Can vs. Should

There is a big difference between things that can be done as opposed to what should be done. 

I have discussed virtualization in great detail of late because of how interesting it is to the average IT Professional.  Windows Server Virtualization, or Hyper-V, is a server role in Windows Server 2008; presently it is still in beta, but it is coming soon, and has been available to the general public since Windows Server 2008 released a few months ago.

In the second half of 2008 Microsoft will release Windows Small Business Server 2008; it is built on the Windows Server 2008 platform and as such includes all of that platform's roles and features including Hyper-V.  For any number of reasons SBS clients and consultants should be very happy about this.

Hyper-V in Windows Server Standard has a fairly simple licensing model in much the same way that hieroglyphics are simple.  Add to that a number of the licensing requirements of Small Business Server – simple in and of themselves – things get murky.  Some of the relevant points:

  • The primary SBS server (Server 1) must by definition be the primary domain controller.
  • With Hyper-V in Windows Server 2008 Standard Edition you have the right to install a parent operating system and then virtualize a single instance of Windows Server 2008 within Hyper-V as a child OS, on the condition that the only role and purpose of the parent OS is to host and manage the child OS.
  • SBS 2008 Premium Edition will include a second license of Windows Server 2008 Standard Edition to be installed on a second physical server.

I am going to go through a number of scenarios that came up today and then do my best to explain my point. 

  1. Can we install the primary Windows Server 2008 SBS license on a server and install the Hyper-V role, and then install the same license into a Hyper-V environment to be managed by the parent?
  2. Can we purchase SBS Premium Edition and install the second license on a server, configure Hyper-V, and then install the first license in a child OS?

There are several other combinations that were discussed and I started to ask myself the question… just because some of these combinations can be done, does it mean it should be done?

I have given these a lot of thought and I asked if even though some of these options are possible, would they be recommended?  The truth is that for many scenarios it will be a lot simpler to purchase a license for Windows Server 2008 Standard Edition – or even the Microsoft Hyper-V Server which was recently announced and is due to release later this year.

Although many people – SBS consultants included – like to play with the system in order to save a few dollars, the time spent trying to figure out and configure these unsupported configurations will often cost more than purchasing the actual license (the Hyper-V Server is going to sell for about $28).

We so often discuss the K.I.S.S. Principle (Keep it Simple, Stupid!) but then go out of our way to overcomplicate our lives to save a few dollars.  I understand that SBS is a platform that is by definition going to be attractive to companies trying to save money… but save it where it matters.  Purchase the licenses that will simplify your business for the long term rather than saving a few sous (which will not really be a saving in the end). 

I am interested in hearing how many SBS clients will install in a Hyper-V environment.  There are some great advantages to it… but do it wisely!

A Simple Explanation of Microsoft Essential Business Server

So what is Essential Business Server (EBS)?  In simple terms EBS is a complete corporate network for mid-sized companies in a box, or rather in three or four boxes depending on the version.  Let me explain:

In the beginning there was the PC.  And of course Microsoft looked up at the PC and said it was good, but did not really do very much.  And Microsoft laboured and toiled and created DOS… and DOS was good.

And on the second day Microsoft created Windows.  The second day was a very long and tiring day that involved great struggles between Redmond, Washington and Armonk, New York.  The struggles would take a long time to resolve, and in the end two brothers emerged, OS/2 which would take many years to come into its own before fading away; and the younger brother would be named Windows.  Windows would also take time to emerge, but its potential was limited only by the genius of its creators, who one day knew that it would indeed rule the world.

And on the third day Microsoft created Windows Server, a network operating system (NOS), is the backbone of most corporate networks.  Since Server 2000 it has allowed companies to build forests and domains based on the Active Directory (AD) infrastructure.  Included with Windows Server were roles and features such as DNS, DHCP, IIS, and Terminal Services, not to mention file and print sharing services. 

For companies that live in a vacuum there really is little more needed for a perfect network.  Unfortunately most companies need features such as the Internet (which requires a proxy, firewall, and Internet sharing), e-mail (which requires a mail server), corporate portals, databases, and more… all of these features require different servers, all of which need to be secured and protected…

So on the fourth day Microsoft created Internet Security and Acceleration Server (ISA), and although ISA Server would require some tweaking over time, it was essentially good.  With network protection they could then introduce Exchange Server, which would not only allow e-mail but also shared contacts and calendars, Public Folders, tasks, and such.  And the industry looked at it, and it was good.

