Embed Size (px)
Citation preview
S E P T E M B E R 2 0 0 5 W W W . R E D M O N D M A G . C O M
Microsoft CIO Ron Markezich Talks Shop Page 56
71
25274
86727
09>
SEPT
EMBE
R•
$5.9
5
GOINGUP!
Get the Full View of VistaPage 9
How Beta Man Spent His Summer Vacation Page 27
4 Linux Server Stalwarts Page 30
Our 10th Annual Salary Survey ShowsWages Pointing Skyward Page 40
0905red_cover.v3 8/17/05 10:18 AM Page 1
Got You Ready To Drop?Configure and secure all your desktops from one centralized console with Desktop Authority® 6.5
ScriptLogic’s Desktop Authoritysignificantly reduces total cost ofdesktop and application ownership byenabling administrators to proactivelysecure, manage and support desktopsfrom a central location.
S E E B A C K F O R M O R E D E T A I L S
1.800.424.9411 > www.scriptlogic.com
805017 DAYNER HALL 8/4/05 11:23 AM Page 1
Improve Productivity and Security with
Desktop AuthorityWith Desktop Authority, you can:
• Configure every aspect of the desktop including drives, printers, applications, the registry,Outlook settings and more
• Use Desktop Authority’s exclusive Validation Logic technology to apply configuration settingsto desired users and computers
• Centrally manage the deployment of patches and spyware removal from one central console• Securely manage and remote control clients from console or any web browser
Discover why your fellow readers of Redmond Magazine named Desktop Authority the Best Network Automation Tool of 2005!
SPECIAL OFFER: Go to www.scriptlogic.com/nosneakernet – evaluate a30-day trial version of Desktop Authority 6.5 and get this FREE T-shirt!
1.800.424.9411 > www.scriptlogic.com
© 2005 ScriptLogic Corporation. All rights reserved. ScriptLogic, Desktop Authority and the ScriptLogic logo are trademarks or registered trademarks of ScriptLogicCorporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respectiveowners. Offer good while supplies last. Allow 4 to 6 weeks for delivery.
805017 DAYNER HALL 8/4/05 11:25 AM Page 2
© 2005 SurfControl plc.
Enterprise Protection SuiteWeb, E-mail, IM/P2P, Mobile
Enhance SecurityManage Usage Policies & ComplianceIncrease ProductivityReduce Costs & Administration
Yesterday’s point-solution is no match for today’s blended threat—and you can’t expect your enterprise IT security experts to be a 24/7 clean-up crew. But you can count on SurfControl’sEnterprise Protection Suite to deliver unequaled protection against every threat—traveling throughevery entry point—every time.
It doesn’t matter whether it’s spam, spyware, phishing, viruses or a specialized day-zero hybrid.Nor does it matter whether it comes from inside your organization, or from outside company walls.The SurfControl Enterprise Threat Protection Suite delivers a powerful unified threat managementsolution, securing Web, e-mail and IM/P2P traffic—from the network gateway to the user desktop.Plus, it’s backed by SurfControl’s 24/7 Adaptive Threat Intelligence Service. Now you’re ready.
FREE 30-day trial www.surfcontrol.com/go/blended 1 800.368.3366
Are You Ready?
Blended Threats Attack Multiple
Entry Points…
™
Project3 8/15/05 11:56 AM Page 1
REDMOND REPORT
9 News AnalysisWindows Vista Beta Gives IT aGood View
14 EventLogSoftware Assurance changes coming, PDC 2005 speaker lineupincludes Gates, Microsoft joinsbattle for virtual Earth and more.
COLUMNS
4 Chief Concerns: Doug BarneyThe Vision Thing
27 Beta Man: Don JonesWhat I Beta Tested on My Summer Vacation
63 Security Advisor:Joern WetternKnow Your Rights (Management)
72 Ten: Paul DesmondNames for Longhorn Server
ALSO IN THIS ISSUE
2 Redmond magazine online
6 Letters to Redmond
71 Ad and Editorial Indexes
REVIEWS
17 Deployment Done RightSpecops Deploy 3.0 putsyou on the right road to effective softwaredeployment with Active Directory.
22 Guard the DoorThreatSentry protectsIIS servers from both known andunkown attacks.
30 Redmond RoundupLinux Living in a Windows WorldIt may be nowhere near as prevalent onthe desktop, but Linux is no stranger torunning servers.
Moving on Up!After a flat year, salaries are up again—dramatically for some—as we take alook at the changing demographics ofthe Redmond readership.
Page 40
COVER STORY
RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY
S E P T E M B E R 2 0 0 5 W W W. R E D M O N D M A G . C O M
Winner for BestComputer/Software
Magazine 2005
ILLUSTRATION BY ED LUTERIO
PHOTO BY JOHN E. HOLLINGSWORTH
COVER PHOTO BY ROMILLY LOCKYER/GETTY IMAGES
56 Microsoft’s First, Best CustomerMore than 300,000 devices. About 10,000servers, 2,000 IT staff and the same numberof contractors and vendors. The mostattacked network in the world. Meet theman responsible for keeping it all going.
0905red_TOC_1.v9 8/15/05 5:32 PM Page 1
MCPMAG.COM
See What Your Certs Are Worth!MCPmag.com’s 10th Annual SalarySurvey includes data exclusive to theMCP community:education, years ofexperience, regionaldata slices, careersatisfaction andmore, all brokendown by title.
Plus, writer anddeveloper JeffreyPriebe provides guidance on taking the70-301 Solutions Framework exam. AndExchange guru Sekou Page challengesyou to submit your most challengingmessaging problems, which he’ll dissectto your satisfaction, in a brand new column, Extreme Messaging.
Also, don’t miss:• Tech Line, Chris Wolf’s weekly
column addressing your networktroubleshooting problems.
REDMONDMAG.COM
Post Your Mind on Redmondmag.com’s ForumsThe next time you’ve got a technical question or problem, want to hear what otherIT professionals think of a new technology or solution, or just want to vent yourtake on the latest industry issues, stop by Redmondmag.com forums.
With more than 4,500 registered members, the forums offer active discussions ina variety of technical areas, including:
• Active Directory• Small Business Server• Windows 2003• Security• Group Policy ObjectsAnd much more. Anyone can read posts in the
forums, but you must register to post. This one-timeregistration is easy and, of course, free. To find outmore and to register, use FindIT code: Forums
Looking for Mr. Script?This month, Chris Brooke’s Mr. Script column can be found exclusively on Redmondmag.com. To read the current installment, the first in a series looking atthe theory (and problems) behind using scripting to tie several systems together,go to Find IT code: Theory1
2 | September 2005 | Redmond | redmondmag.com |
Redmondmag.comREDMOND COMMUNITY
Redmond Newsletters • Redmond Report: Our weekly e-mailnewsletter featuring news analysis,context and laughs. By Redmond’s Editor in Chief Doug Barney.FindIT code: Newsletters
• Security Watch: Keep current on thelatest Windows network security topics.This newsletter features exclusive,online columns by Contributing EditorRuss Cooper of NTBugTraq fame.FindIT code: Newsletters
Discussion and Forums Post your thoughts and opinions underour articles, or stop by the forums formore in-depth discussions.FindIT code: Forum
Your Turn The interactivity center of the Redmond universe, where you get toexpress your views.FindIT code: YourTurn
OTHER 101COMMUNICATIONS SITES
ENTmag.comSpecial Report: “Microsoft’s Server Virtualization Roadmap”Scott Bekker examines Microsoft’splans for integrating virtualizationtechnologies.FindIT code: ENTSerVir
CertCities.comCertification Advisor: “Architecture Certifications Point Toward Future”New IT certifications take a professionaldirection. By Greg Neilson.FindIT code: CCProfCert
TCPMag.comNews: “Cisco’s Security Black Eye”Stephen Swoyer looks at how Ciscohandled recent security breachesafter promising increased protection.FindIT code: TCPCiscoBE
Throughout Redmond magazine,you’ll discover some stories containFindIT codes. Key in those codes at Redmondmag.com to quickly accessexpanded content for the articles containing those codes.
Just enter the code (note that allFindIT codes are one word, and areNOT case sensitive) in the box at the top-right corner of any page on Redmondmag.com.
FindITCodes
S E P T E M B E R 2 0 0 5
Tech Line columnistChris Wolf
FindIT code: Forums
• Don Jones gets to the heart of WMI scripting.
• Mike Gunderloy expounds on the best software writing, then contributes his best on Microsoft’sblogging spree.
• Chat: Join Microsoft MVP and Small Business Server guruAndy Goodman for SBS Live! on Tuesday, Sept. 20, 7 p.m.Eastern time.
0905red_OnlineTOC_2.v4 8/15/05 4:33 PM Page 2
© 2005 Websense, Inc. All rights reserved. Websense is a registered trademark
of Websense, Inc. in the United States and certain international markets.
What she doesn’t know can hurt her.
Employees are unaware of the external threats that risk the security of their desktops, laptops and mobile devices every singleday. Websense Client Policy Manager™ proactively detects these threats and secures your enterprise endpoints so employeesare protected no matter where they work—whether it's in the office or anywhere in the world. Closee thee securityy gap.Downloadd yourr freee evaluationn today.. www.websense.com/mobile33
Project2 8/2/05 10:31 AM Page 1
The Vision Thing THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITYRedmond
Group Publisher Henry AllainRedmond Media Group
Editorial Director Doug BarneyRedmond Media Group
Group Associate Publisher Matt N. MorolloRedmond Media Group
Editor in Chief Doug [email protected]
Editor Paul [email protected]
Executive Editor, Reviews Lafe [email protected]
Managing Editor Keith [email protected]
News Editor Scott [email protected]
Assistant Managing Editor, Wendy GoncharWeb Editor [email protected]
Editor, Redmondmag.com, Becky NagelCertCities.com [email protected]
Editor, MCPmag.com Michael [email protected]
Editor, ENTmag.com Scott [email protected]
Associate Editor, Web Dan [email protected]
Contributing Editors Chris Brooke
Don Jones
Joern Wettern
Art Director Brad Zerbel
Senior Graphic Designer Alan Tao
Director of Marketing Michele Imgrund
Director of Audience Marketing Janice Martin
Senior Web Developer Rita Zurcher
Marketing Programs Associate Videssa Djucich
Director of Print Production Mary Ann Paniccia
Manufacturing & Carlos GonzalezDistribution Director
President & CEO Jeffrey S. Klein
Executive VP & CFO Stuart K. Coppens
Executive VP Gordon Haight
Senior VP & General Counsel Sheryl L. Katz
Senior VP, Human Resources Michael J. Valenti
Redmondmag.com
The opinions expressed within the articles and other contents herein do not necessarily express those of the publisher.
Postmaster: Send address changes toRedmond, P.O. Box 2063, Skokie, IL 60076-9699
SEPTEMBER 2005 ■ VOL. 11 ■ NO. 9
ChiefConcernsDoug Barney
4 | September 2005 | Redmond | redmondmag.com |
The biggest and boldest are reservedfor the largest shows. You can’t help butthink those speakers intend to do noth-ing less than change the world. Tentimes out of ten nothing happens.
Microsoft is the master at this game ofmanipulation. Speech after speech, peo-ple line up and actually listen. It’s easy tomake fun of this charade and certainlynot every Redmond proclamation ringstrue, but Microsoft is doing something Ihaven’t seen any other vendor pull off fora long, long time—ifever. That is to lay out abroad, grand, evolvingvision that has morethan a snowball’s chanceof being realized.
For comparison’s sake,let’s look at some of thecompetition’s grandpronouncements and prophecies:
Oracle: Larry Ellison boldly promotedthe Network Computer (NC), a zero-intelligence Internet screen scraper thatwould sell for as little as $200. UnevenInternet bandwidth was one problem.Citrix and Microsoft thin clients wereanother, but the real killer was full-powered PCs that gave NCs a beatingworthy of Bruce Lee. This vision died apainful, public death and Ellison has beenuncharacteristically quiet about his pronouncements ever since.
Sun: Scott McNealy is a true characterand has made, oh, about 10 times as manyforward-looking, visionary speeches asLarry. Scott always seems to have a fullervision. He also backed the NetworkComputer. Actually, he still does.McNealy calls his the SunRay. The Sun
chief took things further with Java—thewrite once, run anywhere Web servicescomputing paradigm. This is cool too,but in both cases, the real questions are,“Does this fundamentally change oradvance computing? What can we donow that we couldn’t before?”
IBM: Being the largest computercompany ever (so far), IBM has had alot of visions, few of them truly grand.Its goal today is to sell you what youwant or what IBM consultants can con-
vince you that you need.This isn’t bad, but it sureain’t vision.
HP/Compaq: The pro-duct of a monumentalmatch-up, this conglom-erate has produced someamazing equipment, buthow does it plan to
change the world? It may have ideas,but none have reached the masses.
Apple: Steve Jobs is no spring chicken.Like Ozzy Osbourne, though, he man-ages to still appear ultra cool. Jobs hasprovided great tunes and a slick stable ofPCs and laptops, but will Apple’s tech-nology change the world? Not so far.
That leaves Microsoft, which believes ina PC on every desk, a computer for everyperson, information at our finger tips, thenew world of work, natural language andso much more it is difficult to rememberit all. It doesn’t always execute, but Red-mond always shoots high. It always has aplan to at least try to fulfill its vision. I sayMicrosoft should keep reaching for thestars, even if it only reaches a few.
What do you think? Write me at [email protected]. —
aybe I’m just old, but I’ve been subjected to dozens,hundreds or perhaps even thousands of computerindustry “visions.” It seems you can’t do a keynote
at the East Oshkosh FoxPro user group meeting withoutmaking some sort of grand proclamation about the future.
M
Enabling Technology Professionals to Succeed
0905red_Chief_4.v5 8/16/05 4:09 PM Page 4
Spyware: the new number one enemy for IT. Recent
surveys of IT specialists show that spyware infections have
reached epidemic proportions. Spyware is one of the most
serious security threats and productivity killers today. It’s insidious. Its creators
are well-financed, relentless and remorseless. For the enterprise, common
antispyware can’t cut it. CounterSpy Enterprise: Knock out spyware
from one centralized
location. Company-wide
spyware management
requires a real enterprise
product with centralized
management. CounterSpy
Enterprise is just that: a
scalable, policy-based, second-generation antispyware tool built from the ground
up for system and network administrators to kill spyware quickly and easily.
Real-time protection. Active ProtectionTM Monitors
deliver real-time desktop protection to workstations to
reduce the chance of spyware infection. From the Admin
Console, you have the ability to centrally control what actions are taken when these
monitors detect change on the desktops. The best spyware database in the
industry. Period. The database behind CounterSpy Enterprise has
been independently validated as the best antispyware database in the
industry. Why? CounterSpy Enterprise benefits from multiple sources for
its spyware definition updates, including Sunbelt’s Research Team,
Microsoft, and information collected from consumer users through
Sunbelt’s ThreatNetTM. Spyware doesn’t stand a chance. Free trial.
Find out how many machines in your organization are
infected NOW. Scan the machines in your enterprise for free.
Download the trial at www.sunbelt-software.com/csered.
Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]© 2005 Sunbel t Sof tware. Al l r ights reserved. CounterSpy and ThreatNet are t rademarks of Sunbel t Sof tware. Al l t rademarks used are owned by the i r respect ive companies.
Your weapon: CounterSpy Enterprise.Centralized spyware eradication.
Project2 8/11/05 1:29 PM Page 1
News flash: You can show serious for-matting issues if you open moderatelycomplex Microsoft Word and Power-Point documents with another versionof Word or Microsoft. Heck, it’s evenpossible to create a file that only dis-plays properly on the system that creat-ed it. From my testing—and I’ve done alot of it—OpenOffice is as compatiblewith Microsoft Office as MicrosoftOffice versions are with each other.
OpenOffice [OO], by the way, is a greatrescue app for Microsoft Word—when afile refuses to load, load in OO, save asOO Format, reload and save back as.DOC and it usually clears the hex.
OO is also a great cruft remover forExcel: .XLS files I loaded into OO, savedas OO format, then reloaded and savedback as .XLS were noticeably smaller.
Tsu Dho NimhPhoenix, Ariz.
That’s a fair statement, but not what we’re set-
ting out to test. If people get truly committed to
OpenOffice, then OpenOffice has to be truly
committed to 100 percent conversion—from all
versions of Office then, if that’s what’s required.
I have heard of this magic with .XLS files,
and it is interesting to note.
Jeremy Moskowitz
I have found that running XP in VMwareon Ubuntu Linux to be a better solutionthan running Linux on Windows. I’mnever afraid of getting a worm, adware ora virus when running this way. I can alsoprotect XP using the much better firewallprovided in Linux when I’m attached to a(wireless) network with unknown securi-ty. I can also replicate virtual copies of XPto perform tasks that might be suspect,
plus create vertical Linux environmentsfor the same reason.
Mike McGintySan Diego, Calif.
As a person who implemented methodNo. 4, “Emulate a Linux Environment,”I agree with Jeremy’s statement that it’s“clunky” to set up, but I did pick it forone reason: speed.
My system is coLinux with Gentoo.coLinux is basically a modified Linuxkernel where VirtualPC emulates a PC atthe “bare metal” level (BIOS start up andall). In speed terms, coLinux does better,as it doesn’t have to emulate everythingin a PC. Also, coLinux doesn’t sufferfrom clock skew, where the time on the emulated system gets further and further out of sync with the time on themain system.
For Gentoo, the speed advantage isthat the entire system can be configuredto use the features of your processorrather than using a generic processorlevel defined by the distribution.
Mark FeltEugene, Ore.
Agent-Optional ArchitectureIn response to the Redmond Roundup inthe May 2005 issue (“Keep an Eye onThose Servers”), Argent would like toclarify several points. First, we do notwant your readers to think that it exclu-sively uses an agentless architecture. It’smore accurate to call it “agent-optional.”We like to give our customers in-depthmonitoring—with or without agents—depending on their needs or preference.
MOM 2005 does have agentless moni-toring, but it’s limited to status monitor-
ing without agents and can only monitor10 servers without agents. ArgentGuardian can monitor your servers with-out agents remotely or with agents.Furthermore, you do not lose any func-tionality by not installing agents. Wehave customers like One Beacon Insur-ance that monitors more than 200 servers with only two Argent Guardian“engines” installed.
In addition to supporting several data-bases as stated in the roundup, you don’tneed a dedicated SQL Server to operateArgent Guardian because it works withyour current database system.
We feel the Redmond Rating for instal-lation and deployment should have beenhigher because you can literally be up andfully monitoring the same day, withoutany scripting. Argent’s Rapid Deploy-ment program allows customers to be upand running with their production moni-toring system in a matter of days.
Everything you need to start monitor-ing your servers—regardless of operatingsystem or application—comes ready outof the box with no third-party add-onsrequired. Our 30-day trial version is not alighter, less-capable version. It is a fullyoperational product that gives customersa true sense of what Argent can do.
Peter FilArgent Software Inc.
Make Room for Linux! In “Make Room for Linux Apps” (August 2005), JeremyMoskowitz states: “My testing shows serious formattingissues with moderately complex Word docs (like aresume) and moderately complex PowerPoint files.”
Letters to Redmond
6 | September 2005 | Redmond | redmondmag.com |
Send your rants and raves about stories in this issue to [email protected] include your first and lastname, city and state.
Whaddya Think?!
0905red_Letters_6.v6 8/15/05 5:48 PM Page 6
desktopstandard™
manage with standards. © 2005 DesktopStandard Corporation. All rights reserved.
LEAST PRIVILEGE COMPLIANCEIS NOW IN YOUR HANDS
In today’s corporate environment, it’s not an option. DesktopStandard’s Group Policy extensions
take you beyond built-in Windows security management, giving you the power to limit rights and privileges to
the least required for authorized tasks. Reduce the complexity of managing your distributed desktop environ-
ment while increasing security and compliance. Find out how at www.desktopstandard.com.
Project2 8/11/05 1:36 PM Page 1
| redmondmag.com | Redmond | September 2005 | 9
BY SCOTT BEKKERUp until the rechristening as WindowsVista, the client operating systemknown as Longhorn had a winding his-tory with its alpha releases, communitytechnical previews and pulled or scaled-back features that had been primarilyabout developers. With the release ofWindows Vista Beta 1, IT professionalsand managers at last can find out what’sin the OS for them.
Microsoft promised to focus on ITwith this beta, and the company deliv-ered. The Microsoft Web site is filledwith white papers detailing changesthat should benefit IT departmentswhen Windows Vista ships in late 2006.Windows Vista Beta 1 is not broadly
available—theBeta 2 will bethe end-user-
focused, large-scale version that willprobably reach hundreds of thousandsof testers. Nonetheless, with 10,000copies out through the Windows VistaTechnical Beta Program, and availabili-ty through MSDN subscriptions andMicrosoft TechNet, most IT shopshave access to the code. Indeed,Microsoft wants the code spread to ITworkers worldwide to spur faster adop-tion when Vista goes gold.
