Paul Edlund

I’m really interested by what I’m learning about how companies protect their cash cows.   Instead of competing on merit, some sales people and consultants seem to fall back on fear as a means of showing a value proposition.  IMHO, this is not only a bad business tactic, it’s downright frustrating for your customers. 

Case in point, I’ve been working with a customer on an Exchange 2007 deployment.  We’ve had many discussions around Exchange’s Local Continuous Replication (LCR), Cluster Continuous Replication (CCR) and Standby Continuous Replication (SCR).  Before Exchange 2007, LCR, CCR and SCR was not available.  Instead, 2-node (Active/Passive) or N+1, which is now called Single Copy Cluster (SCC), has traditionally relied on a shared storage solution such as SAN.   I’m not going to cover LCR in this blog entry but you can read about it here.  So now, vendors are trying to tell my customer that they are making a “grave mistake” by utilizing CCR and SCR in an enterprise scenario.  When you peek under the covers at this argument, it reads like a script that someone in the marketing department created to protect their investments.  Before I get into this rat’s nest, I don’t mean to imply that Microsoft doesn't use market intelligence when competing.  However, as sales people and consultants you have to backup your value proposition with hard evidence.  Let me tell you this, in the scenario above with my customer, the vendors were not able to provide such evidence.  If I find out that they have provided evidence, I promise that I will modify this blog post to represent their findings so long as they are valid.

First let’s cover the basics:

Instead of trying to recreate a complete primer on the differences between LCR, CCR and SCR, I’ll just provide you with a link here.   

Basically, the value of CCR is that it allows you to have two local servers clustered together without having common storage.  The functionality is similar to SCC but without the shared disk.  As a matter of fact the two servers could even be different vendors with different types of disk in them.  The caveat is that the drive letters should match on both boxes.  In theory the secondary server could even be virtualized but that represents a support issue that would need to be elaborated on in a separate post.  Here’s an image of a CCR cluster taken from TechNet.

SCR, which was introduced introduced with Exchange 2007 SP1, is similar to what is called “stretch clustering or geo-clustering”.  This is NOT exactly a cluster because the word “cluster” implies that nodes are acting together as a virtual server.   While it isn't exactly a cluster, it provides failover that spans the wide area network and allows you to failover between two datacenters.  With SCR, Exchange is also not reliant upon a shared disk solution.  Nor is SCR reliant upon 3rd party storage solutions to do disk to disk replication.  This is where storage vendors have made significant money in the past.  Namely to overcome the shortcomings of Exchange 2003 and earlier.  Here’s an image of an SCR cluster taken from TechNet.

So here we are in the present and we find some of these vendors spreading FUD (Fear, Uncertainty and Doubt) telling customers things like the following:

• FUD #1 – Exchange 2007 could replicate corrupt data to the target CCR or SCR node.  So you need “our” solution because we check the content before it’s replicated to the secondary storage.
  • Response – Not true.  While it is possible to get corrupt data in a source or target database, Exchange does an integrity check as well as a checksum to make sure the log file is consistent and complete.  Databases are only replicated ONCE and that is during the pairing of a CCR or SCR nodes.  The only thing that is shipped after that is log files.  Truncation happens on each side the cluster.  In addition, a checksum and performed before the log is shipped from the source node and again before the log is committed on the target node.
• FUD #2 – Databases could need to be “reseeded” because of long lag times in replication or WAN issues. 
  • Response – This is very much a fear statement that needs some explanation.   First, reseeding is when the entire database needs to be copied to the source node to the target.  If the databases are 200 GB, going over the WAN could take a long time.  If this happened frequently, it would generate so many product support calls that I’m sure Microsoft would remove the feature.  Under almost all conditions, reseeding is something that is generated by a person and not by disaster.  You should know that Microsoft internally uses CCR and SCR without SAN.  All disk is locally attached storage.  Here are the scenarios when reseeding could happen:
    •   Seeding is required under the following conditions (for SCR):
      • When a SCR target is created. (you expect this and plan for it)
      • After a failure occurs in which data is lost and an SCR target has become diverged or unrecoverable.  (This is when you have completely lost the secondary server… once again… you would plan when to recreate the pair.  This is not a disaster, this is a failure at the DR site equivalent to losing SAN at the secondary site.  This is where a backup comes in handy.)
      • When the system has detected a corrupted log file that cannot be replayed into the SCR target database.  (Since we perform a checksum before the log is shipped from the source and before it is committed at the target, very unlikely.)
      • After an offline defragmentation of the SCR source or target database occurs.  (Microsoft flat out states that offline defrags are ONLY to be performed when you must recover a corrupted source database.  In my 12 years of working with Exchange, I have only been witness to disastrous database corruption 3 times across hundreds of customers.) 
      • After a page scrubbing of the SCR source database occurs, and you want to propagate the changes to the SCR target database.  (Page scrubbing is the overwriting of zeroed out pages in the database making them unrecoverable.  This is something you have to turn on in Exchange 2007.  It doesn’t happen by default.  Also, with SP1, page scrubbing is handled gracefully by zeroing out the pages within the logfile.  This is shipped to the target server so it doesn't result in a reseeding event.)
      • After the log generation sequence for the storage group has been reset to 1.  (Once again, you would do this on purpose so it would be a self-inflicted wound to do so and would definitely reseed the database.) 
    • OK… so that was a long winded response to disaster.  Now let’s talk about network latency. 
      • First, check out http://technet.microsoft.com/en-us/library/bb676465(EXCHG.80).aspx  and look at the section called “SCR and Log Truncation”
      • Some 3rd party vendors will say, if you lose your WAN connection (they wont say for how long) then the database needs to be reseeded.  FUD!  In an SCR environment, an SCR target that is disabled and then enabled again may not need to be reseeded if all of the required log files are available, based on the following:
        • If circular logging is enabled for the storage group, log deletion will result in the enabled SCR target requiring a reseed due to gaps in the log sequence.  (Circular logging is disabled by default and usually not recommended under most circumstances because it gives you no mechanism in a database disaster to replay log files into the database.  So you have to go back to your last full backup to recover the database.)
        • If a backup is taken that includes log file truncation, log deletion will result in the enabled SCR target requiring a reseed due to gaps in the log sequence.  (Did you get that?!?!?!?!  That means you have to reseed the database only if you have truncated the log by either doing it manually or by completing a backup while the target node was unavailable.  So this is quite a disaster!!  You have to read that link directly above to fully understand this concept.  Namely, that SCR databases are truncated continually and SCR sources do not truncate logs (even if the backup is successful) until all SCR nodes are available.  So this type of reseeding should not be happening!) 
        • If log files are not truncated via either of the preceding means, disabling and then enabling SCR should not require a reseed. In this case, log files at the SCR target will need to be deleted, but they will be replicated again from the SCR source.

You should take serious notice that Microsoft doesn’t use Single Copy Clusters for their production environment anymore.  Microsoft has 80,000 employees and including contractors it’s closer to 121,000 mailboxes in Exchange 2007.  Here’s a link to the Microsoft IT deployment of Exchange internally.  So we’re not talking about CCR and SCR as a SMB solution.  This is FUD talking!

So now that you have read all this, you should understand that the fear some people are spreading is unfounded.  Of course there is always some “worst case disaster” that will result in something bad happening.  I mean, let’s be real.. stuff happens and usually it’s due to a human error.  So it is possible that what these sales reps say “could” happen but it’s certainly not very likely once you understand the facts. 

Let me make this clear - There is value in SAN.  I’m a big believer that the only way to get the right amount disk IO per second (IOPS) in large Exchange installations is by using SAN.  Otherwise you need more servers to house the internal storage like a HP DL580 G5 which comes with 16 SAS drives like this one.   What I’m not saying is that you HAVE to use SAN replication schemes in order to achieve High Availability and Disaster Recovery.  THIS IS A FALICY in Exchange 2007.  That SAN is almost always more expensive short-term and long-term than using LCR, CCR and SCR. 

So now let’s come back to cash cows.  Microsoft has their own cash cows… namely Office, SharePoint and the client OS.  Microsoft has to continually beat down FUD around those products as well.  Microsoft sales people and consultants should also be mindful of not spreading their own FUD.  Consultants should always stick to the facts.  However, those facts change.  So before you spread FUD (3rd party vendors or anyone else :) do your research and read a few TechNet articles! 