And on the fifty day Microsoft created SQL Server, a database server running the mighty structured query language to make things faster and better… and based on that SharePoint Server was introduced as the Internet portal platform which would take advantage of the best technologies of IIS and SQL Server.  And the industry looked at it, and it was good.

And then on the sixth day Microsoft released management tools that would allow all of the existing technologies to be monitored and maintained.  The System Center product line would take many disjoint tools and bring th em together; and for smaller organizations the features of these tools would be brought together into a single product called System Center Essentials. 

On the seventh day (Microsoft does not rest!) the cries were great; security was hardly manageable and unattainable without third-party tools.  And Microsoft heard the cries, and their answer was called Forefront Security for Exchange.  The mail server would now be protected.

These server products are not inexpensive, and license management for them all has been referred to alternately as a joke and a curse.  For each server you need a license.  For each server product you need a license, plus a license of the NOS.  For some (but not all!) of these servers and server products you need Client Access Licenses (CALs).  Of course some of those CALs will be User CALs while others should be Device CALs, and let's not get into per server CALs.  It is enough to employ a specialist in most organizations; for organizations large enough to have issues but too small to employ a specialist it can drive the person responsible to drink.

In 1996 (about Day 4) Microsoft decided to package many of these products together and offer a simplified low-cost solution for small businesses.  Over the years the definition of small business has grown (it currently sits at 75 computers).  Small Business Server was a single-server and single-license solution (CALs are simplified too!) that offered smaller businesses the tools to compete with their larger competitors using the same tools.  All of the required server tools which were previously installed on separate hardware were consolidated on a single box (E pluribus unum).  SBS has had its fair share of detractors, many with ridiculous claims but some with legitimate shortcomings which were not an issue for most smaller businesses. However one of these persistent claims has been that the various server software packages were not designed to coexist on a single server.

…So several years later Microsoft undertook to create a solution for both those concerned, and for enterprises which have outgrown the single box.

Essential Business Server is not only a solution for businesses who have outgrown the seventy-five CAL limit of Small Business Server; that may have been the original driver behind the product, but it addresses many of the arguments that some have had against SBS since the beginning.

Like its older cousin SBS, there will be two editions of EBS.

Microsoft Essential Business Server (Standard Edition)

The entry-level EBS package consists of:

  • Windows Server 2008
  • Exchange Server 2007
  • Forefront Security for Exchange
  • System Center Essentials
  • Internet Security and Acceleration Server

These five packages are installed on three separate x64 servers.  It includes three licenses for Windows Server 2008 (Standard), which is installed at the base operating system for each server.

The first server (Management Server) controls the network (DNS, DHCP, etc…) and the Active Directory Domain Services.  As well, Microsoft System Center Essentials is installed on the Management Server.

The second server (Messaging Server) works in conjunction with the first server to control the Active Directory Domain Services.  In addition Microsoft Exchange Server 2007 and Forefront Client Security for Exchange Server are installed on the Messaging Server.

The third server (Security Server) has a second Exchange Server 2007 installed, as well as Internet Security and Acceleration Server.  It acts as both a firewall and a proxy server, and is the only server connected to the outside world, controlling and security the traffic between the intranet and the Internet.

editions_lg

Microsoft Essential Business Server (Premium Edition)

The Premium Edition of EBS includes all of the architecture of the Standard Edition, but includes a fourth license for Windows Server 2008, as well as Microsoft SQL Server 2008 Standard Edition.  These install on a fourth server (Database Server) and will shoulder the burden of most database-type applications, either out of the box or custom.

One of the advantages for Microsoft, a company with a great history of having their private beta applications and operating systems released into the wild for the 'just because we can' community, is that the hardware requirements (which are quite reasonable for companies building their infrastructure) lean towards the ridiculous for the hobbyist hacker.  Even at the MVP Summit deep-dive last year there were cries of 'Who the hell has three x64 systems lying around to test it on?'  I would suspect that for that reason and more unlike SBS of late the serious EBSers (did I just coin that term?) will have a real opportunity to show others their first glimpses of the package.  I had that opportunity recently at the Toronto Heroes Happen {Here} Launch event.  Really cool.

Keep tuning in for more news on EBS as it happens…

Essential Business Server: Coming soon to a mid-sized company near you!