While Microsoft bills Windows VistaBeta 1 as also focused on developers,those developers clearly aren’t gettingthe volume of new information aboutthe operating system that IT depart-ments are getting. Developers havebeen kicking around WinFX, theAvalon presentation subsystem and theIndigo communication subsystem since
the Microsoft Professional DevelopersConference in 2003. The names havechanged from Avalon to Windows Pre-sentation Foundation and from Indigoto Windows Communication Founda-tion, but the code is just more polished.
The most tangible improvements IT isgetting in Windows Vista Beta 1 involvedeployment, manageability and security.
DeploymentMicrosoft’s major new features toenhance deployment are native image-based deployment and modularization.
Image-based deployment has tradi-tionally been done with third-partysoftware or other labor-intensivemaintenance processes. Microsoft istrying to reduce the complexity of theprocess by basing the installation ofWindows Vista on a file-based disk-imaging format called Windows Imaging Format (WIM), which: • Is hardware agnostic, allowing the maintenance of a single image for multiple hardware configurations• Can store multiple images within asingle image file
• Includes tools to allow administratorsto edit the images to apply operating system updates, add drivers or removeapplications, among other tasks.
Microsoft has also modularized theOS, to make it easier to deploy. Oneuseful scenario for modularization is ininternational deployments. BecauseVista treats languages as a modularizedcomponent, the English language canbe distributed to one set of computers,while French or German might go toanother group.
ManageabilityMicrosoft is investing in manageabilitytechnologies to reduce desktop supportcosts, simplify desktop configurationmanagement, enable better-centralizedmanagement and decrease the cost ofkeeping systems up to date.
One new manageability technology isWindows Resource Protection(WRP). In essence, WRP is supposedto help keep end users from hosingtheir systems, necessitating a supportincident. WRP prevents potentiallycorrupting changes to system files,
RedmondReportSeptember 2005
Windows Vista Beta Gives IT a Good ViewAdmins to get deployment, manageability and security improvements.
NewsAnalysis
Microsoft remains vague on final systemrequirements for Windows Vista. Withits Aero Glass user interface, Vista’sgraphical requirements will be high.Complicating the issue are a graduatedset of requirements, where the UIdowngrades its functionality based onthe system hardware.
“Minimum system requirements willnot be known until summer 2006 at the
earliest,” Microsoft wrote in a mediafact sheet. “However, these guidelinesprovide useful estimates:”
• 512MB or more of RAM• A dedicated graphics card with
DirectX 9.0 support• A modern, Intel Pentium- or AMD
Athlon-based PC— S.B.
SystemRequirements
0905red_Report_9-14.v5 8/16/05 9:40 AM Page 9
folders or Registry keys from anythingbut a Windows-trusted installer.
Microsoft did some work on GroupPolicy. The Group Policy ManagementConsole, first introduced as an add-onfor Windows Server 2003, will be stan-dard issue with Windows Vista. Most
new configuration settings in the OS canbe controlled via Group Policy. Anothernew feature allows for multiple LocalGroup Policy Objects on a computer forbetter flexibility when a system is shared.
Microsoft is also making efforts toincrease the amount of information in
event descriptions and providing thatinformation in XML for export to man-agement tools. Windows Vista can alsoforward events to a central location.
The tools for automating tasks alsoimproved. Many key administrativetasks are now executable from a com-mand line rather than just through theuser interface for scripting or one-to-many administration. An improvementto the Task Scheduler now allows tasksto be launched in a specific sequence.
SecurityWhile Windows XP Service Pack 2greatly improved the security of the client OS, Microsoft contendsarchitectural changes too deep foreven that huge service pack have beenmade to Vista.
A key change is the introduction of a feature called User Account Protection, which is supposed to bringthe concept of running with least privilege to reality. Most Windowsusers have Administrator privileges ontheir machines, due at least in part tothe fact that many applications won’twork properly if a user doesn’t havefull access to system resources. Thesituation poses a huge security risk,and Microsoft has tried to fix it previously, such as with the RunAs feature in Windows 2000. UserAccount Protection brings up a password prompt whenever an appli-cation attempts to operate beyond thestandard set of user permissions.
With User Account Protection,Microsoft is trying to adjust the balance between security and compat-ibility by automatically virtualizingRegistry settings and folders. Changesmade to virtualized Registry settingsand folders are visible only to thatuser account and the application theuser runs on, protecting the integrityof the computer.
Changes to the Windows Firewall inVista start with the personal firewallblocking all inbound traffic until thecomputer is updated with patches. The
RedmondReport
10 | September 2005 | Redmond | redmondmag.com |
Even though Microsoft’s focus in Windows Vista is primarily IT professionals anddevelopers, let’s face it: We all want to know what it’s going to be like to work withVista as end users.
This beta offers the first officially sanctioned opportunity to work with theMicrosoft’s Aero Glass user interface. Major themes are translucent windows,more animations and vector-based graphics that allow a user to increase the sizeof e-mails or programs on high-resolution monitors.
Folder organization is overhauled with Virtual Folders (see Figure A) that searchacross folders and display files with similar properties. The dynamic Virtual Folderscan be based on combinations of document authors, ratings, user-defined key-words and other criteria.
Icons are much different in Vista—instead of seeing a “W” for a Word docu-ment, you see a thumbnail image of the first page of the document. The thumbnailcan be resized up to 256x256 via the vector-based graphics subsystem to make itmore clear if the icon represents the sought-after document.
Microsoft sprinkled search boxes throughout the interface—everywhere from theStart Menu, where you can type in an application name to search for it and launchit, to Windows Explorer and Internet Explorer. — S.B.
An End-User View of Vista
Figure A. Folders and file icons sport a new look in Windows Vista Beta 1.
0905red_Report_9-14.v5 8/16/05 9:40 AM Page 10
Fr: saying Microsoft Exchange will always be available
To: saying it with absolute confidence
EMC CAN HELP YOU IMPROVE CONTROL OF MICROSOFT EXCHANGE THROUGHOUT ITSENTIRE LIFECYCLE. Our information storage and management solutions give you the power toimprove the availability, efficiency, and flexibility of Microsoft Exchange, while reducing risks andcosts. You gain an information infrastructure proven to work in the most demanding situations —from consolidation and e-mail archiving to Exchange 2003 upgrades. To learn more, visitwww.EMC.com/microsoftsolutions. Or call 1-866-464-7381.
Find an authorized EMC Velocity2 Partner at www.EMC.com/velocity.
EMC2, EMC, and where information lives are registered trademarks of EMC Corporation. © 2004 EMC® Corporation. All rights reserved.
Project6 2/15/05 11:46 AM Page 1
firewall is also upgraded to a two-wayfirewall and is integrated with IPSec.
Microsoft went back through Windows Services to harden them,trying to ensure that each service onlyhas rights to perform functions essential to its mission. For example,the Remote Procedure Call (RPC) service, which will be increasinglyimportant for remote access, can nowbe restricted from replacing systemfiles or modifying the Registry.
Throughout the Longhorn wave,which includes the server, Microsoft is enabling a technology called Network Access Protection, which will
quarantine clients in a special area ofthe network until patch, antivirus andpolicy compliance is confirmed.Microsoft is taking a first step byincluding an agent in Windows Vistathat will enable many of the scenariosas other pieces of the Network AccessProtection infrastructure come online.
Windows Vista is designed from theground up to help organizations movebeyond reliance on passwords.Microsoft made Vista’s authenticationcapabilities more flexible to allow forcustomized authentication mechanisms,including fingerprint scanners andsmart card login. The OS includes self-service tools for resetting smart cardPINs, and supports authentication viaIPv6 or Web services. Enhancements tothe Encrypting File System now allowstorage of encryption keys on smartcards, as well. (See the interview withMicrosoft CIO Ron Markezich on p. 56 for details on how Microsoft willmove to smart card authentication withWindows Vista.)
Beta 1 also contains the remnant of the Next Generation Secure Computing Base, or Palladium. In systems with a Trusted Platform Module (TPM) 1.2 chip, WindowsVista will fully encrypt the system volume, protecting data on lost, stolenor recycled machines from access.
Who Is Vista Beta 1 For?Analyst Michael Silver with Gartner saysBeta 1 is not for every IT department.Most organizations should do testingto understand Vista’s search capability,its new imaging and deployment features and User Account Protection.Organizations that have adopted Windows XP, even just on new PCs,
should make sure their developers havetried out the APIs but shouldn’t spendtoo much time testing functions orchecking compatibility with Beta 1.“You may wait at least until Beta 2, ifnot longer, before beginning testing inearnest,” Silver said. He expects Beta 2early next year.
IT managers at organizations thatplan to skip Windows XP, on the otherhand, should plan to begin limited,internal compatibility testing.
“After Windows Vista ships, you will have much less time than those running Windows XP to test anddeploy the new OS before independentsoftware vendor support starts waningaround 2007.” —
RedmondReport
12 | September 2005 | Redmond | redmondmag.com |
Folllow links to Microsoft white papersand other resources about WindowsVista Beta1.
FindIT code: VistaBeta1
GetMoreOnline
redmondmag.com
Internet Explorer 7 looks very different from IE5 and IE6.The facelift is apparent in the twin betas Microsoft delivered in late July—one
integrated with the OS in Windows Vista Beta 1 and the other a technical betareleased for Windows XP Service Pack 2.
Among the changes: • The Back and Forward arrows appear near the top of the browser window, with
the Address Bar right next to them.• A new Search Bar appears on the top line, just across from the Address Bar.
The Beta 1 version of the IE Search Bar gives the user an option of searchengines, including Google and Yahoo!. The optional search engines are listed alphabetically as opposed to putting MSN first.
• Between the Address and Search bars on the top line is a new Security StatusBar, which is the padlock icon Microsoft uses to flag secure transactions.
• The Windows flag is gone from the upper right to clear more space for actualbrowsing features.
• The next line on the browser includes tabs, the feature that Microsoft acknowl-edges is the “most requested” IE feature. Tabs have been a differentiating featurefor competitive browsers from The Mozilla Foundation and others for severalyears. The feature allows a user to have several pages open within one browserwindow, rather than having to toggle among multiple browser windows.
• A third line in the default browser interface includes the menu items and a collection of the basic browsing icons, such as Home, History and Print.
• Down among the third-tier icons is a new one for Really Simple Syndication(RSS). In typical Microsoft fashion, instead of using the near-universal orangesymbol with the white letters “RSS” inside, the company went and invented itsown name for IE7. Microsoft calls the feature Web Feeds and uses a littlebroadcast symbol.
Microsoft says the most radical changes to IE7’s look and feel will come in Beta 2.— S.B.
And Now for Something CompletelyDifferent: IE7
0905red_Report_9-14.v5 8/16/05 9:40 AM Page 12
What’s really at stakeWhy do we protect against viruses?
Think about it. A virus causes a computer toslow down or stop, rendering the systemless usable or unusable. That impactsproductivity and costs you and yourorganization time and money. When acomputer is infected by a virus, someonehas to clean and repair it. That too coststime and money.
From a productivity standpoint, diskfragmentation causes the same damage as avirus. A buildup of fragmentation will causea computer to slow down or even crash,resulting in lost productivity. And someonehas to spend time fixing it.
Disk fragmentation:The enemy within
There is one major difference: Virusescome from outside. Disk fragmentationcomes from inside. Even a newly-formattedPC with a fresh installation of Windowswill be moderately fragmented. (It’s true.Try it yourself and see.)
Compounding the problem is the factthat today’s drives, as well as the files westore on them, are larger than ever andgrowing rapidly. As a result,fragmentation is a bigger threat than ever.
Viruses work by attacking the weakestlink—the unprotected computer or thecareless user. Likewise, disk fragmentationattacks the weakest link: The disk drive.Disk drives and disk arrays, fast as theymay be, cannot transfer data anywhere nearas quickly as the CPU or memory. The disk
drive is the performancebottleneck, and anything thatslows down disk access slowsdown the entire system.
Protect now or waituntil it breaks?
How do you handleviruses? Do you wait until asystem is infected and thedamage is done, and thenclean and repair it? Of course not. Yet that’show many computer users and systemadministrators handle disk fragmentation.They wait until fragmentation has alreadyaffected productivity, then manuallydefragment the system. But as with a virusinfection, the damage has already beendone. (And as soon as they finish manuallydefragmenting, fragmentation begins to re-accumulate.)
Conscientious computer users addressthe virus issue proactively by installingantivirus software and updating it regularly.In a corporate environment, installation andupdates are usually automated so as toreduce the amount of administration time.
In order to avoid productivity losses,disk fragmentation must be handled thesame way—automatically. Like antivirussoftware, an automatic defragmenterprotects a system’s integrity by detectingfragmentation and eliminating it before itimpacts productivity.
The industry-leading solutionDiskeeper®, The Number One
Automatic Defragmenter™, is designedspecifically to handle fragmentationproactively. Diskeeper is a true “Set It andForget It”® utility. Like good real-timeantivirus software, it works in thebackground, virtually unnoticed by theusers. It can be centrally managed, reducingadministration time to bare minimums.
And like good antivirus software,Diskeeper pays for itself by eliminatingfragmentation-related productivity lossesand the need to repair them.
You’re already under attackHere’s the clincher: Your systems may
never face the threat of a virus. Antivirussoftware is insurance, just in case.
But your systems do face the threat offragmentation—every day, every hour,even as you read this.
Are you protected?
ADVERTISEMENT
Fragmentation can have a disastrous effect on system reliability.
Protect your systems against the threat of fragmentation.Try Diskeeper free for 30 days
www.diskeeper.com/redmond4For volume license pricing and government or educational discounts, contact your favorite reseller
or call 800-829-6468 reference number 4327
The Number One Automatic Defragmenter
©2005 Diskeeper Corporation. All Rights Reserved. Diskeeper, The Number One Automatic Defragmenter, Set It and Forget It, the Executive Software logo and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper Corporation in the United Statesand/or other countries. Microsoft and Windows are either registered trademarks or trademarks owned by Microsoft Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com
OVER 17 MILLION LICENSES SOLD
A bigger threat than viruses?Why disk fragmentation is poised to outpace the virusas the biggest threat to productivity
Project5 7/6/05 12:42 PM Page 1
RedmondReport
14 | September 2005 | Redmond | redmondmag.com |
Big Guns Coming to PDC 2005Microsoft will be sending itsbiggest guns to the MicrosoftProfessional Develop-ers Conference(PDC) 2005 in LosAngeles this month.Chairman and ChiefSoftware ArchitectBill Gates is sched-uled to deliver theopening keynote onSept. 13. “Mr. Win-dows” Jim Allchin(formally group vice presidentfor platforms) follows Gates.Next comes Eric Rudder, who assenior vice president for serversand tools is in charge of theVisual Studio product line of somuch interest to PDC atten-dees. Rudder is also the guy theNew York Times fingered in aspeculative May article as oneof the most likely Microsoftexecutives to take over thecompany if Gates and SteveBallmer ever retire. For therecord, Microsoft’s other PDCkeynoter, Senior Vice Presidentof Office Steven Sinofsky,earned a mention in the Times
piece as another potential topcandidate. The show runs fromSept. 13-16, with the Microsoft
executives speakingon the first two days.This all assumes thatone of Southern Cali-fornia’s notorious nat-ural disasters, like thewildfires that plaguedthe 2003 PDC, won’tkeep Microsoft’s bignames away.
“Launch” DefinedIf, like us, you were confused thatBizTalk Server 2006 was launchingat the same Nov. 7 event as SQLServer 2005 and Visual Studio2005, wonder no more. In releas-ing the Beta 1 version of BizTalkServer 2006 a few weeks ago,Microsoft clarified that “launch”will mean different things for different products in this case. SQLServer 2005 and Visual Studio2005 are both on track to Releaseto Manufacturing (RTM) later thisyear, with general availability coming around Nov. 7. BizTalkServer 2006 will RTM in the firstquarter of 2006.
Talk to the CursorSeeing a coworker talking to hiscomputer may no longer be asure sign that he’s lost it. In amove to take computer speechrecognition mainstream,Microsoft announced that thetechnologies will be integratedinto a future version of MicrosoftExchange Server—one of themost ubiquitous applications onthe planet. So far, Microsoft’sspeech technology efforts havebeen mostly vertical, focusing oncall centers and interactive voiceresponse markets. The plan is toprovide broad capabilities forunified messaging in Exchange.Microsoft did not specifywhether it would attempt toready the technology for the nextrelease of Exchange, theExchange 12 release currentlyplanned for sometime in 2006.
Battlefield: Virtual Earth,Round 2Microsoft fired back in what isshaping up to be the coolestsoftware battle in years—Microsoft’s and Google’s duelover who can provide the mostcomprehensive and useful inter-active map of the world. GoogleEarth went into beta in early July(see Redmond Report’s August2005 EventLog); Microsoftanswered with an MSN VirtualEarth beta later the same month.If you haven’t downloaded thesebetas already, you can find themat http://virtualearth.msn.comand http://earth.google.com.
— Scott Bekker
EventLog
More Goodies for Software AssuranceLater this month, Microsoft plans to unveil a “Next Generation of Software Assurance.” Microsoft is promisingbetter value for SA, but won’t say anything beyond that. A source familiar with the company’s plans says thechanges will include a group of additional benefits, similarto the slate of benefits added to SA in September 2003.Four webcasts are scheduled for Sept. 15, with the firststarting at midnight Pacific Time. The webcast sign-uppage is http://microsoftsoftwareassurance.savvislive.com.
A roundup of Windows-related happenings
Eric Rudder
0905red_Report_9-14.v5 8/16/05 9:40 AM Page 14
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��� � � � � � � � � ��� � � � � �� � � � � � � � ����� � � � � � �� �� �
���� �!"����!������# ��������""$
%������&������'())�������*����������������������� ���
Project6 8/2/05 11:24 AM Page 1
BY DANIELLE AND NELSON RUESTMany companies have devel-oped software deploymenttools, but few have done it assimply as Special OperationsSoftware. That simplicity iswhat makes Specops Deployso attractive.
When Microsoft firstdeveloped Active Directorytechnology more than fiveyears ago, it included theability to deploy software aspart of the IntelliMirrorstrategy for Windows 2000.Microsoft then proceeded tobuild and upgrade SystemsManagement Server (SMS)
to version 2003, leaving AD’ssoftware deployment capa-bilities as they were.
Microsoft’s approach wasthat you could use AD forsoftware deployment, butyou wouldn’t have specialfeatures like delivery report-ing, legacy software delivery,bandwidth control anddelivery server control. Ifyou wanted these features,you’d have to upgrade anduse SMS.
The problem with thisstrategy is that if you’vealready gone through allthe work it takes to set upan AD architecture, placedomain controllers (DCs)strategically throughoutyour network and makesure data replication isworking properly betweenall the DCs, you’d have toscrap it and start over againwith the SMS architecture.That’s the beauty ofSpecops Deploy: There’s noadditional architecture tobuild because it piggybackson the AD architecturealready in place.
Specops Deploy is a set ofAD-integrated additions.Make a couple of changes tothe Group Policy Object(GPO) editor, some GPOclient-side extensions, and anew set of services for thedeployment server andyou’re done. It can be assimple as that if you’d like.
If you want to make sureyour deployment practicesare as fine-tuned as possible,you’ll probably want to addmanaged delivery servers, setup through the distributedfile system (DFS). You mightalso want to make sure theBackground Intelligent
Transfer Service (BITS) version 2.0 is loaded on yourclients. You can do thisthrough Specops, and it willhelp control bandwidthusage during deployments.
Installing Specops Deployis much simpler thaninstalling SMS. The tabs on the startup screen (see Figure 1) tell you what todo and guide you throughthe process. You’ll need theMicrosoft Message Queu-ing service (MSMQ) andyour original WindowsServer 2003 installationCD. Besides that, it’s abreeze. For a database, you
| redmondmag.com | Redmond | September 2005 | 17
ProductReviewDeployment Done RightSpecops Deploy 3.0 puts you on the right road to effective software deployment with Active Directory.
Installation: 20% _______ 10Features: 20% __________ 7Standards: 10% ________ 10Deployment: 20%_______ 10Support for Delegation ofAdministration: 20% _____ 9Documentation: 10% ____ 7
Overall Rating: 8.9________________________
Key:1: Virtually inoperable or nonexistent5: Average, performs adequately10: Exceptional
REDMONDRATING
Specops Deploy, version 3.0$1,900 for 100 workstations or servers (includes oneyear of maintenance)
Special Operations Software
303-524-1010www.specopssoft.com
Figure 1. You install Specops Deploy through a simple tab-basedinterface that guides you through the required steps.