Not that I had many religious readers over the years... however, since I took on my new job, I haven't blogged much.  Mostly because I've been heads down learning some new tricks of the trade.  Plus I feel like if I don’t have anything original to say, that I should just keep my trap shut.  Well I'm opening the trap again I guess. :)

Let me start by asking you a question... How do you share pictures with friends and family?  (Maybe flickr or Shutterfly?) How do you share other files with them?  (email?)  If you maintain a family tree with a piece of software like Family Tree Maker, how do you share that file with other people?  (you probably don’t) If you tag photos with things like people, places and date taken, how do others get those updates?  (you probably don’t so they are always out of sync) If you run web servers for a living, how do you share configuration across many web servers?  If you have customers, how do you send them big files? (Why would you use email?  They will hate you for it! :)

I cant bet that 9 times out of 10, you are probably saying "email".  For the question about web server configuration, my guess is that you use something very basic like XCOPY or ROBOCopy on the Windows platform or something like RSync on everything else.  None of these methods are simple and they are all fairly labor intensive. 

If you haven't signed up for a Windows Live Mesh account (www.mesh.com), you need to get one ASAP!  It will change the way you work on multiple computers.  Namely, all of the problems above are solved quickly and easily with Mesh.  Imagine taking a picture with your cell phone and instantly having that picture show up in your PC's Pictures folder.  Imagine tagging a picture with a name or a place and your family getting an update to the picture in their own Pictures folder!  This is what Mesh does.  It will support Mac's and cell phones.  It will put a copy in the cloud if you let it so you can access it anywhere.  It will let you take remote control of any PC you own... even behind a firewall or NAT. 

For those of you more familiar with other Microsoft technologies like FolderShare or SkyDrive, Live Mesh will look like it overlaps those technologies… and it does.  However, Live Mesh isn't as constrained as those other two solutions.  First, Live Mesh has a 5GB limit when you copy stuff up to the cloud but it isn't a hard limit.  You can exceed the 5GB but it’s more of a “first-in-first-out” kind of transaction (currently).  Unlike FolderShare, Mesh does not limit the file sizes or number of items you can replicate.  There are some theoretical limits but getting up to 100,000 items is not likely for most people. 

In the enterprise, the options are endless.  Pushing out application databases and configuration files securely will be enabled by Mesh.  Sending your customers or co-workers large media files or presentations will be a thing of the past with Mesh.  Mesh even has a rich API so you can use Mesh as a way to communicate with your users and customers.  I cant say it enough... you need to see Live Mesh!  (www.mesh.com)

Microsoft Office SharePoint Server 2007 is great at organizing your data. What many people come to realize when I'm working with them on MOSS is that moving away from unstructured data has a huge positive impact on what you can do with the data. MOSS takes the prevalent data most organizations already have (docs, spreadsheets, presentations, etc) and makes it more organized by allowing it to be searched and categorized with metadata such as owner, topic and keywords. Most people prefer to work inside Word, Excel and PowerPoint because they are known products and they are efficient in them already.

During my discussions, the light bulbs usually come on when I show off what structured data gives you on top of MOSS Search. First, a primer on structured vs. unstructured data…

Most people use Word, PDF and Excel as a substitute for a database because the cost of development is too high or too complex. MOSS brings the ability to leverage structured data down to the masses and subsequently lowers the cost of development drastically. Unstructured data can be defined in many ways but the way I'll describe it is simple… "documents". By documents I mean all the various forms of files that exist in the world today such as PDF's, JPG's, PowerPoint files, etc. While these documents may contain structured data (such as tables in Excel), they are still files. Excel is an interesting example because in MOSS we can actually turn it into truly structured data with Excel Services but we'll come to that in a second.

Structured data is essentially data that resides in a database. However, just because data is in a database doesn't mean that it's structured in a proper way. For example, a "free text" column in a database can have essentially anything in it unless you have rules that define the field. For example, you might have a field for home phone number in your database, but if you don't force the entries to be formatted according to your requirements, people could enter 301-555-1212 or (301) 555-1212 or 3015551212 or 0011,1,301-555-1212 (for our international folks).

