Tech for Lunch!

According to Neowin, the long awaited Service Pack 3 for Windows XP is almost here. Although unconfirmed by Microsoft just yet, the dates would be the following:

• April 14, 2008: Support becomes available for the release version of SP3
• April 21, 2008: OEMs, Volume License, Connect, MSDN and TechNet
• April 29, 2008: Microsoft Update, Windows Update, Download Center
• June 10, 2008: Automatic Updates

For most of us, this would mean we could get an official release of SP3 on April 29th and for those of us who need to test SP3 for larger environments, we should have until June 10th before it gets automatically pushed out to customers.

This is the fourth part of my review of the new features in Windows Server 2008.

Internet Information Services 7.0 (IIS7)

IIS has been pretty much the same old service for quite some time and now comes a much needed update with Server 2008. IIS7 is a robust solution for web hosting and application development using Microsoft’s technologies. Just like all other services of the same nature, Internet Information Service 7.0 becomes fully componentized so, should you decide to install this as a role on your server, you only get the required pieces to run it properly and nothing more, reducing the need for updates and the available attack surface.

The administration console, which is part of Server Manager, has been much improved as well and gives a more flexible management experience to the administrators. IIS7 can be installed as a ServerCore role as well as Windows Media Services 2008 and now supports direct xcopy-installations of your websites.

Terminal Services (TS)

Terminal Services is probably one of the features with the most noticeable additions, if your organization uses these services already. My favorite one is most definitely the RemoteApp capability. When your users access an application that is published through RemoteApp, they are actually logged in with TS, but the application looks and feels exactly as if it was running from the local machine. The great advantage of this possibility for administrators(and ease of use for end-users) is that the users no longer have to see the full desktop along with their application. Terminal Services Web Access allows you to deploy RemoteApp applications through

Terminal Services Gateway allows users to connect to their apps and desktops using a regular browser connected to the internet. This would also work from mobile devices with the right software. The Gateway Services run on the RDP protocol tunneled over HTTPS to make a very secure connection. This option is a great alternative when VPN connections are blocked in hotels or wireless access locations.

Regular Terminal Services also get some changes, although not as big as the previous ones. The new Easy Print feature lets users print to local printers when they are using RemoteApps or desktop sessions more easily and reliably. It also supports 32-bit colors and copy/paste operations between the client and the host.

Hyper-V

Hyper-V is a next-generation Hypervisor-based server virtualization technology that allows you to consolidate multiple machines on a single server or run a virtual test environment, for example. Hyper-V is implemented as simply as all other roles on Server 2008 which makes it very easy to configure and manage.

Hyper-V is not quite completed yet and, as such, only a beta version will be included in the first release of Windows Server 2008. When the product becomes available later this year, it will be updated through an automatic Update. The Release Candidate that is currently available for download is feature complete but the product will have to prove itself since there are some heavy contenders in this market slice such as VMware.

Versions

As usual, there will be several versions of Windows Server 2008 available which you can see in details here. Be sure to look around on that page to find all the comparisons that are available. I personally can’t wait for the Small Business Server 2008 edition to become available.

This is the third part of my review of the new features in Windows Server 2008.

Network Access Protection (NAP)

Network Access Protection is one of my favorite new features of Server 2008 because I’ve been in a few companies which asked specifically for such a functionality. There are third-party applications that allow this and some cisco gear also permits this but the management is sometimes problematic and decentralized. Windows Server 2008 allows you to implement NAP very easily and uses Server Manager for management and monitoring.

The purpose of Network Access Protection is to prevent unauthorized machines from getting onto your network. Using a Security Policy(or many policies…), Windows Server will verify the health of client computers (Vista and XP SP3 are supported) that connect to the network. Once their compliance is established, an action is taken depending on the settings you chose in the policy. Non-compliant machines are either denied network access completely or redirected to a secured subnet where they might only have access to the internet(for consultants, perhaps) or have access to the necessary resources to correct the problems that were found.

The requirements you choose to determine your system health can include certain software installations (anti virus, or a specific corporate software), patch level and even some computer settings such as having a firewall enabled. Once computer health is determined to be under par, you could set an auto-remediation policy which can automatically correct the problems found on client machines to allow them to connect more quickly.

Windows Firewall with Advanced Security

Previous versions of Windows Server had the firewall included in the bundle but it was not enabled by default. Windows Server 2008 ships with the firewall enabled. Most administrators tend to simply disable (or just not turn it on) the firewall in windows because it is fairly useless in the sense that it blocks only incoming traffic. So if your machine is being used as a launch pad for a virus, you might never know about it until it’s too late. The firewall in Server 2008 however, is much better because it monitors incoming AND outgoing traffic as well as offer the possibility to encrypt your traffic for increased security.