0905red_ProdRev17-24.v8 8/16/05 9:26 AM Page 17
Go to www.Lucid8.com/GOexchange– review the Whitepapers and CaseStudies, then evaluate GOexchange,and get a FREE t-shirt.*
*see website for details
• Degraded performance• Questionable stability• Bloated message store• Erratic and strange behavior• Multiple errors and warnings• Deleted items still intact
Exchange Database Before
Exchange Database After
• Optimized message stores• Reduced store size by 38%• 1557 errors removed• 232 warnings corrected• Increased performance & stability• Deleted items completely removed
Reactive vs. Proactive SolutionsReactive and archive solutions only protect you if yourExchange databases are healthy. But the Exchangedatabase is the Achilles heel of the entire operation.Therefore, the key to preventing server failure is toimplement a proactive solution that ensures the health,stability, and optimization of the Exchange databases.
Protect Yourself with GOexchangeGOexchange, from Lucid8, is the only automatedpreventative maintenance solution for MicrosoftExchange 5.5, 2000, and 2003 that prevents disasters,repairs problems and improves performance. GOexchangeminimizes unplanned downtime, checks and correctserrors, and increases performance and stability byrebuilding indices and reducing the size of your Exchangeinformation stores by 30 to 55%.
See for yourself why organizations worldwide areimplementing GOexchange. Download your FREE demonow at www.Lucid8.com, or call 425.451.2595.
As an administrator, you understand the mission-critical nature of the collaborative informationthat flows through your Exchange servers. In today's dynamic business environment, your serversare strained to the limit, and failure is not an option.
Prepared for the Worst?To protect the information flow and minimize the cost of unplanned Exchange server downtime anddata loss, organizations devote enormous resources to reactive solutions such as continuousback-up, monitoring, and high-availability systems. Many organizations also implement Exchangearchive solutions to comply with legal and other regulations such as HIPAA and Sarbanes – Oxley.
Reactive measures won’t prevent a disaster, repair problems or accelerate performance.
Are You PreventingFailure, or Just
GOexchange is Your
Project1 5/6/05 10:18 AM Page 1
Analyst Perspectives
See For Yourself.GOexchange Automated Maintenance is the bestsolution. Read what other industry analysts andcustomers have to say by going to
Analyst Perspectives
Unique and Valuable. According to IT researchfirm META Group, close to 20 percent ofunplanned Exchange downtime is due tocorruption of the database or Active Directory."It's possible to do what GOexchange doesmanually," said META Group analyst Matt Cain,"but you have to be a wicked smart Exchangedatabase guy to do it properly." According toCain, Lucid8 is alone in providing thisfunctionality. "It's one of those rare caseswhere they have something unique and valuable."
Matt CainSenior VPContent & Collaboration StrategiesMETA Group
Business Productivity. "Today's information workerrelies on email and the telephone for nearlyall business communication and collaboration,"said Mark Levitt, vice president for CollaborativeComputing at IDC. "When email goes down, sodoes a worker's ability to interact withcolleagues, customers and partners. Avoidingbusiness productivity losses by ensuring thatMicrosoft Exchange Server remains up andrunning is what GOexchange is all about."
Mark LevittVP, Collaborative ComputingIDC
Leverage the powerful features of GOexchangeand Get Your Life Back…
Centralized Management, Scalable, and Easy to UseWith its centralized management console, and robustarchitecture capable of scaling to hundreds ofservers and its superior ease of use, GOexchange canquickly address the demands of even the most dynamicIT environments.
Scheduling and NotificationSchedule jobs for any server within your organizationto automatically take place on specific days, times,and intervals. Notify specific persons, all membersof a group, or the entire organization of an upcomingor completed maintenance. GOexchange works24x7x365 so you don’t have to!
Advanced Concepts and ConfigurationGOexchange understands advanced concepts likeclustering, and you can configure a job to maintaina server, targeted individual stores, or groups of stores.
SecurityGOexchange takes full advantage of Microsoft’ssecurity model to ensure that only authorized ExchangeAdministrators have access to its powerful features.
Backup IntegrationRun a backup job before and after maintenance withsolutions from CA, VERITAS, UltraBac, CommVault and more.
ReportingDetail and summary maintenance reports by server orjob name.
Analyst Perspectives
Exchange Server Preparing for It?Automated Maintenance Solution.
Project1 5/6/05 10:12 AM Page 2
can use the built-inMicrosoft SQL ServerDesktop Engine (MSDE)database or point it to anexisting SQL Server 2000database server. Once thisstep is complete, you’reready to go.
Because Specops runsthrough Group Policy, itwon’t work with or managemachines running versions ofWindows prior to Windows2000. One nice feature ofSpecops is that unlike AD’sbasic deployment features, itsupports legacy softwaredeployment, not just MSI orWindows Installer-basedsoftware. And because it’sbased on AD, it doesn’t needto run a physical inventory todiscover target devicesbecause they’re already listedin the directory. It’s reallythat simple.
Stand and DeliverDelivering software withSpecops Deploy is astraightforward process.
Select or create a GPO,identify the targets (com-puters, users, groups orsites), select the package anddeploy. It’s as easy as 1-2-3(see Figure 2), and youwon’t need to learn any newtools because you’re doingit through Group Policy.
For larger organizations,Specops has a special admin-istrative console you cansend out to operators to del-egate software distributionduties. This lets you haveadditional operators manag-ing software deployments,
even if they don’t have accessto the Group Policy con-soles. Specops also providesgreat reporting on softwaredelivery. Reports let you drilldown on any issues so youcan see exactly what hap-pened and why.
There are a couple ofcaveats. First, Specops runs through GPOs. Thatmeans it uses the default 90-minute GPO refresh
policy on workstations andmember servers. If you wantyour deployments to happen faster, you mightconsider changing thisdefault AD setting. Also,Specops doesn’t yet includean inventory module fortracking information likemanufacturer, processor,software installed and so on. However, Specopsclaims that a fully functionalinventory option will bepart of the next release.
Specops begins the installa-tion process by downloading
the installation files to thelocal machine before actuallyinstalling the software. Ifyou’re using BITS 2.0, thisshouldn’t be a problembecause it trickles down theinstallation, being wary ofbandwidth. That’s why it’simportant to deploy BITS2.0. Once on the worksta-tion, you can either leave theinstallation files intact orremove them. The former isuseful for mobile computersthat need access to originalinstallation files when some-thing goes wrong andthey’re no longer connectedto the corporate network.
Overall, Specops Deploy isa simple and straightforwardsoftware deployment tool. Itoffers a number of advan-tages over Microsoft’s SMS: •Deploy uses AD to the
fullest, returning some of the investment youmade to set it up in the first place.
•Because it runs throughAD deployment, it fullysupports automated uninstalls when computersfall out of the scope of
management. With SMS2003, you need to create anew deployment job toremove software.
•At $19 per machine, it’sinexpensive.
•It uses either existingtools (the GP Editor) or aseparate, easy-to-use console that requires littleoperator retraining.
•It supports WindowsInstaller on mobilemachines (SMS 2003 needsto be configured).
•It uses existing serverlocator records stored inAD, so unlike SMS 2003,it doesn’t require anyschema extensions.
•It provides excellent feedback on softwaredeployment in a very simple way and in real time.Special Operations
Software is in a small groupof Active Directoryproviders that know how toadd value without addingcomplexity. Microsoftshould take a long hardlook at this product andthink about why it madeSMS as complex as it did.Sure, SMS has to supportlegacy networks: Onceyou’ve moved beyond Windows 2000, though,why not use a native ADdeployment tool?—
Danielle Ruest and NelsonRuest, MCSE, MCT, MVP,write books focusing on systemsdesign, administration andmanagement. They run a con-sulting company that concen-trates on IT infrastructurearchitecture and change andconfiguration management.You can reach them at [email protected].
ProductReview
20 | September 2005 | Redmond | redmondmag.com |
Overall, Specops Deploy is a simple andstraightforward software deployment tool.
Figure 2. Specops Deploy works through the Group Policy Editor orits administration client (as shown here). Either way, the interface issimple and straightforward.
0905red_ProdRev17-24.v8 8/16/05 9:26 AM Page 20
Project5 8/8/05 3:00 PM Page 1
BY CHAD TODDProtecting your Web serverswith a strong firewall andantivirus software updatedwith the latest virus signa-tures might have been suffi-cient a couple of years ago,but it just isn’t enough thesedays. You need somethingthat will take a more intelli-gent and comprehensiveapproach to protecting yourservers. Screening for both known and unknown threatsis the best way to go.
Privacyware’s Threat-Sentry is a host-basedintrusion detection andprevention applicationdesigned to do just that.It will exclusively protectWindows IIS 5.0 and 6.0servers by screening allincoming traffic and denying any it considersuntrustworthy.
ThreatSentry protectsagainst known vulnerabilitieslike buffer overflows, remotedata services, directory traversals, parameter manipu-lations and parser evasions bycomparing traffic accessrequests to a knowledge baseof known exploitive and hacking techniques. It alsoprotects against unknownvulnerabilities by denying anytraffic considered differentfrom the normal activity onyour server.
Easy InstallationThere are only a few screensthat require your input during the installationprocess, so installing and con-figuring ThreatSentry is quiteeasy. Privacyware has alsoproduced a helpful “gettingstarted” guide to walk youthrough the process. I had thesystem installed and runningin less than five minutes.
You’ll need administrativerights to your server toinstall ThreatSentry. Youwon’t have to reboot theserver to complete theinstallation, but you will
have to reboot to fullyenable ThreatSentry’s fire-wall feature. IIS will also berestarted during installation.In addition to local installs,
ThreatSentry also supportsnetwork installs.
After the initial reboot,ThreatSentry runs in training mode. During this time, the system is constantly analyzing andorganizing requests to create a baseline of “nor-mal” activity. While thesoftware is “training” itself,you can go into the Threat-Sentry Management Con-sole (see Figure 1) to lookat all the data collected. Youcan also closely examineeach record and classify itas trusted or untrusted.
ThreatSentry will giveeach record a default classification based on therequest characteristics. It’simportant to carefully manage this process to make sure your baselineassessment is accurate.ThreatSentry will also recommend how manyrequests it will need to scrutinize to arrive at aneffective baseline. The recommended ranges arebetween 250 and 2,500requests. You could also manually enter any numberyou want. After ThreatSentryreaches whatever numberyou’ve established as thetraining threshold, it will automatically shift from Training Mode to Monitoring — Active Mode.
En GardeWhen ThreatSentry is running in Monitoring —
ProductReview
22 | September 2005 | Redmond | redmondmag.com |
Figure 1. ThreatSentry’s Management Console lets you checkout the data it’s gathering and classify whether or not traffic iscoming from a trusted source.
At less than $100 per server, how can youafford not to give your Web servers that levelof protection?
Guard the DoorThreatSentry protects IIS servers from both known and unknown types of attacks.
ThreatSentry 2.0$99 per server
Privacyware
732-212-8110www.privacyware.com
Documentation: 15% __ 7.5Installation 10% _________ 9Feature Set: 35% ________ 7Performance: 30% _____ 7.5Management: 10% ______ 9
Overall Rating: 7.6__________________________
Key:1: Virtually inoperable or nonexistent5: Average, performs adequately10: Exceptional
REDMONDRATING
0905red_ProdRev17-24.v8 8/16/05 9:26 AM Page 22
IS YOUR WIRELESS MESSAGING GOOD TO GO?
It can be with the Palm® Treo™ 650 smartphone.
GoodLink™ software on the world-class Palm Treo smartphone
puts the familiar look, feel, and functionality of Microsoft®
Outlook® in your pocket. So, your calendar, contacts, and
e-mail are with you everywhere you go.
Get GoodLink FREE for 30 days on the Palm
Treo smartphone.
Call 877-346-6306 or visit www.good.com/freetrial.
What’s more, with Good and Treo, you can wirelessly
enable CRM, ERP, SFA, and other business applications.
All with enterprise-class security, role-based administration,
and true over-the-air provisioning and management.
©2005 Good Technology, Inc. All rights reserved. Good, the Good logo, GoodLink, GoodAccess, and “Information at the point of business” are trademarks or registered trademarks of Good Technology, Inc. All other trademarks are property of their respective
owners. Screen image simulated. Palm and Treo are among the trademarks or registered trademarks owned by or licensed to Palm, Inc. Third-party software sold separately. Requires wireless data services and ISP sold separately.
rdmond_mag_50052_02jw.indd 1 8/8/05 5:10:57 PM
Project2 8/11/05 12:51 PM Page 1
Active mode, it’s activelymanaging traffic coming intoyour server. It detects andblocks any threats accordingto established parametersand lets you know what hasbeen blocked.
To use ThreatSentry tosimply monitor yourinbound server traffic, youcan put it into Monitoring— Inactive Mode. Thismode detects and notifiesyou of threats, but doesn’tactually block the traffic. Youmay want to use this modeto see what type of trafficwould be blocked once thesystem is in active modewithout actually blocking it.Once you’re comfortablewith the types of trafficbeing blocked, you canswitch to Monitoring —Active Mode.
The ThreatSentry Management Console has aSecurity Alert Log sectionthat shows all untrustedevents. It also displays thetime, source IP address,source name, target IPaddress, HTTP operation(get, delete and so on) and
target URL by default. Thereare seven other columns youcan add to the view.
You can sort through thissecurity data by any of thecolumns to make it easier tofind whatever parametersyou need. It’s important tolook through this event dataon a regular basis andreclassify as needed. Byright-clicking on any par-ticular event, you canreclassify it as trusted.Alternatively, you canchoose to block all futurerequests from the source IPaddress. Actively managingthe status of your alertsensures that ThreatSentrywill always be properlytuned for your environment.
Security Alerts and NotificationThreatSentry provides on-screen notifications asevents are triggered. Thealert window shows thename of the computer beingcompromised and a descrip-tion of the untrusted event.You can simply click OK toaccept the notification
without taking action, stopthe connection or restart IISfrom within the alert win-dow. You can also configureThreatSentry to list the 20most recent security alertswhen an alert is issued. Thiswill appear as a separate window with every alert.
E-mail and SMS alertingare built into the product.Setting up the e-mail alert-ing couldn’t be easier: enteran SMTP server, a destina-tion e-mail address oraddresses, and an originatingaddress. You’ll also need tomake sure that your Threat-Sentry machine can relaythrough your mail server.For SMS alerting, chooseyour mobile carrier and typein your phone number.
No Help Necessary—But AvailableThreatSentry is easy to useand configure. The interfaceis well designed and therearen’t too many options so asto be confusing or difficultto learn. It’s fairly obviouswhat each option does with-in the management console.
If you do need help,Privacyware provides a 55-page manual in a PDF-format file. I didn’t find the documentation to be verytechnical in nature, but it did
answer all the questions I had.It also provides screen shotswith explanations of all thescreens within ThreatSentry.I found this format easy tofollow and understand.
Stealth ModeI ran ThreatSentry on my testWeb server for about threeweeks and never had anyproblems—in fact, unless Ilogged onto the console, Ididn’t even notice it was thereand running. This is howgood IDS software shouldfunction. It should be invisi-ble to everyone except theperson looking at the alerts.
In my opinion, the bestthing about ThreatSentry is the price. At less than$100 per server, how canyou afford not to give yourWeb servers that level of protection?—
Chad Todd, MCSE: Messaging,MCSE:Security, MCT, is theco-author of MCSA/MCSEManaging and Maintaining aWindows Server 2003 Environment: Exam 70-290Study Guide & DVD Training System. He is the co-owner of Training Concepts,which specializes in Windows,Exchange, ISA and Cisco training and consulting. Reachhim at [email protected].
ProductReview
24 | September 2005 | Redmond | redmondmag.com |
To filter traffic coming through your Web servers withThreatSentry, you’ll need the following levels of hardwareand software:• 700MHz Pentium III or faster• 128MB RAM • CD-ROM drive (for installing from CD) • 10MB of free disk space • Windows 2000 Professional, Server or Advanced
Server with Service Pack 3 or higher• Windows XP• Windows Server 2003 Standard Edition or
Enterprise Edition• IIS installed and configured
System Requirements
ThreatSentry 3.0, which should be available as early asthis month, will include the following enhancements:• Improved security alert reporting and auditing• Expanded security alert notification filters• Enhanced blocked IP address management • Improved DDOS and brute-force attack protection • Integration with Microsoft Operations Manager
What’s Next
0905red_ProdRev17-24.v8 8/16/05 9:26 AM Page 24
NTAVO 101 for Windows® ApplianceFinally, A Low-Cost Alternative to Citrix®
Whether you use Citrix, a VPN, or some other approach, secure
remote access solutions are expensive, complex, and difficult to
implement and manage. The NTAVO 101 for Windows Appliance does
the job at up to 90% lower cost per user and with 99% less demand on
your IT staff. You can have secure, high-speed communications from PCs
and thin-client systems to enterprise-wide Windows applications in minutes
and with no modifications to your servers, applications, or your enterprise network.
It’s the ultimate companion to Windows® Terminal Services. For $49.95/user.
Visit ntavo.com 1.888.524.9382 [email protected]
© 2005 Devon IT, Inc. NTA Virtual Office is a trademark of Devon IT, Inc. All other products and trademarks referred to are property of their respective owners.
Project1 6/6/05 10:42 AM Page 1
¨
REAL SECURITY REAL CROSS-PLATFORM REAL SUPPORT OPTIONS
Project3 4/11/05 4:19 PM Page 1
Microsoft AntiSpyware With a new beta just released, Microsoft’sAntiSpyware software (code-named“Atlanta”)—which it acquired from Giant Software—is functional and welldesigned. Unfortunately, it has beendogged by accusations that it deliberatelylets through spyware from certain companies—an accusation Microsoftvehemently denies.
The software seems effective to me. Ithas trapped a number of spyware infes-tations in the past few weeks and regu-larly updates itself behind the scenes.Expect this product to ship sometime inlate 2005. Microsoft’s plans call for a freerelease to consumers. Licensing for busi-nesses has not yet been announced.
Windows Vista The much-talked-about new version ofWindows is becoming more renownedfor features that have been dropped—like
WinFS and Microsoft Shell (MSH, orMonad)—than features that are stillincluded. Microsoft recently picked thesomewhat fruity-sounding WindowsVista as the new name for the productformerly code-named Longhorn.Frankly, it sounds more like the name fora new hybrid from Toyota, but we shallnot dwell upon mere names.
Much of the world is still getting itsfirst look at Longhorn—sorry, I meanVista—after an early August beta release.The big news is the new developer tech-nologies, heavily centered on managed.NET Framework-compatible code, aswell as a handful of highly publicized fea-tures like Desktop Search.
Vista is more likely to see faster uptakethan Windows XP, mainly because bythe time it ships in late 2006, XP will bepushing five years old and the worldwill be chomping at the bit for a newversion of Windows. Microsoft’s biggestchallenge for Vista is to make it assecure as humanly possible, a taskdoubtlessly made more difficult by all thenew technology being built into and ontop of the aging Windows NT platform.
SQL Server 2005 Because it’s also replacing a five-year-oldproduct, SQL Server 2005 (code-named
“Yukon”) is also likely to see fast adop-tion. The big news in Yukon is massiveintegration with Visual Studio 2005,including embedding the .NET Frame-work Common Language Runtime(CLR) into the SQL Server engine.As a result, you can now write storedprocedures and other database objectsin managed code as well as the native
Transact-SQL (T-SQL) language. Theidea behind all this integration is tospeed development and make databaseapplications more flexible.
Yukon, which is still referred to asYukon, also ships with a host of manage-ment and performance improvements.It has shaped up into a solid releasethrough a series of community tech-nology previews (CTPs) rather thanthe traditional beta releases. New editions—including SQL Server Expressand SQL Server Workgroup Edition—provide price points for smaller applica-tions, which should help to make SQLServer more ubiquitous. Look for SQLServer 2005 in November.
Visual Studio 2005 Releasing along with Yukon in November, Visual Studio 2005 (code-named “Whidbey”) is going to be morethan a new version of the language(chock-full of tools developers will love,as well as the aforementioned tight inte-gration with Yukon). It also introduces anew version of the .NET Frameworkitself. Version 2.0 will provide new capabilities for enterprise development.Fortunately, the Framework’s designmakes backward compatibility a cinch.The new version won’t replace the current 1.1 version, but rather sit along-side it so current .NET applications willcontinue to run just fine.
Windows Server 2003 R2November will be a busy month forMicrosoft. You’ll also see Release 2 ofWindows Server 2003. Rather than a
What I Beta Tested on MySummer Vacation
here are so many Microsoft products in various stagesof beta testing that I thought it would help to giveyou a back-to-school roundup. Here’s a look at what’s
coming, when it’s coming and why you should care.T
BetaManDon Jones
The software described here is incompleteand still under development; expect it tochange before its final release—and hope itchanges for the better.
BETAMAN’S ROUTINE DISCLAIMER
| redmondmag.com | Redmond | September 2005 | 27
Microsoft’s biggest challenge for Vista is to make it as secure as humanly possible, a task doubtlessly made more difficult by all the new technology being built into and on top of the aging WinNT platform.