Carrying this idea of a phone number forward into an actual example of structured data inside MOSS is quite simple. Suppose you want to create an Audience in MOSS that only shows a Shared Documents webpart to someone if their home phone number area code is "301". If you formatted your field validation rules properly in MOSS you could do this with a few clicks on the mouse. Without proper formatting, it's not so easy. So back to those light bulbs I referred to earlier.

Tools inside MOSS allow you to create structured data in a few ways. Three of the easiest ways inside MOSS are Excel Services, Lists and Forms Libraries. One of the more difficult methods in MOSS is to use Business Data Connectors (BDC's). Those of you who develop those things will say "it ain't that hard to create a BDC" but for the non developers out there like me… trust me… the three I list can be done without any dev knowledge at all. If you're unfamiliar with BDC's (no... not Backup Domain Controllers in NT4) they allow MOSS to expose your custom applications inside the portal where data from your application can be indexed/searched, viewed or even manipulated.  But I digress.

Once you have created a custom list, exposed an Excel document to a Key Performance Indicator (KPI) or created an InfoPath form, you will be amazed at the data you can get out of your organization. Using KPI's has a massive impact to most organizations on the very day they first get used. Besides KPI's, here's a list of other useful things you can do with structured data:

• Create Audiences for various webparts in MOSS. An Audience can be created from an attribute or a group. An example might be only showing a KPI to executives or showing a shared document repository to people only if their first name starts with the letter W.
• Being able to do math on the values of a particular List or Forms Library and take some action based on the result. An example of this might be looking at the column called "apples sold" and when the sum of the column reaches 100, send an email to someone saying "we need more apples!".
• Using InfoPath forms to generate complex forms that perform complex math against the fields in a form and publish the results into a Forms Library where once again, they can be consumed by a KPI.
• The Forms Server component of MOSS lets you publish web-enabled forms so that people without the InfoPath client can fill them out. Almost anything you can do with the InfoPath client translate directly over to Forms Server however, there are a few gotchas. You'll find them quickly when you try to publish a form, so I won't bore you here.

I want to reiterate my primary point once more for good measure. People have leveraged documents as a substitute for databases because it was too tough or expensive prior to MOSS. I encourage you to enable the Forms Server and Excel Services components in MOSS and give them a spin. One caveat is that Excel Services and Forms Server are only included in the Enterprise Edition of MOSS. However, these two things DO NOT stop you from creating structured data in MOSS. Excel Services basically creates a service out of a spreadsheet where the data can be consumed via web service or KPI.

Quote

If you're deploying Windows Sharepoint Services v3.0 or Microsoft Office Sharepoint Server (MOSS) 2007, you may have noticed that people who arent using Internet Explorer (IE) tend to complain when trying to post content.  They are forced to look at a simple HTML editing tool that lacks the advanced features of the native ActiveX control that IE tends to love. 

r.a.d.editor for Microsoft Office SharePoint Server 2007 is a cross browser based alternative to the default rich-text editor in MOSS and WSS v3.  The product is developed in an agreement between telerik and Microsoft and is provided free of charge to registered clients of SharePoint 2007.

You install the software using an stsadm -o addsolution command string. From there, it is a simple matter of adding the editor as a feature to the site collection from the site settings page. Following that, any non IE browser (the Telerik website has a chart with supported browsers with feature breakdowns) will get radeditor while IE retains the activex plug-in for any field that has the ActiveX plug-in enabled. The process was well documented by telerik, and we've been successful in both testing and production deployments of the tool.

http://www.telerik.com/products/sharepoint/overview.aspx

Perform these changes in the order listed below to modify the service accounts for Windows SharePoint Services (WSS) v3.0 or Microsoft Office SharePoint Server (MOSS) 2007. The first section is for WSS and the second is MOSS. They are mostly the same with some minor changes in each.