For years I have been saying that Small Business Server was the best solution for small businesses that did not have huge IT budgets; it allowed them to take advantage of the same enterprise-level tools such as Microsoft Exchange Server, SQL Server, and SharePoint Server without having to purchase several servers with tens of thousands of dollars of software, not to mention a full-time IT department.

Several people and groups have challenged me with 'what if' scenarios intent on debunking the applicability of SBS to their specific business network scenario, and I have always been glad to address these challenges because most of them were based on myths.  The truth is that to date I have not heard of any scenario where SBS could not be deployed in a small business as the backbone infrastructure, with one exception: The Hard Ceiling.

of course I am referring to the two great licensing limitations of SBS:

  1. You can only have a single SBS server in your network environment; and
  2. You were limited to (on SBS 2003) seventy-five CALs (Client Access Licenses).  Once you hit that ceiling you had to transition off SBS onto the enterprise packages.

Of course the first limitation is also a myth; although it is a true enough statement, that does not mean that you are limited to having a single server, rather that only one of them – the primary Domain Controller that hosted all operation master roles (commonly referred to as FSMO, or Flexible Single Master Operation roles) – could be running SBS.  You could add as many servers (up to ____) to your network, they just could not hold the operation master roles.

The second limitation is real.  If your company grew past seventy-five users (let's not get into the device CALs versus user CALs discussion) you had no choice but to leave the safety and comfort of the SBS world. 

The allure of SBS was (and continues to be) not only the power of the tools offered, plus the fact that they could all be run from a single box (My first SBS which I ran from home for two years ran very reliably on an IBM Pentium III workstation with 1GB RAM)… but also the fact that everything was configured and managed by very intuitive wizards and tools.  Creating a user was a single process which would include all permissions for everything from Exchange to SQL to SharePoint Services.  Transitioning beyond SBS meant leaving those wizards – and the revered Remote Web Workplace – behind.

Enter Essential Business Server.

A year ago I saw Windows Server Codename: Centro for the first time and fell in love.  It was the solution for mid-market companies up to 250 computers, and it was in a word everything that SBS was not.  Not only did it break the seventy-five user limit, but it also addressed most (if not all) of the actual and perceived limitations of SBS… while maintaining the cohesiveness of the single package. 

We could easily steal for SBS the motto from the US Dollar Bill,  E pluribus unum – from many, one.  That is because SBS integrates a number of servers that in the enterprise are generally separate and hosts them all on a single server.  The Standard Edition of Essential Business Server installs on three independent servers: the Management server, the Security server, and the Messaging server.  (the Premium Edition of EBS adds a fourth for the Database server).

Now that Microsoft has lifted much of the veil of secrecy from both EBS and the next release of SBS (Windows Small Business Server 2008, formerly codename Cougar) you will find that I have a lot to say about both of these products.  I see four distinct groups to whom this series of articles should be of interest:

  1. IT Professionals with an eye toward small and mid-sized businesses;
  2. Small Business IT Professionals who have been working with SBS;
  3. Small business owners or managers who need to make informed decisions about their IT and do not necessarily want to pay for consultants; and
  4. People interested in becoming IT professionals.

While I am not promising to answer all of your questions, I do hope to introduce both products to you so that when they do release to manufacturing (RTM) there will be not only a proper and comprehensive understanding of the products (and often of the reasons behind certain decisions and the like), but also a complete library of information that will be available, from an interested and connected (and mostly objective) IT Professional who does not actually work for Microsoft.

Strap yourselves in… because here we go!

Homeward Bound

It occurred to me that thanks to the US Government (and my wacky travel schedule) 2008 is the first year that I have 'sprung forward' twice.

I am of course referring to the fact that North America switched from Daylight Savings to Standard (or is it the other way around… I never remember) a couple of week ago, while Europe did it last week-end.  I was actually confused that when I got to Stockholm I was in GMT+1, but the time was only five hours ahead of Toronto, which is and has always been GMT-5. 

The mystery was solved Friday evening when a notice was posted in the lobby of my hotel in Kista reminding guests to adjust their clocks forward the next night.  So technically I have actually lost two hours of sleep this spring instead of the usual one; in the back of my mind there is a bit of a concern that I will be off-balance for the rest of my life because of this, until I decide to book another trip to Europe in the fall between the time shifts.