0905red_BetaMan27-28.v6 8/16/05 9:18 AM Page 27
28 | September 2005 | Redmond | redmondmag.com |
completely new version, R2 incorporatessome new features that add to Win2003’scapabilities (see “What’s New in R2,”Windows Insider, July 2005). Notableimprovements include an enhanced Distributed File System (DFS), much-anticipated new Print ManagementConsole (PMC), improved StorageResource Management (SRM), ActiveDirectory Federation Services, moreUnix/Linux interoperability (includingIdentity Management, a Network FileSystem provider and a subsystem forUnix applications), Active DirectoryApplication Mode (AD/AM), and version 2.0 of the .NET Framework.The R2 beta is available now.
Virtual Server 2005 Service Pack 1This is due for release any time now.Virtual Server 2005 Service Pack 1(VS2005 SP1) introduces 64-bit hostsupport for VS2005 (see “Virtual ServerGrows Up,” Beta Man, July 2005). Thatmeans you can use host boxes with gobsand gobs of memory—not to mentionthe fast, new dual-core 64-bit Opteronprocessors from AMD. If you ownVS2005, install the service pack.
Internet Explorer 7Nowhere is Microsoft’s ability to turn ona dime exhibited more clearly than withIE7, a product that Microsoft onceassured us would never exist outside of anew version of Windows. However, withsecurity problems continuing to plagueIE and Mozilla’s Firefox browser eatingaway at IE’s market share, IE7 becametoo strategically important to wait for
Longhorn—I mean Vista (we’ll havesome fun with this name). Expect tabbedbrowsing, RSS feeds and a “low-rightsIE” feature to help improve security.
As you may expect, much of IE7 willfocus on security to help combat itsheavily tarnished reputation. There willbe an overhaul to IE’s Security Zones,which most technically inexperiencedusers find completely baffling. The newIE7 will be a free upgrade, but will onlybe available for WinXP (and possiblyWin2003), which is a shame for theWindows 2000 users. A beta should beavailable by the time you read this.
IE7 will not be the full IE beingshipped with Vista. That version willinclude advanced graphics capabilities,new features and will be integrated intoVista’s search technology. It will also bemore secure, as it can rely on securitymeasures being implemented in theoperating system itself.
Office 12 and Groove 4No one knows much—even internallyat Microsoft where planning is stillunderway—about Office 12 andGroove 4. I mention these productstogether because with Microsoft’srecent acquisition of Groove Networks,we know Groove is going to see somemajor integration with Office.
Office 12 is more defined, because it’son a release track to coincide with Vista(I bet they’re going to name it OfficeVista). Microsoft has been remarkablytight-lipped about new features. We doknow Office 12 will run on older versions of Windows, not just Vista.Obviously, Outlook 12 will align withnew functionality in Exchange 12.Expect Office 12 sometime in the Vistatimeframe (late 2006), with betas in late 2005 and mid-2006. Groove willprobably begin factoring into that releaseschedule at some point, as well.
Exchange 12Microsoft has been more open aboutnew features coming in Exchange 12.Edge Services will improve security,including the current Intelligent Message Filter technology. Automaticsetup of Outlook profiles will help centralize and automate provisioningfor new clients. There will also bescripting for all Exchange Service Man-ager components, continuous backup(through replication to a secondarydatabase), policy-based configurationcompliance management, improvedcalendaring, a 64-bit edition andincreased store limits.
Exchange 12 will ship with the firstversion of Monad, the Microsoft Shell(MSH) that was originally slated forrelease with Longhorn—sorry, Vista—but is now pushed back. Every compo-nent of Exchange will be scriptablethrough MSH, which Microsoftintends to help improve systemautomation and administration. Expectto see Exchange 12 in late 2006.
Audit Collection ServicesMicrosoft’s solution for consolidatingsecurity log entries from multiple servershas a secure agent-server architecturethat helps prevent both spoofing andimproper configuration. It also providescentralized security event reporting.Unfortunately, Audit Collection Services(ACS) seems to have dropped offMicrosoft’s radar. I was hopeful that ACSwould make it into Windows Server2003 R2, but that doesn’t seem to havehappened. At this point, I can’t help butwonder if ACS has been pulled back forre-development as a commercial productor inclusion in some other project.—
Don Jones is a contributing editor for Redmond magazine and the founder of ScriptingAnswers.com, a Web site forautomating Windows administration.His most recent book is Managing Windows with VBScript and WMI(Addison-Wesley). You can reach him at [email protected].
BetaMan
Beta Man was busy this summer—go toRedmondmag.com to read more aboutthese betas and about Windows XPMCE and Windows Media Player 11.
FindIT code: SummerBeta
GetMoreOnline
redmondmag.com
If you own VS2005, installthe service pack.
0905red_BetaMan27-28.v6 8/16/05 9:18 AM Page 28
BY EMMETT DULANEYWhile Linux is slowly making inroadsonto the desktops of corporate America,its presence there is really nothing new.It has long been a behind-the-scenesworkhorse running on many of theservers that power the IT backbone ofthose same companies. Its initial accept-ance on the server side and among theopen source enthusiast crowd far out-
stripped its acceptance on the corporatedesktop side—primarily due to thesheer volume of corporate desktopapplications available for Windows.
We have already reviewed severalLinux desktop variants that are readyfor prime time and poised to take onany of the deeply engrained desktopversions of Windows (see RedmondRoundup, “Desktop Linux: Ready for
Prime Time?” June 2005). This time,we focus on the server side.
We’ve examined four variations ofLinux and Unix server operating sys-tems for Intel platforms that go head-to-head with Windows 2000 Server and Windows Server 2003. Two of the products are Linux variants—Red HatEnterprise Server 4.0 and SuSE LinuxEnterprise Server 9.0. The other two—OpenServer 6.0 and Solaris 10—areactually classified as Unix. We includedOpenServer and Solaris because theyalso run on the Intel platform anddirectly compete with the other Linux
operating systems we’ve reviewed.Another similarity these four packages share is their utilitarian
presentation. You wouldn’tpurchase any of theseLinux/Unix operating systems because they comewith an elaborate manualand pretty packaging. Infact, none of them havetrue, current printed refer-ence documentation. Theyall include useful online
documentation, however, andthus earned the same score for
that category.To best compare apples to
apples and make the testing plat-forms and processes as similar as
possible, I followed the same set ofinstallation procedures before I got
rolling. For every one reviewed here,I first installed the operating system.Then I added and configured theApache Web server. I chose Apachebecause it comes with each of these
30 | September 2005 | Redmond | redmondmag.com |
Linux Living in a Windows WorldIt may be nowhere near as prevalent on the desktop, but Linux isno stranger to running servers.
RedmondRoundup
ILLUSTRATION BY ED LUTERIO
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 30
operating systems and is the most likely component one would add to aLinux/Unix-powered server (see thesidebar “Why Apache?” on p. 38).
You Can Leave Your Hat OnRed Hat Enterprise Server 4.0To many IT managers, “Linux server” issynonymous with “Red Hat server.” Asgrandiose as that may sound, this speaksvolumes about the popularity of thecompany and its products. Red Hat hasbeen a pioneer in promoting Linux anda true innovator in a number of otherareas like certification and developingan accepted package manager.
When you start installing Red HatEnterprise Server, you’ll choose betweena graphical- or text-based method (seeFigure 1). Being a fan of getting thingsdone as quickly as possible, I first triedthe text-based installation a couple oftimes. I kept getting into a jam where theinstallation routine told me an error hadoccurred, but then it exited without giving me any opportunity to go back orany other options to try and circumventthe error.
So I tried the graphical installation rou-tine, which ran smoothly. I didn’tencounter any errors until it asked me toswap CDs. I had downloaded and burneda set of four CDs from its site, yet it did-
n’t identify any of them as being CD No.2. Eventually, I was able to get around theproblem, but it wound up being anunnecessary time-killer.
After you install services on yourmachine, you can choose which of thoseservices others will be able to usethrough a simple radio button interface.One of those choices is “Web Server(HTTP, HTTPS).” Selecting this serv-ice only installs part of what it needs tofunction as a Web server. You have toinstall the HTTPS package later.
One thing I found particularly valuablewas how easy it is to install the SecurityEnhanced Linux (doing so is actuallyenabled by default). This essentiallyhardens the server. If you don’t want tocompletely install this, you can choose todisable it. You can also choose the Warn
status, which acts as a middle state. WithWarn, policies are not fully enforced inall cases and you are warned when theyare denied.
One thing I found annoying is theneed to enter a subscription numberafter the first reboot. Obviously, youcouldn’t have the number e-mailed tothis system because you’re installing anoperating system from scratch. Thiseliminates any cut-and-paste possibili-ties for a 16-digit number combiningnumbers and letters. I typed the num-ber in from the e-mail I printed fromanother machine only to keep gettingtold that the number I was e-mailed wasalready in use for another subscription(perhaps it thought the failed installswere another subscription). Again, thesolution, which ended up being to sim-
Red Hat Enterprise Server 4.0
$349 per year for Basic Edition$799 per year for Standard Edition
Red Hat Inc.
919-754-3700
www.redhat.com
SuSE Linux Enterprise Server 9.0
Pricing starts at $899 per year for oneserver, 16 CPUs
Novell Inc.
801-861-7000
www.novell.com
SCO OpenServer 6.0
$599 for Starter Edition$1,399 for Enterprise Edition
The SCO Group Inc.
801-765-4999
www.caldera.com
RoundupIn this
Documentation 15%Installation 25%Feature Set 20%
OVERALL RATING
7 6 8 8 8 7.4
7 8 8 8 9 8.1
7 10 6 8 7 7.8
Performance 20%M
anagement 20%
| redmondmag.com | Redmond | September 2005 | 31
Figure 1. The Red Hat installation menugives you a choice between graphical- ortext-based installation.
REDMONDRATING1: Virtually inoperable
or nonexistent5: Average, performs
adequately10: Exceptional
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 31
ply register again, was not that difficult,just another time consumer.
After all was said and done, despite someminor glitches during the installationprocess, configuring and running the Webservices was very simple (see Figure 2).
The operating system performedsmoothly and I encountered no problems.I spoke with an administrator at a largehospital who told me that he had sevenmachines running Red Hat providing var-ious Web services. He had not needed toreboot any of them in more than a year.
SuSE on the LooseSuSE Linux Enterprise Server 9.0SuSE uses a fairly simple graphicalinstallation. You have a choicebetween which version of YaST (YetAnother Setup Tool) to use for walk-ing you through the process. No mat-ter which one you choose, you’ll endup spending some time doing theinstallation, even though the process isstraightforward. You have a minimal
amount of questions to answer as youwork through a series of dialogscreens. Should you need to revise oredit any information, you always havethe option to go back.
Toward the end of the installation,SuSE asks if you want to test the Inter-net connectivity. If you say yes and ittests OK, then you have the option ofdownloading and installing patches thathave been released since you burned theCDs. The default desktop is KDE, butyou can also use GNOME if you prefer.
For the most part, I always believe ingetting the installation done as quicklyas possible and tweaking it later. In thiscase, however, I highly recommenddoing the update during installation asit proves much quicker than running itlater. Everything is configured with thelatest updates and patches before thereboot, which saves time later on.
To add the Apache software, you firsthave to start YaST, then choose Software,followed by Install and Remove Soft-ware. Typing “apache” in the Search fieldbrings up the interface shown in Figure
RedmondRoundup
32 | September 2005 | Redmond | redmondmag.com |
Figure 2. Configuring any Web service is simple with Red Hat Enterprise Server.
The availability of applications is a huge factor when comparing Linux to Windows on the desktop. There are more Linux applications every day, but thenumbers still pale in comparison to what is available for Windows.
When it comes to servers, the number of applications you need greatly diminishes. A PC user may run a dozen applications at any one time, but mostof the time a server focuses on one or two tasks like Web hosting, serving as afirewall and so on.
No one can deny that the number of services available for the non-Windowsservers is smaller than those available for Windows-based servers. The question is which platform offers the highest return on investment in terms ofcost savings, reliability and comfort level.
The ROI on the initial purchase is easy to determine by simply looking at thecosts of licenses for the various operating systems. What is harder to quantify isthe administrators’ comfort level. If you have seasoned administrators who havebeen working with Windows for years, there can be considerable cost involved inretraining them to administer Linux at the same level of proficiency. On the otherhand, if you’re hiring new administrators for new server implementations, you cansave by starting from scratch with Linux.
It would be ideal if the choices were always black or white, but you’ll need tomake fresh evaluations for every site in order to find the best choice. — E.D.
Linux VersusWindows Server
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 32
4. Click to add Apache and accept. SuSEautomatically checks to see if you need toinstall any additional packages to resolveany dependency issues (it defaults toinstall, but you can deselect that option ifyou wish), then it installs the software.
The YaST interface gives you accessto a majority of the configuration utili-ties through one consistent-lookingtool. By far, this is one of the biggestselling points for this operating system.
Not only do you use the YaST inter-face to install packages, but also toconfigure and maintain them. Afterinstallation, you make changes to theWeb server by first starting YaST, thenchoosing Network Services, followedby HTP server.
Open for BusinessSCO OpenServer 6.0OpenServer is a variant of Unix (SystemV, release 5), not Linux. At first glance,that may not seem too significantbecause it also runs on the Intel plat-form like Linux, has a command-lineutility with the exact same name andfunctionality and so on. In actuality,
though, there is a big discrepancy thatyou’ll have to consider more closely.
On the positive side, you can traceOpenServer back to the beginning days
of Unix. That means it has years of stability and reliability to back it up. Onthe not-so-positive side, it can only runapplications that were written specifi-cally for OpenServer (including SCO
RedmondRoundup
34 | September 2005 | Redmond | redmondmag.com |
Figure 3. The YaST control center lets you install, configure and maintain packages.
If you’re willing to look beyond the Intel platform and to more Unix-based options, there are a few other operating system choices. Three of the most popular alternatives are:
AIX: From IBM, version 5L is now available. Learn more at www-1.ibm.com/servers/aix
HP-UX: From HP, version 11i is now available. Learn more athttp://hp.com/products1/unix/operating
Tru64: From HP, available for theAlpha platform. Learn more athttp://h30097.www3.hp.com
— E.D.
ExpandingChoices
Figure 4. Use the YaST interface to add the Apache service in SuSE.
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 34
Novell Oracle PMI SCP
Sun HIPAA
Ace your IT certification tests and advance your career with MeasureUp.™
CUSTOM SOLUTIONS
INDIVIDUALS
TRAINERS/EDUCATORS
Are you certified for success?
Are you certifiedfor success?
IT certification boosts your career potential and
improves your skills. MeasureUp helps you preparefor IT certification tests with easy-to-use, easy-to-learnonline courses and practice tests. With our preparationplan, you won’t just pass the test, you’ll ace it.
MeasureUp gives you the edge:
• Comprehensive online courses with multiple trainingmodules
• Practice tests that include the newest technologiesand features
• Learn at your own pace — online, download or CD• Pass the test or get your money backPLUS
• Discounted Pearson VUE exam vouchers• We’re a Microsoft Certified Practice Test Provider
MeasureUp gives you the edge:
Save 20% and
Win an Xbox!
Save 20% on the best practice testsavailable and register to win a FREE
Microsoft Xbox.
Visit www.measureup.com/redmond
MeasureUp is a Dice Company.
COMPANIES
Microsoft CIW Cisco CompTIA
Project4 8/8/05 2:49 PM Page 1
RedmondRoundupUnix, SCO OpenServer 5/6, SCOXenix and UnixWare 7 binaries).
That is one of the biggest negativestossed about by those who scornLinux—the availability of applications.If you think the number of applicationswritten for Linux is small, then you’llneed a microscope to find those writtenfor OpenServer. Beyond the basics,however, I’d question how many appli-cations you truly need to run with thistype of server operating system. Still,those looking for something beyond thecore set of services might have a toughtime finding what they need.
OpenServer was the easiest to installby far. While developers often make aneffort to create a graphical installationroutine purely in the interest of aesthetics, OpenServer keeps theinstallation simple in the interest ofsaving an administrator’s time, which isfar more important. There are a fewsimple choices you have to make
upfront (see Figure 5) before the instal-lation dismisses you and completes allthe remaining tasks on its own.
Once you’ve completed the installation,the system boots into the XDT interfacethat OpenServer has always used. Whilethis interface is simple to understand and
use, it looks and feels antiquated. To getaround this, OpenServer 6 now lets youchoose the KDE interface. If you opt touse KDE, you get the same desktop asyou would with any other KDE-basedoperating system. The system utilitiesrun in both XDT and KDE, but running
Figure 5. You install OpenServer with an easy-to-use text-based interface.
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 36
KDE unfortunately seems to accentuatetheir old-fashioned look and feel.
There is an Optional Services CD thatcomes with OpenServer. This disc hasApache, and you can easily install itthrough the Software Manager. Onceinstalled, configuring Apache or anyWeb service running on OpenServer issimple and straightforward.
Small companies would do well tochoose this as a solid and straightforwardserver operating system. One of the mainreasons I stress small is because theyshould get more benefit from the operat-ing system and not be as affected by itslimited services. The operating systemalso works nicely when used as a platformfor SCOoffice Server 4.1.
The Sun Also RisesSun Solaris 10Solaris is Sun’s Unix server operatingsystem, and it has gotten better andbetter with each successive release.
RedmondRoundup
Figure 6. Solaris lets you choose between four types of installation.
Wish to access your data from anywhere?With , it’s easy.
is reliable and secure remote control softwaredesigned to work on and monitor the remote computers just ifthey were right there in front of you. proved itself asincredibly fast and easy to learn and use. is acomplete remote control solution with such features as filetransfer, NT security, Telnet-access and multiple connectionssupportbuilt in.
RADMIN
RADMIN
RADMINRADMIN
RADMIN is the most cost-effective solution whichmay be deployed over a corporate network at anaffordable price.
Download the free 30-day trial versionAnd see for yourself!
See details at:www.radmin.com
®
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 37
Version 10 is “optimized for runningWeb services and includes Apache andTomcat software to let you deployservices right away,” according to theSun Web site. There are also securityfeatures prevalent throughout this ver-sion like file verification features andsecure execution.
There are four different ways you caninstall Solaris, as you can see in Figure6 on p. 37. The Interactive installationis best for most new installs. It firstasks you the standard questions, suchas language, networking and time zoneparameters. It also asks questions aboutwhether or not you want the CDs toautomatically eject, auto reboot tooccur after installation and so on. Ifyou don’t watch carefully, this can cre-ate problems with the system restart-ing and beginning the installation
routine all over again if the first CDstays in the tray. I highly recommendchanging the defaults to manualprompts and reboots.
During the installation, you canchoose to install the documentation, theJava Enterprise System, the Extra ValueSoftware (Validation Test Suite andInstall Check) or packages from theSoftware Companion CD. Installing theentire distribution takes up 4,346MB,plus any other packages you add to that.
The CDE (Common Desktop Envi-ronment) starts after the first boot and
initial data collection. Then it walksyou through the rest of the installa-tion. You select X servers through thekdmconfig utility.
I tried to get a number of differentlab machines to a point where I couldfinish configuring the operating sys-tem and install Apache, but I alwaysran into one problem or another. Mostof the problems related to an inability
to change beyond the maintenancemode or to bring up the X interface.
None of the other operating systemsreviewed here caused similar problems.Frustrated and out of lab machines, I hadto move on without installing Apache orbeing able to test some of the other fea-tures of this operating system. Sadly, if
you need support for this product, you’llhave to purchase it separately. Thatmakes it less administrator-friendly thansome of the other choices.
Run for Its MoneyOf these four Linux and Unix serveroperating systems, I was impressed bythree of them for their suitability towork in a business setting. Every one ofthem offered the administrative toolsand stoutness necessary to function as aWeb server or fulfill a similar purposein a business environment.
Red Hat has a well-deserved, loyal following. It’s widely respected as a solidoperating system. OpenServer has a richheritage, being based on the originalUnix. SuSE is an administrator’s dreamwith its YaST management tool. Supportissues kept me from conducting a fullevaluation on Solaris.
As with the desktop Linux variants wereviewed in June, I believe that Linux(and Unix) will make additional inroadsinto corporate server rooms this yearand give Windows Server 2003 a runfor its money.—
Emmett Dulaney is the author of severalbooks on Linux, Unix and certification. Hismost recent book, Expanding Choice(Novell Press), was cowritten with JasonWilliams and Peter Clegg. He is also a former partner in Mercury TechnicalSolutions. You can reach him via e-mail at [email protected].
RedmondRoundup
38 | September 2005 | Redmond | redmondmag.com |
In trying to decide what one service to add to each server forcomparison purposes in this article, I chose Apache, the opensource Web server. I picked this because it’s one of the most widely used services in networking today, and because ithas a direct equivalent in theWindows world.