WSS Environments:

Central Admin AppPool
Make this change via the command line

• Stsadm –o updatefarmcredentials –userlogin <domain\name> -password <password>

Other Website AppPools
Make this change via the command line

• Stsadm –o updateaccountpassword –userlogin <domain\name> -password <password> [-noadmin]
  Use –noadmin if the Central Admin AppPool is the same account as other Web AppPools

WSS Search
Make this modification via the Central Administration website

• Central Administration website > Operations > Services on Server > Windows SharePoint Services Search
  Update the Configurable Password In Service Account AND\OR Content Access Account as Needed

MOSS Environments:

Central Admin AppPool
Make this change via the command line

• Stsadm –o updatefarmcredentials –userlogin <domain\name> -password <password>

Other Web Front End AppPools
Make this change via the command line

• Stsadm –o updateaccountpassword –userlogin <domain\name> -password <password> [-noadmin]
• Use –noadmin if the Central Admin AppPool is the same account as other Web AppPools

Microsoft Office SharePoint Server Search
Make this modification via the Central Administration website

• Central Administration website > Operations > Services on Server > Office SharePoint Search
• Update the password in Service Account

Office 2007 SSP & Excel
Make this modification via the Central Administration website

• Central Administration website > Application Management > Create or Configure This Farm's Shared Services > Hover over SSP in Farm > Edit Properties > Update the SSP Service Credentials

Office Server Crawl/Index Account
Make this modification via the Central Administration website

• SSP Admin UI -> Search Settings -> Default Content Access Account
• Update Account and PW as needed

Notes
Stsadm –o updatefarmcredentials and stsadm –o updateaccountpassword should do the trick for everything but the SSPs.   Run updateaccountpassword across on specific boxes if you are having NLB or connection issues

Central admin app pool ID - Database Access Account:
Make this change via the command line

• stsadm.exe -o updatefarmcredentials -userlogin <DOMAIN\name> -password <password>

Other Application Pool IDs:
Make this change via the command line

• Stsadm.exe –o updateaccountpassword –userlogin <DOMAIN\name> -password <password> [-noadmin]

SSP Service credentials
Two options

• Central Administration website > Application Management > Manage this Farm's Shared Services > access the ECB for the SSP you need to change > click on "Edit Properties" > on "Edit Shared Services Provider" page, in "SSP Service Credentials" set the account/password (also set the account/password for any Process account that need access to the SSP (typically done when configuring IFSS)
• Command Line

stsadm.exe -o editssp
-title <SSP name>
[-newtitle <new SSP name>]
[-sspadminsite <administration site url>]
[-ssplogin <username>]
[-ssppassword <password>]
[-indexserver <index server>]
[-indexlocation <index file path>]
[-setaccounts <process accounts (domain\username)>]
[-ssl <yes|no>]

MOSS Search Service credentials:
Two options

• Central Administration website -> Operations > Services on Server >  Office SharePoint Server Search > update the account information in the "Service Account" section
• stsadm -o osearch -farmserviceaccount <OSS searchserviceaccount> -farmservicepassword <OSS password>

WSS Search Service credentials:
Two options

• Central Administration website > Operations > Services on Server >  Windows SharePoint (help) Search > update the account information in the "Service Account" section and in the "crawl account" section  
• stsadm -o spsearch -farmserviceaccount <WSS searchserviceaccount> -farmservicepassword <WSS password>

MOSS SSO:

• Use the SCM to update the password for the SSO service account; restart SSO Service
• Once this is done, open the Central Administration website > Operations > Manage settings for Single Sign-On > update account information

Profile Import account:

• SSP Admin > User profiles and properties > Configure Profile Import > update account information in the "default access account" section
  Excel: Should be re-set when you change the information for the SSP Service account      

Lately I've been presenting for Microsoft and talking about collaboration to various public sector organizations. I've been discussing such topics as Microsoft Office SharePoint Server (MOSS), Windows SharePoint Services (WSS) 3.0, Exchange 2007 and Office 2007. In preparation for these presentations it was interesting to dispel some of my own misconceptions. One of these misconceptions was "Why would I want to migrate to the new Office file formats if I don't know if other people with older versions of Office will be able to read them?" It turns out that Microsoft had figured out that problem for me. There is a free add-on to Office 2000/XP/2003 that allows you to edit and view Office 2007 file formats. In Office 2003 and XP, it is a seamless process. You simply open the file. In Office 2000, you have to convert the file using Windows Explorer before it can be read and edited. You can get the conversion tool here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en

One of the more useful tools I learned about is called the Office Migration Planning Manager. These tools allow you to find Office files (doc, ppt, xls and mdb) in your environment that can be migrated and those that will not be able to be upgraded without remediation. This tool called offscan.exe finds the files and writes logs to a cab file. These cab files are then imported into an Access database where they can be reported upon using Excel 2003 or 2007. All the reporting templates are provided and the processes are very well documented.

