Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

For those of you who are still running Windows Small Business Server 2003 – and note that my own employer is in that group – be warned that the Windows Server 2003 product family lapses into “extended support” as of this summer.

What’s the difference between mainstream and extended support? Here’s a handy chart (about half-way down). Summary: with extended support, non-security hotfixes are only available via a paid support contract, and you have to enter into the contract within 90 days of the end of mainstream support.

How many small businesses are still running SBS03? A lot. It was a successful product, and there’s been little incentive to upgrade: the SBS03 to 08 upgrade procedure is complex, and hence expensive, and there’s a lack of compelling new features.

Why is SBS08 a let-down?

On the other hand, why doesn’t it bother the typical small business to run almost-10-years-old operating system technology? Heck, we shouldn’t be surprised; there are plenty of firms out there still running critical applications such as accounting software that were originally purchased when the firm was founded, even if that was 20 years ago.

But small businesses do adopt new technologies: VoIP, Yelp, Google Apps, and BPOS all come to mind.

VoIP is a great example because it requires equipment purchase, software setup, and training. So there’s a significant investment there. And yet small firms are buying it in droves. (In fact, the main barrier to adoption of VoIP right now is a lack of qualified IT providers.)

In other words, there are plenty of opportunities still in the SMB market, but they’re changing.

How does this apply to SBS? Why is SBS08 a let-down?

Well, small businesses still need onsite servers: there’s data that can’t be stored offsite, the firms need somewhere to run that 20 year old accounting software, and they need AD for managing their workstations. But they don’t need a new version of Windows Server in order to accomplish those things.

What they need is a Windows Server that offers new things:

  • VoIP
  • Easy install and upgrade
  • Convenient backup features like Home Server

And – can’t forget this “feature” – clear messaging for the partner community, upon whom Microsoft is 100% dependent for SBS sales and servicing, about why SBS is and will continue to be the best platform for an IT servicing business, and why customers should upgrade (end of life doesn’t cut it).

Lacking those things, what has happened is that the rich feature set offered by SBS, which was so compelling 7 years ago, is showing its age. Indeed, it’s seeing stiff competition from Microsoft’s own cloud offerings.

As an advocate of cloud computing, I find myself ironically questioning this apparent assumption on Microsoft’s part: innovation on the Windows Server line is no longer profitable in the SMB market, so let’s ramp that down and migrate those customers to our cloud offerings.

One minor problem with that assumption: IT service providers don’t like the cloud offerings because there’s little revenue opportunity for them there. I think the theory is that they can suck it up and adapt.

But the major question is whether customers want the cloud offerings. How many businesses are ready to store their files offsite, especially with an entity that doesn’t share that “trusted advisor” relationship? In what verticals and scenarios will that migration make sense, and when?

I’m torn on this, because on one hand I believe it’s inevitable. On the other hand, I get more and more feedback that small business customers aren’t ready to move their key LOB data offsite. Is this just the IT service providers talking, or is there really something to this customer pushback? Are these the same customers that are already running hosted Exchange? What’s the difference they see there, and why? (And, again, my employer has some experience with that dichotomy, but it’s not clear to me how it plays out across the market.)

I’m left with the distinct impression that Microsoft is cannibalizing the Windows business in favor of a concept that’s unproven. Don’t get me wrong – Microsoft must invest aggressively in the unproven concept. But if you decrease investment in the current product too dramatically, and then get the timing wrong, you’ll lose the customers on the migration.

Here’s an interesting exercise: compare Microsoft’s net margin to that of Salesforce.com. Spoiler alert: it’s 27.7% versus 6.1% for the most recent reporting.

Hey, Microsoft, do you intend to make software as a service your only offering? No? Well, is the software + services strategy going to work if you don’t continue to treat segment-leading products like SBS like segment-leading products?

Permalink | Comments (0)

Just learned about this, although it happened in December. In summary, DARPA issued a challenge for teams to find 10 large red balloons that had been scattered around the continental US. A team from MIT was able to do it in approximately 8 hours using a combination of Facebook and Twitter.