So Europe is behind me, and in three hours or so I will finally land at Toronto Pearson Airport. It is a dreadful place, not one that I relish spending any time in, either going or coming.  In the past few hours I have had another opportunity to call Air Canada and Aeroplan prostitutes with no interest in offering service to very frequent customers (same reason coming as going… I will never get any satisfaction beyond what I get for posting that, so my faithful readers can more or less expect to hear that every time I cannot use an upgrade certificate.  A week tomorrow I am flying to Seattle… I wonder what they will say about my North American Upgrade Certificates. 

Sometime in the autumn I was running very late to catch a plane – I am tempted to say I was coming home from Cleveland – and forgot to put my utility knife into my checked luggage.  Of course I knew that there was no way that I would be allowed to take it on the plane (those of you who really know me can surmise just how sharp the blade was) so when I got to the security checkpoint I handed it to an agent and told her to enjoy it.  As you know knives of any sort are not allowed on airplanes, along with nail clippers.  (It should be noted that despite every argument I hear about how stupid that law is, I can see nail clippers being quite easy to convert into a weapon)

The first time I discovered the extent of that new reality was in January, 2002.  I was on the very long return trip from Steamboat, Colorado and about thirty-two hours after the journey began I found myself sitting at T.G.I. Fridays in Washington Dulles Airport.  The menu was extremely abridged – they had removed all foods that could not be eaten by hand, and naively I asked about it.  We were living in a very new world at the time and I suppose I understood.

I have been in one or two airport restaurants since then, both in North America and abroad, and have noticed that the only cutlery you can generally get beyond the security checkpoint is plastic.  I suppose it is an alternative to having to keep track of every single knife, and I am not the type to argue security measures.

So after my frustrating encounter with the Air Canada gate agent I walked across to the Lufthansa Executive Lounge in Frankfurt.  I suppose because it was between 'meal times' there were tons of snacks-type foods such as popcorn and breads with cheese and spreads, as well as soup, .  (The highlighted beverage was Jim Beam Kentucky Bourbon… sheesh!)  I poured myself a cafe au lait and sat across the snack bar when it hit me…

…they had knives set out at the buffet.

To be clear I do not mean plastic knives, it was actual silverware.  They were butter knives, but actual knives nonetheless.

It got me thinking back… I do not generally pay attention to these things in the lounges, but I do remember that at the SAS Lounge at Stockholm Arlanda I had fried herring with, you guessed it, actual silverware; and I know for a fact that every time I have flown either business Class or First Class on any airline it has been the same.  It no longer sticks out as it once did, but I remember my trip to California in May when I was upgraded, I blogged about that experience and noted with great excitement the silverware.

So my question is this: why is it that airlines (and more importantly the folks at airport security) are willing to put potential weapons in the hands of people who fly Business Class?  I am pretty sure that at least some of the 9-11 hijackers (may each one of them and their families rot for eternity) flew Business Class.  It is absolutely impossible for me to get into the head of someone who would do that, but if I accepted a suicide mission that involved an airplane you can be certain that one of the non-negotiable conditions would be that they flew me First Class.

It is not as if the terrorist organizations cannot afford it… Thanks to the oil-rich states that finance them they certainly have the means.  Every time we hear of such things (okay, for most of us this is probably in movies and on TV) the terrorist cells are receiving wire transfers of twenty-five (or two hundred and fifty) million dollars.  That to the tembel who is martyring himself translates into a very lavish night on the town, dinner, drinks, prostitutes, and yes, First Class airfare.

(If you read my initial article equating Air Canada to a high-priced escort, you will understand that I, like most travelers, generally book the lowest fare available and only get to fly up front when the airline asks for volunteers or when my agent successfully negotiates the +6hour clause in my contract.  I still hardly understand the difference between the three fare classes that Air Canada has that all put you in the back of the plane.)

I definitely prefer most Boeing aircraft over most Airbus aircraft.  I was disappointed that I was not able to upgrade my flight from Toronto to Frankfurt, but truth be told the Economy Class seats of a Boeing 777 are pretty comfortable.  The personal entertainment unit in each seat ensured that I could watch whatever movies I chose, and when I wanted to sleep the seats reclined quite comfortably.  (I then transferred onto another Boeing, a 737-800, which was not as lavish but still quite comfortable)

Flying home from Oslo through Frankfurt had me on a Lufthansa Airbus 320, initially next to a man who had no interest in sharing the armrest and went out of his way to demonstrate that.  Because the flight was not full I was able to switch seats when the crew closed the doors.  I then transferred onto the Air Canada Airbus 330.  This one is in fact a full flight, and I am quite grateful that I have an aisle seat.  The seats recline in a rather odd manner which would be perfect for getting a shave at the barber, but is not at all comfortable for watching movies (minus the personal entertainment unit, so I was happy that the first movie was one I had not seen, but have seen the second one).