When administrators actually ended up using the old firewall, it was usually like swiss cheese because there were way too many ports opened. Everyone has probably done this: you need to figure out how to make a certain software go through your firewall, so you poke holes into it by opening a bunch of ports and when you finally get everything running, you don’t always go back to remove the unnecessary ports since you don’t really know which ones they are. Server 2008 offers a bit more flexibility on this perspective. Because the new firewall is integrated with roles-based installs and IPSec, whenever you add or remove a role on the server, the firewall gets configured automatically in the background, leaving nothing to chance(or your admin’s knowledge)

Windows PowerShell

The Windows PowerShell is a new command-line shell, based on the .NET Framework. Those who like managing servers through the use of text commands will certainly enjoy this new addition. Powershell was available as a download previously but is now built-in to Windows Server and adds many new possibilities to the “command-line enabled” administrators.

Because the PowerShell is based on .NET, it allows you to enter and return .NET objects. This has power written all over it. Windows PowerShell introduces the concept of a cmdlet, a simple, single-function command-line tool built into the shell. Windows PowerShell includes more than 130 standard cmdlets, and you can write your own cmdlets. Each cmdlet can be used separately, but their power is realized when you combine these simple tools to perform complex tasks.

You can use the PowerShell for pretty much anything including adding/removing/configuring server roles like IIS 7 and Terminal Server, or managing Microsoft Exchange Server 2007 or Operations Manager 2007.

This is the second part of my review of the new features in Windows Server 2008.

Read-Only Domain Controllers (RODC)

Branch offices and remote locations are now an important part of Windows Server deployments and required a complete Server installation with previous versions of Windows. The problem with complete installations is that you might need to make someone an administrator in that remote location and usually, the physical location of the server is not as safe as, say, the head office.

The RODC allows you to setup a Windows Server 2008 with all the services that are required for your remote locations, but makes the Active Directory database Read-Only. This way, only the locally cached passwords are stored on the machine and the AD Replication only occurs unidirectionally, as opposed to bidirectionaly with a regular server installation.

Normally, you setup a remote office server and ship it to destination. When it gets there it only needs to be plugged in and switched on to allow all the local users to connect and get their services such as DHCP, DNS, etc… RODC is perfect for this scenario and will only authenticate users who use the server at that remote location, limiting the number of passwords that are on the server. If a hacker manages to get access to that server or if it gets stolen, you are much better prepared than if it had been a full Server installation. Using Server Manager, you can simply choose to remove that server from the Active Directory and only the users who authenticated on that server (thus having a cached password on it) will be listed to get their passwords changed. No need to get the entire user base to change passwords.

Now, you are going to say: “Well if the hacker left with my server, it’s not the passwords I’m most worried about, it’s the data!“. You would be right about that, but not if you used the next new implementation: BitLocker.

BitLocker

Bitlocker is not really a new technology. It has been around for a while now in Microsoft products, but it was not available on Windows Servers or it could only encrypt the system partition. In Windows Server 2008, Bitlocker offers Full-Drive Encryption and allows you to install this on any or all of your servers for added protection.

The idea behind Bitlocker was originally for executives’ laptops who travel a lot and were more likely to get their machines stolen or compromised. Bitlocker encrypts the data on the hard drive and requires TPM 1.2-based hardware to store the keys. Many laptops have this now and servers are more likely to have this hardware. Anyone with physical access to the machine without the proper password would not be able to access any of the data on the drive.

Windows Server 2008 now offers this possibility for the entire drive and allows Bitlocker management through Group Policy. If you are really picky about your branch office security, you could combine the Server Core installation to run only the minimal services and encrypt the entire drive with BitLocker. At this point, not only is the drive encrypted, but there aren’t any useful passwords on it.

After going to the Heroes Happen {here} event in Montreal, I thought I’d go through all the new features included in Windows Server 2008 to explain what they are and give my thoughts about them. I was pretty impressed with the feature set already, but seeing some of these in live presentations was the extra little push I needed to be convinced. The next step will be to see the OS operate in a real-world environment instead of Microsoft’s Utopian “Contoso” domain.

One of the biggest change that was brought in this version and that is not really a feature, is the fact that the emphasis is placed on “components”. What this means is that every role and every feature gets setup almost as a standalone portion. The components approach allows a very modular installation as I will discuss in the ServerCore feature and removes many dependencies to other components. Gone should be the days when you need to install 3 other components to get the one you want running.