Internet Information Services(IIS) is to the Windows-basedserver world what Apache is to theLinux/Unix world. Some will imme-diately throw up their hands andargue that I am all wrong becauseIIS also offers FTP, or becauseApache also runs on other plat-forms, and so on. Those minordetails aside, these two productsexist for the same purpose and aLinux machine running Apache canfulfill the same purpose as a Windows Server 2003 running IIS.
— E.D.
WhyApache? Go to Redmondmag.com and check
out an extensive comparison chart forthe products reviewed here.
FindIT code: PowerUpLinux
GetMoreOnline
redmondmag.com
... I believe that Linux (and Unix) will make additional inroadsinto corporate server rooms this year and give Windows Server2003 a run for its money.
Solaris 10
Free, with support costs starting at$20 per year
Sun Microsystems Inc.
800-555-9786
www.sun.com
Editor’s Note: Due to supportissues, our reviewer was unabletocomplete a full evaluation ofSolaris 10.
0905red_Roundup30-38.v11 8/16/05 9:25 AM Page 38
40 | September 2005 | Redmond | redmondmag.com |
BY MICHAEL DOMINGO
After a flat year, salaries are up again—dramatically for
some—as we take a look at the changing demographics of
the Redmond readership.
What a difference a year makes. The average salary increase reported by the nearly 1,700readers responding to our 10th Annual Salary Survey was 5.3 percent from 2004 to 2005.While that may not be a tremendously impressive number, it becomes more so when juxta-posed against last year, when readers reported an increase that amounted to a mere 0.3 per-cent—essentially no increase at all.
But what is impressive indeed is comparing the average annual salary ofthis year’s respondent pool—$68,535—with that of last year’s, which was$61,400. That’s a difference of $7,135, or slightly more than 12 percent(see Chart 2 on p. 44).
If you’re thinking, “Wait a minute, I didn’t get an increase even approaching 12 percent,” perhaps we can explain.In years past our sample focused on the Microsoft Certified Professional demographic. As such, fewer than 20 per-cent of respondents held titles such as manager, program lead and networking project lead.
But our readership has been evolving over the years, none more so than this past year, which was part of the rea-son we adopted the Redmond name in October 2004. Our reader base was clearly taking on new responsibilities and,with them, assuming management titles—and salaries. This year, management-level folks made up 30 percent of all
survey respondents—and reported average salaries of more than $83,000per year.
In other words, Redmond readers are progressing up the IT ladder, takingon new responsibilities, and getting paid accordingly.
The picture gets even rosier when you look at the job outlook for ITprofessionals from the U.S. Department of Labor’s Bureau of Labor
Statistics. The BLS indicates an increase that will be “faster than the average for all occupations through 2012,as organizations continue to adopt and integrate increasingly sophisticated technology.” (Details atwww.bls.gov/oco/ocos268.htm.) It points specifically to “cyber-security” as a specialization that will outpace otherareas of tech.
Movin’
Average Salary: $68,533Average Years in IT: 10.4
Region with Highest Salary: Mid-Atlantic $76,858
Lowest: Midwest $61,498
0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 40
| redmondmag.com | Redmond | September 2005 | 41
On Up0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 41
The Department of Labor Web sitealso points to positive evidence of jobopportunities in the non-farm sec-tors, which includes IT. You onlyneed to go as far as the July employ-ment data, which shows, over theyear, professional and technical serv-ices jobs up by 22,900, computer sys-tems and design services up another2,200, and management and technicalconsulting services higher by 6,200jobs (see www.bls.gov/news.release/empsit.t14.htm).
Accounting for job losses, an addi-tional 23,000 jobs were tacked on thatmonth, which adds to the 188,000 jobsin the overall sector that were addedin the previous six months. (See theJuly 2005 Employment SituationSummary at www.bls.gov/news.release/empsit.nr0.htm for the hard num-bers.) That, along with the positiveoutlook that the BLS cites above forcomputer job growth to 2012, makesfor some powerful evidence that com-panies are keen to invest in updatingtheir software and hardware technolo-gy while there’s money to spend.
What this all means is that IT work-ers are once again in demand, enablingyou to potentially gain an upper handin salary negotiations.
The Measure of HappinessIf you think that’s wishful thinking,talk to David Glenz, an MCSE andlead systems administrator for a retailcompany in Mount Laurel, N.J. The
12 percent increase we saw comparedto last year is in line with the salarybump he received this year. “I thinkmanagement at my company is wellaware of the tendency for technologyprofessionals to job hop,” he says, “andthey are willing to do what they can tohold on to the right people.”
The $68,535 overall average salaryamong the 1,675 valid respondents to
42 | September 2005 | Redmond | redmondmag.com |
Movin’ On Up
How do I know what salary I should be making based
on your guide?
The survey is just a guide to what your peers may be
making on average, but you have to evaluate other factors
and how they might influence your income. Here’s a
sample list:
a. How well is your company doing? Does it offer raises or
bonuses on a regular basis when things are going well?
b. Is your company known for being on the cutting edge in
its field? Those who keep up tend to need highly skilled
personnel, and compensate accordingly.
c. What kind of benefits does the company offer to its
employees? And do they consider it as part of the over-
all compensation package?
d. How have you performed each year and is that reflected
in your salary?
e. In what area of the country do you work? In general, it
can influence what you make. If you’re looking for a
high salary, the mid-Atlantic region is hot.
f. What does your skill set look like? Do you continue to
learn as newer technologies peek above the horizon?
g. Your personality might be a factor in your salary. Don’t
discount it.
There might be other factors besides these ones, but it’s a
start. It’s a good idea to assess your situation and come up
with a list of possible influences on your income, then write
them down and weigh each one. You might very well be
surprised at some of your conclusions.
Your numbers seem higher than what I make. Why?
Salaries reported in our survey are often high because, on
average, most respondents have been toiling in IT for 10 years
or more. It’s similar in many industries, really.Those who are
willing to stick it out in this industry tend to earn more, due
to compounded raises and bonuses, promotions and so on.
I make less than the stated salary for my job title and
years of experience. How do I approach my boss for a
raise with these figures?
See the first question before approaching your boss for a
raise. A solid evaluation of your circumstances is important
before you decide to take a chance and ask for a raise.
Be sure to research on your own company, too—some
companies just aren’t willing to pay what the going rate is.
If that’s the case, are you willing to move on?
—M.D.
How to Use the Salary Survey
Base Salary $68,535Raise/Increase $3,472Bonus $3,159Age 39 yearsYears in IT 10.1Mean: With MCP or better $65,837Male vs. Female 8:1Education 58% have at least a 4-year degreeOverall Satisfactions with 4.09Compensation, 5 being best
Overall, a view of respondents’ demographic averages looks like this chart. Detailsfor each can be found elsewhere in this article or on the online and PDF versions.
Chart 1: 2005 Compensation
0905red_F1SalSurvey.v8 8/16/05 11:17 AM Page 42
Why get MCSE certified:
Reason # 6: [YourNameHere], MCSE.It’s got a nice ring to it.
Whatever your reasons, we’re here to help withintensive Boot Camps & hands-on training designed to ensure your certification.Go to www.globalknowledge.com/redmond for more info & incentives.
Project2 5/5/05 10:07 AM Page 1
44 | September 2005 | Redmond | redmondmag.com |
our survey is also more than 4 percenthigher than the average salary figurereported by theBLS: For comput-er and mathemati-cal occupations, itsnumber is $65,510. Our result ismore on the money when compared tothe BLS’s result for computer systemsanalysts, at $68,370. (See www.bls.gov/oes/current/oes_15Co.htm.)
And while the mean salary increaseof $3,472 is above 5 percent year-to-year, the news is even better for the 18percent of you who reported raises of$5,000 or more (for more on this, see“Increase in Salary” chart available inthe online version of this story.)
On top of rising salaries, more thanhalf of all respondents—55 percent—
expect to receive a bonus this year,with 20 percent of them totaling
$5,000 or more(see the onlinechart “ExpectingBonuses”). That’sdown a bit fromthe 59 percent
who expected bonuses last year, butstill adds up to a pretty good year tobe working in IT.
Certification’s ImpactHistorically, this survey has focusedon the impact of certification onsalary—which stands to reason for amagazine that used to be calledMicrosoft Certified Professional Maga-zine. But increasingly, that impactseems to be muted. This year, morethan half of you—51 percent—either
Movin’ On Up
$125,000-$149,999
$150,000 or more
$95,000-$99,999
$100,000-$124,999
$85,000-$89,999
$90,000-$94,999
$75,000-$79,999
$80,000-$84,999
$65,000-$69,999
$70,000-$74,999
$55,000-$59,999
$60,000-$64,999
$45,000-$49,999
$50,000-$54,999
$35,000-$39,999
$40,000-$44,999
$30,000-$34,999
Less than $20,000
$20,000-$29,999
0.3%1.7%
3.4%4.8%
6.4%6.3%
10.2%8.1%
9.4%7.8%7.9%
5.5%6.1%
5.2%4.1%
2.5%7.4%
1.2%1.2%
Living theCampus Life
Jerry GonzalesSystem Analyst III
University of
New Mexico
Albuquerque,
New Mexico
Salary: $64,000
Years in IT: 25
Certifications: MCSE
Jerry Gonzales was actually offered a job
at the University of New Mexico—
where he now works—back in the ’80s
when he first graduated, but he turned it
down: “I wish I knew then what I knew
now—I would have taken it.”
Having worked for years for corporations,
the government and even running his own
business, he describes his current position
as “heaven,” saying that the benefits and
the job itself more than make up for the
higher salaries generally offered by the
private sector.
Some of the benefits are unique to cam-
pus life: Employees can send their children
to the university for up to 18 units per
semester for eight semesters, paying only
a regular student fee of a few hundred dol-
lars. “Many people, when their kids get
close to college age, try to get a university
job just for that reason,” he said.
And a university environment is ideal for
anyone wanting to get their hands on new
technology. “We’re always using the latest
technology, always on the bleeding edge,”
he remarked. “The experience you get here
is unparalleled … you get exposed to so
many things.”
He said his colleagues at the university
continually drive him to keep learning.
“The environment itself is scholastic and
competitive, but in a healthy way,” he
explained. “There’s not any question—
literally any technical question, no matter
how obscure—that someone here won’t
know the answer to. You can send out an
e-mail to one [of 180 IT people] and
someone will know the answer in-house.”
— Becky Nagel
We asked all respondents to select the range of their annual salary before taxes,bonuses or other types of compensation. The majority of salaries landed some-where above $50,000 and below $74,000. Mean salary this year was $68,535.
Chart 2:2005 Salary of All Respondents by Range
Males vs. Females Men: 89%
Women: 11%
0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 44
46 | September 2005 | Redmond | redmondmag.com |
Movin’ On Up
weren’t sure certification made a dif-ference in salary or flat-out said that itdidn’t (33 percent).
That still leaves a healthy populationthat is seeing a benefit from certifica-tion, of course. When David Guibord,a network administrator in FarmingtonHills, Michigan, obtained his MCSE in2005, “It helped me get a job … [with]a 47 percent increase,” he says.
Guibord says he tacked on other certssince 2001, such as an MCSA: Securityand a Check PointCCSA, but those areones he hangs out ona shingle for morepersonal reasons.“Unfortunately, now it’s more for myknowledge and for my market value, asmanagement does not seem to carewhat my certifications are,” he adds.
Certifying beyond the boundaries ofMicrosoft technology is not justsmart, it’s a good way to expand one’smarketability, and that notion’s neverbeen lost on our readership. “Many[companies] require Microsoft andCisco certifications, which is a definiteplus to get an interview,” says Casey
Wood, a systems administrator withVistaCare in Scottsdale, Ariz. Hisgoals lean toward Cisco titles. Thesame goes for Lee Ann Swanson, anetwork engineer in Watertown, S.D.:“My certification goals are to up-grade my MCSE and to obtain theCisco CCNA.”
Wood’s and Swanson’s goals, if met,will place them among the 52 percentof respondents to this year’s surveywho count at least one other certifica-
tion besides anMCP. Specializationdictates the bestsalaries, as Chart 5on p. 50 shows, with
IBM’s WebSphere and HewlettPackard’s Master ASE breaking sixfigures, followed by the Project Man-agement Professional in the thirdspot. Those possessing a CiscoCCNA, which is a goal for Swanson,reported making $68,730 on average.Based on popularity among non-Microsoft certifications, the Comput-er Technology Industry Association’sA+ and Network+ rank first andthird, Cisco’s CCNA is second, and
Management (supervisory)
Networking project lead (non-supervisory)
Programming project lead (non-supervisory)
Programmer/analyst
Network engineer
Database administrator/developer
Webmaster/developer/producer
Systems administrator
Trainer
Help desk/user support
$84,556
$83,295
$83,169
$70,192
$68,261
$66,229
$64,655
$59,700
$57,197
$47,711
0 20,000 40,000 60,000 80,000 100,000
Chart 3: Base Salary by Job Title
Job title, as in years past, is one of many determining factors in salary. We askedrespondents to choose the title that best describes their current position. Managerstop the list this year, while help desk workers remain at the bottom. Numbers are2005 average base salary.
Development Doctor
Stefan Panayotov, Ph.D.PL*SQL/Web Developer
Academic institution
Philadelphia, Penn.
Salary: $65,000
Years in IT: 21
Certifications: MCAD, Sun SCJP, SCSA
Stefan Panayotov, Ph.D., started work-
ing in IT 21 years ago, right after
earning his doctorate in computer science
for a project creating a kernel for a real-
time multiprocessor OS with increased
fault tolerance. However, despite his years
of experience and educational back-
ground, he still felt the sting of the dot-
com bust a few years back.
“It’s definitely a pay cut,” he said of his
move from a small development start-up
back then to his current position as a
PL*SQL/Web developer for an academic
institution with approximately 3,700
employees. “To some extent, I didn’t
anticipate the downturn in the economy.
That was a disappointment.”
While his salary isn’t quite where he’d
like it to be, Panayotov said that the
strong medical, vacation and retirement
benefits offered by his employer do help
make up somewhat for the shortfall.
And Panayotov is somewhat optimistic
about the future of development in the
United States, citing quality issues with
offshoring and the need for many compa-
nies to keep at least security-related mod-
ules in house.
But that doesn’t mean he’s complacent.
“That’s one of the reasons I’m moving to
.NET … I like having the big player behind
it,” he explained.
And he’s genuinely impressed by the
technology. “Microsoft did a good job this
time,” he said of .NET, adding that’s he’s
looking forward to the 2.0 release later
this year. “I’ve read some things…tried
different versions, but I’m still interested
to see when it’s officially released what
will be offered.”
— Becky Nagel
Men: $69,010Women: $63,6598
0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 46
Whether you choose Training or Certification, Citrix Education offers you
peace of mind by providing you with the knowledge and skills to achieve the
following benefits:
• Ensures skills and knowledge are current and can be applied on the job
• Increases value and productivity of IT professionals
• Improves reliability and efficiency of the Citrix environment
• Exposes IT professionals to new products and functionality
• Helps IT professionals troubleshoot problems without the help of
technical support
Visit www.citrix.com/edu/redmond to find out which training courses and
certifications are right for you!
©2005 Citrix Systems, Inc. All rights reserved. Citrix® is a registered trademark of Citrix Systems, Inc. in the United
States and other countries. All other trademarks and registered trademarks are the property of their respective owners.
Peace of Mind...
Offered by Citrix Education
Project3 8/2/05 10:58 AM Page 1
Novell’s CNA and CNE round outfourth and fifth.
As Chart 4 below shows, all certifica-tions, with theexception of theMCSA: Windows2003 and MCSD: Visual Studio 6.0titles, ticked upward. MCDBA: SQL 7holders experienced the highestincrease, up $12,509 from last year.
Nearly half the respondents believethat obtaining a certification has im-proved or enhanced their chances offinding or keeping a job (shown in“Reasons for Certification” chart inPDF version of this article).
Tech Experts and Specialists Technological expertise can factor instrongly with salary; the more special-ized, the higher the salary (see the chart “Salary by Skill” chart). Out-
sourcing experts topped the list thisyear, at $84,139. This was followed by those in research and development,
at $78,438. Thosepossessing strategicplanning, extranet
and software design skills rounded outthe top five positions.
The BLS cites security as a hot areaof employment in the next sevenyears. In our survey, those with securi-ty expertise indeed made out nicely,averaging $70,268. But security fellinto the middle of the salary pack,among those with Web site develop-ment ($70,992), telephony ($70,810),database administration ($69,593) andsystems management ($69,601).
The highest paying industries,ranked by salary of its IT profession-als, are topped by aerospace compa-nies ($88,571), followed by ISP/ASP
48 | September 2005 | Redmond | redmondmag.com |
Movin’ On Up
0 20,000 40,000 60,000 80,000 100,000
MCP, Win2K
No Microsoft certification
MCP, Win2003
MCSA Win2K
MCDST
MCSA Messaging*
MCSA Win2003
MCSE, Win2K
MCSA Security*
MCSE Messaging*
MCSE Win2003
MCDBA, SQL 7
MCSE Security*
MCAD VS.NET
MCDBA, SQL 2000
MCSD VS6
MCT
MCSD VS.NET
MCP Developer
$77,697,$63,859,$66,062,$73,720,$57,167,$60,606,$66,893,$64,680,$72,708$70,723,$70,895,$72,697,$69,476$80,109,$72,588,$73,611$73,816$77,222,$76,000
Dave, Your FriendlyIT Guy
David GuibordNetwork
Administrator
Shufelt. Inc
Farmington Hills,
Mich.
Salary: $74,500
Years in IT: 8
Certifications:MCSA: Security, MCSE, CCSA
Dave Guibord is living proof that soft
skills, particularly people skills, can
not only help your long-term career, they
can very directly affect your pocketbook.A
few years back, his reputation as a friendly,
helpful IT guy got him a significant raise at
Shufelt—without him even having to ask.
“I fell onto the radar of the owner—he
had an IT problem and I helped him out,
so he started asking around about me,”
he explained. Because the managers all
came back with such positive feedback
about how genial and willing to help he
is, Guibord said that soon after the owner
pulled him into his office and gave him a
14 percent raise on the spot to put him
on equal footing with another IT cowork-
er: “I didn’t even know [it was coming].”
It doesn’t hurt that Guibord genuinely
likes people. He said a main reason he
enjoys his current job so much is the
opportunity it gives him to interact with
so many employees on a regular basis: “I
support a fairly large-sized building, and
we’re always out fixing something, help-
ing a user … We cover almost the entire
building once a week. I couldn’t get that
kind of interaction if I was in accounting.”
He also gets satisfaction from helping
users. “You can call it a hero complex if
you want to,” he laughed.
But he said what really drives him is the
technology and doing something different
every day. He’s currently working on
numerous projects, and while sometimes
putting out the day-to-day fires can get
frustrating, “that’s what I like about the job
too, so I can’t complain.” — Becky Nagel
All respondents provided their current annual income before taxes. Only thosesalaries for MCSA-Windows 2003 and MCSD: VS6 titleholders took slight hits thisyear. Those holding the MCDBA: SQL 7 realized better than average gains, with anincrease of $12,509 over last year. (*Includes Win2K and Win2003 versions.)
Chart 4: Base Salary by Certification
Average Age: 39
0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 48
($77,778), marketing/entertainment($75,288) and computer-related m a n u f a c t u r i n g($75,139). The de-f e n s e / m i l i t a r yindustry is anotherhot area, as morefederal money ispoured into programs to maintain atech-driven U.S. armed forces.
In terms of which Microsoft productskills pay best, at the top of this year’slist is Identity Integration Server, at$93,333, followed closely BizTalkServer, at $90,441. Content Manage-ment and Windows Server 2003 Data-center follow, at $85,385 and $84,938,respectively. Rounding out the topfive is Host Integration Server, at$82,321. What’s evident here is that,with more highly-specialized expert-
ise, salary is commensurate. Less than1 percent claimed expertise with Iden-
tity IntegrationServer. BizTalk,Content Manage-ment Server andHost IntegrationServer ranged from
1 to 2 percent. Four percent claimedexpertise with Datacenter Server.
Bringing up the rear are those whodeploy Small Business Server, at$62,212. Just above that are those withWindows client skills, at $64,442,which is still a touch lower than thissurvey’s overall salary average.