On trans-Atlantic flights Air Canada not only serves you a hot meal, but also plies you with liquor.  I am three rows behind the impenetrable Business Class Curtain, and was actually envious knowing that just four seats ahead of me the passengers were not only eating much better hot food, but with actual cutlery.  They are sipping champagne from goblets while I settle for California white wine out of a plastic cup.  (Later I had an Irish Coffee, but the best they could manage was Canadian Club Rye)

I did get to do a good deed by helping a very elderly lady in and out of her wheel chair when the crew needed help… good deeds just feel good, and it is not about the thanks… it is about the deed itself.

If you are wondering why I might sound slightly whinier than normal it likely has to do with my stay in Oslo.  My presentation was well received, but I feel like the rest of the time was well and truly wasted.  I ventured into the city a number of times, but the weather was not conducive to wandering tourists.  I did what I had to do and then went back to my hotel, which was in the middle of nowhere (Fornebuparken!). 

I suppose I was blessed in Stockholm because after a good presentation I had four great sunny days to wander, explore, and such.  As my pictures on Facebook (and here) will attest I saw any number of great sites, both historic and modern.  I saw castles, museums, the old section of town (which made Old Montreal look like a modern metropolis), and the changing of the guard, not to mention a 370 year old ship that sank before it could even raise its sails.  The weather made me want to get out of bed, and jump from sight to sight. 

In Oslo the only half-decent suggestion was to see a place called Akke Brygge, which apparently locals are incapable of saying slowly.  It was on a fjord which is always nice, but nothing worth writing about.  I was accosted by a teenaged girl raising funds for charity who was excited to meet a Canadian, and asked me if I said oot and aboot.  She had all sorts of suggestions for what I should do on my last night in town, but none of them really appealed to me. 

The truth is that as much as I enjoy my work, including the travel involved, I miss my family dearly, and cannot wait to get home to them.  I know that once I have walked the seventeen miles from the gate to Customs to Baggage Claim, wait to find out if they have lost my luggage (the less-than-helpful agent who checked me in at Pearson only checked my bag through to Frankfurt, which did not help my mood), I will only be mere yards from an incredible greeting… Theresa is bringing Aaron to the airport, and I know that he is as excited to see me as she is.

Once we get home there will be another wonderful reunion – my three beloved puppies.  Jacob always is always less happy and playful when I am away, and when he hears my voice when we video-chat he comes up and licks the screen.  Gingit – has she really been with us less than a month? – hears my voice and jumps on the keyboard, and I have gotten some great messages that she has typed.  Bailey is the brave one, but I know that when I come through the door the three of them will be fighting for position in daddy's shadow… and I assure you they will all get their turn!

So another journey is coming to a close.  I won't be home for long – a week tomorrow I am off to Seattle for the MVP Summit, but for the time being there are no more two- or three-week absences planned.  My next contract actually has me working primarily from home for a few weeks!  I may complain about the noise and probably am a bit rough with the discipline (mostly Aaron and Jacob) but the truth is I love it… and wouldn't have it any other way!

Certification Exam Security… what can be done?

The following is a comment I made to a blog article on Network World on the topic of certification exam security.  The actual post can be found here: 

http://www.networkworld.com/community/node/26502

Using the MCP ID card as your security poses a number of downsides.  To mention two severely opposite issues:

1) A new candidate, or one who has never passed an exam, does not have a card yet; and

2) I have no fewer than ten such cards for my various certifications, including two for MCSA on Server 2003 because they mailed me two of them.

With the pervasiveness of fingerprint scanners on many computers and with external fingerprint scanners being relatively inexpensive I thought this might be an interesting way to ensure that the candidate taking the exam was who he or she said they were.  This is not a foolproof method, as the same person could register and take all of someone's exams going forward, but it would go a long way to eliminating many incidences of cheating.

I would love for Microsoft to come up with a better testing method than multiple choice; those were the exams that were easiest to cheat on in high school, and that has not changed.  I suspect they are working on it, and it cannot come soon enough.  Of course simulations are nice, but there are nowhere near enough of them yet… and the ones they do have are still too easy to guess.

What is the solution?  If it were a two line answer it would have been implemented long ago.  I just hope they come up with something soon!