Here is my list of new features and functionalities that I find are the most significant:

Server Manager

Until now, every little function that needed to be managed had its own tool or console to do so. The Microsoft Management Console (MMC) was a first step to try to bring all these tools together, but most admins just went for the one snap-in that they needed and there was no central tool to do it all. Server Manager aims to change all that and offers a single interface to manage your entire Server 2008 installation.

The Server Manager is still based on the MMC approach but gives you all the tools in on place instead of having to add the snap-ins yourself. On great new thing is that everything that can be configured through the Server Manager has a dedicated web page to give you up-to-the-minute information on the role your are configuring such as Active Directory Domain Services, Application Server, DHCP Server, DNS Server, File Services, Terminal Services, Web Server, and many others. It also includes diagnostics and troubleshooting tools as you would expect, just like in previous versions.

Server Core

One of my favorite features for Windows Server 2008 is called Server Core. This new installation mode allows you to install Windows Server 2008 for some specific roles and removes all the GUI and shell elements. What you end up with is a server that boots up very fast and only displays a boring blue background and a command prompt.. that’s it. Everyone who knows me is aware that I’m a command-line type of guy and Linux has always been appealing to me because of that. This time around, Windows Server 2008 offers the very same type of machine installation.

The purpose of removing the GUI and only running some specific services becomes very obvious if you have ever had to manage a server in your life. The attack surface is instantly diminished because only the services that you need are running and no useless software is installed just waiting to get hacked. There is no Windows Media Player, no Internet Explorer and no Windows Mail, for example, so this type of installation removes many of the wide-open doors that are on servers today. Also, because there is so much less software running on a Server Core installation, there should be a lot less patches to deploy. This makes your server maintenance that much easier.

Server Core is a Windows Server 2008 installation, but it does not have all the roles and services that the complete version does. It supports just nine roles, including AD, AD LDS, DHCP, DNS, File, Print, Virtualization (Hyper-V), Web Server, and WMS, compared to 18 roles in the full server. I can already see quite a few different scenarios where I could apply this type of server. Applications that require a full GUI or the .NET Framework, for example will not work on Server Core.

For the Command-Line impaired out there, fear not! Microsoft has made sure that the regular admin tools, like the new Server Manager, will work just fine to remotely manage Server Core installations. You will only need to use the command-line to setup the network connectivity and maybe join your domain, but you should be able to manage the rest remotely afterwards.

Yesterday, I went to the Montreal edition of the Heroes Happen {here} launch event by Microsoft. This is the launch tour for Microsoft’s next-generation server platform Windows Server 2008, Microsoft SQL 2008 and Visual Studio 2008.

I always enjoy going to these launch events because you get to see the actual products and their features in real life and in fairly accurate representations of the real work environments. This one was no exception, but I didn’t get to see everything I wanted to see. The event was split into two different “tracks”, namely the IT Pro track and the Developer track. I usually attend only the IT Pro sessions because they are much closer to my every day occupations, but I decided to go to the last dev session because I wanted to get a good look at Silverlight. The word “Silverlight” was not even mentioned one single time during the final session I attended which was the Web Developer’s session!

The first session was an overview of the new features implemented in Windows Server 2008 and that will certainly be tomorrow’s article because there are quite a few things to cover. The most interesting one for me is the ServerCore feature which allows the installation of a server without any GUI at all. This allows to run a server on less powerful hardware and still benefit from the product’s features. They also covered the new features of SQL 2008 and VS 2008 briefly. This session was the best one because there was a lot of attention to the new features and how they can be implemented quickly and easily in many businesses.

The second session was a more technical look at the Server 2008 specific features and a few live demos so that we could see them in action. The only problem is that a few of these demos didn’t work as planned. Granted the problems were not necessarily because of the software but mostly because of the presenters, It’s not as convincing as when you get to really see it work. The ones I was most curious about worked for the most part, but I’d still have liked to see a bit more polished demos for a launch like this. I went to the Windows Vista and Office 2007 launch last year and, let me tell you there was a huge difference in the style of presentations and depth. You can’t blame them since it’s not for the same crowd… Yesterday’s presentation was for a much more technical and forgiving crowd when it comes to software and scripts not working the first time you try them.

For the final session, I was supposed to see the Hyper-V products, Microsoft’s virtualization environment for Server 2008, but I opted to go on the Developer’s side to see the web developer’s features in SQL2008 and Visual Studio 2008. That session was very interesting for me because I do not have a chance to use these tools as much as I would like, but I can see they have listened to what users have been asking for. The new CSS management tools and the javascript/AJAX capabilities alone are worth an upgrade, no questions asked.