The next cool tool in the solution is called ofc.exe which can convert your existing files to the new formats. There are tons of benefits to the new XML based formats including:

• Open standard moving forward – Open XML
• Increased security - no embedded macros and macro-enabled documents are stored in new extensions that allow you to quickly find and also manage if macros are allowed in your environment. Macro-enabled file extensions in Office 2007 look like the following: docm, xlsm, pptm,
• Corruption is eliminated since files are no longer stored in a binary format
• Smaller file sizes of 50% - 75% using zip technology

This tool doesn't replace your existing files, rather it creates a "converted" directory which could then be scripted against to delete or move the old formats before replacing them with the new formats. The last claim about reduced file sizes is no joke. When I ran the tool, my documents were at least half as big and in some cases even smaller. Usually the ones that didn't reduce had images in them and binary files are already compressed. Check it out for yourself. Here's some screen shots I took before and after running ofc.exe.

You can get OMPM at this URL:

http://www.microsoft.com/downloads/details.aspx?familyid=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en

Lately I've been presenting for Microsoft and talking about collaboration to various public sector organizations. I've been discussing such topics as Microsoft Office SharePoint Server (MOSS), Windows SharePoint Services (WSS) 3.0, Exchange 2007 and Office 2007. In preparation for these presentations it was interesting to dispel some of my own misconceptions. One of these misconceptions was "Why would I want to migrate to the new Office file formats if I don't know if other people with older versions of Office will be able to read them?" It turns out that Microsoft had figured out that problem for me. There is a free add-on to Office 2000/XP/2003 that allows you to edit and view Office 2007 file formats. In Office 2003 and XP, it is a seamless process. You simply open the file. In Office 2000, you have to convert the file using Windows Explorer before it can be read and edited. You can get the conversion tool here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en

One of the more useful tools I learned about is called the Office Migration Planning Manager. These tools allow you to find Office files (doc, ppt, xls and mdb) in your environment that can be migrated and those that will not be able to be upgraded without remediation. This tool called offscan.exe finds the files and writes logs to a cab file. These cab files are then imported into an Access database where they can be reported upon using Excel 2003 or 2007. All the reporting templates are provided and the processes are very well documented.

The next cool tool in the solution is called ofc.exe which can convert your existing files to the new formats. There are tons of benefits to the new XML based formats including:

• Open standard moving forward – Open XML
• Increased security - no embedded macros and macro-enabled documents are stored in new extensions that allow you to quickly find and also manage if macros are allowed in your environment. Macro-enabled file extensions in Office 2007 look like the following: docm, xlsm, pptm,
• Corruption is eliminated since files are no longer stored in a binary format
• Smaller file sizes of 50% - 75% using zip technology

This tool doesn't replace your existing files, rather it creates a "converted" directory which could then be scripted against to delete or move the old formats before replacing them with the new formats. The last claim about reduced file sizes is no joke. When I ran the tool, my documents were at least half as big and in some cases even smaller. Usually the ones that didn't reduce had images in them and binary files are already compressed.

You can get OMPM at this URL:

http://www.microsoft.com/downloads/details.aspx?familyid=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en

Please read the TechTarget article below regarding the federal mandate that says all companies are responsible to being able to provide access to emails sent within the last year. I'm assuming at least a year because the mandate specifies no actual date. The most important sentence is the following:

"The rule puts the onus on IT departments to ensure they have adequate data-retention policies and that an archiving system that can retrieve documents in their original format, including metadata. To satisfy evidence requirements the systems may need to demonstrate that specific documents were not changed after they were archived."