Education adds another ingredient.According to this year’s results,respondents who earned a four-yeardegree or lower have averaged nomore than $67,340. Those who’ve
50 | September 2005 | Redmond | redmondmag.com |
Movin’ On Up
IBM WebSphere $108,333Hewlett Packard $102,000Master ASEProject Management Prof. $91,875(ISC)2 CISSP $89,630Check Point CCSA $89,444Citrix CCEA $87,708SANS GIAC (any) $87,083CompTIA CTT+ $82,273Check Point CCSE $80,588Cisco CCDA $80,536Hewlett Packard ASE $79,643Veritas (any) $79,583Novell CNE $78,173Cisco Specialization $76,250Novell Master CNE $75,833Cisco CCNP $75,682Sun Solaris (any) $75,167EMC (any) $74,808Prosoft CIW (any) $71,946Citrix CCA $71,500IBM Other $70,197Cisco CCNA $68,730Dell $68,539CompTIA (any) $68,421Apple (any) $67,237Novell CAN $66,192Hewlett Packard (any) $64,318CompTIA Server+ $63,364CompTIA Security $61,423
CompTIA Linux+ $59,833CompTIA A+ $56,602CompTIA Network+ $54,937Novell CDE $150,000*Novell CLE $150,000*Sun (other than Java) $100,417*Cisco CCDP $98,750*Cisco CCIE $97,500*Sybase $96,250*(ISC)2 SSCP $95,000*Linux Prof. Level II $88,125*Oracle OCP DBA $85,556*Check Point (others) $85,000*CompTIA IT Project+ $83,889*Nortel Networks (any) $82,500*Sun SCJP $82,500*Help Desk Institute (any) $82,222*IBM-Lotus Professional $80,556*(Lotus CLP) Oracle OCA DBA $79,286*IBM-Lotus Specialist $78,000*(Lotus CLS) Sun Storage $77,500*Cisco CCSP $77,000*Brocade (any) $76,250*Linux Prof. Level I $75,833*MySQL $75,500*Red Hat RHCE $70,938*Enterasys $47,500*
Chart 5:
Salary by Non-MS Certifications
We asked respondents what certifications they held other than Microsoft's. (SeeChart 3 on page 46 for a breakdown of salaries by specific MCP title.) Numbersare 2004 average base salaries. As with many comparisons, there are myriad vari-ables (such as experience and multiple certifications) that influence compensa-tion other than the title itself. (*One caveat with the results reported here: Weincluded some titles to compare to last year; however, those titles had 10 or fewerrespondents, making them statistically invalid. Thus, they appear in order ofdescending salary starting wtih Novell CDE. Use these numbers at your own risk.)
Who’s the Boss? Only 6.5%of respondents say they're
self-employed.
Chaos Theory
Andre WalkerClient Support Specialist
Alexandria, Virginia
Salary: $50,000
Years in IT: 7
Certification: MCP
For having only one certification
under his belt, Andre Walker has seen
his salary rise $14,000 over the seven
years he’s been in the IT industry. That’s
good news for a guy who was originally
drawn to IT by the money, as many were
in the heyday.
Walker stuck with it through the dot-com
bust and gained considerable experience
despite it all, landing gigs with Arthur
Andersen,Accenture and Booz Allen Hamil-
ton. Helping establish a central help desk for
the Internal Revenue Service and migrating
50 computers a night for six months might
sound like daunting tasks, but it all started
as a part-time hobby for Walker, taking
apart and fixing up old computers.
During this time, Walker worked as a
system manager of a Nordic Systems
store, and a manager taking classes for
his MCSE sparked Andre’s interest in pur-
suing IT more seriously. Walker found a
job with an IT recruiter, where he learned
about the help desk side from the com-
pany’s desktop support technician: “When
I had time, I would just go over, talk to
him and pick his brain.”
After intense self-study, Walker passed
an MCP exam with flying colors, scoring
well above 900. Besides preparing for the
MCDST and MCSA exams, he’s also look-
ing into getting certified as an e-com-
merce consultant. That way, he can get
back to his marketing roots and be able
to “generate revenue for companies by
bringing them from brick and mortar to
the World Wide Web.”
Walker currently works as a client sup-
port specialist at a PR firm that deals
with grassroots politics. His job: to build a
customer care center to address the tech-
nical issues the client managers were
being asked about and “bring some order
to the chaos.” — Daniel Hong
0905red_F1SalSurvey.v8 8/16/05 11:17 AM Page 50
52 | September 2005 | Redmond | redmondmag.com |
Movin’ On Upgone on to post-graduate study andbeyond, though, fared better onsalaries, to the tune of $73,024. Almost22 percent have claimed the latter, aslightly higher percentage than lastyear. (See the PDF version of this sur-vey for specific results.)
Employment OutlookSurvey respondents were split onwhether their companies would be in ahiring mood inthe comingmonths (See theonline chart “ITHiring Plans”).About 40 percentsaid that theircompany had plans to hire more ITprofessionals, while 37 percent had noplans to do so. That edges last year’sresult, when 35 percent had plans tohire IT workers.
But by all indications, not too manyof those surveyed were out of work inthe past year. Only 5 percent stood inthe unemployment line. (The numberis closely aligned with BLS data, whichput unemployment at 5 percent as ofJune 2005.) Of those, 85 percent foundwork or were rehired by the same com-pany that let them go. According toour survey, the average that anyone wasout of work was four months.
Last year, 11 percent of respondentspredicted their jobs would be out-sourced in 2005. We’re happy toreport that only 6 percent said theyactually lost a job to outsourcing bythe time of this survey. Yet the fearremains: 11 percent of respondentscontinue to believe that the next 12months harbor a threat of job loss dueto outsourcing.
“My job could certainly be out-sourced, but it’s not something I worryabout daily,” says Guibord, who placeslots of value on soft skills to lessen theimpact that outsourcing might have.He does add one caveat: “In the backof my mind, I remind myself thateveryone can be replaced.”
Those holding job titles like helpdesk/support and network projectlead, jobs that have been easy to
export in bulk, were more vulnerableto the outsourcing threat. Help deskworkers lost out to outsourcing 12percent of the time, while networkingproject leads were close behind, at 11 percent.
Programmer titles, such as program-mer analyst and database administra-tor/developer, didn’t suffer as much,with losses under 6 percent, despitethose types of jobs being traditionally
easy targets foroutsourcing.
Still, the outsourc-ing threat remains.You need no furtherevidence than thefact that managers
with outsourcing expertise are the high-est paid in this year’s survey.
Regional Variations It’s a well-known fact for just aboutany type of job that where you live canhave a bearing on your salary. Oursurvey shows no evidence to the con-trary. For the third year in a row, thoseworking in the mid-Atlantic regioncame out on top, averaging $76,858.Maryland leads all states in gross ITincome, at $95,449. In its shadow areIT pros in New Jersey, with $81,324,followed by Virginia at $76,964.Arkansas is at the lower rung, averag-ing only $51,923.
A survey of metro areas showsBoston at the top of the compensationladder, with IT pros making an aver-age of $91,250. Washington, D.C. is aclose second at $90,183, with NewYork and San Francisco holding the
He’s the Boss of Him
Christopher DowConsultant, Trainer
OdysseyNetworks,
The Computer
Trainers
Mobile, Alabama
Salary: $65,000
Years in IT: 15
Certifications:MCDST, MCSA, MCSE, MCT, Microsoft
Office Specialist, CIW Certified Instruc-
tor/Security Analyst, Cisco CCNA, Comp-
TIA A+, Network+, Security+
The idea of being a small-business
owner appeals to many folks: the abili-
ty to set your own schedule, call the shots
and make big money if your business is suc-
cessful sounds like a fast boat to happiness.
Well, as the immortal Meat Loaf sang,
two out of three ain’t bad.
Christopher Dow of Mobile,Alabama
owns a network consulting firm.Although
he sets his own hours and calls the shots,
the big money part has yet to happen. It’s
not that he’s starving, but working 80
hours per week for $65,000 per year means
that, with vacation, he earns somewhere in
the vicinity of $16-$17 per hour.
On the other hand, how do you put a
price on a job you love? Dow says one of
the best things about his job is “Change. I
didn’t want a job that would [always]
have to do the same thing the next day.
In IT things are always being updated, and
new technologies appear every day, so I
am never bored.”
Dow’s consulting firm is called Odyssey
Networking, and includes a training divi-
sion called The Computer Trainers. The
company has 10 employees, including
Dow. He’s been in the biz for 15 years
now, after stints as a search-and-rescue
helicopter crewman, soldier in the U.S.
Army, lifeguard and farm hand.
Now Dow is his own boss, and although
his life is hectic, Dow says he made the
right choices. “Salary is very important,
but not as important as being able to
wake up every morning wanting to go
to work.” — Keith Ward
Taking Care of Business:More than 50% work at
least 41 but less than 50hours a week.
In this article, you'll find referencesto additional charts in both an onlineversion and a PDF version of this sur-vey. The online version builds on thecontent you see here, while the PDFcontains the comprehensive survey.You can access both versions on Redmondmag.com.
FindIT Code: MoveUp05
GetMoreOnline
redmondmag.com
0905red_F1SalSurvey.v8 8/16/05 11:18 AM Page 52
| redmondmag.com | Redmond | September 2005 | 53
Acce
ss to
new
tech
.Jo
b se
curti
tyCo
rpor
ate c
ultu
reW
ork r
espo
nsib
ilitie
sOv
erall
com
pens
atio
n
19% Very Satisfied
18% Very Satisfied
11% Very Satisfied
16% Very Satisfied
9% Very Satisfied
36% Satisfied
37% Satisfied
30% Satisfied
44% Satisfied
33% Satisfied
26% Somewhat Satisfied
24% Somewhat Satisfied
26% Somewhat Satisfied
25% Somewhat Satisfied
32% Somewhat Satisfied
10% Not Too Satisfied
11% Not Too Satisfied
17% Not Too Satisfied
10% Not Too Satisfied
14% Not Too Satisfied
6% Dissatisfied
5% Dissatisfied
8% Dissatisfied
3% Dissatisfied
7% Dissatisfied
3% Very Dissatisfied
5% Very Dissatisfied
8% Very Dissatisfied
2% Very Dissatisfied
5% Very Dissatisfied
Aver
age:
4.4
4Av
erag
e: 4
.38
Aver
age:
3.96
Aver
age:
4.5
2Av
erag
e: 4
.09
Base
salar
yRa
ises/
bonu
ses,
etc.
Paid
tim
e off
Flexi
ble w
ork s
ched
ule
Paid
train
ing
Othe
r frin
ge b
enef
its
(car
s, as
soc.
fees
, etc.
)
10% Very Satisfied
9% Very Satisfied
6% Very Satisfied
19% Very Satisfied
28% Very Satisfied
10% Very Satisfied
32% Satisfied
28% Satisfied
21% Satisfied
42% Satisfied
38% Satisfied
26% Satisfied
32% Somewhat Satisfied
27% Somewhat Satisfied
24% Somewhat Satisfied
24% Somewhat Satisfied
20% Somewhat Satisfied
26% Somewhat Satisfied
14% Not Too Satisfied
17% Not Too Satisfied
21% Not Too Satisfied
8% Not Too Satisfied
7% Not Too Satisfied
17% Not Too Satisfied
7% Dissatisfied
12% Dissatisfied
16% Dissatisfied
4% Dissatisfied
4% Dissatisfied
12% Dissatisfied
5% Very Dissatisfied
7% Very Dissatisfied
12% Very Dissatisfied
3% Very Dissatisfied
3% Very Dissatisfied
9% Very Dissatisfied
Aver
age:
4.10
Aver
age:
3.84
Aver
age:
3.47
Aver
age:
4.5
6Av
erag
e: 4
.71Av
erag
e: 3.
78
Chart 6: Career Happiness
New this year: We asked how you felt about certainaspects of your career, compensation and job. By ranking,Very Satisfied is a 6, while Very Dissatisfied was a 1.
0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 53
54 | September 2005 | Redmond | redmondmag.com |
Movin’ On Up
Sometimes, theGrass Is Greener
Bill O’SullivanIT Specialist
Dept. of Justice
Springrield, Ill.
Salary: $58,000
Years in IT: 6
Certifications: MCSE,
MCSE: Security, CCNA
B ill O’Sullivan has seen the downside
of the IT life; now he’s experiencing
how the other half lives.
About a year ago O’Sullivan switched
jobs from an environment so miserable
that he sometimes couldn’t sleep. Now
he’s earning $58,000 annually, what he
calls a fair wage, and doing work that fasci-
nates him. O’Sullivan, of Springfield, Ill.,
works as an Information Technology Spe-
cialist for the U.S. Dept. of Justice, “sup-
porting people who do their best to
protect the United States and their com-
munity every day,” as he puts it. Now that
sounds like a man with job satisfaction.
But it wasn’t always that way. His old
position, he says, “was so extremely
micromanaged that I could not excel in
that environment.” The situation was so
negative, he says, “due to the careless-
ness and thoughtlessness of our boss at
the time. I knew that all of the long hours
and weekends that we were putting in
were going unappreciated.”
The final straw, O’Sullivan says, was
“When I asked for fours off to attend free
training and was denied. I knew it was
time to leave.”
Now he’s doing envelope-pushing work
“with interesting, intelligent people that I
respect and admire more than they will
ever understand.” A recent project for
O’Sullivan involved setting up the infra-
structure for Illinois courthouses that
were capturing audio feeds from legal
proceedings and dumping the data onto
servers for later retrieval.
And now he gets a good night’s rest!
— Keith Ward
next two spots, at $89,940 and$87,500 respectively. (More regionaldata, broken down by job title andMicrosoft certifications, can be foundin the PDF version of this article.)
What’s My MotivationA new set of questions we asked thisyear related to career satisfaction.Empirically, morethan 60 percentwere satisfied orvery satisfied withtheir flexible workschedule, paid timeoff and work responsibilities (see Chart6 on p. 53). Access to new technologyand job security also ranked above 50percent on the satisfaction scale.Corporate culture likewise rankedhigh, above other fringe benefits. Inter-estingly, raises/bonuses didn’t live up tomost respondents’ ideal.
Salary has its place, but is not a keymotivator in this industry. People inIT seem to have a genuine sense ofaccomplishment that comes withdoing work that’s otherwise perplexingto the rest of the computing world.
Jerry Gonzales, a systems analyst atUniversity of New Mexico, rememberstaking a basic programming class inhigh school that didn’t go well. “Iguess you could say I really stunk at it.”Fast forward to college in the late ’70s,when he was required to take a four-month-long computer class and heremembers that “for whatever reason,I fell in love with it.” The class, whichhe finished in four weeks, had a life-
changing impact that made him switchhis pre-law major to data management,which, in 1977, was the precursor towhat today is called systems analysis.
Gonzales’ story is of the type told invarious iterations, always includingthe word “love.” “I love computers anda challenge. What can I say?” addsKausch. “It’s voodoo to most people
and I enjoy mak-ing sense out of itall for my organi-zation,” saysMark Evans, anetwork adminis-
trator for the Indian Health Service inOregon.
“Obviously, we live in a money-driv-en society … salary is of the utmostimportance,” says Brian O’Connor, anetwork engineer with Branford,Conn.-based Harco Labs. “However,”he adds, “the amount of praise andappreciation I receive makes me lovemy job that much more.”
Dissatisfaction didn’t run deep withrespondents, which begs the question:Will most IT professionals workingtoday stick around for the long haul? Ifthe overall career satisfaction numbersare to be believed, 86 percent of you willbe around for another five years—whichmay be long enough to roll out Win-dows Vista and Longhorn server.—
Michael Domingo is the editor of MCPmag.com, a sister site to Redmond-mag.com, as well as co-editor of RCPmag.com. You can reach him via e-mail [email protected].
Methodology
Once again, Redmond and MCPmag.com turned to Larry Wilson and Wil-
son Research to help us create the survey and compile and report on
the results. We e-mailed the survey to 50,000 individuals, representing read-
ers of Redmond, as well as Redmond Report and MCPmag.com newsletter
subscribers, both certified and non-certified. Of those, we were able to filter
out the U.S. respondents to 1,675 people.
According to Wilson, the margin of error with this number of people hovers
around 3 percent, which gives us great confidence in these numbers.
Thanks to Larry Wilson and Wilson Research for guidance in formulating
the survey and interpreting the results. — M.D.
1 out of 4 respondents whowere laid off believe their
job was outsourced.
0905red_F1SalSurvey.v8 8/16/05 10:08 AM Page 54
Visit www.IT-Train.com to demo our web-basedtraining courses, or call 1-877-TRAINING for discount offers available exclusively to Redmond Magazine readers!
Studies show that certified IT pros surpass theirnon-certified peers in salary and bonus pay.
Start making what you deserve - get IT trainedand certified.
Get Started Today - Try a FREE IT Training Title at:
www.IT-Train.com
Toll Free:
1-877-TRAININGOr Visit: www.IT-Train.com
*Call 1-800-313-1630 for more information on our guarantee. Copyright ©2005 CBT Direct, LLC
All rights reserved. The CBT Direct logo and CBT Direct's ClassWare are trademarks of CBT Direct, LLC.
All other trademarks are properties of their respective owners.
• Study Anywhere You Have Internet Access
• Gain Hands-on Experience WithHundreds of Practice Questionsand Exercises
• Be Sure to PASS the IT ExamsWith Our Money-BackCertification Guarantee*
• Receive 24/7 Support FromCertified Online Mentors
e-Learning Solutions for Today’s Careers
RDM
Project1 8/3/05 11:33 AM Page 1
56 | August 2005 | Redmond | redmondmag.com |
0905red_F2Markezich56-60.v7 8/16/05 9:36 AM Page 56
| redmondmag.com | Redmond | September 2005 | 57PHOTO BY JOHN HOLLINGSWORTH
As CIO for Microsoft IT, Ron Markezich’s role is alot like the top IT management job at nearly anyorganization: He worries about security threats,
reducing costs and driving up SLAs. But as the head of a2,000-person IT department, with 10,000 servers on a300,000-device network at the world’s largest softwarecompany, it’s also very different.
Markezich started working with Microsoft in 1995 whilehe was employed by Anderson Consulting (now Accenture),and joined Microsoft’s IT staff in November 1998. Onceinside Microsoft, he started out handling the IT side ofMicrosoft’s finances. From there, he moved up to runningMicrosoft’s IT infrastructure for two years. About a yearago, he was tapped as chief information officer.
In a wide-ranging interview with Redmond magazineNews Editor Scott Bekker, Markezich talks about how heapproaches his unique role, the cultural issues he faces atMicrosoft, what he’s looking forward to in the Longhornwave of products (getting rid of passwords, for one thing),why he thinks virtualization’s potential is overblown, andhis big plan for grid computing.
Redmond: As CIO of Microsoft, what do youthink are some of the main ways that your job atMicrosoft is similar to other CIOs, and how is itvery different?I think of my job as three jobs in one. One is a typical CIOjob. I talk to small businesses; I talk to companies, like GE,that are larger than us; I talk with governments. The issuesI deal with are exactly the same—security threats, provingthe value of IT, dealing with reduced costs, keeping infrastructure at a high availability. It’s very similar.
The two jobs of mine that aren’t very similar are my customer role and working with the product teams. About
one-third of my time is spent externally talking to cus-tomers about how we use the technology. A lot of CIOs dothat—I probably do that more because we’re running thestuff that we sell.
The other third is working with the product teams. Themost important part of my job is making our products better. So I meet with BillG [Microsoft Chairman and
Chief Software Architect Bill Gates] regularly and meetwith the product group executives regularly. I really lookat our organization, the IT organization, as an extension ofthe product teams. So they’re constantly running that testproduct before it’s released, and getting feedback from uson how to make it better.
One of the things we do is sign off on all products beforethey’re released. So, we have to run them, we have to showthe capabilities.
But divided in those three ways, the first one is very similar to any other CIO.
One of the things with this job that I love, that’s alsoone of the challenges, is that there are very few jobs inMicrosoft so broad in terms of the technologies. BillGates’ is, obviously. But this is one of those [positions]where you have to cover business intelligence to networking in the same job.
Redmond: Describe Microsoft’s overall IT operations.We have about 58,000 employees now, and I have about90,000 users [including] contractors and vendors. Ofthat population, one of the big advantages I have is thateveryone has a computer and network access. By defaultwe give everyone e-mail. That means I can push a lotout via technology.
If you look at the IT organization, we support across ournetwork about 300,000 devices. Most of those are PCs and
Microsoft’s First,Best Customer
BY SCOTT BEKKER
A Q&A with
Microsoft CIO
Ron Markezich
More than 300,000 devices. About 10,000 servers, 2,000 IT staff and
the same number of contractors and vendors. The most attacked
network in the world. Meet the man responsible for keeping it all going.
0905red_F2Markezich56-60.v7 8/16/05 9:36 AM Page 57
servers with some routers and network devices, but primarily PCs or servers. We have about 280,000 PCsand servers. They are Windows PCs—we don’t have any non-Windows machines.
I have about 10,000 servers that I manage [from] our data centers. Those are primarily production data-center servers,infrastructure servers and lab servers.The rest of those are employeemachines, client machines or otherlab servers.
Employee-wise, I have about 2,000[IT] employees and about another2,000 contractors and vendors.
We do most of our work in Redmond. Over the years we’ve consolidated a lot of ourinfrastructure and our activities around the world. We alsohave a team in India, so those are the two hubs. We havean operations center in Dublin, in Singapore and Reno[Nevada], so those centers have some small IT staff, notvery large.
