are more often than not just a chance to beat up an established supplier when another vendor’s product fails to gain the market share that they think it should.

In a world of marketing and hype, the best products don’t always become popular. Betamax was better than VHS but VHS is still in many of our homes today. MiniDisc was better than DCC, but ultimately they both lost out to recordable CD (and then DVD).

Just over a year ago, I set out my views on why I think the EU’s sanctions against Microsoft were wrong. Sure, Microsoft is playing along and stretching things out as long as they can, but the EU seems to be getting tough and the US DoJ is starting to wake up again too.

The trouble is that, by the time a technology case gets to court, the damage is already done. In the same post about why Microsoft shouldn’t have to unbundle Windows Media Player, I pointed out that Apple were acting monopolistically with the way they force iPod owners to use iTunes. Now, after years of acting in this manner, Apple are finally being sued. In last Friday’s Windows IT Pro magazine network WinInfo Daily Update, Paul Thurrott reports that:

“This week, a federal judge in California cleared the way for the first-ever antitrust suit against Apple because of the iPod… noting that the complaint alleges Apple has an 80 percent share of the market for legal digital music files and more than 90 percent of the market for portable hard-drive digital music players. Like Microsoft, Apple is being sued under the Sherman Antitrust Act.”

I have to agree with Paul’s summary of the situation:

“If Apple opens up the iPod to Microsoft’s Windows Media Audio (WMA) format – including songs purchased from competing online music services – all will be well.”

That would certainly make me happy.

More Blogger hacks

Posted on Saturday 11 February 2006Tuesday 19 February 2008 By Mark Wilson

Blogger logo Last month I wrote about some of the Blogger hacks that I’ve implemented to get things working on this site how I’d like them to. Today I found another one which rocks…

I often update posts by adding comments to them; however, unlike the posts themselves, I’ve not been able to edit the comments once posted (e.g. if I spot a mistake afterwards). That was, until today, when I came across the Blogger Templates blog, which, in addition to some pretty cool templates, also includes these useful hacks:

It also links to “a frequently-updated compendium of… Blogger hacks” at John’s FreshBlog.

[Update: This site moved to WordPress in March 2007]

Create customised Windows installations with nLite

Posted on Friday 10 February 2006Friday 9 March 2007 By Mark Wilson

I heard about nLite whilst I was listening the episode 41 of the This Week in Tech podcast. I haven’t used it yet, but it sounds like a great freeware tool for customising a Windows installations right up to creating a bootable ISO image, including slipstreaming service packs, hotfixes and drivers – it sure beats Microsoft’s Setup Manager.

nLite has a dependency on the Microsoft .NET Framework 2.0 but also has a selection of popular packages ready for integration into the Windows source as add-ons (Firefox 1.5, Adobe Reader, AVG AntiVirus, etc.). If I hadn’t already put a lot of effort into an unattended XP build and didn’t already use WSUS for windows updates I’d be seriously tempted to give it a go.

How to get a free copy of TechNet magazine (if you live in the UK)

Posted on Friday 10 February 2006Friday 9 March 2007 By Mark Wilson

I often think that it would be good to have a print copy of Microsoft’s TechNet magazine (it’s just not the same reading articles online). Until recently, free subscriptions were only available in the United States but now readers of Microsoft UK’s FYI magazine (which is available as a free subscription) can get TechNet magazine too.

Although a bit light on technical detail (and printed in a tiny serif font) FYI bills itself as “the insider’s guide to Microsoft technology” and is good for an overview from both a business and technical standpoint. TechNet magazine is more technical, billing itself as “the Microsoft journal for IT professionals”.