Crazy, the power of social networks. Harness that power to build your own empire!

Permalink | Comments (0)

Check out Web Server Probe, a security tool contributed to CodePlex by some Microsoft Security MVPs (including me). From the Web Server Probe CodePlex wiki:

“This is a tool for security researchers. It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing.

  • If a specific IP address is searched, all domain records associated with that address are displayed
  • If a DNS name is searched, all domain records associated with all addresses returned for that DNS name are displayed (this case is shown in the screenshot below)

Two separate self-contained versions of the tool are available: command-line-based and GUI-based. The GUI version can be spawned directly from the browser - no installation or additional files are required - just click on the link in Downloads and select Run.

Both versions require the .NET Framework 3.5.”

Permalink | Comments (2)

Just read a Seattle 2.0 post by Mark Maunder entitled, “Should I burn my 401K to start a business?” I must admit that I like reading stuff like that, because running small businesses is a risky proposition on any day, and even the smallest thing can inspire me.

That said, for many reasons (including those raised in comments that readers have attached to that post), the question is moot: most people in their 30s don’t have significant savings, and the tax penalty for breaking open your 401K is way too steep for it to be worth it, and it wouldn’t be enough anyway.

Plus – and I’ll say up front that I get that the point of Mark’s post was probably to be inspirational, rather than literal – the figures he uses strike me as misleading. And that’s a relevant point here, because while entrepreneurs are typically viewed as risk takers, the real secret to entrepreneurship is understanding and mitigating risk, not just taking it (but, inevitably, you’re still going to have to be tolerant of risk if you’ll walk this path).

For example, referring to Mark’s figures, you must realize that funding a startup in your 30s, from your 401K, such that the startup is profitable in two years and then sells five years later at a price that nets you $5 million is way beyond a long-shot.

But, assuming you’re sufficiently risk tolerant, have some business savvy, marketable skills, etc, there are some more constructive questions to ask than, “Should I spend my 401K on my start-up?” Here’s a convenient list:

  1. “Should I leave my current bigger-company job in order to join a start-up that’s already got some funding?”
  2. “Should I keep my day job for another year or so while I try to grow my thing on the side?”
  3. “Does my current employer have an incubator team that I could join while I seriously consider my options, write my business plan, etc?”
  4. “Have I ever worked in sales or marketing [if I’m an engineer], or etc [etc]?”
  5. “Can I think of a service-based business model that would be cash flow positive in the first month?”
Permalink | Comments (2)

On two topics:

  • Securing Windows 7
  • Managing a Virtual Environment

At both events:

If you decide to go as a result of reading this post, email me or post a comment here and I’ll send you a promotion code to use for registration ;)

Win-Intel-Logo

Permalink | Comments (0)

Reinforcing our commitment to mastering leading-edge technology, we’re using Azure for software licensing and registration tracking. The future is in the cloud, baby!

AzureFrontRunnerStamp

Permalink | Comments (0)

Just learned about this site, which the Seattle Chamber of Commerce setup as a venue for local businesses to self-promote. You can submit articles, events, etc, and have them broadcast to the Chamber’s social media-based audience.

Permalink | Comments (1)

If this post works correctly, mad props to JohnCow for the WordPress plug-in work-around that I’ve been looking for for like two years!

Our website host has been stuck on the broken libxml and PHP versions that cause HTML tags to be stripped out of WordPress posts received via the XML-RPC interface. Attempts to get them to update their servers have gone nowhere, of course.

Permalink | Comments (0)

There are resources that one learns about when one is involved in a “product” start-up that one may not have been aware of when one is involved in a “services” start-up. Or maybe I’m just getting better at this.

Permalink | Comments (0)

Intro to Hyper-V - PPT deck

January 13, 2010

The deck for my Intro to Hyper-V talk tomorrow is here.

Permalink | Comments (0)
Newer Posts »