Overall, it was a very good day and it was pretty much what I expected. Interesting presentations, free lunch and a day of learning and seeing lots of geeky stuff with a couple of friends… Can’t go wrong with that. Microsoft has some great products coming our way and I look forward to them.

I know that this was a few days ago, but since I posted an article about selling domains for profit recently, I thought it was still interesting to mention it here. If you were quick enough to get your hands on a good, catchy and relevant domain name a few years ago, you might want to start being proactive and not just wait for someone to make an offer on it. Putting it up for auction, could be a good way to get rid of it and make some cool cash while you’re at it. This article has the full story on how it all happened.

Chris Clark bought pizza.com in 1994 for the usual reservation price of 20$ and has kept it all these years. He originally bought it for his company to try and get contracts with local pizza businesses but it never worked out. He still held on to it thinking it wouls someday be useful. A couple of years ago, he and a friend used the domain to make it a pizza directory with ads returning about 5000$ a month.

The natural traffic on sites with single words like these is impressive. Without ever having to advertise, sites like tees.com, vodka.com, sex.com and pizza.com get regular monthly traffic just because people are curious and because the domain names match exactly the keywords being typed into search engines.

After earing about the sale of vodka.com for $3 million on the auction site Sedo.com, Chris Clark decided to see what the interest might be for his domain. The auction started slowly but then shot up to the $2 million reserve price that was set and ended a $2.6 million for the final sale price. Sedo keeps 10% for running the auction and running background checks on bidders because of the high numbers being rolled in.

Just as previously reported, Facebook has begun rolling out their IM client on some selected networks. This was the only available information since the complete roll out schedule has not been made public. it is to be released to limited networks first for load testing and bug-hunting, and then rolled out to broader networks.

The new chat bar appears at the bottom of every page and cannot be removed. The client has all the regular functionalities that you would expect such as the ability to show yourself as offline and lets you know who is available for chatting.

The integration is very well done and should prove to be a great addition to Facebook. I know that it will give a good reason to many people for leaving a browser with Facebook open all the time.   You can find a full post about the features with screenshots here if you can’t wait to try if for yourself.  You can “pop-out” the chat windows to allow many chats at the same time and a better visibility and the status window shows your friends letting you know who is active or not.

Mini-feed items will also appear directly in your chat windows for the person you are chatting with if they are related.  So if you are chatting with someone who does something on your profile, you get instantly notified.

I hope the networks I am in get this very anticipated IM Client rolled-out because I am really anxious to try it out. Not that I have that much chatting to do, but I like the technical integration that they have made and I want to try it out even more for myself.

The Guinness World Record^TM for the world’s lightest mobile phone has been awarded to Modu for its tiny and sophisticated mobile phone.

Modu was awarded this prestigious honour after careful consideration by the Guinness World Records^TM judges, who declared that: “The lightest mobile phone is the modu, which weighs 40.1 g (1.41 oz).” Guinness World Records added: “modu’s dimensions are 72.1 mm (2.8 inches) x 37.6 mm (1.4 inches) x 7.8 mm (0.3 inches).”

The Modu Mobile phone is the first modular cell phone which allows it to be so small. You can slip it into various Modu jackets and Modu Mates which allow additional functionnalities and an entirely new user experience. Although it is the lightest in the world, the Modu still has all the standard functions of any standard mobile phone and is very easy to use.

I personally find that small gadgets like these do offer some enhanced portability options because of their size and weight, but with the “small and sexy” comes the “fragile and easy to lose”. I haven’t had one in my hands(yet) so I can’t say for sure, but I’d probably be a little worried about easily breaking it during normal use.

In a recent public appearance, Microsoft Chairman Bill Gates, announced that the next version of Windows, dubbed Windows 7, might be ready for next year. Windows 7 is the successor for Windows Vista and the original schedule was for about 3 years after the release of Vista. A 2009 release would mean almost a year in advance from the proposed schedule and Microsoft has a track record of being late rather than early.

Naturally, not much information is available about the inner workings of Windows 7, but Microsoft maybe trying to speed up the next version in order to correct many of the problems encountered by users of Vista.

In response to a question about Windows Vista, Gates, speaking before the Inter-American Development Bank here, said: “Sometime in the next year or so we will have a new version.” Referring to Windows 7, the code name for the next full release of Windows client software, Gates said: “I’m super-enthused about what it will do in lots of ways.”

Perhaps Bill Gates was refering to the fact that they would have a TEST version available or a first public beta instead of a widespread public release. I think it would be pretty surprising to see another major release in such a short timeframe, but then again, the public reception of Vista certainly requires a little bit of damage control.

I would expect Windows 7 to be somewhat like XP was to 2000: same functionalities but with most of the kinks worked out and a more refined interface.