Redmond: Describe your hiring process.New hires mostly come from outside. Actually, IT is a feeding ground for our product teams. I very rarely get aproduct person to come into IT, but I quite often send ITpeople into the product groups. It’s painful for me, but it’sby design; the skills they build in IT—the operational
aspects and manageability aspects—are great skills for ourproduct development teams. My folks are in touch with theproduct teams. The person who runs messaging goes toDave Thompson’s staff meetings. [Thompson is corporatevice president of the Exchange Server Product Group.]That’s attractive to a lot of people coming from the outside.
I also compete for talent with theproduct teams. I get most of myfolks from two places. One is off-campus. We have a very large internprogram, and the interns will comein for a six-month internship beforethey graduate. We have a very
high success rate of hiring those people back after theygraduate—we’ve never had an intern turn down an offer.
The other big category is contractors; I have about 2,000contractors. Quite often those contractors and vendors willchoose to come work at Microsoft.
Redmond: How much do you have to worry aboutservers that are used by Microsoft developers in theproduct teams? It depends how you define ‘worry.’ When it comes to patchcompliance, I worry about them a lot. I need to ensure thatthey’re patched, and they’re not providing a potential vul-nerability to my network, because they all hang on the net-work—all 300,000 devices are on that network. Outside of
As you would expect, Microsoft IT is theultimate Microsoft shop. There are nonon-Windows PCs outside of Microsoft’scompetitive labs and every productiondatabase runs SQL Server, Markezich says.
Microsoft’s First, Best Customer
0905red_F2Markezich56-60.v7 8/16/05 9:36 AM Page 58
that, I don’t do that much. We scan every machine in theenvironment at least once a day to make sure they’readhering to certain security policies. There’s a culturalissue around consolidation of computing power, especiallyin our product labs. Developers like to see those comput-ers when they come in, and see them when they go homeat the end of the day. What we’re doing now is consolidating those into our off-site data centers where wecan have a high-availability environment and lower rent.
As we move more and more to those environments,we’re going to start managing those more and more likedata-center servers.
One of the things we’ve done in the last few years is consolidate quite a few servers, especially on the infra-
structure side. That 10,000 number, most of it is applica-tion servers. We’ve reduced our infrastructure servers—Exchange servers, Active Directory domain controllers,WINS, DHCP—by about one-third. When I talk aboutconsolidation of the infrastructure outside of Redmond,that’s really what we did a lot of.
[Ed. Note—This next section makes frequent reference to Long-horn—a wave of products that includes the desktop OS, a serverOS, Office 12 and other products. Microsoft officially named thedesktop OS component of the Longhorn wave “Windows Vista”after this interview took place.]
Redmond: What features are you hoping to takeadvantage of in Longhorn? Most of our focus right now is on how we’re going to takeadvantage of Longhorn in our environment.
[A big area is] Network Access Protection. From a securitystandpoint, right now, we treat internal access different than
Redmond is Microsoft’s main IT hub, with 6,000 of thecompany’s 10,000 production servers there. Microsofthas another IT hub in India and data centers in Reno,Nevada, where all U.S. licensing is handled; Ireland;and Singapore. The company also has a business continuance data center in Silicon Valley. ExplainsMarkezich, “People are going to say ‘Silicon Valley is afunny place to have a business continuance center.’But when we bought Hotmail it came with that facilityand they already had a data center in Silicon Valley.The chance of having earthquakes in Seattle and thatcenter at the same time are very small. And bandwidthis actually very inexpensive between the sites—youcan replicate.”
The largest servers Microsoft uses in production are32-processor Unisys systems. The only 64-processorHP Superdomes at Microsoft are for product testingand benchmarking. In production, Microsoft doesn’thave any really CPU-intensive functions, given thatpartners handle roughly 80 percent of day-to-daytransactions and feed data to Microsoft monthly.
E-Learning is the ultimate online learning tool. It’s all yours 24 hours a day, 7 days a week, and
it will give you everything you need to conquer even the toughest IT challenge. Give e-Learning
a try and we’ll teach you everything we know. Visit www.transcender.com or call 1-866-639-8765.
© 2005 Kaplan IT, Inc. All rights reserved. TRANSCENDER® Kaplan IT, Inc. All rights reserved.
0905red_F2Markezich56-60.v7 8/16/05 9:36 AM Page 59
external access. So if you, as an employee or vendor, want toget into Microsoft and you’re outside a Microsoft building,we force you to use a smart card. We put you in a quarantinestate. We scan your machine before you get an IP address.
With Longhorn, we’ll switch that. We will treat internal
users the same as external users. To get into the corporatenetwork, you’ll have to use a smart card and we’ll put youinto a quarantine state using Network Access Protectionbefore we let you in.
That’s a fundamental shift for us. I think it’s a badassumption that bad guys are [only] on the outside. Therewill also be bad people on the inside who want to do some-thing. We’ll keep building Longhorn to help us with that.
Redmond: Are you planning to get rid of domain credentials at Microsoft in the Longhorn timeframe?Everyone who requires RAS [Remote Access Services]access has a smart card. We have RAS credentials to log on.
With Longhorn we’llactually get rid of domaincredentials. So you’ll haveyour smart card and yourPIN. You won’t have yourdomain credentials. Thereason is that domain credentials add riskbecause someone can harvest those or stealthem—people aren’talways that good withtheir passwords. And ifthey gain access to a
building that doesn’t require smart cards, then they gainaccess to the network. Requiring smart cards everywherewill also eliminate the need for domain credentials. [It willrequire] something you have and something you know togain access.
Redmond: How is Microsoft IT taking advantageof virtualization?Virtualization is obviously continuing to grow, and peoplesay virtualization benefits are good. But I’ll tell you, they’renot as significant as what we could do to help decreaselabor costs or complexity. By consolidating and centrallymanaging infrastructure, we’ve taken our infrastructurecosts down significantly. Virtualization decreases your costs
of your existing infrastructure. But we’ve taken out somuch of our infrastructure spending [already through con-solidation and central management that the opportunity tosave additional money on infrastructure through virtual-ization is not large]. On the app side, about 95 percent of spending is labor [developers, consultants andadministrators]. Even though there’s a lot of talk about virtualization, and we’ll drive that as well, it’s not going tomake me really drive that much improvement in theorganization because I need a way to keep adding newbusiness benefits through efficiencies in my app developmentand new ways to deliver solutions.
Redmond: How much has Microsoft reduced itsinfrastructure spending through consolidationand centralized management?My total IT investment, two-thirds of it’s on apps and one-third’s on infrastructure. Just three years ago we were50/50—50 percent infrastructure, 50 percent apps. Fiveyears ago we were three-quarters infrastructure, one-quarter apps. We saved that money and invested in appsthat meet new business needs or provide new functions.
Redmond: Any plans to use grid computingwithin Microsoft?Yes. Our big goal with grid computing that would probably provide the most benefit is on the product side, from using the computing power we have across the company to do our builds, especially because the buildprocess that we have is fairly computing-intensive. One ofthe things we’re looking at, and we’re working with BillGates’ technical assis-tant on this, is how to use all that environment—all the300,000 machines in thecompany—to help that build process. We don’t have thatmuch, other than builds and the product developmentfunctions, that are huge CPU-intensive activities.
Redmond: You’ve been in this job about a year.What are you proudest of? A project, a processor anything?What I’m proudest of is the influence we have on theproduct teams. We sit down with Bill at least once aquarter [or as often as twice in two weeks] to help influence what Longhorn looks like, to help influencethe telephony strategy, to help influence our businessintelligence strategy. When I will feel good is whenthose ideas, the input that we had with Bill over the lastyear, make it into the product and customers start benefiting from those things.—
Redmond News Editor Scott Bekker also serves as the editor ofENTmag.com. Reach him at [email protected].
60 | September 2005 | Redmond | redmondmag.com |
Read more of this interview, includingwhat third-party software Microsoftdepends on, how the next generationof Visual Studio is helping Microsoftwith compliance and how Microsoftensures high availability in itsExchange infrastructure.
FindIT code: MSCIO
GetMoreOnline
redmondmag.com
What Markezich considers his mission-critical systemsat Microsoft (in order):1) E-mail: “Microsoft e-mail is like oxygen. We’re geo-graphically distributed and culturally dependent on it.”2) Core infrastructure: “We’re doing a lot of develop-ment around the world, a lot of product supportaround the world.”3) Customer support systems.
Microsoft’s corporate standardsfor data-center servers are Delland Hewlett-Packard.
Microsoft’s First, Best Customer
0905red_F2Markezich56-60.v7 8/16/05 9:36 AM Page 60
By day threeJack was finally
enjoying his IT training
,
.
• Microsoft
• Cisco
• Oracle
• Sun
• Linux
• CISSP
• C EH
• CompTIA
• UNIX
• Forensics
Unfortunately, you can’t dream your way to certification.
Our accelerated programs, featuring our exclusive 31/2 step method,TM
makes learning fast and effective. In less than two weeks, you’ll
return to your job empowered with the knowledge, confidence
and certification you need to advance your career…and your life.
To find out more about our all-inclusive certification programs,
call 800-698-5501 or visit www.trainingcamp.com.
Enter the special promotion code “HELP” and receive a 20%
discount on select courses.
Project6 1/6/05 5:17 PM Page 1
The
Windows IT Pro Readers’ Choice Winner three years in a row,
iHateSpam for Exchange lets you control spam according to the
needs of your company and users — not to mention your needs.
Spam detection 98.5% out of the box: You can
“configure it and forget it”
for easy, effective
“hands-off” spam
management.
And setup takes
minutes, not
hours or days.
Low false positives: Control aggressiveness of spam detection
with simple threshold settings. Set server or user-level whitelists.
And end-users
always get email
from the people
in their own
Contacts folder. Constantly updated dual spam engines:Field-tested, powerful spam detection.
Filtering based on tunable parameters:Use our default engine or customize
with your own rules or blacklists.
Customizable treatment of spam:Delete it, route it to a designated mailbox,
put a custom message in the subject, or even quarantine
it to a spam folder in the end-user’s mailbox. Filter at the server — no client software needed: Set flexible
server-level policies for groups or single users.
Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]© 2005 Sunbelt Software. All rights reserved. iHateSpam is a trademark of Sunbelt Software. All trademarks used are owned by their respective companies.
Your life shouldn’t.for Microsoft Exchange 5.5, 2000 and 2003
D o w n l o a d t h e 3 0 - d a y F R E E t r i a l a t w w w . s u n b e l t - s o f t w a r e . c o m / i h r e d
Project2 8/11/05 1:14 PM Page 1
| redmondmag.com | Redmond | September 2005 | 63
SecurityAdvisorRoberta Bragg
DRM’s great strength is that it cancontrol what a user or recipient of cor-porate data can do with that data.For example, with DRM you can: • Control who can read or print a document, such as a confidential contract • Control whether the recipient of ane-mail can forward that e-mail • Enforce a document expiration date,after which data that may be outdatedcan no longer be viewed• Prevent recipients from reading an e-mail you’ve sent, even after the e-mail has arrived in the recipient’s inbox
Two major vendors vying to becomethe market leader for DRM areMicrosoft and Adobe. Both offer DRMproducts designed to appeal to a large
number of companies and cover thetypes of data they commonly create and process. This column will look at Microsoft’s Windows Rights Management Service (RMS) in detail,but if you feel that DRM is for you, youmay want to also take a look at theproducts from Adobe or others to see ifthey better fit your needs.
Why You Need DRMWhen you protect a document withDRM, you define what others can do
with it. The document is encrypted andthe applied permissions or restrictions areattached to it. When another user opensthe document, the client application first attempts to obtain a license from alicensing server. If the user has therequested access permissions, the licenseis granted and the document opens. If the user isn’t allowed the requested typeof access, no license is created and thedocument can’t be opened.
At first sight, this process seems toadd unnecessary complications: Afterall, file system permissions alreadyallow you to control who can access adocument. However, file system per-missions are lost when someone copiesthe document from the server wherethe permissions were defined.
Imagine a lawyer who copies a confi-dential contract from the server to aUSB stick so he can work on it at home.Now the document exists on the server,the USB stick and a home computer—and the carefully designed file systempermissions on the server don’t preventanyone from getting the contract fromthe USB stick or the home computer.In contrast, DRM-protected documentsare encrypted and the permissions areattached to the document. If the lawyer’scompany had used DRM to protect thedocument, only the lawyer would beable to access the document, regardlessof where it’s copied to. In situations such
as this, DRM gives you the ability tocreate an access control mechanism thattravels with the document, instead ofbeing tied to the location where youstore the document.
Controlling the type of access is asimportant as who can access thedocument. Take the case of forwarding e-mail. Forwarding e-mail and addingadditional recipients when you reply toe-mail are common practices. The easewith which you can forward e-mail canenhance corporate communications, butit also increases the risk of spreadingconfidential information beyond theoriginal list of recipients. You might beable to prevent the forwarding of an e-mail message by asking the recipient tokeep the content confidential, but such arequest is easily forgotten. Once severalrecipients have turned the mail into adiscussion thread by clicking “Reply All,”your original request for confidentialityhas become buried at the bottom of amulti-page e-mail that has by now takenon a life of its own. With DRM you canprevent others from forwarding an e-mail to someone who was not an originalrecipient. You can also prevent othersfrom printing a document or copyingtext from it into another document.
Microsoft’s DRM ComponentsDRM requires several components to function: • The application used to create a document must be able to encrypt itand create the information that defineswho can access the document and how.• The application used to access thedocument must be able to decrypt the information and honor the usagerestrictions included with the document.
The main applications included withMicrosoft Office Professional 2003,such as Word, Excel and Outlook, are
Know Your Rights (Management)
igital Rights Management (DRM) has been around for a
while. Microsoft recently released Service Pack 1 for its
DRM product, Windows Rights Management Services
(RMS), and it finally appears to be a useful tool to help solve
some common security problems. Let’s explore what DRM can
do and whether Microsoft has the right DRM solution for you.
D
SecurityAdvisorJoern Wettern
It’s difficult to make RMS workacross organizations.
0905red_SecAdvisor63-66.v7 8/15/05 4:29 PM Page 63
Live on your Desktop Free Web Seminars
Brought to you by:
Visit: Redmondmag.com/techlibrary/webcasts
0905red_WebSemAd 8/15/05 3:03 PM Page 64
SecurityAdvisor
| redmondmag.com | Redmond | September 2005 | 65
designed to perform these functions withRMS. An add-in for IE allows you toview protected content even if you’re notrunning Office Professional 2003, includ-ing when you use Outlook Web Access.
If you’re using Office 2003, you mayhave noticed a Permission commandon the File menu. As the creator of adocument, you can use this commandto define access permissions and whattype of access is allowed. To preventusers from circumventing restrictions,RMS also requires an OS that under-stands DRM. For example, a usercould copy the contents of a non-printable document to a differentapplication and print the content fromthere. To make RMS work, you haveto update your OS with the RMSclient software. Clients running Windows 2000 with Service Pack 4and later are supported.
The component that holds RMStogether is the server infrastructurethat makes it possible to create thelicenses required to access protecteddocuments. RMS servers create usagelicenses, as well as other types of certificates, that allow a user to protect a document. RMS servers alsoarchive issued certificates and performauditing functions. The server compo-nent of RMS is a premium componentof Windows 2003 Server that you candownload and install on any serverrunning Windows 2003. There’s noextra cost for installing this compo-nent, but you have to purchase a clientlicense for every user who creates oraccesses protected content.
What RMS Can Do for YouAn RMS server must be online to issue a use license when you access pro-tected content. This may appear like an annoying restriction, but it allows you toensure that the restrictions with the doc-ument are still valid when you access it.
Before an application grants a userthe requested access to protected content, it queries an RMS server to check whether the permissions
included with the document are stillvalid or have changed. This allows fora number of interesting scenarios: • You can control access based ongroup membership. Applicationsenforce this based on group membershipwhen the document is opened, not whenthe document was created.• You can set expiration dates for an e-mail. After this date a user can nolonger open the e-mail, even if this user changes the system time on theclient computer.• You can prevent others from reading an e-mail you’ve alreadysent. Because Outlook checks with an RMS server before displaying the message, it can recognize that the usagepermissions included with the messagehave been revoked.
(For those times you want to accessprotected content while you’re not con-nected to a network, an administrator
can allow the caching of usage licenseson client computers.)
Installing RMS is relatively easy, but aswith any technology, planning is essen-tial. RMS requires Active Directory,SQL Server for data storage and at leastone Windows 2003 server to be yourRMS server. Once the RMS server is inplace, it issues certificates that allowusers to publish content and licensesthat enable users to access content.
Implementing RMS also requiressome user training, but this is fairlyminimal. You can further simplify theprocess for users by creating permissiontemplates that contain the required set-tings for certain types of documents,such as “Confidential” or “ManagementOnly.” Users can then easily apply sucha template to the documents they cre-ate without having to worry about spe-cific permissions. Accessing protectedcontent that someone else created
0905red_SecAdvisor63-66.v7 8/15/05 4:29 PM Page 65
66 | September 2005 | Redmond | redmondmag.com |
SecurityAdvisor
requires no user interaction. Users mayonly notice that certain functions, suchas printing, are not available.
What’s Not to Like About RMSAs you’ve seen, RMS can provide anumber of important benefits, butthere are also some weak spots. Themost glaring is that there are manyways to get around the forwarding andprinting restrictions. Windows doesn’tallow you to copy from or take screenshots of a protected document, butthere are third-party screenshot applications that don’t honor RMSrestrictions. Even if they did, RMScan’t provide protection against takinga snapshot of a computer screen with adigital camera—or using a pen to copy the information. This limitationapplies to all DRM products in one way or another; however, for mostorganizations this isn’t a real problem.
Few applications currently supportRMS. You can use RMS to apply permis-sions to documents that you create with
the core Microsoft Office applications,and there are third-party add-ons toextend RMS to other document formats, such as PDF files, but RMSdoesn’t protect documents created withapplications that aren’t RMS-aware.
Providing universal access to RMScapabilities requires you to extend yourRMS infrastructure beyond your internalnetwork, and doing so may turn out tobe difficult. Enabling users not on thecorporate network to publish orwork with protected content requiresallowing access to an RMS server fromthe Internet. Allowing this access canincrease your security risk, but Microsoftoffers ample guidance for configuringyour infrastructure to both provide efficient access and minimize these risks.
It’s even more difficult to make RMSwork across organizations. You have tocreate trust relationships between yourorganization and another one beforeyou can give users in the other organi-zation access to protected content andvice versa. Such trust relationships are
not likely to become commonplaceuntil RMS is widely adopted. However,most organizations I know today areprimarily concerned with protectinginternal content. Extending RMS tobusiness partners is not yet a priority.
One of the obstacles to such wideadoption is the cost. RMS requires alicense for each user who creates oraccesses content, and justifying this cost to management can be a tough sell.At the same time, more and more companies, especially those in regulatedindustries such as the medical and financial sectors, may find the cost ofimplementing RMS cheaper than penalties or financial losses due to unauthorized information disclosure.While it’s hard to do such cost estimates,it’s no surprise that most companiesadopting RMS and other forms of DRMtoday are those that are subject to clearlydefined and expensive penalties for disclosing unauthorized information.
Get Ready Now!Whether you have an immediate needfor DRM or not, you should take a lookat the technology to see what it has tooffer. I believe that DRM will becomepart of mainstream security technologysoon, and becoming familiar with it nowcan give you a head start. Microsoft’sRMS has a number of attractive featuresand integrates very well into organiza-tions that use Office for e-mail and most business documents. Even if youdon’t have the time or resources to fullyevaluate RMS right now, I encourageyou to preview some of the DRM capabilities built into Microsoft Office,which you can do without installingRMS (see “DRM Lite” on this page formore information).—
Joern Wettern, Ph.D., MCSE, MCT,Security+, is the owner of Wettern Network Solutions, a consulting and training firm. He has written books anddeveloped training courses on a number ofnetworking and security topics. Reach himat [email protected].
D R M L i t eMicrosoft has built DRM capabilities into Office 2003 Professional Edition, and you can use it even without installing RMS. In Office thefeature is called “Information Rights Management,” and it allows youto restrict access to your documents and e-mails by using a Passportaccount (both you and the recipient need an account).
To restrict access to a document or e-mail, simply choosePermissions from the File menu while you have a document or e-mail message open. The application will guide you through all requiredsteps, including installation of the required software to authenticate toa Passport server and receiving a certificate from a Microsoft-ownedlicensing server on the Internet. The recipient of the document or e-mail has to complete a similar process before accessing the document, receiving a use license for the document in the process.
Once you’ve completed the initial setup, you can experiment with different types of restrictions, such as preventing printing orforwarding, or restricting access to specific users.
The Information Rights Management service is operated byMicrosoft as a free trial, and the company says it may shut downthis service at some later point. Because of this, you shouldn’tdepend on it for your company’s DRM needs. However, it’s an easyand cheap way to explore what DRM has to offer. — J.W.
