Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

The first day of TechEd IT Pro has been very busy! I’m just now getting a chance to write up my notes from the keynote this morning. If you’d like to hear the original, looks like you can do that here (http://wm.istreamplanet.com/customers/ms/100_ms_teched_080610.asx).

The first guest was Hunter Ely, an IT expert who used SharePoint and Groove to help lost family members find each other during the aftermath of Hurricane Katrina (more here - http://blogs.technet.com/nap/archive/2008/02/22/nap-heroes.aspx). Hunter is definitely good people.

Next topic was the re-introduction of Microsoft’s Dynamic IT marketing initiative. It’s a 10 year effort and they’re half-way in. The first bit mentioned was Infrastructure Optimization (here’s a MORG link; I can’t seem to find a better one - http://www.microsoft.com/midsizebusiness/mmrp/deploy/it-infrastructure-optimization.mspx).

After that came “Managing Identities - Federation”. Specifically, the announcement of Identity Lifecycle Manager 2 Beta 3 (http://www.microsoft.com/windowsserver/ilm2/default.mspx). There were two ILM demos: one showing an integrated employee on-boarding work flow with SAP, another showing how an approvals process can be driven by email.

Next came Interoperability. The first bit was a reminder that Operations Manager supports Linux now (http://blogs.msdn.com/scxplat/archive/2008/04/29/announcing-system-center-operations-manager-2007-cross-platform-extensions-and-connectors.aspx).

The second interop item was probably the most technical of the keynote demos, with some developer content having been included. In summary, the demo started with a stock trading application based on .NET 3.5 + WCF + WPF (for a smart client). Then a representative from WSO2 (http://wso2.com/) came up and showed interoperability of the same web service based solution with PHP, Apache, and native C (for the Axis2 project). Finally, they showed replacing the .NET backend with a Java-based order processing service to receive requests from the .NET middle tier.

Then the keynote moved on to Virtualization. Microsoft is working with Citrix to present virtualized Vista on dumb terminals. Next up, a video showing how Kroll (http://www.kroll.com/) uses Windows Server virtualization technologies in its data center.

Muglia took this opportunity to talk about Hyper-V, basically with a lot of superlatives about how Microsoft’s brand-new technology is totally production ready. Then he briefly introduced application virtualization that left me totally confused - no idea what points he was trying to get across in this little segue piece.

But things got much better with a System Center Virtual Machine Manager 2008 (http://www.microsoft.com/systemcenter/scvmm/default.mspx) demo. They showed integration with VMware ESX to present a single VM management console (owned by Microsoft) compatible with both product suites. The console is reportedly completely PowerShell based, so everything it does can be scripted - they even have a button you can click on each action window that allows you to capture the equivalent script for subsequent automation.

He also showed the Performance Resource Optimization (http://blogs.technet.com/virtualization/archive/2008/04/29/system-center-virtual-machine-manager-2008-beta-has-arrived.aspx) feature of SCVMM, which allows virtualization-related operation center alerts to be handled automatically (e.g. VMs overloaded? The system will bring up a new web server image to balance.).

As an aside, the PRO demo was based on DinnerNow (http://www.dinnernow.net/)!

Muglia next mentioned SoftGrid (http://www.microsoft.com/systemcenter/softgrid/default.mspx), a segue into the demo of the recently acquired Kidaro (http://www.kidaro.com/). This one was pretty cool. They first showed a client VM policy that dictates in which directions the clipboard may be accessed (e.g. you can
paste into the VM, but not from the VM).

The second Kidaro demo showed hosting an XP-only application in a VM window with a red border, running on Vista. Seamless. And they can do the same thing with Internet Explorer. Have a website that only supports IE6, but you need to access it on Vista? Launch the URL and a virtualized IE6 window comes up.

The final piece that I caught (I left a bit early, partly out of boredom and partly because I wanted to get over to the Forefront demo pod) was Software + Services. Microsoft’s hosted offerings include Exchange, SharePoint, and LiveMeeting. A demo showed Exchange with a management console that integrates hosted directory data with what’s available locally.

Permalink | Comments (0)

I had gotten into the habit of stopping into Starbucks in the morning, at least a couple of times per week after hitting the gym, in order to buy one of their now-infamous (see below) breakfast sandwiches (protein + calories = yum) and a cup of coffee (critical). Pretty tasty, but a guilty pleasure for at least two reasons: it’s expensive, and those sandwiches aren’t exactly the most healthy thing for breakfast. Although after a strenuous workout, I could do worse.

But then two things happened. First, I started getting sick of those darn sandwiches, and began wondering if life didn’t have something else to offer for breakfast, you know?

Second, Starbucks had a major management shake-up (http://www.reuters.com/article/hotStocksNews/idUSWNAS629620080111) early this year. That, in turn, resulted in Starbucks launching its new Pike Place Roast coffee (http://biz.yahoo.com/bw/080407/20080407006099.html?.v=1), which I don’t like. And an announcement that Starbucks would stop serving my breakfast sandwiches (http://www.fool.com/investing/general/2008/01/31/starbucks-stinks.aspx)!

My initial reaction to the whole sandwich thing was outrage. But then I started paying attention to the context of the announcement. Starbucks’ CEO said the sandwiches were overwhelming the smell of the brewing coffee. But the real reason is that, by serving coffee and breakfast sandwiches, Starbucks found itself competing more closely with McDonalds (http://www.businessweek.com/print/magazine/content/08_16/b4080000943927.htm) - and losing.

I thought to myself, well, I don’t like Starbucks coffee anymore, because Pike Place roast is no good (full disclosure: I actually drink decaf, which always tastes worse than regular, but still, their old decaf was much better). And I was already looking for an alternative to their breakfast sandwiches. So why not switch over to McDonalds?