In Microsoft Exchange terms, this means using Journaling at the Exchange database level. Here's an article which discusses the process for Journaling in Exchange 2003. It's very easy but you need a process in place to archive the journaling mailbox.

http://www.msexchange.org/tutorials/Implementing-Exchange-2003-Message-Journaling.html

Here's an article that discusses the actual process of how Journaling works in Exchange 2003. It's the same overall process in Exchange 2007.

http://technet.microsoft.com/en-us/library/2ebbad24-a063-42c2-ae1c-a511b9f8ef0e.aspx

Here's the TechTarget article:

http://searchstoragechannel.techtarget.com/originalContent/0,289142,sid98_gci1233776,00.html

I've been preaching about Smart Cards for Domain Admins for a while. It's the best way to ensure that your accounts aren't being compromised, used by multiple people, or worse yet… used as service accounts!!! (eek)

So in preparation for some training I'm about to do, I learned that a few Cryptographic Service Providers (CSP's) that used to work in XP, no longer work on Windows Vista. The one that is sticking it to me at the moment is the Schlumberger CSP which is used by the Axalto/Gemplus (now called Gemalto) Cryptoflex Smart Cards. So this has me wondering… what are all those large companies and federal orgs out there that are using this CSP gonna do when they want to upgrade to Vista? Gemalto doesn't have anything on their website and this is troubling. It's not like Vista has been a mystery to these people. They make cards specifically for Windows 2000 and XP. I have a call into their sales people and an email to a generic address. They also don't even have a support phone number on their website. Amazing!

Usually I'm not in the business of flaming companies online but this is fairly frustrating and I haven't been able to find anything on the subject. So that's why I'm informing the world. (or at least anyone who is looking for this info) I'll post updates when I get some.

**** NEW UPDATE 1/9/07 ****

So I reached a Gemalto rep (who has been very helpful) and she said that Gemalto does have a smart card that works in Vista called the ".Net Card" however, this card is more than double the cost of the Cryptoflex card.  Retail cost is $40/card.  I was told that this is the card that all 40,000 Microsoft employees are now using.  I've worked at Microsoft on various projects and had a smartcard with them as well.  It seems insane that they would have to spend even $20/card... for 40k users.  The price will obviously come down as Vista catches on. 

As a side note, it looks like the Schlumberger CSP will not be supported in Vista.  :(

Sometimes I'm caught off guard by how inventive people can be. This guy went "old school" and found a way to turn us back into a paper society.

In the article below, a student named Sainul Abideen invented a way to store data as shapes and colors while claiming to be able to store 450 GB of data on a sheet of paper. (the size of the paper wasn't specified)

If his claim is true, he just killed HD and Blu-Ray DVD's and re-propelled things like paper scanners. In addition, if he can come through on his claims, he's probably just become VERY rich.

http://www.dailytech.com/article.aspx?newsid=5052

Today I've been baby-sitting virtual servers installing in preparation for an Exchange 5.5 to Exchange 2003 migration. During that time I got an email from Microsoft discussing the new Volume License Key (VLK) Activation process. This is a huge change for companies who haven't yet started deploying Vista in the enterprise. Rather than rehash all the contents of the webpage, here's the link:

http://www.microsoft.com/technet/windowsvista/plan/volact1.mspx

The thing to note here is that you can no longer just distribute your VLK's around to your employees and let them activate Vista on their own. Microsoft now requires you to either deploy a server role internally that tracks VLK usage or connect to their servers and activate. You then can connect to their servers and see how many licenses you have used. If you deploy the internal-based solution, that server reports to Microsoft as a proxy. HOWEVER!... users must reconnect to this internal server at least once every 180 days to keep the activation alive. Once again, read the link above to get all the information.

A few weeks ago I decided to try out Microsoft OneNote 2007. I used OneNote 2003 in the past and I thought it was cool but not cool like 2007. I’ve stopped using Microsoft Word all together and love the integration with Outlook. Plus I have the benefit of having access to all my projects and sub projects with one or two clicks of the mouse. OneNote allows me to save as Word Docs, PDF, XPS (who uses that?) and also allows me to send email right from within OneNote. But the killer is that my emails are now much more dynamic. I can add graphics, arrows, callouts and other content very easily. OneNote even has a screen capture tool built into the app that runs as a very slim System Tray process so I don’t have to load up SnagIt. Below is an example of an email generated with OneNote:

The organization of OneNote is much more elegant than using folders since things can be categorized and sub categorized in much more detail. When I get emails from people that are relative to a project I’m working on, I can click on a button and message gets sent right to OneNote, I can then associate it with a Project and I’m done. Finally the one other thing I really like about using OneNote for projects is that I can search through OneNote and it will instantly show me the places where that term lives. Word is for wimps!