0905red_SecAdvisor63-66.v7 8/15/05 4:29 PM Page 66
San Jose, CAOctober 17-21, 2005
Network and Certification Training forWindows Professionals
Over 90 sessions categorized into tracks:
CCNA MCSA MCSE
Scripting Troubleshooting
P R E S E N T E D B Y :
Linux Integration
Security
TechMentorEvents.com
TechMentor0905AdFinal.qxp 8/8/05 3:49 PM Page 67
Track Descriptions
CCNA (Cisco Certified Network Associate)/Infrastructure
The CCNA track will prepare you to take Cisco’s entry-level networking exam. Nearly every administrator hasnetwork-related duties, whether it’s firewall configuration, managing IP traffic or setting up a VPN. The CCNAtrack will teach you what you need to know with four days of intense training. The instructor for most sessionsis Todd Lammle, one of the industry’s most well-known and popular speakers.
MCSA (Microsoft Certified Systems Administrator)
The MCSA track is fast-paced, presenting all the vital information necessary to prepare you for the MCSAexams. The instruction removes all redundancy in the exam curriculum and accelerates the learning process byproviding only the information needed, without any sales propaganda. This track is led by popular “certificationslam session” instructor Bruce Rougeau.
MCSE (Microsoft Certified Systems Engineer)
The MCSE track is aimed at administrators or system architects with at least a year of Windows 2000 Serveror Windows Server 2003 experience. This intense course will prepare you to take the tests necessary to obtainthe MCSE. Led by well-known book author, Redmond magazine columnist and trainer Derek Melber, the courseoffers a sequential path through the test objectives you'll be required to know. Come prepared with your laptopand goggles: this course flies!
Windows/Linux Integration
The Windows/Linux Integration mini-track is geared to admins who are experimenting with, or using, Linux intheir day-to-day Windows environments. The track begins with an overview of the basics of Linux, then movesinto the Windows realm, detailing how to get Linux and Windows to play nice with each other. Noted author andspeaker Jeremy Moskowitz, currently writing a book on Linux-Windows interoperability, leads this track.
Scripting
The Scripting track will provide you with the foundation necessary to administer your servers and desktopsmore efficiently using scripts. You will start out with basic scripts that require no previous knowledge ofscripting. Building on that foundation, you will work your way through more advanced concepts, with hundredsof examples and lots of opportunities to get your hands dirty building your own scripts. When you finish, you’llhave all the tools you need to replace those time-consuming manual processes that take up so much of yourwork day. This track is led by scripting guru, Redmond magazine Contributing Editor and instructor Don Jones.
Security
The Security mini-track offers three days of in-depth instruction on all aspects of Windows security. It starts offwith the basics and builds in a step-by-step fashion to more advanced topics. Learn security from three of thebiggest names in the Windows security world: Windows author and speaker Mark Minasi, Microsoft Corp.security guru Steve Riley, and prolific author and speaker Roger Grimes.
System and Network Troubleshooting
The Troubleshooting track is your source for the very best tips, tricks, and tools to diagnose problems andkeep your machines humming. Divided into 5 mini-tracks on Server, Security, Network, Terminal Services, andActive Directory troubleshooting, you'll pick up more in every 90 minute session than in a full day of research.This track is led by popular instructor and Redmond magazine contributor Greg Shields.
TechMentor | October 17-21 | San Jose, California
TechMentor0905AdFinal.qxp 8/8/05 3:49 PM Page 68
When you attend a TechMentor conference, you have direct access to the most respected instructors in theindustry. Since 1998, TechMentor has provided in-depth, technical training from world-class instructors forthousands of Windows networking professionals. Our attendees leave fully capable of managing their networkssmarter, faster and more effectively.
Instructors You Know and Trust
Peer Networking EventsThere is plenty to learn outside the classroom fromour network-savvy attendees and instructors — whoare authors and consultants, as well as skilled speakers. Exchange ideas, share resources and discuss lessons learned in a variety of casual settings,such as:> Attendee Networking Forum> Cocktail Reception> One-on-One Consulting with Instructors> Improv Night
Who Should Attend> Systems Administrators > Network Administrators and Managers > Network/Systems Engineers > MCPs, MCSAs and MCSEs > IS/IT Managers and Directors > Security Specialists > IT/Network/Systems Analysts > Tech Support/Help Desk Technicians > Consultants
For complete conference details, downloadthe brochure at TechMentorEvents.com.
Don Jones, MCSE, Speaker,
Author, Consultant,Contributing
Editor,Owner of
ScriptingAnswers.com
Todd Lammle,CCNP, MCSE,
Speaker, Author,Consultant,President of
GlobalNet Training,CEO of
RouterSim, LLC
Derek Melber,MCSE, Speaker,
Trainer, Author,Director of Edu.
and Certification atDesktopStandard
JeremyMoskowitz,MCSE, Consultant,Trainer, Author,Contributing Editor,Founder of
Moskowitz, Inc.
TechMentor | October 17-21 | San Jose, California
BruceRougeau,MCSE, MCT,InfrastructureArchitect at
EDS.
Greg Shields,MCSE: Security,CCEA, Trainer,Contributing Editor,Sr. SystemsEngineer at
Raytheon.
TechMentor0905AdFinal.qxp 8/8/05 3:49 PM Page 69
San Jose, CAOctober 17-21, 2005
TechMentorEvents.com
Network and Certification Training forWindows Professionals
TechMentor Conference Highlights
Soar beyond the boundaries of what you thoughtyou could do. Register today for TechMentor.
TechMentor Conference Highlights> Free testing voucher for any Microsoft certification exam> Learn how to integrate Linux into your Windows environment> Upgrade your skills to Windows Server 2003> Learn to diagnose and repair common network problems> Improve your network security> Make long-lasting professional contacts
Soar beyond the boundaries of what you thoughtyou could do. Register today for TechMentor.
P R E S E N T E D B Y :
TechMentor0905AdFinal.qxp 8/8/05 3:49 PM Page 70
This index is provided as a service. The publisher assumes no liability for errors or omissions.
AD INDEXAdvertiser Page URLCBT Direct 55 www.cbtdirect.com
CrossTec 26 www.crossteccorp.com
Citrix Education 47 www.citrix.com
DesktopStandard 8 www.desktopstandard.com
Devon IT 25 www.ntavo.com
Diskeeper Corporation 13 www.diskeeper.com
EMC Legato 11 www.legato.com
Famatech 37 www.famatech.com
GFI Software 15 www.gfi.com
Global Knowledge 43 www.globalknowledge.com
GOexchange by Lucid8 LLC 18,19 www.goexchange.com
Good Technology 23 www.goodtechnology.com
IBM 39 www.ibm.com
Interactive Study Systems 45 www.examsaver.com
iTripoli 21 www.AdminScriptEditor.com
Measure Up 35 www.measureup.com
NetSupport 36 www.netsupport-inc.com
Network Automation 29 www.networkautomation.com
Network Instruments 58 www.networkinstruments.com
PrepLogic 51 www.preplogic.com
Privacyware 65 www.privacyware.com
Project Management Institute 49 www.pmi.org
Quest Software C4 www.quest.com
Redmondmag.com 64 www.redmondmag.com/techlibrary/webcasts/
Shavlik Technologies 7 www.shavlik.com
Sunbelt Software 5,62 www.sunbelt-software.com
SurfControl C2 www.surfcontrol.com
TechMentor San Jose 67-70 www.techmentorevents.com
The Neverfail Group 16 www.neverfailgroup.com
The Training Camp 61 www.trainingcamp.com
Transcender 59 www.transcender.com
Ultrabac Software C3 www.ultrabac.com
Websense 3 www.websense.com
Winternals 33 www.winternals.com
| redmondmag.com | Redmond | September 2005 | 71
RedmondResources
EDITORIAL INDEXCompany Page URLApache Software Organization, The 30, 34, 38 www.apache.org
Apple Computer Inc. 4, 50 www.apple.com
Brocade Communications Systems Inc. 50 www.brocade.com
Cisco Systems Inc. 44,46, 50, 52,54 www.cisco.com
Citrix Systems Inc. 50 www.citrix.com
Check Point Software Technologies Ltd. 50 www.checkpoint.com
Computing Technology Industry Inc., The 46, 50, 52, 54
Dell Inc. 50 www.dell.com
EMC Corp. 50 www.emc.com
Enterasys Networks Inc. 50 www.enterasys.com
Google 12, 14 www.google.com
Hewlett-Packard Co. 4, 34, 46, 50 www.hp.com
IBM Corp. 4, 34, 46, 50 www.ibm.com
(ISC)2 Inc. 50 www.isc.org
Linux Professional Institute 50 www.lpi.org
Microsoft Corp. 4, 9, 10, 12, 17, 20, www.microsoft.com24, 27, 28, 30, 32, 38, 40-42, 44, 46, 48, 50, 52, 54, 56-60, 63, 65, 66, 72
Mozilla Organization, The 12 www.mozilla.org
MySQL AB 50 www.mysql.com
Nortel Networks 50 www.nortelnetworks.com
Novell Inc. 30-32, 38, 50 www.novell.com
Oracle Corp. 4, 50 www.oracle.com
Privacyware 22, 24 www.privacyware.com
Project Management Institute Inc. 50 www.pmi.org
Prosoft Learning Corp. 50 www.prosofttraining.com
Red Hat Inc. 30-32, 38, 50 www.redhat.com
SANS Institute, The 50 www.sans.org
SCO Group Inc., The 30-31, 36-38 www.caldera.com
Special Operations Software 17, 20 www.specopssoft.com
Sun Microsystems Inc. 4, 30, 31, 38, 46, 50 www.sun.com
Symantec Corp. 50 www.veritas.com
Sybase Inc. 50 www.sybase.com
Yahoo! Inc. 12 www.yahoo.com
ADVERTISING SALESHenry AllainPublisher949-265-1556 phone949-265-1528 [email protected]
Matt Morollo Associate Publisher508-532-1418 phone508-875-6622 [email protected]
Corporate Headquarters: 9121 Oakdale Ave.,Ste. 101Chatsworth, CA 91311,www.101com.com
Media Kits: Direct your Media Kit requests toMatt Morollo, Associate Publisher, 508-532-1418 (phone), 508-875-6622 (fax),[email protected].
Reprints: For all editorial and advertisingreprints, contact PARS International at(phone) 212-221-9595/(fax) 212-221-9195;e-mail:[email protected]; Web:www.magreprints.com/QuickQuote.asp
List Rentals: To rent REDMOND’s or other101communications’ publications postal, tele-marketing or e-mail lists, please contact our listmanager: Worldata, 3000 N. Military Trail,Boca Raton, FL 33431-6375, 1-800-331-8102, www.worldata.com
CONFERENCESTechMentor Conferences: contact Al Tiano,Sales Manager, 818-734-1520 ext. 190,[email protected]. The Data WarehousingInstitute: contact Diane Smith, Exhibit Sales,206-246-5059 ext.108, Denelle Hanlon, Publi-cation and Sponsorship Sales, 206-246-5059ext.102, [email protected]. FCWEvents and Conferences: contact Lucy Coo-ley, Events Director, 703-876-5081, [email protected]. Syllabus Conference and Exhibition: contact Anne Morris, Exhibit Spaceor Sponsorship, 818-734-1520 ext.219, [email protected].
© 2005 by 101communications. All rightsreserved. Reproductions in whole or part pro-
hibited except by written permission. Mailrequests to “Permissions Editor,” c/o REDMOND magazine, 16261 Laguna CanyonRoad, Ste. 130, Irvine, CA 92618. The informa-tion in this magazine has not undergone any for-mal testing by 101communications and isdistributed without any warranty expressed orimplied. Implementation or use of any informa-tion contained herein is the reader’s soleresponsibility. While the information has beenreviewed for accuracy, there is no guaranteethat the same or similar results may be achievedin all environments. Technical inaccuracies mayresult from printing errors, new developments inthe industry and/or changes or enhancementsto either hardware or software components.REDMOND magazine (ISSN: 1081-3497,USPS: 0015-657) is published monthly by101communications LLC, 9121 OakdaleAvenue, Ste. 101, Chatsworth, CA 91311.Periodicals postage paid at Chatsworth, CA91311-9998, and at additional mailing offices.Annual subscription rates for U.S. $39.95 (U.S.funds). Postage for Canada/Mexico $15 (U.S.funds); and International $25 (U.S. funds). Sub-scription inquiries, back issue requests, andaddress changes: Mail to: REDMOND, P.O.Box 2063, Skokie, IL 60076-9699, [email protected] or call (866) 293-3194for U.S. & Canada; (847) 763-9560 for Interna-tional, fax (847) 763-9564. POSTMASTER:Send address changes to REDMOND, P.O.Box 2063, Skokie, IL 60076-9699. CanadaPublications Mail Agreement No: 40039410.Return Undeliverable Canadian Addresses toCirculation Dept. or DHL Smart & Global Mail,2-7496 Bath Rd., Mississauga, ON, L4T 1L2,Canada. Copyright 2005 by 101communica-tions LLC. All rights reserved. Printed in U.S.A.
Northwest
No. CA, OR, WA, Alberta, BritishColumbia, Saskatchewan
Bruce Halldorson Northwestern Regional SalesManager209-473-2202 phone 209-473-2212 fax [email protected]
West/Mid West
AK, AR, AZ, So. CA, CO, HI, ID, IA, IL,IN, KS, MI, MN, MO, MT, ND, NE,NM, NV, OH, OK, SD, TX, UT, WI, WY,Manitoba, Pacific Rim, Australia, NewZealand, India, Pakistan
Dan LaBianca Western Regional Sales Manager 818-674-3417 phone 818-734-1528 fax [email protected]
ProductionKelly SmithAssociate Production Coordinator818-734-1520 ext.164 phone818-734-1528 [email protected]
East
AL, CT, DE, FL, GA, KY, LA, MA, MD,ME, MS, NC, NH, NJ, NY, PA, RI, SC,TN, VA, VT, WV, Quebec, Ontario, Europe
JD Holzgrefe Eastern Regional Sales Manager804-752-7800 phone253-595-1976 [email protected]
IT Certification & Training—USA, EuropeAl TianoAdvertising Sales Manager, ITCertification & Training818-734-1520 ext.190 phone818-734-1529 [email protected]
ENTmag.com &TCPmag.comTanya EgenolfAccount Executive760-722-5494 phone760-722-5495 [email protected]
0905red_Index71.v5 8/16/05 4:18 PM Page 71
72 | September 2005 | Redmond | redmondmag.com |
A Rose by Any Other Name
Asked what he would name Microsoft’snew server OS, Kris Ruiden, a senior software engineer forAscentium in Spokane,Wash., summed up thethoughts of a number ofreaders when he said,“Umm, ‘Longhorn Server’?”Clearly these folks don’tunderstand that Microsofthas a hefty marketing budgetthat needs to be exhausted.
Ode to Arnold A number of folks suggested
something having to do with “Hasta,”but the most biting came from GerryFitzgerald, IT director at Clean WayInc. in York, Penn., who offered: “Considering the rapid replacement ofWindows with Linux servers, ‘HastaLa’ might be the best choice to go with‘Vista.’” Ouch.
Windows CruiserWhen I first heard the name
“Vista,” I immediately flashed back tothe early 1970s, riding in the rear-
facing third seat ofour Vista Cruiserstation wagon,where my parentsput their youngestoffspring to gentlyroast in the sununder the oversizedwindows that gaverise to the car’s
name. Brother Joe and I would quicklybecome lethargic and stop fighting. Onsecond thought, maybe that’s not such agreat name for a server.
Feel Like a Number Lots of folks want to see
Microsoft get back to basics and slap anumber on Longhorn server, with mostfavoring the number 7.0—even if thatmeans skipping 6.0 which, potentially,would be next, although it’s hard to tellwhat number follows NT, 2000 and2003. As Redmond contributor JeremyMoskowitz puts it, “I’m going with 7.0because it just sounds sexier.”
Street Legal After the flap over the name
Vista, which brought threats of lawsuits from the Veteran’s Administration, among others,Microsoft might want to try a moredirect approach with Longhorn server: PleaseDon’tSueUs Server 1.0.
Windows AltaVistaThis might be the antithesis of
PleaseDon’tSueUs Server. AlthoughAltaVista would nicely complement theVista client, there is the small matter ofthat old Digital Equipment Corp.search engine of the same name, whichis now owned by Overture Services Inc.I know—I Googled it.
Windows Pane ServerIs it a pun that serves as a
reflection of his low expectations,or is he being serious, playing off the“Windows” name? “Definitely a playon words,” says Greg Cripe, a systemsengineer with nFrame in Carmel,Ind., “I’m working on my MCSE inServer 2003 and feeling great pain.”
Windows Server“Phew” Edition
That’s “phew,” as in, “Whoa, hey man, like, are we really done? I canstop coding now? What year is it? DoI still get free Jolt? I need my Jolt,man! Oh, God, don’t take away myJolt! Bill, dude, they’re trying to takemy Jolt!”
Windows Hork 3DThis suggestion from Geoff
Web, a senior development analyst inDerby City, England, is largely non-sensical and yet somehow perfectlylogical. “People always ask, ‘Whatdoes Hork mean?’ I tell them to use itin a sentence and it explains itself.‘Windows is Horked up.’ Then theysay, ‘Yes, yes it is.’”
Windows CairoIt’s the code-name that
wouldn’t die. Or is it the server that wouldn’t ship? In either case,Microsoft can put all the bad jokes torest by using the Cairo name for real.That will doubtless start another endless round of bad jokes—but sometimes you have to sacrifice forthe greater good.—
TEN Names for Longhorn ServerBy Paul Desmond, Editor ([email protected])
Like it or not, we all know the Longhorn client has beennamed Windows Vista—at least pending the result of anylegal action. But, there’s been no word yet on what the server version of Longhorn will be called—which meansthere’s still time to offer up ideas for Microsoft to consider(or at least there was as of press time). I asked readers to dojust that, while offering up a few of my own.
We’ve got more naming fun in store online, including additional namesuggestions, a rather exhaustive list ofMicrosoft code-names (including Cairo),definitions of “Hork” from the UrbanDictionary and a link to a reasonablyfunny fake Windows Vista ad.
FindIT code: LonghornTen
GetMoreOnline
redmondmag.com
0905red_Ten_72.v5 8/15/05 4:38 PM Page 72
©2005 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Gold, UBDR Pro, and Backup and Disaster Recovery
Software for Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies.
WWW.ULTRABAC.COMBACKU P AN D DI SASTE R R ECOVE RY SOFTWAR E FOR B US I N E SS
No Spares.
Have you ever wished for DISSIMILAR HARDWARE restore capability?
With UBDR Pro and Gold this is no longer a requirement! The days of maintaining expensive
hardware spares are over. UltraBac Software’s new physical-to-virtual (P2V) capability provides
organizations the ability to recover a server and virtually emulate it 100% in as little as 15 minutes.
To perform a P2V recovery, simply create as many new virtual environments as required on your
host virtual server. Then use UBDR Pro or Gold to boot into the recovery wizard. Restores can be
performed from local tape or disk (including USB and FireWire devices), UNC path, SAN/NAS,
remote tape/libraries, TSM servers, and FTP devices. Users can expect restore speeds of up to
3GB/minute from fast networks and tape, or from local disk. Recovering to a virtual environment is
automatic, and requires no special setup, pre-configuration, or other considerations. The problems
experienced when restoring to dissimilar hardware are eliminated.
UltraBac Software — Providing new possibilities in data protection. No spares needed.
™
Project2 8/11/05 1:01 PM Page 1
Application Management | Database Management | Infrastructure Management
© 2
005
Que
st S
oftw
are,
Inc.
All
right
s re
serv
ed.Q
uest
and
Que
st S
oftw
are
are
trad
emar
ks o
r reg
iste
red
trad
emar
ks o
f Que
st S
oftw
are.
All
othe
r bra
nd o
r pro
duct
nam
es a
re tr
adem
arks
or r
egis
tere
d tr
adem
arks
of t
heir
resp
ectiv
e ho
lder
s.99/
2005
/Red
mon
d
Group therapy for Group Policy.Breakthrough: extend the power of Windows Group Policy to Unix and Linux with Quest.
What could be better therapy for you and your organization than increasing
security, minimizing manual effort, and reducing complexity? Doing all that
with your existing infrastructure investments. Quest Software can help you
take control of Windows Group Policy and extend its value for the desktop.
And now, through the power of the Vintela Integration Architecture, use it to
reduce the complexity of your heterogeneous environment.
Find out more about Group Policy solutions from Quest—Microsoft's 2004
Global ISV Partner of the Year. Download your free technical brief today,
titled: Manage, Extend, and Simplify with Group Policy.
——————————————————————————————————
Visit www.quest.com/grouptherapy to get your free technical brief!——————————————————————————————————
Project7 8/8/05 3:41 PM Page 1