Brilliantly, right when the shake-ups at Starbucks started, McDonalds, smelling the blood in the water (or maybe just the sandwiches), initiated a major marketing push for their breakfast menu and new coffee-shop-like coffee drinks.

Where is this all going? Well, I went to McDonalds this morning for the first time in many years (ok, aside from visits made out of desperation on road trips - but even those are rare). I got a Sausage Egg McMuffin and a decaf coffee. And it was … really good. Better than Starbucks. And I didn’t have to get out of my car (yes, there are a number of drive-through Starbucks in Seattle, but none of them anywhere near as close to me as McDonalds). And I paid 25% less!

What’s the future look like for Starbucks? The economy is bad, which CEO Schultz admits in one of the interviews above is hurting sales of $4 lattes - a luxury item by any metric. Their stock has gotten pummeled (http://moneycentral.msn.com/companyreport?symbol=sbux), while McDonalds (http://moneycentral.msn.com/companyreport?Symbol=Mcd), by comparison, is actually doing okay (McDonalds also has a better net margin). Of course, the economy won’t be bad forever. But Schultz’s command-and-control management style leaves little room for executive growth, and succession planning has never seemed to be one of his priorities.

I think Starbucks is in trouble.

Permalink | Comments (0)

Microsoft has posted its Forefront Integration Kit for Network Access Protection, aka FCS/NAP. In summary:

  • The kit includes NAP client and server plug-ins which allow the network administrator to ensure that all machines on the network have active Anti-Malware protection, that the related client services are properly configured (and running), and that the latest signatures and patches are installed.
  • Those machines that aren’t compliant/healthy are either quarantined (in NAP enforcement mode) or logged (in NAP reporting mode).
  • Non-compliant machines can be automatically fixed-up. Your helpdesk (and users, and administrators) will thank you for not having to explain how to make manual configuration repairs in order to get someone connected to the network!
  • Last, but certainly not least, the documentation is thorough. Seriously. There’s no shortage of really bad (or completely missing) technology documentation out there, and the Solution Accelerators team is doing their part to fight that trend.

Why am I pimping this? Because JW Secure worked on it, of course! Check out the credits at the bottom of the Overview page - we did both code & document development.

This was an exciting project, and for me a great way to leverage my existing experience with the NAP plug-in model. As a firm, we also benefitted from seeing from the inside another real-world example of how a NAP solution can compliment an existing product line.

Permalink | Comments (1)

I’ve been digging into the Microsoft Operations Framework 4.0 documentation recently, and came across a reference to an alleged Service Monitoring Language standard in the Service Monitoring and Control SMF section: see here in the “Align new IT service to existing SMC tools” table row, about half-way down.

As useful as such a thing would be, I can’t find any other references to it. I think they’re actually referring to the W3C Service Modeling Language definition (http://www.w3.org/Submission/sml/); it’s recent and Microsoft is a member of the working group. However, the latter document makes no mention of auditing, alerts, or events, so I question it’s utility as a ‘monitoring’ standard.

That same bullet point refers to a Service Definition Model which, again, is not an open standard I can locate. I think that one is either intended to be a pointer to the Microsoft System Definition Model or to each IT organization’s internal standards of documentation.

Confusing. Any comments?

Permalink | Comments (0)

I’ll be at TechEd IT Pro in a week. This is the first year (in least in recent memory) that the US-based developer and IT events are being held separately (the developer event is this week; the IT one starts in 8 days), so I’ll be interested to see how thinned-out the crowd is and what the sessions are like.

My duties will mostly be at the Forefront client TLC (The Learning Center) pod. I’ll be there at least a few hours every day, demonstrating Stirling
(http://www.microsoft.com/forefront/stirling/en/us/default.aspx).

However, my true agenda, as it is when attending any conference, is to meet people! So if you’ll be there, let me know, for example by clicking on this:

Join Me at Tech·Ed Connect!

Permalink | Comments (0)

SubVersion has for at least a couple years been the standard for version control for distributed projects. However, I wasn’t, until very recently, satisfied by any of the pre-built server distributions for Windows.

Yes, I know, you’re supposed to run SVN on Apache on Linux. But sometimes, especially if you happen to be a Windows shop, there are some undesirable hidden costs in doing that.

Anyway, I’m happy to report that support for SVN deployment by Windows non-developers has improved. For example, Collab.net has a good server distro - see http://www.collab.net/downloads/subversion/. It can operate as a stand-alone service (i.e. without a web server dependency).

Collab.net includes a command-line client, which is also fine, but the standard SVN client for Windows is pretty much Tortoise (http://tortoisesvn.tigris.org/).

Permalink | Comments (0)

http://live.sysinternals.com/

You can now run the tools directly from the web. Pretty useful for Windows security hackers! My all time fave is definitely procmon, although tuning the event filter always takes some extra time.

Permalink | Comments (0)

Check out the latest, significantly updated, version of JW Secure’s (free!) smart card debugging utility at http://www.jwsecure.com/downloads.shtml. Unlike the previous command-line incarnation, this version is fully GUI-based.

Special thanks to everyone who Beta-tested and provided feedback! New feedback and feature requests are always welcome.

Permalink | Comments (0)

Congratulations to the 2008 University of Washington Business Plan Competition winners!

http://bschool.washington.edu/cie/bpc/

Permalink | Comments (0)

Got private keys?

May 22, 2008

If you’re running Debian, or are interacting with an outsourcer or host that does, you needs to regenerate your crypto keys. Not fun.

http://www.theregister.co.uk/2008/05/21/massive_debian_openssl_hangover/

Permalink | Comments (0)
« Older PostsNewer Posts »